Checkpoint
This commit is contained in:
@@ -9,8 +9,10 @@ import (
|
||||
"io"
|
||||
"net/http"
|
||||
"os"
|
||||
"path/filepath"
|
||||
|
||||
"github.com/go-viper/mapstructure/v2"
|
||||
"github.com/open-policy-agent/opa/v1/ast"
|
||||
"github.com/open-policy-agent/opa/v1/rego"
|
||||
regoprint "github.com/open-policy-agent/opa/v1/topdown/print"
|
||||
|
||||
@@ -53,20 +55,36 @@ func newRego(option func(*rego.Rego), pkg string) []func(*rego.Rego) {
|
||||
if pkg == "" {
|
||||
pkg = DefaultPackageName
|
||||
}
|
||||
|
||||
capabilities := &ast.Capabilities{
|
||||
Builtins: ast.DefaultBuiltins[:], // all builtins
|
||||
Features: ast.Features, // all features
|
||||
AllowNet: nil, // allow all
|
||||
}
|
||||
|
||||
return []func(*rego.Rego){
|
||||
rego.Dump(os.Stderr),
|
||||
rego.Query("data." + pkg),
|
||||
rego.Strict(true),
|
||||
rego.Capabilities(capabilities),
|
||||
rego.Function2(®o.Function{
|
||||
Name: "styx.in_domains",
|
||||
Decl: domainContainsDecl,
|
||||
Memoize: true,
|
||||
Nondeterministic: true,
|
||||
}, domainContainsImpl),
|
||||
rego.Function2(®o.Function{
|
||||
Name: "styx.in_networks",
|
||||
Decl: networkContainsDecl,
|
||||
Memoize: true,
|
||||
Nondeterministic: true,
|
||||
}, networkContainsImpl),
|
||||
rego.Function1(®o.Function{
|
||||
Name: "styx.lookup_ip_addr", // override builtin
|
||||
Decl: netLookupIPAddrDecl,
|
||||
Memoize: true,
|
||||
Nondeterministic: true,
|
||||
}, netLookupIPAddrImpl),
|
||||
rego.PrintHook(printHook{}),
|
||||
option,
|
||||
}
|
||||
@@ -100,11 +118,12 @@ type Result struct {
|
||||
}
|
||||
|
||||
func (r *Result) Response(ctx proxy.Context) (*http.Response, error) {
|
||||
log := logger.StandardLog.Values(logger.Values{
|
||||
"id": ctx.ID(),
|
||||
"client": ctx.RemoteAddr().String(),
|
||||
})
|
||||
for _, text := range r.Errors {
|
||||
logger.StandardLog.Values(logger.Values{
|
||||
"id": ctx.ID(),
|
||||
"client": ctx.RemoteAddr().String(),
|
||||
}).Err(errors.New(text)).Warn("Error from policy")
|
||||
log.Err(errors.New(text)).Warn("Error from policy")
|
||||
}
|
||||
|
||||
switch {
|
||||
@@ -116,11 +135,21 @@ func (r *Result) Response(ctx proxy.Context) (*http.Response, error) {
|
||||
|
||||
case r.Template != "":
|
||||
b := new(bytes.Buffer)
|
||||
t, err := template.New("policy").ParseFiles(r.Template)
|
||||
t, err := template.New(filepath.Base(r.Template)).ParseFiles(r.Template)
|
||||
if err != nil {
|
||||
log.Value("template", r.Template).Err(err).Warn("Error loading template in response")
|
||||
return nil, err
|
||||
}
|
||||
if err = t.Execute(b, map[string]any{"context": ctx}); err != nil {
|
||||
t = t.Funcs(template.FuncMap{
|
||||
"tohex": func(v any) string { return fmt.Sprintf("%x", v) },
|
||||
})
|
||||
if err = t.Execute(b, map[string]any{
|
||||
"Context": ctx,
|
||||
"Request": ctx.Request(),
|
||||
"Response": ctx.Response(),
|
||||
"Errors": r.Errors,
|
||||
}); err != nil {
|
||||
log.Value("template", r.Template).Err(err).Warn("Error rendering template response")
|
||||
return nil, err
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user