chain: Refactor ObjectType type #75

Merged
fyrchik merged 1 commit from aarifullin/policy-engine:fix/refactor_cnr_obj_type into master 2024-09-04 19:51:23 +00:00
13 changed files with 283 additions and 283 deletions

View file

@ -182,7 +182,7 @@ func convertToChainCondition(c Conditions) ([]GroupedConditions, error) {
group.Conditions[i] = chain.Condition{ group.Conditions[i] = chain.Condition{
Op: condType, Op: condType,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: transformKey(key), Key: transformKey(key),
Value: converted, Value: converted,
} }

View file

@ -215,7 +215,7 @@ func getNativePrincipalsAndConditionFunc(statement Statement, resolver NativeRes
return principals, func(principal string) chain.Condition { return principals, func(principal string) chain.Condition {
return chain.Condition{ return chain.Condition{
Op: op, Op: op,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: native.PropertyKeyActorPublicKey, Key: native.PropertyKeyActorPublicKey,
Value: principal, Value: principal,
} }
@ -315,7 +315,7 @@ func formNativeResourceNamesAndConditions(names []string, resolver NativeResolve
Conditions: []chain.Condition{ Conditions: []chain.Condition{
{ {
Op: chain.CondStringLike, Op: chain.CondStringLike,
Object: chain.ObjectResource, Kind: chain.KindResource,
Key: PropertyKeyFilePath, Key: PropertyKeyFilePath,
Value: obj, Value: obj,
}, },

View file

@ -159,7 +159,7 @@ func getS3PrincipalsAndConditionFunc(statement Statement, resolver S3Resolver) (
return principals, func(principal string) chain.Condition { return principals, func(principal string) chain.Condition {
return chain.Condition{ return chain.Condition{
Op: op, Op: op,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: s3.PropertyKeyOwner, Key: s3.PropertyKeyOwner,
Value: principal, Value: principal,
} }

