[#4] Add IAM policy unmarshaler #5

dkirillov · 2023-10-19T13:16:03Z

dkirillov commented

2023-10-19 13:16:03 +00:00

close #4

Currently numeric condition type are not supported

close #4 Currently numeric condition type are not supported

dkirillov self-assigned this 2023-10-19 13:16:03 +00:00

dkirillov changed title from ~~WIP: [#XX] Add IAM policy unmarshaler~~ to WIP: [#XX] Add IAM policy unmarshaler

2023-10-20 07:53:00 +00:00

dkirillov changed target branch from init to master

2023-10-20 07:53:01 +00:00

dkirillov force-pushed feature/iam_policy_unmarshaler from 0933aa7ce6 to 31a308ea61

2023-10-23 12:44:46 +00:00

Compare

dkirillov changed title from ~~WIP: [#XX] Add IAM policy unmarshaler~~ to WIP: [#4] Add IAM policy unmarshaler

2023-10-23 12:45:11 +00:00

dkirillov changed title from ~~WIP: [#4] Add IAM policy unmarshaler~~ to [#4] Add IAM policy unmarshaler

2023-10-23 12:56:59 +00:00

dkirillov requested review from storage-core-committers 2023-10-23 12:57:06 +00:00

dkirillov requested review from storage-core-developers 2023-10-23 12:57:07 +00:00

dkirillov requested review from storage-services-committers 2023-10-23 12:57:08 +00:00

dkirillov requested review from storage-services-developers 2023-10-23 12:57:08 +00:00

dstepanov-yadro reviewed 2023-10-23 14:41:19 +00:00

iam/policy.go

					
				@ -0,0 +45,4 @@

					DenyEffect  Effect = "Deny"

				)

				func (s *Statements) UnmarshalJSON(data []byte) error {

dstepanov-yadro commented

2023-10-23 14:41:13 +00:00

Not a bug: what about using https://github.com/mailru/easyjson ?

dkirillov commented

2023-10-24 14:14:10 +00:00

We cannot use solely easyjson because we have to parse both

{
	"Statement": {
		"Principal": "*"
    }
}

and

{
	"Statement": {
		"Principal": {
            "AWS":[
				"arn:aws:iam::111122223333:user/JohnDoe"
			],
           "FrostFS": "031a6c6fbbdf02ca351745fa86b9ba5a9452d785ac4f7fc2b7548ca2a46c4fcf4a",
    }
}

So we need custom UnmarshalJSON anyway.

Error in tests when using easyjson:

=== RUN   TestUnmarshalIAMPolicy/simple_fields
    policy_test.go:51: 
        	Error Trace:	/home/denis/github/tcl/policy-engine/iam/policy_test.go:51
        	Error:      	Received unexpected error:
        	            	parse error: expected [ near offset 66 of 'Statement'
        	Test:       	TestUnmarshalIAMPolicy/simple_fields
--- FAIL: TestUnmarshalIAMPolicy/simple_fields (0.00s)

We cannot use solely easyjson because we have to parse both ```json { "Statement": { "Principal": "*" } } ``` and ```json { "Statement": { "Principal": { "AWS":[ "arn:aws:iam::111122223333:user/JohnDoe" ], "FrostFS": "031a6c6fbbdf02ca351745fa86b9ba5a9452d785ac4f7fc2b7548ca2a46c4fcf4a", } } ``` So we need custom `UnmarshalJSON` anyway. Error in tests when using easyjson: ``` === RUN TestUnmarshalIAMPolicy/simple_fields policy_test.go:51: Error Trace: /home/denis/github/tcl/policy-engine/iam/policy_test.go:51 Error: Received unexpected error: parse error: expected [ near offset 66 of 'Statement' Test: TestUnmarshalIAMPolicy/simple_fields --- FAIL: TestUnmarshalIAMPolicy/simple_fields (0.00s) ```

dstepanov-yadro commented

2023-10-24 14:27:09 +00:00

Clear, thx!

dstepanov-yadro marked this conversation as resolved

dstepanov-yadro approved these changes 2023-10-24 14:27:34 +00:00

fyrchik approved these changes 2023-10-24 15:30:26 +00:00

iam/policy.go

					
				@ -0,0 +7,4 @@

				type (

					// Policy grammar https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html

					// Currently 'NotPrincipal', 'NotAction' and 'NotResource' are not supported (so cannot be unmarshalled).

fyrchik commented

2023-10-24 15:29:00 +00:00

Do we have a task for this?

dkirillov commented

2023-10-27 07:36:58 +00:00

#11

https://git.frostfs.info/TrueCloudLab/policy-engine/issues/11

iam/policy.go

					
				@ -0,0 +87,4 @@

							continue

						}

						list, ok := val.([]interface{})

fyrchik commented

2023-10-24 15:29:53 +00:00

Let's use any?

Let's use `any`?

dkirillov commented

2023-10-27 07:37:24 +00:00

Fix later

dkirillov merged commit 31a308ea61 into master

2023-10-27 07:37:42 +00:00

dkirillov deleted branch feature/iam_policy_unmarshaler

2023-10-27 07:37:43 +00:00

Sign in to join this conversation.

No reviewers

TrueCloudLab/storage-core-developers

TrueCloudLab/storage-services-committers

TrueCloudLab/storage-services-developers

No labels

No milestone

No project

No assignees

3 participants

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: TrueCloudLab/policy-engine#5