fix docker example setup

unbasical · Dec 9, 2023 · 4ba7d83 · 4ba7d83
1 parent 272638a
commit 4ba7d83
Show file tree

Hide file tree

Showing 7 changed files with 205 additions and 176 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,8 @@
 # build stage
 FROM golang as builder
+
+ARG CGO_ENABLED=0
+
 # Add dependencies
 WORKDIR /go/src/app
 ADD . /go/src/app

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -10,14 +10,13 @@ services:
       - "9191:9191"
     volumes:
       - ./examples/docker-compose/config/:/conf
-      - ./call-operands/:/call-operands
+      - ./examples/docker-compose/call-operands/:/call-operands
       - ./examples/docker-compose/policies/:/policies
     environment:
-      - DATASTORE_CONF=/conf/datastore.yml
-      - API_CONF=/conf/api.yml
-      - OPA_CONF=/conf/opa.yml
+      - KELON_CONF=/conf/kelon.yml
       - REGO_DIR=/policies
       - CONFIG_WATCHER_PATH=/policies
+      - CALL_OPERANDS_DIR=/call-operands
 
   mysql:
     image: mysql:8

diff --git a/examples/docker-compose/policies/mongo_example.rego b/examples/docker-compose/policies/mongo_example.rego
@@ -1,71 +1,85 @@
 package applications.mongo
 
-verify = true {
-    input.path == ["api", "mongo", "apps", "1"]
+verify {
+	input.path == ["api", "mongo", "apps", "1"]
 }
 
-verify = true {
-    some user
+verify {
+	some user
 
-    data.mongo.users[user].name == input.user
-    user.password = input.password
+	data.mongo.users[user].name == input.user
+	user.password = input.password
 }
 
 # Deny all by default
-allow = false
+allow := false
 
 # Path: GET /api/mongo/apps/:app_id
 # Users with right 'OWNER' on app can access it always
-allow = true {
-    some appId, app, right, user
-    input.method == "GET"
-    input.path = ["api", "mongo", "apps", appId]
+allow {
+	some app_id, app, right, user
+	input.method == "GET"
+	input.path = ["api", "mongo", "apps", app_id]
 
-    # This query fires against collection -> apps
-    data.mongo.apps[app].id == appId
+	# This query fires against collection -> apps
+	data.mongo.apps[app].id == app_id
 
-    # Nest elements
-    data.mongo.rights[right].right == "OWNER"
-    data.mongo.users[user].name == input.user
+	# Nest elements
+	data.mongo.rights[right].right == "OWNER"
+	data.mongo.users[user].name == input.user
 
-    # Query root
-    app.stars > 2
+	# Query root
+	app.stars > 2
 }
 
 # Path: GET /api/mongo/apps/:app_id
 # All apps with 5 stars are public
-allow = true {
-    some app, appId
-    input.method == "GET"
-    input.path = ["api", "mongo", "apps", appId]
-
-    # This query fires against collection -> apps
-    data.mongo.apps[app].stars == 5
-    app.id == appId
+allow {
+	some app, app_id
+	input.method == "GET"
+	input.path = ["api", "mongo", "apps", app_id]
+
+	# This query fires against collection -> apps
+	data.mongo.apps[app].stars == 5
+	app.id == app_id
 }
 
 # Path: GET /api/mongo/apps/:app_id
 # The first app is public
-allow = true {
-    input.method == "GET"
-    input.path == ["api", "mongo", "apps", "1"]
+allow {
+	input.method == "GET"
+	input.path == ["api", "mongo", "apps", "1"]
 }
 
 # Path: GET <any>
 # All users that are a friends of Kevin are allowed see everything
-allow = true {
-    some user
-    input.method == "GET"
+allow {
+	some user
+	input.method == "GET"
+
+	# This query fires against collection -> users
+	data.mongo.users[user].name == input.user
+	old_or_kevin(user.age, user.friend)
+}
+
+# Path: GET /api/mongo/apps/:app_id
+# Test for count function
+allow {
+	some app
+	input.method == "GET"
+	input.path = ["api", "mongo", "apps", "4"]
+
+	# Get all apps with 5 starts
+	data.mongo.apps[app].stars > 4
 
