-
Notifications
You must be signed in to change notification settings - Fork 1
/
policy.go
120 lines (105 loc) · 3.45 KB
/
policy.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
package handler
import (
"context"
"fmt"
"github.com/ScoreTrak/ScoreTrak/pkg/policy"
"github.com/ScoreTrak/ScoreTrak/pkg/policy/policyclient"
"github.com/ScoreTrak/ScoreTrak/pkg/policy/policyservice"
"github.com/ScoreTrak/ScoreTrak/pkg/user"
"github.com/golang/protobuf/ptypes/wrappers"
policyv1 "go.buf.build/library/go-grpc/scoretrak/scoretrakapis/scoretrak/policy/v1"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
)
type PolicyController struct {
svc policyservice.Serv
policyClient *policyclient.Client
policyv1.UnimplementedPolicyServiceServer
}
func (p PolicyController) Get(_ *policyv1.GetRequest, server policyv1.PolicyService_GetServer) error {
rol := user.Anonymous
claims := extractUserClaim(server.Context())
if claims != nil {
rol = claims.Role
}
err := server.Send(&policyv1.GetResponse{
Policy: ConvertPolicyToPolicyPB(p.policyClient.GetPolicy()),
})
if err != nil {
return err
}
uuid, ch := p.policyClient.Subscribe()
defer p.policyClient.Unsubscribe(uuid)
for {
select {
case <-ch:
if !p.policyClient.GetAllowUnauthenticatedUsers() && rol == user.Anonymous {
return status.Error(codes.PermissionDenied, "You must login in order to access this resource")
}
err := server.Send(&policyv1.GetResponse{
Policy: ConvertPolicyToPolicyPB(p.policyClient.GetPolicy()),
})
if err != nil {
return err
}
case <-server.Context().Done():
return nil
}
}
}
func (p PolicyController) Update(ctx context.Context, request *policyv1.UpdateRequest) (*policyv1.UpdateResponse, error) {
polpb := request.GetPolicy()
err := p.svc.Update(ctx, ConvertPolicyPBToPolicy(polpb))
if err != nil {
return nil, status.Errorf(
codes.Internal,
fmt.Sprintf("Unknown internal error: %v", err),
)
}
p.policyClient.Notify()
return &policyv1.UpdateResponse{}, nil
}
func NewPolicyController(svc policyservice.Serv, client *policyclient.Client) *PolicyController {
return &PolicyController{
svc: svc,
policyClient: client,
}
}
func ConvertPolicyPBToPolicy(pb *policyv1.Policy) *policy.Policy {
var auu *bool
if pb.GetAllowUnauthenticatedUsers() != nil {
auu = &pb.GetAllowUnauthenticatedUsers().Value
}
var acup *bool
if pb.GetAllowChangingUsernamesAndPasswords() != nil {
acup = &pb.GetAllowChangingUsernamesAndPasswords().Value
}
var sp *bool
if pb.GetShowPoints() != nil {
sp = &pb.GetShowPoints().Value
}
var sa *bool
if pb.GetShowAddresses() != nil {
sa = &pb.GetShowAddresses().Value
}
var artlstm *bool
if pb.GetAllowRedTeamLaunchingServiceTestsManually() != nil {
artlstm = &pb.GetAllowRedTeamLaunchingServiceTestsManually().Value
}
return &policy.Policy{
AllowUnauthenticatedUsers: auu,
AllowChangingUsernamesAndPasswords: acup,
AllowRedTeamLaunchingServiceTestsManually: artlstm,
ShowPoints: sp,
ShowAddresses: sa,
}
}
func ConvertPolicyToPolicyPB(obj *policy.Policy) *policyv1.Policy {
return &policyv1.Policy{
AllowUnauthenticatedUsers: &wrappers.BoolValue{Value: *obj.AllowUnauthenticatedUsers},
AllowChangingUsernamesAndPasswords: &wrappers.BoolValue{Value: *obj.AllowChangingUsernamesAndPasswords},
ShowPoints: &wrappers.BoolValue{Value: *obj.ShowPoints},
ShowAddresses: &wrappers.BoolValue{Value: *obj.ShowAddresses},
AllowRedTeamLaunchingServiceTestsManually: &wrappers.BoolValue{Value: *obj.AllowRedTeamLaunchingServiceTestsManually},
}
}