Better trie implementations

policy/handler.go

@@ -12,12 +12,12 @@ import (
 	proxy "git.maze.io/maze/styx/proxy"
 )
 
-func NewRequestHandler(p *Policy) proxy.RequestHandler {
-	log := logger.StandardLog.Value("policy", p.name)
+func NewRequestHandler(policy *Policy) proxy.RequestHandler {
+	log := logger.StandardLog.Value("policy", policy.name)
 	return proxy.RequestHandlerFunc(func(ctx proxy.Context) (*http.Request, *http.Response) {
 		input := NewInputFromRequest(ctx, ctx.Request())
 		input.logValues(log).Trace("Running request handler")
-		result, err := p.Query(input)
+		result, err := policy.Query(input, proxy.PolicyQueryOptions(ctx)...)
 		if err != nil {
 			log.Err(err).Error("Error evaulating policy")
 			return nil, nil
@@ -32,12 +32,12 @@ func NewRequestHandler(p *Policy) proxy.RequestHandler {
 	})
 }
 
-func NewDialHandler(p *Policy) proxy.DialHandler {
-	log := logger.StandardLog.Value("policy", p.name)
+func NewDialHandler(policy *Policy) proxy.DialHandler {
+	log := logger.StandardLog.Value("policy", policy.name)
 	return proxy.DialHandlerFunc(func(ctx proxy.Context, req *http.Request) (net.Conn, error) {
 		input := NewInputFromRequest(ctx, req)
 		input.logValues(log).Trace("Running dial handler")
-		result, err := p.Query(input)
+		result, err := policy.Query(input, proxy.PolicyQueryOptions(ctx)...)
 		if err != nil {
 			log.Err(err).Error("Error evaulating policy")
 			return nil, nil

policy/input.go

@@ -10,7 +10,6 @@ import (
 	"net/url"
 	"strconv"
 
-	"git.maze.io/maze/styx/dataset"
 	"git.maze.io/maze/styx/internal/netutil"
 	"git.maze.io/maze/styx/logger"
 	proxy "git.maze.io/maze/styx/proxy"
@@ -48,14 +47,16 @@ func NewInputFromConn(c net.Conn) *Input {
 		TLS:     NewTLSFromConn(c),
 	}
 
-	if wcl, ok := c.(dataset.WithClient); ok {
-		client, err := wcl.Client()
-		if err == nil {
-			input.Context["client_id"] = client.ID
-			input.Context["client_description"] = client.Description
-			input.Context["groups"] = client.Groups
+	/*
+		if wcl, ok := c.(dataset.WithClient); ok {
+			client, err := wcl.Client()
+			if err == nil {
+				input.Context["client_id"] = client.ID
+				input.Context["client_description"] = client.Description
+				input.Context["groups"] = client.Groups
+			}
 		}
-	}
+	*/
 
 	if ctx, ok := c.(proxy.Context); ok {
 		input.Context["local"] = NewClientFromAddr(ctx.LocalAddr())

policy/policy.go

@@ -1,6 +1,7 @@
 package policy
 
 import (
+	"bufio"
 	"bytes"
 	"context"
 	"errors"
@@ -10,6 +11,7 @@ import (
 	"net/http"
 	"os"
 	"path/filepath"
+	"strings"
 
 	"github.com/go-viper/mapstructure/v2"
 	"github.com/open-policy-agent/opa/v1/ast"
@@ -168,12 +170,17 @@ func (r *Result) Response(ctx proxy.Context) (*http.Response, error) {
 	}
 }
 
-func (p *Policy) Query(input *Input) (*Result, error) {
+func (p *Policy) Query(input *Input, options ...func(*rego.Rego)) (*Result, error) {
 	log := logger.StandardLog.Value("policy", p.name)
 	log.Trace("Evaluating policy")
 
+	var regoOptions = append(p.options, rego.Input(input))
+	for _, option := range options {
+		regoOptions = append(regoOptions, option)
+	}
+
 	var (
-		rego    = rego.New(append(p.options, rego.Input(input))...)
+		rego    = rego.New(regoOptions...)
 		ctx     = context.Background()
 		rs, err = rego.Eval(ctx)
 	)
@@ -200,3 +207,27 @@ func (p *Policy) Query(input *Input) (*Result, error) {
 	}
 	return result, nil
 }
+
+// PackageFromFile reads the "package" stanza from the provided Rego policy file.
+//
+// If no stanza can be found, an error is returned.
+func PackageFromFile(name string) (string, error) {
+	f, err := os.Open(name)
+	if err != nil {
+		return "", err
+	}
+	defer func() { _ = f.Close() }()
+
+	scanner := bufio.NewScanner(f)
+	for scanner.Scan() {
+		text := strings.TrimSpace(scanner.Text())
+		part := strings.Fields(text)
+		if len(part) > 1 && part[0] == "package" {
+			return part[1], nil
+		}
+	}
+	if err := scanner.Err(); err != nil {
+		return "", err
+	}
+	return "", fmt.Errorf("policy: can't detemine package name of %s", name)
+}