docs: example

mxab · Mar 20, 2023 · 7dfefe4 · 7dfefe4
1 parent bfde4e3
commit 7dfefe4
Show file tree

Hide file tree

Showing 22 changed files with 828 additions and 0 deletions.
diff --git a/example/example1/example1.conf.hcl b/example/example1/example1.conf.hcl
@@ -0,0 +1,9 @@
+validator "opa" "costcenter_opa_validator" {
+
+    opa_rule {
+        query = <<EOH
+        errors = data.costcenter_meta.errors
+        EOH
+        filename = "validators/costcenter_meta.rego"
+    }
+}
diff --git a/example/example1/example1.nomad b/example/example1/example1.nomad
@@ -0,0 +1,15 @@
+job "app" {
+
+  group "app" {
+
+    task "app" {
+      driver = "docker"
+
+      config { # a very simple docker container
+        image = "busybox:latest"
+        command = "sh"
+        args = ["-c", "while true; do echo \"hello @ $(date)\"; sleep 5; done"]
+      }
+    }
+  }
+}
diff --git a/example/example1/validators/costcenter_meta.rego b/example/example1/validators/costcenter_meta.rego
@@ -0,0 +1,29 @@
+
+package costcenter_meta
+
+
+import future.keywords.contains
+import future.keywords.if
+# This is a modified version of rego's playground kubernetes costcenter example
+
+# This definition checks if the costcenter meta is not provided. Each rule definition
+# contributes to the set of error messages.
+errors contains msg if {
+	# The `not` keyword turns an undefined statement into a true statement. If any
+	# of the keys are missing, this statement will be true.
+
+
+	not input.Meta.costcenter
+    trace("Costcenter code is missing")
+
+	msg := "Every job must have a costcenter metadata label"
+}
+
+# This definition checks if the costcenter meta is formatted appropriately. Each rule
+# definition contributes to the set of error messages.
+errors contains msg if {
+	value := input.Meta.costcenter
+
+	not startswith(value, "cccode-")
+	msg := sprintf("Costcenter code must start with `cccode-`; found `%v`", [value])
+}
diff --git a/example/example1/validators/costcenter_meta_test.rego b/example/example1/validators/costcenter_meta_test.rego
@@ -0,0 +1,34 @@
+package costcenter_meta_test
+import data.costcenter_meta.errors
+
+import future.keywords
+
+test_missing_costcenter if {
+	errs := errors with input as {
+		"ID": "my-job",
+		"Meta": {},
+	}
+
+	errs["Every job must have a costcenter metadata label"]
+
+	count(errs) == 1
+
+}
+
+test_costcenter_prefix_wrong if {
+	errs := errors with input as {
+		"ID": "my-job",
+		"Meta": {"costcenter": "my-costcenter"},
+	}
+	errs["Costcenter code must start with `cccode-`; found `my-costcenter`"]
+	count(errs) == 1
+}
+
+test_costcenter_correct if {
+	errs := errors with input as {
+		"ID": "my-job",
+		"Meta": {"costcenter": "cccode-my-costcenter"},
+	}
+	count(errs) == 0
+
+}
diff --git a/example/example2/example2.conf.hcl b/example/example2/example2.conf.hcl
@@ -0,0 +1,9 @@
+mutator "opa_json_patch" "hello_world_opa_mutator" {
+
+    opa_rule {
+        query = <<EOH
+        patch = data.hello_world_meta.patch
+        EOH
+        filename = "mutators/hello_world_meta.rego"
+    }
+}
diff --git a/example/example2/example2.nomad b/example/example2/example2.nomad
@@ -0,0 +1,15 @@
+job "app" {
+
+  group "app" {
+
+    task "app" {
+      driver = "docker"
+
+      config { # a very simple docker container
+        image = "busybox:latest"
+        command = "sh"
+        args = ["-c", "while true; do echo \"hello @ $(date)\"; sleep 5; done"]
+      }
+    }
+  }
+}
diff --git a/example/example2/mutators/hello_world_meta.rego b/example/example2/mutators/hello_world_meta.rego
