TrueCloudLab/policy-engine
20
0
Fork 11
generated from TrueCloudLab/basic
Code Issues 5 Pull requests 1 Projects Releases Packages Wiki Activity Actions

chain: Refactor ObjectType type #75

Merged
fyrchik merged 1 commit from aarifullin/policy-engine:fix/refactor_cnr_obj_type into master 2024-09-04 19:51:23 +00:00
Conversation 0 Commits 1 Files changed 13 +283 -283
13 changed files with 283 additions and 283 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
iam/converter.go
View file

@ -182,7 +182,7 @@ func convertToChainCondition(c Conditions) ([]GroupedConditions, error) {
group.Conditions[i] = chain.Condition{ group.Conditions[i] = chain.Condition{
Op: condType, Op: condType,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: transformKey(key), Key: transformKey(key),
Value: converted, Value: converted,
} }

4
iam/converter_native.go
View file

@ -215,7 +215,7 @@ func getNativePrincipalsAndConditionFunc(statement Statement, resolver NativeRes
return principals, func(principal string) chain.Condition { return principals, func(principal string) chain.Condition {
return chain.Condition{ return chain.Condition{
Op: op, Op: op,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: native.PropertyKeyActorPublicKey, Key: native.PropertyKeyActorPublicKey,
Value: principal, Value: principal,
} }
@ -315,7 +315,7 @@ func formNativeResourceNamesAndConditions(names []string, resolver NativeResolve
Conditions: []chain.Condition{ Conditions: []chain.Condition{
{ {
Op: chain.CondStringLike, Op: chain.CondStringLike,
Object: chain.ObjectResource, Kind: chain.KindResource,
Key: PropertyKeyFilePath, Key: PropertyKeyFilePath,
Value: obj, Value: obj,
}, },

2
iam/converter_s3.go
View file

@ -159,7 +159,7 @@ func getS3PrincipalsAndConditionFunc(statement Statement, resolver S3Resolver) (
return principals, func(principal string) chain.Condition { return principals, func(principal string) chain.Condition {
return chain.Condition{ return chain.Condition{
Op: op, Op: op,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: s3.PropertyKeyOwner, Key: s3.PropertyKeyOwner,
Value: principal, Value: principal,
} }

