-
Notifications
You must be signed in to change notification settings - Fork 7
/
main.go
109 lines (95 loc) · 2.68 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
package main
import (
"log"
prototypes "github.com/cosmos/gogoproto/types"
"github.com/sourcenetwork/sourcehub/testutil/sample"
"github.com/sourcenetwork/sourcehub/x/acp/embedded"
"github.com/sourcenetwork/sourcehub/x/acp/types"
)
const policy string = `
description: a test policy which mocks a file system with files as resources
resources:
file:
permissions:
read:
expr: owner + reader
write:
expr: owner
relations:
owner:
types:
- actor
reader:
types:
- actor
admin:
manages:
- reader
types:
- actor
actor:
name: actor
`
func main() {
acp, err := embedded.NewLocalACP()
if err != nil {
log.Fatal(err)
}
// generate 3 account addresses (from random key pairs) for the 3 actors in the system
alice, bob, creator := sample.AccAddress(), sample.AccAddress(), sample.AccAddress()
log.Printf("alice: %v", alice)
log.Printf("bob: %v", bob)
log.Printf("creator: %v", creator)
ctx := acp.GetCtx()
msgService := acp.GetMsgService()
queryService := acp.GetQueryService()
_ = queryService
polResp, err := msgService.CreatePolicy(ctx, &types.MsgCreatePolicy{
Creator: creator,
Policy: policy,
MarshalType: types.PolicyMarshalingType_SHORT_YAML,
CreationTime: prototypes.TimestampNow(),
})
if err != nil {
log.Fatalf("failed to create policy: %v", err)
}
log.Printf("policy created: %v", polResp.Policy.Id)
regResp, err := msgService.RegisterObject(ctx, &types.MsgRegisterObject{
Creator: alice,
PolicyId: polResp.Policy.Id,
Object: types.NewObject("file", "readme.txt"),
CreationTime: prototypes.TimestampNow(),
})
if err != nil {
log.Fatalf("failed to register obj: %v", err)
}
log.Printf("alice registered file readme.txt: result %v", regResp.Result)
_, err = msgService.SetRelationship(ctx, &types.MsgSetRelationship{
Creator: alice,
PolicyId: polResp.Policy.Id,
Relationship: types.NewActorRelationship("file", "readme.txt", "reader", bob),
CreationTime: prototypes.TimestampNow(),
})
if err != nil {
log.Fatalf("failed to set relationship: %v", err)
}
log.Printf("alice set bob as reader of file readme.txt")
checkResult, err := queryService.VerifyAccessRequest(ctx, &types.QueryVerifyAccessRequestRequest{
PolicyId: polResp.Policy.Id,
AccessRequest: &types.AccessRequest{
Operations: []*types.Operation{
{
Object: types.NewObject("file", "readme.txt"),
Permission: "read",
},
},
Actor: &types.Actor{
Id: bob,
},
},
})
if err != nil {
log.Fatalf("verify access request failed: %v", err)
}
log.Printf("is bob reader of readme.txt? %v", checkResult.Valid)
}