chain: Refactor ObjectType type #75

Merged
fyrchik merged 1 commit from aarifullin/policy-engine:fix/refactor_cnr_obj_type into master 2024-09-04 19:51:23 +00:00
13 changed files with 283 additions and 283 deletions

View file

@ -181,10 +181,10 @@ func convertToChainCondition(c Conditions) ([]GroupedConditions, error) {
}
group.Conditions[i] = chain.Condition{
Op: condType,
Object: chain.ObjectRequest,
Key: transformKey(key),
Value: converted,
Op: condType,
Kind: chain.KindRequest,
Key: transformKey(key),
Value: converted,
}
}
grouped = append(grouped, group)

View file

@ -214,10 +214,10 @@ func getNativePrincipalsAndConditionFunc(statement Statement, resolver NativeRes
return principals, func(principal string) chain.Condition {
return chain.Condition{
Op: op,
Object: chain.ObjectRequest,
Key: native.PropertyKeyActorPublicKey,
Value: principal,
Op: op,
Kind: chain.KindRequest,
Key: native.PropertyKeyActorPublicKey,
Value: principal,
}
}, nil
}
@ -314,10 +314,10 @@ func formNativeResourceNamesAndConditions(names []string, resolver NativeResolve
},
Conditions: []chain.Condition{
{
Op: chain.CondStringLike,
Object: chain.ObjectResource,
Key: PropertyKeyFilePath,
Value: obj,
Op: chain.CondStringLike,
Kind: chain.KindResource,
Key: PropertyKeyFilePath,
Value: obj,
},
},
})

View file

@ -158,10 +158,10 @@ func getS3PrincipalsAndConditionFunc(statement Statement, resolver S3Resolver) (
return principals, func(principal string) chain.Condition {
return chain.Condition{
Op: op,
Object: chain.ObjectRequest,
Key: s3.PropertyKeyOwner,
Value: principal,
Op: op,
Kind: chain.KindRequest,
Key: s3.PropertyKeyOwner,
Value: principal,
}
}, nil
}

