From 63a3d98698d00fb6b606c6457534cb4cacc835de Mon Sep 17 00:00:00 2001 From: David Ashby Date: Sun, 22 Mar 2020 17:25:57 -0400 Subject: [PATCH 1/5] rego file parser --- lib/rouge/demos/rego | 27 ++++++++++++++++++++++ lib/rouge/lexers/rego.rb | 48 ++++++++++++++++++++++++++++++++++++++++ spec/lexers/rego_spec.rb | 15 +++++++++++++ spec/visual/samples/rego | 27 ++++++++++++++++++++++ 4 files changed, 117 insertions(+) create mode 100644 lib/rouge/demos/rego create mode 100644 lib/rouge/lexers/rego.rb create mode 100644 spec/lexers/rego_spec.rb create mode 100644 spec/visual/samples/rego diff --git a/lib/rouge/demos/rego b/lib/rouge/demos/rego new file mode 100644 index 0000000000..03460f3beb --- /dev/null +++ b/lib/rouge/demos/rego @@ -0,0 +1,27 @@ +package httpapi.authz + +subordinates = {"alice": [], "charlie": [], "bob": ["alice"], "betty": ["charlie"]} + +# HTTP API request +import input +# input = { +# "path": ["finance", "salary", "alice"], +# "user": "alice", +# "method": "GET" +# } + +default allow = false + +# Allow users to get their own salaries. +allow { + input.method = "GET" + input.path = ["finance", "salary", username] + input.user == username +} + +# Allow managers to get their subordinates' salaries. +allow { + input.method = "GET" + input.path = ["finance", "salary", username] + subordinates[input.user][_] == username +} diff --git a/lib/rouge/lexers/rego.rb b/lib/rouge/lexers/rego.rb new file mode 100644 index 0000000000..8d6ae662bb --- /dev/null +++ b/lib/rouge/lexers/rego.rb @@ -0,0 +1,48 @@ +# -*- coding: utf-8 -*- # +# frozen_string_literal: true +# example file taken from https://github.com/open-policy-agent/contrib/blob/f9e71d7/api_authz/docker/policy/api_authz.rego + +module Rouge + module Lexers + class Rego < RegexLexer + title "Rego" + desc "The Rego open-policy-agent (OPA) policy language (https://www.openpolicyagent.org/)" + tag 'rego' + aliases 'rego' + filenames '*.rego' + + state :basic do + rule %r/\s+/, Text + rule %r/#.*/, Comment::Single + + rule %r/[\[\](){}|.,;!]/, Punctuation + + rule %r/"[^"]*"/, Str::Double + + rule %r/-?\d+\.\d+([eE][+-]?\d+)?/, Num::Float + rule %r/-?\d+([eE][+-]?\d+)?/, Num + + rule %r/\\u[0-9a-fA-F]{4}/, Num::Hex + rule %r/\\["\/bfnrt]/, Str::Delimiter + end + + state :atoms do + rule %r/(true|false|null)/, Keyword::Constant + rule %r/[[:word:]]*/, Str::Symbol + rule %r/'[^']*'/, Str::Symbol + end + + state :operators do + rule %r/(=|!=|>|<|>=|<=|\+|-|\*|%|\/|\||&|:=)/, Operator + rule %r/(default|not|package|import|as|with|else|some)/, Operator + rule %r/[#&*+-.\/:<=>?@^~]+/, Operator + end + + state :root do + mixin :basic + mixin :operators + mixin :atoms + end + end + end +end \ No newline at end of file diff --git a/spec/lexers/rego_spec.rb b/spec/lexers/rego_spec.rb new file mode 100644 index 0000000000..8e52e1302c --- /dev/null +++ b/spec/lexers/rego_spec.rb @@ -0,0 +1,15 @@ +# -*- coding: utf-8 -*- # +# frozen_string_literal: true + +describe Rouge::Lexers::Rego do + let(:subject) { Rouge::Lexers::Rego.new } + + describe 'guessing' do + include Support::Guessing + + it 'guesses by filename' do + assert_guess :filename => 'foo.rego' + end + end +end + \ No newline at end of file diff --git a/spec/visual/samples/rego