newEngine creates an RBAC Engine based on the contents of a policy. Returns a non-nil error if the policy is invalid.
(config *v3rbacpb.RBAC, policyName string)
| 127 | // newEngine creates an RBAC Engine based on the contents of a policy. Returns a |
| 128 | // non-nil error if the policy is invalid. |
| 129 | func newEngine(config *v3rbacpb.RBAC, policyName string) (*engine, error) { |
| 130 | a := config.GetAction() |
| 131 | if a != v3rbacpb.RBAC_ALLOW && a != v3rbacpb.RBAC_DENY { |
| 132 | return nil, fmt.Errorf("unsupported action %s", config.Action) |
| 133 | } |
| 134 | |
| 135 | policies := make(map[string]*policyMatcher, len(config.GetPolicies())) |
| 136 | for name, policy := range config.GetPolicies() { |
| 137 | matcher, err := newPolicyMatcher(policy) |
| 138 | if err != nil { |
| 139 | return nil, err |
| 140 | } |
| 141 | policies[name] = matcher |
| 142 | } |
| 143 | |
| 144 | auditLoggers, auditCondition, err := parseAuditOptions(config.GetAuditLoggingOptions()) |
| 145 | if err != nil { |
| 146 | return nil, err |
| 147 | } |
| 148 | return &engine{ |
| 149 | policyName: policyName, |
| 150 | policies: policies, |
| 151 | action: a, |
| 152 | auditLoggers: auditLoggers, |
| 153 | auditCondition: auditCondition, |
| 154 | }, nil |
| 155 | } |
| 156 | |
| 157 | func parseAuditOptions(opts *v3rbacpb.RBAC_AuditLoggingOptions) ([]audit.Logger, v3rbacpb.RBAC_AuditLoggingOptions_AuditCondition, error) { |
| 158 | if opts == nil { |
no test coverage detected