EXPERIMENTAL: Add reader.Checks() & ds.checks implementations (#493)

aserto-dev · Nov 25, 2024 · daa897b · daa897b
1 parent 3079256
commit daa897b
Show file tree

Hide file tree

Showing 6 changed files with 175 additions and 45 deletions.
diff --git a/.golangci.yaml b/.golangci.yaml
@@ -153,6 +153,10 @@ issues:
       text: "hugeParam:"
       linters:
       - gocritic
+    # integer overflow conversion      
+    - text: "G115"
+      linters:
+      - gosec
     - text: "G404"
       linters:
       - gosec

diff --git a/builtins/edge/ds/checks.go b/builtins/edge/ds/checks.go
@@ -0,0 +1,96 @@
+package ds
+
+import (
+	"bytes"
+
+	dsr3 "github.com/aserto-dev/go-directory/aserto/directory/reader/v3"
+	"github.com/aserto-dev/topaz/resolvers"
+
+	"github.com/open-policy-agent/opa/ast"
+	"github.com/open-policy-agent/opa/rego"
+	"github.com/open-policy-agent/opa/types"
+
+	"github.com/rs/zerolog"
+	"google.golang.org/protobuf/encoding/protojson"
+	"google.golang.org/protobuf/proto"
+	"google.golang.org/protobuf/types/known/structpb"
+)
+
+// RegisterCheck - ds.checks
+//
+//	ds.checks({
+//	  "object_type": "",
+//	  "object_id": "",
+//	  "relation": "",
+//	  "subject_type": ""
+//	  "subject_id": "",
+//	  "trace": false
+//	})
+func RegisterChecks(logger *zerolog.Logger, fnName string, dr resolvers.DirectoryResolver) (*rego.Function, rego.Builtin1) {
+	return &rego.Function{
+			Name:    fnName,
+			Decl:    types.NewFunction(types.Args(types.A), types.B),
+			Memoize: true,
+		},
+		func(bctx rego.BuiltinContext, op1 *ast.Term) (*ast.Term, error) {
+			var args dsr3.ChecksRequest
+
+			if err := ast.As(op1.Value, &args); err != nil {
+				return nil, err
+			}
+
+			if proto.Equal(&args, &dsr3.ChecksRequest{}) {
+				return helpMsg(fnName, &dsr3.ChecksRequest{
+					Default: &dsr3.CheckRequest{
+						ObjectType:  "",
+						ObjectId:    "",
+						Relation:    "",
+						SubjectType: "",
+						SubjectId:   "",
+					},
+					Checks: []*dsr3.CheckRequest{
+						{
+							ObjectType:  "",
+							ObjectId:    "",
+							Relation:    "",
+							SubjectType: "",
+							SubjectId:   "",
+						},
+					},
+				})
+			}
+
+			if args.Default == nil {
+				args.Default = &dsr3.CheckRequest{}
+			}
+
+			if args.Checks == nil {
+				args.Checks = []*dsr3.CheckRequest{}
+			}
+
+			resp, err := dr.GetDS().Checks(bctx.Context, &args)
+			if err != nil {
+				traceError(&bctx, fnName, err)
+				return nil, err
+			}
+
+			buf := new(bytes.Buffer)
+			if err := ProtoToBuf(buf, resp); err != nil {
+				return nil, err
+			}
+
+			pbs := structpb.Struct{}
+			if err := protojson.Unmarshal(buf.Bytes(), &pbs); err != nil {
+				return nil, err
+			}
+
+			result := pbs.Fields["checks"].AsInterface().([]interface{})
+
+			v, err := ast.InterfaceToValue(result)
+			if err != nil {
+				return nil, err
+			}
+
+			return ast.NewTerm(v), nil
+		}
+}
diff --git a/go.mod b/go.mod
@@ -5,18 +5,18 @@ go 1.23.3
 replace github.com/adrg/xdg => ./internal/pkg/xdg
 
