forked from TrueCloudLab/policy-engine
[#64] engine: Add user and group targets
Signed-off-by: Evgenii Stratonikov <e.stratonikov@yadro.com>
This commit is contained in:
parent
530248de75
commit
0e69e48511
3 changed files with 55 additions and 7 deletions
|
@ -21,7 +21,7 @@ func NewInmemoryMorphRuleChainStorage() engine.MorphRuleChainStorage {
|
||||||
|
|
||||||
func (s *inmemoryMorphRuleChainStorage) AddMorphRuleChain(name chain.Name, target engine.Target, c *chain.Chain) (_ util.Uint256, _ uint32, err error) {
|
func (s *inmemoryMorphRuleChainStorage) AddMorphRuleChain(name chain.Name, target engine.Target, c *chain.Chain) (_ util.Uint256, _ uint32, err error) {
|
||||||
switch target.Type {
|
switch target.Type {
|
||||||
case engine.Namespace, engine.Container:
|
case engine.Namespace, engine.Container, engine.User, engine.Group:
|
||||||
_, err = s.storage.AddOverride(name, target, c)
|
_, err = s.storage.AddOverride(name, target, c)
|
||||||
default:
|
default:
|
||||||
err = engine.ErrUnknownTarget
|
err = engine.ErrUnknownTarget
|
||||||
|
@ -31,7 +31,7 @@ func (s *inmemoryMorphRuleChainStorage) AddMorphRuleChain(name chain.Name, targe
|
||||||
|
|
||||||
func (s *inmemoryMorphRuleChainStorage) RemoveMorphRuleChain(name chain.Name, target engine.Target, chainID chain.ID) (_ util.Uint256, _ uint32, err error) {
|
func (s *inmemoryMorphRuleChainStorage) RemoveMorphRuleChain(name chain.Name, target engine.Target, chainID chain.ID) (_ util.Uint256, _ uint32, err error) {
|
||||||
switch target.Type {
|
switch target.Type {
|
||||||
case engine.Namespace, engine.Container:
|
case engine.Namespace, engine.Container, engine.User, engine.Group:
|
||||||
err = s.storage.RemoveOverride(name, target, chainID)
|
err = s.storage.RemoveOverride(name, target, chainID)
|
||||||
default:
|
default:
|
||||||
err = engine.ErrUnknownTarget
|
err = engine.ErrUnknownTarget
|
||||||
|
@ -41,7 +41,7 @@ func (s *inmemoryMorphRuleChainStorage) RemoveMorphRuleChain(name chain.Name, ta
|
||||||
|
|
||||||
func (s *inmemoryMorphRuleChainStorage) RemoveMorphRuleChainsByTarget(name chain.Name, target engine.Target) (_ util.Uint256, _ uint32, err error) {
|
func (s *inmemoryMorphRuleChainStorage) RemoveMorphRuleChainsByTarget(name chain.Name, target engine.Target) (_ util.Uint256, _ uint32, err error) {
|
||||||
switch target.Type {
|
switch target.Type {
|
||||||
case engine.Namespace, engine.Container:
|
case engine.Namespace, engine.Container, engine.User, engine.Group:
|
||||||
err = s.storage.RemoveOverridesByTarget(name, target)
|
err = s.storage.RemoveOverridesByTarget(name, target)
|
||||||
default:
|
default:
|
||||||
err = engine.ErrUnknownTarget
|
err = engine.ErrUnknownTarget
|
||||||
|
@ -51,7 +51,7 @@ func (s *inmemoryMorphRuleChainStorage) RemoveMorphRuleChainsByTarget(name chain
|
||||||
|
|
||||||
func (s *inmemoryMorphRuleChainStorage) ListMorphRuleChains(name chain.Name, target engine.Target) ([]*chain.Chain, error) {
|
func (s *inmemoryMorphRuleChainStorage) ListMorphRuleChains(name chain.Name, target engine.Target) ([]*chain.Chain, error) {
|
||||||
switch target.Type {
|
switch target.Type {
|
||||||
case engine.Namespace, engine.Container:
|
case engine.Namespace, engine.Container, engine.User, engine.Group:
|
||||||
return s.storage.ListOverrides(name, target)
|
return s.storage.ListOverrides(name, target)
|
||||||
default:
|
default:
|
||||||
}
|
}
|
||||||
|
|
|
@ -37,6 +37,8 @@ type TargetType rune
|
||||||
const (
|
const (
|
||||||
Namespace TargetType = 'n'
|
Namespace TargetType = 'n'
|
||||||
Container TargetType = 'c'
|
Container TargetType = 'c'
|
||||||
|
User TargetType = 'u'
|
||||||
|
Group TargetType = 'g'
|
||||||
)
|
)
|
||||||
|
|
||||||
type Target struct {
|
