From acbab12ea30844dca81a3cdcbd3cb99c3518349e Mon Sep 17 00:00:00 2001 From: Michelangelo Mori Date: Tue, 17 Dec 2024 12:45:19 +0100 Subject: [PATCH] Add entity properties to rego evaluation context. This change adds the entity's properties as defined by the provider to the REGO evaluation context, making it possible to use them as arguments to e.g. data sources. --- internal/engine/eval/rego/eval.go | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/internal/engine/eval/rego/eval.go b/internal/engine/eval/rego/eval.go index 0d826defc5..7f51408d28 100644 --- a/internal/engine/eval/rego/eval.go +++ b/internal/engine/eval/rego/eval.go @@ -12,6 +12,7 @@ import ( "github.com/open-policy-agent/opa/rego" "github.com/open-policy-agent/opa/topdown/print" "google.golang.org/protobuf/reflect/protoreflect" + "google.golang.org/protobuf/types/known/structpb" eoptions "github.com/mindersec/minder/internal/engine/options" minderv1 "github.com/mindersec/minder/pkg/api/protobuf/go/minder/v1" @@ -49,6 +50,9 @@ type Input struct { Profile map[string]any `json:"profile"` // Ingested is the values set for the ingested data Ingested any `json:"ingested"` + // Properties contains the entity's properties as defined by + // the provider + Properties map[string]any `json:"properties"` // OutputFormat is the format to output violations in OutputFormat ConstraintsViolationsFormat `json:"output_format"` } @@ -134,14 +138,31 @@ func (e *Evaluator) Eval( return nil, fmt.Errorf("could not prepare Rego: %w", err) } - rs, err := pq.Eval(ctx, rego.EvalInput(&Input{ + input := &Input{ Profile: pol, Ingested: obj, OutputFormat: e.cfg.ViolationFormat, - })) + } + + enrichInputWithEntityProps(input, entity) + rs, err := pq.Eval(ctx, rego.EvalInput(input)) if err != nil { return nil, fmt.Errorf("error evaluating profile. Might be wrong input: %w", err) } return e.reseval.parseResult(rs, entity) } + +type propertiesFetcher interface { + GetProperties() *structpb.Struct +} + +func enrichInputWithEntityProps( + input *Input, + entity protoreflect.ProtoMessage, +) { + switch entity := entity.(type) { + case propertiesFetcher: + input.Properties = entity.GetProperties().AsMap() + } +}