Checkpoint

2025-10-01 21:10:48 +02:00
parent 03352e3312
commit a23259cfdc
52 changed files with 2214 additions and 39 deletions
--- a/policy/func.go
+++ b/policy/func.go
@@ -1,10 +1,12 @@
 package policy

 import (
+	"bytes"
 	"errors"
 	"fmt"
 	"net"
 	"os"
+	"slices"
 	"strconv"
 	"strings"

@@ -16,6 +18,49 @@ import (
 	"git.maze.io/maze/styx/logger"
 )

+var netLookupIPAddrDecl = types.NewFunction(
+	types.Args(
+		types.Named("name", types.S).Description("Host name to lookup"),
+	),
+	types.Named("result", types.SetOfStr).Description("set(string) of IP address"),
+)
+
+func netLookupIPAddrImpl(bc rego.BuiltinContext, nameTerm *ast.Term) (*ast.Term, error) {
+	log := logger.StandardLog.Value("func", "styx.lookup_ip_addr")
+	log.Trace("Call function")
+
+	name, err := parseStringTerm(nameTerm)
+	if err != nil {
+		log.Err(err).Debug("Call function failed")
+		return nil, err
+	}
+
+	if ip := net.ParseIP(name); ip != nil {
+		return ast.SetTerm(ast.StringTerm(ip.String())), nil
+	}
+
+	ips, err := net.LookupIP(name)
+	if err != nil {
+		log.Err(err).Debug("IP resolution failed")
+		return nil, err
+	}
+
+	var (
+		terms = make([]*ast.Term, len(ips))
+		strs  = make([]string, len(ips))
+	)
+	slices.SortStableFunc(ips, func(a, b net.IP) int {
+		return bytes.Compare(a, b)
+	})
+	for i, ip := range ips {
+		terms[i] = ast.StringTerm(ip.String())
+		strs[i] = ip.String()
+	}
+
+	log.Tracef("Resolved %s to %s", name, strings.Join(strs, ", "))
+	return ast.SetTerm(terms...), nil
+}
+
 var domainContainsDecl = types.NewFunction(
 	types.Args(
 		types.Named("list", types.S).Description("Domain list to check against"),
@@ -26,6 +71,7 @@ var domainContainsDecl = types.NewFunction(

 func domainContainsImpl(bc rego.BuiltinContext, listTerm, nameTerm *ast.Term) (*ast.Term, error) {
 	log := logger.StandardLog.Value("func", "styx.in_domains")
+	log.Trace("Call function")

 	list, err := parseDomainListTerm(listTerm)
 	if err != nil {