Checkpoint

policy/input.go

@@ -10,19 +10,26 @@ import (
 	"net/url"
 	"strconv"
 
+	"git.maze.io/maze/styx/dataset"
 	"git.maze.io/maze/styx/internal/netutil"
 	"git.maze.io/maze/styx/logger"
+	proxy "git.maze.io/maze/styx/proxy"
 )
 
 // Input represents the input to the policy query.
 type Input struct {
-	Client   *Client   `json:"client"`
-	TLS      *TLS      `json:"tls"`
-	Request  *Request  `json:"request"`
-	Response *Response `json:"response"`
+	Context  map[string]any `json:"context"`
+	Client   *Client        `json:"client"`
+	Groups   []*Group       `json:"groups"`
+	TLS      *TLS           `json:"tls"`
+	Request  *Request       `json:"request"`
+	Response *Response      `json:"response"`
 }
 
 func (i *Input) logValues(log logger.Structured) logger.Structured {
+	if i.Context != nil {
+		log = log.Values(i.Context)
+	}
 	log = i.Client.logValues(log)
 	log = i.TLS.logValues(log)
 	log = i.Request.logValues(log)
@@ -34,10 +41,29 @@ func NewInputFromConn(c net.Conn) *Input {
 	if c == nil {
 		return new(Input)
 	}
-	return &Input{
-		Client: NewClientFromConn(c),
-		TLS:    NewTLSFromConn(c),
+
+	input := &Input{
+		Context: make(map[string]any),
+		Client:  NewClientFromConn(c),
+		TLS:     NewTLSFromConn(c),
 	}
+
+	if wcl, ok := c.(dataset.WithClient); ok {
+		client, err := wcl.Client()
+		if err == nil {
+			input.Context["client_id"] = client.ID
+			input.Context["client_description"] = client.Description
+			input.Context["groups"] = client.Groups
+		}
+	}
+
+	if ctx, ok := c.(proxy.Context); ok {
+		input.Context["local"] = NewClientFromAddr(ctx.LocalAddr())
+		input.Context["bytes_rx"] = ctx.BytesRead()
+		input.Context["bytes_tx"] = ctx.BytesSent()
+	}
+
+	return input
 }
 
 func NewInputFromRequest(c net.Conn, r *http.Request) *Input {
@@ -131,6 +157,10 @@ func NewClientFromAddr(addr net.Addr) *Client {
 	}
 }
 
+type Group struct {
+	Name string `json:"name"`
+}
+
 type TLS struct {
 	Version      string         `json:"version"`
 	CipherSuite  string         `json:"cipher_suite"`