From d7c9ca479689389379f7498a69ca3b5806da832f Mon Sep 17 00:00:00 2001
From: Quentin Gliech <quenting@element.io>
Date: Mon, 22 Aug 2022 16:36:31 +0200
Subject: [PATCH] Add a debug CLI command to check the compiled policies

---
 crates/cli/src/commands/debug.rs | 39 ++++++++++++++++++++++++++++++--
 1 file changed, 37 insertions(+), 2 deletions(-)

diff --git a/crates/cli/src/commands/debug.rs b/crates/cli/src/commands/debug.rs
index 402cff13..06cf5c05 100644
--- a/crates/cli/src/commands/debug.rs
+++ b/crates/cli/src/commands/debug.rs
@@ -12,11 +12,15 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+use anyhow::Context;
 use clap::Parser;
 use hyper::{Response, Uri};
+use mas_config::PolicyConfig;
 use mas_http::HttpServiceExt;
-use tokio::io::AsyncWriteExt;
+use mas_policy::PolicyFactory;
+use tokio::io::{AsyncRead, AsyncWriteExt};
 use tower::{Service, ServiceExt};
+use tracing::info;
 
 #[derive(Parser, Debug)]
 pub(super) struct Options {
@@ -39,6 +43,9 @@ enum Subcommand {
         /// URI where to perform a GET request
         url: Uri,
     },
+
+    /// Check that the policies compile
+    Policy,
 }
 
 fn print_headers(parts: &hyper::http::response::Parts) {
@@ -57,7 +64,7 @@ fn print_headers(parts: &hyper::http::response::Parts) {
 
 impl Options {
     #[tracing::instrument(skip_all)]
-    pub async fn run(&self, _root: &super::Options) -> anyhow::Result<()> {
+    pub async fn run(&self, root: &super::Options) -> anyhow::Result<()> {
         use Subcommand as SC;
         match &self.subcommand {
             SC::Http {
@@ -109,6 +116,34 @@ impl Options {
 
                 Ok(())
             }
+
+            SC::Policy => {
+                let config: PolicyConfig = root.load_config()?;
+                info!("Loading and compiling the policy module");
+                let mut policy: Box<dyn AsyncRead + std::marker::Unpin> =
+                    if let Some(path) = &config.wasm_module {
+                        Box::new(
+                            tokio::fs::File::open(path)
+                                .await
+                                .context("failed to open OPA WASM policy file")?,
+                        )
+                    } else {
+                        Box::new(mas_policy::default_wasm_policy())
+                    };
+
+                let policy_factory = PolicyFactory::load(
+                    &mut policy,
+                    config.data.clone().unwrap_or_default(),
+                    config.register_entrypoint.clone(),
+                    config.client_registration_entrypoint.clone(),
+                    config.authorization_grant_entrypoint.clone(),
+                )
+                .await
+                .context("failed to load the policy")?;
+
+                let _instance = policy_factory.instantiate().await?;
+                Ok(())
+            }
         }
     }
 }