100
iam/converter_test.go
View file

@ -103,13 +103,13 @@ func TestConverters(t *testing.T) {
Condition: []chain.Condition{ Condition: []chain.Condition{
{ {
Op: chain.CondStringEquals, Op: chain.CondStringEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: s3.PropertyKeyOwner, Key: s3.PropertyKeyOwner,
Value: mockResolver.users[user], Value: mockResolver.users[user],
}, },
{ {
Op: chain.CondStringEquals, Op: chain.CondStringEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "s3:RequestObjectTag/Department", Key: "s3:RequestObjectTag/Department",
Value: "Finance", Value: "Finance",
}, },
@ -147,7 +147,7 @@ func TestConverters(t *testing.T) {
Condition: []chain.Condition{ Condition: []chain.Condition{
{ {
Op: chain.CondStringEquals, Op: chain.CondStringEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: native.PropertyKeyActorPublicKey, Key: native.PropertyKeyActorPublicKey,
Value: mockResolver.users[user], Value: mockResolver.users[user],
}, },
@ -181,7 +181,7 @@ func TestConverters(t *testing.T) {
Condition: []chain.Condition{ Condition: []chain.Condition{
{ {
Op: chain.CondStringNotEquals, Op: chain.CondStringNotEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: s3.PropertyKeyOwner, Key: s3.PropertyKeyOwner,
Value: mockResolver.users[user], Value: mockResolver.users[user],
}, },
@ -226,13 +226,13 @@ func TestConverters(t *testing.T) {
Condition: []chain.Condition{ Condition: []chain.Condition{
{ {
Op: chain.CondStringEquals, Op: chain.CondStringEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: native.PropertyKeyActorPublicKey, Key: native.PropertyKeyActorPublicKey,
Value: mockResolver.users[user], Value: mockResolver.users[user],
}, },
{ {
Op: chain.CondStringLike, Op: chain.CondStringLike,
Object: chain.ObjectResource, Kind: chain.KindResource,
Key: PropertyKeyFilePath, Key: PropertyKeyFilePath,
Value: objName, Value: objName,
}, },
@ -251,7 +251,7 @@ func TestConverters(t *testing.T) {
}}, }},
Condition: []chain.Condition{{ Condition: []chain.Condition{{
Op: chain.CondStringEquals, Op: chain.CondStringEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: native.PropertyKeyActorPublicKey, Key: native.PropertyKeyActorPublicKey,
Value: mockResolver.users[user], Value: mockResolver.users[user],
}}, }},
@ -346,7 +346,7 @@ func TestConverters(t *testing.T) {
Resources: chain.Resources{Names: []string{"*"}}, Resources: chain.Resources{Names: []string{"*"}},
Condition: []chain.Condition{{ Condition: []chain.Condition{{
Op: chain.CondStringEquals, Op: chain.CondStringEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: s3.PropertyKeyOwner, Key: s3.PropertyKeyOwner,
Value: mockResolver.users[user], Value: mockResolver.users[user],
}}, }},
@ -362,7 +362,7 @@ func TestConverters(t *testing.T) {
Resources: chain.Resources{Names: []string{native.ResourceFormatAllObjects, native.ResourceFormatAllContainers}}, Resources: chain.Resources{Names: []string{native.ResourceFormatAllObjects, native.ResourceFormatAllContainers}},
Condition: []chain.Condition{{ Condition: []chain.Condition{{
Op: chain.CondStringEquals, Op: chain.CondStringEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: native.PropertyKeyActorPublicKey, Key: native.PropertyKeyActorPublicKey,
Value: mockResolver.users[user], Value: mockResolver.users[user],
}}, }},
@ -409,13 +409,13 @@ func TestConvertToChainCondition(t *testing.T) {
Conditions: []chain.Condition{ Conditions: []chain.Condition{
{ {
Op: chain.CondStringEquals, Op: chain.CondStringEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key1", Key: "key1",
Value: "val0", Value: "val0",
}, },
{ {
Op: chain.CondStringEquals, Op: chain.CondStringEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key1", Key: "key1",
Value: "val1", Value: "val1",
}, },
@ -424,7 +424,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondStringNotEquals, Op: chain.CondStringNotEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key2", Key: "key2",
Value: "val2", Value: "val2",
}}, }},
@ -432,7 +432,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondStringEqualsIgnoreCase, Op: chain.CondStringEqualsIgnoreCase,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key3", Key: "key3",
Value: "val3", Value: "val3",
}}, }},
@ -440,7 +440,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondStringNotEqualsIgnoreCase, Op: chain.CondStringNotEqualsIgnoreCase,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key4", Key: "key4",
Value: "val4", Value: "val4",
}}, }},
@ -448,7 +448,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondStringLike, Op: chain.CondStringLike,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key5", Key: "key5",
Value: "val5", Value: "val5",
}}, }},
@ -456,7 +456,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondStringNotLike, Op: chain.CondStringNotLike,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key6", Key: "key6",
Value: "val6", Value: "val6",
}}, }},
@ -464,7 +464,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondStringEquals, Op: chain.CondStringEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key7", Key: "key7",
Value: "1136189045", Value: "1136189045",
}}, }},
@ -472,7 +472,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondStringNotEquals, Op: chain.CondStringNotEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key8", Key: "key8",
Value: "1136214245", Value: "1136214245",
}}, }},
@ -480,7 +480,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondStringLessThan, Op: chain.CondStringLessThan,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key9", Key: "key9",
Value: "1136192645", Value: "1136192645",
}}, }},
@ -488,7 +488,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondStringLessThanEquals, Op: chain.CondStringLessThanEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key10", Key: "key10",
Value: "1136203445", Value: "1136203445",
}}, }},
@ -496,7 +496,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondStringGreaterThan, Op: chain.CondStringGreaterThan,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key11", Key: "key11",
Value: "1136217845", Value: "1136217845",
}}, }},
@ -504,7 +504,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondStringGreaterThanEquals, Op: chain.CondStringGreaterThanEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key12", Key: "key12",
Value: "1136225045", Value: "1136225045",
}}, }},
@ -512,7 +512,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondStringEqualsIgnoreCase, Op: chain.CondStringEqualsIgnoreCase,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key13", Key: "key13",
Value: "True", Value: "True",
}}, }},
@ -520,7 +520,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondStringEquals, Op: chain.CondStringEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key16", Key: "key16",
Value: "val16", Value: "val16",
}}, }},
@ -528,7 +528,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondStringLike, Op: chain.CondStringLike,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: condKeyAWSPrincipalARN, Key: condKeyAWSPrincipalARN,
Value: principal, Value: principal,
}}, }},
@ -536,7 +536,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondStringNotEquals, Op: chain.CondStringNotEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key18", Key: "key18",
Value: "val18", Value: "val18",
}}, }},
@ -544,7 +544,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondStringNotLike, Op: chain.CondStringNotLike,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key19", Key: "key19",
Value: "val19", Value: "val19",
}}, }},
@ -552,7 +552,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondNumericEquals, Op: chain.CondNumericEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key20", Key: "key20",
Value: "-20", Value: "-20",
}}, }},
@ -560,7 +560,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondNumericNotEquals, Op: chain.CondNumericNotEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key21", Key: "key21",
Value: "+21", Value: "+21",
}}, }},
@ -568,7 +568,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondNumericLessThan, Op: chain.CondNumericLessThan,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key22", Key: "key22",
Value: "0", Value: "0",
}}, }},
@ -576,7 +576,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondNumericLessThanEquals, Op: chain.CondNumericLessThanEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key23", Key: "key23",
Value: "23.23", Value: "23.23",
}}, }},
@ -584,7 +584,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondNumericGreaterThan, Op: chain.CondNumericGreaterThan,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key24", Key: "key24",
Value: "-24.24", Value: "-24.24",
}}, }},
@ -592,7 +592,7 @@ func TestConvertToChainCondition(t *testing.T) {
{ {
Conditions: []chain.Condition{{ Conditions: []chain.Condition{{
Op: chain.CondNumericGreaterThanEquals, Op: chain.CondNumericGreaterThanEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "key25", Key: "key25",
Value: "+25.25", Value: "+25.25",
}}, }},
@ -669,7 +669,7 @@ func TestIPConditions(t *testing.T) {
Resources: chain.Resources{Names: []string{Wildcard}}, Resources: chain.Resources{Names: []string{Wildcard}},
Condition: []chain.Condition{{ Condition: []chain.Condition{{
Op: chain.CondIPAddress, Op: chain.CondIPAddress,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: common.PropertyKeyFrostFSSourceIP, Key: common.PropertyKeyFrostFSSourceIP,
Value: "203.0.113.0/24", Value: "203.0.113.0/24",
}}, }},
@ -687,7 +687,7 @@ func TestIPConditions(t *testing.T) {
Resources: chain.Resources{Names: []string{native.ResourceFormatAllObjects, native.ResourceFormatAllContainers}}, Resources: chain.Resources{Names: []string{native.ResourceFormatAllObjects, native.ResourceFormatAllContainers}},
Condition: []chain.Condition{{ Condition: []chain.Condition{{
