chore: Optimize rego policy input allocations (#6135)

* chore: Optimize rego policy evaluation allocations

Manually convert to ast.Value instead of using generic
json.Marshal conversion.

* Add a unit test that prevents regressions of rego input

The optimized input is always compared to the normal json
marshal parser.
This commit is contained in:
Steven Masley
2023-02-09 13:47:17 -06:00
committed by GitHub
parent 22f6400ea5
commit af59e2bcfa
8 changed files with 466 additions and 58 deletions

View File

@ -14,20 +14,25 @@ type UnauthorizedError struct {
// internal is the internal error that should never be shown to the client.
// It is only for debugging purposes.
internal error
input map[string]interface{}
output rego.ResultSet
// These fields are for debugging purposes.
subject Subject
action Action
// Note only the object type is set for partial execution.
object Object
output rego.ResultSet
}
// ForbiddenWithInternal creates a new error that will return a simple
// "forbidden" to the client, logging internally the more detailed message
// provided.
func ForbiddenWithInternal(internal error, input map[string]interface{}, output rego.ResultSet) *UnauthorizedError {
if input == nil {
input = map[string]interface{}{}
}
func ForbiddenWithInternal(internal error, subject Subject, action Action, object Object, output rego.ResultSet) *UnauthorizedError {
return &UnauthorizedError{
internal: internal,
input: input,
subject: subject,
action: action,
object: object,
output: output,
}
}
@ -43,7 +48,11 @@ func (e *UnauthorizedError) Internal() error {
}
func (e *UnauthorizedError) Input() map[string]interface{} {
return e.input
return map[string]interface{}{
"subject": e.subject,
"action": e.action,
"object": e.object,
}
}
// Output contains the results of the Rego query for debugging.