Upgrade dependent version: github.com/open-policy-agent/opa (#5315)

Upgrade dependent version: github.com/open-policy-agent/opa v0.18.0 -> v0.45.0 Signed-off-by: hongzhouzi <hongzhouzi@kubesphere.io> Signed-off-by: hongzhouzi <hongzhouzi@kubesphere.io>
2022-10-31 10:58:55 +08:00
parent 668fca1773
commit ef03b1e3df
363 changed files with 277341 additions and 13544 deletions
--- a/vendor/github.com/open-policy-agent/opa/storage/inmem/inmem.go
+++ b/vendor/github.com/open-policy-agent/opa/storage/inmem/inmem.go
@@ -19,27 +19,46 @@ import (
 	"context"
 	"fmt"
 	"io"
+	"path/filepath"
+	"strings"
 	"sync"
 	"sync/atomic"

-	"github.com/open-policy-agent/opa/ast"
+	"github.com/open-policy-agent/opa/internal/merge"
 	"github.com/open-policy-agent/opa/storage"
 	"github.com/open-policy-agent/opa/util"
 )

 // New returns an empty in-memory store.
 func New() storage.Store {
-	return &store{
-		data:     map[string]interface{}{},
-		triggers: map[*handle]storage.TriggerConfig{},
-		policies: map[string][]byte{},
-		indices:  newIndices(),
+	return NewWithOpts()
+}
+
+// NewWithOpts returns an empty in-memory store, with extra options passed.
+func NewWithOpts(opts ...Opt) storage.Store {
+	s := &store{
+		data:             map[string]interface{}{},
+		triggers:         map[*handle]storage.TriggerConfig{},
+		policies:         map[string][]byte{},
+		roundTripOnWrite: true,
 	}
+
+	for _, opt := range opts {
+		opt(s)
+	}
+
+	return s
 }

 // NewFromObject returns a new in-memory store from the supplied data object.
 func NewFromObject(data map[string]interface{}) storage.Store {
-	db := New()
+	return NewFromObjectWithOpts(data)
+}
+
+// NewFromObject returns a new in-memory store from the supplied data object, with the
+// options passed.
+func NewFromObjectWithOpts(data map[string]interface{}, opts ...Opt) storage.Store {
+	db := NewWithOpts(opts...)
 	ctx := context.Background()
 	txn, err := db.NewTransaction(ctx, storage.WriteParams)
 	if err != nil {
@@ -57,12 +76,18 @@ func NewFromObject(data map[string]interface{}) storage.Store {
 // NewFromReader returns a new in-memory store from a reader that produces a
 // JSON serialized object. This function is for test purposes.
 func NewFromReader(r io.Reader) storage.Store {
+	return NewFromReaderWithOpts(r)
+}
+
+// NewFromReader returns a new in-memory store from a reader that produces a
+// JSON serialized object, with extra options. This function is for test purposes.
+func NewFromReaderWithOpts(r io.Reader, opts ...Opt) storage.Store {
 	d := util.NewJSONDecoder(r)
 	var data map[string]interface{}
 	if err := d.Decode(&data); err != nil {
 		panic(err)
 	}
-	return NewFromObject(data)
+	return NewFromObjectWithOpts(data, opts...)
 }

 type store struct {
@@ -72,19 +97,22 @@ type store struct {
 	data     map[string]interface{}            // raw data
 	policies map[string][]byte                 // raw policies
 	triggers map[*handle]storage.TriggerConfig // registered triggers
-	indices  *indices                          // data ref indices
+
+	// roundTripOnWrite, if true, means that every call to Write round trips the
+	// data through JSON before adding the data to the store. Defaults to true.
+	roundTripOnWrite bool
 }

