From a4dc5db5eb9c1568e4f70f336b1d0bf99af490b6 Mon Sep 17 00:00:00 2001 From: Michelangelo Mori Date: Tue, 17 Dec 2024 12:45:19 +0100 Subject: [PATCH] Add entity properties to rego evaluation context. This change adds the entity's properties as defined by the provider to the REGO evaluation context, making it possible to use them as arguments to e.g. data sources. --- internal/engine/eval/rego/eval.go | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/internal/engine/eval/rego/eval.go b/internal/engine/eval/rego/eval.go index 0d826defc5..25a2e7fc41 100644 --- a/internal/engine/eval/rego/eval.go +++ b/internal/engine/eval/rego/eval.go @@ -12,6 +12,7 @@ import ( "github.com/open-policy-agent/opa/rego" "github.com/open-policy-agent/opa/topdown/print" "google.golang.org/protobuf/reflect/protoreflect" + "google.golang.org/protobuf/types/known/structpb" eoptions "github.com/mindersec/minder/internal/engine/options" minderv1 "github.com/mindersec/minder/pkg/api/protobuf/go/minder/v1" @@ -49,6 +50,9 @@ type Input struct { Profile map[string]any `json:"profile"` // Ingested is the values set for the ingested data Ingested any `json:"ingested"` + // Properties contains the entity's properties as defined by + // the provider + Properties map[string]any `json:"properties"` // OutputFormat is the format to output violations in OutputFormat ConstraintsViolationsFormat `json:"output_format"` } @@ -134,14 +138,30 @@ func (e *Evaluator) Eval( return nil, fmt.Errorf("could not prepare Rego: %w", err) } - rs, err := pq.Eval(ctx, rego.EvalInput(&Input{ + input := &Input{ Profile: pol, Ingested: obj, OutputFormat: e.cfg.ViolationFormat, - })) + } + + enrichInputWithEntityProps(input, entity) + rs, err := pq.Eval(ctx, rego.EvalInput(input)) if err != nil { return nil, fmt.Errorf("error evaluating profile. Might be wrong input: %w", err) } return e.reseval.parseResult(rs, entity) } + +type propertiesFetcher interface { + GetProperties() *structpb.Struct +} + +func enrichInputWithEntityProps( + input *Input, + entity protoreflect.ProtoMessage, +) { + if inner, ok := entity.(propertiesFetcher); ok { + input.Properties = inner.GetProperties().AsMap() + } +}