Skip to content

Commit

Permalink
WIP: Add info about the correct rego version to parse modules on the …
Browse files Browse the repository at this point in the history 
…store

Signed-off-by: Ashutosh Narkar <anarkar4387@gmail.com>
  • Loading branch information
@ashutosh-narkar
ashutosh-narkar committed Jan 17, 2025
1 parent 8067014 commit 10e54c4
Show file tree
Hide file tree
Showing 2 changed files with 82 additions and 14 deletions.
23 changes: 16 additions & 7 deletions v1/bundle/file.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -438,15 +438,11 @@ func (it *iterator) Next() (*storage.Update, error) {
for _, item := range it.raw {
f := file{name: item.Path}

fpath := strings.TrimLeft(normalizePath(filepath.Dir(f.name)), "/.")
if strings.HasSuffix(f.name, RegoExt) {
fpath = strings.Trim(normalizePath(f.name), "/")
p, err := getFileStoragePath(f.name)
if err != nil {
return nil, err
}

p, ok := storage.ParsePathEscaped("/" + fpath)
if !ok {
return nil, fmt.Errorf("storage path invalid: %v", f.name)
}
f.path = p

f.raw = item.Value
Expand Down Expand Up @@ -506,3 +502,16 @@ func getdepth(path string, isDir bool) int {
basePath := strings.Trim(filepath.Dir(filepath.ToSlash(path)), "/")
return len(strings.Split(basePath, "/"))
}

func getFileStoragePath(path string) (storage.Path, error) {
fpath := strings.TrimLeft(normalizePath(filepath.Dir(path)), "/.")
if strings.HasSuffix(path, RegoExt) {
fpath = strings.Trim(normalizePath(path), "/")
}

p, ok := storage.ParsePathEscaped("/" + fpath)
if !ok {
return nil, fmt.Errorf("storage path invalid: %v", path)
}
return p, nil
}
73 changes: 66 additions & 7 deletions v1/bundle/store.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,10 @@ func metadataPath(name string) storage.Path {
return append(BundlesBasePath, name, "manifest", "metadata")
}

func moduleRegoVersionPath() storage.Path {
return append(BundlesBasePath, "modules")
}

func read(ctx context.Context, store storage.Store, txn storage.Transaction, path storage.Path) (interface{}, error) {
value, err := store.Read(ctx, txn, path)
if err != nil {
Expand Down Expand Up @@ -166,6 +170,36 @@ func eraseWasmModulesFromStore(ctx context.Context, store storage.Store, txn sto
return suppressNotFound(err)
}

func writeModuleRegoVersionMapToStore(ctx context.Context, store storage.Store, txn storage.Transaction, value map[string]ast.RegoVersion) error {
return write(ctx, store, txn, moduleRegoVersionPath(), value)
}

func readModuleRegoVersionMapFromStore(ctx context.Context, store storage.Store, txn storage.Transaction) (map[string]ast.RegoVersion, error) {
var moduleRegoVersionMap map[string]ast.RegoVersion

value, err := read(ctx, store, txn, moduleRegoVersionPath())
if err != nil {
return moduleRegoVersionMap, suppressNotFound(err)
}

bs, err := json.Marshal(value)
if err != nil {
return moduleRegoVersionMap, fmt.Errorf("corrupt module rego version data")
}

err = util.UnmarshalJSON(bs, &moduleRegoVersionMap)
if err != nil {
return moduleRegoVersionMap, fmt.Errorf("corrupt wasm manifest data")
}

return moduleRegoVersionMap, nil
}

func eraseModuleRegoVersionMapFromStore(ctx context.Context, store storage.Store, txn storage.Transaction) error {
err := store.Write(ctx, txn, storage.RemoveOp, moduleRegoVersionPath(), nil)
return suppressNotFound(err)
}

