Fix OPA CI (#44)

narval-xyz · Jan 23, 2024 · ee40039 · ee40039
1 parent c553af3
commit ee40039
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 34 deletions.
diff --git a/.github/workflows/authz_ci.yml b/.github/workflows/authz_ci.yml
@@ -119,4 +119,4 @@ jobs:
           version: latest
 
       - name: Run OPA Tests
-        run: make authz/rego/test
+        run: make authz/rego/test
diff --git a/.github/workflows/authz_opa_ci.yml b/.github/workflows/authz_opa_ci.yml
diff --git a/apps/authz/src/app/opa/opa.service.ts b/apps/authz/src/app/opa/opa.service.ts
@@ -17,21 +17,25 @@ export class OpaService {
 
   constructor(private persistenceRepository: PersistenceRepository) {}
 
-  async onApplicationBootstrap() {
+  async onApplicationBootstrap(): Promise<void> {
     this.logger.log('OPA Service boot')
+    this.opaEngine = await this.getOpaEngine()
+  }
+
+  async evaluate(input: RegoInput): Promise<OpaResult[]> {
+    this.opaEngine = await this.getOpaEngine()
+    const evalResult: { result: OpaResult }[] = await this.opaEngine.evaluate(input, 'main/evaluate')
+    return evalResult.map(({ result }) => result)
+  }
+
+  private async getOpaEngine(): Promise<OpaEngine> {
     const policyWasmPath = OPA_WASM_PATH
     const policyWasm = readFileSync(policyWasmPath)
     const opaEngine = await loadPolicy(policyWasm, undefined, {
       'time.now_ns': () => new Date().getTime() * 1000000
     })
     const data = await this.persistenceRepository.getEntityData()
     opaEngine.setData(data)
-    this.opaEngine = opaEngine
-  }
-
-  async evaluate(input: RegoInput): Promise<OpaResult[]> {
-    if (!this.opaEngine) throw new Error('OPA Engine not initialized')
-    const evalResult: { result: OpaResult }[] = await this.opaEngine.evaluate(input, 'main/evaluate')
-    return evalResult.map(({ result }) => result)
+    return opaEngine
   }
 }
diff --git a/apps/authz/src/opa/rego/policies/e2e.rego b/apps/authz/src/opa/rego/policies/e2e.rego
@@ -10,12 +10,14 @@ permit[{"policyId": "test-permit-policy-1"}] := reason {
 	checkTransferTokenType({"transferNative"})
 	checkTransferTokenAddress({"eip155:137/slip44/966"})
 	checkTransferTokenOperation({"operator": "gte", "value": "1000000000000000000"})
+
 	approvalsRequired = [{
 		"approvalCount": 2,
 		"countPrincipal": false,
 		"approvalEntityType": "Narval::User",
 		"entityIds": ["aa@narval.xyz", "bb@narval.xyz"],
 	}]
+
 	approvals := getApprovalsResult(approvalsRequired)
 	reason := {
 		"type": "permit",