[#1601] util: Correctly parse 'root' name for container resources

* Convert `root/*` to `//`; * Add unit-test case for parses to check parsing correctness. Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
2025-01-15 14:19:56 +03:00 · 2025-01-15 14:19:56 +03:00 · 4cb509e0e1
commit 4cb509e0e1
parent eff95bd632
2 changed files with 10 additions and 1 deletions
--- a/pkg/util/ape/parser.go
+++ b/pkg/util/ape/parser.go
@ -261,7 +261,7 @@ func parseResource(lexeme string, isObj bool) (string, error) {
 		} else {
 			if lexeme == "*" {
 				return nativeschema.ResourceFormatAllContainers, nil
-			} else if lexeme == "/*" {
+			} else if lexeme == "/*" || lexeme == "root/*" {
 				return nativeschema.ResourceFormatRootContainers, nil
 			} else if strings.HasPrefix(lexeme, "/") && len(lexeme) > 1 {
 				lexeme = lexeme[1:]
--- a/pkg/util/ape/parser_test.go
+++ b/pkg/util/ape/parser_test.go
@ -43,6 +43,15 @@ func TestParseAPERule(t *testing.T) {
 				Resources: policyengine.Resources{Names: []string{nativeschema.ResourceFormatRootObjects}},
 			},
 		},
+		{
+			name: "Valid rule for all containers in explicit root namespace",
+			rule: "allow Container.Put root/*",
+			expectRule: policyengine.Rule{
+				Status:    policyengine.Allow,
+				Actions:   policyengine.Actions{Names: []string{nativeschema.MethodPutContainer}},
+				Resources: policyengine.Resources{Names: []string{nativeschema.ResourceFormatRootContainers}},
+			},
+		},
 		{
 			name: "Valid rule for all objects in root namespace and container",
 			rule: "allow Object.Put /cid/*",