aarifullin/policy-engine
1
0
Fork 0
forked from TrueCloudLab/policy-engine
Code Pull requests Activity

[#7] engine: Move globMatch to common util package

Browse source 
Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
This commit is contained in:
aarifullin 2023-11-07 19:53:23 +03:00 committed by Evgenii Stratonikov
parent 38985e4ec8
commit 9472a7123e
3 changed files with 13 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
chain.go
View file

@ -4,6 +4,8 @@ import (
"encoding/json" "encoding/json"
"fmt" "fmt"
"strings" "strings"
"git.frostfs.info/TrueCloudLab/policy-engine/util"
) )
// Engine ... // Engine ...
@ -159,9 +161,9 @@ func (c *Condition) Match(req Request) bool {
case CondStringNotEqualsIgnoreCase: case CondStringNotEqualsIgnoreCase:
return !strings.EqualFold(val, c.Value) return !strings.EqualFold(val, c.Value)
case CondStringLike: case CondStringLike:
return globMatch(val, c.Value) return util.GlobMatch(val, c.Value)
case CondStringNotLike: case CondStringNotLike:
return !globMatch(val, c.Value) return !util.GlobMatch(val, c.Value)
case CondStringLessThan: case CondStringLessThan:
return val < c.Value return val < c.Value
case CondStringLessThanEquals: case CondStringLessThanEquals:
@ -176,7 +178,7 @@ func (c *Condition) Match(req Request) bool {
func (r *Rule) Match(req Request) (status Status, matched bool) { func (r *Rule) Match(req Request) (status Status, matched bool) {
found := len(r.Resources.Names) == 0 found := len(r.Resources.Names) == 0
for i := range r.Resources.Names { for i := range r.Resources.Names {
if globMatch(req.Resource().Name(), r.Resources.Names[i]) != r.Resources.Inverted { if util.GlobMatch(req.Resource().Name(), r.Resources.Names[i]) != r.Resources.Inverted {
found = true found = true
break break
} }
@ -185,7 +187,7 @@ func (r *Rule) Match(req Request) (status Status, matched bool) {
return NoRuleFound, false return NoRuleFound, false
} }
for i := range r.Actions.Names { for i := range r.Actions.Names {
if globMatch(req.Operation(), r.Actions.Names[i]) != r.Actions.Inverted { if util.GlobMatch(req.Operation(), r.Actions.Names[i]) != r.Actions.Inverted {
return r.matchCondition(req) return r.matchCondition(req)
} }
} }

6
inmemory.go
View file

@ -1,5 +1,9 @@
package policyengine package policyengine
import (
"git.frostfs.info/TrueCloudLab/policy-engine/util"
)
type inmemory struct { type inmemory struct {
namespace map[Name][]chain namespace map[Name][]chain
resource map[Name][]chain resource map[Name][]chain
@ -52,7 +56,7 @@ func (s *inmemory) IsAllowed(name Name, namespace string, r Request) (Status, bo
func matchArray(cs []chain, object string, r Request) (Status, bool) { func matchArray(cs []chain, object string, r Request) (Status, bool) {
for _, c := range cs { for _, c := range cs {
if !globMatch(object, c.object) { if !util.GlobMatch(object, c.object) {
continue continue
} }
if status, matched := c.chain.Match(r); matched { if status, matched := c.chain.Match(r); matched {

4
glob.go → util/glob.go
View file

@ -1,4 +1,4 @@
package policyengine package util
import ( import (
"strings" "strings"
@ -9,7 +9,7 @@ import (
// ? in pattern correspond to any symbol. // ? in pattern correspond to any symbol.
// * in pattern correspond to any sequence of symbols. // * in pattern correspond to any sequence of symbols.
// Currently only '*' in the suffix is supported. // Currently only '*' in the suffix is supported.
func globMatch(s, pattern string) bool { func GlobMatch(s, pattern string) bool {
index := strings.IndexByte(pattern, '*') index := strings.IndexByte(pattern, '*')
switch index { switch index {
default: default: