Skip to content

Commit c2c9e82

Browse files
chen-keinanchen-keinan
committed
feat: support extended eval result
1 parent 3dc5274 commit c2c9e82

File tree

3 files changed

+10
-10
lines changed

3 files changed

+10
-10
lines changed

validator/fixture/deny_strict.policy

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
11
package itsio
2-
default allow = false
3-
allow {
2+
allow :={"name":namespace_name,"allow_policy":allow_policy} {
3+
namespace_name:= input.items[0].metadata.namespace
44
some i
55
input.items[i].kind == "PeerAuthentication"
66
mtlsMode := input.items[i].spec.mtls.mode
7-
mtlsMode == "STRICT"
8-
}
7+
allow_policy = mtlsMode == "STRICT"
8+
}

validator/policyeval.go

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -61,13 +61,12 @@ func (pe policyEval) EvaluatePolicy(queryParam []string, policy string, data str
6161
}
6262
validateResult := make([]*ValidateResult, 0)
6363
if len(res) > 0 {
64-
validateResult = append(validateResult, &ValidateResult{Value: res[0].Expressions[0].Value.(bool), ValidateProperty: res[0].Expressions[0].Text})
64+
validateResult = append(validateResult, &ValidateResult{ExpressionValue: res[0].Expressions})
6565
}
6666
return validateResult, nil
6767
}
6868

6969
//ValidateResult opa validation results
7070
type ValidateResult struct {
71-
Value bool
72-
ValidateProperty string
71+
ExpressionValue []*rego.ExpressionValue
7372
}

validator/policyeval_test.go

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@ package validator
33
import (
44
"fmt"
55
"io/ioutil"
6+
"reflect"
67
"testing"
78
)
89

@@ -13,15 +14,15 @@ func Test_PolicyEval(t *testing.T) {
1314
policy string
1415
pkgName string
1516
policyRule []string
16-
want bool
17+
want interface{}
1718
wantError error
1819
}{
1920
{name: "test validate policy deny pod name json format", data: "./fixture/pod.json", policyRule: []string{"example.deny"}, policy: "./fixture/pod_policy_deny", want: true, wantError: nil},
2021
{name: "test validate policy deny pod name yaml format", data: "./fixture/pod.yaml", policyRule: []string{"example.deny"}, policy: "./fixture/pod_policy_deny", want: true, wantError: nil},
2122
{name: "test validate policy allow pod name", data: "./fixture/allow_pod.json", policyRule: []string{"example.deny"}, policy: "./fixture/pod_policy_deny", want: false, wantError: nil},
2223
{name: "test validate policy bad data", data: "./fixture/badJson.json", policyRule: []string{"example.deny"}, policy: "./fixture/pod_policy_deny", want: false, wantError: nil},
2324
{name: "test validate policy bad policy", data: "./fixture/badJson.json", policyRule: []string{"example.deny"}, policy: "./fixture/pod_policy_deny_bad", want: false, wantError: fmt.Errorf("1 error occurred: eval.rego:5: rego_parse_error: unexpected } token\n\t}\n\t^")},
24-
{name: "test validate policy bad policy", data: "./fixture/strict_policy.json", policyRule: []string{"itsio.allow"}, policy: "./fixture/deny_strict.policy", want: true, wantError: nil},
25+
{name: "test validate policy bad policy", data: "./fixture/strict_policy.json", policyRule: []string{"itsio.allow"}, policy: "./fixture/deny_strict.policy", want: map[string]interface{}{"allow_policy": true, "name": "foo"}, wantError: nil},
2526
}
2627
for _, tt := range tests {
2728
t.Run(tt.name, func(t *testing.T) {
@@ -41,7 +42,7 @@ func Test_PolicyEval(t *testing.T) {
4142
}
4243
}
4344
if err == nil {
44-
if got[0].Value != tt.want {
45+
if eq := reflect.DeepEqual(got[0].ExpressionValue[0].Value, tt.want); !eq {
4546
t.Errorf("Test_PolicyEval() = %v, want %v", got[0], tt.want)
4647
}
4748
}

0 commit comments

Comments
 (0)