regoInputValue returns a rego input value for the given subject, action, and object. This rego input is already parsed and can be used directly in a rego query.
(subject Subject, action policy.Action, object Object)
| 11 | // object. This rego input is already parsed and can be used directly in a |
| 12 | // rego query. |
| 13 | func regoInputValue(subject Subject, action policy.Action, object Object) (ast.Value, error) { |
| 14 | regoSubj, err := subject.regoValue() |
| 15 | if err != nil { |
| 16 | return nil, xerrors.Errorf("subject: %w", err) |
| 17 | } |
| 18 | |
| 19 | s := [2]*ast.Term{ |
| 20 | ast.StringTerm("subject"), |
| 21 | ast.NewTerm(regoSubj), |
| 22 | } |
| 23 | a := [2]*ast.Term{ |
| 24 | ast.StringTerm("action"), |
| 25 | ast.StringTerm(string(action)), |
| 26 | } |
| 27 | o := [2]*ast.Term{ |
| 28 | ast.StringTerm("object"), |
| 29 | ast.NewTerm(object.regoValue()), |
| 30 | } |
| 31 | |
| 32 | input := ast.NewObject(s, a, o) |
| 33 | |
| 34 | return input, nil |
| 35 | } |
| 36 | |
| 37 | // regoPartialInputValue is the same as regoInputValue but only includes the |
| 38 | // object type. This is for partial evaluations. |