Rename policy registry to act registry

Add a test for bad policies
gatewayd-io · Feb 29, 2024 · 4e2698f · 4e2698f
1 parent 86e5104
commit 4e2698f
Show file tree

Hide file tree

Showing 12 changed files with 123 additions and 72 deletions.
diff --git a/.gitignore b/.gitignore
@@ -10,6 +10,7 @@
 
 # Output of the go coverage tool, specifically when used with LiteIDE
 *.out
+go-carpet-coverage-out*
 
 # Dependency directories (remove the comment below to include it)
 # vendor/

diff --git a/act/registry.go b/act/registry.go
@@ -32,8 +32,8 @@ type Registry struct {
 
 var _ IRegistry = (*Registry)(nil)
 
-// NewRegistry creates a new registry with the specified default policy and timeout.
-func NewRegistry(
+// NewActRegistry creates a new act registry with the specified default policy and timeout.
+func NewActRegistry(
 	builtinSignals map[string]*sdkAct.Signal,
 	builtinsPolicies map[string]*sdkAct.Policy,
 	builtinActions map[string]*sdkAct.Action,
@@ -42,14 +42,26 @@ func NewRegistry(
 	logger zerolog.Logger,
 ) *Registry {
 	for _, signal := range builtinSignals {
+		if signal == nil {
+			logger.Warn().Msg("Signal is nil, not adding")
+			return nil
+		}
 		logger.Debug().Str("name", signal.Name).Msg("Registered builtin signal")
 	}
 
 	for _, policy := range builtinsPolicies {
+		if policy == nil {
+			logger.Warn().Msg("Policy is nil, not adding")
+			return nil
+		}
 		logger.Debug().Str("name", policy.Name).Msg("Registered builtin policy")
 	}
 
 	for _, action := range builtinActions {
+		if action == nil {
+			logger.Warn().Msg("Action is nil, not adding")
+			return nil
+		}
 		logger.Debug().Str("name", action.Name).Msg("Registered builtin action")
 	}
 

diff --git a/act/registry_test.go b/act/registry_test.go
@@ -17,7 +17,7 @@ import (
 func Test_NewRegistry(t *testing.T) {
 	logger := zerolog.Logger{}
 
-	actRegistry := NewRegistry(
+	actRegistry := NewActRegistry(
 		BuiltinSignals(), BuiltinPolicies(), BuiltinActions(),
 		config.DefaultPolicy, config.DefaultPolicyTimeout, logger)
 	assert.NotNil(t, actRegistry)
@@ -28,9 +28,9 @@ func Test_NewRegistry(t *testing.T) {
 	assert.Equal(t, config.DefaultPolicy, actRegistry.DefaultSignal.Name)
 }
 
-// Test_Add tests the Add function of the policy registry.
+// Test_Add tests the Add function of the act registry.
 func Test_Add(t *testing.T) {
-	actRegistry := NewRegistry(
+	actRegistry := NewActRegistry(
 		BuiltinSignals(), BuiltinPolicies(), BuiltinActions(),
 		config.DefaultPolicy, config.DefaultPolicyTimeout, zerolog.Logger{})
 	assert.NotNil(t, actRegistry)
@@ -44,11 +44,11 @@ func Test_Add(t *testing.T) {
 	assert.Len(t, actRegistry.Policies, len(BuiltinPolicies())+1)
 }
 
-// Test_Add_NilPolicy tests the Add function of the policy registry with a nil policy.
+// Test_Add_NilPolicy tests the Add function of the act registry with a nil policy.
 func Test_Add_NilPolicy(t *testing.T) {
 	buf := bytes.Buffer{}
 	logger := zerolog.New(&buf)
-	actRegistry := NewRegistry(
+	actRegistry := NewActRegistry(
 		BuiltinSignals(), map[string]*sdkAct.Policy{}, BuiltinActions(),
 		config.DefaultPolicy, config.DefaultPolicyTimeout, logger)
 	assert.NotNil(t, actRegistry)
@@ -59,11 +59,11 @@ func Test_Add_NilPolicy(t *testing.T) {
 	assert.Contains(t, buf.String(), "Policy is nil, not adding")
 }
 
-// Test_Add_ExistentPolicy tests the Add function of the policy registry with an existent policy.
+// Test_Add_ExistentPolicy tests the Add function of the act registry with an existent policy.
 func Test_Add_ExistentPolicy(t *testing.T) {
 	buf := bytes.Buffer{}
 	logger := zerolog.New(&buf)
-	actRegistry := NewRegistry(
+	actRegistry := NewActRegistry(
 		BuiltinSignals(), BuiltinPolicies(), BuiltinActions(),
 		config.DefaultPolicy, config.DefaultPolicyTimeout, logger)
 	assert.NotNil(t, actRegistry)
@@ -74,9 +74,9 @@ func Test_Add_ExistentPolicy(t *testing.T) {
 	assert.Contains(t, buf.String(), "Policy already exists, overwriting")
 }
 
