implementation with policy API

.gitattributes

@@ -0,0 +1,23 @@
+# If you know it's a text file, don't use "=auto" because with that you're
+# letting Git decide whether it's text (and YOU already know it IS).
+
+*.css text
+*.csv text
+*.html text
+*.jpg binary
+*.js text
+*.json text
+*.md text
+*.pdf binary
+*.png binary
+*.py text
+*.rego text
+*.sh text eol=lf
+*.svg text
+*.txt text
+*.yaml text
+*.yml text
+.gitattributes text
+.gitignore text
+LICENSE text
+MANIFEST.in text

.github/actions/setup-dependencies-macos/action.yml

@@ -18,7 +18,7 @@ runs:
         pip install virtualenv
         virtualenv -p python .venv
         source .venv/bin/activate
-    
+
     - name: Install dependencies
       shell: bash
       run: |

.github/workflows/get_opa_hash.yml

@@ -13,6 +13,6 @@ jobs:
         ref: main
     - name: Get OPA Hash
       run: |
-           cd ./repo/utils
+           cd ./repo/scubagoggles/utils
            chmod +x checkOPAHash.sh
            ./checkOPAHash.sh

.github/workflows/pylint.yml

@@ -20,18 +20,18 @@ jobs:
     runs-on: ubuntu-20.04
     strategy:
       matrix:
-        python-version: ["3.9.2"]
+        python-version: ["3.9.19"]
     steps:
     - uses: actions/checkout@v4
     - name: Set up Python ${{ matrix.python-version }}
-      uses: actions/setup-python@v3
+      uses: actions/setup-python@v5
       with:
         python-version: ${{ matrix.python-version }}
     - name: Install dependencies
       run: |
         python -m pip install --upgrade pip
         pip install -r requirements.txt
-        pip install pylint==3.2.7 pytest selenium
+        pip install pylint pytest selenium
     - name: Analysing the code with pylint
       run: |
         pylint -d R0913,R0914,R0915,R1702,W0718,W0719,R0801 $(git ls-files '*.py')

.github/workflows/run_opa_tests.yml

@@ -28,15 +28,15 @@ jobs:
         version: latest
 
     - name: Run OPA Check
-      run: opa check rego Testing/RegoTests --strict
+      run: opa check scubagoggles/rego scubagoggles/Testing/RegoTests --strict
 
     - name: Run OPA Tests
-      run: opa test rego/*.rego Testing/RegoTests/**/*.rego -v
+      run: opa test scubagoggles/rego/*.rego scubagoggles/Testing/RegoTests/**/*.rego -v
 
     - name: Setup Regal
-      uses: StyraInc/setup-regal@v0.2.0
+      uses: StyraInc/setup-regal@v1
       with:
-        version: v0.15.0
+        version: 0.27.0
 
     - name: Run Regal Lint
-      run: regal lint --format github rego Testing
+      run: regal lint --format github scubagoggles/rego scubagoggles/Testing/RegoTests

.github/workflows/run_release.yml

@@ -1,4 +1,4 @@
-on: 
+on:
   workflow_dispatch:
     inputs:
       releaseName:
@@ -14,33 +14,42 @@ name: Build Release
 
 jobs:
   build-and-deploy:
-    runs-on: windows-latest
+    runs-on: ubuntu-latest
     env:
+      PYTHON_VERSION: "3.12"
       RELEASE_VERSION: ${{ inputs.version }}
     permissions:
       contents: write
     steps:
-    - name: Checkout
-      uses: actions/checkout@v4
-      with:
-        path: repo
-        ref: main
-    - name: Package Repo for release
-      shell: pwsh
-      run: |
-        $PackageName = "scubagoggles"
-        Remove-Item -Recurse -Force repo -Include .git*
-        Move-Item -Path repo -Destination "${PackageName}-${env:RELEASE_VERSION}" -Force
-        Compress-Archive -Path "${PackageName}-${env:RELEASE_VERSION}" -DestinationPath "${PackageName}-${env:RELEASE_VERSION}.zip"
-        Get-ChildItem -Path . | Write-Output
-    - name: release
-      uses: softprops/action-gh-release@v1
-      id: create_release
-      with:
-        draft: true
-        prerelease: false
-        name: v${{ inputs.releaseName }}
-        tag_name: v${{ inputs.version }}
-        files: scubagoggles-${{ inputs.version }}.zip
-        generate_release_notes: true
-        fail_on_unmatched_files: true
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up Python ${{ env.PYTHON_VERSION }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ env.PYTHON_VERSION }}
+      - name: Install Python dependencies
+        run: pip install -r requirements.txt
+      - name: Package Repo for release
+        shell: bash
+        run: |
+          reqv="${{ inputs.version }}"
+          reqv="${reqv//[[:space:]]/}"
+          [[ ! "$reqv" =~ ^[0-9]{1,2}(\.[0-9]{1,2}){2}$ ]] \
+            && echo "invalid request version: $reqv" && exit 1
+          sgv=$(grep -o '[0-9]\+\.[0-9]\+\.[0-9]\+' scubagoggles/__init__.py)
+          [[ "$reqv" == "$sgv" ]] \
+            || (echo "version mismatch - current: $sgv" && exit 1)
+          ./scubagoggles/utils/build.sh -r "$PWD" -t "$GITHUB_REF_NAME"
+      - name: release
+        uses: softprops/action-gh-release@v1
+        id: create_release
+        with:
+          draft: true
+          prerelease: false
+          name: v${{ inputs.releaseName }}
+          tag_name: v${{ inputs.version }}
+          files: |
+            scubagoggles-*-py3-none-any.whl
+            scubagoggles-*.tar.gz
+          generate_release_notes: true
+          fail_on_unmatched_files: true

