translatePolicy translates SDK authorization policy in JSON format to two Envoy RBAC polices (deny followed by allow policy) or only one Envoy RBAC allow policy. Also returns the overall policy name. If the input policy cannot be parsed or is invalid, an error will be returned.
(policyStr string)
| 360 | // allow policy. Also returns the overall policy name. If the input policy |
| 361 | // cannot be parsed or is invalid, an error will be returned. |
| 362 | func translatePolicy(policyStr string) ([]*v3rbacpb.RBAC, string, error) { |
| 363 | policy := &authorizationPolicy{} |
| 364 | d := json.NewDecoder(bytes.NewReader([]byte(policyStr))) |
| 365 | d.DisallowUnknownFields() |
| 366 | if err := d.Decode(policy); err != nil { |
| 367 | return nil, "", fmt.Errorf("failed to unmarshal policy: %v", err) |
| 368 | } |
| 369 | if policy.Name == "" { |
| 370 | return nil, "", fmt.Errorf(`"name" is not present`) |
| 371 | } |
| 372 | if len(policy.AllowRules) == 0 { |
| 373 | return nil, "", fmt.Errorf(`"allow_rules" is not present`) |
| 374 | } |
| 375 | allowLogger, denyLogger, err := policy.AuditLoggingOptions.toProtos() |
| 376 | if err != nil { |
| 377 | return nil, "", err |
| 378 | } |
| 379 | rbacs := make([]*v3rbacpb.RBAC, 0, 2) |
| 380 | if len(policy.DenyRules) > 0 { |
| 381 | denyPolicies, err := parseRules(policy.DenyRules, policy.Name) |
| 382 | if err != nil { |
| 383 | return nil, "", fmt.Errorf(`"deny_rules" %v`, err) |
| 384 | } |
| 385 | denyRBAC := &v3rbacpb.RBAC{ |
| 386 | Action: v3rbacpb.RBAC_DENY, |
| 387 | Policies: denyPolicies, |
| 388 | AuditLoggingOptions: denyLogger, |
| 389 | } |
| 390 | rbacs = append(rbacs, denyRBAC) |
| 391 | } |
| 392 | allowPolicies, err := parseRules(policy.AllowRules, policy.Name) |
| 393 | if err != nil { |
| 394 | return nil, "", fmt.Errorf(`"allow_rules" %v`, err) |
| 395 | } |
| 396 | allowRBAC := &v3rbacpb.RBAC{Action: v3rbacpb.RBAC_ALLOW, Policies: allowPolicies, AuditLoggingOptions: allowLogger} |
| 397 | return append(rbacs, allowRBAC), policy.Name, nil |
| 398 | } |