View file

@ -102,16 +102,16 @@ func TestConverters(t *testing.T) {
Resources: chain.Resources{Names: []string{resource}},
Condition: []chain.Condition{
{
Op: chain.CondStringEquals,
Object: chain.ObjectRequest,
Key: s3.PropertyKeyOwner,
Value: mockResolver.users[user],
Op: chain.CondStringEquals,
Kind: chain.KindRequest,
Key: s3.PropertyKeyOwner,
Value: mockResolver.users[user],
},
{
Op: chain.CondStringEquals,
Object: chain.ObjectRequest,
Key: "s3:RequestObjectTag/Department",
Value: "Finance",
Op: chain.CondStringEquals,
Kind: chain.KindRequest,
Key: "s3:RequestObjectTag/Department",
Value: "Finance",
},
},
},
@ -146,10 +146,10 @@ func TestConverters(t *testing.T) {
},
Condition: []chain.Condition{
{
Op: chain.CondStringEquals,
Object: chain.ObjectRequest,
Key: native.PropertyKeyActorPublicKey,
Value: mockResolver.users[user],
Op: chain.CondStringEquals,
Kind: chain.KindRequest,
Key: native.PropertyKeyActorPublicKey,
Value: mockResolver.users[user],
},
},
},
@ -180,10 +180,10 @@ func TestConverters(t *testing.T) {
Resources: chain.Resources{Inverted: true, Names: []string{resource}},
Condition: []chain.Condition{
{
Op: chain.CondStringNotEquals,
Object: chain.ObjectRequest,
Key: s3.PropertyKeyOwner,
Value: mockResolver.users[user],
Op: chain.CondStringNotEquals,
Kind: chain.KindRequest,
Key: s3.PropertyKeyOwner,
Value: mockResolver.users[user],
},
},
},
@ -225,16 +225,16 @@ func TestConverters(t *testing.T) {
}},
Condition: []chain.Condition{
{
Op: chain.CondStringEquals,
Object: chain.ObjectRequest,
Key: native.PropertyKeyActorPublicKey,
Value: mockResolver.users[user],
Op: chain.CondStringEquals,
Kind: chain.KindRequest,
Key: native.PropertyKeyActorPublicKey,
Value: mockResolver.users[user],
},
{
Op: chain.CondStringLike,
Object: chain.ObjectResource,
Key: PropertyKeyFilePath,
Value: objName,
Op: chain.CondStringLike,
Kind: chain.KindResource,
Key: PropertyKeyFilePath,
Value: objName,
},
},
},
@ -250,10 +250,10 @@ func TestConverters(t *testing.T) {
fmt.Sprintf(native.ResourceFormatNamespaceContainer, namespace, mockResolver.containers[bktName]),
}},
Condition: []chain.Condition{{
Op: chain.CondStringEquals,
Object: chain.ObjectRequest,
Key: native.PropertyKeyActorPublicKey,
Value: mockResolver.users[user],
Op: chain.CondStringEquals,
Kind: chain.KindRequest,
Key: native.PropertyKeyActorPublicKey,
Value: mockResolver.users[user],
}},
},
}}
@ -345,10 +345,10 @@ func TestConverters(t *testing.T) {
Actions: chain.Actions{Names: []string{"s3:DeleteObject", "s3:DeleteMultipleObjects", "iam:*"}},
Resources: chain.Resources{Names: []string{"*"}},
Condition: []chain.Condition{{
Op: chain.CondStringEquals,
Object: chain.ObjectRequest,
Key: s3.PropertyKeyOwner,
Value: mockResolver.users[user],
Op: chain.CondStringEquals,
Kind: chain.KindRequest,
Key: s3.PropertyKeyOwner,
Value: mockResolver.users[user],
}},
}}}
@ -361,10 +361,10 @@ func TestConverters(t *testing.T) {
Actions: chain.Actions{Names: []string{native.MethodGetContainer, native.MethodDeleteObject, native.MethodPutObject, native.MethodHeadObject, native.MethodGetObject, native.MethodRangeObject}},
Resources: chain.Resources{Names: []string{native.ResourceFormatAllObjects, native.ResourceFormatAllContainers}},
Condition: []chain.Condition{{
Op: chain.CondStringEquals,
Object: chain.ObjectRequest,
Key: native.PropertyKeyActorPublicKey,
Value: mockResolver.users[user],
Op: chain.CondStringEquals,
Kind: chain.KindRequest,
Key: native.PropertyKeyActorPublicKey,
Value: mockResolver.users[user],
}},
}}}
