A ruby script we use to test our Rego policies. They need to be in the policies/
folder. Each line that is not exercised by tests will make it fail.
desc "Test policies" task test: ["update:opa"] do output = `opa test --coverage --verbose policies/* 2>&1` abort output unless $?.success? coverage = JSON.parse(output).fetch("files") errors = policy_files.flat_map do |policy| return [policy] unless result = coverage[policy] # untested (result["not_covered"] || []).map do |line| start = line.dig("start", "row") finish = line.dig("end", "row") "#{policy}:#{start}#{"-#{finish}" if start != finish}" end end abort "Missing coverage:\n#{errors.join("\n")}" if errors.any? end