forked from TrueCloudLab/policy-engine
[#75] chain: Refactor ObjectType
type
* Rename `ObjectType` to `Kind`; * Rename `Object` field in `Condition` to `ConditionKind`; * Regenerate easy-json marshalers/unmarshalers; * Fix unit-tests Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
This commit is contained in:
parent
e75200bb8e
commit
84c4872b20
13 changed files with 283 additions and 283 deletions
|
@ -182,7 +182,7 @@ func convertToChainCondition(c Conditions) ([]GroupedConditions, error) {
|
||||||
|
|
||||||
group.Conditions[i] = chain.Condition{
|
group.Conditions[i] = chain.Condition{
|
||||||
Op: condType,
|
Op: condType,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: transformKey(key),
|
Key: transformKey(key),
|
||||||
Value: converted,
|
Value: converted,
|
||||||
}
|
}
|
||||||
|
|
|
@ -215,7 +215,7 @@ func getNativePrincipalsAndConditionFunc(statement Statement, resolver NativeRes
|
||||||
return principals, func(principal string) chain.Condition {
|
return principals, func(principal string) chain.Condition {
|
||||||
return chain.Condition{
|
return chain.Condition{
|
||||||
Op: op,
|
Op: op,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: native.PropertyKeyActorPublicKey,
|
Key: native.PropertyKeyActorPublicKey,
|
||||||
Value: principal,
|
Value: principal,
|
||||||
}
|
}
|
||||||
|
@ -315,7 +315,7 @@ func formNativeResourceNamesAndConditions(names []string, resolver NativeResolve
|
||||||
Conditions: []chain.Condition{
|
Conditions: []chain.Condition{
|
||||||
{
|
{
|
||||||
Op: chain.CondStringLike,
|
Op: chain.CondStringLike,
|
||||||
Object: chain.ObjectResource,
|
Kind: chain.KindResource,
|
||||||
Key: PropertyKeyFilePath,
|
Key: PropertyKeyFilePath,
|
||||||
Value: obj,
|
Value: obj,
|
||||||
},
|
},
|
||||||
|
|
|
@ -159,7 +159,7 @@ func getS3PrincipalsAndConditionFunc(statement Statement, resolver S3Resolver) (
|
||||||
return principals, func(principal string) chain.Condition {
|
return principals, func(principal string) chain.Condition {
|
||||||
return chain.Condition{
|
return chain.Condition{
|
||||||
Op: op,
|
Op: op,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: s3.PropertyKeyOwner,
|
Key: s3.PropertyKeyOwner,
|
||||||
Value: principal,
|
Value: principal,
|
||||||
}
|
}
|
||||||
|
|
|
@ -103,13 +103,13 @@ func TestConverters(t *testing.T) {
|
||||||
Condition: []chain.Condition{
|
Condition: []chain.Condition{
|
||||||
{
|
{
|
||||||
Op: chain.CondStringEquals,
|
Op: chain.CondStringEquals,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: s3.PropertyKeyOwner,
|
Key: s3.PropertyKeyOwner,
|
||||||
Value: mockResolver.users[user],
|
Value: mockResolver.users[user],
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Op: chain.CondStringEquals,
|
Op: chain.CondStringEquals,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: "s3:RequestObjectTag/Department",
|
Key: "s3:RequestObjectTag/Department",
|
||||||
Value: "Finance",
|
Value: "Finance",
|
||||||
},
|
},
|
||||||
|
@ -147,7 +147,7 @@ func TestConverters(t *testing.T) {
|
||||||
Condition: []chain.Condition{
|
Condition: []chain.Condition{
|
||||||
{
|
{
|
||||||
Op: chain.CondStringEquals,
|
Op: chain.CondStringEquals,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: native.PropertyKeyActorPublicKey,
|
Key: native.PropertyKeyActorPublicKey,
|
||||||
Value: mockResolver.users[user],
|
Value: mockResolver.users[user],
|
||||||
},
|
},
|
||||||
|
@ -181,7 +181,7 @@ func TestConverters(t *testing.T) {
|
||||||
Condition: []chain.Condition{
|
Condition: []chain.Condition{
|
||||||
{
|
{
|
||||||
Op: chain.CondStringNotEquals,
|
Op: chain.CondStringNotEquals,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: s3.PropertyKeyOwner,
|
Key: s3.PropertyKeyOwner,
|
||||||
Value: mockResolver.users[user],
|
Value: mockResolver.users[user],
|
||||||
},
|
},
|
||||||
|
@ -226,13 +226,13 @@ func TestConverters(t *testing.T) {
|
||||||
Condition: []chain.Condition{
|
Condition: []chain.Condition{
|
||||||
{
|
{
|
||||||
Op: chain.CondStringEquals,
|
Op: chain.CondStringEquals,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: native.PropertyKeyActorPublicKey,
|
Key: native.PropertyKeyActorPublicKey,
|
||||||
Value: mockResolver.users[user],
|
Value: mockResolver.users[user],