 type handle struct {
 	db *store
 }

-func (db *store) NewTransaction(ctx context.Context, params ...storage.TransactionParams) (storage.Transaction, error) {
+func (db *store) NewTransaction(_ context.Context, params ...storage.TransactionParams) (storage.Transaction, error) {
 	var write bool
-	var context *storage.Context
+	var ctx *storage.Context
 	if len(params) > 0 {
 		write = params[0].Write
-		context = params[0].Context
+		ctx = params[0].Context
 	}
 	xid := atomic.AddUint64(&db.xid, uint64(1))
 	if write {
@@ -92,7 +120,90 @@ func (db *store) NewTransaction(ctx context.Context, params ...storage.Transacti
 	} else {
 		db.rmu.RLock()
 	}
-	return newTransaction(xid, write, context, db), nil
+	return newTransaction(xid, write, ctx, db), nil
+}
+
+// Truncate implements the storage.Store interface. This method must be called within a transaction.
+func (db *store) Truncate(ctx context.Context, txn storage.Transaction, params storage.TransactionParams, it storage.Iterator) error {
+	var update *storage.Update
+	var err error
+	mergedData := map[string]interface{}{}
+
+	underlying, err := db.underlying(txn)
+	if err != nil {
+		return err
+	}
+
+	for {
+		update, err = it.Next()
+		if err != nil {
+			break
+		}
+
+		if update.IsPolicy {
+			err = underlying.UpsertPolicy(strings.TrimLeft(update.Path.String(), "/"), update.Value)
+			if err != nil {
+				return err
+			}
+		} else {
+			var value interface{}
+			err = util.Unmarshal(update.Value, &value)
+			if err != nil {
+				return err
+			}
+
+			var key []string
+			dirpath := strings.TrimLeft(update.Path.String(), "/")
+			if len(dirpath) > 0 {
+				key = strings.Split(dirpath, "/")
+			}
+
+			if value != nil {
+				obj, err := mktree(key, value)
+				if err != nil {
+					return err
+				}
+
+				merged, ok := merge.InterfaceMaps(mergedData, obj)
+				if !ok {
+					return fmt.Errorf("failed to insert data file from path %s", filepath.Join(key...))
+				}
+				mergedData = merged
+			}
+		}
+	}
+
+	if err != nil && err != io.EOF {
+		return err
+	}
+
+	// For backwards compatibility, check if `RootOverwrite` was configured.
+	if params.RootOverwrite {
+		newPath, ok := storage.ParsePathEscaped("/")
+		if !ok {
+			return fmt.Errorf("storage path invalid: %v", newPath)
+		}
+		return underlying.Write(storage.AddOp, newPath, mergedData)
+	}
+
+	for _, root := range params.BasePaths {
+		newPath, ok := storage.ParsePathEscaped("/" + root)
+		if !ok {
+			return fmt.Errorf("storage path invalid: %v", newPath)
+		}
+
+		if value, ok := lookup(newPath, mergedData); ok {
+			if len(newPath) > 0 {
+				if err := storage.MakeDir(ctx, db, txn, newPath[:len(newPath)-1]); err != nil {
+					return err
+				}
+			}
+			if err := underlying.Write(storage.AddOp, newPath, value); err != nil {
+				return err
+			}
+		}
+	}
+	return nil
 }

 func (db *store) Commit(ctx context.Context, txn storage.Transaction) error {
@@ -103,9 +214,8 @@ func (db *store) Commit(ctx context.Context, txn storage.Transaction) error {
 	if underlying.write {
 		db.rmu.Lock()
 		event := underlying.Commit()
-		db.indices = newIndices()
 		db.runOnCommitTriggers(ctx, txn, event)
-		// Mark the transaction stale after executing triggers so they can
+		// Mark the transaction stale after executing triggers, so they can
 		// perform store operations if needed.
 		underlying.stale = true
 		db.rmu.Unlock()
@@ -116,7 +226,7 @@ func (db *store) Commit(ctx context.Context, txn storage.Transaction) error {
 	return nil
 }

-func (db *store) Abort(ctx context.Context, txn storage.Transaction) {
+func (db *store) Abort(_ context.Context, txn storage.Transaction) {
 	underlying, err := db.underlying(txn)
 	if err != nil {
 		panic(err)
@@ -164,7 +274,7 @@ func (db *store) DeletePolicy(_ context.Context, txn storage.Transaction, id str
 	return underlying.DeletePolicy(id)
 }

-func (db *store) Register(ctx context.Context, txn storage.Transaction, config storage.TriggerConfig) (storage.TriggerHandle, error) {
+func (db *store) Register(_ context.Context, txn storage.Transaction, config storage.TriggerConfig) (storage.TriggerHandle, error) {
 	underlying, err := db.underlying(txn)
 	if err != nil {
 		return nil, err
@@ -180,7 +290,7 @@ func (db *store) Register(ctx context.Context, txn storage.Transaction, config s
 	return h, nil
 }

