Checkpoint
This commit is contained in:
@@ -67,24 +67,10 @@ func newRego(option func(*rego.Rego), pkg string) []func(*rego.Rego) {
|
||||
rego.Query("data." + pkg),
|
||||
rego.Strict(true),
|
||||
rego.Capabilities(capabilities),
|
||||
rego.Function2(®o.Function{
|
||||
Name: "styx.in_domains",
|
||||
Decl: domainContainsDecl,
|
||||
Memoize: true,
|
||||
Nondeterministic: true,
|
||||
}, domainContainsImpl),
|
||||
rego.Function2(®o.Function{
|
||||
Name: "styx.in_networks",
|
||||
Decl: networkContainsDecl,
|
||||
Memoize: true,
|
||||
Nondeterministic: true,
|
||||
}, networkContainsImpl),
|
||||
rego.Function1(®o.Function{
|
||||
Name: "styx.lookup_ip_addr", // override builtin
|
||||
Decl: netLookupIPAddrDecl,
|
||||
Memoize: true,
|
||||
Nondeterministic: true,
|
||||
}, netLookupIPAddrImpl),
|
||||
rego.Function2(domainContainsFunc, domainContains),
|
||||
rego.Function2(networkContainsFunc, networkContains),
|
||||
rego.Function1(lookupIPAddrFunc, lookupIPAddr),
|
||||
rego.Function2(timebetweenFunc, timeBetween),
|
||||
rego.PrintHook(printHook{}),
|
||||
option,
|
||||
}
|
||||
@@ -128,16 +114,20 @@ func (r *Result) Response(ctx proxy.Context) (*http.Response, error) {
|
||||
|
||||
switch {
|
||||
case r.Redirect != "":
|
||||
log.Value("location", r.Redirect).Trace("Creating a HTTP redirect response")
|
||||
response := proxy.NewResponse(http.StatusFound, nil, ctx.Request())
|
||||
response.Header.Set("Server", "styx")
|
||||
response.Header.Set(proxy.HeaderLocation, r.Redirect)
|
||||
return response, nil
|
||||
|
||||
case r.Template != "":
|
||||
log = log.Value("template", r.Template)
|
||||
log.Trace("Creating a HTTP template response")
|
||||
|
||||
b := new(bytes.Buffer)
|
||||
t, err := template.New(filepath.Base(r.Template)).ParseFiles(r.Template)
|
||||
if err != nil {
|
||||
log.Value("template", r.Template).Err(err).Warn("Error loading template in response")
|
||||
log.Err(err).Warn("Error loading template in response")
|
||||
return nil, err
|
||||
}
|
||||
t = t.Funcs(template.FuncMap{
|
||||
@@ -149,7 +139,7 @@ func (r *Result) Response(ctx proxy.Context) (*http.Response, error) {
|
||||
"Response": ctx.Response(),
|
||||
"Errors": r.Errors,
|
||||
}); err != nil {
|
||||
log.Value("template", r.Template).Err(err).Warn("Error rendering template response")
|
||||
log.Err(err).Warn("Error rendering template response")
|
||||
return nil, err
|
||||
}
|
||||
|
||||
@@ -159,46 +149,34 @@ func (r *Result) Response(ctx proxy.Context) (*http.Response, error) {
|
||||
return response, nil
|
||||
|
||||
case r.Reject > 0:
|
||||
log.Value("code", r.Reject).Trace("Creating a HTTP reject response")
|
||||
body := io.NopCloser(bytes.NewBufferString(http.StatusText(r.Reject)))
|
||||
response := proxy.NewResponse(r.Reject, body, ctx.Request())
|
||||
response.Header.Set(proxy.HeaderContentType, "text/plain")
|
||||
return response, nil
|
||||
|
||||
case r.Permit != nil && !*r.Permit:
|
||||
log.Trace("Creating a HTTP reject response due to explicit not permit")
|
||||
body := io.NopCloser(bytes.NewBufferString(http.StatusText(http.StatusForbidden)))
|
||||
response := proxy.NewResponse(http.StatusForbidden, body, ctx.Request())
|
||||
response.Header.Set(proxy.HeaderContentType, "text/plain")
|
||||
return response, nil
|
||||
|
||||
default:
|
||||
log.Trace("Not creating a HTTP response")
|
||||
return nil, nil
|
||||
}
|
||||
}
|
||||
|
||||
func (p *Policy) Query(input *Input) (*Result, error) {
|
||||
/*
|
||||
e := json.NewEncoder(os.Stdout)
|
||||
e.SetIndent("", " ")
|
||||
e.Encode(doc)
|
||||
*/
|
||||
|
||||
log := logger.StandardLog.Value("policy", p.name)
|
||||
log.Trace("Evaluating policy")
|
||||
|
||||
r := rego.New(append(p.options, rego.Input(input))...)
|
||||
|
||||
ctx := context.Background()
|
||||
/*
|
||||
query, err := p.rego.PrepareForEval(ctx)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
rs, err := query.Eval(ctx, rego.EvalInput(input))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
*/
|
||||
rs, err := r.Eval(ctx)
|
||||
var (
|
||||
rego = rego.New(append(p.options, rego.Input(input))...)
|
||||
ctx = context.Background()
|
||||
rs, err = rego.Eval(ctx)
|
||||
)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -208,6 +186,12 @@ func (p *Policy) Query(input *Input) (*Result, error) {
|
||||
result := &Result{}
|
||||
for _, expr := range rs[0].Expressions {
|
||||
if m, ok := expr.Value.(map[string]any); ok {
|
||||
// Remove private variables.
|
||||
for k := range m {
|
||||
if len(k) > 0 && k[0] == '_' {
|
||||
delete(m, k)
|
||||
}
|
||||
}
|
||||
log.Values(m).Trace("Policy result expression")
|
||||
if err = mapstructure.Decode(m, result); err != nil {
|
||||
return nil, err
|
||||
|
||||
Reference in New Issue
Block a user