dstepanov-yadro/policy-engine
1
0
Fork 0
forked from TrueCloudLab/policy-engine
Code Pull requests Activity

[#4] Reduce number of condition types

Browse source
This commit is contained in:
Denis Kirillov 2023-10-23 15:44:01 +03:00
parent 88cf807951
commit 31a308ea61
1 changed files with 25 additions and 35 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

60
chain.go
View file

@ -56,49 +56,31 @@ const (
ObjectActor ObjectActor
) )
// TODO @fyrchik: replace string with int-like type. type ConditionType byte
type ConditionType string
// TODO @fyrchik: reduce the number of conditions. // TODO @fyrchik: reduce the number of conditions.
// Everything from here should be expressable, but we do not need them all. // Everything from here should be expressable, but we do not need them all.
// https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html // https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html
const ( const (
// String condition operators. // String condition operators.
CondStringEquals ConditionType = "StringEquals" CondStringEquals ConditionType = iota
CondStringNotEquals ConditionType = "StringNotEquals" CondStringNotEquals
CondStringEqualsIgnoreCase ConditionType = "StringEqualsIgnoreCase" CondStringEqualsIgnoreCase
CondStringNotEqualsIgnoreCase ConditionType = "StringNotEqualsIgnoreCase" CondStringNotEqualsIgnoreCase
CondStringLike ConditionType = "StringLike" CondStringLike
CondStringNotLike ConditionType = "StringNotLike" CondStringNotLike
CondStringLessThan
CondStringLessThanEquals
CondStringGreaterThan
CondStringGreaterThanEquals
// Numeric condition operators. // Numeric condition operators.
CondNumericEquals ConditionType = "NumericEquals" CondNumericEquals
CondNumericNotEquals ConditionType = "NumericNotEquals" CondNumericNotEquals
CondNumericLessThan ConditionType = "NumericLessThan" CondNumericLessThan
CondNumericLessThanEquals ConditionType = "NumericLessThanEquals" CondNumericLessThanEquals
CondNumericGreaterThan ConditionType = "NumericGreaterThan" CondNumericGreaterThan
CondNumericGreaterThanEquals ConditionType = "NumericGreaterThanEquals" CondNumericGreaterThanEquals
// Date condition operators.
CondDateEquals ConditionType = "DateEquals"
CondDateNotEquals ConditionType = "DateNotEquals"
CondDateLessThan ConditionType = "DateLessThan"
CondDateLessThanEquals ConditionType = "DateLessThanEquals"
CondDateGreaterThan ConditionType = "DateGreaterThan"
CondDateGreaterThanEquals ConditionType = "DateGreaterThanEquals"
// Bolean condition operators.
CondBool ConditionType = "Bool"
// IP address condition operators.
CondIPAddress ConditionType = "IpAddress"
CondNotIPAddress ConditionType = "NotIpAddress"
// ARN condition operators.
CondArnEquals ConditionType = "ArnEquals"
CondArnLike ConditionType = "ArnLike"
CondArnNotEquals ConditionType = "ArnNotEquals"
CondArnNotLike ConditionType = "ArnNotLike"
) )
func (c *Condition) Match(req Request) bool { func (c *Condition) Match(req Request) bool {
@ -127,6 +109,14 @@ func (c *Condition) Match(req Request) bool {
return globMatch(val, c.Value) return globMatch(val, c.Value)
case CondStringNotLike: case CondStringNotLike:
return !globMatch(val, c.Value) return !globMatch(val, c.Value)
case CondStringLessThan:
return val < c.Value
case CondStringLessThanEquals:
return val <= c.Value
case CondStringGreaterThan:
return val > c.Value
case CondStringGreaterThanEquals:
return val >= c.Value
} }
} }