From c3c034eccac1297a15645d1ff7995855cc45fc74 Mon Sep 17 00:00:00 2001
From: Airat Arifullin <a.arifullin@yadro.com>
Date: Wed, 15 Jan 2025 14:19:56 +0300
Subject: [PATCH] [#1601] util: Correctly parse 'root' name for container
 resources

* Convert `root/*` to `//`;
* Add unit-test case for parses to check parsing correctness.

Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
---
 pkg/util/ape/parser.go      | 2 +-
 pkg/util/ape/parser_test.go | 9 +++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/pkg/util/ape/parser.go b/pkg/util/ape/parser.go
index b4a31fd8d..a34a17f6f 100644
--- a/pkg/util/ape/parser.go
+++ b/pkg/util/ape/parser.go
@@ -261,7 +261,7 @@ func parseResource(lexeme string, isObj bool) (string, error) {
 		} else {
 			if lexeme == "*" {
 				return nativeschema.ResourceFormatAllContainers, nil
-			} else if lexeme == "/*" {
+			} else if lexeme == "/*" || lexeme == "root/*" {
 				return nativeschema.ResourceFormatRootContainers, nil
 			} else if strings.HasPrefix(lexeme, "/") && len(lexeme) > 1 {
 				lexeme = lexeme[1:]
diff --git a/pkg/util/ape/parser_test.go b/pkg/util/ape/parser_test.go
index 21649fd24..c236c4603 100644
--- a/pkg/util/ape/parser_test.go
+++ b/pkg/util/ape/parser_test.go
@@ -43,6 +43,15 @@ func TestParseAPERule(t *testing.T) {
 				Resources: policyengine.Resources{Names: []string{nativeschema.ResourceFormatRootObjects}},
 			},
 		},
+		{
+			name: "Valid rule for all containers in explicit root namespace",
+			rule: "allow Container.Put root/*",
+			expectRule: policyengine.Rule{
+				Status:    policyengine.Allow,
+				Actions:   policyengine.Actions{Names: []string{nativeschema.MethodPutContainer}},
+				Resources: policyengine.Resources{Names: []string{nativeschema.ResourceFormatRootContainers}},
+			},
+		},
 		{
 			name: "Valid rule for all objects in root namespace and container",
 			rule: "allow Object.Put /cid/*",