View file

@ -103,13 +103,13 @@ func TestConverters(t *testing.T) {
Condition: []chain.Condition{ Condition: []chain.Condition{
{ {
Op: chain.CondStringEquals, Op: chain.CondStringEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: s3.PropertyKeyOwner, Key: s3.PropertyKeyOwner,
Value: mockResolver.users[user], Value: mockResolver.users[user],
}, },
{ {
Op: chain.CondStringEquals, Op: chain.CondStringEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "s3:RequestObjectTag/Department", Key: "s3:RequestObjectTag/Department",
Value: "Finance", Value: "Finance",
}, },
@ -147,7 +147,7 @@ func TestConverters(t *testing.T) {
Condition: []chain.Condition{ Condition: []chain.Condition{
{ {
Op: chain.CondStringEquals, Op: chain.CondStringEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: native.PropertyKeyActorPublicKey, Key: native.PropertyKeyActorPublicKey,
Value: mockResolver.users[user], Value: mockResolver.users[user],
}, },
@ -181,7 +181,7 @@ func TestConverters(t *testing.T) {
Condition: []chain.Condition{ Condition: []chain.Condition{
{ {
Op: chain.CondStringNotEquals, Op: chain.CondStringNotEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: s3.PropertyKeyOwner, Key: s3.PropertyKeyOwner,
Value: mockResolver.users[user], Value: mockResolver.users[user],
}, },
@ -226,13 +226,13 @@ func TestConverters(t *testing.T) {
Condition: []chain.Condition{ Condition: []chain.Condition{
{ {
Op: chain.CondStringEquals, Op: chain.CondStringEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: native.PropertyKeyActorPublicKey, Key: native.PropertyKeyActorPublicKey,
Value: mockResolver.users[user], Value: mockResolver.users[user],
}, },
{ {
Op: chain.CondStringLike, Op: chain.CondStringLike,
Object: chain.ObjectResource, Kind: chain.KindResource,
Key: PropertyKeyFilePath, Key: PropertyKeyFilePath,
Value: objName, Value: objName,
}, },
@ -251,7 +251,7 @@ func TestConverters(t *testing.T) {
}}, }},
Condition: []chain.Condition{{ Condition: []chain.Condition{{
Op: chain.CondStringEquals, Op: chain.CondStringEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: native.PropertyKeyActorPublicKey, Key: native.PropertyKeyActorPublicKey,
Value: mockResolver.users[user], Value: mockResolver.users[user],
}}, }},
@ -346,7 +346,7 @@ func TestConverters(t *testing.T) {
Resources: chain.Resources{Names: []string{"*"}}, Resources: chain.Resources{Names: []string{"*"}},
Condition: []chain.Condition{{ Condition: []chain.Condition{{
Op: chain.CondStringEquals, Op: chain.CondStringEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: s3.PropertyKeyOwner, Key: s3.PropertyKeyOwner,
Value: mockResolver.users[user], Value: mockResolver.users[user],
}}, }},
@ -362,7 +362,7 @@ func TestConverters(t *testing.T) {
Resources: chain.Resources{Names: []string{native.ResourceFormatAllObjects, native.ResourceFormatAllContainers}}, Resources: chain.Resources{Names: []string{native.ResourceFormatAllObjects, native.ResourceFormatAllContainers}},
Condition: []chain.Condition{{ Condition: []chain.Condition{{
Op: chain.CondStringEquals, Op: chain.CondStringEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: native.PropertyKeyActorPublicKey, Key: native.PropertyKeyActorPublicKey,
Value: mockResolver.users[user], Value: mockResolver.users[user],
}}, }},
@ -409,13 +409,13 @@ func TestConvertToChainCondition(t *testing.T) {
Conditions: []chain.Condition{ Conditions: []chain.Condition{
{ {
Op: chain.CondStringEquals, Op: chain.CondStringEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key1", Key: "key1",
Value: "val0", Value: "val0",
}, },
{ {
Op: chain.CondStringEquals, Op: chain.CondStringEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key1", Key: "key1",
Value: "val1", Value: "val1",
}, },
@ -424,7 +424,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondStringNotEquals, Op: chain.CondStringNotEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key2", Key: "key2",
Value: "val2", Value: "val2",
}}, }},
@ -432,7 +432,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondStringEqualsIgnoreCase, Op: chain.CondStringEqualsIgnoreCase,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key3", Key: "key3",
Value: "val3", Value: "val3",
}}, }},
@ -440,7 +440,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondStringNotEqualsIgnoreCase, Op: chain.CondStringNotEqualsIgnoreCase,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key4", Key: "key4",
Value: "val4", Value: "val4",
}}, }},
@ -448,7 +448,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondStringLike, Op: chain.CondStringLike,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key5", Key: "key5",
Value: "val5", Value: "val5",
}}, }},
@ -456,7 +456,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondStringNotLike, Op: chain.CondStringNotLike,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key6", Key: "key6",
Value: "val6", Value: "val6",
}}, }},
