Rename policies to rules

.github/workflows/ci.yml

@@ -31,4 +31,4 @@ jobs:
         git diff --exit-code modelsource 
 
     - name: Test subcommand lint
-      run: ./bin/mxlint lint --xunit-report report.xml --policies ./resources/policies
+      run: ./bin/mxlint lint --xunit-report report.xml --rules ./resources/rules

cmd/mxlint/main.go

@@ -46,10 +46,10 @@ func main() {
 
 	var cmdLint = &cobra.Command{
 		Use:   "lint",
-		Short: "Evaluate Mendix model against policies. Requires the model to be exported first",
-		Long:  "The model is evaluated against a set of policies. The policies are defined in OPA rego files. The output is a list of checked policies and their outcome.",
+		Short: "Evaluate Mendix model against rules. Requires the model to be exported first",
+		Long:  "The model is evaluated against a set of rules. The rules are defined in OPA rego files. The output is a list of checked rules and their outcome.",
 		Run: func(cmd *cobra.Command, args []string) {
-			policiesDirectory, _ := cmd.Flags().GetString("policies")
+			rulesDirectory, _ := cmd.Flags().GetString("rules")
 			modelDirectory, _ := cmd.Flags().GetString("modelsource")
 			xunitReport, _ := cmd.Flags().GetString("xunit-report")
 			JsonFile, _ := cmd.Flags().GetString("json-file")
@@ -63,15 +63,15 @@ func main() {
 			}
 
 			lint.SetLogger(log)
-			err := lint.EvalAll(policiesDirectory, modelDirectory, xunitReport, JsonFile)
+			err := lint.EvalAll(rulesDirectory, modelDirectory, xunitReport, JsonFile)
 			if err != nil {
 				log.Errorf("lint failed: %s", err)
 				os.Exit(1)
 			}
 		},
 	}
 
-	cmdLint.Flags().StringP("policies", "p", "policies", "Path to directory with policies")
+	cmdLint.Flags().StringP("rules", "r", "rules", "Path to directory with rules")
 	cmdLint.Flags().StringP("modelsource", "m", "modelsource", "Path to directory with exported model")
 	cmdLint.Flags().StringP("xunit-report", "x", "", "Path to output file for xunit report. If not provided, no xunit report will be generated")
 	cmdLint.Flags().StringP("json-file", "j", "", "Path to output file for JSON report. If not provided, no JSON file will be generated")

lint/lint.go

@@ -2,8 +2,8 @@ package lint
 
 import (
 	"context"
-	"encoding/xml"
 	"encoding/json"
+	"encoding/xml"
 	"fmt"
 	"os"
 	"strings"
@@ -28,21 +28,21 @@ func printTestsuite(ts Testsuite) {
 	fmt.Println("")
 }
 
-func EvalAll(policiesPath string, modelSourcePath string, xunitReport string, jsonFile string) error {
+func EvalAll(rulesPath string, modelSourcePath string, xunitReport string, jsonFile string) error {
 	testsuites := make([]Testsuite, 0)
-	policies, err := readPoliciesMetadata(policiesPath)
+	rules, err := readRulesMetadata(rulesPath)
 	if err != nil {
 		return err
 	}
 	failuresCount := 0
-	for _, policy := range policies {
-			testsuite, err := evalTestsuite(policy, modelSourcePath)
-			if err != nil {
-				return err
-			}
-			printTestsuite(*testsuite)
-			failuresCount += testsuite.Failures
-			testsuites = append(testsuites, *testsuite)
+	for _, rule := range rules {
+		testsuite, err := evalTestsuite(rule, modelSourcePath)
+		if err != nil {
+			return err
+		}
+		printTestsuite(*testsuite)
+		failuresCount += testsuite.Failures
+		testsuites = append(testsuites, *testsuite)
 	}
 
 	if xunitReport != "" {
@@ -69,7 +69,7 @@ func EvalAll(policiesPath string, modelSourcePath string, xunitReport string, js
 
 		encoder := json.NewEncoder(file)
 		encoder.SetIndent("", "  ")
-		testsuitesContainer := TestSuites{Testsuites: testsuites, Policies: policies}
+		testsuitesContainer := TestSuites{Testsuites: testsuites, Rules: rules}
 		if err := encoder.Encode(testsuitesContainer); err != nil {
 			panic(err)
 		}
@@ -81,25 +81,25 @@ func EvalAll(policiesPath string, modelSourcePath string, xunitReport string, js
 	return nil
 }
 
