TrueCloudLab/policy-engine
20
0
Fork 11
generated from TrueCloudLab/basic
Code Issues 5 Pull requests 1 Projects Releases Packages Wiki Activity Actions

[#60] chain: Support numeric conditions #60

Merged
dkirillov merged 1 commit from mbiryukova/policy-engine:feature/numeric_conditions into master 2024-04-08 14:32:14 +00:00
Conversation 0 Commits 1 Files changed 5 +270 -2
mbiryukova commented 2024-04-02 08:04:08 +00:00
Member
Copy link

Signed-off-by: Marina Biryukova m.biryukova@yadro.com

Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
mbiryukova self-assigned this 2024-04-02 08:04:08 +00:00
mbiryukova force-pushed feature/numeric_conditions from 80571b9c1f to cc3259379f 2024-04-02 08:04:47 +00:00 Compare
mbiryukova changed title from [#xx] chain: Support numeric conditions to [#60] chain: Support numeric conditions 2024-04-02 08:05:04 +00:00
mbiryukova force-pushed feature/numeric_conditions from cc3259379f to e5b7e1f763 2024-04-02 08:13:54 +00:00 Compare
mbiryukova requested review from storage-core-committers 2024-04-02 08:20:25 +00:00
mbiryukova requested review from storage-core-developers 2024-04-02 08:20:25 +00:00
mbiryukova requested review from storage-services-committers 2024-04-02 08:20:26 +00:00
mbiryukova requested review from storage-services-developers 2024-04-02 08:20:26 +00:00
dstepanov-yadro reviewed 2024-04-02 10:38:17 +00:00
iam/converter_test.go Outdated
@ -385,6 +385,12 @@ func TestConvertToChainCondition(t *testing.T) {
CondArnLike: {condKeyAWSPrincipalARN: {principal}},
CondArnNotEquals: {"key18": {"val18"}},
CondArnNotLike: {"key19": {"val19"}},
CondNumericEquals: {"key20": {"20"}},
dstepanov-yadro commented 2024-04-02 10:38:17 +00:00
Member
Copy link

negative, zero, hex, binary values tests should be added.
also values with spaces, with '+' sign.

negative, zero, hex, binary values tests should be added. also values with spaces, with '+' sign.
dkirillov commented 2024-04-02 12:55:55 +00:00
Member
Copy link

AWS supports only integer and decimals. So here (in converter_test.go) I wouldn't add hex/binary values.
If this is required we can support such values in native condition types and add tests there.

AWS supports only integer and decimals. So here (in `converter_test.go`) I wouldn't add hex/binary values. If this is required we can support such values in native condition types and add tests there.
dstepanov-yadro commented 2024-04-03 12:50:42 +00:00
Member
Copy link

Tests should not be only positive. I was expecting to see a negative binary and hex test. Also we need to support decimals)

Tests should not be only positive. I was expecting to see a negative binary and hex test. Also we need to support decimals)
dkirillov reviewed 2024-04-02 12:57:28 +00:00
pkg/chain/chain.go Outdated
@ -191,2 +195,3 @@
func (r *Rule) Match(req resource.Request) (status Status, matched bool) {
func (c *Condition) matchNumeric(val string) (bool, error) {
valInt, err := strconv.ParseInt(val, 10, 64)
dkirillov commented 2024-04-02 12:57:28 +00:00
Member
Copy link

Probably we should try parse float if parsing integer failed because spec says Numeric condition operators let you construct Condition elements that restrict access based on comparing a key to an integer or decimal value.

Probably we should try parse float if parsing integer failed because [spec](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_Numeric) says `Numeric condition operators let you construct Condition elements that restrict access based on comparing a key to an integer or decimal value.`
mbiryukova commented 2024-04-02 15:15:50 +00:00
Author
Member
Copy link

Can we parse only float in this case?

Can we parse only float in this case?
dkirillov commented 2024-04-03 06:22:37 +00:00
Member
Copy link

No. In general we cannot do this because equals for float can have some error:

	tmp := 0.1
	tmp2 := 0.2

	fmt.Println(tmp+tmp2 == 0.3) // false

Or we have to write custom equal function and not use ==

No. In general we cannot do this because equals for float can have some error: ```golang tmp := 0.1 tmp2 := 0.2 fmt.Println(tmp+tmp2 == 0.3) // false ``` Or we have to write custom equal function and not use `==`
fyrchik commented 2024-04-05 06:42:01 +00:00
Owner
Copy link

What is the length of a decimal?
neo-go has a fixed decimal package https://github.com/nspcc-dev/neo-go/blob/master/pkg/encoding/fixedn/decimal.go (and we already depend on neo-go)

What is the length of a decimal? neo-go has a fixed decimal package https://github.com/nspcc-dev/neo-go/blob/master/pkg/encoding/fixedn/decimal.go (and we already depend on neo-go)
fyrchik commented 2024-04-05 06:43:13 +00:00
Owner
Copy link

Do we have any compatibility tests here? The description at the link you have provided is vague.

