From 555fe84094264cca82c2db9d894c9854df317b7a Mon Sep 17 00:00:00 2001 From: Tyler Schade Date: Fri, 18 Oct 2024 08:00:32 -0400 Subject: [PATCH] only check schemas when schemas are provided (#7124) only check schemas when schemas are provided Signed-off-by: Tyler Schade --- ast/check.go | 3 ++- cmd/check_test.go | 22 ++++++++++++++++------ 2 files changed, 18 insertions(+), 7 deletions(-) diff --git a/ast/check.go b/ast/check.go index b0388acb9e..03d31123cf 100644 --- a/ast/check.go +++ b/ast/check.go @@ -231,7 +231,8 @@ func (tc *typeChecker) checkRule(env *TypeEnv, as *AnnotationSet, rule *Rule) { } ref := schemaAnnot.Path - if ref == nil && refType == nil { + // if we do not have a ref or a reftype, we should not evaluate this rule. + if ref == nil || refType == nil { continue } diff --git a/cmd/check_test.go b/cmd/check_test.go index 4e4e97d6cf..fae90043ac 100644 --- a/cmd/check_test.go +++ b/cmd/check_test.go @@ -211,7 +211,7 @@ func TestCheckFailsOnInvalidRego(t *testing.T) { // Assert that 'schemas' annotations with schema refs are only informing the type checker when the --schema flag is used func TestCheckWithSchemasAnnotationButNoSchemaFlag(t *testing.T) { - policyWithSchemaRef := ` + policiesWithSchemaRef := []string{` package test import rego.v1 # METADATA @@ -220,11 +220,21 @@ import rego.v1 p if { rego.metadata.rule() # presence of rego.metadata.* calls must not trigger unwanted schema evaluation input.foo == 42 # type mismatch with schema that should be ignored -}` +}`, + ` +package p - err := testCheckWithSchemasAnnotationButNoSchemaFlag(policyWithSchemaRef) - if err != nil { - t.Fatalf("unexpected error from eval with schema ref: %v", err) +# METADATA +# schemas: +# - data.p.x: schema["nope"] +bug := data.p.x +`} + + for i, pol := range policiesWithSchemaRef { + err := testCheckWithSchemasAnnotationButNoSchemaFlag(pol) + if err != nil { + t.Fatalf("unexpected error from eval policy %d with schema ref: %v", i, err) + } } policyWithInlinedSchema := ` @@ -238,7 +248,7 @@ p if { input.foo == 42 # type mismatch with schema that should be ignored }` - err = testCheckWithSchemasAnnotationButNoSchemaFlag(policyWithInlinedSchema) + err := testCheckWithSchemasAnnotationButNoSchemaFlag(policyWithInlinedSchema) // We expect an error here, as inlined schemas are always used for type checking if !strings.Contains(err.Error(), "rego_type_error: match error") { t.Fatalf("unexpected error from eval with inlined schema, got: %v", err)