@ -408,193 +408,193 @@ func TestConvertToChainCondition(t *testing.T) {
Any: true,
Conditions: []chain.Condition{
{
Op: chain.CondStringEquals,
Object: chain.ObjectRequest,
Key: "key1",
Value: "val0",
Op: chain.CondStringEquals,
Kind: chain.KindRequest,
Key: "key1",
Value: "val0",
},
{
Op: chain.CondStringEquals,
Object: chain.ObjectRequest,
Key: "key1",
Value: "val1",
Op: chain.CondStringEquals,
Kind: chain.KindRequest,
Key: "key1",
Value: "val1",
},
},
},
{
Conditions: []chain.Condition{{
Op: chain.CondStringNotEquals,
Object: chain.ObjectRequest,
Key: "key2",
Value: "val2",
Op: chain.CondStringNotEquals,
Kind: chain.KindRequest,
Key: "key2",
Value: "val2",
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondStringEqualsIgnoreCase,
Object: chain.ObjectRequest,
Key: "key3",
Value: "val3",
Op: chain.CondStringEqualsIgnoreCase,
Kind: chain.KindRequest,
Key: "key3",
Value: "val3",
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondStringNotEqualsIgnoreCase,
Object: chain.ObjectRequest,
Key: "key4",
Value: "val4",
Op: chain.CondStringNotEqualsIgnoreCase,
Kind: chain.KindRequest,
Key: "key4",
Value: "val4",
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondStringLike,
Object: chain.ObjectRequest,
Key: "key5",
Value: "val5",
Op: chain.CondStringLike,
Kind: chain.KindRequest,
Key: "key5",
Value: "val5",
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondStringNotLike,
Object: chain.ObjectRequest,
Key: "key6",
Value: "val6",
Op: chain.CondStringNotLike,
Kind: chain.KindRequest,
Key: "key6",
Value: "val6",
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondStringEquals,
Object: chain.ObjectRequest,
Key: "key7",
Value: "1136189045",
Op: chain.CondStringEquals,
Kind: chain.KindRequest,
Key: "key7",
Value: "1136189045",
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondStringNotEquals,
Object: chain.ObjectRequest,
Key: "key8",
Value: "1136214245",
Op: chain.CondStringNotEquals,
Kind: chain.KindRequest,
Key: "key8",
Value: "1136214245",
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondStringLessThan,
Object: chain.ObjectRequest,
Key: "key9",
Value: "1136192645",
Op: chain.CondStringLessThan,
Kind: chain.KindRequest,
Key: "key9",
Value: "1136192645",
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondStringLessThanEquals,
Object: chain.ObjectRequest,
Key: "key10",
Value: "1136203445",
Op: chain.CondStringLessThanEquals,
Kind: chain.KindRequest,
Key: "key10",
Value: "1136203445",
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondStringGreaterThan,
Object: chain.ObjectRequest,
Key: "key11",
Value: "1136217845",
Op: chain.CondStringGreaterThan,
Kind: chain.KindRequest,
Key: "key11",
Value: "1136217845",
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondStringGreaterThanEquals,
Object: chain.ObjectRequest,
Key: "key12",
Value: "1136225045",
Op: chain.CondStringGreaterThanEquals,
Kind: chain.KindRequest,
Key: "key12",
Value: "1136225045",
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondStringEqualsIgnoreCase,
Object: chain.ObjectRequest,
Key: "key13",
Value: "True",
Op: chain.CondStringEqualsIgnoreCase,
Kind: chain.KindRequest,
Key: "key13",
Value: "True",
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondStringEquals,
Object: chain.ObjectRequest,
Key: "key16",
Value: "val16",
Op: chain.CondStringEquals,
Kind: chain.KindRequest,
Key: "key16",
Value: "val16",
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondStringLike,
Object: chain.ObjectRequest,
Key: condKeyAWSPrincipalARN,
Value: principal,