-// Test_Apply tests the Apply function of the policy registry.
+// Test_Apply tests the Apply function of the act registry.
 func Test_Apply(t *testing.T) {
-	actRegistry := NewRegistry(
+	actRegistry := NewActRegistry(
 		BuiltinSignals(), BuiltinPolicies(), BuiltinActions(),
 		config.DefaultPolicy, config.DefaultPolicyTimeout, zerolog.Logger{})
 	assert.NotNil(t, actRegistry)
@@ -93,12 +93,12 @@ func Test_Apply(t *testing.T) {
 	assert.False(t, outputs[0].Terminal)
 }
 
-// Test_Apply_NoSignals tests the Apply function of the policy registry with no signals.
+// Test_Apply_NoSignals tests the Apply function of the act registry with no signals.
 // It should apply the default policy.
 func Test_Apply_NoSignals(t *testing.T) {
 	buf := bytes.Buffer{}
 	logger := zerolog.New(&buf)
-	actRegistry := NewRegistry(
+	actRegistry := NewActRegistry(
 		BuiltinSignals(), BuiltinPolicies(), BuiltinActions(),
 		config.DefaultPolicy, config.DefaultPolicyTimeout, logger)
 	assert.NotNil(t, actRegistry)
@@ -114,7 +114,7 @@ func Test_Apply_NoSignals(t *testing.T) {
 	assert.Contains(t, buf.String(), "No signals provided, applying default signal")
 }
 
-// Test_Apply_ContradictorySignals tests the Apply function of the policy registry
+// Test_Apply_ContradictorySignals tests the Apply function of the act registry
 // with contradictory signals. The terminate signal should take precedence over
 // the passthrough signal because it is a terminal action. The passthrough
 // signal should be ignored.
@@ -137,7 +137,7 @@ func Test_Apply_ContradictorySignals(t *testing.T) {
 
 	buf := bytes.Buffer{}
 	logger := zerolog.New(&buf)
-	actRegistry := NewRegistry(
+	actRegistry := NewActRegistry(
 		BuiltinSignals(), BuiltinPolicies(), BuiltinActions(),
 		config.DefaultPolicy, config.DefaultPolicyTimeout, logger)
 	assert.NotNil(t, actRegistry)
@@ -169,13 +169,13 @@ func Test_Apply_ContradictorySignals(t *testing.T) {
 	}
 }
 
-// Test_Apply_ActionNotMatched tests the Apply function of the policy registry
+// Test_Apply_ActionNotMatched tests the Apply function of the act registry
 // with a signal that does not match any action. The signal should be ignored.
 // The default policy should be applied instead.
 func Test_Apply_ActionNotMatched(t *testing.T) {
 	buf := bytes.Buffer{}
 	logger := zerolog.New(&buf)
-	actRegistry := NewRegistry(
+	actRegistry := NewActRegistry(
 		BuiltinSignals(), BuiltinPolicies(), BuiltinActions(),
 		config.DefaultPolicy, config.DefaultPolicyTimeout, logger)
 	assert.NotNil(t, actRegistry)
@@ -193,13 +193,13 @@ func Test_Apply_ActionNotMatched(t *testing.T) {
 	assert.Contains(t, buf.String(), "{\"level\":\"error\",\"error\":\"no matching action\",\"name\":\"non-existent\",\"message\":\"Error applying signal\"}") //nolint:lll
 }
 
-// Test_Apply_PolicyNotMatched tests the Apply function of the policy registry
+// Test_Apply_PolicyNotMatched tests the Apply function of the act registry
 // with a signal that does not match any policy. The signal should be ignored.
 // The default policy should be applied instead.
 func Test_Apply_PolicyNotMatched(t *testing.T) {
 	buf := bytes.Buffer{}
 	logger := zerolog.New(&buf)
-	actRegistry := NewRegistry(
+	actRegistry := NewActRegistry(
 		BuiltinSignals(),
 		map[string]*sdkAct.Policy{
 			"passthrough": BuiltinPolicies()["passthrough"],
@@ -221,7 +221,7 @@ func Test_Apply_PolicyNotMatched(t *testing.T) {
 	assert.Contains(t, buf.String(), "{\"level\":\"error\",\"error\":\"no matching policy\",\"name\":\"terminate\",\"message\":\"Error applying signal\"}") //nolint:lll
 }
 
