feat(prose/golang): pass data to OPA policy for decision

dettanym · Mar 13, 2024 · 8227de1 · 8227de1
1 parent b7614eb
commit 8227de1
Showing 1 changed file with 12 additions and 4 deletions.
diff --git a/privacy-profile-composer/pkg/envoyfilter/filter.go b/privacy-profile-composer/pkg/envoyfilter/filter.go
@@ -53,6 +53,7 @@ type Filter struct {
 	// Runtime state of the filter
 	parentSpanContext model.SpanContext
 	headerMetadata    common.HeaderMetadata
+	thirdPartyURL     string
 	processDecodeBody bool
 	decodeDataBuffer  string
 	processEncodeBody bool
@@ -107,7 +108,7 @@ func (f *Filter) DecodeHeaders(header api.RequestHeaderMap, endStream bool) api.
 			return api.Continue
 		}
 
-		//thirdPartyURL := header.Host()
+		f.thirdPartyURL = f.headerMetadata.Host
 		f.processDecodeBody = true
 
 	default:
@@ -288,17 +289,19 @@ func (f *Filter) processBody(ctx context.Context, body string, isDecode bool) (s
 
 	proseTags[PROSE_OPA_ENFORCE] = strconv.FormatBool(f.config.opaEnforce)
 
-	sendLocalReply, err, opaTags := f.runOPA(ctx, isDecode)
+	sendLocalReply, err, opaTags := f.runOPA(ctx, isDecode, piiTypes)
 	for k, v := range opaTags {
 		proseTags[k] = v
 	}
 
 	return sendLocalReply, err, proseTags
 }
 
-func (f *Filter) runOPA(ctx context.Context, isDecode bool) (sendLocalReply bool, err error, proseTags map[string]string) {
+func (f *Filter) runOPA(ctx context.Context, isDecode bool, dataItems []string) (sendLocalReply bool, err error, proseTags map[string]string) {
 	proseTags = map[string]string{}
 
+	log.Printf("direction: '%v'; isDecode: '%v', host: '%v', thirdPartyUrl: '%v'", f.config.direction, isDecode, f.headerMetadata.Host, f.thirdPartyURL)
+
 	// get the named policy decision for the specified input
 	result, err := f.opa.Decision(
 		ctx,
@@ -311,7 +314,12 @@ func (f *Filter) runOPA(ctx context.Context, isDecode bool) (sendLocalReply bool
 			//  note that those test-cases are potentially out of date wrt simple.rego
 			//  as simple.rego expects PII type & purpose to be passed as headers
 			//  (i.e. as if we had an OPA sidecar)
-			Input:  map[string]interface{}{"hello": "world"},
+			Input: map[string]interface{}{
+				"purpose_of_use": f.headerMetadata.Purpose,
+				"data_items":     dataItems,
+				// todo double check that this is non-null only in outbound and decode mode
+				"external_domain": f.thirdPartyURL, // path or null
+			},
 			Tracer: topdown.NewBufferTracer(),
 		},
 	)