@@ -0,0 +1,30 @@
+package hello_world_meta
+
+
+patch[operation] {
+
+    not input.Meta
+    operation := {
+        "op": "add",
+        "path": "/Meta",
+        "value": {}
+    }
+}
+patch[operation] {
+
+    is_null(input.Meta)
+    operation := {
+        "op": "add",
+        "path": "/Meta",
+        "value": {}
+    }
+}
+patch[operation] {
+
+    not input.Meta.hello
+    operation := {
+        "op": "add",
+        "path": "/Meta/hello",
+        "value": "world"
+    }
+}
diff --git a/example/example2/mutators/hello_world_meta_test.rego b/example/example2/mutators/hello_world_meta_test.rego
@@ -0,0 +1,68 @@
+package hello_world_meta_test
+
+import data.hello_world_meta.patch
+
+import future.keywords
+
+test_hello_world if {
+	e := patch with input as {
+		"ID": "my-job",
+		"Meta": {},
+	}
+    e[{
+        "op": "add",
+        "path": "/Meta/hello",
+        "value": "world"
+    }]
+
+}
+
+test_hello_world_add_meta if {
+	e := patch with input as {
+		"ID": "my-job"
+	}
+    count(e) == 2
+    trace(sprintf("patch: %v", [e]))
+
+    e == {
+        {
+            "op": "add",
+            "path": "/Meta",
+            "value": {}
+        },
+        {
+            "op": "add",
+            "path": "/Meta/hello",
+            "value": "world"
+        }
+    }
+}
+test_hello_world_add_meta_if_meta_null if {
+	e := patch with input as {
+		"ID": "my-job",
+        "Meta": null
+	}
+    count(e) == 2
+    trace(sprintf("patch: %v", [e]))
+
+    e == {
+        {
+            "op": "add",
+            "path": "/Meta",
+            "value": {}
+        },
+        {
+            "op": "add",
+            "path": "/Meta/hello",
+            "value": "world"
+        }
+    }
+}
+test_hello_world_no_code_if_exists if {
+	e := patch with input as {
+		"ID": "my-job",
+		"Meta": {"hello": "world"}
+	}
+    count(e) == 0
+
+}
diff --git a/example/example3/example3.conf.hcl b/example/example3/example3.conf.hcl
@@ -0,0 +1,9 @@
+mutator "opa_json_patch" "hello_world_opa_mutator" {
+
+    opa_rule {
+        query = <<EOH
+        patch = data.pginject.patch
+        EOH
+        filename = "mutators/pg.rego"
+    }
+}
diff --git a/example/example3/example3.nomad b/example/example3/example3.nomad
@@ -0,0 +1,19 @@
+job "app" {
+
+  group "app" {
+
+    task "app" {
+
+      meta {
+        postgres = "native"
+      }
+      driver = "docker"
+
+      config { # a very simple docker container
+        image = "busybox:latest"
+        command = "sh"
+        args = ["-c", "while true; do echo \"hello @ $(date)\"; sleep 5; done"]
+      }
+    }
+  }
+}
diff --git a/example/example3/example3.ref.nomad b/example/example3/example3.ref.nomad
@@ -0,0 +1,36 @@
+# reference on how the job should look like
+job "app" {
+
+  group "app" {
+
+    task "app" {
+      driver = "docker"
+
+
+      config {
+        image = "busybox:latest"
+        command = "sh"
+        args = ["-c", "while true; do echo \"hello @ $(date)\"; sleep 5; done"]
+      }
+      vault {
+        policies = ["db-access"]
+      }
+      template {
+        data = <<-EOH
+          {{ range nomadService "postgres" }}
+            PGHOSTADDR={{ .Address }}
+            PGPORT={{ .Port }}
+          {{ end }}
+          PGDATABASE=postgres
+          {{ with secret "postgres/creds/dev" }}
+            PGUSER={{ .Data.username }}
+            PGPASSWORD={{ .Data.password }}
+          {{ end }}
+
+        EOH
+        env = true
+        destination = "${NOMAD_SECRETS_DIR}/postgres.env"
+      }
+    }
+  }
+}