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Op: chain.CondStringLike,
|
Op: chain.CondStringLike,
|
||||||
Object: chain.ObjectResource,
|
Kind: chain.KindResource,
|
||||||
Key: PropertyKeyFilePath,
|
Key: PropertyKeyFilePath,
|
||||||
Value: objName,
|
Value: objName,
|
||||||
},
|
},
|
||||||
|
@ -251,7 +251,7 @@ func TestConverters(t *testing.T) {
|
||||||
}},
|
}},
|
||||||
Condition: []chain.Condition{{
|
Condition: []chain.Condition{{
|
||||||
Op: chain.CondStringEquals,
|
Op: chain.CondStringEquals,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: native.PropertyKeyActorPublicKey,
|
Key: native.PropertyKeyActorPublicKey,
|
||||||
Value: mockResolver.users[user],
|
Value: mockResolver.users[user],
|
||||||
}},
|
}},
|
||||||
|
@ -346,7 +346,7 @@ func TestConverters(t *testing.T) {
|
||||||
Resources: chain.Resources{Names: []string{"*"}},
|
Resources: chain.Resources{Names: []string{"*"}},
|
||||||
Condition: []chain.Condition{{
|
Condition: []chain.Condition{{
|
||||||
Op: chain.CondStringEquals,
|
Op: chain.CondStringEquals,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: s3.PropertyKeyOwner,
|
Key: s3.PropertyKeyOwner,
|
||||||
Value: mockResolver.users[user],
|
Value: mockResolver.users[user],
|
||||||
}},
|
}},
|
||||||
|
@ -362,7 +362,7 @@ func TestConverters(t *testing.T) {
|
||||||
Resources: chain.Resources{Names: []string{native.ResourceFormatAllObjects, native.ResourceFormatAllContainers}},
|
Resources: chain.Resources{Names: []string{native.ResourceFormatAllObjects, native.ResourceFormatAllContainers}},
|
||||||
Condition: []chain.Condition{{
|
Condition: []chain.Condition{{
|
||||||
Op: chain.CondStringEquals,
|
Op: chain.CondStringEquals,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: native.PropertyKeyActorPublicKey,
|
Key: native.PropertyKeyActorPublicKey,
|
||||||
Value: mockResolver.users[user],
|
Value: mockResolver.users[user],
|
||||||
}},
|
}},
|
||||||
|
@ -409,13 +409,13 @@ func TestConvertToChainCondition(t *testing.T) {
|
||||||
Conditions: []chain.Condition{
|
Conditions: []chain.Condition{
|
||||||
{
|
{
|
||||||
Op: chain.CondStringEquals,
|
Op: chain.CondStringEquals,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: "key1",
|
Key: "key1",
|
||||||
Value: "val0",
|
Value: "val0",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Op: chain.CondStringEquals,
|
Op: chain.CondStringEquals,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: "key1",
|
Key: "key1",
|
||||||
Value: "val1",
|
Value: "val1",
|
||||||
},
|
},
|
||||||
|
@ -424,7 +424,7 @@ func TestConvertToChainCondition(t *testing.T) {
|
||||||
{
|
{
|
||||||
Conditions: []chain.Condition{{
|
Conditions: []chain.Condition{{
|
||||||
Op: chain.CondStringNotEquals,
|
Op: chain.CondStringNotEquals,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: "key2",
|
Key: "key2",
|
||||||
Value: "val2",
|
Value: "val2",
|
||||||
}},
|
}},
|
||||||
|
@ -432,7 +432,7 @@ func TestConvertToChainCondition(t *testing.T) {
|
||||||
{
|
{
|
||||||
Conditions: []chain.Condition{{
|
Conditions: []chain.Condition{{
|
||||||
Op: chain.CondStringEqualsIgnoreCase,
|
Op: chain.CondStringEqualsIgnoreCase,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: "key3",
|
Key: "key3",
|
||||||
Value: "val3",
|
Value: "val3",
|
||||||
}},
|
}},
|
||||||
|
@ -440,7 +440,7 @@ func TestConvertToChainCondition(t *testing.T) {
|
||||||
{
|
{
|
||||||
Conditions: []chain.Condition{{
|
Conditions: []chain.Condition{{
|
||||||
Op: chain.CondStringNotEqualsIgnoreCase,
|
Op: chain.CondStringNotEqualsIgnoreCase,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: "key4",
|
Key: "key4",
|
||||||
Value: "val4",
|
Value: "val4",
|
||||||
}},
|
}},
|
||||||
|
@ -448,7 +448,7 @@ func TestConvertToChainCondition(t *testing.T) {
|
||||||
{
|
{
|
||||||
Conditions: []chain.Condition{{
|
Conditions: []chain.Condition{{
|
||||||
Op: chain.CondStringLike,
|
Op: chain.CondStringLike,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: "key5",
|
Key: "key5",
|
||||||
Value: "val5",
|
Value: "val5",
|
||||||
}},
|
}},
|
||||||
|
@ -456,7 +456,7 @@ func TestConvertToChainCondition(t *testing.T) {
|
||||||
{
|
{
|
||||||
Conditions: []chain.Condition{{
|
Conditions: []chain.Condition{{
|
||||||
Op: chain.CondStringNotLike,
