From 1ae857ce0d29439403accdbd060e9228c86bc2b4 Mon Sep 17 00:00:00 2001 From: aabidsofi19 Date: Tue, 24 Dec 2024 20:57:17 +0530 Subject: [PATCH 1/3] Add support for logging print statements from rego Signed-off-by: aabidsofi19 --- .../core/policies/rego_policy_relationship.go | 24 +++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/models/meshmodel/core/policies/rego_policy_relationship.go b/models/meshmodel/core/policies/rego_policy_relationship.go index f426dfd5..09db250b 100644 --- a/models/meshmodel/core/policies/rego_policy_relationship.go +++ b/models/meshmodel/core/policies/rego_policy_relationship.go @@ -10,9 +10,9 @@ import ( "github.com/layer5io/meshkit/utils" "github.com/meshery/schemas/models/v1beta1/pattern" "github.com/open-policy-agent/opa/rego" - "github.com/open-policy-agent/opa/storage" "github.com/open-policy-agent/opa/storage/inmem" + "github.com/open-policy-agent/opa/topdown/print" "github.com/sirupsen/logrus" ) @@ -51,17 +51,36 @@ func NewRegoInstance(policyDir string, regManager *registry.RegistryManager) (*R }, nil } +// CustomPrintHook implements the print.Hook interface +type CustomPrintHook struct { + Messages []string +} + +// Print captures print messages from policy evaluation +// Implements print.Hook interface +func (h *CustomPrintHook) Print(ctx print.Context, s string) error { + h.Messages = append(h.Messages, s) + logrus.Info("[OPA] ", s) + return nil +} + // RegoPolicyHandler takes the required inputs and run the query against all the policy files provided func (r *Rego) RegoPolicyHandler(designFile pattern.PatternFile, regoQueryString string, relationshipsToEvalaute ...string) (pattern.EvaluationResponse, error) { var evaluationResponse pattern.EvaluationResponse if r == nil { return evaluationResponse, ErrEval(fmt.Errorf("policy engine is not yet ready")) } + // Create custom print hook + printHook := &CustomPrintHook{ + Messages: make([]string, 0), + } regoEngine, err := rego.New( + rego.PrintHook(printHook), + rego.EnablePrintStatements(true), // Explicitly enable print statements + rego.Transaction(r.transaction), rego.Query(regoQueryString), rego.Load([]string{r.policyDir}, nil), rego.Store(r.store), - rego.Transaction(r.transaction), ).PrepareForEval(r.ctx) if err != nil { logrus.Error("error preparing for evaluation", err) @@ -69,6 +88,7 @@ func (r *Rego) RegoPolicyHandler(designFile pattern.PatternFile, regoQueryString } eval_result, err := regoEngine.Eval(r.ctx, rego.EvalInput(designFile)) + if err != nil { return evaluationResponse, ErrEval(err) } From bc26d07b2e0bc4365eee2fedb6def313f6d8d6af Mon Sep 17 00:00:00 2001 From: aabidsofi19 Date: Tue, 24 Dec 2024 21:01:02 +0530 Subject: [PATCH 2/3] add control arg Signed-off-by: aabidsofi19 --- models/meshmodel/core/policies/rego_policy_relationship.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/models/meshmodel/core/policies/rego_policy_relationship.go b/models/meshmodel/core/policies/rego_policy_relationship.go index 09db250b..9fe8d7b0 100644 --- a/models/meshmodel/core/policies/rego_policy_relationship.go +++ b/models/meshmodel/core/policies/rego_policy_relationship.go @@ -25,7 +25,7 @@ type Rego struct { policyDir string } -func NewRegoInstance(policyDir string, regManager *registry.RegistryManager) (*Rego, error) { +func NewRegoInstance(policyDir string, regManager *registry.RegistryManager, logPrintStatements bool) (*Rego, error) { var txn storage.Transaction var store storage.Store From 9f59a993e49326b5f913bf2d5391579435a224e2 Mon Sep 17 00:00:00 2001 From: aabidsofi19 Date: Tue, 24 Dec 2024 21:03:15 +0530 Subject: [PATCH 3/3] remove wrong option Signed-off-by: aabidsofi19 --- models/meshmodel/core/policies/rego_policy_relationship.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/models/meshmodel/core/policies/rego_policy_relationship.go b/models/meshmodel/core/policies/rego_policy_relationship.go index 9fe8d7b0..09db250b 100644 --- a/models/meshmodel/core/policies/rego_policy_relationship.go +++ b/models/meshmodel/core/policies/rego_policy_relationship.go @@ -25,7 +25,7 @@ type Rego struct { policyDir string } -func NewRegoInstance(policyDir string, regManager *registry.RegistryManager, logPrintStatements bool) (*Rego, error) { +func NewRegoInstance(policyDir string, regManager *registry.RegistryManager) (*Rego, error) { var txn storage.Transaction var store storage.Store