feat: add OPA SDK support with configuration and rules

Author: mxab

pkg/config/config.go

@@ -22,22 +22,27 @@ type OpaRule struct {
 	Filename string                  `hcl:"filename"`
 	Notation *NotationVerifierConfig `hcl:"notation,block"`
 }
+type OpaSdkRule struct {
+	Path string `hcl:"path"`
+}
 
 type Validator struct {
-	Type         string   `hcl:"type,label"`
-	Name         string   `hcl:"name,label"`
-	OpaRule      *OpaRule `hcl:"opa_rule,block"`
-	Webhook      *Webhook `hcl:"webhook,block"`
-	ResolveToken bool     `hcl:"resolve_token,optional"`
+	Type         string      `hcl:"type,label"`
+	Name         string      `hcl:"name,label"`
+	OpaRule      *OpaRule    `hcl:"opa_rule,block"`
+	OpaSdkRule   *OpaSdkRule `hcl:"opa_sdk_rule,block"`
+	Webhook      *Webhook    `hcl:"webhook,block"`
+	ResolveToken bool        `hcl:"resolve_token,optional"`
 
 	Notation *NotationVerifierConfig `hcl:"notation,block"`
 }
 type Mutator struct {
-	Type         string   `hcl:"type,label"`
-	Name         string   `hcl:"name,label"`
-	OpaRule      *OpaRule `hcl:"opa_rule,block"`
-	Webhook      *Webhook `hcl:"webhook,block"`
-	ResolveToken bool     `hcl:"resolve_token,optional"`
+	Type         string      `hcl:"type,label"`
+	Name         string      `hcl:"name,label"`
+	OpaRule      *OpaRule    `hcl:"opa_rule,block"`
+	OpaSdkRule   *OpaSdkRule `hcl:"opa_sdk_rule,block"`
+	Webhook      *Webhook    `hcl:"webhook,block"`
+	ResolveToken bool        `hcl:"resolve_token,optional"`
 }
 
 type RequestContext struct {
@@ -111,6 +116,12 @@ type Config struct {
 	Mutators   []Mutator    `hcl:"mutator,block"`
 
 	Telemetry *Telemetry `hcl:"telemetry,block"`
+
+	OpaSdk *OpaSdk `hcl:"opa_sdk,block"`
+}
+type OpaSdk struct {
+	Id         string `hcl:"id,label"`
+	ConfigPath string `hcl:"config_path"`
 }
 
 func DefaultConfig() *Config {

pkg/config/config_test.go

@@ -248,6 +248,61 @@ func TestLoadConfig(t *testing.T) {
 
 			wantErr: false,
 		},
+		{
+			name: "with opa sdk",
+			args: args{name: "testdata/with_opa_sdk.hcl"},
+			want: &Config{
+				Port: port,
+				Bind: bind,
+
+				Nomad: &NomadServer{
+					Address: nomadAddr,
+				},
+				Validators: []Validator{
+					{
+						Type: "opa_sdk",
+						Name: "some_validator",
+						OpaSdkRule: &OpaSdkRule{
+							Path: "/my/validation/policy",
+						},
+					},
+				},
+				Mutators: []Mutator{
+					{
+						Type: "opa_sdk",
+						Name: "some_mutator",
+						OpaSdkRule: &OpaSdkRule{
+							Path: "/my/mutation/policy",
+						},
+					},
+				},
+				Telemetry: &Telemetry{
+					Logging: &Logging{
+						Level: "info",
+						SlogLogging: &SlogLogging{
+							Text:    Ptr(true),
+							TextOut: Ptr("stdout"),
+							Json:    Ptr(false),
+							JsonOut: Ptr("stdout"),
+						},
+						OtelLogging: &OtelLogging{
+							Enabled: Ptr(false),
+						},
+					},
+					Metrics: &Metrics{
+						Enabled: false,
+					},
+					Tracing: &Tracing{
+						Enabled: false,
+					},
+				},
+				OpaSdk: &OpaSdk{
+
+					Id:         "example",
+					ConfigPath: "/my/path/to/config.json",
+				},
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {

pkg/config/testdata/with_opa_sdk.hcl

@@ -0,0 +1,19 @@
+
+opa_sdk "example" {
+    config_path = "/my/path/to/config.json"
+}
+
+validator "opa_sdk" "some_validator" {
+
+    opa_sdk_rule {
+        path = "/my/validation/policy"
+    }
+}
+
+mutator "opa_sdk" "some_mutator" {
+
+    opa_sdk_rule {
+        path = "/my/mutation/policy"
+    }
+
+}