From 79ff77922fef66e96b8d62d6f8d4a9b4f19c6843 Mon Sep 17 00:00:00 2001 From: Mohd Uzair Date: Fri, 11 Aug 2023 21:06:02 +0530 Subject: [PATCH] Revert "[Policy] init rego instance" --- helpers/component_info.json | 2 +- models/meshmodel/core/policies/error.go | 16 ---- .../core/policies/rego_policy_relationship.go | 80 +++---------------- 3 files changed, 11 insertions(+), 87 deletions(-) delete mode 100644 models/meshmodel/core/policies/error.go diff --git a/helpers/component_info.json b/helpers/component_info.json index 7c04dcc4..08420885 100644 --- a/helpers/component_info.json +++ b/helpers/component_info.json @@ -1,5 +1,5 @@ { "name": "meshkit", "type": "library", - "next_error_code": 11100 + "next_error_code": 11097 } \ No newline at end of file diff --git a/models/meshmodel/core/policies/error.go b/models/meshmodel/core/policies/error.go deleted file mode 100644 index 93aed34c..00000000 --- a/models/meshmodel/core/policies/error.go +++ /dev/null @@ -1,16 +0,0 @@ -package policies - -import "github.com/layer5io/meshkit/errors" - -const ( - ErrPrepareForEvalCode = "11098" - ErrEvalCode = "11099" -) - -func ErrPrepareForEval(err error) error { - return errors.New(ErrPrepareForEvalCode, errors.Alert, []string{"error preparing for evaluation"}, []string{err.Error()}, []string{"query might be empty", "rego store provided without associated transaction", "uncommitted transaction"}, []string{"please provide the transaction for the loaded store"}) -} - -func ErrEval(err error) error { - return errors.New(ErrEvalCode, errors.Alert, []string{"error evaluating policy for the given input"}, []string{err.Error()}, []string{"The policy query is invalid, see: https://github.com/open-policy-agent/opa/blob/main/rego/resultset.go (Allowed func)"}, []string{"please provide a valid non-empty query"}) -} diff --git a/models/meshmodel/core/policies/rego_policy_relationship.go b/models/meshmodel/core/policies/rego_policy_relationship.go index 0755f356..d884fd18 100644 --- a/models/meshmodel/core/policies/rego_policy_relationship.go +++ b/models/meshmodel/core/policies/rego_policy_relationship.go @@ -2,99 +2,39 @@ package policies import ( "context" - "encoding/json" - "io/fs" - "os" - "path/filepath" - "strings" + "fmt" - "github.com/layer5io/meshkit/models/meshmodel/core/v1alpha1" - "github.com/layer5io/meshkit/utils" "github.com/open-policy-agent/opa/rego" - "github.com/open-policy-agent/opa/storage" - "github.com/open-policy-agent/opa/storage/inmem" "github.com/sirupsen/logrus" "gopkg.in/yaml.v3" ) -type Rego struct { - store storage.Store - ctx context.Context - transaction storage.Transaction - policyDir string -} - -func NewRegoInstance(policyDir string, relationshipDir string) (*Rego, error) { - var relationships []v1alpha1.RelationshipDefinition - ctx := context.Background() - - err := filepath.Walk(relationshipDir, func(path string, info fs.FileInfo, err error) error { - var relationship v1alpha1.RelationshipDefinition - if !info.IsDir() { - byt, err := os.ReadFile(path) - if err != nil { - return utils.ErrReadingLocalFile(err) - } - err = json.Unmarshal(byt, &relationship) - if err != nil { - return utils.ErrUnmarshal(err) - } - relationships = append(relationships, relationship) - } - return nil - }) - - if err != nil { - return nil, err - } - - data := mapRelationshipsWithSubType(&relationships) - store := inmem.NewFromObject(data) - txn, _ := store.NewTransaction(ctx, storage.WriteParams) - - return &Rego{ - store: store, - ctx: ctx, - transaction: txn, - policyDir: policyDir, - }, nil -} - -func mapRelationshipsWithSubType(relationships *[]v1alpha1.RelationshipDefinition) map[string]interface{} { - relMap := make(map[string]interface{}, len(*relationships)) - for _, relationship := range *relationships { - relMap[strings.ToLower(relationship.SubType)] = relationship - } - return relMap -} - // RegoPolicyHandler takes the required inputs and run the query against all the policy files provided -func (r *Rego) RegoPolicyHandler(regoQueryString string, designFile []byte) (map[string]interface{}, error) { +func RegoPolicyHandler(ctx context.Context, policyDir []string, regoQueryString string, designFile []byte) (map[string]interface{}, error) { + regoPolicyLoader := rego.Load(policyDir, nil) + regoEngine, err := rego.New( rego.Query(regoQueryString), - rego.Load([]string{r.policyDir}, nil), - rego.Store(r.store), - rego.Transaction(r.transaction), - ).PrepareForEval(r.ctx) + regoPolicyLoader, + ).PrepareForEval(ctx) if err != nil { logrus.Error("error preparing for evaluation", err) - return nil, ErrPrepareForEval(err) } var input map[string]interface{} err = yaml.Unmarshal((designFile), &input) if err != nil { - return nil, utils.ErrUnmarshal(err) + return nil, err } - eval_result, err := regoEngine.Eval(r.ctx, rego.EvalInput(input)) + eval_result, err := regoEngine.Eval(ctx, rego.EvalInput(input)) if err != nil { - return nil, ErrEval(err) + return nil, err } if !eval_result.Allowed() { return eval_result[0].Expressions[0].Value.(map[string]interface{}), nil } - return nil, ErrEval(err) + return nil, fmt.Errorf("error evaluation rego response, the result is not returning the expressions, The policy query is invalid, see: github.com/open-policy-agent/opa@v0.52.0/rego/resultset.go (Allowed func)") }