MCPcopy
hub / github.com/grpc/grpc-go / toProtos

Method toProtos

authz/rbac_translator.go:292–331  ·  view source on GitHub ↗

Parse auditLoggingOptions to the associated RBAC protos. The single auditLoggingOptions results in two different parsed protos, one for the allow policy and one for the deny policy

()

Source from the content-addressed store, hash-verified

290// auditLoggingOptions results in two different parsed protos, one for the allow
291// policy and one for the deny policy
292func (options *auditLoggingOptions) toProtos() (allow *v3rbacpb.RBAC_AuditLoggingOptions, deny *v3rbacpb.RBAC_AuditLoggingOptions, err error) {
293 allow = &v3rbacpb.RBAC_AuditLoggingOptions{}
294 deny = &v3rbacpb.RBAC_AuditLoggingOptions{}
295
296 if options.AuditCondition != "" {
297 rbacCondition, ok := v3rbacpb.RBAC_AuditLoggingOptions_AuditCondition_value[options.AuditCondition]
298 if !ok {
299 return nil, nil, fmt.Errorf("failed to parse AuditCondition %v. Allowed values {NONE, ON_DENY, ON_ALLOW, ON_DENY_AND_ALLOW}", options.AuditCondition)
300 }
301 allow.AuditCondition = v3rbacpb.RBAC_AuditLoggingOptions_AuditCondition(rbacCondition)
302 deny.AuditCondition = toDenyCondition(v3rbacpb.RBAC_AuditLoggingOptions_AuditCondition(rbacCondition))
303 }
304
305 for i, config := range options.AuditLoggers {
306 if config.Name == "" {
307 return nil, nil, fmt.Errorf("missing required field: name in audit_logging_options.audit_loggers[%v]", i)
308 }
309 if config.Config == nil {
310 config.Config = &structpb.Struct{}
311 }
312 typedStruct := &v1xdsudpatypepb.TypedStruct{
313 TypeUrl: typeURLPrefix + config.Name,
314 Value: config.Config,
315 }
316 customConfig, err := anypb.New(typedStruct)
317 if err != nil {
318 return nil, nil, fmt.Errorf("error parsing custom audit logger config: %v", err)
319 }
320
321 logger := &v3corepb.TypedExtensionConfig{Name: config.Name, TypedConfig: customConfig}
322 rbacConfig := v3rbacpb.RBAC_AuditLoggingOptions_AuditLoggerConfig{
323 IsOptional: config.IsOptional,
324 AuditLogger: logger,
325 }
326 allow.LoggerConfigs = append(allow.LoggerConfigs, &rbacConfig)
327 deny.LoggerConfigs = append(deny.LoggerConfigs, &rbacConfig)
328 }
329
330 return allow, deny, nil
331}
332
333// Maps the AuditCondition coming from AuditLoggingOptions to the proper
334// condition for the deny policy RBAC proto

Callers 1

translatePolicyFunction · 0.80

Calls 2

toDenyConditionFunction · 0.85
ErrorfMethod · 0.65

Tested by

no test coverage detected