-// Test_Apply_NonBoolPolicy tests the Apply function of the policy registry
+// Test_Apply_NonBoolPolicy tests the Apply function of the act registry
 // with a non-bool policy.
 func Test_Apply_NonBoolPolicy(t *testing.T) {
 	badPolicies := []map[string]*sdkAct.Policy{
@@ -244,7 +244,7 @@ func Test_Apply_NonBoolPolicy(t *testing.T) {
 	for _, policies := range badPolicies {
 		buf := bytes.Buffer{}
 		logger := zerolog.New(&buf)
-		actRegistry := NewRegistry(
+		actRegistry := NewActRegistry(
 			BuiltinSignals(),
 			policies,
 			BuiltinActions(),
@@ -264,10 +264,42 @@ func Test_Apply_NonBoolPolicy(t *testing.T) {
 	}
 }
 
-// Test_Run tests the Run function of the policy registry with a non-terminal action.
+// Test_Apply_BadPolicy tests the NewRegistry function with a bad policy,
+// which should return a nil registry.
+func Test_Apply_BadPolicy(t *testing.T) {
+	badPolicies := []map[string]*sdkAct.Policy{
+		{
+			"passthrough": sdkAct.MustNewPolicy(
+				"passthrough",
+				"2/0 + 'test'",
+				nil,
+			),
+		},
+		{
+			"passthrough": sdkAct.MustNewPolicy(
+				"passthrough",
+				"2+2+true",
+				nil,
+			),
+		},
+	}
+
+	for _, policies := range badPolicies {
+		buf := bytes.Buffer{}
+		logger := zerolog.New(&buf)
+		actRegistry := NewActRegistry(
+			BuiltinSignals(),
+			policies,
+			BuiltinActions(),
+			config.DefaultPolicy, config.DefaultPolicyTimeout, logger)
+		assert.Nil(t, actRegistry)
+	}
+}
+
+// Test_Run tests the Run function of the act registry with a non-terminal action.
 func Test_Run(t *testing.T) {
 	logger := zerolog.Logger{}
-	actRegistry := NewRegistry(
+	actRegistry := NewActRegistry(
 		BuiltinSignals(), BuiltinPolicies(), BuiltinActions(),
 		config.DefaultPolicy, config.DefaultPolicyTimeout, logger)
 	assert.NotNil(t, actRegistry)
@@ -282,10 +314,10 @@ func Test_Run(t *testing.T) {
 	assert.True(t, cast.ToBool(result))
 }
 
-// Test_Run_Terminate tests the Run function of the policy registry with a terminal action.
+// Test_Run_Terminate tests the Run function of the act registry with a terminal action.
 func Test_Run_Terminate(t *testing.T) {
 	logger := zerolog.Logger{}
-	actRegistry := NewRegistry(
+	actRegistry := NewActRegistry(
 		BuiltinSignals(), BuiltinPolicies(), BuiltinActions(),
 		config.DefaultPolicy, config.DefaultPolicyTimeout, logger)
 	assert.NotNil(t, actRegistry)
@@ -307,11 +339,11 @@ func Test_Run_Terminate(t *testing.T) {
 	assert.NotEmpty(t, resultMap["response"])
 }
 
-// Test_Run_Async tests the Run function of the policy registry with an asynchronous action.
+// Test_Run_Async tests the Run function of the act registry with an asynchronous action.
 func Test_Run_Async(t *testing.T) {
 	out := bytes.Buffer{}
 	logger := zerolog.New(&out)
-	actRegistry := NewRegistry(
+	actRegistry := NewActRegistry(
 		BuiltinSignals(), BuiltinPolicies(), BuiltinActions(),
 		config.DefaultPolicy, config.DefaultPolicyTimeout, logger)
 	assert.NotNil(t, actRegistry)
@@ -350,7 +382,7 @@ func Test_Run_Async(t *testing.T) {
 func Test_Run_NilOutput(t *testing.T) {
 	buf := bytes.Buffer{}
 	logger := zerolog.New(&buf)
-	actRegistry := NewRegistry(
+	actRegistry := NewActRegistry(
 		BuiltinSignals(), BuiltinPolicies(), BuiltinActions(),
 		config.DefaultPolicy, config.DefaultPolicyTimeout, logger)
 	assert.NotNil(t, actRegistry)
@@ -365,7 +397,7 @@ func Test_Run_NilOutput(t *testing.T) {
 func Test_Run_ActionNotExist(t *testing.T) {
 	buf := bytes.Buffer{}
 	logger := zerolog.New(&buf)
-	actRegistry := NewRegistry(
+	actRegistry := NewActRegistry(
 		BuiltinSignals(), BuiltinPolicies(), BuiltinActions(),
 		config.DefaultPolicy, config.DefaultPolicyTimeout, logger)
 	assert.NotNil(t, actRegistry)

diff --git a/api/api_test.go b/api/api_test.go
@@ -106,7 +106,7 @@ func TestGetPluginConfig(t *testing.T) {
 }
 
