Skip to content

Commit

Permalink
Generate decision ID using flowid generator (#2926)
Browse files Browse the repository at this point in the history
* OPA: Use flowId for decision ID.

Signed-off-by: Pushpalanka Jayawardhana <pushpalanka.jayawardhana@zalando.de>
  • Loading branch information
Pushpalanka authored Mar 4, 2024
1 parent 8894363 commit 8c2cab7
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 5 deletions.
23 changes: 18 additions & 5 deletions filters/openpolicyagent/evaluation.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,17 +16,24 @@ import (
)

func (opa *OpenPolicyAgentInstance) Eval(ctx context.Context, req *ext_authz_v3.CheckRequest) (*envoyauth.EvalResult, error) {
result, stopeval, err := envoyauth.NewEvalResult()
span := opentracing.SpanFromContext(ctx)
if span != nil {
span.SetTag("opa.decision_id", result.DecisionID)
}

decisionId, err := opa.idGenerator.Generate()
if err != nil {
opa.Logger().WithFields(map[string]interface{}{"err": err}).Error("Unable to generate decision ID.")
return nil, err
}

result, stopeval, err := envoyauth.NewEvalResult(withDecisionID(decisionId))
if err != nil {
opa.Logger().WithFields(map[string]interface{}{"err": err}).Error("Unable to generate new result with decision ID.")
return nil, err
}

span := opentracing.SpanFromContext(ctx)
if span != nil {
span.SetTag("opa.decision_id", result.DecisionID)
}

var input map[string]interface{}
defer func() {
stopeval()
Expand Down Expand Up @@ -71,3 +78,9 @@ func (opa *OpenPolicyAgentInstance) logDecision(ctx context.Context, input inter

return decisionlog.LogDecision(ctx, opa.manager, info, result, err)
}

func withDecisionID(decisionID string) func(*envoyauth.EvalResult) {
return func(result *envoyauth.EvalResult) {
result.DecisionID = decisionID
}
}
10 changes: 10 additions & 0 deletions filters/openpolicyagent/openpolicyagent.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ import (
"google.golang.org/protobuf/encoding/protojson"

"github.com/zalando/skipper/filters"
"github.com/zalando/skipper/filters/flowid"
"github.com/zalando/skipper/filters/openpolicyagent/internal/envoy"
"github.com/zalando/skipper/routing"
"github.com/zalando/skipper/tracing"
Expand Down Expand Up @@ -360,6 +361,8 @@ type OpenPolicyAgentInstance struct {

maxBodyBytes int64
bodyReadBufferSize int64

idGenerator flowid.Generator
}

func envVariablesMap() map[string]string {
Expand Down Expand Up @@ -395,6 +398,11 @@ func interpolateConfigTemplate(configTemplate []byte, bundleName string) ([]byte
// new returns a new OPA object.
func (registry *OpenPolicyAgentRegistry) new(store storage.Store, configBytes []byte, instanceConfig OpenPolicyAgentInstanceConfig, filterName string, bundleName string, maxBodyBytes int64, bodyReadBufferSize int64) (*OpenPolicyAgentInstance, error) {
id := uuid.New().String()
uniqueIDGenerator, err := flowid.NewStandardGenerator(32)
if err != nil {
return nil, err
}

opaConfig, err := config.ParseConfig(configBytes, id)
if err != nil {
return nil, err
Expand Down Expand Up @@ -428,6 +436,8 @@ func (registry *OpenPolicyAgentRegistry) new(store storage.Store, configBytes []

preparedQueryDoOnce: new(sync.Once),
interQueryBuiltinCache: iCache.NewInterQueryCache(manager.InterQueryBuiltinCacheConfig()),

idGenerator: uniqueIDGenerator,
}

manager.RegisterCompilerTrigger(opa.compilerUpdated)
Expand Down

0 comments on commit 8c2cab7

Please sign in to comment.