Op: chain.CondIPAddress, Op: chain.CondIPAddress,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: common.PropertyKeyFrostFSSourceIP, Key: common.PropertyKeyFrostFSSourceIP,
Value: "203.0.113.0/24", Value: "203.0.113.0/24",
}}, }},
@ -828,12 +828,12 @@ func TestComplexNativeConditions(t *testing.T) {
expectedResource1 := chain.Resources{Names: []string{nativeResource1, nativeResource1cnr}} expectedResource1 := chain.Resources{Names: []string{nativeResource1, nativeResource1cnr}}
expectedResource23 := chain.Resources{Names: []string{nativeResource2, nativeResource2cnr, nativeResource3, nativeResource3cnr}} expectedResource23 := chain.Resources{Names: []string{nativeResource2, nativeResource2cnr, nativeResource3, nativeResource3cnr}}
user1Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: native.PropertyKeyActorPublicKey, Value: mockResolver.users[user1]} user1Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: native.PropertyKeyActorPublicKey, Value: mockResolver.users[user1]}
user2Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: native.PropertyKeyActorPublicKey, Value: mockResolver.users[user2]} user2Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: native.PropertyKeyActorPublicKey, Value: mockResolver.users[user2]}
objectName1Condition := chain.Condition{Op: chain.CondStringLike, Object: chain.ObjectResource, Key: PropertyKeyFilePath, Value: objName1} objectName1Condition := chain.Condition{Op: chain.CondStringLike, Kind: chain.KindResource, Key: PropertyKeyFilePath, Value: objName1}
key1val0Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: key1, Value: val0} key1val0Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: key1, Value: val0}
key1val1Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: key1, Value: val1} key1val1Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: key1, Value: val1}
key2val2Condition := chain.Condition{Op: chain.CondStringLike, Object: chain.ObjectRequest, Key: key2, Value: val2} key2val2Condition := chain.Condition{Op: chain.CondStringLike, Kind: chain.KindRequest, Key: key2, Value: val2}
expected := &chain.Chain{Rules: []chain.Rule{ expected := &chain.Chain{Rules: []chain.Rule{
{ {
@ -1138,11 +1138,11 @@ func TestComplexS3Conditions(t *testing.T) {
expectedActions := chain.Actions{Names: []string{action, action2}} expectedActions := chain.Actions{Names: []string{action, action2}}
expectedResources := chain.Resources{Names: []string{resource1, resource2, resource3}} expectedResources := chain.Resources{Names: []string{resource1, resource2, resource3}}
user1Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: s3.PropertyKeyOwner, Value: mockResolver.users[user1]} user1Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: s3.PropertyKeyOwner, Value: mockResolver.users[user1]}
user2Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: s3.PropertyKeyOwner, Value: mockResolver.users[user2]} user2Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: s3.PropertyKeyOwner, Value: mockResolver.users[user2]}
key1val0Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: key1, Value: val0} key1val0Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: key1, Value: val0}
key1val1Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: key1, Value: val1} key1val1Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: key1, Value: val1}
key2val2Condition := chain.Condition{Op: chain.CondStringLike, Object: chain.ObjectRequest, Key: key2, Value: val2} key2val2Condition := chain.Condition{Op: chain.CondStringLike, Kind: chain.KindRequest, Key: key2, Value: val2}
expected := &chain.Chain{Rules: []chain.Rule{ expected := &chain.Chain{Rules: []chain.Rule{
{ {
@ -1699,19 +1699,19 @@ func TestTagsConditions(t *testing.T) {
expectedConditions := []chain.Condition{ expectedConditions := []chain.Condition{
{ {
Op: chain.CondStringEquals, Op: chain.CondStringEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: fmt.Sprintf(common.PropertyKeyFormatFrostFSIDUserClaim, "tag-department"), Key: fmt.Sprintf(common.PropertyKeyFormatFrostFSIDUserClaim, "tag-department"),
Value: "hr", Value: "hr",
}, },
{ {
Op: chain.CondStringEquals, Op: chain.CondStringEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: fmt.Sprintf(s3.PropertyKeyFormatResourceTag, "owner"), Key: fmt.Sprintf(s3.PropertyKeyFormatResourceTag, "owner"),
Value: "hr-admin", Value: "hr-admin",
}, },
{ {
Op: chain.CondStringEquals, Op: chain.CondStringEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: fmt.Sprintf(s3.PropertyKeyFormatRequestTag, "scope"), Key: fmt.Sprintf(s3.PropertyKeyFormatRequestTag, "scope"),
Value: "*", Value: "*",
}, },
@ -1755,7 +1755,7 @@ func TestMFACondition(t *testing.T) {
expectedConditions := []chain.Condition{ expectedConditions := []chain.Condition{
{ {
Op: chain.CondStringEqualsIgnoreCase, Op: chain.CondStringEqualsIgnoreCase,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: s3.PropertyKeyAccessBoxAttrMFA, Key: s3.PropertyKeyAccessBoxAttrMFA,
Value: "true", Value: "true",
}, },