Op: chain.CondStringLike,
Kind: chain.KindRequest,
Key: condKeyAWSPrincipalARN,
Value: principal,
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondStringNotEquals,
Object: chain.ObjectRequest,
Key: "key18",
Value: "val18",
Op: chain.CondStringNotEquals,
Kind: chain.KindRequest,
Key: "key18",
Value: "val18",
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondStringNotLike,
Object: chain.ObjectRequest,
Key: "key19",
Value: "val19",
Op: chain.CondStringNotLike,
Kind: chain.KindRequest,
Key: "key19",
Value: "val19",
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondNumericEquals,
Object: chain.ObjectRequest,
Key: "key20",
Value: "-20",
Op: chain.CondNumericEquals,
Kind: chain.KindRequest,
Key: "key20",
Value: "-20",
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondNumericNotEquals,
Object: chain.ObjectRequest,
Key: "key21",
Value: "+21",
Op: chain.CondNumericNotEquals,
Kind: chain.KindRequest,
Key: "key21",
Value: "+21",
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondNumericLessThan,
Object: chain.ObjectRequest,
Key: "key22",
Value: "0",
Op: chain.CondNumericLessThan,
Kind: chain.KindRequest,
Key: "key22",
Value: "0",
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondNumericLessThanEquals,
Object: chain.ObjectRequest,
Key: "key23",
Value: "23.23",
Op: chain.CondNumericLessThanEquals,
Kind: chain.KindRequest,
Key: "key23",
Value: "23.23",
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondNumericGreaterThan,
Object: chain.ObjectRequest,
Key: "key24",
Value: "-24.24",
Op: chain.CondNumericGreaterThan,
Kind: chain.KindRequest,
Key: "key24",
Value: "-24.24",
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondNumericGreaterThanEquals,
Object: chain.ObjectRequest,
Key: "key25",
Value: "+25.25",
Op: chain.CondNumericGreaterThanEquals,
Kind: chain.KindRequest,
Key: "key25",
Value: "+25.25",
}},
},
}
@ -668,10 +668,10 @@ func TestIPConditions(t *testing.T) {
Actions: chain.Actions{Names: []string{"s3:*"}},
Resources: chain.Resources{Names: []string{Wildcard}},
Condition: []chain.Condition{{
Op: chain.CondIPAddress,
Object: chain.ObjectRequest,
Key: common.PropertyKeyFrostFSSourceIP,
Value: "203.0.113.0/24",
Op: chain.CondIPAddress,
Kind: chain.KindRequest,
Key: common.PropertyKeyFrostFSSourceIP,
Value: "203.0.113.0/24",
}},
}},
}
@ -686,10 +686,10 @@ func TestIPConditions(t *testing.T) {
Actions: chain.Actions{Names: []string{Wildcard}},
Resources: chain.Resources{Names: []string{native.ResourceFormatAllObjects, native.ResourceFormatAllContainers}},
Condition: []chain.Condition{{
Op: chain.CondIPAddress,
Object: chain.ObjectRequest,
Key: common.PropertyKeyFrostFSSourceIP,
Value: "203.0.113.0/24",
Op: chain.CondIPAddress,
Kind: chain.KindRequest,
Key: common.PropertyKeyFrostFSSourceIP,
Value: "203.0.113.0/24",
}},
}},
}
@ -828,12 +828,12 @@ func TestComplexNativeConditions(t *testing.T) {
expectedResource1 := chain.Resources{Names: []string{nativeResource1, nativeResource1cnr}}
expectedResource23 := chain.Resources{Names: []string{nativeResource2, nativeResource2cnr, nativeResource3, nativeResource3cnr}}
user1Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: native.PropertyKeyActorPublicKey, Value: mockResolver.users[user1]}
user2Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: native.PropertyKeyActorPublicKey, Value: mockResolver.users[user2]}
objectName1Condition := chain.Condition{Op: chain.CondStringLike, Object: chain.ObjectResource, Key: PropertyKeyFilePath, Value: objName1}
key1val0Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: key1, Value: val0}
