From f5a4bd9a304627636acdfd954e25fc82e05ffaef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Toma=C5=BE=20Jerman?= Date: Wed, 27 Apr 2022 12:31:49 +0200 Subject: [PATCH] Add additional utilities to work with resources --- pkg/envoy/locale.go | 36 +++++++++++++++++++++++++++++++++++- pkg/envoy/rbac.go | 41 +++++++++++++++++++++++++++++++++++++++++ pkg/envoy/shared.go | 19 +++++++++++++++++++ 3 files changed, 95 insertions(+), 1 deletion(-) create mode 100644 pkg/envoy/rbac.go create mode 100644 pkg/envoy/shared.go diff --git a/pkg/envoy/locale.go b/pkg/envoy/locale.go index 38f834415..dc0edb34f 100644 --- a/pkg/envoy/locale.go +++ b/pkg/envoy/locale.go @@ -1,6 +1,8 @@ package envoy -import "github.com/cortezaproject/corteza-server/pkg/envoy/resource" +import ( + "github.com/cortezaproject/corteza-server/pkg/envoy/resource" +) // NormalizeResourceTranslations takes the provided resource.ResourceTranslation // and merges duplicates based on the Priority parameter @@ -63,3 +65,35 @@ func NormalizeResourceTranslations(rr ...resource.Interface) []resource.Interfac return out } + +func appendRefSet(a resource.RefSet, b *resource.Ref) resource.RefSet { + return append(a, b) +} + +// FilterRequiredResourceTranslations returns only resource translations relevant for the given resources +func FilterRequiredResourceTranslations(request resource.InterfaceSet, translations []*resource.ResourceTranslation) (out []*resource.ResourceTranslation) { + out = make([]*resource.ResourceTranslation, 0, 100) + + // Filter + procResSet(request, func(r resource.Interface) { + localeRes, ok := r.(resource.LocaleInterface) + if !ok { + return + } + + _, ref, pp := localeRes.ResourceTranslationParts() + resourceRefSet := appendRefSet(pp, ref) + + for _, t := range translations { + translationRefSet := appendRefSet(t.RefPath, t.RefRes) + // Res. tr. use strict equality to determine where it falls into + if !translationRefSet.Equals(resourceRefSet) { + continue + } + + out = append(out, t) + } + }) + + return +} diff --git a/pkg/envoy/rbac.go b/pkg/envoy/rbac.go new file mode 100644 index 000000000..6d52a702f --- /dev/null +++ b/pkg/envoy/rbac.go @@ -0,0 +1,41 @@ +package envoy + +import ( + "fmt" + + "github.com/cortezaproject/corteza-server/pkg/envoy/resource" +) + +// FilterRequestedRBACRules returns only RBAC rules relevant for the given resources +func FilterRequestedRBACRules(request resource.InterfaceSet, rules []*resource.RbacRule) (out []*resource.RbacRule) { + out = make([]*resource.RbacRule, 0, 10) + + // Filter + dupRuleIndex := make(map[string]bool) + procResSet(request, func(r resource.Interface) { + rbacRes, ok := r.(resource.RBACInterface) + if !ok { + return + } + + _, ref, pp := rbacRes.RBACParts() + resourceRefSet := appendRefSet(pp, ref) + + for _, rule := range rules { + k := fmt.Sprintf("%s, %s, %d; %d", rule.Res.Resource, rule.Res.Operation, rule.Res.Access, rule.Res.RoleID) + if dupRuleIndex[k] { + continue + } + dupRuleIndex[k] = true + ruleRefSet := appendRefSet(rule.RefPath, rule.RefRes) + // Checking if rule is <= resource since wildflags can be used + if !ruleRefSet.IsSubset(resourceRefSet) { + continue + } + + out = append(out, rule) + } + }) + + return +} diff --git a/pkg/envoy/shared.go b/pkg/envoy/shared.go new file mode 100644 index 000000000..760244643 --- /dev/null +++ b/pkg/envoy/shared.go @@ -0,0 +1,19 @@ +package envoy + +import "github.com/cortezaproject/corteza-server/pkg/envoy/resource" + +// procResSet is a little utility to run some op over given resources +// +// Helps cover special cases such as modules & module fields +func procResSet(resources resource.InterfaceSet, fn func(r resource.Interface)) { + for _, res := range resources { + fn(res) + + // Special case for modules since it has + if modR, ok := res.(*resource.ComposeModule); ok { + for _, f := range modR.ResFields { + fn(f) + } + } + } +}