3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-07-24 03:59:49 +02:00
Code Issues Projects Releases Packages Wiki Activity

ppl: refactor authorize to evaluate PPL (#2224)

Browse source 
* ppl: refactor authorize to evaluate PPL

* remove opa test step

* add log statement

* simplify assignment

* deny with forbidden if logged in

* add safeEval function

* create evaluator-specific config and options

* embed the headers rego file directly
This commit is contained in:
Caleb Doxsey 2021-05-21 09:50:18 -06:00 committed by GitHub
parent 8c56d64f31
commit dad35bcfb0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
26 changed files with 1451 additions and 2211 deletions
Download patch file Download diff file Expand all files Collapse all files

4
authorize/grpc_test.go
View file

@ -86,6 +86,7 @@ func Test_getEvaluatorRequest(t *testing.T) {
)
require.NoError(t, err)
expect := &evaluator.Request{
Policy: &a.currentOptions.Load().Policies[0],
Session: evaluator.RequestSession{
ID: "SESSION_ID",
},
@ -98,7 +99,6 @@ func Test_getEvaluatorRequest(t *testing.T) {
},
ClientCertificate: certPEM,
},
CustomPolicies: []string{"allow = true"},
}
assert.Equal(t, expect, actual)
}
@ -294,6 +294,7 @@ func Test_getEvaluatorRequestWithPortInHostHeader(t *testing.T) {
}, nil)
require.NoError(t, err)
expect := &evaluator.Request{
Policy: &a.currentOptions.Load().Policies[0],
Session: evaluator.RequestSession{},
HTTP: evaluator.RequestHTTP{
Method: "GET",
@ -304,7 +305,6 @@ func Test_getEvaluatorRequestWithPortInHostHeader(t *testing.T) {
},
ClientCertificate: certPEM,
},
CustomPolicies: []string{"allow = true"},
}
assert.Equal(t, expect, actual)
}