-    # This query fires against collection -> users
-    data.mongo.users[user].name == input.user
-    old_or_kevin(user.age, user.friend)
+	# If there is any one return true
+	count(app) > 0
 }
 
 old_or_kevin(age, friend) {
-    age == 42
+	age == 42
 }
 
 old_or_kevin(age, friend) {
-    friend == "Kevin"
+	friend == "Kevin"
 }
diff --git a/examples/docker-compose/policies/mongo_pg_example.rego b/examples/docker-compose/policies/mongo_pg_example.rego
@@ -3,89 +3,88 @@ package applications.mixed
 # Here we mix multiple datastores (MongoDB and Postgres)
 # NOTE: Only one datastore can be used in a allow/verify policy
 
-
-verify = true {
-    input.path == ["api", "mixed", "apps", "1"]
+verify {
+	input.path == ["api", "mixed", "apps", "1"]
 }
 
 # Verify using Postgres as Datastore
-verify = true {
-    some user
+verify {
+	some user
 
-    data.pg.pg_users[user].name == input.user
-    user.password = input.password
+	data.pg.pg_users[user].name == input.user
+	user.password = input.password
 }
 
 # Deny all by default
-allow = false
+allow := false
 
 # Path: GET /api/pg/apps/:app_id
 # Datastore: Postgres
-# Users with right 'OWNER' on app can access it always
-allow = true {
-    some appId, u, r
-    input.method == "GET"
-    input.path = ["api", "mixed", "apps", appId]
-
-    # Join
-    data.pg.pg_users[u].id == data.pg.pg_app_rights[r].user_id
-
-    # Where
-    u.name == input.user
-    r.right == "OWNER"
-    r.app_id == appId
+# The first app is public
+allow {
+	input.method == "GET"
+	input.path == ["api", "mixed", "apps", "1"]
 }
 
 # Path: GET /api/pg/apps/:app_id
 # Datastore: Postgres
-# All apps with 5 stars are public
-allow = true {
-    some app, appId
-    input.method == "GET"
-    input.path = ["api", "mixed", "apps", appId]
-
-    data.pg.pg_apps[app].id == appId
-    app.stars == 5
+# Users with right 'OWNER' on app can access it always
+allow {
+	some app_id, u, r
+	input.method == "GET"
+	input.path = ["api", "mixed", "apps", app_id]
+
+	# Join
+	data.pg.pg_users[u].id == data.pg.pg_app_rights[r].user_id
+
+	# Where
+	u.name == input.user
+	r.right == "OWNER"
+	r.app_id == app_id
 }
 
 # Path: GET /api/pg/apps/:app_id
 # Datastore: Postgres
-# The first app is public
-allow = true {
-    input.method == "GET"
-    input.path == ["api", "mixed", "apps", "1"]
+# All apps with 5 stars are public
+allow {
+	some app, app_id
+	input.method == "GET"
+	input.path = ["api", "mixed", "apps", app_id]
+
+	data.pg.pg_apps[app].id == app_id
+	app.stars == 5
 }
 
 # Path: GET <any>
 # Datastore: Mongo
 # All users that are a friends of Kevin are allowed see everything
-allow = true {
-    input.method == "GET"
+allow {
+	input.method == "GET"
 
-    # Query
-    data.mongo.users[user].name == input.user
-    old_or_kevin(user.age, user.friend)
+	# Query
+	data.mongo.users[user].name == input.user
+	old_or_kevin(user.age, user.friend)
 }
 
 # Path: GET /api/pg/apps/:app_id
 # Datastore: MongoDB
 # Test for count function
-allow = true {
-    some app
-    input.method == "GET"
-    input.path = ["api", "mixed", "apps", "4"]
+allow {
+	some app
+	input.method == "GET"
+	input.path = ["api", "mixed", "apps", "4"]
 
-    # Get all apps with 5 starts
-    data.mongo.apps[app].stars > 4
+	# Get all apps with 5 starts
+	data.mongo.apps[app].stars > 4
 
-    #If there is any one return true
-    count(app) > 0
+	# If there is any one return true
+	count(app) > 0
 }
 
 old_or_kevin(age, friend) {
-    age == 42
+	age == 42
 }
 
 old_or_kevin(age, friend) {
-    friend == "Kevin"
+	friend == "Kevin"
 }