|
Op: chain.CondStringNotLike,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: "key6",
|
Key: "key6",
|
||||||
Value: "val6",
|
Value: "val6",
|
||||||
}},
|
}},
|
||||||
|
@ -464,7 +464,7 @@ func TestConvertToChainCondition(t *testing.T) {
|
||||||
{
|
{
|
||||||
Conditions: []chain.Condition{{
|
Conditions: []chain.Condition{{
|
||||||
Op: chain.CondStringEquals,
|
Op: chain.CondStringEquals,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: "key7",
|
Key: "key7",
|
||||||
Value: "1136189045",
|
Value: "1136189045",
|
||||||
}},
|
}},
|
||||||
|
@ -472,7 +472,7 @@ func TestConvertToChainCondition(t *testing.T) {
|
||||||
{
|
{
|
||||||
Conditions: []chain.Condition{{
|
Conditions: []chain.Condition{{
|
||||||
Op: chain.CondStringNotEquals,
|
Op: chain.CondStringNotEquals,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: "key8",
|
Key: "key8",
|
||||||
Value: "1136214245",
|
Value: "1136214245",
|
||||||
}},
|
}},
|
||||||
|
@ -480,7 +480,7 @@ func TestConvertToChainCondition(t *testing.T) {
|
||||||
{
|
{
|
||||||
Conditions: []chain.Condition{{
|
Conditions: []chain.Condition{{
|
||||||
Op: chain.CondStringLessThan,
|
Op: chain.CondStringLessThan,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: "key9",
|
Key: "key9",
|
||||||
Value: "1136192645",
|
Value: "1136192645",
|
||||||
}},
|
}},
|
||||||
|
@ -488,7 +488,7 @@ func TestConvertToChainCondition(t *testing.T) {
|
||||||
{
|
{
|
||||||
Conditions: []chain.Condition{{
|
Conditions: []chain.Condition{{
|
||||||
Op: chain.CondStringLessThanEquals,
|
Op: chain.CondStringLessThanEquals,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: "key10",
|
Key: "key10",
|
||||||
Value: "1136203445",
|
Value: "1136203445",
|
||||||
}},
|
}},
|
||||||
|
@ -496,7 +496,7 @@ func TestConvertToChainCondition(t *testing.T) {
|
||||||
{
|
{
|
||||||
Conditions: []chain.Condition{{
|
Conditions: []chain.Condition{{
|
||||||
Op: chain.CondStringGreaterThan,
|
Op: chain.CondStringGreaterThan,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: "key11",
|
Key: "key11",
|
||||||
Value: "1136217845",
|
Value: "1136217845",
|
||||||
}},
|
}},
|
||||||
|
@ -504,7 +504,7 @@ func TestConvertToChainCondition(t *testing.T) {
|
||||||
{
|
{
|
||||||
Conditions: []chain.Condition{{
|
Conditions: []chain.Condition{{
|
||||||
Op: chain.CondStringGreaterThanEquals,
|
Op: chain.CondStringGreaterThanEquals,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: "key12",
|
Key: "key12",
|
||||||
Value: "1136225045",
|
Value: "1136225045",
|
||||||
}},
|
}},
|
||||||
|
@ -512,7 +512,7 @@ func TestConvertToChainCondition(t *testing.T) {
|
||||||
{
|
{
|
||||||
Conditions: []chain.Condition{{
|
Conditions: []chain.Condition{{
|
||||||
Op: chain.CondStringEqualsIgnoreCase,
|
Op: chain.CondStringEqualsIgnoreCase,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: "key13",
|
Key: "key13",
|
||||||
Value: "True",
|
Value: "True",
|
||||||
}},
|
}},
|
||||||
|
@ -520,7 +520,7 @@ func TestConvertToChainCondition(t *testing.T) {
|
||||||
{
|
{
|
||||||
Conditions: []chain.Condition{{
|
Conditions: []chain.Condition{{
|
||||||
Op: chain.CondStringEquals,
|
Op: chain.CondStringEquals,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: "key16",
|
Key: "key16",
|
||||||
Value: "val16",
|
Value: "val16",
|
||||||
}},
|
}},
|
||||||
|
@ -528,7 +528,7 @@ func TestConvertToChainCondition(t *testing.T) {
|
||||||
{
|
{
|
||||||
Conditions: []chain.Condition{{
|
Conditions: []chain.Condition{{
|
||||||
Op: chain.CondStringLike,
|
Op: chain.CondStringLike,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: condKeyAWSPrincipalARN,
|
Key: condKeyAWSPrincipalARN,
|
||||||
Value: principal,
|
Value: principal,
|
||||||
}},
|
}},
|
||||||
|
@ -536,7 +536,7 @@ func TestConvertToChainCondition(t *testing.T) {
|
||||||
{
|
{
|
||||||
Conditions: []chain.Condition{{
|
Conditions: []chain.Condition{{
|
||||||
Op: chain.CondStringNotEquals,
|
Op: chain.CondStringNotEquals,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: "key18",
|
Key: "key18",
|
||||||
Value: "val18",
|
Value: "val18",
|
||||||
}},
|
}},
|
||||||
|
@ -544,7 +544,7 @@ func TestConvertToChainCondition(t *testing.T) {
|
||||||
{
|
{
|
||||||
Conditions: []chain.Condition{{
|