@ -464,7 +464,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondStringEquals, Op: chain.CondStringEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key7", Key: "key7",
Value: "1136189045", Value: "1136189045",
}}, }},
@ -472,7 +472,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondStringNotEquals, Op: chain.CondStringNotEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key8", Key: "key8",
Value: "1136214245", Value: "1136214245",
}}, }},
@ -480,7 +480,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondStringLessThan, Op: chain.CondStringLessThan,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key9", Key: "key9",
Value: "1136192645", Value: "1136192645",
}}, }},
@ -488,7 +488,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondStringLessThanEquals, Op: chain.CondStringLessThanEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key10", Key: "key10",
Value: "1136203445", Value: "1136203445",
}}, }},
@ -496,7 +496,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondStringGreaterThan, Op: chain.CondStringGreaterThan,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key11", Key: "key11",
Value: "1136217845", Value: "1136217845",
}}, }},
@ -504,7 +504,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondStringGreaterThanEquals, Op: chain.CondStringGreaterThanEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key12", Key: "key12",
Value: "1136225045", Value: "1136225045",
}}, }},
@ -512,7 +512,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondStringEqualsIgnoreCase, Op: chain.CondStringEqualsIgnoreCase,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key13", Key: "key13",
Value: "True", Value: "True",
}}, }},
@ -520,7 +520,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondStringEquals, Op: chain.CondStringEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key16", Key: "key16",
Value: "val16", Value: "val16",
}}, }},
@ -528,7 +528,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondStringLike, Op: chain.CondStringLike,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: condKeyAWSPrincipalARN, Key: condKeyAWSPrincipalARN,
Value: principal, Value: principal,
}}, }},
@ -536,7 +536,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondStringNotEquals, Op: chain.CondStringNotEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key18", Key: "key18",
Value: "val18", Value: "val18",
}}, }},
@ -544,7 +544,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondStringNotLike, Op: chain.CondStringNotLike,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key19", Key: "key19",
Value: "val19", Value: "val19",
}}, }},
@ -552,7 +552,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondNumericEquals, Op: chain.CondNumericEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key20", Key: "key20",
Value: "-20", Value: "-20",
}}, }},
@ -560,7 +560,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondNumericNotEquals, Op: chain.CondNumericNotEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key21", Key: "key21",
Value: "+21", Value: "+21",
}}, }},
@ -568,7 +568,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondNumericLessThan, Op: chain.CondNumericLessThan,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key22", Key: "key22",
Value: "0", Value: "0",
}}, }},
@ -576,7 +576,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondNumericLessThanEquals, Op: chain.CondNumericLessThanEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key23", Key: "key23",
Value: "23.23", Value: "23.23",
}}, }},
@ -584,7 +584,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondNumericGreaterThan, Op: chain.CondNumericGreaterThan,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key24", Key: "key24",
Value: "-24.24", Value: "-24.24",
}}, }},
@ -592,7 +592,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondNumericGreaterThanEquals, Op: chain.CondNumericGreaterThanEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key25", Key: "key25",
Value: "+25.25", Value: "+25.25",
}}, }},
@ -669,7 +669,7 @@ func TestIPConditions(t *testing.T) {
Resources: chain.Resources{Names: []string{Wildcard}}, Resources: chain.Resources{Names: []string{Wildcard}},
Condition: []chain.Condition{{ Condition: []chain.Condition{{
Op: chain.CondIPAddress, Op: chain.CondIPAddress,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: common.PropertyKeyFrostFSSourceIP, Key: common.PropertyKeyFrostFSSourceIP,
Value: "203.0.113.0/24", Value: "203.0.113.0/24",
}}, }},
@ -687,7 +687,7 @@ func TestIPConditions(t *testing.T) {
Resources: chain.Resources{Names: []string{native.ResourceFormatAllObjects, native.ResourceFormatAllContainers}}, Resources: chain.Resources{Names: []string{native.ResourceFormatAllObjects, native.ResourceFormatAllContainers}},
Condition: []chain.Condition{{ Condition: []chain.Condition{{
Op: chain.CondIPAddress, Op: chain.CondIPAddress,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: common.PropertyKeyFrostFSSourceIP, Key: common.PropertyKeyFrostFSSourceIP,
