TrueCloudLab/policy-engine
21
0
Fork 12
generated from TrueCloudLab/basic
Code Issues 5 Pull requests 1 Projects Releases Packages Wiki Activity Actions

chain: Refactor ObjectType type #75

Merged
fyrchik merged 2 commits from aarifullin/policy-engine:fix/refactor_cnr_obj_type into master 2024-09-04 19:51:23 +00:00
Conversation 0 Commits 2 Files changed 13 +287 -289
13 changed files with 287 additions and 289 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
iam/converter.go
View file

@ -181,10 +181,10 @@ func convertToChainCondition(c Conditions) ([]GroupedConditions, error) {
}
group.Conditions[i] = chain.Condition{
Op: condType,
Object: chain.ObjectRequest,
Key: transformKey(key),
Value: converted,
Op: condType,
Kind: chain.KindRequest,
Key: transformKey(key),
Value: converted,
}
}
grouped = append(grouped, group)

16
iam/converter_native.go
View file

@ -214,10 +214,10 @@ func getNativePrincipalsAndConditionFunc(statement Statement, resolver NativeRes
return principals, func(principal string) chain.Condition {
return chain.Condition{
Op: op,
Object: chain.ObjectRequest,
Key: native.PropertyKeyActorPublicKey,
Value: principal,
Op: op,
Kind: chain.KindRequest,
Key: native.PropertyKeyActorPublicKey,
Value: principal,
}
}, nil
}
@ -314,10 +314,10 @@ func formNativeResourceNamesAndConditions(names []string, resolver NativeResolve
},
Conditions: []chain.Condition{
{
Op: chain.CondStringLike,
Object: chain.ObjectResource,
Key: PropertyKeyFilePath,
Value: obj,
Op: chain.CondStringLike,
Kind: chain.KindResource,
Key: PropertyKeyFilePath,
Value: obj,
},
},
})

8
iam/converter_s3.go
View file

@ -158,10 +158,10 @@ func getS3PrincipalsAndConditionFunc(statement Statement, resolver S3Resolver) (
return principals, func(principal string) chain.Condition {
return chain.Condition{
Op: op,
Object: chain.ObjectRequest,
Key: s3.PropertyKeyOwner,
Value: principal,
Op: op,
Kind: chain.KindRequest,
Key: s3.PropertyKeyOwner,
Value: principal,
}
}, nil
}