Conditions: []chain.Condition{{
|
||||||
Op: chain.CondStringNotLike,
|
Op: chain.CondStringNotLike,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: "key19",
|
Key: "key19",
|
||||||
Value: "val19",
|
Value: "val19",
|
||||||
}},
|
}},
|
||||||
|
@ -552,7 +552,7 @@ func TestConvertToChainCondition(t *testing.T) {
|
||||||
{
|
{
|
||||||
Conditions: []chain.Condition{{
|
Conditions: []chain.Condition{{
|
||||||
Op: chain.CondNumericEquals,
|
Op: chain.CondNumericEquals,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: "key20",
|
Key: "key20",
|
||||||
Value: "-20",
|
Value: "-20",
|
||||||
}},
|
}},
|
||||||
|
@ -560,7 +560,7 @@ func TestConvertToChainCondition(t *testing.T) {
|
||||||
{
|
{
|
||||||
Conditions: []chain.Condition{{
|
Conditions: []chain.Condition{{
|
||||||
Op: chain.CondNumericNotEquals,
|
Op: chain.CondNumericNotEquals,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: "key21",
|
Key: "key21",
|
||||||
Value: "+21",
|
Value: "+21",
|
||||||
}},
|
}},
|
||||||
|
@ -568,7 +568,7 @@ func TestConvertToChainCondition(t *testing.T) {
|
||||||
{
|
{
|
||||||
Conditions: []chain.Condition{{
|
Conditions: []chain.Condition{{
|
||||||
Op: chain.CondNumericLessThan,
|
Op: chain.CondNumericLessThan,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: "key22",
|
Key: "key22",
|
||||||
Value: "0",
|
Value: "0",
|
||||||
}},
|
}},
|
||||||
|
@ -576,7 +576,7 @@ func TestConvertToChainCondition(t *testing.T) {
|
||||||
{
|
{
|
||||||
Conditions: []chain.Condition{{
|
Conditions: []chain.Condition{{
|
||||||
Op: chain.CondNumericLessThanEquals,
|
Op: chain.CondNumericLessThanEquals,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: "key23",
|
Key: "key23",
|
||||||
Value: "23.23",
|
Value: "23.23",
|
||||||
}},
|
}},
|
||||||
|
@ -584,7 +584,7 @@ func TestConvertToChainCondition(t *testing.T) {
|
||||||
{
|
{
|
||||||
Conditions: []chain.Condition{{
|
Conditions: []chain.Condition{{
|
||||||
Op: chain.CondNumericGreaterThan,
|
Op: chain.CondNumericGreaterThan,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: "key24",
|
Key: "key24",
|
||||||
Value: "-24.24",
|
Value: "-24.24",
|
||||||
}},
|
}},
|
||||||
|
@ -592,7 +592,7 @@ func TestConvertToChainCondition(t *testing.T) {
|
||||||
{
|
{
|
||||||
Conditions: []chain.Condition{{
|
Conditions: []chain.Condition{{
|
||||||
Op: chain.CondNumericGreaterThanEquals,
|
Op: chain.CondNumericGreaterThanEquals,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: "key25",
|
Key: "key25",
|
||||||
Value: "+25.25",
|
Value: "+25.25",
|
||||||
}},
|
}},
|
||||||
|
@ -669,7 +669,7 @@ func TestIPConditions(t *testing.T) {
|
||||||
Resources: chain.Resources{Names: []string{Wildcard}},
|
Resources: chain.Resources{Names: []string{Wildcard}},
|
||||||
Condition: []chain.Condition{{
|
Condition: []chain.Condition{{
|
||||||
Op: chain.CondIPAddress,
|
Op: chain.CondIPAddress,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: common.PropertyKeyFrostFSSourceIP,
|
Key: common.PropertyKeyFrostFSSourceIP,
|
||||||
Value: "203.0.113.0/24",
|
Value: "203.0.113.0/24",
|
||||||
}},
|
}},
|
||||||
|
@ -687,7 +687,7 @@ func TestIPConditions(t *testing.T) {
|
||||||
Resources: chain.Resources{Names: []string{native.ResourceFormatAllObjects, native.ResourceFormatAllContainers}},
|
Resources: chain.Resources{Names: []string{native.ResourceFormatAllObjects, native.ResourceFormatAllContainers}},
|
||||||
Condition: []chain.Condition{{
|
Condition: []chain.Condition{{
|
||||||
Op: chain.CondIPAddress,
|
Op: chain.CondIPAddress,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: common.PropertyKeyFrostFSSourceIP,
|
Key: common.PropertyKeyFrostFSSourceIP,
|
||||||
Value: "203.0.113.0/24",
|
Value: "203.0.113.0/24",
|
||||||
}},
|
}},
|
||||||
|
@ -828,12 +828,12 @@ func TestComplexNativeConditions(t *testing.T) {
|
||||||
expectedResource1 := chain.Resources{Names: []string{nativeResource1, nativeResource1cnr}}
|
expectedResource1 := chain.Resources{Names: []string{nativeResource1, nativeResource1cnr}}
|
||||||
expectedResource23 := chain.Resources{Names: []string{nativeResource2, nativeResource2cnr, nativeResource3, nativeResource3cnr}}
|
expectedResource23 := chain.Resources{Names: []string{nativeResource2, nativeResource2cnr, nativeResource3, nativeResource3cnr}}