.github/workflows/run_smoke_test.yml

@@ -1,5 +1,5 @@
-name: Run Smoke Test 
-on: 
+name: Run Smoke Test
+on:
   pull_request:
     types: [opened, reopened]
     branches:
@@ -77,33 +77,33 @@ jobs:
 
       - name: Setup Python v${{ matrix.python-version }}
         uses: actions/setup-python@v5
-        with: 
+        with:
           python-version: ${{ matrix.python-version }}
           cache: "pip"
           cache-dependency-path: "requirements.txt"
-      
+
       - name: Setup Dependencies (Windows)
         if: ${{ matrix.operating-system == 'windows-latest' }}
         uses: ./.github/actions/setup-dependencies-windows
         with:
           operating-system: "windows"
           opa-version: ${{ needs.configuration.outputs.opa-version }}
           python-version: ${{ matrix.python-version }}
-      
+
       - name: Setup Dependencies (macOS)
         if: ${{ matrix.operating-system == 'macos-latest' }}
         uses: ./.github/actions/setup-dependencies-macos
         with:
           operating-system: "macos"
           opa-version: ${{ needs.configuration.outputs.opa-version }}
           python-version: ${{ matrix.python-version }}
-      
+
       - name: Setup credentials for service account
         id: create-json
         uses: jsdaniell/[email protected]
-        with: 
+        with:
           name: "credentials.json"
           json: ${{ secrets.GWS_GITHUB_AUTOMATION_CREDS }}
 
       - name: Run ScubaGoggles and check for correct output
-        run: pytest ./Testing/Functional/SmokeTests/ -vvv --subjectemail="${{ secrets.GWS_SUBJECT_EMAIL }}" --customerdomain="${{ secrets.GWS_DOMAIN }}"
+        run: pytest ./scubagoggles/Testing/Functional/SmokeTests/ -vvv --subjectemail="${{ secrets.GWS_SUBJECT_EMAIL }}" --customerdomain="${{ secrets.GWS_DOMAIN }}"