16
pkg/chain/chain.go
View file

@ -69,16 +69,16 @@ type Resources struct {
type Condition struct { type Condition struct {
Op ConditionType Op ConditionType
Object ObjectType Kind ConditionKindType
fyrchik commented 2024-05-13 10:59:46 +00:00
Outdated
Review
Copy link

It is ok for a type name, but why do we use Condition prefix in the field name? It leads to Condition.ConditionKind full name and some verbosity in JSON format.
Also, Kind is somewhat synonymous with Type.

So what about Kind ConditionKind?

It is ok for a type name, but why do we use `Condition` prefix in the field name? It leads to `Condition.ConditionKind` full name and some verbosity in JSON format. Also, `Kind` is somewhat synonymous with `Type`. So what about `Kind ConditionKind`?
aarifullin commented 2024-05-13 14:33:55 +00:00
Outdated
Review
Copy link

Your point is absolutely fair but the point is that we've got similar names throuought:

Line 14 in TrueCloudLab/frostfs-contract@db36131
type Kind byte

(this is explanation for the rest of reviewers who didn't get the point of this renaming yet)

But I agreed that Condition.ConditionKind really looks ugly. Let's try the solution suggested by you 'Kind ConditionKind`

Your point is absolutely fair but the point is that we've got similar names throuought: https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/commit/db361318009cc9c9df97133c8c2acedad4eb2fd4/policy/policy_contract.go#L14 (this is explanation for the rest of reviewers who didn't get the point of this renaming yet) But I agreed that `Condition.ConditionKind` really looks ugly. Let's try the solution suggested by you 'Kind ConditionKind`
aarifullin commented 2024-05-13 14:37:15 +00:00
Outdated
Review
Copy link

UPD: Renamed to Kind ConditionKind

UPD: Renamed to `Kind ConditionKind`
Key string Key string
fyrchik commented 2024-05-07 15:16:22 +00:00
Outdated
Review
Copy link

It definitely causes confusion. What about renaming it to Kind?
The type should also be named Kind and constants KindResource, KindRequest.

It definitely causes confusion. What about renaming it to `Kind`? The type should also be named `Kind` and constants `KindResource`, `KindRequest`.
aarifullin commented 2024-05-07 16:31:14 +00:00
Outdated
Review
Copy link

Yeah, Kind really sounds good 👍

Yeah, `Kind` really sounds good 👍
aarifullin commented 2024-05-07 16:34:28 +00:00
Outdated
Review
Copy link

But this breaks backward compatibility - "old" chains with Object won't be parsed

But this breaks backward compatibility - "old" chains with `Object` won't be parsed
fyrchik commented 2024-05-08 07:28:24 +00:00
Outdated
Review
Copy link

Why, though? The binary format is unchanged, besides removed items, which is unrelated to naming.

Btw if removing these constant breaks backward-compatibility with v0.38.4 version of node, we shouldn't do it.

Why, though? The binary format is unchanged, besides removed items, which is unrelated to naming. Btw if removing these constant breaks backward-compatibility with v0.38.4 version of node, we shouldn't do it.
fyrchik commented 2024-05-08 07:30:50 +00:00
Outdated
Review
Copy link

Breaking compatibility in frostfs-cli is fine, though.

