ladon_manager

package
v4.4.0-alpha1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 26, 2024 License: AGPL-3.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var Migrations = map[string]Statements{
	"postgres": {
		Migrations: &migrate.MemoryMigrationSource{
			Migrations: []*migrate.Migration{
				sharedMigrations[0],
				sharedMigrations[1],
				{
					Id: "3",
					Up: []string{
						"CREATE INDEX ladon_subject_compiled_idx ON ladon_subject (compiled text_pattern_ops)",
						"CREATE INDEX ladon_permission_compiled_idx ON ladon_action (compiled text_pattern_ops)",
						"CREATE INDEX ladon_resource_compiled_idx ON ladon_resource (compiled text_pattern_ops)",
					},
					Down: []string{
						"DROP INDEX ladon_subject_compiled_idx",
						"DROP INDEX ladon_permission_compiled_idx",
						"DROP INDEX ladon_resource_compiled_idx",
					},
				},
				{
					Id: "4",
					Up: []string{
						"alter table ladon_policy_permission add id int auto_increment primary key",
						"alter table ladon_policy_resource add id int auto_increment primary key",
						"alter table ladon_policy_subject add id int auto_increment primary key",
					},
					Down: []string{
						"alter table ladon_policy_permission drop column id",
						"alter table ladon_policy_resource drop column id",
						"alter table ladon_policy_subject drop column id",
					},
				},
			},
		},
		QueryInsertPolicy:             `INSERT INTO ladon_policy(id, description, effect, conditions) SELECT $1::varchar, $2, $3, $4 WHERE NOT EXISTS (SELECT 1 FROM ladon_policy WHERE id = $1)`,
		QueryInsertPolicyActions:      `INSERT INTO ladon_action (id, template, compiled, has_regex) SELECT $1::varchar, $2, $3, $4 WHERE NOT EXISTS (SELECT 1 FROM ladon_action WHERE id = $1)`,
		QueryInsertPolicyActionsRel:   `INSERT INTO ladon_policy_action_rel (policy, action) SELECT $1::varchar, $2::varchar WHERE NOT EXISTS (SELECT 1 FROM ladon_policy_action_rel WHERE policy = $1 AND action = $2)`,
		QueryInsertPolicyResources:    `INSERT INTO ladon_resource (id, template, compiled, has_regex) SELECT $1::varchar, $2, $3, $4 WHERE NOT EXISTS (SELECT 1 FROM ladon_resource WHERE id = $1)`,
		QueryInsertPolicyResourcesRel: `INSERT INTO ladon_policy_resource_rel (policy, resource) SELECT $1::varchar, $2::varchar WHERE NOT EXISTS (SELECT 1 FROM ladon_policy_resource_rel WHERE policy = $1 AND resource = $2)`,
		QueryInsertPolicySubjects:     `INSERT INTO ladon_subject (id, template, compiled, has_regex) SELECT $1::varchar, $2, $3, $4 WHERE NOT EXISTS (SELECT 1 FROM ladon_subject WHERE id = $1)`,
		QueryInsertPolicySubjectsRel:  `INSERT INTO ladon_policy_subject_rel (policy, subject) SELECT $1::varchar, $2::varchar WHERE NOT EXISTS (SELECT 1 FROM ladon_policy_subject_rel WHERE policy = $1 AND subject = $2)`,
		QueryRequestCandidates: `
		SELECT
			p.id,
			p.effect,
			p.conditions,
			p.description,
			subject.template AS subject,
			resource.template AS resource,
			action.template AS action
		FROM
			ladon_policy AS p

			INNER JOIN ladon_policy_subject_rel AS rs ON rs.policy = p.id
			LEFT JOIN ladon_policy_action_rel AS ra ON ra.policy = p.id
			LEFT JOIN ladon_policy_resource_rel AS rr ON rr.policy = p.id