|
||||||
|
|
||||||
user1Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: native.PropertyKeyActorPublicKey, Value: mockResolver.users[user1]}
|
user1Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: native.PropertyKeyActorPublicKey, Value: mockResolver.users[user1]}
|
||||||
user2Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: native.PropertyKeyActorPublicKey, Value: mockResolver.users[user2]}
|
user2Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: native.PropertyKeyActorPublicKey, Value: mockResolver.users[user2]}
|
||||||
objectName1Condition := chain.Condition{Op: chain.CondStringLike, Object: chain.ObjectResource, Key: PropertyKeyFilePath, Value: objName1}
|
objectName1Condition := chain.Condition{Op: chain.CondStringLike, Kind: chain.KindResource, Key: PropertyKeyFilePath, Value: objName1}
|
||||||
key1val0Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: key1, Value: val0}
|
key1val0Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: key1, Value: val0}
|
||||||
key1val1Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: key1, Value: val1}
|
key1val1Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: key1, Value: val1}
|
||||||
key2val2Condition := chain.Condition{Op: chain.CondStringLike, Object: chain.ObjectRequest, Key: key2, Value: val2}
|
key2val2Condition := chain.Condition{Op: chain.CondStringLike, Kind: chain.KindRequest, Key: key2, Value: val2}
|
||||||
|
|
||||||
expected := &chain.Chain{Rules: []chain.Rule{
|
expected := &chain.Chain{Rules: []chain.Rule{
|
||||||
{
|
{
|
||||||
|
@ -1138,11 +1138,11 @@ func TestComplexS3Conditions(t *testing.T) {
|
||||||
expectedActions := chain.Actions{Names: []string{action, action2}}
|
expectedActions := chain.Actions{Names: []string{action, action2}}
|
||||||
expectedResources := chain.Resources{Names: []string{resource1, resource2, resource3}}
|
expectedResources := chain.Resources{Names: []string{resource1, resource2, resource3}}
|
||||||
|
|
||||||
user1Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: s3.PropertyKeyOwner, Value: mockResolver.users[user1]}
|
user1Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: s3.PropertyKeyOwner, Value: mockResolver.users[user1]}
|
||||||
user2Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: s3.PropertyKeyOwner, Value: mockResolver.users[user2]}
|
user2Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: s3.PropertyKeyOwner, Value: mockResolver.users[user2]}
|
||||||
key1val0Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: key1, Value: val0}
|
key1val0Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: key1, Value: val0}
|
||||||
key1val1Condition := chain.Condition{Op: chain.CondStringEquals, Object: chain.ObjectRequest, Key: key1, Value: val1}
|
key1val1Condition := chain.Condition{Op: chain.CondStringEquals, Kind: chain.KindRequest, Key: key1, Value: val1}
|
||||||
key2val2Condition := chain.Condition{Op: chain.CondStringLike, Object: chain.ObjectRequest, Key: key2, Value: val2}
|
key2val2Condition := chain.Condition{Op: chain.CondStringLike, Kind: chain.KindRequest, Key: key2, Value: val2}
|
||||||
|
|
||||||
expected := &chain.Chain{Rules: []chain.Rule{
|
expected := &chain.Chain{Rules: []chain.Rule{
|
||||||
{
|
{
|
||||||
|
@ -1699,19 +1699,19 @@ func TestTagsConditions(t *testing.T) {
|
||||||
expectedConditions := []chain.Condition{
|
expectedConditions := []chain.Condition{
|
||||||
{
|
{
|
||||||
Op: chain.CondStringEquals,
|
Op: chain.CondStringEquals,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: fmt.Sprintf(common.PropertyKeyFormatFrostFSIDUserClaim, "tag-department"),
|
Key: fmt.Sprintf(common.PropertyKeyFormatFrostFSIDUserClaim, "tag-department"),
|
||||||
Value: "hr",
|
Value: "hr",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Op: chain.CondStringEquals,
|
Op: chain.CondStringEquals,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: fmt.Sprintf(s3.PropertyKeyFormatResourceTag, "owner"),
|
Key: fmt.Sprintf(s3.PropertyKeyFormatResourceTag, "owner"),
|
||||||
Value: "hr-admin",
|
Value: "hr-admin",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Op: chain.CondStringEquals,
|
Op: chain.CondStringEquals,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: fmt.Sprintf(s3.PropertyKeyFormatRequestTag, "scope"),