.regal/config.yaml

@@ -1,60 +1,91 @@
-# Regal linter configuration
-# All rules documented here:
-# https://docs.styra.com/regal/category/rules
-rules:
-  custom:
-    naming-convention:
-      # Codifying the conventions used in this project.
-      # By all means, change this to be less restrictive
-      # if you wish.
-      level: error
-      conventions:
-        - pattern: '^[A-Z]+[a-zA-Z0-9_]+$|^tests$|^test_|^check_'
-          targets:
-            - rule
-        - pattern: '^[A-Z]+[a-zA-Z0-9_]+$'
-          targets:
-            - function
-        - pattern: '^[a-z]+$'
-          targets:
-            - package
-  idiomatic:
-    no-defined-entrypoint:
-      # This is a good practice for documentation, and
-      # compilation to Wasm/IR, but not a requirement.
-      # Safe to ignore.
-      level: ignore
-  imports:
-    implicit-future-keywords:
-      # This rule is on it's way out anyway, as future
-      # versions of OPA will make these keywords standard.
-      level: ignore
-  style:
-    external-reference:
-      # This rule is quite opinionated / style preference
-      # safe to ignore.
-      level: ignore
-    file-length:
-      level: ignore
-    no-whitespace-comment:
-      # This repo is actually good about this, but frequently
-      # uses '#--' as a delimeter of sorts. That should be OK,
-      # and the next version of Regal will allow for exceptions
-      # like this: https://github.com/StyraInc/regal/issues/379
-      level: ignore
-    opa-fmt:
-      level: ignore
-    prefer-snake-case:
-      # This is the default style preference for Rego, but since
-      # the style of this project better matches the domain it is
-      # modeling, we'll ignore this rule in favor of the custom
-      # naming-convention rule defined above.
-      level: ignore
-    rule-length:
-      level: ignore
-    todo-comment:
-      level: ignore
-  testing:
-    test-outside-test-package:
-      # This is just a style preference
-      level: ignore
+# Regal linter configuration
+# All rules documented here:
+# https://docs.styra.com/regal/category/rules
+rules:
+  custom:
+    naming-convention:
+      # Codifying the conventions used in this project.
+      # By all means, change this to be less restrictive
+      # if you wish.
+      level: error
+      conventions:
+        - pattern: '^[A-Z]+[a-zA-Z0-9_]+$|^tests$|^test_|^check_'
+          targets:
+            - rule
+        - pattern: '^[A-Z]+[a-zA-Z0-9_]+$'
+          targets:
+            - function
+        - pattern: '^[a-z]+$'
+          targets:
+            - package
+  idiomatic:
+    no-defined-entrypoint:
+      # This is a good practice for documentation, and
+      # compilation to Wasm/IR, but not a requirement.
+      # Safe to ignore.
+      level: ignore
+    directory-package-mismatch:
+      # Will prefixing the packages with "scubagoggles.rego" really
+      # be an improvement?
+      level: ignore
+  imports:
+    implicit-future-keywords:
+      # This rule is on it's way out anyway, as future
+      # versions of OPA will make these keywords standard.
+      level: ignore
+    prefer-package-imports:
+      # The following are used so often that there's no need
+      # for the "utils." prefix every single time they're used.
+      ignore-import-paths:
+        - data.utils.GetFriendlyEnabledValue
+        - data.utils.PolicyApiInUse
+        - data.utils.FailTestBothNonCompliant
+        - data.utils.FailTestGroupNonCompliant
+        - data.utils.FailTestOUNonCompliant
+        - data.utils.FailTestNonCompliant
+        - data.utils.FailTestNoEvent
+        - data.utils.PassTestResult
+        - data.utils.PassTestResultWithMessage
+    use-rego-v1:
+      # For now, anyway...
+      level: ignore
+  performance:
+    with-outside-test-context:
+      level: ignore
+  style:
+    external-reference:
+      # This rule is quite opinionated / style preference
+      # safe to ignore.
+      level: ignore
+    file-length:
+      level: ignore
+    messy-rule:
+      # This is all over the place with "tests", and the way we've
+      # done it (by baseline) makes sense.
+      level: ignore
+    no-whitespace-comment:
+      # This repo is actually good about this, but frequently
+      # uses '#--' as a delimeter of sorts. That should be OK,
+      # and the next version of Regal will allow for exceptions
+      # like this: https://github.com/StyraInc/regal/issues/379
+      level: ignore
+    opa-fmt:
+      level: ignore
+    pointless-reassignment:
+      # If this prevents duplicate strings all over the place,
+      # then it's worth it.
+      level: ignore
+    prefer-snake-case:
+      # This is the default style preference for Rego, but since
+      # the style of this project better matches the domain it is
+      # modeling, we'll ignore this rule in favor of the custom
+      # naming-convention rule defined above.
+      level: ignore
+    rule-length:
+      level: ignore
+    todo-comment:
+      level: ignore
+  testing:
+    test-outside-test-package:
+      # This is just a style preference
+      level: ignore

BRANCHINGSTRUCTURE.md

@@ -1,4 +1,5 @@
 # Branching Structure
-The Branching Structure flow diagram describes the branching strategy implemented in the ScubaGoggles project. 
+The Branching Structure flow diagram describes the branching strategy
+implemented in the ScubaGoggles project.
 
-![image](/docs/images/scubagoggles_branching_structure.svg)
+![image](images/scubagoggles_branching_structure.svg)

DEVELOPMENTGUIDE.md

@@ -8,7 +8,7 @@ We adhere to [GitHub flow](https://docs.github.com/en/get-started/using-github/g
 
 There are exceptions to this, necessitated by the extensive review process the baseline documents themselves undergo, during which no baseline changes can be made.
 To accommodate this, the development lifecycle on ScubaGoggles is as follows:
-![image](/docs/images/scubagoggles_lifecycle.svg)
+![image](images/scubagoggles_lifecycle.svg)
 
 
 Baseline submission triggers a baseline freeze, at which point the following actions need to be performed:

MANIFEST.in

@@ -0,0 +1,11 @@
+# This manifest is used to ensure that certain non-Python files are included
+# in the ScubaGoggles distribution.  The following subdirectories (and their
+# contents) are included:
+
+graft scubagoggles/baselines
+graft scubagoggles/docs
+graft scubagoggles/rego
+graft scubagoggles/reporter
+graft scubagoggles/sample-report
+graft scubagoggles/Testing
+graft scubagoggles/utils