-func (db *store) Read(ctx context.Context, txn storage.Transaction, path storage.Path) (interface{}, error) {
+func (db *store) Read(_ context.Context, txn storage.Transaction, path storage.Path) (interface{}, error) {
 	underlying, err := db.underlying(txn)
 	if err != nil {
 		return nil, err
@@ -188,33 +298,21 @@ func (db *store) Read(ctx context.Context, txn storage.Transaction, path storage
 	return underlying.Read(path)
 }

-func (db *store) Write(ctx context.Context, txn storage.Transaction, op storage.PatchOp, path storage.Path, value interface{}) error {
+func (db *store) Write(_ context.Context, txn storage.Transaction, op storage.PatchOp, path storage.Path, value interface{}) error {
 	underlying, err := db.underlying(txn)
 	if err != nil {
 		return err
 	}
 	val := util.Reference(value)
-	if err := util.RoundTrip(val); err != nil {
-		return err
+	if db.roundTripOnWrite {
+		if err := util.RoundTrip(val); err != nil {
+			return err
+		}
 	}
 	return underlying.Write(op, path, *val)
 }

-func (db *store) Build(ctx context.Context, txn storage.Transaction, ref ast.Ref) (storage.Index, error) {
-	underlying, err := db.underlying(txn)
-	if err != nil {
-		return nil, err
-	}
-	if underlying.write {
-		return nil, &storage.Error{
-			Code:    storage.IndexingNotSupportedErr,
-			Message: "in-memory store does not support indexing on write transactions",
-		}
-	}
-	return db.indices.Build(ctx, db, txn, ref)
-}
-
-func (h *handle) Unregister(ctx context.Context, txn storage.Transaction) {
+func (h *handle) Unregister(_ context.Context, txn storage.Transaction) {
 	underlying, err := h.db.underlying(txn)
 	if err != nil {
 		panic(err)
@@ -257,11 +355,8 @@ func (db *store) underlying(txn storage.Transaction) (*transaction, error) {
 	return underlying, nil
 }

-var doesNotExistMsg = "document does not exist"
-var rootMustBeObjectMsg = "root must be object"
-var rootCannotBeRemovedMsg = "root cannot be removed"
-var outOfRangeMsg = "array index out of range"
-var arrayIndexTypeMsg = "array index must be integer"
+const rootMustBeObjectMsg = "root must be object"
+const rootCannotBeRemovedMsg = "root cannot be removed"

 func invalidPatchError(f string, a ...interface{}) *storage.Error {
 	return &storage.Error{
@@ -270,18 +365,42 @@ func invalidPatchError(f string, a ...interface{}) *storage.Error {
 	}
 }

-func notFoundError(path storage.Path) *storage.Error {
-	return notFoundErrorHint(path, doesNotExistMsg)
-}
-
-func notFoundErrorHint(path storage.Path, hint string) *storage.Error {
-	return notFoundErrorf("%v: %v", path.String(), hint)
-}
-
-func notFoundErrorf(f string, a ...interface{}) *storage.Error {
-	msg := fmt.Sprintf(f, a...)
-	return &storage.Error{
-		Code:    storage.NotFoundErr,
-		Message: msg,
+func mktree(path []string, value interface{}) (map[string]interface{}, error) {
+	if len(path) == 0 {
+		// For 0 length path the value is the full tree.
+		obj, ok := value.(map[string]interface{})
+		if !ok {
+			return nil, invalidPatchError(rootMustBeObjectMsg)
+		}
+		return obj, nil
 	}
+
+	dir := map[string]interface{}{}
+	for i := len(path) - 1; i > 0; i-- {
+		dir[path[i]] = value
+		value = dir
+		dir = map[string]interface{}{}
+	}
+	dir[path[0]] = value
+
+	return dir, nil
+}
+
+func lookup(path storage.Path, data map[string]interface{}) (interface{}, bool) {
+	if len(path) == 0 {
+		return data, true
+	}
+	for i := 0; i < len(path)-1; i++ {
+		value, ok := data[path[i]]
+		if !ok {
+			return nil, false
+		}
+		obj, ok := value.(map[string]interface{})
+		if !ok {
+			return nil, false
+		}
+		data = obj
+	}
+	value, ok := data[path[len(path)-1]]
+	return value, ok
 }