Embed the default policy in the binary

2025-07-29 22:01:14 +03:00 · 2022-06-02 13:57:21 +02:00
parent dd09a9b36f
commit 071055ad18
16 changed files with 105 additions and 41 deletions
--- a/crates/cli/src/commands/server.rs
+++ b/crates/cli/src/commands/server.rs
@ -30,6 +30,7 @@ use mas_router::UrlBuilder;
 use mas_storage::MIGRATOR;
 use mas_tasks::TaskQueue;
 use mas_templates::Templates;
+use tokio::io::AsyncRead;
 use tracing::{error, info};

 #[derive(Parser, Debug, Default)]
@ -177,10 +178,19 @@ impl Options {

        let encrypter = config.secrets.encrypter();

-        // Load and compile the WASM policies
-        let mut policy = tokio::fs::File::open(&config.policy.wasm_module)
-            .await
-            .context("failed to open OPA WASM policy file")?;
+        // Load and compile the WASM policies (and fallback to the default embedded one)
+        info!("Loading and compiling the policy module");
+        let mut policy: Box<dyn AsyncRead + std::marker::Unpin> =
+            if let Some(path) = &config.policy.wasm_module {
+                Box::new(
+                    tokio::fs::File::open(path)
+                        .await
+                        .context("failed to open OPA WASM policy file")?,
+                )
+            } else {
+                Box::new(mas_policy::default_wasm_policy())
+            };
+
        let policy_factory = PolicyFactory::load(
            &mut policy,
            config.policy.data.clone().unwrap_or_default(),
@ -188,7 +198,8 @@ impl Options {
            config.policy.register_entrypoint.clone(),
            config.policy.client_registration_entrypoint.clone(),
        )
-        .await?;
+        .await
+        .context("failed to load the policy")?;
        let policy_factory = Arc::new(policy_factory);

        // Load and compile the templates