Value: "203.0.113.0/24", Value: "203.0.113.0/24",
}}, }},
@ -828,12 +828,12 @@ func TestComplexNativeConditions(t *testing.T) {
expectedResource1 := chain.Resources{Names: []string{nativeResource1, nativeResource1cnr}} expectedResource1 := chain.Resources{Names: []string{nativeResource1, nativeResource1cnr}}
expectedResource23 := chain.Resources{Names: []string{nativeResource2, nativeResource2cnr, nativeResource3, nativeResource3cnr}} expectedResource23 := chain.Resources{Names: []string{nativeResource2, nativeResource2cnr, nativeResource3, nativeResource3cnr}}
user1Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: native.PropertyKeyActorPublicKey, Value: mockResolver.users[user1]} user1Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: native.PropertyKeyActorPublicKey, Value: mockResolver.users[user1]}
user2Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: native.PropertyKeyActorPublicKey, Value: mockResolver.users[user2]} user2Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: native.PropertyKeyActorPublicKey, Value: mockResolver.users[user2]}
objectName1Condition := chain.Condition{Op: chain.CondStringLike, Object: chain.ObjectResource, Key: PropertyKeyFilePath, Value: objName1} objectName1Condition := chain.Condition{Op: chain.CondStringLike, Kind: chain.KindResource, Key: PropertyKeyFilePath, Value: objName1}
key1val0Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: key1, Value: val0} key1val0Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: key1, Value: val0}
key1val1Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: key1, Value: val1} key1val1Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: key1, Value: val1}
key2val2Condition := chain.Condition{Op: chain.CondStringLike, Object: chain.ObjectRequest, Key: key2, Value: val2} key2val2Condition := chain.Condition{Op: chain.CondStringLike, Kind: chain.KindRequest, Key: key2, Value: val2}
expected := &chain.Chain{Rules: []chain.Rule{ expected := &chain.Chain{Rules: []chain.Rule{
{ {
@ -1138,11 +1138,11 @@ func TestComplexS3Conditions(t *testing.T) {
expectedActions := chain.Actions{Names: []string{action, action2}} expectedActions := chain.Actions{Names: []string{action, action2}}
expectedResources := chain.Resources{Names: []string{resource1, resource2, resource3}} expectedResources := chain.Resources{Names: []string{resource1, resource2, resource3}}
user1Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: s3.PropertyKeyOwner, Value: mockResolver.users[user1]} user1Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: s3.PropertyKeyOwner, Value: mockResolver.users[user1]}
user2Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: s3.PropertyKeyOwner, Value: mockResolver.users[user2]} user2Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: s3.PropertyKeyOwner, Value: mockResolver.users[user2]}
key1val0Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: key1, Value: val0} key1val0Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: key1, Value: val0}
key1val1Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: key1, Value: val1} key1val1Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: key1, Value: val1}
key2val2Condition := chain.Condition{Op: chain.CondStringLike, Object: chain.ObjectRequest, Key: key2, Value: val2} key2val2Condition := chain.Condition{Op: chain.CondStringLike, Kind: chain.KindRequest, Key: key2, Value: val2}
expected := &chain.Chain{Rules: []chain.Rule{ expected := &chain.Chain{Rules: []chain.Rule{
{ {
@ -1699,19 +1699,19 @@ func TestTagsConditions(t *testing.T) {
expectedConditions := []chain.Condition{ expectedConditions := []chain.Condition{
{ {
Op: chain.CondStringEquals, Op: chain.CondStringEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: fmt.Sprintf(common.PropertyKeyFormatFrostFSIDUserClaim, "tag-department"), Key: fmt.Sprintf(common.PropertyKeyFormatFrostFSIDUserClaim, "tag-department"),
Value: "hr", Value: "hr",
}, },
{ {
Op: chain.CondStringEquals, Op: chain.CondStringEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: fmt.Sprintf(s3.PropertyKeyFormatResourceTag, "owner"), Key: fmt.Sprintf(s3.PropertyKeyFormatResourceTag, "owner"),
Value: "hr-admin", Value: "hr-admin",
}, },
{ {
Op: chain.CondStringEquals, Op: chain.CondStringEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: fmt.Sprintf(s3.PropertyKeyFormatRequestTag, "scope"), Key: fmt.Sprintf(s3.PropertyKeyFormatRequestTag, "scope"),
Value: "*", Value: "*",
}, },
@ -1755,7 +1755,7 @@ func TestMFACondition(t *testing.T) {
expectedConditions := []chain.Condition{ expectedConditions := []chain.Condition{
{ {
Op: chain.CondStringEqualsIgnoreCase, Op: chain.CondStringEqualsIgnoreCase,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: s3.PropertyKeyAccessBoxAttrMFA, Key: s3.PropertyKeyAccessBoxAttrMFA,
Value: "true", Value: "true",
}, },

