mirror of
https://github.com/pomerium/pomerium.git
synced 2025-07-24 03:59:49 +02:00
ppl: refactor authorize to evaluate PPL (#2224)
* ppl: refactor authorize to evaluate PPL * remove opa test step * add log statement * simplify assignment * deny with forbidden if logged in * add safeEval function * create evaluator-specific config and options * embed the headers rego file directly
This commit is contained in:
parent
8c56d64f31
commit
dad35bcfb0
26 changed files with 1451 additions and 2211 deletions
|
@ -86,6 +86,7 @@ func Test_getEvaluatorRequest(t *testing.T) {
|
|||
)
|
||||
require.NoError(t, err)
|
||||
expect := &evaluator.Request{
|
||||
Policy: &a.currentOptions.Load().Policies[0],
|
||||
Session: evaluator.RequestSession{
|
||||
ID: "SESSION_ID",
|
||||
},
|
||||
|
@ -98,7 +99,6 @@ func Test_getEvaluatorRequest(t *testing.T) {
|
|||
},
|
||||
ClientCertificate: certPEM,
|
||||
},
|
||||
CustomPolicies: []string{"allow = true"},
|
||||
}
|
||||
assert.Equal(t, expect, actual)
|
||||
}
|
||||
|
@ -294,6 +294,7 @@ func Test_getEvaluatorRequestWithPortInHostHeader(t *testing.T) {
|
|||
}, nil)
|
||||
require.NoError(t, err)
|
||||
expect := &evaluator.Request{
|
||||
Policy: &a.currentOptions.Load().Policies[0],
|
||||
Session: evaluator.RequestSession{},
|
||||
HTTP: evaluator.RequestHTTP{
|
||||
Method: "GET",
|
||||
|
@ -304,7 +305,6 @@ func Test_getEvaluatorRequestWithPortInHostHeader(t *testing.T) {
|
|||
},
|
||||
ClientCertificate: certPEM,
|
||||
},
|
||||
CustomPolicies: []string{"allow = true"},
|
||||
}
|
||||
assert.Equal(t, expect, actual)
|
||||
}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue