Implement Policy Enforcer Plugin

- Added a new Policy Enforcer plugin to evaluate incoming messages against OPA policies.
- Configurable via YAML with options for policy sources, actions, and query.
- Integrated into existing configuration files for BAP and BPP.
- Updated related tests and documentation for the new functionality.
- Enhanced plugin manager to support Policy Enforcer instantiation.

core/module/handler/config.go

@@ -19,6 +19,7 @@ type PluginManager interface {
 	Publisher(ctx context.Context, cfg *plugin.Config) (definition.Publisher, error)
 	Signer(ctx context.Context, cfg *plugin.Config) (definition.Signer, error)
 	Step(ctx context.Context, cfg *plugin.Config) (definition.Step, error)
+	PolicyEnforcer(ctx context.Context, cfg *plugin.Config) (definition.PolicyEnforcer, error)
 	Cache(ctx context.Context, cfg *plugin.Config) (definition.Cache, error)
 	Registry(ctx context.Context, cfg *plugin.Config) (definition.RegistryLookup, error)
 	KeyManager(ctx context.Context, cache definition.Cache, rLookup definition.RegistryLookup, cfg *plugin.Config) (definition.KeyManager, error)
@@ -37,6 +38,7 @@ const (
 // PluginCfg holds the configuration for various plugins.
 type PluginCfg struct {
 	SchemaValidator  *plugin.Config  `yaml:"schemaValidator,omitempty"`
+	PolicyEnforcer   *plugin.Config  `yaml:"policyEnforcer,omitempty"`
 	SignValidator    *plugin.Config  `yaml:"signValidator,omitempty"`
 	Publisher        *plugin.Config  `yaml:"publisher,omitempty"`
 	Signer           *plugin.Config  `yaml:"signer,omitempty"`

core/module/handler/stdHandler.go

@@ -35,6 +35,7 @@ type stdHandler struct {
 	registry         definition.RegistryLookup
 	km               definition.KeyManager
 	schemaValidator  definition.SchemaValidator
+	policyEnforcer   definition.PolicyEnforcer
 	router           definition.Router
 	publisher        definition.Publisher
 	transportWrapper definition.TransportWrapper
@@ -318,6 +319,9 @@ func (h *stdHandler) initPlugins(ctx context.Context, mgr PluginManager, cfg *Pl
 	if h.transportWrapper, err = loadPlugin(ctx, "TransportWrapper", cfg.TransportWrapper, mgr.TransportWrapper); err != nil {
 		return err
 	}
+	if h.policyEnforcer, err = loadPlugin(ctx, "PolicyEnforcer", cfg.PolicyEnforcer, mgr.PolicyEnforcer); err != nil {
+		return err
+	}
 
 	log.Debugf(ctx, "All required plugins successfully loaded for stdHandler")
 	return nil
@@ -350,6 +354,8 @@ func (h *stdHandler) initSteps(ctx context.Context, mgr PluginManager, cfg *Conf
 			s, err = newValidateSchemaStep(h.schemaValidator)
 		case "addRoute":
 			s, err = newAddRouteStep(h.router)
+		case "enforcePolicy":
+			s, err = newEnforcePolicyStep(h.policyEnforcer)
 		default:
 			if customStep, exists := steps[step]; exists {
 				s = customStep

core/module/handler/step.go

@@ -315,3 +315,11 @@ func extractSchemaVersion(body []byte) string {
 	}
 	return "unknown"
 }
+
+// newEnforcePolicyStep creates and returns the enforcePolicy step after validation.
+func newEnforcePolicyStep(policyEnforcer definition.PolicyEnforcer) (definition.Step, error) {
+	if policyEnforcer == nil {
+		return nil, fmt.Errorf("invalid config: PolicyEnforcer plugin not configured")
+	}
+	return policyEnforcer, nil
+}

core/module/module_test.go

@@ -79,6 +79,11 @@ func (m *mockPluginManager) SchemaValidator(ctx context.Context, cfg *plugin.Con
 	return nil, nil
 }
 
+// PolicyEnforcer returns a mock policy enforcer implementation.
+func (m *mockPluginManager) PolicyEnforcer(ctx context.Context, cfg *plugin.Config) (definition.PolicyEnforcer, error) {
+	return nil, nil
+}
+
 // TestRegisterSuccess tests scenarios where the handler registration should succeed.
 func TestRegisterSuccess(t *testing.T) {
 	mCfgs := []Config{