key1val1Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: key1, Value: val1}
key2val2Condition := chain.Condition{Op: chain.CondStringLike, Object: chain.ObjectRequest, Key: key2, Value: val2}
user1Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: native.PropertyKeyActorPublicKey, Value: mockResolver.users[user1]}
user2Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: native.PropertyKeyActorPublicKey, Value: mockResolver.users[user2]}
objectName1Condition := chain.Condition{Op: chain.CondStringLike, Kind: chain.KindResource, Key: PropertyKeyFilePath, Value: objName1}
key1val0Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: key1, Value: val0}
key1val1Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: key1, Value: val1}
key2val2Condition := chain.Condition{Op: chain.CondStringLike, Kind: chain.KindRequest, Key: key2, Value: val2}
expected := &chain.Chain{Rules: []chain.Rule{
{
@ -1138,11 +1138,11 @@ func TestComplexS3Conditions(t *testing.T) {
expectedActions := chain.Actions{Names: []string{action, action2}}
expectedResources := chain.Resources{Names: []string{resource1, resource2, resource3}}
user1Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: s3.PropertyKeyOwner, Value: mockResolver.users[user1]}
user2Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: s3.PropertyKeyOwner, Value: mockResolver.users[user2]}
key1val0Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: key1, Value: val0}
key1val1Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: key1, Value: val1}
key2val2Condition := chain.Condition{Op: chain.CondStringLike, Object: chain.ObjectRequest, Key: key2, Value: val2}
user1Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: s3.PropertyKeyOwner, Value: mockResolver.users[user1]}
user2Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: s3.PropertyKeyOwner, Value: mockResolver.users[user2]}
key1val0Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: key1, Value: val0}
key1val1Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: key1, Value: val1}
key2val2Condition := chain.Condition{Op: chain.CondStringLike, Kind: chain.KindRequest, Key: key2, Value: val2}
expected := &chain.Chain{Rules: []chain.Rule{
{
@ -1698,22 +1698,22 @@ func TestTagsConditions(t *testing.T) {
expectedConditions := []chain.Condition{
{
Op: chain.CondStringEquals,
Object: chain.ObjectRequest,
Key: fmt.Sprintf(common.PropertyKeyFormatFrostFSIDUserClaim, "tag-department"),
Value: "hr",
Op: chain.CondStringEquals,
Kind: chain.KindRequest,
Key: fmt.Sprintf(common.PropertyKeyFormatFrostFSIDUserClaim, "tag-department"),
Value: "hr",
},
{
Op: chain.CondStringEquals,
Object: chain.ObjectRequest,
Key: fmt.Sprintf(s3.PropertyKeyFormatResourceTag, "owner"),
Value: "hr-admin",
Op: chain.CondStringEquals,
Kind: chain.KindRequest,
Key: fmt.Sprintf(s3.PropertyKeyFormatResourceTag, "owner"),
Value: "hr-admin",
},
{
Op: chain.CondStringEquals,
Object: chain.ObjectRequest,
Key: fmt.Sprintf(s3.PropertyKeyFormatRequestTag, "scope"),
Value: "*",
Op: chain.CondStringEquals,
Kind: chain.KindRequest,
Key: fmt.Sprintf(s3.PropertyKeyFormatRequestTag, "scope"),
Value: "*",
},
}
@ -1754,10 +1754,10 @@ func TestMFACondition(t *testing.T) {
expectedConditions := []chain.Condition{
{
Op: chain.CondStringEqualsIgnoreCase,
Object: chain.ObjectRequest,
Key: s3.PropertyKeyAccessBoxAttrMFA,
Value: "true",
Op: chain.CondStringEqualsIgnoreCase,
Kind: chain.KindRequest,
Key: s3.PropertyKeyAccessBoxAttrMFA,
Value: "true",
},
}

