3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-02 16:30:17 +02:00
Code Issues Projects Releases Packages Wiki Activity

core/opa: update for rego 1.0 (#4895)

Browse source 
* core/opa: update headers rego script

* core/opa: update ppl

* further updates
This commit is contained in:
Caleb Doxsey 2024-01-16 09:43:35 -07:00 committed by GitHub
parent 5e0079c649
commit 24b04bed35
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 289 additions and 319 deletions
Download patch file Download diff file Expand all files Collapse all files

110
pkg/policy/generator/generator_test.go
View file

@ -63,146 +63,118 @@ func Test(t *testing.T) {
require.NoError(t, err)
assert.Equal(t, `package pomerium.policy
default allow = [false, set()]
import rego.v1
default deny = [false, set()]
default allow := [false, set()]
accept_0 {
1 == 1
}
default deny := [false, set()]
accept_1 {
1 == 1
}
accept_0 if 1 == 1
accept_2 {
1 == 1
}
accept_1 if 1 == 1
and_0 = v {
accept_2 if 1 == 1
and_0 := v if {
results := [accept_0, accept_1, accept_2]
normalized := [normalize_criterion_result(x) | x := results[i]]
v := merge_with_and(normalized)
}
accept_3 {
1 == 1
}
accept_3 if 1 == 1
accept_4 {
1 == 1
}
accept_4 if 1 == 1
accept_5 {
1 == 1
}
accept_5 if 1 == 1
or_0 = v {
or_0 := v if {
results := [accept_3, accept_4, accept_5]
normalized := [normalize_criterion_result(x) | x := results[i]]
v := merge_with_or(normalized)
}
accept_6 {
1 == 1
}
accept_6 if 1 == 1
accept_7 {
1 == 1
}
accept_7 if 1 == 1
accept_8 {
1 == 1
}
accept_8 if 1 == 1
not_0 = v {
not_0 := v if {
results := [accept_6, accept_7, accept_8]
normalized := [normalize_criterion_result(x) | x := results[i]]
inverted := [invert_criterion_result(x) | x := results[i]]
v := merge_with_and(inverted)
}
accept_9 {
1 == 1
}
accept_9 if 1 == 1
accept_10 {
1 == 1
}
accept_10 if 1 == 1
accept_11 {
1 == 1
}
accept_11 if 1 == 1
nor_0 = v {
nor_0 := v if {
results := [accept_9, accept_10, accept_11]
normalized := [normalize_criterion_result(x) | x := results[i]]
inverted := [invert_criterion_result(x) | x := results[i]]
v := merge_with_or(inverted)
}
accept_12 {
1 == 1
}
accept_12 if 1 == 1
and_1 = v {
and_1 := v if {
results := [accept_12]
normalized := [normalize_criterion_result(x) | x := results[i]]
v := merge_with_and(normalized)
}
allow = v {
allow := v if {
results := [and_0, or_0, not_0, nor_0, and_1]
normalized := [normalize_criterion_result(x) | x := results[i]]
v := merge_with_or(normalized)
}
accept_13 {
1 == 1
}
accept_13 if 1 == 1
accept_14 {
1 == 1
}
accept_14 if 1 == 1
nor_1 = v {
nor_1 := v if {
results := [accept_13, accept_14]
normalized := [normalize_criterion_result(x) | x := results[i]]
inverted := [invert_criterion_result(x) | x := results[i]]
v := merge_with_or(inverted)
}
deny = v {
deny := v if {
results := [nor_1]
normalized := [normalize_criterion_result(x) | x := results[i]]
v := merge_with_or(normalized)
}
invert_criterion_result(in) = out {
in[0]
out = array.concat([false], array.slice(in, 1, count(in)))
invert_criterion_result(v) := out if {
v[0]
out = array.concat([false], array.slice(v, 1, count(v)))
}
else = out {
not in[0]
out = array.concat([true], array.slice(in, 1, count(in)))
else := out if {
not v[0]
out = array.concat([true], array.slice(v, 1, count(v)))
}
normalize_criterion_result(result) = v {
normalize_criterion_result(result) := v if {
is_boolean(result)
v = [result, set()]
}
else = v {
else := v if {
is_array(result)
v = result
}
else = v {
else := v if {
v = [false, set()]
}
object_union(xs) = merged {
object_union(xs) := merged if {
merged = {k: v |
some k
xs[_][k]
@ -211,27 +183,27 @@ object_union(xs) = merged {
}
}
merge_with_and(results) = [true, reasons, additional_data] {
merge_with_and(results) := [true, reasons, additional_data] if {
true_results := [x | x := results[i]; x[0]]
count(true_results) == count(results)
reasons := union({x | x := true_results[i][1]})
additional_data := object_union({x | x := true_results[i][2]})
}
else = [false, reasons, additional_data] {
else := [false, reasons, additional_data] if {
false_results := [x | x := results[i]; not x[0]]
reasons := union({x | x := false_results[i][1]})
additional_data := object_union({x | x := false_results[i][2]})
}
merge_with_or(results) = [true, reasons, additional_data] {
merge_with_or(results) := [true, reasons, additional_data] if {
true_results := [x | x := results[i]; x[0]]
count(true_results) > 0
reasons := union({x | x := true_results[i][1]})
additional_data := object_union({x | x := true_results[i][2]})
}
else = [false, reasons, additional_data] {
else := [false, reasons, additional_data] if {
false_results := [x | x := results[i]; not x[0]]
reasons := union({x | x := false_results[i][1]})
additional_data := object_union({x | x := false_results[i][2]})