|
Key: fmt.Sprintf(s3.PropertyKeyFormatRequestTag, "scope"),
|
||||||
Value: "*",
|
Value: "*",
|
||||||
},
|
},
|
||||||
|
@ -1755,7 +1755,7 @@ func TestMFACondition(t *testing.T) {
|
||||||
expectedConditions := []chain.Condition{
|
expectedConditions := []chain.Condition{
|
||||||
{
|
{
|
||||||
Op: chain.CondStringEqualsIgnoreCase,
|
Op: chain.CondStringEqualsIgnoreCase,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: s3.PropertyKeyAccessBoxAttrMFA,
|
Key: s3.PropertyKeyAccessBoxAttrMFA,
|
||||||
Value: "true",
|
Value: "true",
|
||||||
},
|
},
|
||||||
|
|
|
@ -69,16 +69,16 @@ type Resources struct {
|
||||||
|
|
||||||
type Condition struct {
|
type Condition struct {
|
||||||
Op ConditionType
|
Op ConditionType
|
||||||
Object ObjectType
|
Kind ConditionKindType
|
||||||
Key string
|
Key string
|
||||||
Value string
|
Value string
|
||||||
}
|
}
|
||||||
|
|
||||||
type ObjectType byte
|
type ConditionKindType byte
|
||||||
|
|
||||||
const (
|
const (
|
||||||
ObjectResource ObjectType = iota
|
KindResource ConditionKindType = iota
|
||||||
ObjectRequest
|
KindRequest
|
||||||
)
|
)
|
||||||
|
|
||||||
type ConditionType byte
|
type ConditionType byte
|
||||||
|
@ -157,13 +157,13 @@ func FormCondSliceContainsValue(values []string) string {
|
||||||
|
|
||||||
func (c *Condition) Match(req resource.Request) bool {
|
func (c *Condition) Match(req resource.Request) bool {
|
||||||
var val string
|
var val string
|
||||||
switch c.Object {
|
switch c.Kind {
|
||||||
case ObjectResource:
|
case KindResource:
|
||||||
val = req.Resource().Property(c.Key)
|
val = req.Resource().Property(c.Key)
|
||||||
case ObjectRequest:
|
case KindRequest:
|
||||||
val = req.Property(c.Key)
|
val = req.Property(c.Key)
|
||||||
default:
|
default:
|
||||||
panic(fmt.Sprintf("unknown condition type: %d", c.Object))
|
panic(fmt.Sprintf("unknown condition type: %d", c.Kind))
|
||||||
}
|
}
|
||||||
|
|
||||||
switch c.Op {
|
switch c.Op {
|
||||||
|
|
BIN
pkg/chain/chain_easyjson.go
generated
BIN
pkg/chain/chain_easyjson.go
generated
Binary file not shown.
|
@ -99,7 +99,7 @@ func TestCondSliceContainsMatch(t *testing.T) {
|
||||||
Resources: Resources{Names: []string{native.ResourceFormatRootContainers}},
|
Resources: Resources{Names: []string{native.ResourceFormatRootContainers}},
|
||||||
Condition: []Condition{{
|
Condition: []Condition{{
|
||||||
Op: CondSliceContains,
|
Op: CondSliceContains,
|
||||||
Object: ObjectRequest,
|
Kind: KindRequest,
|
||||||
Key: propKey,
|
Key: propKey,
|
||||||
Value: groupID,
|
Value: groupID,
|
||||||
}},
|
}},
|
||||||
|
@ -165,19 +165,19 @@ func TestNumericConditionsMatch(t *testing.T) {
|
||||||
conditions: []Condition{
|
conditions: []Condition{
|
||||||
{
|
{
|
||||||
Op: CondNumericLessThan,
|
Op: CondNumericLessThan,
|
||||||
Object: ObjectRequest,
|
Kind: KindRequest,
|
||||||
Key: propKey,
|
Key: propKey,
|
||||||
Value: "100",
|
Value: "100",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Op: CondNumericGreaterThan,
|
Op: CondNumericGreaterThan,
|
||||||
Object: ObjectRequest,
|
Kind: KindRequest,
|
||||||
Key: propKey,
|
Key: propKey,
|
||||||
Value: "80",
|
Value: "80",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Op: CondNumericNotEquals,
|
Op: CondNumericNotEquals,
|
||||||
Object: ObjectRequest,
|
Kind: KindRequest,
|
||||||
Key: propKey,
|
Key: propKey,
|
||||||
Value: "91",
|
Value: "91",
|
||||||
},
|
},
|
||||||
|
@ -190,19 +190,19 @@ func TestNumericConditionsMatch(t *testing.T) {
|
||||||
conditions: []Condition{
|
conditions: []Condition{
|
||||||
{
|
{
|
||||||
Op: CondNumericEquals,
|
Op: CondNumericEquals,
|
||||||
Object: ObjectRequest,
|
Kind: KindRequest,
|
||||||
Key: propKey,
|
Key: propKey,
|
||||||
Value: "50",
|
Value: "50",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Op: CondNumericLessThanEquals,
|
Op: CondNumericLessThanEquals,
|
||||||
Object: ObjectRequest,
|
Kind: KindRequest,
|
||||||
Key: propKey,
|
Key: propKey,
|
||||||
Value: "50",
|
Value: "50",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Op: CondNumericGreaterThanEquals,
|
Op: CondNumericGreaterThanEquals,
|
||||||
Object: ObjectRequest,
|
Kind: KindRequest,
|
||||||
Key: propKey,
|
Key: propKey,
|
||||||
Value: "50",
|
Value: "50",
|
||||||
},
|
},
|
||||||
|
@ -271,7 +271,7 @@ func TestInvalidNumericValues(t *testing.T) {
|
||||||
resource := testutil.NewResource(native.ResourceFormatRootContainers, nil)
|
resource := testutil.NewResource(native.ResourceFormatRootContainers, nil)
|
||||||
condition := Condition{
|
condition := Condition{
|
||||||
Op: tc.conditionType,
|
Op: tc.conditionType,
|
||||||
Object: ObjectRequest,
|
Kind: KindRequest,
|
||||||
Key: propKey,
|
Key: propKey,
|
||||||
Value: "50",
|
Value: "50",
|
||||||
}
|
}
|
||||||
|
|
|
@ -218,7 +218,7 @@ func marshalCondition(buf []byte, offset int, c Condition) (int, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return 0, err
|
return 0, err
|
||||||
}
|
}
|
||||||
offset, err = marshal.ByteMarshal(buf, offset, byte(c.Object))
|
offset, err = marshal.ByteMarshal(buf, offset, byte(c.Kind))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return 0, err
|
return 0, err
|
||||||
}
|
}
|
||||||
|
@ -241,7 +241,7 @@ func unmarshalCondition(buf []byte, offset int) (Condition, int, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return Condition{}, 0, err
|
return Condition{}, 0, err
|
||||||
}
|
}
|
||||||
c.Object = ObjectType(obV)
|
c.Kind = ConditionKindType(obV)
|
||||||
|
|
||||||
c.Key, offset, err = marshal.StringUnmarshal(buf, offset)
|
c.Key, offset, err = marshal.StringUnmarshal(buf, offset)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -179,28 +179,28 @@ func generateTestConditions() [][]Condition {
|
||||||
for _, ot := range generateObjectTypes() {
|
for _, ot := range generateObjectTypes() {
|
||||||
result[2] = append(result[2], Condition{
|
result[2] = append(result[2], Condition{
|
||||||
Op: ct,
|
Op: ct,
|
||||||
Object: ot,
|
Kind: ot,
|
||||||
Key: "",
|
Key: "",
|
||||||
Value: "",
|
Value: "",
|
||||||
})
|
})
|
||||||
|
|
||||||
result[2] = append(result[2], Condition{
|
result[2] = append(result[2], Condition{
|
||||||
Op: ct,
|
Op: ct,
|
||||||
Object: ot,
|
Kind: ot,
|
||||||
Key: "key",
|
Key: "key",
|
||||||
Value: "",
|
Value: "",
|
||||||
})
|
})
|
||||||
|
|
||||||
result[2] = append(result[2], Condition{
|
result[2] = append(result[2], Condition{
|
||||||
Op: ct,
|
Op: ct,
|
||||||
Object: ot,
|
Kind: ot,
|
||||||
Key: "",
|
Key: "",
|
||||||
Value: "value",
|
Value: "value",
|
||||||
})
|
})
|
||||||
|
|
||||||
result[2] = append(result[2], Condition{
|
result[2] = append(result[2], Condition{
|
||||||
Op: ct,
|
Op: ct,
|
||||||
Object: ot,
|
Kind: ot,
|
||||||
Key: "key",
|
Key: "key",
|
||||||
Value: "value",
|
Value: "value",
|
||||||
})
|
})
|
||||||
|
@ -232,10 +232,10 @@ func generateTestConditionTypes() []ConditionType {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func generateObjectTypes() []ObjectType {
|
func generateObjectTypes() []ConditionKindType {
|
||||||
return []ObjectType{
|
return []ConditionKindType{
|
||||||
ObjectResource,
|
KindResource,
|
||||||
ObjectRequest,
|
KindRequest,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -29,11 +29,11 @@ var statusToJSONValue = []struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
var objectTypeToJSONValue = []struct {
|
var objectTypeToJSONValue = []struct {
|
||||||
t ObjectType
|
t ConditionKindType
|
||||||
str string
|
str string
|
||||||
}{
|
}{
|
||||||
{ObjectRequest, "Request"},
|
{KindRequest, "Request"},
|
||||||
{ObjectResource, "Resource"},
|
{KindResource, "Resource"},
|
||||||
}
|
}
|
||||||
|
|
||||||
func (mt MatchType) MarshalEasyJSON(w *jwriter.Writer) {
|
func (mt MatchType) MarshalEasyJSON(w *jwriter.Writer) {
|
||||||
|
@ -90,7 +90,7 @@ func (st *Status) UnmarshalEasyJSON(l *jlexer.Lexer) {
|
||||||
*st = Status(v)
|
*st = Status(v)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (ot ObjectType) MarshalEasyJSON(w *jwriter.Writer) {
|
func (ot ConditionKindType) MarshalEasyJSON(w *jwriter.Writer) {
|
||||||
for _, p := range objectTypeToJSONValue {
|
for _, p := range objectTypeToJSONValue {
|
||||||
if p.t == ot {
|
if p.t == ot {
|
||||||
w.String(p.str)
|
w.String(p.str)
|
||||||
|
@ -100,7 +100,7 @@ func (ot ObjectType) MarshalEasyJSON(w *jwriter.Writer) {
|
||||||
w.String(strconv.FormatUint(uint64(ot), 10))
|
w.String(strconv.FormatUint(uint64(ot), 10))
|
||||||
}
|
}
|
||||||
