tree-sitter-eventrule

Grammar for AWS Event Rules: https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-event-patterns-content-based-filtering.html

Event Rules are JSON documents that are used to filter other JSON documents.
On AWS EventBridge, they are used to filter AWS CloudWatch Events.

Comparing to other policy formats, Event Rules are limited in terms of features, but are easy to understand for non-technical folks and are an extension to JSON.

`rule2rego` utility

This utility is shipped with the npm package and is a small compiler that makes OPA REGO policies from AWS Event Rule patterns. It requires NodeJS version which is capable of running WASM binaries (recent version). WASM is used to parse the JSON input and generate the REGO policy.

$ npm install -g tree-sitter-eventrule
$ rule2rego --help
Compiles AWS Event Rule pattern JSON to OPA REGO policy.
Usage: rule2rego <rule>.json

For example, for the following input Rule Event:

// Effect of "source" && ("metricName" || "namespace")
{
  "source": ["aws.cloudwatch"],
  "$or": [
    { "metricName": ["CPUUtilization", "ReadLatency"] },
    { "namespace": ["AWS/EC2", "AWS/ES"] }
  ]
}

You will get the following REGO policy output:

package rule2rego
default allow := false
default allow_or_metricName := false
default allow_or_namespace := false
default allow_or := false
default allow_source := false
allow_or_metricName {
	({ "CPUUtilization", "ReadLatency" } & { input["metricName"] }) == { input["metricName"] }
}
allow_or_namespace {
	({ "AWS/EC2", "AWS/ES" } & { input["namespace"] }) == { input["namespace"] }
}
allow_or {
	allow_or_metricName
}
allow_or {
	allow_or_namespace
}
allow_source {
	({ "aws.cloudwatch" } & { input["source"] }) == { input["source"] }
}
allow {
	allow_or
	allow_source
}

adding e2e compiler tests

If you want to run the tests locally, you need to have:

Docker for Tree Sitter to build you a .wasm artifact
OPA for Jest to build you .wasm policies for evaluation

Jest picks up your tests automatically if you follow these instructions:

Add your rule JSON <rule name>.json under test/fixtures
With the same name, create a directory <rule name>
Create two additional directories allows and denies inside it
Any JSON you put in either of those two folders, is picked as an event JSON

npm test output is sorted alphabetically.

Sample directory structure:

- test/fixtures
  - prefix-matching.json
  - prefix-matching
    - allows
      - event1.json
      - event2.json
    - denies
      - event1.json
      - event2.json

Name		Name	Last commit message	Last commit date
Latest commit History 27 Commits
.github/workflows		.github/workflows
.vscode		.vscode
bin		bin
queries		queries
test		test
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
grammar.js		grammar.js
highlight.png		highlight.png
jest.config.js		jest.config.js
package-lock.json		package-lock.json
package.json		package.json
rule2rego.ts		rule2rego.ts
tsconfig.json		tsconfig.json
webpack.config.js		webpack.config.js

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

tree-sitter-eventrule

`rule2rego` utility

adding e2e compiler tests

About

Releases 1

Contributors 2

Languages

License

3p3r/tree-sitter-eventrule

Folders and files

Latest commit

History

Repository files navigation

tree-sitter-eventrule

rule2rego utility

adding e2e compiler tests

About

Topics

Resources

License

Stars

Watchers

Forks

Releases 1

Contributors 2

Languages

`rule2rego` utility