defenseunicorns · brandtkeller · Nov 6, 2024 · Oct 4, 2024 · Oct 4, 2024 · Oct 28, 2024
@@ -67,6 +67,7 @@ component-definition:
                   assert:
                     all:
                     - check:
+                        (length(podsvt) > `0`): true
                         ~.podsvt:
                           metadata:
                             labels:

@@ -62,6 +62,7 @@ component-definition:
               import future.keywords.every
 
               validate {
+                count(input.podsvt) > 0
                 every pod in input.podsvt {
                   podLabel := pod.metadata.labels.foo
                   podLabel == "bar"

@@ -49,12 +49,16 @@ var getResourcesCmd = &cobra.Command{
 		}
 
 		collection, err := DevGetResources(ctx, validationBytes, spinner)
+
+		// do not perform the write if there is nothing to write (likely error)
+		if collection != nil {
+			writeResources(collection, getResourcesOpts.OutputFile)
+		}
+
 		if err != nil {
 			message.Fatalf(err, "error running dev get-resources: %v", err)
 		}
 
-		writeResources(collection, getResourcesOpts.OutputFile)
-
 		spinner.Success()
 	},
 }
@@ -80,6 +84,9 @@ func DevGetResources(ctx context.Context, validationBytes []byte, spinner *messa
 		types.GetResourcesOnly(true),
 	)
 	if err != nil {
+		if lulaValidation.DomainResources != nil {
+			return *lulaValidation.DomainResources, err
+		}
 		return nil, err
 	}
 

@@ -2,6 +2,7 @@ package files
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"io/fs"
 	"os"
@@ -20,6 +21,8 @@ type Domain struct {
 func (d Domain) GetResources(ctx context.Context) (types.DomainResources, error) {
 	var workDir string
 	var ok bool
+	var errs error
+	tmpDRs := make(map[string]interface{})
 	if workDir, ok = ctx.Value(types.LulaValidationWorkDir).(string); !ok {
 		// if unset, assume lula is working in the same directory the inputFile is in
 		workDir = "."
@@ -28,6 +31,7 @@ func (d Domain) GetResources(ctx context.Context) (types.DomainResources, error)
 	// see TODO below: maybe this is a REAL directory?
 	dst, err := os.MkdirTemp("", "lula-files")
 	if err != nil {
+		// allow returning on error here?
 		return nil, err
 	}
 
@@ -58,7 +62,11 @@ func (d Domain) GetResources(ctx context.Context) (types.DomainResources, error)
 		file := filepath.Join(workDir, fi.Path)
 		relname, err := copyFile(dst, file)
 		if err != nil {
-			return nil, fmt.Errorf("error writing local files: %w", err)
+			// Assign empty data value for reporting purposes
+			tmpDRs[fi.Name] = map[string]interface{}{}
+			filenames[file] = fi.Name
+			errs = errors.Join(errs, fmt.Errorf("error writing local files: %w", err))
+			continue
 		}
 
 		// and save this info for later
@@ -68,23 +76,32 @@ func (d Domain) GetResources(ctx context.Context) (types.DomainResources, error)
 	// get a list of all the files we just downloaded in the temporary directory
 	files, err := listFiles(dst)
 	if err != nil {
-		return nil, fmt.Errorf("error walking downloaded file tree: %w", err)
+		errs = errors.Join(errs, fmt.Errorf("error walking downloaded file tree: %w", err))
+		return tmpDRs, errs
 	}
 
 	// conftest's parser returns a map[string]interface where the filenames are
 	// the primary map keys.
+	// need to test this to understand the outcomes on a single file error on the return values
 	config, err := parser.ParseConfigurations(files)
+	// Copy values over to the temporary domain resources
+	for k, v := range config {
+		tmpDRs[k] = v
+	}
 	if err != nil {
-		return nil, err
+		errs = errors.Join(errs, err)
+		return tmpDRs, errs
 	}
 
