ppl: remove support for aliases (#2400)

This commit is contained in:
Caleb Doxsey 2021-07-27 12:29:42 -06:00 committed by GitHub
parent 1c627e5724
commit c34118360d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
15 changed files with 34 additions and 35 deletions

View file

@ -50,7 +50,7 @@ func (p *Policy) ToPPL() *parser.Policy {
for _, ag := range p.AllAllowedGroups() { for _, ag := range p.AllAllowedGroups() {
allowRule.Or = append(allowRule.Or, allowRule.Or = append(allowRule.Or,
parser.Criterion{ parser.Criterion{
Name: "group", Name: "groups",
Data: parser.Object{ Data: parser.Object{
"has": parser.String(ag), "has": parser.String(ag),
}, },
@ -68,7 +68,7 @@ func (p *Policy) ToPPL() *parser.Policy {
data, _ := parser.ParseValue(bytes.NewReader(bs)) data, _ := parser.ParseValue(bytes.NewReader(bs))
allowRule.Or = append(allowRule.Or, allowRule.Or = append(allowRule.Or,
parser.Criterion{ parser.Criterion{
Name: "claims", Name: "claim",
SubPath: k, SubPath: k,
Data: data, Data: data,
}) })

View file

@ -19,8 +19,8 @@ func (acceptCriterion) DataType() CriterionDataType {
return generator.CriterionDataTypeUnused return generator.CriterionDataTypeUnused
} }
func (acceptCriterion) Names() []string { func (acceptCriterion) Name() string {
return []string{"accept"} return "accept"
} }
func (c acceptCriterion) GenerateRule(_ string, _ parser.Value) (*ast.Rule, []*ast.Rule, error) { func (c acceptCriterion) GenerateRule(_ string, _ parser.Value) (*ast.Rule, []*ast.Rule, error) {

View file

@ -22,8 +22,8 @@ func (authenticatedUserCriterion) DataType() CriterionDataType {
return generator.CriterionDataTypeUnused return generator.CriterionDataTypeUnused
} }
func (authenticatedUserCriterion) Names() []string { func (authenticatedUserCriterion) Name() string {
return []string{"authenticated_user"} return "authenticated_user"
} }
func (c authenticatedUserCriterion) GenerateRule(_ string, _ parser.Value) (*ast.Rule, []*ast.Rule, error) { func (c authenticatedUserCriterion) GenerateRule(_ string, _ parser.Value) (*ast.Rule, []*ast.Rule, error) {

View file

@ -40,8 +40,8 @@ func (claimsCriterion) DataType() CriterionDataType {
return generator.CriterionDataTypeUnknown return generator.CriterionDataTypeUnknown
} }
func (claimsCriterion) Names() []string { func (claimsCriterion) Name() string {
return []string{"claim", "claims"} return "claim"
} }
func (c claimsCriterion) GenerateRule(subPath string, data parser.Value) (*ast.Rule, []*ast.Rule, error) { func (c claimsCriterion) GenerateRule(subPath string, data parser.Value) (*ast.Rule, []*ast.Rule, error) {

View file

@ -21,8 +21,8 @@ func (corsPreflightCriterion) DataType() CriterionDataType {
return generator.CriterionDataTypeUnused return generator.CriterionDataTypeUnused
} }
func (corsPreflightCriterion) Names() []string { func (corsPreflightCriterion) Name() string {
return []string{"cors_preflight"} return "cors_preflight"
} }
func (c corsPreflightCriterion) GenerateRule(_ string, _ parser.Value) (*ast.Rule, []*ast.Rule, error) { func (c corsPreflightCriterion) GenerateRule(_ string, _ parser.Value) (*ast.Rule, []*ast.Rule, error) {

View file

@ -27,8 +27,8 @@ func (domainsCriterion) DataType() CriterionDataType {
return CriterionDataTypeStringMatcher return CriterionDataTypeStringMatcher
} }
func (domainsCriterion) Names() []string { func (domainsCriterion) Name() string {
return []string{"domain", "domains"} return "domain"
} }
func (c domainsCriterion) GenerateRule(_ string, data parser.Value) (*ast.Rule, []*ast.Rule, error) { func (c domainsCriterion) GenerateRule(_ string, data parser.Value) (*ast.Rule, []*ast.Rule, error) {

View file

@ -28,8 +28,8 @@ func (emailsCriterion) DataType() generator.CriterionDataType {
return CriterionDataTypeStringMatcher return CriterionDataTypeStringMatcher
} }
func (emailsCriterion) Names() []string { func (emailsCriterion) Name() string {
return []string{"email", "emails"} return "email"
} }
func (c emailsCriterion) GenerateRule(_ string, data parser.Value) (*ast.Rule, []*ast.Rule, error) { func (c emailsCriterion) GenerateRule(_ string, data parser.Value) (*ast.Rule, []*ast.Rule, error) {

View file

@ -47,8 +47,8 @@ func (groupsCriterion) DataType() generator.CriterionDataType {
return CriterionDataTypeStringListMatcher return CriterionDataTypeStringListMatcher
} }
func (groupsCriterion) Names() []string { func (groupsCriterion) Name() string {
return []string{"group", "groups"} return "groups"
} }
func (c groupsCriterion) GenerateRule(_ string, data parser.Value) (*ast.Rule, []*ast.Rule, error) { func (c groupsCriterion) GenerateRule(_ string, data parser.Value) (*ast.Rule, []*ast.Rule, error) {