b/spec/visual/samples/rego new file mode 100644 index 0000000000..03460f3beb --- /dev/null +++ b/spec/visual/samples/rego @@ -0,0 +1,27 @@ +package httpapi.authz + +subordinates = {"alice": [], "charlie": [], "bob": ["alice"], "betty": ["charlie"]} + +# HTTP API request +import input +# input = { +# "path": ["finance", "salary", "alice"], +# "user": "alice", +# "method": "GET" +# } + +default allow = false + +# Allow users to get their own salaries. +allow { + input.method = "GET" + input.path = ["finance", "salary", username] + input.user == username +} + +# Allow managers to get their subordinates' salaries. +allow { + input.method = "GET" + input.path = ["finance", "salary", username] + subordinates[input.user][_] == username +} From 5f9dda89d97703452b79f490a4874522e7a78563 Mon Sep 17 00:00:00 2001 From: David Ashby Date: Tue, 24 Mar 2020 14:25:17 -0400 Subject: [PATCH 2/5] Apply suggestions from code review Co-Authored-By: Michael Camilleri --- lib/rouge/lexers/rego.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/rouge/lexers/rego.rb b/lib/rouge/lexers/rego.rb index 8d6ae662bb..ee98c4b93d 100644 --- a/lib/rouge/lexers/rego.rb +++ b/lib/rouge/lexers/rego.rb @@ -6,7 +6,7 @@ module Rouge module Lexers class Rego < RegexLexer title "Rego" - desc "The Rego open-policy-agent (OPA) policy language (https://www.openpolicyagent.org/)" + desc "The Rego open-policy-agent (OPA) policy language (openpolicyagent.org)" tag 'rego' aliases 'rego' filenames '*.rego' @@ -23,7 +23,7 @@ class Rego < RegexLexer rule %r/-?\d+([eE][+-]?\d+)?/, Num rule %r/\\u[0-9a-fA-F]{4}/, Num::Hex - rule %r/\\["\/bfnrt]/, Str::Delimiter + rule %r/\\["\/bfnrt]/, Str::Escape end state :atoms do @@ -33,7 +33,7 @@ class Rego < RegexLexer end state :operators do - rule %r/(=|!=|>|<|>=|<=|\+|-|\*|%|\/|\||&|:=)/, Operator + rule %r/(=|!=|>=|<=|>|<|\+|-|\*|%|\/|\||&|:=)/, Operator rule %r/(default|not|package|import|as|with|else|some)/, Operator rule %r/[#&*+-.\/:<=>?@^~]+/, Operator end @@ -45,4 +45,4 @@ class Rego < RegexLexer end end end -end \ No newline at end of file +end From 8dc3e20120f4c31353ca3925ce162142ff58d36c Mon Sep 17 00:00:00 2001 From: David Ashby Date: Sun, 29 Mar 2020 14:57:55 -0400 Subject: [PATCH 3/5] further cleanup --- lib/rouge/demos/rego | 15 ++------------- lib/rouge/lexers/rego.rb | 4 +--- spec/visual/samples/rego | 5 ++++- 3 files changed, 7 insertions(+), 17 deletions(-) diff --git a/lib/rouge/demos/rego b/lib/rouge/demos/rego index 03460f3beb..9f0385bb99 100644 --- a/lib/rouge/demos/rego +++ b/lib/rouge/demos/rego @@ -1,14 +1,10 @@ package httpapi.authz +# taken from https://github.com/open-policy-agent/contrib/blob/f9e71d7/api_authz/docker/policy/api_authz.rego subordinates = {"alice": [], "charlie": [], "bob": ["alice"], "betty": ["charlie"]} # HTTP API request import input -# input = { -# "path": ["finance", "salary", "alice"], -# "user": "alice", -# "method": "GET" -# } default allow = false @@ -17,11 +13,4 @@ allow { input.method = "GET" input.path = ["finance", "salary", username] input.user == username -} - -# Allow managers to get their subordinates' salaries. -allow { - input.method = "GET" - input.path = ["finance", "salary", username] - subordinates[input.user][_] == username -} +} \ No newline at end of file diff --git a/lib/rouge/lexers/rego.rb b/lib/rouge/lexers/rego.rb index ee98c4b93d..c340d13378 100644 --- a/lib/rouge/lexers/rego.rb +++ b/lib/rouge/lexers/rego.rb @@ -1,6 +1,5 @@ # -*- coding: utf-8 -*- # # frozen_string_literal: true -# example file taken from https://github.com/open-policy-agent/contrib/blob/f9e71d7/api_authz/docker/policy/api_authz.rego module Rouge module Lexers @@ -8,7 +7,6 @@ class Rego < RegexLexer title "Rego" desc "The Rego open-policy-agent (OPA) policy language (openpolicyagent.org)" tag 'rego' - aliases 'rego' filenames '*.rego' state :basic do @@ -35,7 +33,7 @@ class Rego < RegexLexer state :operators do rule %r/(=|!=|>=|<=|>|<|\+|-|\*|%|\/|\||&|:=)/, Operator rule %r/(default|not|package|import|as|with|else|some)/, Operator - rule %r/[#&*+-.\/:<=>?@^~]+/, Operator + rule %r/[\/:?@^~]+/, Operator end state :root do diff --git a/spec/visual/samples/rego b/spec/visual/samples/rego index 03460f3beb..549cf56c3d 100644 --- a/spec/visual/samples/rego +++ b/spec/visual/samples/rego @@ -4,16 +4,18 @@ subordinates = {"alice": [], "charlie": [], "bob": ["alice"], "betty": ["charlie # HTTP API request import input -# input = { +# input = { # example input # "path": ["finance", "salary", "alice"], # "user": "alice", # "method": "GET" +# "version": 1 # } default allow = false # Allow users to get their own salaries. allow { + input.version = 1.0e1 input.method = "GET" input.path = ["finance", "salary", username] input.user == username @@ -21,6 +23,7 @@ allow { # Allow managers to get their subordinates' salaries. allow { + input.version = 1.0 input.method = "GET" input.path = ["finance", "salary", username] subordinates[input.user][_] == username From eee9f68343653e28525cc3101e065dd25cfeef74 Mon Sep 17 00:00:00 2001 From: David Ashby Date: Sat, 4 Apr 2020 16:14:01 -0400 Subject: [PATCH 4/5] remove invalid 'string' lexer --- lib/rouge/lexers/rego.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/rouge/lexers/rego.rb b/lib/rouge/lexers/rego.rb index c340d13378..bd2f6e662f 100644 --- a/lib/rouge/lexers/rego.rb +++ b/lib/rouge/lexers/rego.rb @@ -27,7 +27,6 @@ class Rego < RegexLexer state :atoms do rule %r/(true|false|null)/, Keyword::Constant rule %r/[[:word:]]*/, Str::Symbol - rule %r/'[^']*'/, Str::Symbol end state :operators do From 3e600b225c63073e7ec1eaf3fe9a5b169b35c293 Mon Sep 17 00:00:00 2001 From: Michael Camilleri Date: Sun, 5 Apr 2020 14:42:13 +0900 Subject: [PATCH 5/5] Simplify demo --- lib/rouge/demos/rego | 8 -------- 1 file changed, 8 deletions(-) diff --git a/lib/rouge/demos/rego b/lib/rouge/demos/rego index 9f0385bb99..34b1422060 100644 --- a/lib/rouge/demos/rego +++ b/lib/rouge/demos/rego @@ -1,5 +1,4 @@ package httpapi.authz -# taken from https://github.com/open-policy-agent/contrib/blob/f9e71d7/api_authz/docker/policy/api_authz.rego subordinates = {"alice": [], "charlie": [], "bob": ["alice"], "betty": ["charlie"]} @@ -7,10 +6,3 @@ subordinates = {"alice": [], "charlie": [], "bob": ["alice"], "betty": ["charlie import input default allow = false - -# Allow users to get their own salaries. -allow { - input.method = "GET" - input.path = ["finance", "salary", username] - input.user == username -} \ No newline at end of file