|
|
||||||
func (ot *ObjectType) UnmarshalEasyJSON(l *jlexer.Lexer) {
|
func (ot *ConditionKindType) UnmarshalEasyJSON(l *jlexer.Lexer) {
|
||||||
str := l.String()
|
str := l.String()
|
||||||
for _, p := range objectTypeToJSONValue {
|
for _, p := range objectTypeToJSONValue {
|
||||||
if p.str == str {
|
if p.str == str {
|
||||||
|
@ -114,7 +114,7 @@ func (ot *ObjectType) UnmarshalEasyJSON(l *jlexer.Lexer) {
|
||||||
l.AddError(fmt.Errorf("failed to parse object type: %w", err))
|
l.AddError(fmt.Errorf("failed to parse object type: %w", err))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
*ot = ObjectType(v)
|
*ot = ConditionKindType(v)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (ct ConditionType) MarshalEasyJSON(w *jwriter.Writer) {
|
func (ct ConditionType) MarshalEasyJSON(w *jwriter.Writer) {
|
||||||
|
|
|
@ -69,7 +69,7 @@ func TestJsonEnums(t *testing.T) {
|
||||||
Condition: []Condition{
|
Condition: []Condition{
|
||||||
{
|
{
|
||||||
Op: CondStringEquals,
|
Op: CondStringEquals,
|
||||||
Object: ObjectRequest,
|
Kind: KindRequest,
|
||||||
Key: native.PropertyKeyActorRole,
|
Key: native.PropertyKeyActorRole,
|
||||||
Value: native.PropertyValueContainerRoleOthers,
|
Value: native.PropertyValueContainerRoleOthers,
|
||||||
},
|
},
|
||||||
|
@ -88,7 +88,7 @@ func TestJsonEnums(t *testing.T) {
|
||||||
Condition: []Condition{
|
Condition: []Condition{
|
||||||
{
|
{
|
||||||
Op: CondStringNotLike,
|
Op: CondStringNotLike,
|
||||||
Object: ObjectResource,
|
Kind: KindResource,
|
||||||
Key: native.PropertyKeyObjectType,
|
Key: native.PropertyKeyObjectType,
|
||||||
Value: "regular",
|
Value: "regular",
|
||||||
},
|
},
|
||||||
|
@ -99,7 +99,7 @@ func TestJsonEnums(t *testing.T) {
|
||||||
Condition: []Condition{
|
Condition: []Condition{
|
||||||
{
|
{
|
||||||
Op: ConditionType(255),
|
Op: ConditionType(255),
|
||||||
Object: ObjectType(128),
|
Kind: ConditionKindType(128),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
6
pkg/chain/testdata/test_status_json.json
vendored
6
pkg/chain/testdata/test_status_json.json
vendored
|
@ -20,7 +20,7 @@
|
||||||
"Condition": [
|
"Condition": [
|
||||||
{
|
{
|
||||||
"Op": "StringEquals",
|
"Op": "StringEquals",
|
||||||
"Object": "Request",
|
"Kind": "Request",
|
||||||
"Key": "$Actor:role",
|
"Key": "$Actor:role",
|
||||||
"Value": "others"
|
"Value": "others"
|
||||||
}
|
}
|
||||||
|
@ -44,7 +44,7 @@
|
||||||
"Condition": [
|
"Condition": [
|
||||||
{
|
{
|
||||||
"Op": "StringNotLike",
|
"Op": "StringNotLike",
|
||||||
"Object": "Resource",
|
"Kind": "Resource",
|
||||||
"Key": "$Object:objectType",
|
"Key": "$Object:objectType",
|
||||||
"Value": "regular"
|
"Value": "regular"
|
||||||
}
|
}
|
||||||
|
@ -64,7 +64,7 @@
|
||||||
"Condition": [
|
"Condition": [
|
||||||
{
|
{
|
||||||
"Op": "255",
|
"Op": "255",
|
||||||
"Object": "128",
|
"Kind": "128",
|
||||||
"Key": "",
|
"Key": "",
|
||||||
"Value": ""
|
"Value": ""
|
||||||
}
|
}
|
||||||
|
|
|
@ -70,13 +70,13 @@ func TestInmemory(t *testing.T) {
|
||||||
Condition: []chain.Condition{
|
Condition: []chain.Condition{
|
||||||
{
|
{
|
||||||
Op: chain.CondStringNotLike,
|
Op: chain.CondStringNotLike,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: "SourceIP",
|
Key: "SourceIP",
|
||||||
Value: "10.1.1.*",
|
Value: "10.1.1.*",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Op: chain.CondStringNotEquals,
|
Op: chain.CondStringNotEquals,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: "Actor",
|
Key: "Actor",
|
||||||
Value: actor1,
|
Value: actor1,
|
||||||
},
|
},
|
||||||
|
@ -112,13 +112,13 @@ func TestInmemory(t *testing.T) {
|
||||||
Condition: []chain.Condition{
|
Condition: []chain.Condition{
|
||||||
{
|
{
|
||||||
Op: chain.CondStringEquals,
|
Op: chain.CondStringEquals,
|
||||||
Object: chain.ObjectResource,
|
Kind: chain.KindResource,
|
||||||
Key: "Department",
|
Key: "Department",
|
||||||
Value: "HR",
|
Value: "HR",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Op: chain.CondStringEquals,
|
Op: chain.CondStringEquals,
|
||||||
Object: chain.ObjectRequest,
|
Kind: chain.KindRequest,
|
||||||
Key: "Actor",
|
Key: "Actor",
|
||||||
Value: actor2,
|
Value: actor2,
|
||||||
},
|
},
|
||||||
|
|
Loading…
Reference in a new issue