refactor context sent to opa
This commit is contained in:
parent
7dc6e7795f
commit
a578417d31
|
@ -3,5 +3,5 @@ package user.list
|
|||
default allow := false
|
||||
|
||||
allow := true {
|
||||
input.uuid == "96d99d44-e0a6-458e-a656-de2a400d60a9"
|
||||
input.role == "admin"
|
||||
}
|
||||
|
|
|
@ -3,5 +3,9 @@ package user.read
|
|||
default allow := false
|
||||
|
||||
allow := true {
|
||||
input.uuid == "96d99d44-e0a6-458e-a656-de2a400d60a8"
|
||||
input.uuid == input.owner
|
||||
}
|
||||
|
||||
allow := true {
|
||||
input.role == "admin"
|
||||
}
|
||||
|
|
|
@ -24,17 +24,25 @@ export class OpaDecisionMaker extends IMakeDecision {
|
|||
action: Action,
|
||||
context: Array<ContextItem>,
|
||||
): Promise<Authorization> {
|
||||
const { data } = await lastValueFrom(
|
||||
this._httpService.post<Decision>(
|
||||
this._configService.get<string>('OPA_URL') + domain + '/' + action,
|
||||
{
|
||||
input: {
|
||||
uuid,
|
||||
...context,
|
||||
},
|
||||
},
|
||||
),
|
||||
const reducedContext = context.reduce(
|
||||
(obj, item) => Object.assign(obj, { [item.name]: item.value }),
|
||||
{},
|
||||
);
|
||||
return new Authorization(data.result.allow);
|
||||
try {
|
||||
const { data } = await lastValueFrom(
|
||||
this._httpService.post<Decision>(
|
||||
this._configService.get<string>('OPA_URL') + domain + '/' + action,
|
||||
{
|
||||
input: {
|
||||
uuid,
|
||||
...reducedContext,
|
||||
},
|
||||
},
|
||||
),
|
||||
);
|
||||
return new Authorization(data.result.allow);
|
||||
} catch (e) {
|
||||
return new Authorization(false);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -30,6 +30,9 @@ const mockHttpService = {
|
|||
},
|
||||
},
|
||||
});
|
||||
})
|
||||
.mockImplementationOnce(() => {
|
||||
throw new Error();
|
||||
}),
|
||||
};
|
||||
|
||||
|
@ -84,5 +87,14 @@ describe('OpaDecisionMaker', () => {
|
|||
);
|
||||
expect(authorization.allow).toBeFalsy();
|
||||
});
|
||||
it('should return a falsy authorization when an error happens', async () => {
|
||||
const authorization = await opaDecisionMaker.decide(
|
||||
'bb281075-1b98-4456-89d6-c643d3044a91',
|
||||
Domain.user,
|
||||
Action.read,
|
||||
[],
|
||||
);
|
||||
expect(authorization.allow).toBeFalsy();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
|
Loading…
Reference in New Issue