334
iam/converter_test.go
View file

@ -102,16 +102,16 @@ func TestConverters(t *testing.T) {
Resources: chain.Resources{Names: []string{resource}},
Condition: []chain.Condition{
{
Op: chain.CondStringEquals,
Object: chain.ObjectRequest,
Key: s3.PropertyKeyOwner,
Value: mockResolver.users[user],
Op: chain.CondStringEquals,
Kind: chain.KindRequest,
Key: s3.PropertyKeyOwner,
Value: mockResolver.users[user],
},
{
Op: chain.CondStringEquals,
Object: chain.ObjectRequest,
Key: "s3:RequestObjectTag/Department",
Value: "Finance",
Op: chain.CondStringEquals,
Kind: chain.KindRequest,
Key: "s3:RequestObjectTag/Department",
Value: "Finance",
},
},
},
@ -146,10 +146,10 @@ func TestConverters(t *testing.T) {
},
Condition: []chain.Condition{
{
Op: chain.CondStringEquals,
Object: chain.ObjectRequest,
Key: native.PropertyKeyActorPublicKey,
Value: mockResolver.users[user],
Op: chain.CondStringEquals,
Kind: chain.KindRequest,
Key: native.PropertyKeyActorPublicKey,
Value: mockResolver.users[user],
},
},
},
@ -180,10 +180,10 @@ func TestConverters(t *testing.T) {
Resources: chain.Resources{Inverted: true, Names: []string{resource}},
Condition: []chain.Condition{
{
Op: chain.CondStringNotEquals,
Object: chain.ObjectRequest,
Key: s3.PropertyKeyOwner,
Value: mockResolver.users[user],
Op: chain.CondStringNotEquals,
Kind: chain.KindRequest,
Key: s3.PropertyKeyOwner,
Value: mockResolver.users[user],
},
},
},
@ -225,16 +225,16 @@ func TestConverters(t *testing.T) {
}},
Condition: []chain.Condition{
{
Op: chain.CondStringEquals,
Object: chain.ObjectRequest,
Key: native.PropertyKeyActorPublicKey,
Value: mockResolver.users[user],
Op: chain.CondStringEquals,
Kind: chain.KindRequest,
Key: native.PropertyKeyActorPublicKey,
Value: mockResolver.users[user],
},
{
Op: chain.CondStringLike,
Object: chain.ObjectResource,
Key: PropertyKeyFilePath,
Value: objName,
Op: chain.CondStringLike,
Kind: chain.KindResource,
Key: PropertyKeyFilePath,
Value: objName,
},
},
},
@ -250,10 +250,10 @@ func TestConverters(t *testing.T) {
fmt.Sprintf(native.ResourceFormatNamespaceContainer, namespace, mockResolver.containers[bktName]),
}},
Condition: []chain.Condition{{
Op: chain.CondStringEquals,
Object: chain.ObjectRequest,
Key: native.PropertyKeyActorPublicKey,
Value: mockResolver.users[user],
Op: chain.CondStringEquals,
Kind: chain.KindRequest,
Key: native.PropertyKeyActorPublicKey,
Value: mockResolver.users[user],
}},
},
}}
@ -345,10 +345,10 @@ func TestConverters(t *testing.T) {
Actions: chain.Actions{Names: []string{"s3:DeleteObject", "s3:DeleteMultipleObjects", "iam:*"}},
Resources: chain.Resources{Names: []string{"*"}},
Condition: []chain.Condition{{
Op: chain.CondStringEquals,
Object: chain.ObjectRequest,
Key: s3.PropertyKeyOwner,
Value: mockResolver.users[user],
Op: chain.CondStringEquals,
Kind: chain.KindRequest,
Key: s3.PropertyKeyOwner,
Value: mockResolver.users[user],
}},
}}}
@ -361,10 +361,10 @@ func TestConverters(t *testing.T) {
Actions: chain.Actions{Names: []string{native.MethodGetContainer, native.MethodDeleteObject, native.MethodPutObject, native.MethodHeadObject, native.MethodGetObject, native.MethodRangeObject}},
Resources: chain.Resources{Names: []string{native.ResourceFormatAllObjects, native.ResourceFormatAllContainers}},
Condition: []chain.Condition{{
Op: chain.CondStringEquals,
Object: chain.ObjectRequest,
Key: native.PropertyKeyActorPublicKey,
Value: mockResolver.users[user],
Op: chain.CondStringEquals,
Kind: chain.KindRequest,
Key: native.PropertyKeyActorPublicKey,
Value: mockResolver.users[user],
}},
}}}
@ -408,193 +408,193 @@ func TestConvertToChainCondition(t *testing.T) {
Any: true,
Conditions: []chain.Condition{
{
Op: chain.CondStringEquals,
Object: chain.ObjectRequest,
Key: "key1",
Value: "val0",
Op: chain.CondStringEquals,
Kind: chain.KindRequest,
Key: "key1",
Value: "val0",
},
{
Op: chain.CondStringEquals,
Object: chain.ObjectRequest,
Key: "key1",
Value: "val1",
Op: chain.CondStringEquals,
Kind: chain.KindRequest,
Key: "key1",
Value: "val1",
},
},
},
{
Conditions: []chain.Condition{{
Op: chain.CondStringNotEquals,
Object: chain.ObjectRequest,
Key: "key2",
Value: "val2",
Op: chain.CondStringNotEquals,
Kind: chain.KindRequest,
Key: "key2",
Value: "val2",
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondStringEqualsIgnoreCase,
Object: chain.ObjectRequest,
Key: "key3",
Value: "val3",
Op: chain.CondStringEqualsIgnoreCase,
Kind: chain.KindRequest,
Key: "key3",
Value: "val3",
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondStringNotEqualsIgnoreCase,
Object: chain.ObjectRequest,
Key: "key4",
Value: "val4",
Op: chain.CondStringNotEqualsIgnoreCase,
Kind: chain.KindRequest,
Key: "key4",
Value: "val4",