Breaking compatibility in frostfs-cli is fine, though.
Value string Value string
} }
type ObjectType byte type ConditionKindType byte
const ( const (
ObjectResource ObjectType = iota KindResource ConditionKindType = iota
ObjectRequest KindRequest
) )
type ConditionType byte type ConditionType byte
@ -157,13 +157,13 @@ func FormCondSliceContainsValue(values []string) string {
func (c *Condition) Match(req resource.Request) bool { func (c *Condition) Match(req resource.Request) bool {
var val string var val string
switch c.Object { switch c.Kind {
case ObjectResource: case KindResource:
val = req.Resource().Property(c.Key) val = req.Resource().Property(c.Key)
case ObjectRequest: case KindRequest:
val = req.Property(c.Key) val = req.Property(c.Key)
default: default:
panic(fmt.Sprintf("unknown condition type: %d", c.Object)) panic(fmt.Sprintf("unknown condition type: %d", c.Kind))
} }
switch c.Op { switch c.Op {

BIN
pkg/chain/chain_easyjson.go generated
View file

Binary file not shown.

16
pkg/chain/chain_test.go
View file

@ -99,7 +99,7 @@ func TestCondSliceContainsMatch(t *testing.T) {
Resources: Resources{Names: []string{native.ResourceFormatRootContainers}}, Resources: Resources{Names: []string{native.ResourceFormatRootContainers}},
Condition: []Condition{{ Condition: []Condition{{
Op: CondSliceContains, Op: CondSliceContains,
Object: ObjectRequest, Kind: KindRequest,
Key: propKey, Key: propKey,
Value: groupID, Value: groupID,
}}, }},
@ -165,19 +165,19 @@ func TestNumericConditionsMatch(t *testing.T) {
conditions: []Condition{ conditions: []Condition{
{ {
Op: CondNumericLessThan, Op: CondNumericLessThan,
Object: ObjectRequest, Kind: KindRequest,
Key: propKey, Key: propKey,
Value: "100", Value: "100",
}, },
{ {
Op: CondNumericGreaterThan, Op: CondNumericGreaterThan,
Object: ObjectRequest, Kind: KindRequest,
Key: propKey, Key: propKey,
Value: "80", Value: "80",
}, },
{ {
Op: CondNumericNotEquals, Op: CondNumericNotEquals,
Object: ObjectRequest, Kind: KindRequest,
Key: propKey, Key: propKey,
Value: "91", Value: "91",
}, },
@ -190,19 +190,19 @@ func TestNumericConditionsMatch(t *testing.T) {
conditions: []Condition{ conditions: []Condition{
{ {
Op: CondNumericEquals, Op: CondNumericEquals,
Object: ObjectRequest, Kind: KindRequest,
Key: propKey, Key: propKey,
Value: "50", Value: "50",
}, },
{ {
Op: CondNumericLessThanEquals, Op: CondNumericLessThanEquals,
Object: ObjectRequest, Kind: KindRequest,
Key: propKey, Key: propKey,
Value: "50", Value: "50",
}, },
{ {
Op: CondNumericGreaterThanEquals, Op: CondNumericGreaterThanEquals,
Object: ObjectRequest, Kind: KindRequest,
Key: propKey, Key: propKey,
Value: "50", Value: "50",
}, },
@ -271,7 +271,7 @@ func TestInvalidNumericValues(t *testing.T) {
resource := testutil.NewResource(native.ResourceFormatRootContainers, nil) resource := testutil.NewResource(native.ResourceFormatRootContainers, nil)
condition := Condition{ condition := Condition{
Op: tc.conditionType, Op: tc.conditionType,
Object: ObjectRequest, Kind: KindRequest,
Key: propKey, Key: propKey,
Value: "50", Value: "50",
} }

