3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-03 08:50:42 +02:00
Code Issues Projects Releases Packages Wiki Activity

authorize: add evaluator store (#1105)

Browse source 
* add evaluator store

* handle arrays
This commit is contained in:
Caleb Doxsey 2020-07-20 07:39:34 -06:00 committed by GitHub
parent d2656ecd67
commit fff782e04c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 203 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

11
authorize/evaluator/evaluator.go
View file

@ -16,7 +16,6 @@ import (
"github.com/golang/protobuf/proto"
"github.com/golang/protobuf/ptypes"
"github.com/open-policy-agent/opa/rego"
"github.com/open-policy-agent/opa/storage/inmem"
"google.golang.org/protobuf/reflect/protoregistry"
"google.golang.org/protobuf/types/known/anypb"
"gopkg.in/square/go-jose.v2"
@ -49,7 +48,7 @@ type Evaluator struct {
}
// New creates a new Evaluator.
func New(options *config.Options) (*Evaluator, error) {
func New(options *config.Options, store *Store) (*Evaluator, error) {
e := &Evaluator{
authenticateHost: options.AuthenticateURL.Host,
policies: options.Policies,
@ -97,11 +96,11 @@ func New(options *config.Options) (*Evaluator, error) {
return nil, fmt.Errorf("error loading rego policy: %w", err)
}
store.UpdateAdmins(options.Administrators)
store.UpdateRoutePolicies(options.Policies)
e.rego = rego.New(
rego.Store(inmem.NewFromObject(map[string]interface{}{
"admins": options.Administrators,
"route_policies": options.Policies,
})),
rego.Store(store.opaStore),
rego.Module("pomerium.authz", string(authzPolicy)),
rego.Query("result = data.pomerium.authz"),
)