Skip to content

refactor rules engine for key value structure with spec compliance #61

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 31 commits into
base: main
Choose a base branch
from
Open

refactor rules engine for key value structure with spec compliance #61

wants to merge 31 commits into from

Conversation

@bcpeinhardt
Copy link
Collaborator

@bcpeinhardt bcpeinhardt commented Sep 22, 2025
edited
Loading

An allow rule can have a single domain pattern, like domain=google.com.
Subdomains are automatic matches.
To require subdomains only, use domain=*.github.com.
An allow rule can have multiple method and path patterns, separated by commas, like method=GET,HEAD or path=/wibble,/wibble/*.
A trailing asterisk in a path pattern, like /wibble/*, matches any number of trailing segments.
A leading asterisk in a domain pattern, like *.github.com, matches any number of subdomains. An asterisk in the middle of a domain or path pattern matches exactly one middle segment.

I think this encourages specific concise rules around individual domains, like --allow "domain=api.github.com method=GET,HEAD path=/repos/octocat/*/issues"

P.S. I realize the line count is somewhat daunting but that is mostly tests.

@bcpeinhardt bcpeinhardt marked this pull request as ready for review September 22, 2025 18:22
bcpeinhardt and others added 18 commits September 22, 2025 15:44
@bcpeinhardt
update usage in error messages
b83d3cf
@bcpeinhardt
update cli examples
fe417b8
@bcpeinhardt
adding curl test to debug separate issue in ci
f743e6a
@bcpeinhardt
Revert "adding curl test to debug separate issue in ci"
0e868c9 
This reverts commit f743e6a.
@bcpeinhardt
Merge branch 'main' into bcpeinhardt/simple-allow-impl
16cb468
@bcpeinhardt
update e2e test to use key/value syntax
26e2916
@bcpeinhardt
remove superfluous interface from old impl
ced3bc8
@bcpeinhardt
split engine and rules code into separate files to make easier to rea…
3a578be 
…d through
@bcpeinhardt
mutate rest in parse allow rule to make pattern clearer
959e4bd
@bcpeinhardt
mutate rest throughout rules
bd82e3d
@bcpeinhardt
don't allow comma separated rules
812b5f8
@bcpeinhardt
Merge branch 'main' into bcpeinhardt/simple-allow-impl
f17d095
@bcpeinhardt
remove custom parsed types in favor of stringly typed api
c5ecf98
@bcpeinhardt
adding e2e tests on allow rules progress
3bdd4e9
@bcpeinhardt
update parsing to allow multiple paths in rule
052ca2a
@bcpeinhardt
add multiple subdomains test
a2174de
@bcpeinhardt
Merge branch 'main' into bcpeinhardt/simple-allow-impl
e81272d
@bcpeinhardt
update e2e tests
275fcde
bcpeinhardt
bcpeinhardt commented Oct 25, 2025
View reviewed changes
rulesengine/parse_and_match_test.go
@@ -0,0 +1,232 @@
package rulesengine
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This file has a set of integration tests that go through the full parse and match cycle that should illuminate the edge cases of how this syntax works 😎

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@evgeniy-scherbina evgeniy-scherbina Awaiting requested review from evgeniy-scherbina

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bcpeinhardt