4
pkg/chain/marshal_binary.go
View file

@ -218,7 +218,7 @@ func marshalCondition(buf []byte, offset int, c Condition) (int, error) {
if err != nil { if err != nil {
return 0, err return 0, err
} }
offset, err = marshal.ByteMarshal(buf, offset, byte(c.Object)) offset, err = marshal.ByteMarshal(buf, offset, byte(c.Kind))
if err != nil { if err != nil {
return 0, err return 0, err
} }
@ -241,7 +241,7 @@ func unmarshalCondition(buf []byte, offset int) (Condition, int, error) {
if err != nil { if err != nil {
return Condition{}, 0, err return Condition{}, 0, err
} }
c.Object = ObjectType(obV) c.Kind = ConditionKindType(obV)
c.Key, offset, err = marshal.StringUnmarshal(buf, offset) c.Key, offset, err = marshal.StringUnmarshal(buf, offset)
if err != nil { if err != nil {

16
pkg/chain/marshal_binary_test.go
View file

@ -179,28 +179,28 @@ func generateTestConditions() [][]Condition {
for _, ot := range generateObjectTypes() { for _, ot := range generateObjectTypes() {
result[2] = append(result[2], Condition{ result[2] = append(result[2], Condition{
Op: ct, Op: ct,
Object: ot, Kind: ot,
Key: "", Key: "",
Value: "", Value: "",
}) })
result[2] = append(result[2], Condition{ result[2] = append(result[2], Condition{
Op: ct, Op: ct,
Object: ot, Kind: ot,
Key: "key", Key: "key",
Value: "", Value: "",
}) })
result[2] = append(result[2], Condition{ result[2] = append(result[2], Condition{
Op: ct, Op: ct,
Object: ot, Kind: ot,
Key: "", Key: "",
Value: "value", Value: "value",
}) })
result[2] = append(result[2], Condition{ result[2] = append(result[2], Condition{
Op: ct, Op: ct,
Object: ot, Kind: ot,
Key: "key", Key: "key",
Value: "value", Value: "value",
}) })
@ -232,10 +232,10 @@ func generateTestConditionTypes() []ConditionType {
} }
} }
func generateObjectTypes() []ObjectType { func generateObjectTypes() []ConditionKindType {
return []ObjectType{ return []ConditionKindType{
ObjectResource, KindResource,
ObjectRequest, KindRequest,
} }
} }

12
pkg/chain/marshal_json.go
View file

@ -29,11 +29,11 @@ var statusToJSONValue = []struct {
} }
var objectTypeToJSONValue = []struct { var objectTypeToJSONValue = []struct {
t ObjectType t ConditionKindType
str string str string
}{ }{
{ObjectRequest, "Request"}, {KindRequest, "Request"},
{ObjectResource, "Resource"}, {KindResource, "Resource"},
} }
func (mt MatchType) MarshalEasyJSON(w *jwriter.Writer) { func (mt MatchType) MarshalEasyJSON(w *jwriter.Writer) {
@ -90,7 +90,7 @@ func (st *Status) UnmarshalEasyJSON(l *jlexer.Lexer) {
*st = Status(v) *st = Status(v)
} }
func (ot ObjectType) MarshalEasyJSON(w *jwriter.Writer) { func (ot ConditionKindType) MarshalEasyJSON(w *jwriter.Writer) {
for _, p := range objectTypeToJSONValue { for _, p := range objectTypeToJSONValue {
if p.t == ot { if p.t == ot {
w.String(p.str) w.String(p.str)
@ -100,7 +100,7 @@ func (ot ObjectType) MarshalEasyJSON(w *jwriter.Writer) {
w.String(strconv.FormatUint(uint64(ot), 10)) w.String(strconv.FormatUint(uint64(ot), 10))
} }
func (ot *ObjectType) UnmarshalEasyJSON(l *jlexer.Lexer) { func (ot *ConditionKindType) UnmarshalEasyJSON(l *jlexer.Lexer) {
str := l.String() str := l.String()
for _, p := range objectTypeToJSONValue { for _, p := range objectTypeToJSONValue {
if p.str == str { if p.str == str {
@ -114,7 +114,7 @@ func (ot *ObjectType) UnmarshalEasyJSON(l *jlexer.Lexer) {
l.AddError(fmt.Errorf("failed to parse object type: %w", err)) l.AddError(fmt.Errorf("failed to parse object type: %w", err))
return return
} }
*ot = ObjectType(v) *ot = ConditionKindType(v)
} }
func (ct ConditionType) MarshalEasyJSON(w *jwriter.Writer) { func (ct ConditionType) MarshalEasyJSON(w *jwriter.Writer) {

