MCPcopy
hub / github.com/grpc/grpc-go / translatePolicy

Function translatePolicy

authz/rbac_translator.go:362–398  ·  view source on GitHub ↗

translatePolicy translates SDK authorization policy in JSON format to two Envoy RBAC polices (deny followed by allow policy) or only one Envoy RBAC allow policy. Also returns the overall policy name. If the input policy cannot be parsed or is invalid, an error will be returned.

(policyStr string)

Source from the content-addressed store, hash-verified

360// allow policy. Also returns the overall policy name. If the input policy
361// cannot be parsed or is invalid, an error will be returned.
362func translatePolicy(policyStr string) ([]*v3rbacpb.RBAC, string, error) {
363 policy := &authorizationPolicy{}
364 d := json.NewDecoder(bytes.NewReader([]byte(policyStr)))
365 d.DisallowUnknownFields()
366 if err := d.Decode(policy); err != nil {
367 return nil, "", fmt.Errorf("failed to unmarshal policy: %v", err)
368 }
369 if policy.Name == "" {
370 return nil, "", fmt.Errorf(`"name" is not present`)
371 }
372 if len(policy.AllowRules) == 0 {
373 return nil, "", fmt.Errorf(`"allow_rules" is not present`)
374 }
375 allowLogger, denyLogger, err := policy.AuditLoggingOptions.toProtos()
376 if err != nil {
377 return nil, "", err
378 }
379 rbacs := make([]*v3rbacpb.RBAC, 0, 2)
380 if len(policy.DenyRules) > 0 {
381 denyPolicies, err := parseRules(policy.DenyRules, policy.Name)
382 if err != nil {
383 return nil, "", fmt.Errorf(`"deny_rules" %v`, err)
384 }
385 denyRBAC := &v3rbacpb.RBAC{
386 Action: v3rbacpb.RBAC_DENY,
387 Policies: denyPolicies,
388 AuditLoggingOptions: denyLogger,
389 }
390 rbacs = append(rbacs, denyRBAC)
391 }
392 allowPolicies, err := parseRules(policy.AllowRules, policy.Name)
393 if err != nil {
394 return nil, "", fmt.Errorf(`"allow_rules" %v`, err)
395 }
396 allowRBAC := &v3rbacpb.RBAC{Action: v3rbacpb.RBAC_ALLOW, Policies: allowPolicies, AuditLoggingOptions: allowLogger}
397 return append(rbacs, allowRBAC), policy.Name, nil
398}

Callers 2

TestTranslatePolicyFunction · 0.85
NewStaticFunction · 0.85

Calls 4

DecodeMethod · 0.95
parseRulesFunction · 0.85
toProtosMethod · 0.80
ErrorfMethod · 0.65

Tested by 1

TestTranslatePolicyFunction · 0.68