-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #16 from permitio/omer/per-7848-go-sdk-new-check-a…
…uthorization-queries Add more authorization query options
- Loading branch information
Showing
7 changed files
with
385 additions
and
50 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,108 @@ | ||
package enforcement | ||
|
||
import ( | ||
"bytes" | ||
"encoding/json" | ||
"github.com/permitio/permit-golang/pkg/errors" | ||
"go.uber.org/zap" | ||
"io" | ||
"net/http" | ||
) | ||
|
||
type TenantDetails struct { | ||
Key string `json:"key"` | ||
Attributes map[string]interface{} `json:"attributes"` | ||
} | ||
|
||
type AllTenantsCheckResponse struct { | ||
CheckResponse | ||
Tenant TenantDetails `json:"tenant"` | ||
} | ||
|
||
type opaAllTenantsResponse struct { | ||
Result *allowedTenantsResponse `json:"result"` | ||
} | ||
|
||
type allowedTenantsResponse struct { | ||
AllowedTenants *[]AllTenantsCheckResponse `json:"allowed_tenants"` | ||
} | ||
|
||
func (e *PermitEnforcer) getAllTenantsCheckEndpoint() string { | ||
return e.getEndpointByPolicyPackage(allTenantsPolicyPackage) | ||
} | ||
|
||
func (e *PermitEnforcer) parseAllTenantsResponse(res *http.Response) ([]AllTenantsCheckResponse, error) { | ||
var result []AllTenantsCheckResponse | ||
bodyBytes, err := io.ReadAll(res.Body) | ||
if err != nil { | ||
permitError := errors.NewPermitUnexpectedError(err, res) | ||
e.logger.Error("error reading Permit.AllTenantsCheck() response from PDP", zap.Error(permitError)) | ||
return nil, permitError | ||
} | ||
err = errors.HttpErrorHandle(err, res) | ||
if err != nil { | ||
e.logger.Error(string(bodyBytes), zap.Error(err)) | ||
return nil, err | ||
} | ||
if e.config.GetOpaUrl() != "" { | ||
opaStruct := &opaAllTenantsResponse{ | ||
Result: &allowedTenantsResponse{ | ||
&result, | ||
}, | ||
} | ||
|
||
if err := json.Unmarshal(bodyBytes, opaStruct); err != nil { | ||
permitError := errors.NewPermitUnexpectedError(err, res) | ||
e.logger.Error("error unmarshalling Permit.AllTenantsCheck() response from OPA", zap.Error(permitError)) | ||
return nil, err | ||
} | ||
} else { | ||
pdpStruct := &allowedTenantsResponse{&result} | ||
if err := json.Unmarshal(bodyBytes, &pdpStruct); err != nil { | ||
permitError := errors.NewPermitUnexpectedError(err, res) | ||
e.logger.Error("error unmarshalling Permit.AllTenantsCheck() response from PDP", zap.Error(permitError)) | ||
return nil, permitError | ||
} | ||
} | ||
|
||
return result, nil | ||
} | ||
|
||
func (e *PermitEnforcer) AllTenantsCheck(user User, action Action, resource Resource, additionalContext ...map[string]string) ([]TenantDetails, error) { | ||
reqAuthValue := "Bearer " + e.config.GetToken() | ||
|
||
if additionalContext == nil { | ||
additionalContext = make([]map[string]string, 0) | ||
additionalContext = append(additionalContext, make(map[string]string)) | ||
} | ||
jsonCheckReq, err := newJsonCheckRequest(e.config.GetOpaUrl(), user, action, resource, additionalContext[0]) | ||
if err != nil { | ||
permitError := errors.NewPermitUnexpectedError(err, nil) | ||
e.logger.Error("error marshalling Permit.AllTenantsCheck() request", zap.Error(permitError)) | ||
return nil, permitError | ||
} | ||
reqBody := bytes.NewBuffer(jsonCheckReq) | ||
httpRequest, err := http.NewRequest(reqMethod, e.getAllTenantsCheckEndpoint(), reqBody) | ||
if err != nil { | ||
permitError := errors.NewPermitUnexpectedError(err, nil) | ||
e.logger.Error("error creating Permit.AllTenantsCheck() request", zap.Error(permitError)) | ||
return nil, permitError | ||
} | ||
httpRequest.Header.Set(reqContentTypeKey, reqContentTypeValue) | ||
httpRequest.Header.Set(reqAuthKey, reqAuthValue) | ||
res, err := client.Do(httpRequest) | ||
if err != nil { | ||
permitError := errors.NewPermitUnexpectedError(err, res) | ||
e.logger.Error("error sending Permit.AllTenantsCheck() request to PDP", zap.Error(permitError)) | ||
return nil, permitError | ||
} | ||
results, err := e.parseAllTenantsResponse(res) | ||
if err != nil { | ||
return nil, err | ||
} | ||
allowResults := make([]TenantDetails, len(results)) | ||
for result := range results { | ||
allowResults[result] = results[result].Tenant | ||
} | ||
return allowResults, nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,133 @@ | ||
package enforcement | ||
|
||
import ( | ||
"bytes" | ||
"encoding/json" | ||
"fmt" | ||
"github.com/permitio/permit-golang/pkg/errors" | ||
"go.uber.org/zap" | ||
