package.json

@@ -115,7 +115,7 @@
     "snyk-cpp-plugin": "2.20.0",
     "snyk-docker-plugin": "^4.38.0",
     "snyk-go-plugin": "1.18.0",
-    "snyk-gradle-plugin": "3.18.1",
+    "snyk-gradle-plugin": "3.19.0",
     "snyk-module": "3.1.0",
     "snyk-mvn-plugin": "2.29.7",
     "snyk-nodejs-lockfile-parser": "1.38.0",

src/cli/args.ts

@@ -35,6 +35,7 @@ const DEBUG_DEFAULT_NAMESPACES = [
   'snyk-test',
   'snyk',
   'snyk-code',
+  'snyk-iac',
   'snyk:find-files',
   'snyk:run-test',
   'snyk:prune',

src/cli/commands/test/iac/local-execution/types.ts

@@ -351,6 +351,9 @@ export enum IaCErrorCodes {
 
   // Rules bundle errors.
   InvalidUserRulesBundleError = 1130,
+
+  // Unified Policy Engine executable errors.
+  InvalidUserPolicyEnginePathError = 1140,
 }
 
 export interface TestReturnValue {

src/cli/commands/test/iac/v2/index.ts

@@ -1,19 +1,15 @@
 import chalk from 'chalk';
-import { TestCommandResult } from '../../../types';
-import { RulesBundleLocator } from './rules';
-import config from '../../../../../lib/config';
 import envPaths from 'env-paths';
-import * as path from 'path';
+import * as pathLib from 'path';
+import * as testLib from '../../../../../lib/iac/test/v2';
+import { TestConfig } from '../../../../../lib/iac/test/v2';
+import config from '../../../../../lib/config';
+import { TestCommandResult } from '../../../types';
 
 export async function test(): Promise<TestCommandResult> {
-  const bundleLocator = createRulesBundleLocator();
-  const bundlePath = bundleLocator.locateBundle();
+  const testConfig = prepareTestConfig();
 
-  if (bundlePath) {
-    console.log(`found rules bundle at ${bundlePath}`);
-  } else {
-    console.log('no rules bundle found');
-  }
+  await testLib.test(testConfig);
 
   let response = '';
   response += chalk.bold.green('new flow for UPE integration - TBC...');
@@ -24,9 +20,14 @@ export async function test(): Promise<TestCommandResult> {
   );
 }
 
-function createRulesBundleLocator(): RulesBundleLocator {
+function prepareTestConfig(): TestConfig {
   const systemCachePath = config.CACHE_PATH ?? envPaths('snyk').cache;
-  const cachedBundlePath = path.join(systemCachePath, 'iac', 'bundle.tar.gz');
-  const userBundlePath = config.IAC_BUNDLE_PATH;
-  return new RulesBundleLocator(cachedBundlePath, userBundlePath);
+  const iacCachePath = pathLib.join(systemCachePath, 'iac');
+
+  return {
+    cachedBundlePath: pathLib.join(iacCachePath, 'bundle.tar.gz'),
+    userBundlePath: config.IAC_BUNDLE_PATH,
+    cachedPolicyEnginePath: pathLib.join(iacCachePath, 'snyk-iac-test'),
+    userPolicyEnginePath: config.IAC_POLICY_ENGINE_PATH,
+  };
 }

src/lib/config.ts

@@ -23,6 +23,7 @@ interface Config {
   DRIFTCTL_PATH?: string;
   DRIFTCTL_URL?: string;
   IAC_BUNDLE_PATH?: string;
+  IAC_POLICY_ENGINE_PATH?: string;
   IAC_OUTPUT_V2?: boolean;
 }
 

src/lib/iac/drift/driftctl.ts

@@ -23,6 +23,7 @@ import * as child_process from 'child_process';
 import * as fs from 'fs';
 import * as os from 'os';
 import * as crypto from 'crypto';
+import { isExe } from '../file-utils';
 
 const debug = debugLib('driftctl');
 
@@ -424,18 +425,6 @@ function driftctlUrl(): string {
   return `${dctlBaseUrl}/${driftctlVersion}/${driftctlFileName()}`;
 }
 
