3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-04 01:09:36 +02:00
Code Issues Projects Releases Packages Wiki Activity

authorize: add rego functions to custom evaluator (#2236)

Browse source
This commit is contained in:
Caleb Doxsey 2021-05-24 12:46:15 -06:00 committed by GitHub
parent eeb5cd43df
commit fd0638c10c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

9
authorize/evaluator/custom.go
View file

@ -7,7 +7,6 @@ import (
"sync"
"github.com/open-policy-agent/opa/rego"
"github.com/open-policy-agent/opa/storage"
"github.com/pomerium/pomerium/internal/telemetry/trace"
)
@ -29,13 +28,13 @@ type CustomEvaluatorResponse struct {
// A CustomEvaluator evaluates custom rego policies.
type CustomEvaluator struct {
store storage.Store
store *Store
mu sync.Mutex
queries map[string]rego.PreparedEvalQuery
}
// NewCustomEvaluator creates a new CustomEvaluator.
func NewCustomEvaluator(store storage.Store) *CustomEvaluator {
func NewCustomEvaluator(store *Store) *CustomEvaluator {
ce := &CustomEvaluator{
store: store,
queries: map[string]rego.PreparedEvalQuery{},
@ -100,6 +99,8 @@ func (ce *CustomEvaluator) getPreparedEvalQuery(ctx context.Context, src string)
rego.Store(ce.store),
rego.Module("pomerium.custom_policy", src),
rego.Query("result = data.pomerium.custom_policy"),
getGoogleCloudServerlessHeadersRegoOption,
ce.store.GetDataBrokerRecordOption(),
)
q, err := r.PrepareForEval(ctx)
if err != nil {
@ -109,6 +110,8 @@ func (ce *CustomEvaluator) getPreparedEvalQuery(ctx context.Context, src string)
rego.Store(ce.store),
rego.Module("pomerium.custom_policy", "package pomerium.custom_policy\n\n"+src),
rego.Query("result = data.pomerium.custom_policy"),
getGoogleCloudServerlessHeadersRegoOption,
ce.store.GetDataBrokerRecordOption(),
)
q, err = r.PrepareForEval(ctx)
}