"io" | ||
"net/http" | ||
) | ||
|
||
type opaBulkResponse struct { | ||
Result *allowBulkResponse `json:"result"` | ||
} | ||
|
||
type allowBulkResponse struct { | ||
Allow *[]CheckResponse `json:"allow"` | ||
} | ||
|
||
func NewBulkCheckRequest(requests ...CheckRequest) []CheckRequest { | ||
return requests | ||
} | ||
|
||
func NewBulkCheckRequestParameterized(user []User, action []Action, resource []Resource, context []map[string]string) ([]CheckRequest, error) { | ||
if len(user) != len(action) || len(user) != len(resource) || len(user) != len(context) { | ||
return nil, fmt.Errorf("user, action, resource and context must have the same length") | ||
} | ||
requests := make([]CheckRequest, len(user)) | ||
for i := range user { | ||
requests[i] = CheckRequest{ | ||
User: user[i], | ||
Action: action[i], | ||
Resource: resource[i], | ||
Context: context[i], | ||
} | ||
} | ||
return requests, nil | ||
} | ||
|
||
func newJsonBulkCheckRequest(opaUrl string, requests ...CheckRequest) ([]byte, error) { | ||
checkReq := NewBulkCheckRequest(requests...) | ||
var genericCheckReq interface{} = checkReq | ||
if opaUrl != "" { | ||
genericCheckReq = &struct { | ||
Input []CheckRequest `json:"input"` | ||
}{checkReq} | ||
} | ||
jsonCheckReq, err := json.Marshal(genericCheckReq) | ||
if err != nil { | ||
return nil, err | ||
} | ||
return jsonCheckReq, nil | ||
} | ||
|
||
func (e *PermitEnforcer) getBulkCheckEndpoint() string { | ||
return e.getEndpointByPolicyPackage(bulkPolicyPackage) | ||
} | ||
|
||
func (e *PermitEnforcer) parseBulkResponse(res *http.Response) ([]CheckResponse, error) { | ||
var result []CheckResponse | ||
bodyBytes, err := io.ReadAll(res.Body) | ||
if err != nil { | ||
permitError := errors.NewPermitUnexpectedError(err, res) | ||
e.logger.Error("error reading Permit.BulkCheck() response from PDP", zap.Error(permitError)) | ||
return nil, permitError | ||
} | ||
err = errors.HttpErrorHandle(err, res) | ||
if err != nil { | ||
e.logger.Error(string(bodyBytes), zap.Error(err)) | ||
return nil, err | ||
} | ||
if e.config.GetOpaUrl() != "" { | ||
opaStruct := &opaBulkResponse{ | ||
&allowBulkResponse{ | ||
&result, | ||
}, | ||
} | ||
|
||
if err := json.Unmarshal(bodyBytes, opaStruct); err != nil { | ||
permitError := errors.NewPermitUnexpectedError(err, res) | ||
e.logger.Error("error unmarshalling Permit.BulkCheck() response from OPA", zap.Error(permitError)) | ||
return nil, err | ||
} | ||
} else { | ||
pdpStruct := &allowBulkResponse{&result} | ||
if err := json.Unmarshal(bodyBytes, &pdpStruct); err != nil { | ||
permitError := errors.NewPermitUnexpectedError(err, res) | ||
e.logger.Error("error unmarshalling Permit.BulkCheck response from PDP", zap.Error(permitError)) | ||
return nil, permitError | ||
} | ||
} | ||
|
||
return result, nil | ||
} | ||
|
||
func (e *PermitEnforcer) BulkCheck(requests ...CheckRequest) ([]bool, error) { | ||
reqAuthValue := "Bearer " + e.config.GetToken() | ||
|
||
jsonCheckReq, err := newJsonBulkCheckRequest(e.config.GetOpaUrl(), requests...) | ||
if err != nil { | ||
permitError := errors.NewPermitUnexpectedError(err, nil) | ||
e.logger.Error("error marshalling Permit.BulkCheck() request", zap.Error(permitError)) | ||
return nil, permitError | ||
} | ||
reqBody := bytes.NewBuffer(jsonCheckReq) | ||
httpRequest, err := http.NewRequest(reqMethod, e.getBulkCheckEndpoint(), reqBody) | ||
if err != nil { | ||
permitError := errors.NewPermitUnexpectedError(err, nil) | ||
e.logger.Error("error creating Permit.BulkCheck() request", zap.Error(permitError)) | ||
return nil, permitError | ||
} | ||
httpRequest.Header.Set(reqContentTypeKey, reqContentTypeValue) | ||
httpRequest.Header.Set(reqAuthKey, reqAuthValue) | ||
res, err := client.Do(httpRequest) | ||
if err != nil { | ||
permitError := errors.NewPermitUnexpectedError(err, res) | ||
e.logger.Error("error sending Permit.BulkCheck() request to PDP", zap.Error(permitError)) | ||
return nil, permitError | ||
} | ||
results, err := e.parseBulkResponse(res) | ||
if err != nil { | ||
return nil, err | ||
} | ||
if len(results) != len(requests) { | ||
return nil, errors.NewPermitUnexpectedError(fmt.Errorf("unexpected number of results"), res) | ||
} | ||
allowResults := make([]bool, len(results)) | ||
for result := range results { | ||
allowResults[result] = results[result].Allow | ||
} | ||
return allowResults, nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.