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondStringLike,
Object: chain.ObjectRequest,
Key: "key5",
Value: "val5",
Op: chain.CondStringLike,
Kind: chain.KindRequest,
Key: "key5",
Value: "val5",
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondStringNotLike,
Object: chain.ObjectRequest,
Key: "key6",
Value: "val6",
Op: chain.CondStringNotLike,
Kind: chain.KindRequest,
Key: "key6",
Value: "val6",
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondStringEquals,
Object: chain.ObjectRequest,
Key: "key7",
Value: "1136189045",
Op: chain.CondStringEquals,
Kind: chain.KindRequest,
Key: "key7",
Value: "1136189045",
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondStringNotEquals,
Object: chain.ObjectRequest,
Key: "key8",
Value: "1136214245",
Op: chain.CondStringNotEquals,
Kind: chain.KindRequest,
Key: "key8",
Value: "1136214245",
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondStringLessThan,
Object: chain.ObjectRequest,
Key: "key9",
Value: "1136192645",
Op: chain.CondStringLessThan,
Kind: chain.KindRequest,
Key: "key9",
Value: "1136192645",
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondStringLessThanEquals,
Object: chain.ObjectRequest,
Key: "key10",
Value: "1136203445",
Op: chain.CondStringLessThanEquals,
Kind: chain.KindRequest,
Key: "key10",
Value: "1136203445",
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondStringGreaterThan,
Object: chain.ObjectRequest,
Key: "key11",
Value: "1136217845",
Op: chain.CondStringGreaterThan,
Kind: chain.KindRequest,
Key: "key11",
Value: "1136217845",
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondStringGreaterThanEquals,
Object: chain.ObjectRequest,
Key: "key12",
Value: "1136225045",
Op: chain.CondStringGreaterThanEquals,
Kind: chain.KindRequest,
Key: "key12",
Value: "1136225045",
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondStringEqualsIgnoreCase,
Object: chain.ObjectRequest,
Key: "key13",
Value: "True",
Op: chain.CondStringEqualsIgnoreCase,
Kind: chain.KindRequest,
Key: "key13",
Value: "True",
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondStringEquals,
Object: chain.ObjectRequest,
Key: "key16",
Value: "val16",
Op: chain.CondStringEquals,
Kind: chain.KindRequest,
Key: "key16",
Value: "val16",
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondStringLike,
Object: chain.ObjectRequest,
Key: condKeyAWSPrincipalARN,
Value: principal,
Op: chain.CondStringLike,
Kind: chain.KindRequest,
Key: condKeyAWSPrincipalARN,
Value: principal,
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondStringNotEquals,
Object: chain.ObjectRequest,
Key: "key18",
Value: "val18",
Op: chain.CondStringNotEquals,
Kind: chain.KindRequest,
Key: "key18",
Value: "val18",
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondStringNotLike,
Object: chain.ObjectRequest,
Key: "key19",
Value: "val19",
Op: chain.CondStringNotLike,
Kind: chain.KindRequest,
Key: "key19",
Value: "val19",
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondNumericEquals,
Object: chain.ObjectRequest,
Key: "key20",
Value: "-20",
Op: chain.CondNumericEquals,
Kind: chain.KindRequest,
Key: "key20",
Value: "-20",
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondNumericNotEquals,
Object: chain.ObjectRequest,
Key: "key21",
Value: "+21",
Op: chain.CondNumericNotEquals,
Kind: chain.KindRequest,
Key: "key21",
Value: "+21",
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondNumericLessThan,
Object: chain.ObjectRequest,
Key: "key22",
Value: "0",
Op: chain.CondNumericLessThan,
Kind: chain.KindRequest,
Key: "key22",
Value: "0",
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondNumericLessThanEquals,
Object: chain.ObjectRequest,
Key: "key23",
Value: "23.23",
Op: chain.CondNumericLessThanEquals,
Kind: chain.KindRequest,
Key: "key23",
Value: "23.23",
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondNumericGreaterThan,
Object: chain.ObjectRequest,
Key: "key24",
Value: "-24.24",
Op: chain.CondNumericGreaterThan,
Kind: chain.KindRequest,
Key: "key24",
Value: "-24.24",
}},
},
{
Conditions: []chain.Condition{{
Op: chain.CondNumericGreaterThanEquals,
Object: chain.ObjectRequest,
Key: "key25",
Value: "+25.25",
Op: chain.CondNumericGreaterThanEquals,
Kind: chain.KindRequest,
Key: "key25",
Value: "+25.25",
}},
},
}
@ -668,10 +668,10 @@ func TestIPConditions(t *testing.T) {
Actions: chain.Actions{Names: []string{"s3:*"}},
Resources: chain.Resources{Names: []string{Wildcard}},
Condition: []chain.Condition{{
Op: chain.CondIPAddress,
Object: chain.ObjectRequest,
Key: common.PropertyKeyFrostFSSourceIP,
Value: "203.0.113.0/24",
Op: chain.CondIPAddress,
Kind: chain.KindRequest,
Key: common.PropertyKeyFrostFSSourceIP,
Value: "203.0.113.0/24",
}},
}},
}
@ -686,10 +686,10 @@ func TestIPConditions(t *testing.T) {
