Upgrade dependent version: github.com/open-policy-agent/opa (#5315)

Upgrade dependent version: github.com/open-policy-agent/opa v0.18.0 -> v0.45.0 Signed-off-by: hongzhouzi <hongzhouzi@kubesphere.io> Signed-off-by: hongzhouzi <hongzhouzi@kubesphere.io>
2022-10-31 10:58:55 +08:00
parent 668fca1773
commit ef03b1e3df
363 changed files with 277341 additions and 13544 deletions
--- a/vendor/github.com/open-policy-agent/opa/topdown/builtins/builtins.go
+++ b/vendor/github.com/open-policy-agent/opa/topdown/builtins/builtins.go
@@ -6,11 +6,13 @@
 package builtins

 import (
+	"encoding/json"
 	"fmt"
 	"math/big"
 	"strings"

 	"github.com/open-policy-agent/opa/ast"
+	"github.com/open-policy-agent/opa/util"
 )

 // Cache defines the built-in cache used by the top-down evaluation. The keys
@@ -28,6 +30,85 @@ func (c Cache) Get(k interface{}) (interface{}, bool) {
 	return v, ok
 }

+// We use an ast.Object for the cached keys/values because a naive
+// map[ast.Value]ast.Value will not correctly detect value equality of
+// the member keys.
+type NDBCache map[string]ast.Object
+
+func (c NDBCache) AsValue() ast.Value {
+	out := ast.NewObject()
+	for bname, obj := range c {
+		out.Insert(ast.StringTerm(bname), ast.NewTerm(obj))
+	}
+	return out
+}
+
+// Put updates the cache for the named built-in.
+// Automatically creates the 2-level hierarchy as needed.
+func (c NDBCache) Put(name string, k, v ast.Value) {
+	if _, ok := c[name]; !ok {
+		c[name] = ast.NewObject()
+	}
+	c[name].Insert(ast.NewTerm(k), ast.NewTerm(v))
+}
+
+// Get returns the cached value for k for the named builtin.
+func (c NDBCache) Get(name string, k ast.Value) (ast.Value, bool) {
+	if m, ok := c[name]; ok {
+		v := m.Get(ast.NewTerm(k))
+		if v != nil {
+			return v.Value, true
+		}
+		return nil, false
+	}
+	return nil, false
+}
+
+// Convenience functions for serializing the data structure.
+func (c NDBCache) MarshalJSON() ([]byte, error) {
+	v, err := ast.JSON(c.AsValue())
+	if err != nil {
+		return nil, err
+	}
+	return json.Marshal(v)
+}
+
+func (c *NDBCache) UnmarshalJSON(data []byte) error {
+	out := map[string]ast.Object{}
+	var incoming interface{}
+
+	// Note: We use util.Unmarshal instead of json.Unmarshal to get
+	// correct deserialization of number types.
+	err := util.Unmarshal(data, &incoming)
+	if err != nil {
+		return err
+	}
+
+	// Convert interface types back into ast.Value types.
+	nestedObject, err := ast.InterfaceToValue(incoming)
+	if err != nil {
+		return err
+	}
+
+	// Reconstruct NDBCache from nested ast.Object structure.
+	if source, ok := nestedObject.(ast.Object); ok {
+		err = source.Iter(func(k, v *ast.Term) error {
+			if obj, ok := v.Value.(ast.Object); ok {
+				out[string(k.Value.(ast.String))] = obj
+				return nil
+			}
+			return fmt.Errorf("expected Object, got other Value type in conversion")
+		})
+		if err != nil {
+			return err
+		}
+	}
+
+	*c = out
+
+	return nil
+}
+
 // ErrOperand represents an invalid operand has been passed to a built-in
 // function. Built-ins should return ErrOperand to indicate a type error has
 // occurred.
@@ -149,10 +230,10 @@ func ObjectOperand(x ast.Value, pos int) (ast.Object, error) {

 // ArrayOperand converts x to an array. If the cast fails, a descriptive
 // error is returned.
-func ArrayOperand(x ast.Value, pos int) (ast.Array, error) {
-	a, ok := x.(ast.Array)
+func ArrayOperand(x ast.Value, pos int) (*ast.Array, error) {
+	a, ok := x.(*ast.Array)
 	if !ok {
-		return nil, NewOperandTypeErr(pos, x, "array")
+		return ast.NewArray(), NewOperandTypeErr(pos, x, "array")
 	}
 	return a, nil
 }
@@ -168,7 +249,7 @@ func NumberToFloat(n ast.Number) *big.Float {

 // FloatToNumber converts f to a number.
 func FloatToNumber(f *big.Float) ast.Number {
-	return ast.Number(f.String())
+	return ast.Number(f.Text('g', -1))
 }

 // NumberToInt converts n to a big int.
@@ -189,23 +270,30 @@ func IntToNumber(i *big.Int) ast.Number {

 // StringSliceOperand converts x to a []string. If the cast fails, a descriptive error is
 // returned.
-func StringSliceOperand(x ast.Value, pos int) ([]string, error) {
-	a, err := ArrayOperand(x, pos)
-	if err != nil {
+func StringSliceOperand(a ast.Value, pos int) ([]string, error) {
+	type iterable interface {
+		Iter(func(*ast.Term) error) error
+		Len() int
+	}
+
+	strs, ok := a.(iterable)
+	if !ok {
+		return nil, NewOperandTypeErr(pos, a, "array", "set")
+	}
+
+	var outStrs = make([]string, 0, strs.Len())
+	if err := strs.Iter(func(x *ast.Term) error {
+		s, ok := x.Value.(ast.String)
+		if !ok {
+			return NewOperandElementErr(pos, a, x.Value, "string")
+		}
+		outStrs = append(outStrs, string(s))
+		return nil
+	}); err != nil {
 		return nil, err
 	}

-	var f = make([]string, len(a))
-	for k, b := range a {
-		c, ok := b.Value.(ast.String)
-		if !ok {
-			return nil, NewOperandElementErr(pos, x, b.Value, "[]string")
-		}
-
-		f[k] = string(c)
-	}
-
-	return f, nil
+	return outStrs, nil
 }

 // RuneSliceOperand converts x to a []rune. If the cast fails, a descriptive error is
@@ -216,8 +304,9 @@ func RuneSliceOperand(x ast.Value, pos int) ([]rune, error) {
 		return nil, err
 	}

-	var f = make([]rune, len(a))
-	for k, b := range a {
+	var f = make([]rune, a.Len())
+	for k := 0; k < a.Len(); k++ {
+		b := a.Elem(k)
 		c, ok := b.Value.(ast.String)
 		if !ok {
 			return nil, NewOperandElementErr(pos, x, b.Value, "string")