Upgrade dependent version: github.com/open-policy-agent/opa (#5315)

Upgrade dependent version: github.com/open-policy-agent/opa v0.18.0 -> v0.45.0 Signed-off-by: hongzhouzi <hongzhouzi@kubesphere.io> Signed-off-by: hongzhouzi <hongzhouzi@kubesphere.io>
2022-10-31 10:58:55 +08:00
parent 668fca1773
commit ef03b1e3df
363 changed files with 277341 additions and 13544 deletions
--- a/vendor/github.com/open-policy-agent/opa/topdown/runtime.go
+++ b/vendor/github.com/open-policy-agent/opa/topdown/runtime.go
@@ -4,7 +4,11 @@

 package topdown

-import "github.com/open-policy-agent/opa/ast"
+import (
+	"fmt"
+
+	"github.com/open-policy-agent/opa/ast"
+)

 func builtinOPARuntime(bctx BuiltinContext, _ []*ast.Term, iter func(*ast.Term) error) error {

@@ -12,9 +16,112 @@ func builtinOPARuntime(bctx BuiltinContext, _ []*ast.Term, iter func(*ast.Term)
 		return iter(ast.ObjectTerm())
 	}

+	if bctx.Runtime.Get(ast.StringTerm("config")) != nil {
+		iface, err := ast.ValueToInterface(bctx.Runtime.Value, illegalResolver{})
+		if err != nil {
+			return err
+		}
+		if object, ok := iface.(map[string]interface{}); ok {
+			if cfgRaw, ok := object["config"]; ok {
+				if config, ok := cfgRaw.(map[string]interface{}); ok {
+					configPurged, err := activeConfig(config)
+					if err != nil {
+						return err
+					}
+					object["config"] = configPurged
+					value, err := ast.InterfaceToValue(object)
+					if err != nil {
+						return err
+					}
+					return iter(ast.NewTerm(value))
+				}
+			}
+		}
+	}
+
 	return iter(bctx.Runtime)
 }

 func init() {
 	RegisterBuiltinFunc(ast.OPARuntime.Name, builtinOPARuntime)
 }
+
+func activeConfig(config map[string]interface{}) (interface{}, error) {
+
+	if config["services"] != nil {
+		err := removeServiceCredentials(config["services"])
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	if config["keys"] != nil {
+		err := removeCryptoKeys(config["keys"])
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return config, nil
+}
+
+func removeServiceCredentials(x interface{}) error {
+
+	switch x := x.(type) {
+	case []interface{}:
+		for _, v := range x {
+			err := removeKey(v, "credentials")
+			if err != nil {
+				return err
+			}
+		}
+
+	case map[string]interface{}:
+		for _, v := range x {
+			err := removeKey(v, "credentials")
+			if err != nil {
+				return err
+			}
+		}
+	default:
+		return fmt.Errorf("illegal service config type: %T", x)
+	}
+
+	return nil
+}
+
+func removeCryptoKeys(x interface{}) error {
+
+	switch x := x.(type) {
+	case map[string]interface{}:
+		for _, v := range x {
+			err := removeKey(v, "key", "private_key")
+			if err != nil {
+				return err
+			}
+		}
+	default:
+		return fmt.Errorf("illegal keys config type: %T", x)
+	}
+
+	return nil
+}
+
+func removeKey(x interface{}, keys ...string) error {
+	val, ok := x.(map[string]interface{})
+	if !ok {
+		return fmt.Errorf("type assertion error")
+	}
+
+	for _, key := range keys {
+		delete(val, key)
+	}
+
+	return nil
+}
+
+type illegalResolver struct{}
+
+func (illegalResolver) Resolve(ref ast.Ref) (interface{}, error) {
+	return nil, fmt.Errorf("illegal value: %v", ref)
+}