Actions: chain.Actions{Names: []string{Wildcard}},
Resources: chain.Resources{Names: []string{native.ResourceFormatAllObjects, native.ResourceFormatAllContainers}},
Condition: []chain.Condition{{
Op: chain.CondIPAddress,
Object: chain.ObjectRequest,
Key: common.PropertyKeyFrostFSSourceIP,
Value: "203.0.113.0/24",
Op: chain.CondIPAddress,
Kind: chain.KindRequest,
Key: common.PropertyKeyFrostFSSourceIP,
Value: "203.0.113.0/24",
}},
}},
}
@ -828,12 +828,12 @@ func TestComplexNativeConditions(t *testing.T) {
expectedResource1 := chain.Resources{Names: []string{nativeResource1, nativeResource1cnr}}
expectedResource23 := chain.Resources{Names: []string{nativeResource2, nativeResource2cnr, nativeResource3, nativeResource3cnr}}
user1Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: native.PropertyKeyActorPublicKey, Value: mockResolver.users[user1]}
user2Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: native.PropertyKeyActorPublicKey, Value: mockResolver.users[user2]}
objectName1Condition := chain.Condition{Op: chain.CondStringLike, Object: chain.ObjectResource, Key: PropertyKeyFilePath, Value: objName1}
key1val0Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: key1, Value: val0}
key1val1Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: key1, Value: val1}
key2val2Condition := chain.Condition{Op: chain.CondStringLike, Object: chain.ObjectRequest, Key: key2, Value: val2}
user1Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: native.PropertyKeyActorPublicKey, Value: mockResolver.users[user1]}
user2Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: native.PropertyKeyActorPublicKey, Value: mockResolver.users[user2]}
objectName1Condition := chain.Condition{Op: chain.CondStringLike, Kind: chain.KindResource, Key: PropertyKeyFilePath, Value: objName1}
key1val0Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: key1, Value: val0}
key1val1Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: key1, Value: val1}
key2val2Condition := chain.Condition{Op: chain.CondStringLike, Kind: chain.KindRequest, Key: key2, Value: val2}
expected := &chain.Chain{Rules: []chain.Rule{
{
@ -1138,11 +1138,11 @@ func TestComplexS3Conditions(t *testing.T) {
expectedActions := chain.Actions{Names: []string{action, action2}}
expectedResources := chain.Resources{Names: []string{resource1, resource2, resource3}}
user1Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: s3.PropertyKeyOwner, Value: mockResolver.users[user1]}
user2Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: s3.PropertyKeyOwner, Value: mockResolver.users[user2]}
key1val0Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: key1, Value: val0}
key1val1Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: key1, Value: val1}
key2val2Condition := chain.Condition{Op: chain.CondStringLike, Object: chain.ObjectRequest, Key: key2, Value: val2}
user1Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: s3.PropertyKeyOwner, Value: mockResolver.users[user1]}
user2Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: s3.PropertyKeyOwner, Value: mockResolver.users[user2]}
key1val0Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: key1, Value: val0}
key1val1Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: key1, Value: val1}
key2val2Condition := chain.Condition{Op: chain.CondStringLike, Kind: chain.KindRequest, Key: key2, Value: val2}
expected := &chain.Chain{Rules: []chain.Rule{
{
@ -1698,22 +1698,22 @@ func TestTagsConditions(t *testing.T) {
expectedConditions := []chain.Condition{
{
Op: chain.CondStringEquals,
Object: chain.ObjectRequest,
Key: fmt.Sprintf(common.PropertyKeyFormatFrostFSIDUserClaim, "tag-department"),
Value: "hr",
Op: chain.CondStringEquals,
Kind: chain.KindRequest,
Key: fmt.Sprintf(common.PropertyKeyFormatFrostFSIDUserClaim, "tag-department"),
Value: "hr",
},
{
Op: chain.CondStringEquals,
Object: chain.ObjectRequest,
Key: fmt.Sprintf(s3.PropertyKeyFormatResourceTag, "owner"),
Value: "hr-admin",
Op: chain.CondStringEquals,
Kind: chain.KindRequest,
Key: fmt.Sprintf(s3.PropertyKeyFormatResourceTag, "owner"),
Value: "hr-admin",
},
{
Op: chain.CondStringEquals,
Object: chain.ObjectRequest,
Key: fmt.Sprintf(s3.PropertyKeyFormatRequestTag, "scope"),
Value: "*",
Op: chain.CondStringEquals,
Kind: chain.KindRequest,
Key: fmt.Sprintf(s3.PropertyKeyFormatRequestTag, "scope"),
Value: "*",
},
}
@ -1754,10 +1754,10 @@ func TestMFACondition(t *testing.T) {
expectedConditions := []chain.Condition{
{
Op: chain.CondStringEqualsIgnoreCase,
Object: chain.ObjectRequest,
Key: s3.PropertyKeyAccessBoxAttrMFA,
Value: "true",
Op: chain.CondStringEqualsIgnoreCase,
Kind: chain.KindRequest,
Key: s3.PropertyKeyAccessBoxAttrMFA,
Value: "true",
},
}

24
pkg/chain/chain.go
View file

@ -68,19 +68,17 @@ type Resources struct {
}
type Condition struct {
Op ConditionType
Object ObjectType
Key string
Value string
Op ConditionType
Kind ConditionKindType
fyrchik commented 2024-05-13 10:59:46 +00:00
Outdated
Review
Copy link

It is ok for a type name, but why do we use Condition prefix in the field name? It leads to Condition.ConditionKind full name and some verbosity in JSON format.
Also, Kind is somewhat synonymous with Type.

So what about Kind ConditionKind?

It is ok for a type name, but why do we use `Condition` prefix in the field name? It leads to `Condition.ConditionKind` full name and some verbosity in JSON format. Also, `Kind` is somewhat synonymous with `Type`. So what about `Kind ConditionKind`?
aarifullin commented 2024-05-13 14:33:55 +00:00
Outdated
Review
Copy link

Your point is absolutely fair but the point is that we've got similar names throuought:

Line 14 in TrueCloudLab/frostfs-contract@db36131
type Kind byte

(this is explanation for the rest of reviewers who didn't get the point of this renaming yet)

But I agreed that Condition.ConditionKind really looks ugly. Let's try the solution suggested by you 'Kind ConditionKind`

Your point is absolutely fair but the point is that we've got similar names throuought: https://git.frostfs.info/TrueCloudLab/frostfs-contract/src/commit/db361318009cc9c9df97133c8c2acedad4eb2fd4/policy/policy_contract.go#L14 (this is explanation for the rest of reviewers who didn't get the point of this renaming yet) But I agreed that `Condition.ConditionKind` really looks ugly. Let's try the solution suggested by you 'Kind ConditionKind`
aarifullin commented 2024-05-13 14:37:15 +00:00
Outdated
Review
Copy link

UPD: Renamed to Kind ConditionKind

UPD: Renamed to `Kind ConditionKind`
Key string
fyrchik commented 2024-05-07 15:16:22 +00:00
Outdated
Review
Copy link

It definitely causes confusion. What about renaming it to Kind?
The type should also be named Kind and constants KindResource, KindRequest.

It definitely causes confusion. What about renaming it to `Kind`? The type should also be named `Kind` and constants `KindResource`, `KindRequest`.
aarifullin commented 2024-05-07 16:31:14 +00:00
Outdated
Review
Copy link

Yeah, Kind really sounds good 👍

Yeah, `Kind` really sounds good 👍
aarifullin commented 2024-05-07 16:34:28 +00:00
Outdated
Review
Copy link

But this breaks backward compatibility - "old" chains with Object won't be parsed

But this breaks backward compatibility - "old" chains with `Object` won't be parsed
fyrchik commented 2024-05-08 07:28:24 +00:00
Outdated
Review
Copy link

Why, though? The binary format is unchanged, besides removed items, which is unrelated to naming.

Btw if removing these constant breaks backward-compatibility with v0.38.4 version of node, we shouldn't do it.

Why, though? The binary format is unchanged, besides removed items, which is unrelated to naming. Btw if removing these constant breaks backward-compatibility with v0.38.4 version of node, we shouldn't do it.
fyrchik commented 2024-05-08 07:30:50 +00:00
Outdated
Review
Copy link

Breaking compatibility in frostfs-cli is fine, though.

Breaking compatibility in frostfs-cli is fine, though.
Value string
}
type ObjectType byte
type ConditionKindType byte
const (
ObjectResource ObjectType = iota
ObjectRequest
ContainerResource
ContainerRequest
KindResource ConditionKindType = iota
KindRequest
)
type ConditionType byte
@ -159,13 +157,13 @@ func FormCondSliceContainsValue(values []string) string {
func (c *Condition) Match(req resource.Request) bool {
var val string
switch c.Object {
case ObjectResource:
switch c.Kind {
case KindResource:
val = req.Resource().Property(c.Key)
case ObjectRequest:
case KindRequest:
val = req.Property(c.Key)
default:
panic(fmt.Sprintf("unknown condition type: %d", c.Object))
panic(fmt.Sprintf("unknown condition type: %d", c.Kind))
}
switch c.Op {

8
pkg/chain/chain_easyjson.go generated
View file

@ -257,8 +257,8 @@ func easyjsonE2758465DecodeGitFrostfsInfoTrueCloudLabPolicyEnginePkgChain4(in *j
switch key {
case "Op":
(out.Op).UnmarshalEasyJSON(in)
case "Object":
(out.Object).UnmarshalEasyJSON(in)
case "Kind":
(out.Kind).UnmarshalEasyJSON(in)
case "Key":
out.Key = string(in.String())
case "Value":
@ -283,9 +283,9 @@ func easyjsonE2758465EncodeGitFrostfsInfoTrueCloudLabPolicyEnginePkgChain4(out *
(in.Op).MarshalEasyJSON(out)
}
{
const prefix string = ",\"Object\":"
const prefix string = ",\"Kind\":"
out.RawString(prefix)
(in.Object).MarshalEasyJSON(out)
(in.Kind).MarshalEasyJSON(out)
}
{
const prefix string = ",\"Key\":"