View file

@ -68,17 +68,17 @@ type Resources struct {
}
type Condition struct {
Op ConditionType
Object ObjectType
Key string
Value string
Op ConditionType
Kind ConditionKindType
Key string
Value string
}
type ObjectType byte
type ConditionKindType byte
const (
ObjectResource ObjectType = iota
ObjectRequest
KindResource ConditionKindType = iota
KindRequest
)
type ConditionType byte
@ -157,13 +157,13 @@ func FormCondSliceContainsValue(values []string) string {
func (c *Condition) Match(req resource.Request) bool {
var val string
switch c.Object {
case ObjectResource:
switch c.Kind {
case KindResource:
val = req.Resource().Property(c.Key)
case ObjectRequest:
case KindRequest:
val = req.Property(c.Key)
default:
panic(fmt.Sprintf("unknown condition type: %d", c.Object))
panic(fmt.Sprintf("unknown condition type: %d", c.Kind))
}
switch c.Op {

Binary file not shown.

View file

@ -98,10 +98,10 @@ func TestCondSliceContainsMatch(t *testing.T) {
Actions: Actions{Names: []string{native.MethodPutObject}},
Resources: Resources{Names: []string{native.ResourceFormatRootContainers}},
Condition: []Condition{{
Op: CondSliceContains,
Object: ObjectRequest,
Key: propKey,
Value: groupID,
Op: CondSliceContains,
Kind: KindRequest,
Key: propKey,
Value: groupID,
}},
}}}
@ -164,22 +164,22 @@ func TestNumericConditionsMatch(t *testing.T) {
name: "value from interval",
conditions: []Condition{
{
Op: CondNumericLessThan,
Object: ObjectRequest,
Key: propKey,
Value: "100",
Op: CondNumericLessThan,
Kind: KindRequest,
Key: propKey,
Value: "100",
},
{
Op: CondNumericGreaterThan,
Object: ObjectRequest,
Key: propKey,
Value: "80",
Op: CondNumericGreaterThan,
Kind: KindRequest,
Key: propKey,
Value: "80",
},
{
Op: CondNumericNotEquals,
Object: ObjectRequest,
Key: propKey,
Value: "91",
Op: CondNumericNotEquals,
Kind: KindRequest,
Key: propKey,
Value: "91",
},
},
value: "90",
@ -189,22 +189,22 @@ func TestNumericConditionsMatch(t *testing.T) {
name: "border value",
conditions: []Condition{
{
Op: CondNumericEquals,
Object: ObjectRequest,
Key: propKey,
Value: "50",
Op: CondNumericEquals,
Kind: KindRequest,
Key: propKey,
Value: "50",
},
{
Op: CondNumericLessThanEquals,
Object: ObjectRequest,
Key: propKey,
Value: "50",
Op: CondNumericLessThanEquals,
Kind: KindRequest,
Key: propKey,
Value: "50",
},
{
Op: CondNumericGreaterThanEquals,
Object: ObjectRequest,
Key: propKey,
Value: "50",
Op: CondNumericGreaterThanEquals,
Kind: KindRequest,
Key: propKey,
Value: "50",
},
},
value: "50",
@ -270,10 +270,10 @@ func TestInvalidNumericValues(t *testing.T) {
t.Run(tc.name, func(t *testing.T) {
resource := testutil.NewResource(native.ResourceFormatRootContainers, nil)
condition := Condition{
Op: tc.conditionType,
Object: ObjectRequest,
Key: propKey,
Value: "50",
Op: tc.conditionType,
Kind: KindRequest,
Key: propKey,
Value: "50",
}
for _, propValue := range propValues {

View file

@ -218,7 +218,7 @@ func marshalCondition(buf []byte, offset int, c Condition) (int, error) {
if err != nil {
return 0, err
}
offset, err = marshal.ByteMarshal(buf, offset, byte(c.Object))
offset, err = marshal.ByteMarshal(buf, offset, byte(c.Kind))
if err != nil {
return 0, err
}
@ -241,7 +241,7 @@ func unmarshalCondition(buf []byte, offset int) (Condition, int, error) {
if err != nil {
return Condition{}, 0, err
}
c.Object = ObjectType(obV)
c.Kind = ConditionKindType(obV)
c.Key, offset, err = marshal.StringUnmarshal(buf, offset)
if err != nil {

View file

@ -178,31 +178,31 @@ func generateTestConditions() [][]Condition {
for _, ct := range generateTestConditionTypes() {
for _, ot := range generateObjectTypes() {
result[2] = append(result[2], Condition{
Op: ct,
Object: ot,
Key: "",
Value: "",
Op: ct,
Kind: ot,
Key: "",
Value: "",
})
result[2] = append(result[2], Condition{
Op: ct,
Object: ot,
Key: "key",
Value: "",
Op: ct,
Kind: ot,
Key: "key",
Value: "",
})
result[2] = append(result[2], Condition{
Op: ct,
Object: ot,
Key: "",
Value: "value",
Op: ct,
Kind: ot,
Key: "",
Value: "value",
})
result[2] = append(result[2], Condition{
Op: ct,
Object: ot,
Key: "key",
Value: "value",
Op: ct,
Kind: ot,
Key: "key",
Value: "value",
})
}
}
@ -232,10 +232,10 @@ func generateTestConditionTypes() []ConditionType {
}
}
func generateObjectTypes() []ObjectType {
return []ObjectType{
ObjectResource,
ObjectRequest,
func generateObjectTypes() []ConditionKindType {
return []ConditionKindType{
KindResource,
KindRequest,
}
}

View file

@ -29,11 +29,11 @@ var statusToJSONValue = []struct {
}
var objectTypeToJSONValue = []struct {
t ObjectType
t ConditionKindType
str string
}{
{ObjectRequest, "Request"},
{ObjectResource, "Resource"},
{KindRequest, "Request"},
{KindResource, "Resource"},
}
func (mt MatchType) MarshalEasyJSON(w *jwriter.Writer) {
@ -90,7 +90,7 @@ func (st *Status) UnmarshalEasyJSON(l *jlexer.Lexer) {
*st = Status(v)
}
func (ot ObjectType) MarshalEasyJSON(w *jwriter.Writer) {
func (ot ConditionKindType) MarshalEasyJSON(w *jwriter.Writer) {
for _, p := range objectTypeToJSONValue {
if p.t == ot {
w.String(p.str)
@ -100,7 +100,7 @@ func (ot ObjectType) MarshalEasyJSON(w *jwriter.Writer) {
w.String(strconv.FormatUint(uint64(ot), 10))
}
func (ot *ObjectType) UnmarshalEasyJSON(l *jlexer.Lexer) {
func (ot *ConditionKindType) UnmarshalEasyJSON(l *jlexer.Lexer) {
str := l.String()
for _, p := range objectTypeToJSONValue {
if p.str == str {
@ -114,7 +114,7 @@ func (ot *ObjectType) UnmarshalEasyJSON(l *jlexer.Lexer) {
l.AddError(fmt.Errorf("failed to parse object type: %w", err))
return
}
*ot = ObjectType(v)
*ot = ConditionKindType(v)
}
func (ct ConditionType) MarshalEasyJSON(w *jwriter.Writer) {

View file

@ -68,10 +68,10 @@ func TestJsonEnums(t *testing.T) {
},
Condition: []Condition{
{
Op: CondStringEquals,
Object: ObjectRequest,
Key: native.PropertyKeyActorRole,
Value: native.PropertyValueContainerRoleOthers,
Op: CondStringEquals,
Kind: KindRequest,
Key: native.PropertyKeyActorRole,
Value: native.PropertyValueContainerRoleOthers,
},
},
},
@ -87,10 +87,10 @@ func TestJsonEnums(t *testing.T) {
Any: true,
Condition: []Condition{
{
Op: CondStringNotLike,
Object: ObjectResource,
Key: native.PropertyKeyObjectType,
Value: "regular",
Op: CondStringNotLike,
Kind: KindResource,
Key: native.PropertyKeyObjectType,
Value: "regular",
},
},
},
@ -98,8 +98,8 @@ func TestJsonEnums(t *testing.T) {
Status: Status(100),
Condition: []Condition{
{
Op: ConditionType(255),
Object: ObjectType(128),
Op: ConditionType(255),
Kind: ConditionKindType(128),
},
},
},

View file

@ -20,7 +20,7 @@
"Condition": [
{
"Op": "StringEquals",
"Object": "Request",
"Kind": "Request",
"Key": "$Actor:role",
"Value": "others"
}
@ -44,7 +44,7 @@
"Condition": [
{
"Op": "StringNotLike",
"Object": "Resource",
"Kind": "Resource",
"Key": "$Object:objectType",
"Value": "regular"
}
@ -64,7 +64,7 @@
"Condition": [
{
"Op": "255",
"Object": "128",
"Kind": "128",
"Key": "",
"Value": ""
}

View file

@ -69,16 +69,16 @@ func TestInmemory(t *testing.T) {
Any: true,
Condition: []chain.Condition{
{
Op: chain.CondStringNotLike,
Object: chain.ObjectRequest,
Key: "SourceIP",
Value: "10.1.1.*",
Op: chain.CondStringNotLike,
Kind: chain.KindRequest,
Key: "SourceIP",
Value: "10.1.1.*",
},
{
Op: chain.CondStringNotEquals,
Object: chain.ObjectRequest,
Key: "Actor",
Value: actor1,
Op: chain.CondStringNotEquals,
Kind: chain.KindRequest,
Key: "Actor",
Value: actor1,
},
},
},
@ -111,16 +111,16 @@ func TestInmemory(t *testing.T) {
Resources: chain.Resources{Names: []string{"native::object::abc/*"}},
Condition: []chain.Condition{
{
Op: chain.CondStringEquals,
Object: chain.ObjectResource,
Key: "Department",
Value: "HR",
Op: chain.CondStringEquals,
Kind: chain.KindResource,
Key: "Department",
Value: "HR",
},
{
Op: chain.CondStringEquals,
Object: chain.ObjectRequest,
Key: "Actor",
Value: actor2,
Op: chain.CondStringEquals,
Kind: chain.KindRequest,
Key: "Actor",
Value: actor2,
},
},
},