Update the go-playground validator to support "startswith" and
"endswith" validators to be used to validate images used for production.
See the example in policy.example.yaml for how this would be used.
Bug: T215319
Change-Id: Ie4362184bdb19399c667b4180b4bef32c2198063
Uses the github.com/ghodss/yaml library to convert YAML to JSON before
unmarshaling for the purposes of supporting YAML and JSON input while
converting to only support JSON internally.
Bug: T207694
Change-Id: I00668014907e9ea54917f5d5067cac08d0668053
Summary:
Implements a rough interface for validating configuration against
arbitrary policy rules. Policies are provided as YAML and passed via the
command line as file paths or remote URIs.
The format of policies is:
enforcements:
- path: <path>
rule: <rule>
Where `<path>` is a YAML-ish path to a config field and `<rule>` is any
expression our config validator understands (expressions built in by the
validator library and custom tags defined in `config.validation.go`).
Example policy:
enforcements:
- path: variants.production.base
rule: oneof=debian:jessie debian:stretch
- path: variants.production.runs.as
rule: ne=foo
- path: variants.production.node.dependencies
rule: isfalse
Command flag parsing was implemented in `main.go` to support the new
`--policy=uri` flag and improve existing handling of `--version` and the
usage statement.
Test Plan: Run `go test ./...`.
Reviewers: thcipriani, demon, hashar, mmodell, #release-engineering-team
Reviewed By: thcipriani, #release-engineering-team
Tags: #release-engineering-team
Differential Revision: https://phabricator.wikimedia.org/D999
Summary:
Our current lack of dependency management is leading to issues with
Debian packaging and risks inconsistent builds. Let's use `dep`, the
"official experiment" for go dependency management, and commit the
vendor directory which is small enough following a `dep prune`.
Fixes T180530
Depends on D881
Test Plan:
Run `make` or `go build -v` and examine output to ensure use of `vendor/`
packages.
Reviewers: thcipriani, Joe, #release-engineering-team
Reviewed By: thcipriani, #release-engineering-team
Tags: #release-engineering-team
Maniphest Tasks: T180530
Differential Revision: https://phabricator.wikimedia.org/D882
Summary:
In preparation for vendored golang dependencies, we need to move
`arcanist-go` out of the way. A new `.arcvendor` directory seems like a
decent-ish place.
Test Plan: Run `arc unit --everything && arc lint --everything`.
Reviewers: thcipriani, #release-engineering-team
Reviewed By: thcipriani, #release-engineering-team
Tags: #release-engineering-team
Differential Revision: https://phabricator.wikimedia.org/D881
Summary:
Import `arcanist-go` into `vendor` to provide a unit engine and
`gofmt`/`govet` linters.
Lint with `golint`, `gofmt`, and `govet`.
Test Plan:
Run `arc lint --everything` and revel at the given advice.
Run `arc unit --everything` and hopefully nothing will explode.
Reviewers: thcipriani, mmodell, hashar, Jrbranaa, #release-engineering-team
Reviewed By: mmodell, #release-engineering-team
Tags: #release-engineering-team
Differential Revision: https://phabricator.wikimedia.org/D704
Tyler Cipriani
Dan Duvall