merge back

.github/workflows/authz_ci.yml

@@ -102,4 +102,21 @@ jobs:
           status: ${{ job.status }}
           fields: message,commit,author
         env:
-          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
+
+  opa-rego:
+    name: Open Agent Policy CI
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v3
+
+      - name: Setup OPA
+        uses: open-policy-agent/setup-opa@v2
+        with:
+          version: latest
+
+      - name: Run OPA Tests
+        run: make authz/rego/test

apps/authz/src/app/opa/opa.service.ts

@@ -17,21 +17,25 @@ export class OpaService {
 
   constructor(private persistenceRepository: PersistenceRepository) {}
 
-  async onApplicationBootstrap() {
+  async onApplicationBootstrap(): Promise<void> {
     this.logger.log('OPA Service boot')
+    this.opaEngine = await this.getOpaEngine()
   }
 
   async evaluate(input: RegoInput): Promise<OpaResult[]> {
+    this.opaEngine = await this.getOpaEngine()
+    const evalResult: { result: OpaResult }[] = await this.opaEngine.evaluate(input, 'main/evaluate')
+    return evalResult.map(({ result }) => result)
+  }
+
+  private async getOpaEngine(): Promise<OpaEngine> {
     const policyWasmPath = OPA_WASM_PATH
     const policyWasm = readFileSync(policyWasmPath)
     const opaEngine = await loadPolicy(policyWasm, undefined, {
       'time.now_ns': () => new Date().getTime() * 1000000
     })
     const data = await this.persistenceRepository.getEntityData()
     opaEngine.setData(data)
-    this.opaEngine = opaEngine
-    if (!this.opaEngine) throw new Error('OPA Engine not initialized')
-    const evalResult: { result: OpaResult }[] = await this.opaEngine.evaluate(input, 'main/evaluate')
-    return evalResult.map(({ result }) => result)
+    return opaEngine
   }
 }