Update to latest version of wasmparser

Update to latest version, plus fix the code to ensure it builds after
the API has been changed.

Moreover, include some e2e tests that are using this portion of the
code.

Signed-off-by: Flavio Castelli <[email protected]>

Cargo.toml

@@ -35,7 +35,7 @@ tracing-subscriber = { version = "0.3", features = ["fmt"] }
 url = "2.2.2"
 validator = { version = "0.14", features = ["derive"] }
 walrus = "0.19.0"
-wasmparser = "0.83.0"
+wasmparser = "0.84"
 
 [dev-dependencies]
 tempfile = "3.3.0"

e2e-tests/e2e.bats

@@ -93,3 +93,12 @@ kwctl() {
     kwctl digest ghcr.io/kubewarden/policies/pod-privileged:v0.1.9
     [[ "$output" == "ghcr.io/kubewarden/policies/pod-privileged:v0.1.9@sha256:0d6611ea12cf2904066308dde1c480b5d4f40e19b12f51f101a256b44d6c2dd5" ]]
 }
+
+@test "annotate rego policy" {
+    kwctl annotate -m test-data/rego-annotate/metadata-correct.yml test-data/rego-annotate/no-default-namespace-rego.wasm -o /dev/null
+    [ "$status" -eq 0 ]
+
+    kwctl annotate -m test-data/rego-annotate/metadata-wrong.yml test-data/rego-annotate/no-default-namespace-rego.wasm -o /dev/null
+    [ "$status" -ne 0 ]
+    [[ "$output" == "Error: Wrong value inside of policy's metatada for 'executionMode'. This policy has been created using Rego" ]]
+}

e2e-tests/test-data/rego-annotate/metadata-correct.yml

@@ -0,0 +1,29 @@
+rules:
+  - apiGroups: [""]
+    apiVersions: ["v1"]
+    resources: ["services"]
+    operations: ["CREATE", "UPDATE"]
+mutating: false
+contextAware: false
+executionMode: gatekeeper
+annotations:
+  io.kubewarden.policy.title: disallow-service-loadbalancer
+  io.kubewarden.policy.description: Prevent the creation of Service resources of type `LoadBalancer`
+  io.kubewarden.policy.author: Flavio Castelli
+  io.kubewarden.policy.url: https://github.com/kubewarden/disallow-service-loadbalancer-policy
+  io.kubewarden.policy.source: https://github.com/kubewarden/disallow-service-loadbalancer-policy
+  io.kubewarden.policy.license: Apache-2.0
+  io.kubewarden.policy.usage: |
+    This policy works by inspecting `type` of `Service` resources and prevents the
+    creation of Services with type `LoadBalancer`.
+
+    Kubernetes network policies have no control over what is being exposed
+    via these type of Services. Moreover, on public clouds, the creation of
+    `LoadBalancer` Services leads to additional charges.
+
+    Because of that, it's usually a safer choice to have
+    tighter control over the creation of these type of Services.
+
+    # Configuration
+
+    This policy doesn't take any configuration value.

e2e-tests/test-data/rego-annotate/metadata-wrong.yml

@@ -0,0 +1,28 @@
+rules:
+  - apiGroups: [""]
+    apiVersions: ["v1"]
+    resources: ["services"]
+    operations: ["CREATE", "UPDATE"]
+mutating: false
+contextAware: false
+annotations:
+  io.kubewarden.policy.title: disallow-service-loadbalancer
+  io.kubewarden.policy.description: Prevent the creation of Service resources of type `LoadBalancer`
+  io.kubewarden.policy.author: Flavio Castelli
+  io.kubewarden.policy.url: https://github.com/kubewarden/disallow-service-loadbalancer-policy
+  io.kubewarden.policy.source: https://github.com/kubewarden/disallow-service-loadbalancer-policy
+  io.kubewarden.policy.license: Apache-2.0
+  io.kubewarden.policy.usage: |
+    This policy works by inspecting `type` of `Service` resources and prevents the
+    creation of Services with type `LoadBalancer`.
+
+    Kubernetes network policies have no control over what is being exposed
+    via these type of Services. Moreover, on public clouds, the creation of
+    `LoadBalancer` Services leads to additional charges.
+
+    Because of that, it's usually a safer choice to have
+    tighter control over the creation of these type of Services.
+
+    # Configuration
+
+    This policy doesn't take any configuration value.

src/backend.rs

@@ -25,7 +25,7 @@ fn rego_policy_detector(wasm_path: PathBuf) -> Result<bool> {
     for payload in wasmparser::Parser::new(0).parse_all(&data) {
         if let wasmparser::Payload::ExportSection(s) = payload? {
             for export in s {
-                if export?.field.starts_with("opa_") {
+                if export?.name.starts_with("opa_") {
                     return Ok(true);
                 }
             }