type Target struct {
|
||||||
|
@ -48,6 +50,8 @@ type Target struct {
|
||||||
type RequestTarget struct {
|
type RequestTarget struct {
|
||||||
Namespace *Target
|
Namespace *Target
|
||||||
Container *Target
|
Container *Target
|
||||||
|
User *Target
|
||||||
|
Groups []Target
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewRequestTargetWithNamespace(namespace string) RequestTarget {
|
func NewRequestTargetWithNamespace(namespace string) RequestTarget {
|
||||||
|
@ -73,6 +77,24 @@ func NewRequestTarget(namespace, container string) RequestTarget {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func NewRequestTargetExtended(namespace, container, user string, groups []string) RequestTarget {
|
||||||
|
nt := NamespaceTarget(namespace)
|
||||||
|
ct := ContainerTarget(container)
|
||||||
|
u := UserTarget(user)
|
||||||
|
rt := RequestTarget{
|
||||||
|
Namespace: &nt,
|
||||||
|
Container: &ct,
|
||||||
|
User: &u,
|
||||||
|
}
|
||||||
|
if len(groups) != 0 {
|
||||||
|
rt.Groups = make([]Target, len(groups))
|
||||||
|
for i := range groups {
|
||||||
|
rt.Groups[i] = GroupTarget(groups[i])
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return rt
|
||||||
|
}
|
||||||
|
|
||||||
func (rt *RequestTarget) Targets() (targets []Target) {
|
func (rt *RequestTarget) Targets() (targets []Target) {
|
||||||
if rt.Namespace != nil {
|
if rt.Namespace != nil {
|
||||||
targets = append(targets, *rt.Namespace)
|
targets = append(targets, *rt.Namespace)
|
||||||
|
@ -80,6 +102,12 @@ func (rt *RequestTarget) Targets() (targets []Target) {
|
||||||
if rt.Container != nil {
|
if rt.Container != nil {
|
||||||
targets = append(targets, *rt.Container)
|
targets = append(targets, *rt.Container)
|
||||||
}
|
}
|
||||||
|
if rt.User != nil {
|
||||||
|
targets = append(targets, *rt.User)
|
||||||
|
}
|
||||||
|
if len(rt.Groups) != 0 {
|
||||||
|
targets = append(targets, rt.Groups...)
|
||||||
|
}
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -97,6 +125,20 @@ func ContainerTarget(container string) Target {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func UserTarget(user string) Target {
|
||||||
|
return Target{
|
||||||
|
Type: User,
|
||||||
|
Name: user,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func GroupTarget(group string) Target {
|
||||||
|
return Target{
|
||||||
|
Type: Group,
|
||||||
|
Name: group,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// MorphRuleChainStorageReader is the interface that provides read-only methods to receive
|
// MorphRuleChainStorageReader is the interface that provides read-only methods to receive
|
||||||
// data like chains, target or admin from a chain storage.
|
// data like chains, target or admin from a chain storage.
|
||||||
type MorphRuleChainStorageReader interface {
|
type MorphRuleChainStorageReader interface {
|
||||||
|
|
|
@ -205,10 +205,16 @@ func prefixedChainName(name chain.Name, chainID chain.ID) []byte {
|
||||||
}
|
}
|
||||||
|
|
||||||
func policyKind(typ engine.TargetType) (policy.Kind, error) {
|
func policyKind(typ engine.TargetType) (policy.Kind, error) {
|
||||||
if typ == engine.Namespace {
|
switch typ {
|
||||||
|
case engine.Namespace:
|
||||||
return policy.Namespace, nil
|
return policy.Namespace, nil
|
||||||
} else if typ == engine.Container {
|
case engine.Container:
|
||||||
return policy.Container, nil
|
return policy.Container, nil
|
||||||
}
|
case engine.User:
|
||||||
|
return policy.Kind(engine.User), nil
|
||||||
|
case engine.Group:
|
||||||
|
return policy.Kind(engine.Group), nil
|
||||||
|
default:
|
||||||
return policy.Kind(0), ErrEngineTargetTypeUnsupported
|
return policy.Kind(0), ErrEngineTargetTypeUnsupported
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue