From 84c4872b20956e23a069eeb30aeba701eccc949d Mon Sep 17 00:00:00 2001 From: Airat Arifullin Date: Mon, 13 May 2024 13:54:37 +0300 Subject: [PATCH] [#75] chain: Refactor `ObjectType` type * Rename `ObjectType` to `Kind`; * Rename `Object` field in `Condition` to `ConditionKind`; * Regenerate easy-json marshalers/unmarshalers; * Fix unit-tests Signed-off-by: Airat Arifullin --- iam/converter.go | 8 +- iam/converter_native.go | 16 +- iam/converter_s3.go | 8 +- iam/converter_test.go | 334 +++++++++++------------ pkg/chain/chain.go | 22 +- pkg/chain/chain_easyjson.go | 8 +- pkg/chain/chain_test.go | 64 ++--- pkg/chain/marshal_binary.go | 4 +- pkg/chain/marshal_binary_test.go | 40 +-- pkg/chain/marshal_json.go | 12 +- pkg/chain/marshal_json_test.go | 20 +- pkg/chain/testdata/test_status_json.json | 6 +- pkg/engine/inmemory/inmemory_test.go | 32 +-- 13 files changed, 287 insertions(+), 287 deletions(-) diff --git a/iam/converter.go b/iam/converter.go index 8d29ef4..3910c45 100644 --- a/iam/converter.go +++ b/iam/converter.go @@ -181,10 +181,10 @@ func convertToChainCondition(c Conditions) ([]GroupedConditions, error) { } group.Conditions[i] = chain.Condition{ - Op: condType, - Object: chain.ObjectRequest, - Key: transformKey(key), - Value: converted, + Op: condType, + Kind: chain.KindRequest, + Key: transformKey(key), + Value: converted, } } grouped = append(grouped, group) diff --git a/iam/converter_native.go b/iam/converter_native.go index 05f90da..a4536d8 100644 --- a/iam/converter_native.go +++ b/iam/converter_native.go @@ -214,10 +214,10 @@ func getNativePrincipalsAndConditionFunc(statement Statement, resolver NativeRes return principals, func(principal string) chain.Condition { return chain.Condition{ - Op: op, - Object: chain.ObjectRequest, - Key: native.PropertyKeyActorPublicKey, - Value: principal, + Op: op, + Kind: chain.KindRequest, + Key: native.PropertyKeyActorPublicKey, + Value: principal, } }, nil } @@ -314,10 +314,10 @@ func formNativeResourceNamesAndConditions(names []string, resolver NativeResolve }, Conditions: []chain.Condition{ { - Op: chain.CondStringLike, - Object: chain.ObjectResource, - Key: PropertyKeyFilePath, - Value: obj, + Op: chain.CondStringLike, + Kind: chain.KindResource, + Key: PropertyKeyFilePath, + Value: obj, }, }, }) diff --git a/iam/converter_s3.go b/iam/converter_s3.go index d8774d0..28192fa 100644 --- a/iam/converter_s3.go +++ b/iam/converter_s3.go @@ -158,10 +158,10 @@ func getS3PrincipalsAndConditionFunc(statement Statement, resolver S3Resolver) ( return principals, func(principal string) chain.Condition { return chain.Condition{ - Op: op, - Object: chain.ObjectRequest, - Key: s3.PropertyKeyOwner, - Value: principal, + Op: op, + Kind: chain.KindRequest, + Key: s3.PropertyKeyOwner, + Value: principal, } }, nil } diff --git a/iam/converter_test.go b/iam/converter_test.go index 7ad04b4..b716a4b 100644 --- a/iam/converter_test.go +++ b/iam/converter_test.go @@ -102,16 +102,16 @@ func TestConverters(t *testing.T) { Resources: chain.Resources{Names: []string{resource}}, Condition: []chain.Condition{ { - Op: chain.CondStringEquals, - Object: chain.ObjectRequest, - Key: s3.PropertyKeyOwner, - Value: mockResolver.users[user], + Op: chain.CondStringEquals, + Kind: chain.KindRequest, + Key: s3.PropertyKeyOwner, + Value: mockResolver.users[user], }, { - Op: chain.CondStringEquals, - Object: chain.ObjectRequest, - Key: "s3:RequestObjectTag/Department", - Value: "Finance", + Op: chain.CondStringEquals, + Kind: chain.KindRequest, + Key: "s3:RequestObjectTag/Department", + Value: "Finance", }, }, }, @@ -146,10 +146,10 @@ func TestConverters(t *testing.T) { }, Condition: []chain.Condition{ { - Op: chain.CondStringEquals, - Object: chain.ObjectRequest, - Key: native.PropertyKeyActorPublicKey, - Value: mockResolver.users[user], + Op: chain.CondStringEquals, + Kind: chain.KindRequest, + Key: native.PropertyKeyActorPublicKey, + Value: mockResolver.users[user], }, }, }, @@ -180,10 +180,10 @@ func TestConverters(t *testing.T) { Resources: chain.Resources{Inverted: true, Names: []string{resource}}, Condition: []chain.Condition{ { - Op: chain.CondStringNotEquals, - Object: chain.ObjectRequest, - Key: s3.PropertyKeyOwner, - Value: mockResolver.users[user], + Op: chain.CondStringNotEquals, + Kind: chain.KindRequest, + Key: s3.PropertyKeyOwner, + Value: mockResolver.users[user], }, }, }, @@ -225,16 +225,16 @@ func TestConverters(t *testing.T) { }}, Condition: []chain.Condition{ { - Op: chain.CondStringEquals, - Object: chain.ObjectRequest, - Key: native.PropertyKeyActorPublicKey, - Value: mockResolver.users[user], + Op: chain.CondStringEquals, + Kind: chain.KindRequest, + Key: native.PropertyKeyActorPublicKey, + Value: mockResolver.users[user], }, { - Op: chain.CondStringLike, - Object: chain.ObjectResource, - Key: PropertyKeyFilePath, - Value: objName, + Op: chain.CondStringLike, + Kind: chain.KindResource, + Key: PropertyKeyFilePath, + Value: objName, }, }, }, @@ -250,10 +250,10 @@ func TestConverters(t *testing.T) { fmt.Sprintf(native.ResourceFormatNamespaceContainer, namespace, mockResolver.containers[bktName]), }}, Condition: []chain.Condition{{ - Op: chain.CondStringEquals, - Object: chain.ObjectRequest, - Key: native.PropertyKeyActorPublicKey, - Value: mockResolver.users[user], + Op: chain.CondStringEquals, + Kind: chain.KindRequest, + Key: native.PropertyKeyActorPublicKey, + Value: mockResolver.users[user], }}, }, }} @@ -345,10 +345,10 @@ func TestConverters(t *testing.T) { Actions: chain.Actions{Names: []string{"s3:DeleteObject", "s3:DeleteMultipleObjects", "iam:*"}}, Resources: chain.Resources{Names: []string{"*"}}, Condition: []chain.Condition{{ - Op: chain.CondStringEquals, - Object: chain.ObjectRequest, - Key: s3.PropertyKeyOwner, - Value: mockResolver.users[user], + Op: chain.CondStringEquals, + Kind: chain.KindRequest, + Key: s3.PropertyKeyOwner, + Value: mockResolver.users[user], }}, }}} @@ -361,10 +361,10 @@ func TestConverters(t *testing.T) { Actions: chain.Actions{Names: []string{native.MethodGetContainer, native.MethodDeleteObject, native.MethodPutObject, native.MethodHeadObject, native.MethodGetObject, native.MethodRangeObject}}, Resources: chain.Resources{Names: []string{native.ResourceFormatAllObjects, native.ResourceFormatAllContainers}}, Condition: []chain.Condition{{ - Op: chain.CondStringEquals, - Object: chain.ObjectRequest, - Key: native.PropertyKeyActorPublicKey, - Value: mockResolver.users[user], + Op: chain.CondStringEquals, + Kind: chain.KindRequest, + Key: native.PropertyKeyActorPublicKey, + Value: mockResolver.users[user], }}, }}} @@ -408,193 +408,193 @@ func TestConvertToChainCondition(t *testing.T) { Any: true, Conditions: []chain.Condition{ { - Op: chain.CondStringEquals, - Object: chain.ObjectRequest, - Key: "key1", - Value: "val0", + Op: chain.CondStringEquals, + Kind: chain.KindRequest, + Key: "key1", + Value: "val0", }, { - Op: chain.CondStringEquals, - Object: chain.ObjectRequest, - Key: "key1", - Value: "val1", + Op: chain.CondStringEquals, + Kind: chain.KindRequest, + Key: "key1", + Value: "val1", }, }, }, { Conditions: []chain.Condition{{ - Op: chain.CondStringNotEquals, - Object: chain.ObjectRequest, - Key: "key2", - Value: "val2", + Op: chain.CondStringNotEquals, + Kind: chain.KindRequest, + Key: "key2", + Value: "val2", }}, }, { Conditions: []chain.Condition{{ - Op: chain.CondStringEqualsIgnoreCase, - Object: chain.ObjectRequest, - Key: "key3", - Value: "val3", + Op: chain.CondStringEqualsIgnoreCase, + Kind: chain.KindRequest, + Key: "key3", + Value: "val3", }}, }, { Conditions: []chain.Condition{{ - Op: chain.CondStringNotEqualsIgnoreCase, - Object: chain.ObjectRequest, - Key: "key4", - Value: "val4", + Op: chain.CondStringNotEqualsIgnoreCase, + Kind: chain.KindRequest, + Key: "key4", + Value: "val4", }}, }, { Conditions: []chain.Condition{{ - Op: chain.CondStringLike, - Object: chain.ObjectRequest, - Key: "key5", - Value: "val5", + Op: chain.CondStringLike, + Kind: chain.KindRequest, + Key: "key5", + Value: "val5", }}, }, { Conditions: []chain.Condition{{ - Op: chain.CondStringNotLike, - Object: chain.ObjectRequest, - Key: "key6", - Value: "val6", + Op: chain.CondStringNotLike, + Kind: chain.KindRequest, + Key: "key6", + Value: "val6", }}, }, { Conditions: []chain.Condition{{ - Op: chain.CondStringEquals, - Object: chain.ObjectRequest, - Key: "key7", - Value: "1136189045", + Op: chain.CondStringEquals, + Kind: chain.KindRequest, + Key: "key7", + Value: "1136189045", }}, }, { Conditions: []chain.Condition{{ - Op: chain.CondStringNotEquals, - Object: chain.ObjectRequest, - Key: "key8", - Value: "1136214245", + Op: chain.CondStringNotEquals, + Kind: chain.KindRequest, + Key: "key8", + Value: "1136214245", }}, }, { Conditions: []chain.Condition{{ - Op: chain.CondStringLessThan, - Object: chain.ObjectRequest, - Key: "key9", - Value: "1136192645", + Op: chain.CondStringLessThan, + Kind: chain.KindRequest, + Key: "key9", + Value: "1136192645", }}, }, { Conditions: []chain.Condition{{ - Op: chain.CondStringLessThanEquals, - Object: chain.ObjectRequest, - Key: "key10", - Value: "1136203445", + Op: chain.CondStringLessThanEquals, + Kind: chain.KindRequest, + Key: "key10", + Value: "1136203445", }}, }, { Conditions: []chain.Condition{{ - Op: chain.CondStringGreaterThan, - Object: chain.ObjectRequest, - Key: "key11", - Value: "1136217845", + Op: chain.CondStringGreaterThan, + Kind: chain.KindRequest, + Key: "key11", + Value: "1136217845", }}, }, { Conditions: []chain.Condition{{ - Op: chain.CondStringGreaterThanEquals, - Object: chain.ObjectRequest, - Key: "key12", - Value: "1136225045", + Op: chain.CondStringGreaterThanEquals, + Kind: chain.KindRequest, + Key: "key12", + Value: "1136225045", }}, }, { Conditions: []chain.Condition{{ - Op: chain.CondStringEqualsIgnoreCase, - Object: chain.ObjectRequest, - Key: "key13", - Value: "True", + Op: chain.CondStringEqualsIgnoreCase, + Kind: chain.KindRequest, + Key: "key13", + Value: "True", }}, }, { Conditions: []chain.Condition{{ - Op: chain.CondStringEquals, - Object: chain.ObjectRequest, - Key: "key16", - Value: "val16", + Op: chain.CondStringEquals, + Kind: chain.KindRequest, + Key: "key16", + Value: "val16", }}, }, { Conditions: []chain.Condition{{ - Op: chain.CondStringLike, - Object: chain.ObjectRequest, - Key: condKeyAWSPrincipalARN, - Value: principal, + Op: chain.CondStringLike, + Kind: chain.KindRequest, + Key: condKeyAWSPrincipalARN, + Value: principal, }}, }, { Conditions: []chain.Condition{{ - Op: chain.CondStringNotEquals, - Object: chain.ObjectRequest, - Key: "key18", - Value: "val18", + Op: chain.CondStringNotEquals, + Kind: chain.KindRequest, + Key: "key18", + Value: "val18", }}, }, { Conditions: []chain.Condition{{ - Op: chain.CondStringNotLike, - Object: chain.ObjectRequest, - Key: "key19", - Value: "val19", + Op: chain.CondStringNotLike, + Kind: chain.KindRequest, + Key: "key19", + Value: "val19", }}, }, { Conditions: []chain.Condition{{ - Op: chain.CondNumericEquals, - Object: chain.ObjectRequest, - Key: "key20", - Value: "-20", + Op: chain.CondNumericEquals, + Kind: chain.KindRequest, + Key: "key20", + Value: "-20", }}, }, { Conditions: []chain.Condition{{ - Op: chain.CondNumericNotEquals, - Object: chain.ObjectRequest, - Key: "key21", - Value: "+21", + Op: chain.CondNumericNotEquals, + Kind: chain.KindRequest, + Key: "key21", + Value: "+21", }}, }, { Conditions: []chain.Condition{{ - Op: chain.CondNumericLessThan, - Object: chain.ObjectRequest, - Key: "key22", - Value: "0", + Op: chain.CondNumericLessThan, + Kind: chain.KindRequest, + Key: "key22", + Value: "0", }}, }, { Conditions: []chain.Condition{{ - Op: chain.CondNumericLessThanEquals, - Object: chain.ObjectRequest, - Key: "key23", - Value: "23.23", + Op: chain.CondNumericLessThanEquals, + Kind: chain.KindRequest, + Key: "key23", + Value: "23.23", }}, }, { Conditions: []chain.Condition{{ - Op: chain.CondNumericGreaterThan, - Object: chain.ObjectRequest, - Key: "key24", - Value: "-24.24", + Op: chain.CondNumericGreaterThan, + Kind: chain.KindRequest, + Key: "key24", + Value: "-24.24", }}, }, { Conditions: []chain.Condition{{ - Op: chain.CondNumericGreaterThanEquals, - Object: chain.ObjectRequest, - Key: "key25", - Value: "+25.25", + Op: chain.CondNumericGreaterThanEquals, + Kind: chain.KindRequest, + Key: "key25", + Value: "+25.25", }}, }, } @@ -668,10 +668,10 @@ func TestIPConditions(t *testing.T) { Actions: chain.Actions{Names: []string{"s3:*"}}, Resources: chain.Resources{Names: []string{Wildcard}}, Condition: []chain.Condition{{ - Op: chain.CondIPAddress, - Object: chain.ObjectRequest, - Key: common.PropertyKeyFrostFSSourceIP, - Value: "203.0.113.0/24", + Op: chain.CondIPAddress, + Kind: chain.KindRequest, + Key: common.PropertyKeyFrostFSSourceIP, + Value: "203.0.113.0/24", }}, }}, } @@ -686,10 +686,10 @@ func TestIPConditions(t *testing.T) { Actions: chain.Actions{Names: []string{Wildcard}}, Resources: chain.Resources{Names: []string{native.ResourceFormatAllObjects, native.ResourceFormatAllContainers}}, Condition: []chain.Condition{{ - Op: chain.CondIPAddress, - Object: chain.ObjectRequest, - Key: common.PropertyKeyFrostFSSourceIP, - Value: "203.0.113.0/24", + Op: chain.CondIPAddress, + Kind: chain.KindRequest, + Key: common.PropertyKeyFrostFSSourceIP, + Value: "203.0.113.0/24", }}, }}, } @@ -828,12 +828,12 @@ func TestComplexNativeConditions(t *testing.T) { expectedResource1 := chain.Resources{Names: []string{nativeResource1, nativeResource1cnr}} expectedResource23 := chain.Resources{Names: []string{nativeResource2, nativeResource2cnr, nativeResource3, nativeResource3cnr}} - user1Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: native.PropertyKeyActorPublicKey, Value: mockResolver.users[user1]} - user2Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: native.PropertyKeyActorPublicKey, Value: mockResolver.users[user2]} - objectName1Condition := chain.Condition{Op: chain.CondStringLike, Object: chain.ObjectResource, Key: PropertyKeyFilePath, Value: objName1} - key1val0Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: key1, Value: val0} - key1val1Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: key1, Value: val1} - key2val2Condition := chain.Condition{Op: chain.CondStringLike, Object: chain.ObjectRequest, Key: key2, Value: val2} + user1Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: native.PropertyKeyActorPublicKey, Value: mockResolver.users[user1]} + user2Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: native.PropertyKeyActorPublicKey, Value: mockResolver.users[user2]} + objectName1Condition := chain.Condition{Op: chain.CondStringLike, Kind: chain.KindResource, Key: PropertyKeyFilePath, Value: objName1} + key1val0Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: key1, Value: val0} + key1val1Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: key1, Value: val1} + key2val2Condition := chain.Condition{Op: chain.CondStringLike, Kind: chain.KindRequest, Key: key2, Value: val2} expected := &chain.Chain{Rules: []chain.Rule{ { @@ -1138,11 +1138,11 @@ func TestComplexS3Conditions(t *testing.T) { expectedActions := chain.Actions{Names: []string{action, action2}} expectedResources := chain.Resources{Names: []string{resource1, resource2, resource3}} - user1Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: s3.PropertyKeyOwner, Value: mockResolver.users[user1]} - user2Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: s3.PropertyKeyOwner, Value: mockResolver.users[user2]} - key1val0Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: key1, Value: val0} - key1val1Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: key1, Value: val1} - key2val2Condition := chain.Condition{Op: chain.CondStringLike, Object: chain.ObjectRequest, Key: key2, Value: val2} + user1Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: s3.PropertyKeyOwner, Value: mockResolver.users[user1]} + user2Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: s3.PropertyKeyOwner, Value: mockResolver.users[user2]} + key1val0Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: key1, Value: val0} + key1val1Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: key1, Value: val1} + key2val2Condition := chain.Condition{Op: chain.CondStringLike, Kind: chain.KindRequest, Key: key2, Value: val2} expected := &chain.Chain{Rules: []chain.Rule{ { @@ -1698,22 +1698,22 @@ func TestTagsConditions(t *testing.T) { expectedConditions := []chain.Condition{ { - Op: chain.CondStringEquals, - Object: chain.ObjectRequest, - Key: fmt.Sprintf(common.PropertyKeyFormatFrostFSIDUserClaim, "tag-department"), - Value: "hr", + Op: chain.CondStringEquals, + Kind: chain.KindRequest, + Key: fmt.Sprintf(common.PropertyKeyFormatFrostFSIDUserClaim, "tag-department"), + Value: "hr", }, { - Op: chain.CondStringEquals, - Object: chain.ObjectRequest, - Key: fmt.Sprintf(s3.PropertyKeyFormatResourceTag, "owner"), - Value: "hr-admin", + Op: chain.CondStringEquals, + Kind: chain.KindRequest, + Key: fmt.Sprintf(s3.PropertyKeyFormatResourceTag, "owner"), + Value: "hr-admin", }, { - Op: chain.CondStringEquals, - Object: chain.ObjectRequest, - Key: fmt.Sprintf(s3.PropertyKeyFormatRequestTag, "scope"), - Value: "*", + Op: chain.CondStringEquals, + Kind: chain.KindRequest, + Key: fmt.Sprintf(s3.PropertyKeyFormatRequestTag, "scope"), + Value: "*", }, } @@ -1754,10 +1754,10 @@ func TestMFACondition(t *testing.T) { expectedConditions := []chain.Condition{ { - Op: chain.CondStringEqualsIgnoreCase, - Object: chain.ObjectRequest, - Key: s3.PropertyKeyAccessBoxAttrMFA, - Value: "true", + Op: chain.CondStringEqualsIgnoreCase, + Kind: chain.KindRequest, + Key: s3.PropertyKeyAccessBoxAttrMFA, + Value: "true", }, } diff --git a/pkg/chain/chain.go b/pkg/chain/chain.go index b079c74..5e94940 100644 --- a/pkg/chain/chain.go +++ b/pkg/chain/chain.go @@ -68,17 +68,17 @@ type Resources struct { } type Condition struct { - Op ConditionType - Object ObjectType - Key string - Value string + Op ConditionType + Kind ConditionKindType + Key string + Value string } -type ObjectType byte +type ConditionKindType byte const ( - ObjectResource ObjectType = iota - ObjectRequest + KindResource ConditionKindType = iota + KindRequest ) type ConditionType byte @@ -157,13 +157,13 @@ func FormCondSliceContainsValue(values []string) string { func (c *Condition) Match(req resource.Request) bool { var val string - switch c.Object { - case ObjectResource: + switch c.Kind { + case KindResource: val = req.Resource().Property(c.Key) - case ObjectRequest: + case KindRequest: val = req.Property(c.Key) default: - panic(fmt.Sprintf("unknown condition type: %d", c.Object)) + panic(fmt.Sprintf("unknown condition type: %d", c.Kind)) } switch c.Op { diff --git a/pkg/chain/chain_easyjson.go b/pkg/chain/chain_easyjson.go index fd7ff8c..bf94c02 100644 --- a/pkg/chain/chain_easyjson.go +++ b/pkg/chain/chain_easyjson.go @@ -257,8 +257,8 @@ func easyjsonE2758465DecodeGitFrostfsInfoTrueCloudLabPolicyEnginePkgChain4(in *j switch key { case "Op": (out.Op).UnmarshalEasyJSON(in) - case "Object": - (out.Object).UnmarshalEasyJSON(in) + case "Kind": + (out.Kind).UnmarshalEasyJSON(in) case "Key": out.Key = string(in.String()) case "Value": @@ -283,9 +283,9 @@ func easyjsonE2758465EncodeGitFrostfsInfoTrueCloudLabPolicyEnginePkgChain4(out * (in.Op).MarshalEasyJSON(out) } { - const prefix string = ",\"Object\":" + const prefix string = ",\"Kind\":" out.RawString(prefix) - (in.Object).MarshalEasyJSON(out) + (in.Kind).MarshalEasyJSON(out) } { const prefix string = ",\"Key\":" diff --git a/pkg/chain/chain_test.go b/pkg/chain/chain_test.go index ee7d7d7..f9b115a 100644 --- a/pkg/chain/chain_test.go +++ b/pkg/chain/chain_test.go @@ -98,10 +98,10 @@ func TestCondSliceContainsMatch(t *testing.T) { Actions: Actions{Names: []string{native.MethodPutObject}}, Resources: Resources{Names: []string{native.ResourceFormatRootContainers}}, Condition: []Condition{{ - Op: CondSliceContains, - Object: ObjectRequest, - Key: propKey, - Value: groupID, + Op: CondSliceContains, + Kind: KindRequest, + Key: propKey, + Value: groupID, }}, }}} @@ -164,22 +164,22 @@ func TestNumericConditionsMatch(t *testing.T) { name: "value from interval", conditions: []Condition{ { - Op: CondNumericLessThan, - Object: ObjectRequest, - Key: propKey, - Value: "100", + Op: CondNumericLessThan, + Kind: KindRequest, + Key: propKey, + Value: "100", }, { - Op: CondNumericGreaterThan, - Object: ObjectRequest, - Key: propKey, - Value: "80", + Op: CondNumericGreaterThan, + Kind: KindRequest, + Key: propKey, + Value: "80", }, { - Op: CondNumericNotEquals, - Object: ObjectRequest, - Key: propKey, - Value: "91", + Op: CondNumericNotEquals, + Kind: KindRequest, + Key: propKey, + Value: "91", }, }, value: "90", @@ -189,22 +189,22 @@ func TestNumericConditionsMatch(t *testing.T) { name: "border value", conditions: []Condition{ { - Op: CondNumericEquals, - Object: ObjectRequest, - Key: propKey, - Value: "50", + Op: CondNumericEquals, + Kind: KindRequest, + Key: propKey, + Value: "50", }, { - Op: CondNumericLessThanEquals, - Object: ObjectRequest, - Key: propKey, - Value: "50", + Op: CondNumericLessThanEquals, + Kind: KindRequest, + Key: propKey, + Value: "50", }, { - Op: CondNumericGreaterThanEquals, - Object: ObjectRequest, - Key: propKey, - Value: "50", + Op: CondNumericGreaterThanEquals, + Kind: KindRequest, + Key: propKey, + Value: "50", }, }, value: "50", @@ -270,10 +270,10 @@ func TestInvalidNumericValues(t *testing.T) { t.Run(tc.name, func(t *testing.T) { resource := testutil.NewResource(native.ResourceFormatRootContainers, nil) condition := Condition{ - Op: tc.conditionType, - Object: ObjectRequest, - Key: propKey, - Value: "50", + Op: tc.conditionType, + Kind: KindRequest, + Key: propKey, + Value: "50", } for _, propValue := range propValues { diff --git a/pkg/chain/marshal_binary.go b/pkg/chain/marshal_binary.go index 83e6380..357cc79 100644 --- a/pkg/chain/marshal_binary.go +++ b/pkg/chain/marshal_binary.go @@ -218,7 +218,7 @@ func marshalCondition(buf []byte, offset int, c Condition) (int, error) { if err != nil { return 0, err } - offset, err = marshal.ByteMarshal(buf, offset, byte(c.Object)) + offset, err = marshal.ByteMarshal(buf, offset, byte(c.Kind)) if err != nil { return 0, err } @@ -241,7 +241,7 @@ func unmarshalCondition(buf []byte, offset int) (Condition, int, error) { if err != nil { return Condition{}, 0, err } - c.Object = ObjectType(obV) + c.Kind = ConditionKindType(obV) c.Key, offset, err = marshal.StringUnmarshal(buf, offset) if err != nil { diff --git a/pkg/chain/marshal_binary_test.go b/pkg/chain/marshal_binary_test.go index 57176de..4cfd0cb 100644 --- a/pkg/chain/marshal_binary_test.go +++ b/pkg/chain/marshal_binary_test.go @@ -178,31 +178,31 @@ func generateTestConditions() [][]Condition { for _, ct := range generateTestConditionTypes() { for _, ot := range generateObjectTypes() { result[2] = append(result[2], Condition{ - Op: ct, - Object: ot, - Key: "", - Value: "", + Op: ct, + Kind: ot, + Key: "", + Value: "", }) result[2] = append(result[2], Condition{ - Op: ct, - Object: ot, - Key: "key", - Value: "", + Op: ct, + Kind: ot, + Key: "key", + Value: "", }) result[2] = append(result[2], Condition{ - Op: ct, - Object: ot, - Key: "", - Value: "value", + Op: ct, + Kind: ot, + Key: "", + Value: "value", }) result[2] = append(result[2], Condition{ - Op: ct, - Object: ot, - Key: "key", - Value: "value", + Op: ct, + Kind: ot, + Key: "key", + Value: "value", }) } } @@ -232,10 +232,10 @@ func generateTestConditionTypes() []ConditionType { } } -func generateObjectTypes() []ObjectType { - return []ObjectType{ - ObjectResource, - ObjectRequest, +func generateObjectTypes() []ConditionKindType { + return []ConditionKindType{ + KindResource, + KindRequest, } } diff --git a/pkg/chain/marshal_json.go b/pkg/chain/marshal_json.go index 8dec214..a83c816 100644 --- a/pkg/chain/marshal_json.go +++ b/pkg/chain/marshal_json.go @@ -29,11 +29,11 @@ var statusToJSONValue = []struct { } var objectTypeToJSONValue = []struct { - t ObjectType + t ConditionKindType str string }{ - {ObjectRequest, "Request"}, - {ObjectResource, "Resource"}, + {KindRequest, "Request"}, + {KindResource, "Resource"}, } func (mt MatchType) MarshalEasyJSON(w *jwriter.Writer) { @@ -90,7 +90,7 @@ func (st *Status) UnmarshalEasyJSON(l *jlexer.Lexer) { *st = Status(v) } -func (ot ObjectType) MarshalEasyJSON(w *jwriter.Writer) { +func (ot ConditionKindType) MarshalEasyJSON(w *jwriter.Writer) { for _, p := range objectTypeToJSONValue { if p.t == ot { w.String(p.str) @@ -100,7 +100,7 @@ func (ot ObjectType) MarshalEasyJSON(w *jwriter.Writer) { w.String(strconv.FormatUint(uint64(ot), 10)) } -func (ot *ObjectType) UnmarshalEasyJSON(l *jlexer.Lexer) { +func (ot *ConditionKindType) UnmarshalEasyJSON(l *jlexer.Lexer) { str := l.String() for _, p := range objectTypeToJSONValue { if p.str == str { @@ -114,7 +114,7 @@ func (ot *ObjectType) UnmarshalEasyJSON(l *jlexer.Lexer) { l.AddError(fmt.Errorf("failed to parse object type: %w", err)) return } - *ot = ObjectType(v) + *ot = ConditionKindType(v) } func (ct ConditionType) MarshalEasyJSON(w *jwriter.Writer) { diff --git a/pkg/chain/marshal_json_test.go b/pkg/chain/marshal_json_test.go index 6c15ae9..c4bc621 100644 --- a/pkg/chain/marshal_json_test.go +++ b/pkg/chain/marshal_json_test.go @@ -68,10 +68,10 @@ func TestJsonEnums(t *testing.T) { }, Condition: []Condition{ { - Op: CondStringEquals, - Object: ObjectRequest, - Key: native.PropertyKeyActorRole, - Value: native.PropertyValueContainerRoleOthers, + Op: CondStringEquals, + Kind: KindRequest, + Key: native.PropertyKeyActorRole, + Value: native.PropertyValueContainerRoleOthers, }, }, }, @@ -87,10 +87,10 @@ func TestJsonEnums(t *testing.T) { Any: true, Condition: []Condition{ { - Op: CondStringNotLike, - Object: ObjectResource, - Key: native.PropertyKeyObjectType, - Value: "regular", + Op: CondStringNotLike, + Kind: KindResource, + Key: native.PropertyKeyObjectType, + Value: "regular", }, }, }, @@ -98,8 +98,8 @@ func TestJsonEnums(t *testing.T) { Status: Status(100), Condition: []Condition{ { - Op: ConditionType(255), - Object: ObjectType(128), + Op: ConditionType(255), + Kind: ConditionKindType(128), }, }, }, diff --git a/pkg/chain/testdata/test_status_json.json b/pkg/chain/testdata/test_status_json.json index 4e60f21..6955ce7 100644 --- a/pkg/chain/testdata/test_status_json.json +++ b/pkg/chain/testdata/test_status_json.json @@ -20,7 +20,7 @@ "Condition": [ { "Op": "StringEquals", - "Object": "Request", + "Kind": "Request", "Key": "$Actor:role", "Value": "others" } @@ -44,7 +44,7 @@ "Condition": [ { "Op": "StringNotLike", - "Object": "Resource", + "Kind": "Resource", "Key": "$Object:objectType", "Value": "regular" } @@ -64,7 +64,7 @@ "Condition": [ { "Op": "255", - "Object": "128", + "Kind": "128", "Key": "", "Value": "" } diff --git a/pkg/engine/inmemory/inmemory_test.go b/pkg/engine/inmemory/inmemory_test.go index 498586d..fca6935 100644 --- a/pkg/engine/inmemory/inmemory_test.go +++ b/pkg/engine/inmemory/inmemory_test.go @@ -69,16 +69,16 @@ func TestInmemory(t *testing.T) { Any: true, Condition: []chain.Condition{ { - Op: chain.CondStringNotLike, - Object: chain.ObjectRequest, - Key: "SourceIP", - Value: "10.1.1.*", + Op: chain.CondStringNotLike, + Kind: chain.KindRequest, + Key: "SourceIP", + Value: "10.1.1.*", }, { - Op: chain.CondStringNotEquals, - Object: chain.ObjectRequest, - Key: "Actor", - Value: actor1, + Op: chain.CondStringNotEquals, + Kind: chain.KindRequest, + Key: "Actor", + Value: actor1, }, }, }, @@ -111,16 +111,16 @@ func TestInmemory(t *testing.T) { Resources: chain.Resources{Names: []string{"native::object::abc/*"}}, Condition: []chain.Condition{ { - Op: chain.CondStringEquals, - Object: chain.ObjectResource, - Key: "Department", - Value: "HR", + Op: chain.CondStringEquals, + Kind: chain.KindResource, + Key: "Department", + Value: "HR", }, { - Op: chain.CondStringEquals, - Object: chain.ObjectRequest, - Key: "Actor", - Value: actor2, + Op: chain.CondStringEquals, + Kind: chain.KindRequest, + Key: "Actor", + Value: actor2, }, }, },