View file

@ -69,16 +69,16 @@ type Resources struct {
type Condition struct { type Condition struct {
Op ConditionType Op ConditionType
Object ObjectType Kind ConditionKindType
Key string Key string
Value string Value string
} }
type ObjectType byte type ConditionKindType byte
const ( const (
ObjectResource ObjectType = iota KindResource ConditionKindType = iota
ObjectRequest KindRequest
) )
type ConditionType byte type ConditionType byte
@ -157,13 +157,13 @@ func FormCondSliceContainsValue(values []string) string {
func (c *Condition) Match(req resource.Request) bool { func (c *Condition) Match(req resource.Request) bool {
var val string var val string
switch c.Object { switch c.Kind {
case ObjectResource: case KindResource:
val = req.Resource().Property(c.Key) val = req.Resource().Property(c.Key)
case ObjectRequest: case KindRequest:
val = req.Property(c.Key) val = req.Property(c.Key)
default: default:
panic(fmt.Sprintf("unknown condition type: %d", c.Object)) panic(fmt.Sprintf("unknown condition type: %d", c.Kind))
} }
switch c.Op { switch c.Op {

Binary file not shown.

View file

@ -99,7 +99,7 @@ func TestCondSliceContainsMatch(t *testing.T) {
Resources: Resources{Names: []string{native.ResourceFormatRootContainers}}, Resources: Resources{Names: []string{native.ResourceFormatRootContainers}},
Condition: []Condition{{ Condition: []Condition{{
Op: CondSliceContains, Op: CondSliceContains,
Object: ObjectRequest, Kind: KindRequest,
Key: propKey, Key: propKey,
Value: groupID, Value: groupID,
}}, }},
@ -165,19 +165,19 @@ func TestNumericConditionsMatch(t *testing.T) {
conditions: []Condition{ conditions: []Condition{
{ {
Op: CondNumericLessThan, Op: CondNumericLessThan,
Object: ObjectRequest, Kind: KindRequest,
Key: propKey, Key: propKey,
Value: "100", Value: "100",
}, },
{ {
Op: CondNumericGreaterThan, Op: CondNumericGreaterThan,
Object: ObjectRequest, Kind: KindRequest,
Key: propKey, Key: propKey,
Value: "80", Value: "80",
}, },
{ {
Op: CondNumericNotEquals, Op: CondNumericNotEquals,
Object: ObjectRequest, Kind: KindRequest,
Key: propKey, Key: propKey,
Value: "91", Value: "91",
}, },
@ -190,19 +190,19 @@ func TestNumericConditionsMatch(t *testing.T) {
conditions: []Condition{ conditions: []Condition{
{ {
Op: CondNumericEquals, Op: CondNumericEquals,
Object: ObjectRequest, Kind: KindRequest,
Key: propKey, Key: propKey,
Value: "50", Value: "50",
}, },
{ {
Op: CondNumericLessThanEquals, Op: CondNumericLessThanEquals,
Object: ObjectRequest, Kind: KindRequest,
Key: propKey, Key: propKey,
Value: "50", Value: "50",
}, },
{ {
Op: CondNumericGreaterThanEquals, Op: CondNumericGreaterThanEquals,
Object: ObjectRequest, Kind: KindRequest,
Key: propKey, Key: propKey,
Value: "50", Value: "50",
}, },
@ -271,7 +271,7 @@ func TestInvalidNumericValues(t *testing.T) {
resource := testutil.NewResource(native.ResourceFormatRootContainers, nil) resource := testutil.NewResource(native.ResourceFormatRootContainers, nil)
condition := Condition{ condition := Condition{
Op: tc.conditionType, Op: tc.conditionType,
Object: ObjectRequest, Kind: KindRequest,
Key: propKey, Key: propKey,
Value: "50", Value: "50",
} }

