Rego metadata parsing doesn't support YAML / multi-line descriptions #65
Description
I think the .rego metadata parser currently treats the # comments as simple key/value lines, but according to OPA docs it should actually parse them as YAML.
OPA docs:
https://www.openpolicyagent.org/docs/policy-language#metadata
https://www.openpolicyagent.org/docs/policy-language#metadata-description
Example from the docs:
# METADATA
# description: |
# The 'allow' rule...
# Is about allowing things.
# Not denying them.
allow if {
...
}
In MxLint this would currently parse as:
"description": "|"
I came across this when trying to define more elaborate rules, or add longer explanations like here:
# METADATA
# scope: package
# title: Hash algorithm must be BCrypt
# description: |
# The Hash algorithm is used to generate hash values for attributes of the 'hashed string' type, such as the password of a user.
#
# BCrypt is resistant to brute-force search attacks and must be used.
# authors:
....
The goal was to ingest MxLint’s JSON output into a Mendix app for a better overview of rule violations across apps — but the current parser only keeps the first line or the pipe character.
It looks like switching to YAML parsing for the metadata block (as per OPA’s spec) would solve this. I’m not confident enough to implement it myself right now, but I might try to play around with it next week. In the meantime, feel free to tackle it if you want.
-Marvin