synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-03 16:13:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: push rbac actions to policy package (#13274)

Browse Source 
Just moved `rbac.Action` -> `policy.Action`. This is for the stacked PR to not have circular dependencies when doing autogen. Without this, the autogen can produce broken golang code, which prevents the autogen from compiling.

So just avoiding circular dependencies. Doing this in it's own PR to reduce LoC diffs in the primary PR, since this has 0 functional changes.
This commit is contained in:
Steven Masley
2024-05-15 09:46:35 -05:00
committed by GitHub
parent f14927955d
commit cb6b5e8fbd
52 changed files with 971 additions and 925 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
coderd/rbac/astvalue.go
View File

@ -3,12 +3,14 @@ package rbac
import (
"github.com/open-policy-agent/opa/ast"
"golang.org/x/xerrors"
"github.com/coder/coder/v2/coderd/rbac/policy"
)
// regoInputValue returns a rego input value for the given subject, action, and
// object. This rego input is already parsed and can be used directly in a
// rego query.
func regoInputValue(subject Subject, action Action, object Object) (ast.Value, error) {
func regoInputValue(subject Subject, action policy.Action, object Object) (ast.Value, error) {
regoSubj, err := subject.regoValue()
if err != nil {
return nil, xerrors.Errorf("subject: %w", err)
@ -34,7 +36,7 @@ func regoInputValue(subject Subject, action Action, object Object) (ast.Value, e
// regoPartialInputValue is the same as regoInputValue but only includes the
// object type. This is for partial evaluations.
func regoPartialInputValue(subject Subject, action Action, objectType string) (ast.Value, error) {
func regoPartialInputValue(subject Subject, action policy.Action, objectType string) (ast.Value, error) {
regoSubj, err := subject.regoValue()
if err != nil {
return nil, xerrors.Errorf("subject: %w", err)
@ -103,11 +105,11 @@ func (s Subject) regoValue() (ast.Value, error) {
func (z Object) regoValue() ast.Value {
userACL := ast.NewObject()
for k, v := range z.ACLUserList {
userACL.Insert(ast.StringTerm(k), ast.NewTerm(regoSlice(v)))
userACL.Insert(ast.StringTerm(k), ast.NewTerm(regoSliceString(v...)))
}
grpACL := ast.NewObject()
for k, v := range z.ACLGroupList {
grpACL.Insert(ast.StringTerm(k), ast.NewTerm(regoSlice(v)))
grpACL.Insert(ast.StringTerm(k), ast.NewTerm(regoSliceString(v...)))
}
return ast.NewObject(
[2]*ast.Term{
@ -200,10 +202,6 @@ func (perm Permission) regoValue() ast.Value {
)
}
func (act Action) regoValue() ast.Value {
return ast.StringTerm(string(act)).Value
}
type regoValue interface {
regoValue() ast.Value
}
@ -218,10 +216,10 @@ func regoSlice[T regoValue](slice []T) *ast.Array {
return ast.NewArray(terms...)
}
func regoSliceString(slice ...string) *ast.Array {
func regoSliceString[T ~string](slice ...T) *ast.Array {
terms := make([]*ast.Term, len(slice))
for i, v := range slice {
terms[i] = ast.StringTerm(v)
terms[i] = ast.StringTerm(string(v))
}
return ast.NewArray(terms...)
}