-
-
Notifications
You must be signed in to change notification settings - Fork 106
/
provider.go
61 lines (53 loc) · 1.4 KB
/
provider.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
// Copyright © 2023 Ory Corp
// SPDX-License-Identifier: Apache-2.0
package jsonnetsecure
import (
"context"
"os"
"runtime"
"testing"
)
type (
VMProvider interface {
// JsonnetVM creates a new secure process-isolated Jsonnet VM whose
// execution is bound to the provided context, i.e.,
// cancelling the context will terminate the VM process.
JsonnetVM(context.Context) (VM, error)
}
// TestProvider provides a secure VM by running go build on github.
// com/ory/x/jsonnetsecure/cmd.
TestProvider struct {
jsonnetBinary string
pool Pool
}
// DefaultProvider provides a secure VM by calling the currently
// running the current binary with the provided subcommand.
DefaultProvider struct {
Subcommand string
Pool Pool
}
)
func NewTestProvider(t testing.TB) *TestProvider {
pool := NewProcessPool(runtime.GOMAXPROCS(0))
t.Cleanup(pool.Close)
return &TestProvider{JsonnetTestBinary(t), pool}
}
func (p *TestProvider) JsonnetVM(ctx context.Context) (VM, error) {
return MakeSecureVM(
WithProcessIsolatedVM(ctx),
WithProcessPool(p.pool),
WithJsonnetBinary(p.jsonnetBinary),
), nil
}
func (p *DefaultProvider) JsonnetVM(ctx context.Context) (VM, error) {
self, err := os.Executable()
if err != nil {
return nil, err
}
return MakeSecureVM(
WithProcessIsolatedVM(ctx),
WithJsonnetBinary(self),
WithProcessArgs(p.Subcommand),
WithProcessPool(p.Pool),
), nil
}