 	// clean up the resources so it's using the filepath.Name as the map key,
 	// instead of the file path.
-	drs := make(types.DomainResources, len(config)+len(unstructuredFiles)+len(filesWithParsers))
-	for k, v := range config {
+	drs := make(types.DomainResources, len(tmpDRs)+len(unstructuredFiles)+len(filesWithParsers))
+	for k, v := range tmpDRs {
 		rel, err := filepath.Rel(dst, k)
 		if err != nil {
-			return nil, fmt.Errorf("error determining relative file path: %w", err)
+			errs = errors.Join(errs, fmt.Errorf("error determining relative file path: %w", err))
+			drs[k] = v
+			continue
 		}
 		drs[filenames[rel]] = v
 	}
@@ -102,7 +119,8 @@ func (d Domain) GetResources(ctx context.Context) (types.DomainResources, error)
 			file := filepath.Join(workDir, fi.Path)
 			relname, err := copyFile(parserDir, file)
 			if err != nil {
-				return nil, fmt.Errorf("error writing local files: %w", err)
+				drs[fi.Name] = map[string]interface{}{}
+				errs = errors.Join(errs, fmt.Errorf("error writing local files: %w", err))
 			}
 
 			// and save this info for later
@@ -112,7 +130,8 @@ func (d Domain) GetResources(ctx context.Context) (types.DomainResources, error)
 		// get a list of all the files we just downloaded in the temporary directory
 		files, err := listFiles(parserDir)
 		if err != nil {
-			return nil, fmt.Errorf("error walking downloaded file tree: %w", err)
+			errs = errors.Join(errs, fmt.Errorf("error walking downloaded file tree: %w", err))
+			return drs, errs
 		}
 
 		parsedConfig, err := parser.ParseConfigurationsAs(files, parserName)
@@ -123,7 +142,9 @@ func (d Domain) GetResources(ctx context.Context) (types.DomainResources, error)
 		for k, v := range parsedConfig {
 			rel, err := filepath.Rel(parserDir, k)
 			if err != nil {
-				return nil, fmt.Errorf("error determining relative file path: %w", err)
+				errs = errors.Join(errs, fmt.Errorf("error determining relative file path: %w", err))
+				drs[filenames[k]] = v
+				continue
 			}
 			drs[filenames[rel]] = v
 		}
@@ -136,12 +157,14 @@ func (d Domain) GetResources(ctx context.Context) (types.DomainResources, error)
 		path := filepath.Clean(filepath.Join(workDir, f.Path))
 		b, err := os.ReadFile(path)
 		if err != nil {
-			return nil, fmt.Errorf("error reading source files: %w", err)
+			errs = errors.Join(errs, fmt.Errorf("error reading source files: %w", err))
+			drs[f.Name] = ""
+			continue
 		}
 		drs[f.Name] = string(b)
 	}
 
-	return drs, nil
+	return drs, errs
 }
 
 // IsExecutable returns false; the file domain is read-only.

@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/base64"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"strings"
 
@@ -20,28 +21,35 @@ func QueryCluster(ctx context.Context, cluster *Cluster, resources []Resource) (
 		return nil, fmt.Errorf("cluster is nil")
 	}
 
-	// We may need a new type here to hold groups of resources
-
 	collections := make(map[string]interface{}, 0)
+	var errs error
 
 	for _, resource := range resources {
 		collection, err := GetResourcesDynamically(ctx, cluster, resource.ResourceRule)
-		// log error but continue with other resources
+		// capture error but continue with other resources
 		if err != nil {
-			return nil, err
+			errs = errors.Join(errs, err)
 		}
 
-		if len(collection) > 0 {
-			// Append to collections if not empty collection
-			// convert to object if named resource
-			if resource.ResourceRule.Name != "" {
+		if resource.ResourceRule.Name != "" {
+			if len(collection) > 0 {
 				collections[resource.Name] = collection[0]
 			} else {
+				// This request returned no resources
+				collections[resource.Name] = map[string]interface{}{}
+			}
+
+		} else {
+			if len(collection) > 0 {
 				collections[resource.Name] = collection
+			} else {
+				// This request returned no resources
+				collections[resource.Name] = []map[string]interface{}{}
 			}
 		}
 	}
-	return collections, nil
+
+	return collections, errs
 }
 
 // GetResourcesDynamically() requires a dynamic interface and processes GVR to return []map[string]interface{}

@@ -126,12 +126,13 @@ func (k KubernetesDomain) GetResources(ctx context.Context) (types.DomainResourc
 	if k.Spec.Resources != nil {
 		resources, err = QueryCluster(ctx, cluster, k.Spec.Resources)
 		if err != nil {
-			return nil, fmt.Errorf("error in query: %v", err)
+			return resources, fmt.Errorf("error in query: %v", err)
 		}
 	}
 
 	// Join the resources and createdResources
 	// Note - resource keys must be unique
+	// TODO revisit the provenance of this activity
 	if len(resources) == 0 {
 		return createdResources, nil
 	} else {