-func evalTestsuite(policy Policy, modelSourcePath string) (*Testsuite, error) {
+func evalTestsuite(rule Rule, modelSourcePath string) (*Testsuite, error) {
 
-	log.Debugf("evaluating policy %s", policy.Path)
+	log.Debugf("evaluating rule %s", rule.Path)
 
 	var skipped *Skipped = nil
-	if policy.SkipReason != "" {
+	if rule.SkipReason != "" {
 		skipped = &Skipped{
-			Message: policy.SkipReason,
+			Message: rule.SkipReason,
 		}
 	}
 
-	queryString := "data." + policy.PackageName
+	queryString := "data." + rule.PackageName
 	testcases := make([]Testcase, 0)
 	failuresCount := 0
 	skippedCount := 0
 	totalTime := 0.0
-	inputFiles, err := expandPaths(policy.Pattern, modelSourcePath)
+	inputFiles, err := expandPaths(rule.Pattern, modelSourcePath)
 	if err != nil {
-			return nil, err
+		return nil, err
 	}
 	testcase := &Testcase{}
 
@@ -112,7 +112,7 @@ func evalTestsuite(policy Policy, modelSourcePath string) (*Testsuite, error) {
 			}
 			skippedCount++
 		} else {
-			testcase, err = evalTestcase(policy.Path, queryString, inputFile)
+			testcase, err = evalTestcase(rule.Path, queryString, inputFile)
 			if err != nil {
 				return nil, err
 			}
@@ -126,7 +126,7 @@ func evalTestsuite(policy Policy, modelSourcePath string) (*Testsuite, error) {
 	}
 
 	testsuite := &Testsuite{
-		Name:      policy.Path,
+		Name:      rule.Path,
 		Tests:     len(testcases),
 		Failures:  failuresCount,
 		Skipped:   skippedCount,
@@ -137,8 +137,8 @@ func evalTestsuite(policy Policy, modelSourcePath string) (*Testsuite, error) {
 	return testsuite, nil
 }
 
-func evalTestcase(policyPath string, queryString string, inputFilePath string) (*Testcase, error) {
-	regoFile, _ := os.ReadFile(policyPath)
+func evalTestcase(rulePath string, queryString string, inputFilePath string) (*Testcase, error) {
+	regoFile, _ := os.ReadFile(rulePath)
 	log.Debugf("rego file: \n%s", regoFile)
 
 	yamlFile, err := os.ReadFile(inputFilePath)
@@ -159,7 +159,7 @@ func evalTestcase(policyPath string, queryString string, inputFilePath string) (
 	startTime := time.Now()
 	r := rego.New(
 		rego.Query(queryString),
-		rego.Load([]string{policyPath}, nil),
+		rego.Load([]string{rulePath}, nil),
 		rego.Input(data),
 		rego.Trace(true),
 	)

lint/lint_test.go

@@ -17,9 +17,9 @@ func TestLintSingle(t *testing.T) {
 	// 		t.Errorf("Policy not skipped")
 	// 	}
 	// })
-	t.Run("single policy passes", func(t *testing.T) {
-		policy, _ := parsePolicyMetadata("./../resources/policies/001_0003_security_checks.rego")
-		result, err := evalTestsuite(*policy, "./../modelsource")
+	t.Run("single rule passes", func(t *testing.T) {
+		rule, _ := parseRuleMetadata("./../resources/rules/001_0003_security_checks.rego")
+		result, err := evalTestsuite(*rule, "./../modelsource")
 