// ReadWasmMetadataFromStore will read Wasm module resolver metadata from the store.
func ReadWasmMetadataFromStore(ctx context.Context, store storage.Store, txn storage.Transaction, name string) ([]WasmResolver, error) {
path := wasmEntrypointsPath(name)
Expand Down Expand Up @@ -470,7 +504,7 @@ func activateBundles(opts *ActivateOpts) error {
remainingAndExtra[name] = mod
}

err = compileModules(opts.Compiler, opts.Metrics, snapshotBundles, remainingAndExtra, opts.legacy, opts.AuthorizationDecisionRef)
moduleIdToRegoVersionMap, err := compileModules(opts.Compiler, opts.Metrics, snapshotBundles, remainingAndExtra, opts.legacy, opts.AuthorizationDecisionRef)
if err != nil {
return err
}
Expand All @@ -497,7 +531,7 @@ func activateBundles(opts *ActivateOpts) error {
}
}

return nil
return writeModuleRegoVersionMapToStore(opts.Ctx, opts.Store, opts.Txn, moduleIdToRegoVersionMap)
}

func doDFS(obj map[string]json.RawMessage, path string, roots []string) error {
Expand Down Expand Up @@ -649,6 +683,11 @@ func eraseBundles(ctx context.Context, store storage.Store, txn storage.Transact
}
}

err = eraseModuleRegoVersionMapFromStore(ctx, store, txn)
if err != nil {
return nil, err
}

return remaining, nil
}

Expand All @@ -675,14 +714,25 @@ func erasePolicies(ctx context.Context, store storage.Store, txn storage.Transac
return nil, err
}

moduleIdToRegoVersion, err := readModuleRegoVersionMapFromStore(ctx, store, txn)
if err != nil {
return nil, err
}

remaining := map[string]*ast.Module{}

for _, id := range ids {
bs, err := store.GetPolicy(ctx, txn, id)
if err != nil {
return nil, err
}
module, err := ast.ParseModuleWithOpts(id, string(bs), parserOpts)

parserOptsCpy := parserOpts
if regoVersion, ok := moduleIdToRegoVersion[id]; ok {
parserOptsCpy.RegoVersion = regoVersion
}

module, err := ast.ParseModuleWithOpts(id, string(bs), parserOptsCpy)
if err != nil {
return nil, err
}
Expand Down Expand Up @@ -792,7 +842,7 @@ func writeData(ctx context.Context, store storage.Store, txn storage.Transaction
return nil
}

func compileModules(compiler *ast.Compiler, m metrics.Metrics, bundles map[string]*Bundle, extraModules map[string]*ast.Module, legacy bool, authorizationDecisionRef ast.Ref) error {
func compileModules(compiler *ast.Compiler, m metrics.Metrics, bundles map[string]*Bundle, extraModules map[string]*ast.Module, legacy bool, authorizationDecisionRef ast.Ref) (map[string]ast.RegoVersion, error) {

m.Timer(metrics.RegoModuleCompile).Start()
defer m.Timer(metrics.RegoModuleCompile).Stop()
Expand All @@ -809,6 +859,8 @@ func compileModules(compiler *ast.Compiler, m metrics.Metrics, bundles map[strin
modules[name] = module
}

moduleIdToRegoVersion := map[string]ast.RegoVersion{}

// include all the new bundle modules
for bundleName, b := range bundles {
if legacy {
Expand All @@ -818,19 +870,26 @@ func compileModules(compiler *ast.Compiler, m metrics.Metrics, bundles map[strin
} else {
for name, module := range b.ParsedModules(bundleName) {
modules[name] = module

p, err := getFileStoragePath(name)
if err != nil {
return nil, err
}

moduleIdToRegoVersion[strings.TrimLeft(p.String(), "/")] = module.RegoVersion()
}
}
}

if compiler.Compile(modules); compiler.Failed() {
return compiler.Errors
return nil, compiler.Errors
}

if authorizationDecisionRef.Equal(ast.EmptyRef()) {
return nil
return moduleIdToRegoVersion, nil
}

return iCompiler.VerifyAuthorizationPolicySchema(compiler, authorizationDecisionRef)
return moduleIdToRegoVersion, iCompiler.VerifyAuthorizationPolicySchema(compiler, authorizationDecisionRef)
}

func writeModules(ctx context.Context, store storage.Store, txn storage.Transaction, compiler *ast.Compiler, m metrics.Metrics, bundles map[string]*Bundle, extraModules map[string]*ast.Module, legacy bool) error {
Expand Down

0 comments on commit 10e54c4

Please sign in to comment.