diff options
| author | mo khan <mo@mokhan.ca> | 2025-04-02 11:23:47 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-04-02 11:23:47 -0600 |
| commit | 3f54e2fc59f21029813863491b37e39bb6015115 (patch) | |
| tree | 423d1d427e4d340d8030d3c9d98794084c0d5edb /pkg/policies/init.go | |
| parent | e8708d505dfbe6c3ecbf41afb9732b73b6f1f156 (diff) | |
refactor: move policies and entities in policies package
Diffstat (limited to 'pkg/policies/init.go')
| -rw-r--r-- | pkg/policies/init.go | 54 |
1 files changed, 27 insertions, 27 deletions
diff --git a/pkg/policies/init.go b/pkg/policies/init.go index d455cb8..cabfbec 100644 --- a/pkg/policies/init.go +++ b/pkg/policies/init.go @@ -3,33 +3,21 @@ package policies import ( "embed" _ "embed" - "encoding/json" + "fmt" "io/fs" "log" + "strings" "github.com/cedar-policy/cedar-go" "github.com/cedar-policy/cedar-go/types" - "github.com/xlgmokha/x/pkg/x" xlog "gitlab.com/mokhax/spike/pkg/log" ) -//go:embed *.cedar +//go:embed *.cedar *.json var files embed.FS var All *cedar.PolicySet = cedar.NewPolicySet() - -const entitiesJSON = `[ - { - "uid": { "type": "User", "id": "alice" }, - "attrs": { "age": 18 }, - "parents": [] - }, - { - "uid": { "type": "Photo", "id": "VacationPhoto94.jpg" }, - "attrs": {}, - "parents": [{ "type": "Album", "id": "jane_vacation" }] - } -]` +var Entities cedar.EntityMap = cedar.EntityMap{} func init() { err := fs.WalkDir(files, ".", func(path string, d fs.DirEntry, err error) error { @@ -41,17 +29,30 @@ func init() { return nil } - content, err := fs.ReadFile(files, path) - if err != nil { - return err - } + if strings.HasSuffix(path, ".cedar") { + content, err := fs.ReadFile(files, path) + if err != nil { + return err + } - var policy cedar.Policy - if err := policy.UnmarshalCedar(content); err != nil { - return err + policy := cedar.Policy{} + if err := policy.UnmarshalCedar(content); err != nil { + return err + } + policy.SetFilename(path) + + All.Add(cedar.PolicyID(path), &policy) + } else if strings.HasSuffix(path, ".json") { + content, err := fs.ReadFile(files, path) + if err != nil { + return err + } + + if err := Entities.UnmarshalJSON(content); err != nil { + return err + } } - All.Add(cedar.PolicyID(path), &policy) return nil }) @@ -61,10 +62,9 @@ func init() { } func Allowed(request cedar.Request) bool { - var entities cedar.EntityMap - x.Check(json.Unmarshal([]byte(entitiesJSON), &entities)) + ok, diagnostic := All.IsAuthorized(Entities, request) + fmt.Printf("%v: %v -> %v %v%v\n", ok, request.Principal, request.Action, request.Context.Map(), request.Resource) - ok, diagnostic := All.IsAuthorized(entities, request) if len(diagnostic.Errors) > 0 { for err := range diagnostic.Errors { xlog.Default.Printf("%v\n", err) |