View file

@ -218,7 +218,7 @@ func marshalCondition(buf []byte, offset int, c Condition) (int, error) {
if err != nil { if err != nil {
return 0, err return 0, err
} }
offset, err = marshal.ByteMarshal(buf, offset, byte(c.Object)) offset, err = marshal.ByteMarshal(buf, offset, byte(c.Kind))
if err != nil { if err != nil {
return 0, err return 0, err
} }
@ -241,7 +241,7 @@ func unmarshalCondition(buf []byte, offset int) (Condition, int, error) {
if err != nil { if err != nil {
return Condition{}, 0, err return Condition{}, 0, err
} }
c.Object = ObjectType(obV) c.Kind = ConditionKindType(obV)
c.Key, offset, err = marshal.StringUnmarshal(buf, offset) c.Key, offset, err = marshal.StringUnmarshal(buf, offset)
if err != nil { if err != nil {

View file

@ -179,28 +179,28 @@ func generateTestConditions() [][]Condition {
for _, ot := range generateObjectTypes() { for _, ot := range generateObjectTypes() {
result[2] = append(result[2], Condition{ result[2] = append(result[2], Condition{
Op: ct, Op: ct,
Object: ot, Kind: ot,
Key: "", Key: "",
Value: "", Value: "",
}) })
result[2] = append(result[2], Condition{ result[2] = append(result[2], Condition{
Op: ct, Op: ct,
Object: ot, Kind: ot,
Key: "key", Key: "key",
Value: "", Value: "",
}) })
result[2] = append(result[2], Condition{ result[2] = append(result[2], Condition{
Op: ct, Op: ct,
Object: ot, Kind: ot,
Key: "", Key: "",
Value: "value", Value: "value",
}) })
result[2] = append(result[2], Condition{ result[2] = append(result[2], Condition{
Op: ct, Op: ct,
Object: ot, Kind: ot,
Key: "key", Key: "key",
Value: "value", Value: "value",
}) })
@ -232,10 +232,10 @@ func generateTestConditionTypes() []ConditionType {
} }
} }
func generateObjectTypes() []ObjectType { func generateObjectTypes() []ConditionKindType {
return []ObjectType{ return []ConditionKindType{
ObjectResource, KindResource,
ObjectRequest, KindRequest,
} }
} }

View file

@ -29,11 +29,11 @@ var statusToJSONValue = []struct {
} }
var objectTypeToJSONValue = []struct { var objectTypeToJSONValue = []struct {
t ObjectType t ConditionKindType
str string str string
}{ }{
{ObjectRequest, "Request"}, {KindRequest, "Request"},
{ObjectResource, "Resource"}, {KindResource, "Resource"},
} }
func (mt MatchType) MarshalEasyJSON(w *jwriter.Writer) { func (mt MatchType) MarshalEasyJSON(w *jwriter.Writer) {
@ -90,7 +90,7 @@ func (st *Status) UnmarshalEasyJSON(l *jlexer.Lexer) {
*st = Status(v) *st = Status(v)
} }
func (ot ObjectType) MarshalEasyJSON(w *jwriter.Writer) { func (ot ConditionKindType) MarshalEasyJSON(w *jwriter.Writer) {
for _, p := range objectTypeToJSONValue { for _, p := range objectTypeToJSONValue {
if p.t == ot { if p.t == ot {
w.String(p.str) w.String(p.str)
@ -100,7 +100,7 @@ func (ot ObjectType) MarshalEasyJSON(w *jwriter.Writer) {
w.String(strconv.FormatUint(uint64(ot), 10)) w.String(strconv.FormatUint(uint64(ot), 10))
} }
func (ot *ObjectType) UnmarshalEasyJSON(l *jlexer.Lexer) { func (ot *ConditionKindType) UnmarshalEasyJSON(l *jlexer.Lexer) {
str := l.String() str := l.String()
for _, p := range objectTypeToJSONValue { for _, p := range objectTypeToJSONValue {
if p.str == str { if p.str == str {
@ -114,7 +114,7 @@ func (ot *ObjectType) UnmarshalEasyJSON(l *jlexer.Lexer) {
l.AddError(fmt.Errorf("failed to parse object type: %w", err)) l.AddError(fmt.Errorf("failed to parse object type: %w", err))
return return
} }
*ot = ObjectType(v) *ot = ConditionKindType(v)
} }
func (ct ConditionType) MarshalEasyJSON(w *jwriter.Writer) { func (ct ConditionType) MarshalEasyJSON(w *jwriter.Writer) {