 		if err != nil {
 			t.Errorf("Failed to evaluate")
@@ -32,8 +32,8 @@ func TestLintSingle(t *testing.T) {
 }
 
 func TestLintBundle(t *testing.T) {
-	t.Run("all-policy", func(t *testing.T) {
-		err := EvalAll("./../policies", "./../modelsource", "", "")
+	t.Run("all-rules", func(t *testing.T) {
+		err := EvalAll("./../resources/rules", "./../modelsource", "", "")
 
 		if err != nil {
 			t.Errorf("No failures expected: %v", err)

lint/policy.go → lint/rule.go

@@ -6,36 +6,36 @@ import (
 	"strings"
 )
 
-func readPoliciesMetadata(policiesPath string) ([]Policy, error) {
-	policies := make([]Policy, 0)
-	filepath.Walk(policiesPath, func(path string, info os.FileInfo, err error) error {
+func readRulesMetadata(rulesPath string) ([]Rule, error) {
+	rules := make([]Rule, 0)
+	filepath.Walk(rulesPath, func(path string, info os.FileInfo, err error) error {
 		if err != nil {
 			return err
 		}
 		if !info.IsDir() && !strings.HasSuffix(info.Name(), "_test.rego") && strings.HasSuffix(info.Name(), ".rego") {
-			policy, err := parsePolicyMetadata(path)
+			rule, err := parseRuleMetadata(path)
 			if err != nil {
 				return err
 			}
-			policies = append(policies, *policy)
+			rules = append(rules, *rule)
 		}
 		return nil
 	})
-	return policies, nil
+	return rules, nil
 }
 
-func parsePolicyMetadata(policyPath string) (*Policy, error) {
+func parseRuleMetadata(rulePath string) (*Rule, error) {
 
-	log.Debugf("reading policy %s", policyPath)
+	log.Debugf("reading rule %s", rulePath)
 
-	// read the policy file
-	policyFile, err := os.Open(policyPath)
+	// read the rule file
+	ruleFile, err := os.Open(rulePath)
 	if err != nil {
 		return nil, err
 	}
-	defer policyFile.Close()
+	defer ruleFile.Close()
 
-	policyContent, err := os.ReadFile(policyPath)
+	ruleContent, err := os.ReadFile(rulePath)
 	if err != nil {
 		return nil, err
 	}
@@ -53,7 +53,7 @@ func parsePolicyMetadata(policyPath string) (*Policy, error) {
 	var key string = ""
 	var value string = ""
 
-	lines := strings.Split(string(policyContent), "\n")
+	lines := strings.Split(string(ruleContent), "\n")
 
 	for _, line := range lines {
 		tokens := strings.Split(line, "package ")
@@ -93,18 +93,18 @@ func parsePolicyMetadata(policyPath string) (*Policy, error) {
 		}
 	}
 
-	policy := &Policy{
+	rule := &Rule{
 		Title:       title,
 		Description: description,
 		Category:    category,
 		Severity:    severity,
 		RuleNumber:  ruleNumber,
 		Remediation: remediation,
 		RuleName:    ruleName,
-		Path:        policyPath,
+		Path:        rulePath,
 		SkipReason:  skipReason,
 		Pattern:     pattern,
 		PackageName: packageName,
 	}
-	return policy, nil
+	return rule, nil
 }

lint/types.go

@@ -5,7 +5,7 @@ import "encoding/xml"
 type TestSuites struct {
 	XMLName    xml.Name    `xml:"testsuites" json:"-"`
 	Testsuites []Testsuite `xml:"testsuite" json:"testsuites"`
-	Policies  []Policy    `xml:"-" json:"policies"`
+	Rules      []Rule      `xml:"-" json:"rules"`
 }
 
 type Testsuite struct {
@@ -36,7 +36,7 @@ type Skipped struct {
 	Message string `xml:"message,attr" json:"message"`
 }
 
-type Policy struct {
+type Rule struct {
 	Title       string `json:"title"`
 	Description string `json:"description"`
 	Category    string `json:"category"`