ppl: refactor authorize to evaluate PPL (#2224)

* ppl: refactor authorize to evaluate PPL

* remove opa test step

* add log statement

* simplify assignment

* deny with forbidden if logged in

* add safeEval function

* create evaluator-specific config and options

* embed the headers rego file directly
This commit is contained in:
Caleb Doxsey 2021-05-21 09:50:18 -06:00 committed by GitHub
parent 8c56d64f31
commit dad35bcfb0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
26 changed files with 1451 additions and 2211 deletions

View file

@ -86,6 +86,7 @@ func Test_getEvaluatorRequest(t *testing.T) {
)
require.NoError(t, err)
expect := &evaluator.Request{
Policy: &a.currentOptions.Load().Policies[0],
Session: evaluator.RequestSession{
ID: "SESSION_ID",
},
@ -98,7 +99,6 @@ func Test_getEvaluatorRequest(t *testing.T) {
},
ClientCertificate: certPEM,
},
CustomPolicies: []string{"allow = true"},
}
assert.Equal(t, expect, actual)
}
@ -294,6 +294,7 @@ func Test_getEvaluatorRequestWithPortInHostHeader(t *testing.T) {
}, nil)
require.NoError(t, err)
expect := &evaluator.Request{
Policy: &a.currentOptions.Load().Policies[0],
Session: evaluator.RequestSession{},
HTTP: evaluator.RequestHTTP{
Method: "GET",
@ -304,7 +305,6 @@ func Test_getEvaluatorRequestWithPortInHostHeader(t *testing.T) {
},
ClientCertificate: certPEM,
},
CustomPolicies: []string{"allow = true"},
}
assert.Equal(t, expect, actual)
}