			INNER JOIN ladon_subject AS subject ON rs.subject = subject.id
			LEFT JOIN ladon_action AS action ON ra.action = action.id
			LEFT JOIN ladon_resource AS resource ON rr.resource = resource.id
		WHERE
			(subject.has_regex IS NOT TRUE AND subject.template = $1)
			OR
			(subject.has_regex IS TRUE AND $2 ~ subject.compiled)`,
	},
	"mysql": {
		Migrations: &migrate.MemoryMigrationSource{
			Migrations: []*migrate.Migration{
				sharedMigrations[0],
				sharedMigrations[1],
				{
					Id: "3",
					Up: []string{
						"CREATE FULLTEXT INDEX ladon_subject_compiled_idx ON ladon_subject (compiled)",
						"CREATE FULLTEXT INDEX ladon_action_compiled_idx ON ladon_action (compiled)",
						"CREATE FULLTEXT INDEX ladon_resource_compiled_idx ON ladon_resource (compiled)",
					},
					Down: []string{
						"DROP INDEX ladon_subject_compiled_idx",
						"DROP INDEX ladon_permission_compiled_idx",
						"DROP INDEX ladon_resource_compiled_idx",
					},
				},
				{
					Id: "4",
					Up: []string{
						"alter table ladon_policy_permission add id int auto_increment primary key",
						"alter table ladon_policy_resource add id int auto_increment primary key",
						"alter table ladon_policy_subject add id int auto_increment primary key",
					},
					Down: []string{
						"alter table ladon_policy_permission drop column id",
						"alter table ladon_policy_resource drop column id",
						"alter table ladon_policy_subject drop column id",
					},
				},
			},
		},
		QueryInsertPolicy:             `INSERT IGNORE INTO ladon_policy (id, description, effect, conditions) VALUES(?,?,?,?)`,
		QueryInsertPolicyActions:      `INSERT IGNORE INTO ladon_action (id, template, compiled, has_regex) VALUES(?,?,?,?)`,
		QueryInsertPolicyActionsRel:   `INSERT IGNORE INTO ladon_policy_action_rel (policy, action) VALUES(?,?)`,
		QueryInsertPolicyResources:    `INSERT IGNORE INTO ladon_resource (id, template, compiled, has_regex) VALUES(?,?,?,?)`,
		QueryInsertPolicyResourcesRel: `INSERT IGNORE INTO ladon_policy_resource_rel (policy, resource) VALUES(?,?)`,
		QueryInsertPolicySubjects:     `INSERT IGNORE INTO ladon_subject (id, template, compiled, has_regex) VALUES(?,?,?,?)`,
		QueryInsertPolicySubjectsRel:  `INSERT IGNORE INTO ladon_policy_subject_rel (policy, subject) VALUES(?,?)`,
		QueryRequestCandidates: `
		SELECT
			p.id,
			p.effect,
			p.conditions,
			p.description,
			subject.template AS subject,
			resource.template AS resource,
			action.template AS action
		FROM
			ladon_policy AS p

			INNER JOIN ladon_policy_subject_rel AS rs ON rs.policy = p.id
			LEFT JOIN ladon_policy_action_rel AS ra ON ra.policy = p.id
			LEFT JOIN ladon_policy_resource_rel AS rr ON rr.policy = p.id

			INNER JOIN ladon_subject AS subject ON rs.subject = subject.id
			LEFT JOIN ladon_action AS action ON ra.action = action.id
			LEFT JOIN ladon_resource AS resource ON rr.resource = resource.id
		WHERE
			(subject.has_regex = 0 AND subject.template = ?)
			OR
			(subject.has_regex = 1 AND CAST(? AS BINARY) REGEXP BINARY subject.compiled)`,
	},
}

Functions

This section is empty.

Types

type SQLManager

type SQLManager struct {
	// contains filtered or unexported fields
}

SQLManager is a postgres implementation for Manager to store policies persistently.

func NewSQLManager

func NewSQLManager(db *sqlx.DB, schema []string) *SQLManager

NewSQLManager initializes a new SQLManager for given db instance.

func (*SQLManager) Create

func (s *SQLManager) Create(policy Policy) (err error)

Create inserts a new policy

func (*SQLManager) CreateSchemas

func (s *SQLManager) CreateSchemas(schema, table string) (int, error)

CreateSchemas creates ladon_policy tables

func (*SQLManager) Delete

func (s *SQLManager) Delete(id string) error

Delete removes a policy.

func (*SQLManager) FindPoliciesForResource

func (s *SQLManager) FindPoliciesForResource(resource string) (Policies, error)

func (*SQLManager) FindPoliciesForSubject

func (s *SQLManager) FindPoliciesForSubject(subject string) (Policies, error)

func (*SQLManager) FindRequestCandidates

func (s *SQLManager) FindRequestCandidates(r *Request) (Policies, error)

func (*SQLManager) Get

func (s *SQLManager) Get(id string) (Policy, error)

Get retrieves a policy.

func (*SQLManager) GetAll

func (s *SQLManager) GetAll(limit, offset int64) (Policies, error)

GetAll returns all policies

func (*SQLManager) MigrateMigrationTable added in v4.0.1

func (s *SQLManager) MigrateMigrationTable(tableName string) error

MigrateMigrationTable checks if migration table exists. If not, we are upgrading from v3 and we need mimick the new one

func (*SQLManager) Update

func (s *SQLManager) Update(policy Policy) error

Update updates an existing policy.

type SQLManagerMigrateFromMajor0Minor6ToMajor0Minor7

type SQLManagerMigrateFromMajor0Minor6ToMajor0Minor7 struct {
	DB         *sqlx.DB
	SQLManager *SQLManager
}

func (*SQLManagerMigrateFromMajor0Minor6ToMajor0Minor7) Create

func (s *SQLManagerMigrateFromMajor0Minor6ToMajor0Minor7) Create(policy Policy) (err error)

Create inserts a new policy

func (*SQLManagerMigrateFromMajor0Minor6ToMajor0Minor7) GetManager

func (s *SQLManagerMigrateFromMajor0Minor6ToMajor0Minor7) GetManager() Manager

func (*SQLManagerMigrateFromMajor0Minor6ToMajor0Minor7) Migrate

Migrate retrieves a policy.

type Statements

type Statements struct {
	Migrations                    *migrate.MemoryMigrationSource
	QueryInsertPolicy             string
	QueryInsertPolicyActions      string
	QueryInsertPolicyActionsRel   string
	QueryInsertPolicyResources    string
	QueryInsertPolicyResourcesRel string
	QueryInsertPolicySubjects     string
	QueryInsertPolicySubjectsRel  string
	QueryRequestCandidates        string
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL