func TestQueryBindingIterationError(t *testing.T) {
ctx := context.Background()
store := storage.New(storage.InMemoryConfig())
mock := &queryBindingErrStore{}
if err := store.Mount(mock, storage.MustParsePath("/foo/bar")); err != nil {
panic(err)
}
server, err := New(ctx, store, ":8182", false)
if err != nil {
panic(err)
}
recorder := httptest.NewRecorder()
f := &fixture{
server: server,
recorder: recorder,
t: t,
}
get := newReqV1("GET", `/query?q=a=data.foo.bar`, "")
f.server.Handler.ServeHTTP(f.recorder, get)
if f.recorder.Code != 500 {
t.Fatalf("Expected 500 error due to unknown storage error but got: %v", f.recorder)
}
}
func ExampleREPL_OneShot() {
// Initialize context for the example. Normally the caller would obtain the
// context from an input parameter or instantiate their own.
ctx := context.Background()
// Instantiate the policy engine's storage layer.
store := storage.New(storage.InMemoryConfig())
// Create a buffer that will receive REPL output.
var buf bytes.Buffer
// Create a new REPL.
repl := repl.New(store, "", &buf, "json", "")
// Define a rule inside the REPL.
repl.OneShot(ctx, "p :- a = [1, 2, 3, 4], a[_] > 3")
// Query the rule defined above.
repl.OneShot(ctx, "p")
// Inspect the output. Defining rules does not produce output so we only expect
// output from the second line of input.
fmt.Println(buf.String())
// Output:
// true
}
func setupBenchmark(nodes int, pods int) *topdown.QueryParams {
// policy compilation
c := ast.NewCompiler()
modules := map[string]*ast.Module{
"test": ast.MustParseModule(policy),
}
if c.Compile(modules); c.Failed() {
panic(c.Errors)
}
// storage setup
store := storage.New(storage.InMemoryConfig())
// parameter setup
ctx := context.Background()
request := ast.ObjectTerm(ast.Item(ast.StringTerm("pod"), ast.MustParseTerm(requestedPod)))
path := ast.MustParseRef("data.opa.test.scheduler.fit")
txn := storage.NewTransactionOrDie(ctx, store)
params := topdown.NewQueryParams(ctx, c, store, txn, request.Value, path)
// data setup
setupNodes(ctx, store, txn, nodes)
setupRCs(ctx, store, txn, 1)
setupPods(ctx, store, txn, pods, nodes)
return params
}
func ExampleQuery() {
// Initialize context for the example. Normally the caller would obtain the
// context from an input parameter or instantiate their own.
ctx := context.Background()
compiler := ast.NewCompiler()
// Define a dummy module with rules that produce documents that we will query below.
module, err := ast.ParseModule("my_module.rego", `
package opa.example
p[x] :- q[x], not r[x]
q[y] :- a = [1,2,3], y = a[_]
r[z] :- b = [2,4], z = b[_]
`)
mods := map[string]*ast.Module{
"my_module": module,
}
if compiler.Compile(mods); compiler.Failed() {
fmt.Println(compiler.Errors)
}
if err != nil {
// Handle error.
}
// Instantiate the policy engine's storage layer.
store := storage.New(storage.InMemoryConfig())
// Create a new transaction. Transactions allow the policy engine to
// evaluate the query over a consistent snapshot fo the storage layer.
txn, err := store.NewTransaction(ctx)
if err != nil {
// Handle error.
}
defer store.Close(ctx, txn)
// Prepare query parameters. In this case, there are no additional documents
// required by the policy so the request is nil.
var request ast.Value
params := topdown.NewQueryParams(ctx, compiler, store, txn, request, ast.MustParseRef("data.opa.example.p"))
// Execute the query against "p".
v1, err1 := topdown.Query(params)
// Inspect the result.
fmt.Println("v1:", v1[0].Result)
fmt.Println("err1:", err1)
// Output:
// v1: [1 3]
// err1: <nil>
}
func ExampleStorage_Open() {
// Initialize context for the example. Normally the caller would obtain the
// context from an input parameter or instantiate their own.
ctx := context.Background()
// Define two example modules and write them to disk in a temporary directory.
ex1 := `
package opa.example
p :- q.r != 0
`
ex2 := `
package opa.example
q = {"r": 100}
`
path, err := ioutil.TempDir("", "")
if err != nil {
// Handle error.
}
defer os.RemoveAll(path)
if err = ioutil.WriteFile(filepath.Join(path, "ex1.rego"), []byte(ex1), 0644); err != nil {
// Handle error.
}
if err = ioutil.WriteFile(filepath.Join(path, "ex2.rego"), []byte(ex2), 0644); err != nil {
// Handle error.
}
// Instantiate storage layer and configure with a directory to persist policy modules.
store := storage.New(storage.InMemoryConfig().WithPolicyDir(path))
if err = store.Open(ctx); err != nil {
// Handle error.
}
// Inspect one of the loaded policies.
mod, _, err := storage.GetPolicy(ctx, store, "ex1.rego")
if err != nil {
// Handle error.
}
fmt.Println("Expr:", mod.Rules[0].Body[0])
// Output:
// Expr: neq(q.r, 0)
}
func TestUnset(t *testing.T) {
ctx := context.Background()
store := storage.New(storage.InMemoryConfig())
var buffer bytes.Buffer
repl := newRepl(store, &buffer)
repl.OneShot(ctx, "magic = 23")
repl.OneShot(ctx, "p = 3.14")
repl.OneShot(ctx, "unset p")
err := repl.OneShot(ctx, "p")
if _, ok := err.(ast.Errors); !ok {
t.Fatalf("Expected AST error but got: %v", err)
}
buffer.Reset()
repl.OneShot(ctx, "p = 3.14")
repl.OneShot(ctx, "p = 3 :- false")
repl.OneShot(ctx, "unset p")
err = repl.OneShot(ctx, "p")
if _, ok := err.(ast.Errors); !ok {
t.Fatalf("Expected AST error but got err: %v, output: %v", err, buffer.String())
}
if err := repl.OneShot(ctx, "unset "); err == nil {
t.Fatalf("Expected unset error for bad syntax but got: %v", buffer.String())
}
if err := repl.OneShot(ctx, "unset 1=1"); err == nil {
t.Fatalf("Expected unset error for bad syntax but got: %v", buffer.String())
}
if err := repl.OneShot(ctx, `unset "p"`); err == nil {
t.Fatalf("Expected unset error for bad syntax but got: %v", buffer.String())
}
buffer.Reset()
repl.OneShot(ctx, `unset q`)
if buffer.String() != "warning: no matching rules in current module\n" {
t.Fatalf("Expected unset error for missing rule but got: %v", buffer.String())
}
buffer.Reset()
repl.OneShot(ctx, `magic`)
if buffer.String() != "23\n" {
t.Fatalf("Expected magic to be defined but got: %v", buffer.String())
}
buffer.Reset()
repl.OneShot(ctx, `package data.other`)
repl.OneShot(ctx, `unset magic`)
if buffer.String() != "warning: no matching rules in current module\n" {
t.Fatalf("Expected unset error for bad syntax but got: %v", buffer.String())
}
}
func TestShow(t *testing.T) {
ctx := context.Background()
store := storage.New(storage.InMemoryConfig())
var buffer bytes.Buffer
repl := newRepl(store, &buffer)
repl.OneShot(ctx, "package repl_test")
repl.OneShot(ctx, "show")
assertREPLText(t, buffer, "package repl_test\n")
buffer.Reset()
repl.OneShot(ctx, "import request.xyz")
repl.OneShot(ctx, "show")
expected := `package repl_test
import request.xyz` + "\n"
assertREPLText(t, buffer, expected)
buffer.Reset()
repl.OneShot(ctx, "import data.foo as bar")
repl.OneShot(ctx, "show")
expected = `package repl_test
import request.xyz
import data.foo as bar` + "\n"
assertREPLText(t, buffer, expected)
buffer.Reset()
repl.OneShot(ctx, "p[1] :- true")
repl.OneShot(ctx, "p[2] :- true")
repl.OneShot(ctx, "show")
expected = `package repl_test
import request.xyz
import data.foo as bar
p[1] :- true
p[2] :- true` + "\n"
assertREPLText(t, buffer, expected)
buffer.Reset()
repl.OneShot(ctx, "package abc")
repl.OneShot(ctx, "show")
assertREPLText(t, buffer, "package abc\n")
buffer.Reset()
repl.OneShot(ctx, "package repl_test")
repl.OneShot(ctx, "show")
assertREPLText(t, buffer, expected)
buffer.Reset()
}
func newFixture(t *testing.T) *fixture {
ctx := context.Background()
store := storage.New(storage.InMemoryConfig().WithPolicyDir(policyDir))
server, err := New(ctx, store, ":8182", false)
if err != nil {
panic(err)
}
recorder := httptest.NewRecorder()
return &fixture{
server: server,
recorder: recorder,
t: t,
}
}
func TestHelp(t *testing.T) {
topics["deadbeef"] = topicDesc{
fn: func(w io.Writer) error {
fmt.Fprintln(w, "blah blah blah")
return nil
},
}
ctx := context.Background()
store := storage.New(storage.InMemoryConfig())
var buffer bytes.Buffer
repl := newRepl(store, &buffer)
repl.OneShot(ctx, "help deadbeef")
expected := "blah blah blah\n"
if buffer.String() != expected {
t.Fatalf("Unexpected output from help topic: %v", buffer.String())
}
}
func (rt *Runtime) init(ctx context.Context, params *Params) error {
if len(params.PolicyDir) > 0 {
if err := os.MkdirAll(params.PolicyDir, 0755); err != nil {
return errors.Wrap(err, "unable to make --policy-dir")
}
}
loaded, err := loadAllPaths(params.Paths)
if err != nil {
return err
}
// Open data store and load base documents.
store := storage.New(storage.InMemoryConfig().WithPolicyDir(params.PolicyDir))
if err := store.Open(ctx); err != nil {
return err
}
txn, err := store.NewTransaction(ctx)
if err != nil {
return err
}
defer store.Close(ctx, txn)
if err := store.Write(ctx, txn, storage.AddOp, storage.Path{}, loaded.Documents); err != nil {
return errors.Wrapf(err, "storage error")
}
// Load policies provided via input.
if err := compileAndStoreInputs(loaded.Modules, store, txn); err != nil {
return errors.Wrapf(err, "compile error")
}
rt.Store = store
return nil
}