expose policies API

api/client/policies_api_client.go

@@ -0,0 +1,54 @@
+package client
+
+import (
+	"context"
+	client "github.com/reddec/jsonrpc2/client"
+	api "github.com/reddec/trusted-cgi/api"
+	application "github.com/reddec/trusted-cgi/application"
+	"sync/atomic"
+)
+
+func DefaultPoliciesAPI() *PoliciesAPIClient {
+	return &PoliciesAPIClient{BaseURL: "https://127.0.0.1:3434/u/"}
+}
+
+type PoliciesAPIClient struct {
+	BaseURL  string
+	sequence uint64
+}
+
+// List all policies
+func (impl *PoliciesAPIClient) List(ctx context.Context, token *api.Token) (reply []application.Policy, err error) {
+	err = client.CallHTTP(ctx, impl.BaseURL, "PoliciesAPI.List", atomic.AddUint64(&impl.sequence, 1), &reply, token)
+	return
+}
+
+// Create new policy
+func (impl *PoliciesAPIClient) Create(ctx context.Context, token *api.Token, policy string, definition application.PolicyDefinition) (reply *application.Policy, err error) {
+	err = client.CallHTTP(ctx, impl.BaseURL, "PoliciesAPI.Create", atomic.AddUint64(&impl.sequence, 1), &reply, token, policy, definition)
+	return
+}
+
+// Remove policy
+func (impl *PoliciesAPIClient) Remove(ctx context.Context, token *api.Token, policy string) (reply bool, err error) {
+	err = client.CallHTTP(ctx, impl.BaseURL, "PoliciesAPI.Remove", atomic.AddUint64(&impl.sequence, 1), &reply, token, policy)
+	return
+}
+
+// Update policy definition
+func (impl *PoliciesAPIClient) Update(ctx context.Context, token *api.Token, policy string, definition application.PolicyDefinition) (reply bool, err error) {
+	err = client.CallHTTP(ctx, impl.BaseURL, "PoliciesAPI.Update", atomic.AddUint64(&impl.sequence, 1), &reply, token, policy, definition)
+	return
+}
+
+// Apply policy for the resource
+func (impl *PoliciesAPIClient) Apply(ctx context.Context, token *api.Token, lambda string, policy string) (reply bool, err error) {
+	err = client.CallHTTP(ctx, impl.BaseURL, "PoliciesAPI.Apply", atomic.AddUint64(&impl.sequence, 1), &reply, token, lambda, policy)
+	return
+}
+
+// Clear applied policy for the lambda
+func (impl *PoliciesAPIClient) Clear(ctx context.Context, token *api.Token, lambda string) (reply bool, err error) {
+	err = client.CallHTTP(ctx, impl.BaseURL, "PoliciesAPI.Clear", atomic.AddUint64(&impl.sequence, 1), &reply, token, lambda)
+	return
+}

api/interfaces.go

@@ -124,3 +124,19 @@ type QueuesAPI interface {
 	// Assign lambda to queue (re-link)
 	Assign(ctx context.Context, token *Token, name string, lambda string) (bool, error)
 }
+
+// API for managing policies
+type PoliciesAPI interface {
+	// List all policies
+	List(ctx context.Context, token *Token) ([]application.Policy, error)
+	// Create new policy
+	Create(ctx context.Context, token *Token, policy string, definition application.PolicyDefinition) (*application.Policy, error)
+	// Remove policy
+	Remove(ctx context.Context, token *Token, policy string) (bool, error)
+	// Update policy definition
+	Update(ctx context.Context, token *Token, policy string, definition application.PolicyDefinition) (bool, error)
+	// Apply policy for the resource
+	Apply(ctx context.Context, token *Token, lambda string, policy string) (bool, error)
+	// Clear applied policy for the lambda
+	Clear(ctx context.Context, token *Token, lambda string) (bool, error)
+}

api/services/policies_srv.go

@@ -0,0 +1,43 @@
+package services
+
+import (
+	"context"
+	"github.com/reddec/trusted-cgi/api"
+	"github.com/reddec/trusted-cgi/application"
+)
+
+func NewPoliciesSrv(policies application.Policies) *policiesSrv {
+	return &policiesSrv{policies: policies}
+}
+
+type policiesSrv struct {
+	policies application.Policies
+}
+
+func (srv *policiesSrv) List(ctx context.Context, token *api.Token) ([]application.Policy, error) {
+	return srv.policies.List(), nil
+}
+
+func (srv *policiesSrv) Create(ctx context.Context, token *api.Token, policy string, definition application.PolicyDefinition) (*application.Policy, error) {
+	return srv.policies.Create(policy, definition)
+}
+
+func (srv *policiesSrv) Remove(ctx context.Context, token *api.Token, policy string) (bool, error) {
+	err := srv.policies.Remove(policy)
+	return err == nil, err
+}
+
+func (srv *policiesSrv) Update(ctx context.Context, token *api.Token, policy string, definition application.PolicyDefinition) (bool, error) {
+	err := srv.policies.Update(policy, definition)
+	return err == nil, err
+}
+
+func (srv *policiesSrv) Apply(ctx context.Context, token *api.Token, lambda string, policy string) (bool, error) {
+	err := srv.policies.Apply(lambda, policy)
+	return err == nil, err
+}
+
+func (srv *policiesSrv) Clear(ctx context.Context, token *api.Token, lambda string) (bool, error) {
+	err := srv.policies.Clear(lambda)
+	return err == nil, err
+}

application/cases/cases.go

@@ -15,7 +15,7 @@ import (
 	"time"
 )
 
-func New(platform application.Platform, queues application.Queues, dir, templateDir string) (*casesImpl, error) {
+func New(platform application.Platform, queues application.Queues, policies application.Policies, dir, templateDir string) (*casesImpl, error) {
 	aTemplateDir, err := filepath.Abs(templateDir)
 	if err != nil {
 		return nil, fmt.Errorf("resolve template dir: %w", err)
@@ -29,6 +29,7 @@ func New(platform application.Platform, queues application.Queues, dir, template
 		templatesDir: aTemplateDir,
 		platform:     platform,
 		queues:       queues,
+		policies:     policies,
 	}
 	return cs, cs.Scan()
 }
@@ -40,6 +41,7 @@ type casesImpl struct {
 	templatesDir  string
 	platform      application.Platform
 	queues        application.Queues
+	policies      application.Policies
 }
 
 func (impl *casesImpl) Scan() error {
@@ -152,6 +154,11 @@ func (impl *casesImpl) Remove(uid string) error {
 			log.Println("[ERROR]", "failed remove queue", q.Name)
 		}
 	}
+	// unlink from policies
+	err = impl.policies.Clear(uid)
+	if err != nil {
+		log.Println("[ERROR]", "failed clear linked policy for lambda", uid, ":", err)
+	}
 	return fn.Lambda.Remove()
 }