-function isExe(dctlPath: string): Promise<boolean> {
-  return new Promise<boolean>((resolve) => {
-    fs.access(dctlPath, fs.constants.X_OK, (err) => {
-      if (err) {
-        resolve(false);
-        return;
-      }
-      resolve(true);
-    });
-  });
-}
-
 function createIfNotExists(path: string) {
   if (!fs.existsSync(path)) {
     fs.mkdirSync(path, { recursive: true });

src/lib/iac/file-utils.ts

@@ -0,0 +1,11 @@
+import * as fs from 'fs';
+import { promises as fsPromises } from 'fs';
+
+export async function isExe(path: string): Promise<boolean> {
+  try {
+    await fsPromises.access(path, fs.constants.X_OK);
+    return true;
+  } catch (err) {
+    return false;
+  }
+}

src/lib/iac/test/v2/index.ts

@@ -0,0 +1,12 @@
+import { TestConfig } from './types';
+import { setup } from './setup';
+
+export { TestConfig } from './types';
+
+export async function test(testConfig: TestConfig) {
+  await setup(testConfig);
+
+  // TODO: Add the rest of the test steps
+
+  return;
+}

src/lib/iac/test/v2/setup/index.ts

@@ -0,0 +1,8 @@
+import { TestConfig } from '../types';
+import { initRules } from './rules';
+import { initPolicyEngine } from './policy-engine';
+
+export async function setup(testConfig: TestConfig) {
+  await initPolicyEngine(testConfig);
+  await initRules(testConfig);
+}

src/lib/iac/test/v2/setup/policy-engine.ts

@@ -0,0 +1,66 @@
+import * as createDebugLogger from 'debug';
+import { isExe } from '../../../file-utils';
+import { CustomError } from '../../../../errors';
+import { IaCErrorCodes } from '../../../../../cli/commands/test/iac/local-execution/types';
+import { getErrorStringCode } from '../../../../../cli/commands/test/iac/local-execution/error-utils';
+import { TestConfig } from '../types';
+
+const debugLogger = createDebugLogger('snyk-iac');
+
+export class InvalidUserPolicyEnginePathError extends CustomError {
+  constructor(path: string, message?: string, userMessage?: string) {
+    super(
+      message ||
+        'Failed to find a valid Policy Engine executable in the configured path',
+    );
+    this.code = IaCErrorCodes.InvalidUserPolicyEnginePathError;
+    this.strCode = getErrorStringCode(this.code);
+    this.userMessage =
+      userMessage ||
+      `Could not find a valid Policy Engine executable in the configured path: ${path}` +
+        '\nEnsure the configured path points to a valid Policy Engine executable.';
+  }
+}
+
+export async function lookupLocalPolicyEngine({
+  cachedPolicyEnginePath,
+  userPolicyEnginePath,
+}: TestConfig): Promise<string | undefined> {
+  // Lookup in custom path.
+  if (userPolicyEnginePath) {
+    debugLogger(
+      'User configured IaC Policy Engine executable path detected: %s',
+      userPolicyEnginePath,
+    );
+
+    if (await isExe(userPolicyEnginePath)) {
+      return userPolicyEnginePath;
+    } else {
+      throw new InvalidUserPolicyEnginePathError(userPolicyEnginePath);
+    }
+  }
+  // Lookup in cache.
+  else {
+    if (await isExe(cachedPolicyEnginePath)) {
+      debugLogger(
+        'Found cached Policy Engine executable: %s',
+        cachedPolicyEnginePath,
+      );
+      return cachedPolicyEnginePath;
+    } else {
+      debugLogger(
+        'Policy Engine executable was not cached: %s',
+        cachedPolicyEnginePath,
+      );
+    }
+  }
+}
+
+export async function initPolicyEngine(testConfig: TestConfig) {
+  const localPolicyEnginePath = await lookupLocalPolicyEngine(testConfig);
+  if (localPolicyEnginePath) {
+    return localPolicyEnginePath;
+  }
+
+  // TODO: Download Policy Engine executable
+}

src/cli/commands/test/iac/v2/rules.ts → src/lib/iac/test/v2/setup/rules.ts

@@ -1,8 +1,23 @@
 import * as fs from 'fs';
 import * as tar from 'tar';
-import { CustomError } from '../../../../../lib/errors';
-import { getErrorStringCode } from '../local-execution/error-utils';
-import { IaCErrorCodes } from '../local-execution/types';
+import { CustomError } from '../../../../errors';
+import { getErrorStringCode } from '../../../../../cli/commands/test/iac/local-execution/error-utils';
+import { IaCErrorCodes } from '../../../../../cli/commands/test/iac/local-execution/types';
+import { TestConfig } from '../types';
+
+export async function initRules(testConfig: TestConfig) {
+  const bundleLocator = new RulesBundleLocator(
+    testConfig.cachedBundlePath,
+    testConfig.userBundlePath,
+  );
+  const bundlePath = bundleLocator.locateBundle();
+
+  if (bundlePath) {
+    console.log(`found rules bundle at ${bundlePath}`);
+  } else {
+    console.log('no rules bundle found');
+  }
+}
 
 export class RulesBundleLocator {
   constructor(

src/lib/iac/test/v2/types.ts

@@ -0,0 +1,6 @@
+export interface TestConfig {
+  cachedBundlePath: string;
+  cachedPolicyEnginePath: string;
+  userBundlePath?: string;
+  userPolicyEnginePath?: string;
+}