6
pkg/chain/marshal_json_test.go
View file

@ -69,7 +69,7 @@ func TestJsonEnums(t *testing.T) {
Condition: []Condition{ Condition: []Condition{
{ {
Op: CondStringEquals, Op: CondStringEquals,
Object: ObjectRequest, Kind: KindRequest,
Key: native.PropertyKeyActorRole, Key: native.PropertyKeyActorRole,
Value: native.PropertyValueContainerRoleOthers, Value: native.PropertyValueContainerRoleOthers,
}, },
@ -88,7 +88,7 @@ func TestJsonEnums(t *testing.T) {
Condition: []Condition{ Condition: []Condition{
{ {
Op: CondStringNotLike, Op: CondStringNotLike,
Object: ObjectResource, Kind: KindResource,
Key: native.PropertyKeyObjectType, Key: native.PropertyKeyObjectType,
Value: "regular", Value: "regular",
}, },
@ -99,7 +99,7 @@ func TestJsonEnums(t *testing.T) {
Condition: []Condition{ Condition: []Condition{
{ {
Op: ConditionType(255), Op: ConditionType(255),
Object: ObjectType(128), Kind: ConditionKindType(128),
}, },
}, },
}, },

6
pkg/chain/testdata/test_status_json.json vendored
View file

@ -20,7 +20,7 @@
"Condition": [ "Condition": [
{ {
"Op": "StringEquals", "Op": "StringEquals",
"Object": "Request", "Kind": "Request",
"Key": "$Actor:role", "Key": "$Actor:role",
"Value": "others" "Value": "others"
} }
@ -44,7 +44,7 @@
"Condition": [ "Condition": [
{ {
"Op": "StringNotLike", "Op": "StringNotLike",
"Object": "Resource", "Kind": "Resource",
"Key": "$Object:objectType", "Key": "$Object:objectType",
"Value": "regular" "Value": "regular"
} }
@ -64,7 +64,7 @@
"Condition": [ "Condition": [
{ {
"Op": "255", "Op": "255",
"Object": "128", "Kind": "128",
"Key": "", "Key": "",
"Value": "" "Value": ""
} }

8
pkg/engine/inmemory/inmemory_test.go
View file

@ -70,13 +70,13 @@ func TestInmemory(t *testing.T) {
Condition: []chain.Condition{ Condition: []chain.Condition{
{ {
Op: chain.CondStringNotLike, Op: chain.CondStringNotLike,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "SourceIP", Key: "SourceIP",
Value: "10.1.1.*", Value: "10.1.1.*",
}, },
{ {
Op: chain.CondStringNotEquals, Op: chain.CondStringNotEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "Actor", Key: "Actor",
Value: actor1, Value: actor1,
}, },
@ -112,13 +112,13 @@ func TestInmemory(t *testing.T) {
Condition: []chain.Condition{ Condition: []chain.Condition{
{ {
Op: chain.CondStringEquals, Op: chain.CondStringEquals,
Object: chain.ObjectResource, Kind: chain.KindResource,
Key: "Department", Key: "Department",
Value: "HR", Value: "HR",
}, },
{ {
Op: chain.CondStringEquals, Op: chain.CondStringEquals,
Object: chain.ObjectRequest, Kind: chain.KindRequest,
Key: "Actor", Key: "Actor",
Value: actor2, Value: actor2,
}, },