From 8bdf35dce6fe5578c60d0cfa42ed99b499e7e5dc Mon Sep 17 00:00:00 2001 From: RoseSecurity Date: Thu, 14 Nov 2024 09:28:15 -0500 Subject: [PATCH 1/3] feat: add additional notification policy logic --- assets/policy.rego | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/assets/policy.rego b/assets/policy.rego index 9d9902f..09d93c2 100644 --- a/assets/policy.rego +++ b/assets/policy.rego @@ -22,7 +22,7 @@ webhook[{"endpoint_id": endpoint_id, "payload": payload}] { # Only send the webhook if the run reached a terminal state. run_state == terminal[_] - payload := {"series": array.concat( + series_data := array.concat( [ run_count(endpoint.labels), resources("added", endpoint.labels), @@ -34,7 +34,11 @@ webhook[{"endpoint_id": endpoint_id, "payload": payload}] { policies(endpoint.labels), state_timings(endpoint.labels), ), - )} + ) + + # Only send the webhook if the the payload is non-empty + count(series_data) > 0 + payload := {"series": series_data} } # Metric definition for spacelift.integration.run.count. @@ -95,7 +99,7 @@ policies(extra_tags) = [metric | # # It is the duration of each phase of the run, broken down by the standard tags # and the phase name. -# +# # State timings reported by this webhook will be assigned to the time when the # run is last updated (i.e. when it reaches the terminal state), not when each # of the respective phases actually took place. In most cases this should be @@ -112,7 +116,7 @@ state_timings(extra_tags) = [metric | "tags": array.concat(tags(extra_tags), [sprintf("state:%s", [lower(state_timing.state)])]), "unit": "nanosecond", } -] +] tags(extra_tags) = array.concat([tag | tag := extra_tags[_]; contains(tag, ":")], [ sprintf("account:%s", [input.account.name]), @@ -125,7 +129,7 @@ tags(extra_tags) = array.concat([tag | tag := extra_tags[_]; contains(tag, ":")] sprintf("space:%s", [lower(input.run_updated.stack.space.id)]), sprintf("stack:%s", [lower(input.run_updated.stack.id)]), sprintf("triggered_by:%s", [input.run_updated.run.triggered_by]), - sprintf("worker_pool:%s", [worker_pool]), + sprintf("worker_pool:%s", [worker_pool]), ]) default worker_pool = "public" @@ -137,3 +141,4 @@ worker_pool = name { # Only sample the webhook if the run reached a terminal state, and some metrics # have been collected. sample { run_state == terminal[_] } + From 2a6ba4d3703d4aec85f4c06ea12800f7646c52bb Mon Sep 17 00:00:00 2001 From: RoseSecurity Date: Thu, 14 Nov 2024 09:39:04 -0500 Subject: [PATCH 2/3] fmt: run opa fmt on rego --- assets/policy.rego | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/assets/policy.rego b/assets/policy.rego index 09d93c2..32f4d06 100644 --- a/assets/policy.rego +++ b/assets/policy.rego @@ -36,9 +36,9 @@ webhook[{"endpoint_id": endpoint_id, "payload": payload}] { ), ) - # Only send the webhook if the the payload is non-empty - count(series_data) > 0 - payload := {"series": series_data} + # Only send the webhook if the the payload is non-empty + count(series_data) > 0 + payload := {"series": series_data} } # Metric definition for spacelift.integration.run.count. @@ -65,9 +65,9 @@ resources(type, extra_tags) = { "points": [{ "timestamp": timestamp, "value": count([change | - change := input.run_updated.run.changes[_] - change.phase == "plan" - contains(change.action, type) + change := input.run_updated.run.changes[_] + change.phase == "plan" + contains(change.action, type) ]), }], "tags": array.concat(tags(extra_tags), [sprintf("change_type:%s", [type])]), @@ -140,5 +140,6 @@ worker_pool = name { # Only sample the webhook if the run reached a terminal state, and some metrics # have been collected. -sample { run_state == terminal[_] } - +sample { + run_state == terminal[_] +} From 5196974482308ddd212b48cd31c8e03f4413948a Mon Sep 17 00:00:00 2001 From: RoseSecurity Date: Thu, 14 Nov 2024 09:41:28 -0500 Subject: [PATCH 3/3] feat: bump spacelift config --- .spacelift/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.spacelift/config.yml b/.spacelift/config.yml index b43bb83..299a5b2 100644 --- a/.spacelift/config.yml +++ b/.spacelift/config.yml @@ -1,5 +1,5 @@ version: 1 -module_version: 0.2.4 +module_version: 0.2.5 tests: - name: Default test