From f1cfec680254720e40feb8ff5a75bc677cc7f36e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?=
 <charles.edouard@nirmata.com>
Date: Tue, 9 Jan 2024 15:53:15 +0100
Subject: [PATCH] refactor: make json engine request about a single resource
 (#273)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* fix: remove deps from engine to api

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* binding

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

* refactor: make json engine request about a single resource

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

---------

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---
 pkg/commands/scan/options.go     | 11 +++++++----
 pkg/json-engine/engine.go        | 30 ++++++++++++++----------------
 pkg/server/playground/handler.go | 11 +++++++----
 pkg/server/scan/handler.go       | 11 +++++++----
 test/api/go/main/main.go         |  4 ++--
 5 files changed, 37 insertions(+), 30 deletions(-)

diff --git a/pkg/commands/scan/options.go b/pkg/commands/scan/options.go
index dec77257..851762c4 100644
--- a/pkg/commands/scan/options.go
+++ b/pkg/commands/scan/options.go
@@ -75,10 +75,13 @@ func (c *options) run(cmd *cobra.Command, _ []string) error {
 	}
 	out.println("Running", "(", "evaluating", len(resources), pluralize.Pluralize(len(resources), "resource", "resources"), "against", len(policies), pluralize.Pluralize(len(policies), "policy", "policies"), ")", "...")
 	e := jsonengine.New()
-	responses := e.Run(context.Background(), jsonengine.Request{
-		Resources: resources,
-		Policies:  policies,
-	})
+	var responses []jsonengine.RuleResponse
+	for _, resource := range resources {
+		responses = append(responses, e.Run(context.Background(), jsonengine.Request{
+			Resource: resource,
+			Policies: policies,
+		})...)
+	}
 	for _, response := range responses {
 		if response.Result == jsonengine.StatusFail {
 			out.println("-", response.PolicyName, "/", response.RuleName, "/", response.Identifier, "FAILED:", response.Message)
diff --git a/pkg/json-engine/engine.go b/pkg/json-engine/engine.go
index f0bd0419..4a8e2ca3 100644
--- a/pkg/json-engine/engine.go
+++ b/pkg/json-engine/engine.go
@@ -16,8 +16,8 @@ import (
 )
 
 type Request struct {
-	Resources []interface{}
-	Policies  []*v1alpha1.ValidatingPolicy
+	Resource interface{}
+	Policies []*v1alpha1.ValidatingPolicy
 }
 
 type Response struct {
@@ -54,20 +54,18 @@ func New() engine.Engine[Request, RuleResponse] {
 	looper := func(r Request) []request {
 		var requests []request
 		bindings := jpbinding.NewBindings()
-		for _, resource := range r.Resources {
-			bindings = bindings.Register("$payload", jpbinding.NewBinding(resource))
-			for _, policy := range r.Policies {
-				bindings = bindings.Register("$policy", jpbinding.NewBinding(policy))
-				for _, rule := range policy.Spec.Rules {
-					bindings = bindings.Register("$rule", jpbinding.NewBinding(rule))
-					bindings = binding.NewContextBindings(bindings, resource, rule.Context...)
-					requests = append(requests, request{
-						policy:   policy,
-						rule:     rule,
-						value:    resource,
-						bindings: bindings,
-					})
-				}
+		bindings = bindings.Register("$payload", jpbinding.NewBinding(r.Resource))
+		for _, policy := range r.Policies {
+			bindings = bindings.Register("$policy", jpbinding.NewBinding(policy))
+			for _, rule := range policy.Spec.Rules {
+				bindings = bindings.Register("$rule", jpbinding.NewBinding(rule))
+				bindings = binding.NewContextBindings(bindings, r.Resource, rule.Context...)
+				requests = append(requests, request{
+					policy:   policy,
+					rule:     rule,
+					value:    r.Resource,
+					bindings: bindings,
+				})
 			}
 		}
 		return requests
diff --git a/pkg/server/playground/handler.go b/pkg/server/playground/handler.go
index 95b6bf4a..30e6f7f6 100644
--- a/pkg/server/playground/handler.go
+++ b/pkg/server/playground/handler.go
@@ -56,10 +56,13 @@ func newHandler() (gin.HandlerFunc, error) {
 		}
 		// run engine
 		e := jsonengine.New()
-		results := e.Run(context.Background(), jsonengine.Request{
-			Resources: resources,
-			Policies:  []*v1alpha1.ValidatingPolicy{&policy},
-		})
+		var results []jsonengine.RuleResponse
+		for _, resource := range resources {
+			results = append(results, e.Run(context.Background(), jsonengine.Request{
+				Resource: resource,
+				Policies: []*v1alpha1.ValidatingPolicy{&policy},
+			})...)
+		}
 		return &jsonengine.Response{Results: results}, nil
 	}, http.StatusOK), nil
 }
diff --git a/pkg/server/scan/handler.go b/pkg/server/scan/handler.go
index f9098252..e59d0184 100644
--- a/pkg/server/scan/handler.go
+++ b/pkg/server/scan/handler.go
@@ -52,10 +52,13 @@ func newHandler(policyProvider PolicyProvider) (gin.HandlerFunc, error) {
 		}
 		// run engine
 		e := jsonengine.New()
-		results := e.Run(context.Background(), jsonengine.Request{
-			Resources: resources,
-			Policies:  pols,
-		})
+		var results []jsonengine.RuleResponse
+		for _, resource := range resources {
+			results = append(results, e.Run(context.Background(), jsonengine.Request{
+				Resource: resource,
+				Policies: pols,
+			})...)
+		}
 		// TODO: return HTTP 403 for policy failure and HTTP 406 for policy errors
 		return &jsonengine.Response{Results: results}, nil
 	}, http.StatusOK), nil
diff --git a/test/api/go/main/main.go b/test/api/go/main/main.go
index 9525c780..35d98145 100644
--- a/test/api/go/main/main.go
+++ b/test/api/go/main/main.go
@@ -51,8 +51,8 @@ func main() {
 
 	// create a Request
 	request := jsonengine.Request{
-		Resources: []interface{}{payload},
-		Policies:  policies,
+		Resource: payload,
+		Policies: policies,
 	}
 
 	// create an engine