 func TestGetPlugins(t *testing.T) {
-	actRegistry := act.NewRegistry(
+	actRegistry := act.NewActRegistry(
 		act.BuiltinSignals(), act.BuiltinPolicies(), act.BuiltinActions(),
 		config.DefaultPolicy, config.DefaultPolicyTimeout, zerolog.Logger{})
 	pluginRegistry := plugin.NewRegistry(
@@ -135,7 +135,7 @@ func TestGetPlugins(t *testing.T) {
 }
 
 func TestGetPluginsWithEmptyPluginRegistry(t *testing.T) {
-	actRegistry := act.NewRegistry(
+	actRegistry := act.NewActRegistry(
 		act.BuiltinSignals(), act.BuiltinPolicies(), act.BuiltinActions(),
 		config.DefaultPolicy, config.DefaultPolicyTimeout, zerolog.Logger{})
 	pluginRegistry := plugin.NewRegistry(
@@ -243,7 +243,7 @@ func TestGetServers(t *testing.T) {
 		config.DefaultPluginTimeout,
 	)
 
-	actRegistry := act.NewRegistry(
+	actRegistry := act.NewActRegistry(
 		act.BuiltinSignals(), act.BuiltinPolicies(), act.BuiltinActions(),
 		config.DefaultPolicy, config.DefaultPolicyTimeout, zerolog.Logger{})
 

diff --git a/cmd/run.go b/cmd/run.go
@@ -57,7 +57,7 @@ var (
 	globalConfigFile  string
 	conf              *config.Config
 	pluginRegistry    *plugin.Registry
-	policiesRegistry  *act.Registry
+	actRegistry       *act.Registry
 	metricsServer     *http.Server
 
 	UsageReportURL = "localhost:59091"
@@ -253,32 +253,37 @@ var runCmd = &cobra.Command{
 				"Running GatewayD in development mode (not recommended for production)")
 		}
 
-		// Create a new policy registry given the built-in signals, policies, and actions.
-		policiesRegistry = act.NewRegistry(
+		// Create a new act registry given the built-in signals, policies, and actions.
+		actRegistry = act.NewActRegistry(
 			act.BuiltinSignals(), act.BuiltinPolicies(), act.BuiltinActions(),
 			conf.Plugin.DefaultPolicy, conf.Plugin.PolicyTimeout, logger,
 		)
 
+		if actRegistry == nil {
+			logger.Error().Msg("Failed to create act registry")
+			os.Exit(gerr.FailedToCreateActRegistry)
+		}
+
 		// Load policies from the configuration file and add them to the registry.
 		for _, plc := range conf.Plugin.Policies {
 			if policy, err := sdkAct.NewPolicy(
 				plc.Name, plc.Policy, plc.Metadata,
 			); err != nil || policy == nil {
 				logger.Error().Err(err).Str("name", plc.Name).Msg("Failed to create policy")
 			} else {
-				policiesRegistry.Add(policy)
+				actRegistry.Add(policy)
 			}
 		}
 
 		logger.Info().Fields(map[string]interface{}{
-			"policies": maps.Keys(policiesRegistry.Policies),
+			"policies": maps.Keys(actRegistry.Policies),
 		}).Msg("Policies are loaded")
 
 		// Create a new plugin registry.
 		// The plugins are loaded and hooks registered before the configuration is loaded.
 		pluginRegistry = plugin.NewRegistry(
 			runCtx,
-			policiesRegistry,
+			actRegistry,
 			config.If[config.CompatibilityPolicy](
 				config.Exists[string, config.CompatibilityPolicy](
 					config.CompatibilityPolicies, conf.Plugin.CompatibilityPolicy),

diff --git a/errors/errors.go b/errors/errors.go
@@ -158,10 +158,11 @@ var (
 )
 
 const (
-	FailedToLoadPluginConfig = 1
-	FailedToLoadGlobalConfig = 2
-	FailedToCreateClient     = 3
-	FailedToInitializePool   = 4
-	FailedToStartServer      = 5
-	FailedToStartTracer      = 6
+	FailedToLoadPluginConfig  = 1
+	FailedToLoadGlobalConfig  = 2
+	FailedToCreateClient      = 3
+	FailedToInitializePool    = 4
+	FailedToStartServer       = 5
+	FailedToStartTracer       = 6
+	FailedToCreateActRegistry = 7
 )
diff --git a/network/proxy.go b/network/proxy.go
@@ -860,7 +860,7 @@ func (pr *Proxy) shouldTerminate(result map[string]interface{}) (bool, map[strin
 	if slices.Contains(keys, sdkAct.Terminal) {
 		var actionResult map[string]interface{}
 		for _, output := range outputs {
-			actRes, err := pr.pluginRegistry.PolicyRegistry().Run(
+			actRes, err := pr.pluginRegistry.ActRegistry().Run(
 				output, act.WithResult(result))
 			// If the action is async and we received a sentinel error,
 			// don't log the error.