View file

@ -21,8 +21,8 @@ func (invalidClientCertificateCriterion) DataType() CriterionDataType {
return generator.CriterionDataTypeUnused return generator.CriterionDataTypeUnused
} }
func (invalidClientCertificateCriterion) Names() []string { func (invalidClientCertificateCriterion) Name() string {
return []string{"invalid_client_certificate"} return "invalid_client_certificate"
} }
func (c invalidClientCertificateCriterion) GenerateRule(_ string, _ parser.Value) (*ast.Rule, []*ast.Rule, error) { func (c invalidClientCertificateCriterion) GenerateRule(_ string, _ parser.Value) (*ast.Rule, []*ast.Rule, error) {

View file

@ -21,8 +21,8 @@ func (pomeriumRoutesCriterion) DataType() generator.CriterionDataType {
return generator.CriterionDataTypeUnused return generator.CriterionDataTypeUnused
} }
func (pomeriumRoutesCriterion) Names() []string { func (pomeriumRoutesCriterion) Name() string {
return []string{"pomerium_routes"} return "pomerium_routes"
} }
func (c pomeriumRoutesCriterion) GenerateRule(_ string, _ parser.Value) (*ast.Rule, []*ast.Rule, error) { func (c pomeriumRoutesCriterion) GenerateRule(_ string, _ parser.Value) (*ast.Rule, []*ast.Rule, error) {

View file

@ -19,8 +19,8 @@ func (rejectMatcher) DataType() CriterionDataType {
return generator.CriterionDataTypeUnused return generator.CriterionDataTypeUnused
} }
func (rejectMatcher) Names() []string { func (rejectMatcher) Name() string {
return []string{"reject"} return "reject"
} }
func (m rejectMatcher) GenerateRule(_ string, _ parser.Value) (*ast.Rule, []*ast.Rule, error) { func (m rejectMatcher) GenerateRule(_ string, _ parser.Value) (*ast.Rule, []*ast.Rule, error) {

View file

@ -28,8 +28,8 @@ func (usersCriterion) DataType() generator.CriterionDataType {
return CriterionDataTypeStringMatcher return CriterionDataTypeStringMatcher
} }
func (usersCriterion) Names() []string { func (usersCriterion) Name() string {
return []string{"user", "users"} return "user"
} }
func (c usersCriterion) GenerateRule(_ string, data parser.Value) (*ast.Rule, []*ast.Rule, error) { func (c usersCriterion) GenerateRule(_ string, data parser.Value) (*ast.Rule, []*ast.Rule, error) {

View file

@ -9,7 +9,7 @@ import (
// A Criterion generates rego rules based on data. // A Criterion generates rego rules based on data.
type Criterion interface { type Criterion interface {
DataType() CriterionDataType DataType() CriterionDataType
Names() []string Name() string
GenerateRule(subPath string, data parser.Value) (rule *ast.Rule, additionalRules []*ast.Rule, err error) GenerateRule(subPath string, data parser.Value) (rule *ast.Rule, additionalRules []*ast.Rule, err error)
} }
@ -19,7 +19,7 @@ type CriterionConstructor func(*Generator) Criterion
// A criterionFunc is a criterion implemented as a function and a list of names. // A criterionFunc is a criterion implemented as a function and a list of names.
type criterionFunc struct { type criterionFunc struct {
dataType CriterionDataType dataType CriterionDataType
names []string name string
generateRule func(subPath string, data parser.Value) (rule *ast.Rule, additionalRules []*ast.Rule, err error) generateRule func(subPath string, data parser.Value) (rule *ast.Rule, additionalRules []*ast.Rule, err error)
} }
@ -28,9 +28,9 @@ func (c criterionFunc) DataType() CriterionDataType {
return c.dataType return c.dataType
} }
// Names returns the names of the criterion. // Name returns the name of the criterion.
func (c criterionFunc) Names() []string { func (c criterionFunc) Name() string {
return c.names return c.name
} }
// GenerateRule calls the underlying generateRule function. // GenerateRule calls the underlying generateRule function.
@ -41,11 +41,12 @@ func (c criterionFunc) GenerateRule(subPath string, data parser.Value) (rule *as
// NewCriterionFunc creates a new Criterion from a function. // NewCriterionFunc creates a new Criterion from a function.
func NewCriterionFunc( func NewCriterionFunc(
dataType CriterionDataType, dataType CriterionDataType,
names []string, name string,
f func(subPath string, data parser.Value) (rule *ast.Rule, additionalRules []*ast.Rule, err error), f func(subPath string, data parser.Value) (rule *ast.Rule, additionalRules []*ast.Rule, err error),
) Criterion { ) Criterion {
return criterionFunc{ return criterionFunc{
names: names, dataType: dataType,
name: name,
generateRule: f, generateRule: f,
} }
} }

View file

@ -23,9 +23,7 @@ type Option func(*Generator)
func WithCriterion(criterionConstructor CriterionConstructor) Option { func WithCriterion(criterionConstructor CriterionConstructor) Option {
return func(g *Generator) { return func(g *Generator) {
c := criterionConstructor(g) c := criterionConstructor(g)
for _, name := range c.Names() { g.criteria[c.Name()] = c
g.criteria[name] = c
}
} }
} }

View file

@ -13,7 +13,7 @@ import (
func Test(t *testing.T) { func Test(t *testing.T) {
g := New(WithCriterion(func(g *Generator) Criterion { g := New(WithCriterion(func(g *Generator) Criterion {
return NewCriterionFunc(CriterionDataTypeUnused, []string{"accept"}, func(subPath string, data parser.Value) (rule *ast.Rule, additionalRules []*ast.Rule, err error) { return NewCriterionFunc(CriterionDataTypeUnused, "accept", func(subPath string, data parser.Value) (rule *ast.Rule, additionalRules []*ast.Rule, err error) {
rule = g.NewRule("accept") rule = g.NewRule("accept")
rule.Body = append(rule.Body, ast.MustParseExpr("1 == 1")) rule.Body = append(rule.Body, ast.MustParseExpr("1 == 1"))
return rule, nil, nil return rule, nil, nil