ffactor: update match policy method signature

Author: chen-keinan

validator/policyeval.go

@@ -1,19 +1,15 @@
 package validator
 
 import (
-	"bufio"
-	"bytes"
 	"context"
 	"fmt"
 	"github.com/open-policy-agent/opa/ast"
 	"github.com/open-policy-agent/opa/rego"
-	"io/ioutil"
-	"strings"
 )
 
 //Evaluator OPA evaluate interface
 type Evaluator interface {
-	EvaluatePolicy(evalProperty []string, policy string, data string) ([]*ValidateResult, error)
+	EvaluatePolicy(queryParam []string, policy string, data string) ([]*ValidateResult, error)
 }
 
 //policyEval opa evaluate object
@@ -27,8 +23,7 @@ func NewPolicyEval() Evaluator {
 
 //EvaluatePolicy evaluate opa policy against given json input , accept opa pkg name ,policy rule(deny/allow),policy and input data
 // return evaluation result in a bool form
-func (pe policyEval) EvaluatePolicy(evalProperty []string, policy string, data string) ([]*ValidateResult, error) {
-	pkgName := pe.detectPkgName(policy)
+func (pe policyEval) EvaluatePolicy(queryParam []string, policy string, data string) ([]*ValidateResult, error) {
 	ctx := context.Background()
 	var inputObject interface{}
 	// try to read data as json format
@@ -48,18 +43,14 @@ func (pe policyEval) EvaluatePolicy(evalProperty []string, policy string, data s
 	}
 	// Compile the module. The keys are used as identifiers in error messages.
 	compiler, err := ast.CompileModules(map[string]string{
-		fmt.Sprintf("%s.rego", pkgName): policy,
+		fmt.Sprintf("%s.rego", "eval"): policy,
 	})
 	if err != nil {
 		return nil, err
 	}
 	regoFunc := make([]func(r *rego.Rego), 0)
-	for _, pr := range evalProperty {
-		if len(pkgName) > 0 {
-			regoFunc = append(regoFunc, rego.Query(fmt.Sprintf("data.%s.%s", pkgName, pr)))
-		} else {
-			regoFunc = append(regoFunc, rego.Query(policy))
-		}
+	for _, pr := range queryParam {
+		regoFunc = append(regoFunc, rego.Query(fmt.Sprintf("data.%s", pr)))
 	}
 	regoFunc = append(regoFunc, rego.Compiler(compiler))
 	regoFunc = append(regoFunc, rego.Input(inputObject))
@@ -75,28 +66,6 @@ func (pe policyEval) EvaluatePolicy(evalProperty []string, policy string, data s
 	return validateResult, nil
 }
 
-func (pe policyEval) detectPkgName(policy string) string {
-	var pkgName string
-	const policyPackage = "package"
-	reader := ioutil.NopCloser(bytes.NewReader([]byte(policy)))
-	defer func() {
-		err := reader.Close()
-		if err != nil {
-			fmt.Println(err)
-		}
-	}()
-	scanner := bufio.NewScanner(reader)
-	// optionally, resize scanner's capacity for lines over 64K, see next example
-	for scanner.Scan() {
-		line := scanner.Text()
-		if strings.HasPrefix(line, policyPackage) {
-			pkgName = strings.TrimSpace(strings.Replace(line, policyPackage, "", -1))
-			break
-		}
-	}
-	return pkgName
-}
-
 //ValidateResult opa validation results
 type ValidateResult struct {
 	Value            bool

validator/policyeval_test.go

@@ -16,11 +16,11 @@ func Test_PolicyEval(t *testing.T) {
 		want       bool
 		wantError  error
 	}{
-		{name: "test validate policy deny pod name json format", data: "./fixture/pod.json", pkgName: "example", policyRule: []string{"deny"}, policy: "./fixture/pod_policy_deny", want: true, wantError: nil},
-		{name: "test validate policy deny pod name yaml format", data: "./fixture/pod.yaml", pkgName: "example", policyRule: []string{"deny"}, policy: "./fixture/pod_policy_deny", want: true, wantError: nil},
-		{name: "test validate policy allow pod name", data: "./fixture/allow_pod.json", pkgName: "example", policyRule: []string{"deny"}, policy: "./fixture/pod_policy_deny", want: false, wantError: nil},
-		{name: "test validate policy bad data", data: "./fixture/badJson.json", pkgName: "example", policyRule: []string{"deny"}, policy: "./fixture/pod_policy_deny", want: false, wantError: nil},
-		{name: "test validate policy bad policy", data: "./fixture/badJson.json", pkgName: "example", policyRule: []string{"deny"}, policy: "./fixture/pod_policy_deny_bad", want: false, wantError: fmt.Errorf("1 error occurred: .rego:5: rego_parse_error: unexpected } token\n\t}\n\t^")},
+		{name: "test validate policy deny pod name json format", data: "./fixture/pod.json", policyRule: []string{"example.deny"}, policy: "./fixture/pod_policy_deny", want: true, wantError: nil},
+		{name: "test validate policy deny pod name yaml format", data: "./fixture/pod.yaml", policyRule: []string{"example.deny"}, policy: "./fixture/pod_policy_deny", want: true, wantError: nil},
+		{name: "test validate policy allow pod name", data: "./fixture/allow_pod.json", policyRule: []string{"example.deny"}, policy: "./fixture/pod_policy_deny", want: false, wantError: nil},
+		{name: "test validate policy bad data", data: "./fixture/badJson.json", policyRule: []string{"example.deny"}, policy: "./fixture/pod_policy_deny", want: false, wantError: nil},
+		{name: "test validate policy bad policy", data: "./fixture/badJson.json", policyRule: []string{"example.deny"}, policy: "./fixture/pod_policy_deny_bad", want: false, wantError: fmt.Errorf("1 error occurred: eval.rego:5: rego_parse_error: unexpected } token\n\t}\n\t^")},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -32,42 +32,18 @@ func Test_PolicyEval(t *testing.T) {
 			if err != nil {
 				t.Fatal(err)
 			}
-			got, err := NewPolicyEval().EvaluatePolicy([]string{"deny"}, string(policy), string(data))
+			got, err := NewPolicyEval().EvaluatePolicy(tt.policyRule, string(policy), string(data))
 			if err != nil {
 				goErr := err.Error()
 				if goErr != tt.wantError.Error() {
 					t.Fatal(err)
 				}
 			}
-			if len(got) > 0 {
+			if err == nil {
 				if got[0].Value != tt.want {
 					t.Errorf("Test_PolicyEval() = %v, want %v", got[0], tt.want)
 				}
 			}
 		})
 	}
 }
-
-func Test_DetectPkgName(t *testing.T) {
-	tests := []struct {
-		name   string
-		policy string
-		want   string
-	}{
-		{name: "detect pkg name exist", policy: "./fixture/pod_policy_deny", want: "example"},
-		{name: "detect pkg name not exist", policy: "./fixture/pod_policy_deny_bad", want: ""},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			policy, err := ioutil.ReadFile(tt.policy)
-			if err != nil {
-				t.Fatal(err)
-			}
-			pe := &policyEval{}
-			got := pe.detectPkgName(string(policy))
-			if got != tt.want {
-				t.Errorf("Test_DetectPkgName() = %v, want %v", got[0], tt.want)
-			}
-		})
-	}
-}