feature: support http filter plugins (Open Policy Agent)

[baerwang]

What does pixiu need to do with OPA ?

It supports a variety of strategies, such as JWT, and the OPA module supports it comprehensively

PIxiu needs to be implemented in two ways (Choose one of the two)

• depends on the OPA server
• depends on the OPA rules

introduce

https://www.openpolicyagent.org/

Directions for use

start opa server

docker run -d --name opa -p 8181:8181 openpolicyagent/opa:latest run -s

Create opa pollicy

curl -X PUT '127.0.0.1:8181/v1/policies/example1' \
  -H 'Content-Type: text/plain' \
  -d 'package example1

import input.request

default allow = false

allow {
    # HTTP method must GET
    request.method == "GET"
}'

Query policy

curl -X POST '127.0.0.1:8181/v1/data/example1/allow' \
  -H 'Content-Type: application/json' \
  -d '{"input":{"request":{"method":"GET"}}}'

OPA rules

package main

import (
    "context"

    "github.com/open-policy-agent/opa/rego"
)

func main() {
    mod := `
    package test
    import future.keywords.if
    
    default allow := false
    
    allow if {
        input.x == 1
    }
    `

    pq, err := rego.New(
        rego.Query("data.test.allow"),
        rego.Module("test.rego", mod),
        rego.Input(map[string]interface{}{"x": 1})).PrepareForEval(context.Background())
    if err != nil {
        panic(err)
    }

    result, err := pq.Eval(context.Background())
    if err != nil {
        panic(err)
    }
    print(result.Allowed())
}