 require (
-	github.com/Masterminds/semver/v3 v3.3.0
+	github.com/Masterminds/semver/v3 v3.3.1
 	github.com/adrg/xdg v0.4.0
 	github.com/alecthomas/kong v1.4.0
 	github.com/aserto-dev/aserto-grpc v0.2.6
 	github.com/aserto-dev/aserto-management v0.9.7
-	github.com/aserto-dev/azm v0.1.19
+	github.com/aserto-dev/azm v0.2.1
 	github.com/aserto-dev/certs v0.1.0
 	github.com/aserto-dev/errors v0.0.11
 	github.com/aserto-dev/go-aserto v0.33.3
 	github.com/aserto-dev/go-authorizer v0.20.11
-	github.com/aserto-dev/go-directory v0.31.14
-	github.com/aserto-dev/go-edge-ds v0.32.12
+	github.com/aserto-dev/go-directory v0.33.1
+	github.com/aserto-dev/go-edge-ds v0.33.0
 	github.com/aserto-dev/go-grpc v0.9.2
 	github.com/aserto-dev/go-topaz-ui v0.1.15
 	github.com/aserto-dev/header v0.0.8
@@ -37,9 +37,9 @@ require (
 	github.com/grpc-ecosystem/go-grpc-middleware v1.4.0
 	github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus v1.0.1
 	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0
-	github.com/grpc-ecosystem/grpc-gateway/v2 v2.23.0
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.24.0
 	github.com/itchyny/gojq v0.12.16
-	github.com/lestrrat-go/jwx/v2 v2.1.2
+	github.com/lestrrat-go/jwx/v2 v2.1.3
 	github.com/magefile/mage v1.15.0
 	github.com/mattn/go-isatty v0.0.20
 	github.com/mennanov/fmutils v0.3.0
@@ -58,7 +58,7 @@ require (
 	github.com/slok/go-http-metrics v0.13.0
 	github.com/spf13/cobra v1.8.1
 	github.com/spf13/viper v1.19.0
-	github.com/stretchr/testify v1.9.0
+	github.com/stretchr/testify v1.10.0
 	github.com/testcontainers/testcontainers-go v0.34.0
 	golang.org/x/sync v0.9.0
 	golang.org/x/sys v0.27.0
@@ -68,7 +68,8 @@ require (
 )
 
 require (
-	buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.35.1-20240920164238-5a7b106cbb87.1 // indirect
+	buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.35.2-20240920164238-5a7b106cbb87.1 // indirect
+	cel.dev/expr v0.18.0 // indirect
 	dario.cat/mergo v1.0.1 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
@@ -79,7 +80,7 @@ require (
 	github.com/aserto-dev/go-decision-logs v0.1.2 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bufbuild/protocompile v0.13.0 // indirect
-	github.com/bufbuild/protovalidate-go v0.7.2 // indirect
+	github.com/bufbuild/protovalidate-go v0.7.3 // indirect
 	github.com/bytecodealliance/wasmtime-go/v3 v3.0.2 // indirect
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
@@ -109,7 +110,7 @@ require (
 	github.com/goccy/go-json v0.10.3 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
-	github.com/google/cel-go v0.21.0 // indirect
+	github.com/google/cel-go v0.22.0 // indirect
 	github.com/google/subcommands v1.2.0 // indirect
 	github.com/gorilla/mux v1.8.1 // indirect
 	github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.1.0 // indirect
@@ -185,15 +186,15 @@ require (
 	go.opentelemetry.io/otel/trace v1.32.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/crypto v0.29.0 // indirect
-	golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c // indirect
-	golang.org/x/mod v0.21.0 // indirect
+	golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f // indirect
+	golang.org/x/mod v0.22.0 // indirect
 	golang.org/x/net v0.31.0 // indirect
 	golang.org/x/term v0.26.0 // indirect
 	golang.org/x/text v0.20.0 // indirect
 	golang.org/x/time v0.8.0 // indirect
-	golang.org/x/tools v0.26.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28 // indirect
+	golang.org/x/tools v0.27.0 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	oras.land/oras-go/v2 v2.5.0 // indirect