Parse auditLoggingOptions to the associated RBAC protos. The single auditLoggingOptions results in two different parsed protos, one for the allow policy and one for the deny policy
()
| 290 | // auditLoggingOptions results in two different parsed protos, one for the allow |
| 291 | // policy and one for the deny policy |
| 292 | func (options *auditLoggingOptions) toProtos() (allow *v3rbacpb.RBAC_AuditLoggingOptions, deny *v3rbacpb.RBAC_AuditLoggingOptions, err error) { |
| 293 | allow = &v3rbacpb.RBAC_AuditLoggingOptions{} |
| 294 | deny = &v3rbacpb.RBAC_AuditLoggingOptions{} |
| 295 | |
| 296 | if options.AuditCondition != "" { |
| 297 | rbacCondition, ok := v3rbacpb.RBAC_AuditLoggingOptions_AuditCondition_value[options.AuditCondition] |
| 298 | if !ok { |
| 299 | return nil, nil, fmt.Errorf("failed to parse AuditCondition %v. Allowed values {NONE, ON_DENY, ON_ALLOW, ON_DENY_AND_ALLOW}", options.AuditCondition) |
| 300 | } |
| 301 | allow.AuditCondition = v3rbacpb.RBAC_AuditLoggingOptions_AuditCondition(rbacCondition) |
| 302 | deny.AuditCondition = toDenyCondition(v3rbacpb.RBAC_AuditLoggingOptions_AuditCondition(rbacCondition)) |
| 303 | } |
| 304 | |
| 305 | for i, config := range options.AuditLoggers { |
| 306 | if config.Name == "" { |
| 307 | return nil, nil, fmt.Errorf("missing required field: name in audit_logging_options.audit_loggers[%v]", i) |
| 308 | } |
| 309 | if config.Config == nil { |
| 310 | config.Config = &structpb.Struct{} |
| 311 | } |
| 312 | typedStruct := &v1xdsudpatypepb.TypedStruct{ |
| 313 | TypeUrl: typeURLPrefix + config.Name, |
| 314 | Value: config.Config, |
| 315 | } |
| 316 | customConfig, err := anypb.New(typedStruct) |
| 317 | if err != nil { |
| 318 | return nil, nil, fmt.Errorf("error parsing custom audit logger config: %v", err) |
| 319 | } |
| 320 | |
| 321 | logger := &v3corepb.TypedExtensionConfig{Name: config.Name, TypedConfig: customConfig} |
| 322 | rbacConfig := v3rbacpb.RBAC_AuditLoggingOptions_AuditLoggerConfig{ |
| 323 | IsOptional: config.IsOptional, |
| 324 | AuditLogger: logger, |
| 325 | } |
| 326 | allow.LoggerConfigs = append(allow.LoggerConfigs, &rbacConfig) |
| 327 | deny.LoggerConfigs = append(deny.LoggerConfigs, &rbacConfig) |
| 328 | } |
| 329 | |
| 330 | return allow, deny, nil |
| 331 | } |
| 332 | |
| 333 | // Maps the AuditCondition coming from AuditLoggingOptions to the proper |
| 334 | // condition for the deny policy RBAC proto |
no test coverage detected