View file

@ -69,7 +69,7 @@ func TestJsonEnums(t *testing.T) {
Condition: []Condition{ Condition: []Condition{
{ {
Op: CondStringEquals, Op: CondStringEquals,
Object: ObjectRequest, Kind: KindRequest,
Key: native.PropertyKeyActorRole, Key: native.PropertyKeyActorRole,
Value: native.PropertyValueContainerRoleOthers, Value: native.PropertyValueContainerRoleOthers,
}, },
@ -88,7 +88,7 @@ func TestJsonEnums(t *testing.T) {
Condition: []Condition{ Condition: []Condition{
{ {
Op: CondStringNotLike, Op: CondStringNotLike,
Object: ObjectResource, Kind: KindResource,
Key: native.PropertyKeyObjectType, Key: native.PropertyKeyObjectType,
Value: "regular", Value: "regular",
}, },
@ -99,7 +99,7 @@ func TestJsonEnums(t *testing.T) {
Condition: []Condition{ Condition: []Condition{
{ {
Op: ConditionType(255), Op: ConditionType(255),
Object: ObjectType(128), Kind: ConditionKindType(128),
}, },
}, },
}, },

View file

@ -20,7 +20,7 @@
"Condition": [ "Condition": [
{ {
"Op": "StringEquals", "Op": "StringEquals",
"Object": "Request", "Kind": "Request",
"Key": "$Actor:role", "Key": "$Actor:role",
"Value": "others" "Value": "others"
} }
@ -44,7 +44,7 @@
"Condition": [ "Condition": [
{ {
"Op": "StringNotLike", "Op": "StringNotLike",
"Object": "Resource", "Kind": "Resource",
"Key": "$Object:objectType", "Key": "$Object:objectType",
"Value": "regular" "Value": "regular"
} }
@ -64,7 +64,7 @@
"Condition": [ "Condition": [
{ {
"Op": "255", "Op": "255",
"Object": "128", "Kind": "128",
"Key": "", "Key": "",
"Value": "" "Value": ""
} }

View file

@ -70,13 +70,13 @@ func TestInmemory(t *testing.T) {
Condition: []chain.Condition{ Condition: []chain.Condition{
{ {
Op: chain.CondStringNotLike, Op: chain.CondStringNotLike,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "SourceIP", Key: "SourceIP",
Value: "10.1.1.*", Value: "10.1.1.*",
}, },
{ {
Op: chain.CondStringNotEquals, Op: chain.CondStringNotEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "Actor", Key: "Actor",
Value: actor1, Value: actor1,
}, },
@ -112,13 +112,13 @@ func TestInmemory(t *testing.T) {
Condition: []chain.Condition{ Condition: []chain.Condition{
{ {
Op: chain.CondStringEquals, Op: chain.CondStringEquals,
Object: chain.ObjectResource, Kind: chain.KindResource,
Key: "Department", Key: "Department",
Value: "HR", Value: "HR",
}, },
{ {
Op: chain.CondStringEquals, Op: chain.CondStringEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "Actor", Key: "Actor",
Value: actor2, Value: actor2,
}, },