opa eval passes policies, consumerMetadata and input_analyzed_object

VerticalRelevance · May 6, 2022 · 9e24c8b · 9e24c8b
1 parent 2ce558f
commit 9e24c8b
Show file tree

Hide file tree

Showing 2 changed files with 50 additions and 3 deletions.
diff --git a/supplementary_files/handlers_stack/lambdas/eval_engine_lambdalith/lambda_function.py b/supplementary_files/handlers_stack/lambdas/eval_engine_lambdalith/lambda_function.py
@@ -75,6 +75,20 @@ def mkdir(dir_):
     p.mkdir(parents=True,exist_ok=True)
     return str(p) 
 
+def run_bash(*, bash_path):
+    subprocess.run(["chmod","u+rx", bash_path])
+    output = subprocess.run(["sh", f"{bash_path}"], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+    print('raw subprocess output:')
+    print(output)
+    print('stdout:')
+    stdout = output.stdout.decode('utf-8')
+    print('stderr:')
+    stderr = output.stderr.decode('utf-8')
+    return {
+        'stdout': stdout,
+        'stderr': stderr
+    }
+
 def get_is_allowed_decision():
     from random import getrandbits
     return bool(getrandbits(1))
@@ -89,6 +103,17 @@ def lambda_handler(event,context):
     input_analyzed = request_json_body['InputAnalyzed']
 
     print(f'input_analyzed:\n{input_analyzed}')
+
+    consumer_metadata= request_json_body['ConsumerMetadata']
+
+    print(f'consumer_metadata:\n{consumer_metadata}')
+
+    # write ConsumerMetadata to /tmp
+
+    consumer_metadata_path = '/tmp/consumer_metadata.json'
+
+    with open(consumer_metadata_path,'w') as f:
+        json.dump(consumer_metadata,f,indent=2)
 
     # write input_analyzed_object to /tmp
 
@@ -108,7 +133,7 @@ def lambda_handler(event,context):
 
     print(f'pac_framework_bucket:\n{pac_framework_bucket}')
 
-    policy_path_root = mkdir('/tmp/opa-policies')
+    policy_path_root = mkdir('/tmp/pac_policies')
 
     print(f'begin: Get Policies')
 
@@ -117,6 +142,27 @@ def lambda_handler(event,context):
         local_path = policy_path_root
     )
 
+    # to tmp
+
+    shutil.copy('./opa','/tmp/opa')
+
+    os.chmod('/tmp/opa',755)
+
+    shutil.copy('./opa-eval.sh','/tmp/opa-eval.sh')
+
+    # eval
+
+    opa_eval_result = run_bash(bash_path='/tmp/opa-eval.sh')
+
+    print(f'eval_result:\n{opa_eval_result}\n{type(opa_eval_result)}')
+
+    stdout_ = json.loads(opa_eval_result.get('stdout'))
+    print(f'stdout_:\n{stdout_}\n{type(stdout_)}')
+
+    opa_eval_results = stdout_
+    print(f'opa_eval_results:\n{opa_eval_results}\n{type(opa_eval_results)}')
+
+
 
     return {
         "EvalEngineLambdalith": {

diff --git a/supplementary_files/handlers_stack/lambdas/eval_engine_lambdalith/opa-eval.sh b/supplementary_files/handlers_stack/lambdas/eval_engine_lambdalith/opa-eval.sh
@@ -1,5 +1,6 @@
 EVAL=$(/tmp/opa eval --explain full --disable-early-exit --format raw \
-    -d /tmp/opa-policies/ \
-    -i /tmp/input.json \
+    -d /tmp/pac_policies/ \
+    -d /tmp/consumer_metadata.json \
+    -i /tmp/input_analyzed_object.json \
     "data")
 echo $EVAL