3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-03 12:26:03 +02:00
Code Issues Projects Releases Packages Wiki Activity
pomerium/pkg/policy/criteria/user.go
Caleb Doxsey efffe57bf0
ppl: pass contextual information through policy (#2612) 
* ppl: pass contextual information through policy

* maybe fix nginx

* fix nginx

* pr comments

* go mod tidy
2021-09-20 16:02:26 -06:00

57 lines
1.1 KiB
Go
Raw Permalink Blame History

package criteria
import (
"github.com/open-policy-agent/opa/ast"
"github.com/pomerium/pomerium/pkg/policy/generator"
"github.com/pomerium/pomerium/pkg/policy/parser"
"github.com/pomerium/pomerium/pkg/policy/rules"
)
var userBody = ast.Body{
ast.MustParseExpr(`
session := get_session(input.session.id)
`),
ast.MustParseExpr(`
user_id := session.user_id
`),
}
type userCriterion struct {
g *Generator
}
func (userCriterion) DataType() generator.CriterionDataType {
return CriterionDataTypeStringMatcher
}
func (userCriterion) Name() string {
return "user"
}
func (c userCriterion) GenerateRule(_ string, data parser.Value) (*ast.Rule, []*ast.Rule, error) {
var body ast.Body
body = append(body, userBody...)
err := matchString(&body, ast.VarTerm("user_id"), data)
if err != nil {
return nil, nil, err
}
rule := NewCriterionSessionRule(c.g, c.Name(),
ReasonUserOK, ReasonUserUnauthorized,
body)
return rule, []*ast.Rule{
rules.GetSession(),
}, nil
}
// UserID returns a Criterion on a user's id.
func UserID(generator *Generator) Criterion {
return userCriterion{g: generator}
}
func init() {
Register(UserID)
}
Reference in a new issue View git blame Copy permalink