Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
package regofunc
import (
"fmt"
"net/http"
"net/url"
"strings"
"github.com/open-policy-agent/opa/ast"
"github.com/open-policy-agent/opa/rego"
"github.com/open-policy-agent/opa/types"
)
type PubkeyFuncs struct {
signerAddr string
httpClient *http.Client
}
func NewPubkeyFuncs(signerAddr string, httpClient *http.Client) *PubkeyFuncs {
return &PubkeyFuncs{
signerAddr: signerAddr,
httpClient: httpClient,
}
}
func (pf *PubkeyFuncs) GetKeyFunc() (*rego.Function, rego.Builtin1) {
return ®o.Function{
Name: "keys.get",
Decl: types.NewFunction(types.Args(types.S), types.A),
Memoize: true,
},
func(bctx rego.BuiltinContext, keyname *ast.Term) (*ast.Term, error) {
var key string
if err := ast.As(keyname.Value, &key); err != nil {
return nil, fmt.Errorf("invalid keyname: %s", err)
}
if strings.TrimSpace(key) == "" {
return nil, fmt.Errorf("empty keyname")
}
uri, err := url.ParseRequestURI(pf.signerAddr + "/v1/keys/" + key)
if err != nil {
return nil, err
}
req, err := http.NewRequest("GET", uri.String(), nil)
if err != nil {
return nil, err
}
resp, err := pf.httpClient.Do(req.WithContext(bctx.Context))
if err != nil {
return nil, err
}
defer resp.Body.Close() // nolint:errcheck
if resp.StatusCode != http.StatusOK {
return nil, fmt.Errorf("unexpected response from signer: %s", resp.Status)
}
v, err := ast.ValueFromReader(resp.Body)
if err != nil {
return nil, err
}
return ast.NewTerm(v), nil
}
}
func (pf *PubkeyFuncs) GetAllKeysFunc() (*rego.Function, rego.BuiltinDyn) {
return ®o.Function{
Name: "keys.getAll",
Decl: types.NewFunction(nil, types.A),
Memoize: true,
},
func(bctx rego.BuiltinContext, terms []*ast.Term) (*ast.Term, error) {
uri, err := url.ParseRequestURI(pf.signerAddr + "/v1/keys")
if err != nil {
return nil, err
}
req, err := http.NewRequest("GET", uri.String(), nil)
if err != nil {
return nil, err
}
resp, err := pf.httpClient.Do(req.WithContext(bctx.Context))
if err != nil {
return nil, err
}
defer resp.Body.Close() // nolint:errcheck
if resp.StatusCode != http.StatusOK {
return nil, fmt.Errorf("unexpected response from signer: %s", resp.Status)
}
v, err := ast.ValueFromReader(resp.Body)
if err != nil {
return nil, err
}
return ast.NewTerm(v), nil
}
}