64
pkg/chain/chain_test.go
View file

@ -98,10 +98,10 @@ func TestCondSliceContainsMatch(t *testing.T) {
Actions: Actions{Names: []string{native.MethodPutObject}},
Resources: Resources{Names: []string{native.ResourceFormatRootContainers}},
Condition: []Condition{{
Op: CondSliceContains,
Object: ObjectRequest,
Key: propKey,
Value: groupID,
Op: CondSliceContains,
Kind: KindRequest,
Key: propKey,
Value: groupID,
}},
}}}
@ -164,22 +164,22 @@ func TestNumericConditionsMatch(t *testing.T) {
name: "value from interval",
conditions: []Condition{
{
Op: CondNumericLessThan,
Object: ObjectRequest,
Key: propKey,
Value: "100",
Op: CondNumericLessThan,
Kind: KindRequest,
Key: propKey,
Value: "100",
},
{
Op: CondNumericGreaterThan,
Object: ObjectRequest,
Key: propKey,
Value: "80",
Op: CondNumericGreaterThan,
Kind: KindRequest,
Key: propKey,
Value: "80",
},
{
Op: CondNumericNotEquals,
Object: ObjectRequest,
Key: propKey,
Value: "91",
Op: CondNumericNotEquals,
Kind: KindRequest,
Key: propKey,
Value: "91",
},
},
value: "90",
@ -189,22 +189,22 @@ func TestNumericConditionsMatch(t *testing.T) {
name: "border value",
conditions: []Condition{
{
Op: CondNumericEquals,
Object: ObjectRequest,
Key: propKey,
Value: "50",
Op: CondNumericEquals,
Kind: KindRequest,
Key: propKey,
Value: "50",
},
{
Op: CondNumericLessThanEquals,
Object: ObjectRequest,
Key: propKey,
Value: "50",
Op: CondNumericLessThanEquals,
Kind: KindRequest,
Key: propKey,
Value: "50",
},
{
Op: CondNumericGreaterThanEquals,
Object: ObjectRequest,
Key: propKey,
Value: "50",
Op: CondNumericGreaterThanEquals,
Kind: KindRequest,
Key: propKey,
Value: "50",
},
},
value: "50",
@ -270,10 +270,10 @@ func TestInvalidNumericValues(t *testing.T) {
t.Run(tc.name, func(t *testing.T) {
resource := testutil.NewResource(native.ResourceFormatRootContainers, nil)
condition := Condition{
Op: tc.conditionType,
Object: ObjectRequest,
Key: propKey,
Value: "50",
Op: tc.conditionType,
Kind: KindRequest,
Key: propKey,
Value: "50",
}
for _, propValue := range propValues {

4
pkg/chain/marshal_binary.go
View file

@ -218,7 +218,7 @@ func marshalCondition(buf []byte, offset int, c Condition) (int, error) {
if err != nil {
return 0, err
}
offset, err = marshal.ByteMarshal(buf, offset, byte(c.Object))
offset, err = marshal.ByteMarshal(buf, offset, byte(c.Kind))
if err != nil {
return 0, err
}
@ -241,7 +241,7 @@ func unmarshalCondition(buf []byte, offset int) (Condition, int, error) {
if err != nil {
return Condition{}, 0, err
}
c.Object = ObjectType(obV)
c.Kind = ConditionKindType(obV)
c.Key, offset, err = marshal.StringUnmarshal(buf, offset)
if err != nil {

40
pkg/chain/marshal_binary_test.go
View file

@ -178,31 +178,31 @@ func generateTestConditions() [][]Condition {
for _, ct := range generateTestConditionTypes() {
for _, ot := range generateObjectTypes() {
result[2] = append(result[2], Condition{
Op: ct,
Object: ot,
Key: "",
Value: "",
Op: ct,
Kind: ot,
Key: "",
Value: "",
})
result[2] = append(result[2], Condition{
Op: ct,
Object: ot,
Key: "key",
Value: "",
Op: ct,
Kind: ot,
Key: "key",
Value: "",
})
result[2] = append(result[2], Condition{
Op: ct,
Object: ot,
Key: "",
Value: "value",
Op: ct,
Kind: ot,
Key: "",
Value: "value",
})
result[2] = append(result[2], Condition{
Op: ct,
Object: ot,
Key: "key",
Value: "value",
Op: ct,
Kind: ot,
Key: "key",
Value: "value",
})
}
}
@ -232,10 +232,10 @@ func generateTestConditionTypes() []ConditionType {
}
}
func generateObjectTypes() []ObjectType {
return []ObjectType{
ObjectResource,
ObjectRequest,
func generateObjectTypes() []ConditionKindType {
return []ConditionKindType{
KindResource,
KindRequest,
}
}

12
pkg/chain/marshal_json.go
View file

@ -29,11 +29,11 @@ var statusToJSONValue = []struct {
}
var objectTypeToJSONValue = []struct {
t ObjectType
t ConditionKindType
str string
}{
{ObjectRequest, "Request"},
{ObjectResource, "Resource"},
{KindRequest, "Request"},
{KindResource, "Resource"},
}
func (mt MatchType) MarshalEasyJSON(w *jwriter.Writer) {
@ -90,7 +90,7 @@ func (st *Status) UnmarshalEasyJSON(l *jlexer.Lexer) {
*st = Status(v)
}
func (ot ObjectType) MarshalEasyJSON(w *jwriter.Writer) {
func (ot ConditionKindType) MarshalEasyJSON(w *jwriter.Writer) {
for _, p := range objectTypeToJSONValue {
if p.t == ot {
w.String(p.str)
@ -100,7 +100,7 @@ func (ot ObjectType) MarshalEasyJSON(w *jwriter.Writer) {
w.String(strconv.FormatUint(uint64(ot), 10))
}
func (ot *ObjectType) UnmarshalEasyJSON(l *jlexer.Lexer) {
func (ot *ConditionKindType) UnmarshalEasyJSON(l *jlexer.Lexer) {
str := l.String()
for _, p := range objectTypeToJSONValue {
if p.str == str {
@ -114,7 +114,7 @@ func (ot *ObjectType) UnmarshalEasyJSON(l *jlexer.Lexer) {
l.AddError(fmt.Errorf("failed to parse object type: %w", err))
return
}
*ot = ObjectType(v)
*ot = ConditionKindType(v)
}
func (ct ConditionType) MarshalEasyJSON(w *jwriter.Writer) {

20
pkg/chain/marshal_json_test.go
View file

@ -68,10 +68,10 @@ func TestJsonEnums(t *testing.T) {
},
Condition: []Condition{
{
Op: CondStringEquals,
Object: ObjectRequest,
Key: native.PropertyKeyActorRole,
Value: native.PropertyValueContainerRoleOthers,
Op: CondStringEquals,
Kind: KindRequest,
Key: native.PropertyKeyActorRole,
Value: native.PropertyValueContainerRoleOthers,
},
},
},
@ -87,10 +87,10 @@ func TestJsonEnums(t *testing.T) {
Any: true,
Condition: []Condition{
{
Op: CondStringNotLike,
Object: ObjectResource,
Key: native.PropertyKeyObjectType,
Value: "regular",
Op: CondStringNotLike,
Kind: KindResource,
Key: native.PropertyKeyObjectType,
Value: "regular",
},
},
},
@ -98,8 +98,8 @@ func TestJsonEnums(t *testing.T) {
Status: Status(100),
Condition: []Condition{
{
Op: ConditionType(255),
Object: ObjectType(128),
Op: ConditionType(255),
Kind: ConditionKindType(128),
},
},
},

6
pkg/chain/testdata/test_status_json.json vendored
View file

@ -20,7 +20,7 @@
"Condition": [
{
"Op": "StringEquals",
"Object": "Request",
"Kind": "Request",
"Key": "$Actor:role",
"Value": "others"
}
@ -44,7 +44,7 @@
"Condition": [
{
"Op": "StringNotLike",
"Object": "Resource",
"Kind": "Resource",
"Key": "$Object:objectType",
"Value": "regular"
}
@ -64,7 +64,7 @@
"Condition": [
{
"Op": "255",
"Object": "128",
"Kind": "128",
"Key": "",
"Value": ""
}

32
pkg/engine/inmemory/inmemory_test.go
View file

@ -69,16 +69,16 @@ func TestInmemory(t *testing.T) {
Any: true,
Condition: []chain.Condition{
{
Op: chain.CondStringNotLike,
Object: chain.ObjectRequest,
Key: "SourceIP",
Value: "10.1.1.*",
Op: chain.CondStringNotLike,
Kind: chain.KindRequest,
Key: "SourceIP",
Value: "10.1.1.*",
},
{
Op: chain.CondStringNotEquals,
Object: chain.ObjectRequest,
Key: "Actor",
Value: actor1,
Op: chain.CondStringNotEquals,
Kind: chain.KindRequest,
Key: "Actor",
Value: actor1,
},
},
},
@ -111,16 +111,16 @@ func TestInmemory(t *testing.T) {
Resources: chain.Resources{Names: []string{"native::object::abc/*"}},
Condition: []chain.Condition{
{
Op: chain.CondStringEquals,
Object: chain.ObjectResource,
Key: "Department",
Value: "HR",
Op: chain.CondStringEquals,
Kind: chain.KindResource,
Key: "Department",
Value: "HR",
},
{
Op: chain.CondStringEquals,
Object: chain.ObjectRequest,
Key: "Actor",
Value: actor2,
Op: chain.CondStringEquals,
Kind: chain.KindRequest,
Key: "Actor",
Value: actor2,
},
},
},