Do we have any compatibility tests here? The description at the link you have provided is vague.
dkirillov commented 2024-04-08 08:43:49 +00:00
Member
Copy link

I couldn't find more precise description of this conditions. So we decided to use 1e-8 precision. We can use decimal from neo-go I think

I couldn't find more precise description of this conditions. So we decided to use `1e-8` precision. We can use decimal from neo-go I think
mbiryukova force-pushed feature/numeric_conditions from e5b7e1f763 to 18aa3a3442 2024-04-04 14:41:44 +00:00 Compare
mbiryukova force-pushed feature/numeric_conditions from 18aa3a3442 to d06de615ad 2024-04-04 14:42:45 +00:00 Compare
aarifullin reviewed 2024-04-05 09:37:46 +00:00
pkg/chain/chain.go Outdated
@ -192,0 +215,4 @@
case CondNumericLessThan:
return valFloat < condVal
case CondNumericLessThanEquals:
return valFloat <= condVal
aarifullin commented 2024-04-05 09:37:46 +00:00
Member
Copy link

I suppose the correct way is to compare them like this

valFloat < condVal || equalFloat(valFloat, condVal)
I suppose the correct way is to compare them like this ```go valFloat < condVal || equalFloat(valFloat, condVal) ```
👍 1
aarifullin marked this conversation as resolved
alexvanin approved these changes 2024-04-08 06:45:46 +00:00
alexvanin left a comment
Owner
Copy link

LGTM, but see comment

LGTM, but see [comment](https://git.frostfs.info/TrueCloudLab/policy-engine/pulls/60/files#issuecomment-36725)
mbiryukova force-pushed feature/numeric_conditions from d06de615ad to 8af1392faf 2024-04-08 06:58:43 +00:00 Compare
aarifullin approved these changes 2024-04-08 07:01:26 +00:00
dstepanov-yadro reviewed 2024-04-08 08:50:14 +00:00
iam/converter.go Outdated
@ -276,2 +294,4 @@
}
func numericConvertFunction(val string) (string, error) {
if _, err := strconv.ParseFloat(val, 64); err == nil {
dstepanov-yadro commented 2024-04-08 08:50:12 +00:00
Member
Copy link

+Inf, inf, NaN, nan are valid float strings, see https://pkg.go.dev/strconv#example-ParseFloat
Does IAM supports it?

`+Inf`, `inf`, `NaN`, `nan` are valid float strings, see https://pkg.go.dev/strconv#example-ParseFloat Does IAM supports it?
dkirillov commented 2024-04-08 09:58:19 +00:00
Member
Copy link

No. But now we use Fixed8 and it doesn't support it.

Probably we should include this +Inf, inf, NaN, nan in test cases

No. But now we use [Fixed8](https://github.com/nspcc-dev/neo-go/blob/master/pkg/encoding/fixedn/fixed8.go) and it doesn't support it. Probably we should include this `+Inf, inf, NaN, nan` in test cases
mbiryukova force-pushed feature/numeric_conditions from 8af1392faf to df6b80cd2a 2024-04-08 09:04:19 +00:00 Compare
dkirillov approved these changes 2024-04-08 09:56:26 +00:00
mbiryukova force-pushed feature/numeric_conditions from df6b80cd2a to 4bdc8d679a 2024-04-08 11:29:30 +00:00 Compare
mbiryukova force-pushed feature/numeric_conditions from 4bdc8d679a to 84c6be01de 2024-04-08 11:32:53 +00:00 Compare
dkirillov approved these changes 2024-04-08 11:50:44 +00:00
dstepanov-yadro approved these changes 2024-04-08 14:30:42 +00:00
alexvanin approved these changes 2024-04-08 14:32:02 +00:00
dkirillov merged commit 84c6be01de into master 2024-04-08 14:32:14 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
aarifullin
dkirillov
dstepanov-yadro
alexvanin
TrueCloudLab/storage-services-developers
Labels
Clear labels
  
Infrastructure

Infrastructure, Automation, CI/CD or DevOps related stuff

  
blocked

The issue or PR is blocked by something

  
bug

Something is not working

  
config

Configuration format update or breaking change

  
discussion

Talking about something in order to reach a decision or to exchange ideas

  
documentation

Documentation related

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
go

Language features adoption

  
help wanted

Extra attention is needed

  
internal

   
invalid

Something is wrong

  
kludge

This is a kludge and we know it

  
observability

Related to metrics, tracing and logs

  
perfomance

Perfomance related

  
question

More information is needed

  
refactoring

Refactoring

  
wontfix

This won't be fixed

No labels
Infrastructure
blocked
bug
config
discussion
documentation
duplicate
enhancement
go
help wanted
internal
invalid
kludge
observability
perfomance
question
refactoring
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
mbiryukova
6 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: TrueCloudLab/policy-engine#60
No description provided.
Delete branch "mbiryukova/policy-engine:feature/numeric_conditions"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?