Implement Policy Enforcer Plugin

- Added a new Policy Enforcer plugin to evaluate incoming messages against OPA policies. - Configurable via YAML with options for policy sources, actions, and query. - Integrated into existing configuration files for BAP and BPP. - Updated related tests and documentation for the new functionality. - Enhanced plugin manager to support Policy Enforcer instantiation.
2026-02-26 17:46:52 +05:30
parent fe541227b9
commit 3617c9b4a6
22 changed files with 1341 additions and 39 deletions
--- a/config/local-beckn-one-bap.yaml
+++ b/config/local-beckn-one-bap.yaml
@@ -86,6 +86,12 @@ modules:
          id: router
          config:
            routingConfig: ./config/local-beckn-one-routing-BAPReceiver.yaml
+        policyEnforcer:
+          id: policyenforcer
+          config:
+            policySources: "./policies/compliance.rego"
+            actions: "confirm"
+            query: "data.policy.violations"
        middleware:
          - id: reqpreprocessor
            config:
@@ -93,6 +99,7 @@ modules:
              role: bap
      steps:
        - validateSign
+        - enforcePolicy
        - addRoute
        - validateSchema
  
--- a/config/local-beckn-one-bpp.yaml
+++ b/config/local-beckn-one-bpp.yaml
@@ -84,8 +84,15 @@ modules:
          id: router
          config:
            routingConfig: ./config/local-beckn-one-routing-BPPReceiver.yaml
+        policyEnforcer:
+          id: policyenforcer
+          config:
+            policySources: "./policies/compliance.rego"
+            actions: "confirm"
+            query: "data.policy.violations"
      steps:
        - validateSign
+        - enforcePolicy
        - addRoute
        - validateSchema
  
--- a/config/local-simple.yaml
+++ b/config/local-simple.yaml
@@ -66,6 +66,12 @@ modules:
          id: router
          config:
            routingConfig: ./config/local-simple-routing.yaml
+        policyEnforcer:
+          id: policyenforcer
+          config:
+            policySources: "./policies/compliance.rego"
+            actions: "confirm"
+            query: "data.policy.violations"
        middleware:
          - id: reqpreprocessor
            config:
@@ -73,6 +79,7 @@ modules:
              role: bap
      steps:
        - validateSign
+        - enforcePolicy
        - addRoute
  
  - name: bapTxnCaller
@@ -162,8 +169,15 @@ modules:
          id: router
          config:
            routingConfig: ./config/local-simple-routing-BPPReceiver.yaml
+        policyEnforcer:
+          id: policyenforcer
+          config:
+            policySources: "./policies/compliance.rego"
+            actions: "confirm"
+            query: "data.policy.violations"
      steps:
        - validateSign
+        - enforcePolicy
        - addRoute
  
  - name: bppTxnCaller