ppl: add support for http_path and http_method (#2813)

* ppl: add support for http_path and http_method * fix import ordering
2025-07-23 19:49:13 +02:00 · 2021-12-10 07:28:51 -07:00 · 2021-12-10 07:28:51 -07:00 · 2d04106e6d
commit 2d04106e6d
parent 54ec88fb93
13 changed files with 257 additions and 18 deletions
--- a/pkg/policy/criteria/http_method.go
+++ b/pkg/policy/criteria/http_method.go
@ -0,0 +1,43 @@
+package criteria
+
+import (
+	"github.com/open-policy-agent/opa/ast"
+
+	"github.com/pomerium/pomerium/pkg/policy/parser"
+)
+
+type httpMethodCriterion struct {
+	g *Generator
+}
+
+func (httpMethodCriterion) DataType() CriterionDataType {
+	return CriterionDataTypeStringMatcher
+}
+
+func (httpMethodCriterion) Name() string {
+	return "http_method"
+}
+
+func (c httpMethodCriterion) GenerateRule(_ string, data parser.Value) (*ast.Rule, []*ast.Rule, error) {
+	var body ast.Body
+	ref := ast.RefTerm(ast.VarTerm("input"), ast.VarTerm("http"), ast.VarTerm("method"))
+	err := matchString(&body, ref, data)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	rule := NewCriterionRule(c.g, c.Name(),
+		ReasonHTTPMethodOK, ReasonHTTPMethodUnauthorized,
+		body)
+
+	return rule, nil, nil
+}
+
+// HTTPMethod returns a Criterion which matches an HTTP method.
+func HTTPMethod(generator *Generator) Criterion {
+	return httpMethodCriterion{g: generator}
+}
+
+func init() {
+	Register(HTTPMethod)
+}