-
Notifications
You must be signed in to change notification settings - Fork 19
/
identity.go
273 lines (228 loc) · 6.26 KB
/
identity.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
// SPDX-FileCopyrightText: 2022 SAP SE or an SAP affiliate company and Open Component Model contributors.
//
// SPDX-License-Identifier: Apache-2.0
package internal
import (
"encoding/json"
"fmt"
"sort"
"strings"
"sync"
"github.com/sirupsen/logrus"
)
func init() {
StandardIdentityMatchers.Register("partial", PartialMatch, "complete match of given pattern ignoring additional attributes")
StandardIdentityMatchers.Register("exact", CompleteMatch, "exact match of given pattern set")
}
// IdentityMatcher checks whether id matches against pattern and if this match
// is better than the one for cur.
// Hereby pattern is a given credential request and id a configured identity.
type IdentityMatcher func(pattern, cur, id ConsumerIdentity) bool
func CompleteMatch(pattern, cur, id ConsumerIdentity) bool {
return pattern.Equals(id)
}
func NoMatch(pattern, cur, id ConsumerIdentity) bool {
return false
}
func PartialMatch(pattern, cur, id ConsumerIdentity) bool {
for k, v := range id {
if c, ok := pattern[k]; !ok || c != v {
return false
}
}
return len(cur) == 0 || len(id) > len(cur)
}
func mergeMatcher(no IdentityMatcher, merge func([]IdentityMatcher) IdentityMatcher, matchers []IdentityMatcher) IdentityMatcher {
var list []IdentityMatcher
for _, m := range matchers {
if m != nil {
list = append(list, m)
}
}
switch len(list) {
case 0:
return no
case 1:
return list[0]
default:
return merge(list)
}
}
func AndMatcher(matchers ...IdentityMatcher) IdentityMatcher {
return mergeMatcher(NoMatch, andMatcher, matchers)
}
func OrMatcher(matchers ...IdentityMatcher) IdentityMatcher {
return mergeMatcher(NoMatch, orMatcher, matchers)
}
func andMatcher(list []IdentityMatcher) IdentityMatcher {
return func(pattern, cur, id ConsumerIdentity) bool {
result := false
for _, m := range list {
if m != nil && !m(pattern, cur, id) {
return false
}
result = true
}
return result
}
}
func orMatcher(list []IdentityMatcher) IdentityMatcher {
return func(pattern, cur, id ConsumerIdentity) bool {
for _, m := range list {
if m != nil && m(pattern, cur, id) {
return true
}
}
return false
}
}
////////////////////////////////////////////////////////////////////////////////
// ConsumerIdentity describes the identity of a credential consumer.
type ConsumerIdentity map[string]string
func NewConsumerIdentity(typ string, attrs ...string) ConsumerIdentity {
r := map[string]string{}
r[ID_TYPE] = typ
i := 0
for len(attrs) > i {
r[attrs[i]] = attrs[i+1]
i += 2
}
return r
}
// IsSet checks whether an identity is given.
func (i ConsumerIdentity) IsSet() bool {
return len(i) != 0
}
// IdentityByURL return a simple url identity.
func IdentityByURL(url string) ConsumerIdentity {
return ConsumerIdentity{"url": url}
}
// Type returns the required consumer type.
func (i ConsumerIdentity) Type() string {
return i[ID_TYPE]
}
// String returns the string representation of an identity.
func (i ConsumerIdentity) String() string {
data, err := json.Marshal(i)
if err != nil {
logrus.Error(err)
}
return string(data)
}
// Key returns the object digest of an identity.
func (i ConsumerIdentity) Key() []byte {
data, err := json.Marshal(i)
if err != nil {
logrus.Error(err)
}
return data
}
// Equals compares two identities.
func (i ConsumerIdentity) Equals(o ConsumerIdentity) bool {
if len(i) != len(o) {
return false
}
for k, v := range i {
if v2, ok := o[k]; !ok || v != v2 {
return false
}
}
return true
}
// Match implements the selector interface.
func (i ConsumerIdentity) Match(obj map[string]string) bool {
for k, v := range i {
if obj[k] != v {
return false
}
}
return true
}
// Copy copies identity.
func (i ConsumerIdentity) Copy() ConsumerIdentity {
if i == nil {
return nil
}
n := ConsumerIdentity{}
for k, v := range i {
n[k] = v
}
return n
}
// SetNonEmptyValue sets a key-value pair only if the value is not empty.
func (i ConsumerIdentity) SetNonEmptyValue(name, value string) {
if value != "" {
i[name] = value
}
}
////////////////////////////////////////////////////////////////////////////////
type IdentityMatcherInfo struct {
Type string
Matcher IdentityMatcher
Description string
CredentialAttributes string
}
func (i *IdentityMatcherInfo) IsConsumerType() bool {
return i.CredentialAttributes != ""
}
type IdentityMatcherInfos []IdentityMatcherInfo
func (l IdentityMatcherInfos) Size() int { return len(l) }
func (l IdentityMatcherInfos) Key(i int) string { return l[i].Type }
func (l IdentityMatcherInfos) Description(i int) string {
if l[i].CredentialAttributes == "" {
return l[i].Description
}
return l[i].Description + fmt.Sprintf(`
Credential consumers of the consumer type %s evaluate the following credential properties:
`, l[i].Type) + l[i].CredentialAttributes
}
type IdentityMatcherRegistry interface {
Register(typ string, matcher IdentityMatcher, desc string, attrs ...string)
Get(typ string) IdentityMatcher
GetInfo(typ string) *IdentityMatcherInfo
List() IdentityMatcherInfos
}
type defaultMatchers struct {
lock sync.Mutex
types map[string]IdentityMatcherInfo
}
func NewMatcherRegistry() IdentityMatcherRegistry {
return &defaultMatchers{types: map[string]IdentityMatcherInfo{}}
}
func (r *defaultMatchers) Register(typ string, matcher IdentityMatcher, desc string, attrs ...string) {
r.lock.Lock()
defer r.lock.Unlock()
r.types[typ] = IdentityMatcherInfo{typ, matcher, desc, strings.Join(attrs, "\n")}
}
func (r *defaultMatchers) Get(typ string) IdentityMatcher {
r.lock.Lock()
defer r.lock.Unlock()
i, ok := r.types[typ]
if !ok {
return nil
}
return i.Matcher
}
func (r *defaultMatchers) GetInfo(typ string) *IdentityMatcherInfo {
r.lock.Lock()
defer r.lock.Unlock()
i, ok := r.types[typ]
if !ok {
return nil
}
return &i
}
func (r *defaultMatchers) List() IdentityMatcherInfos {
r.lock.Lock()
defer r.lock.Unlock()
var list IdentityMatcherInfos
for _, i := range r.types {
list = append(list, i)
}
sort.Slice(list, func(i, j int) bool { return strings.Compare(list[i].Type, list[j].Type) < 0 })
return list
}
var StandardIdentityMatchers = NewMatcherRegistry()
func RegisterIdentityMatcher(typ string, matcher IdentityMatcher, desc string) {
StandardIdentityMatchers.Register(typ, matcher, desc)
}