Search in sources :

Example 1 with EntityRule

use of com.walmartlabs.concord.policyengine.EntityRule in project concord by walmartlabs.

the class PolicyManager method checkEntity.

public void checkEntity(UUID orgId, UUID projectId, EntityType entityType, EntityAction action, UserEntry owner, Map<String, Object> entityAttrs) {
    PolicyEngine pe = get(orgId, projectId, UserPrincipal.assertCurrent().getId());
    if (pe == null) {
        return;
    }
    CheckResult<EntityRule, Map<String, Object>> result = pe.getEntityPolicy().check(entityType.id(), action.id(), () -> {
        Map<String, Object> attrs = new HashMap<>();
        attrs.put("owner", getOwnerAttrs(owner));
        attrs.put("entity", entityAttrs);
        return attrs;
    });
    if (!result.getDeny().isEmpty()) {
        throw new ValidationErrorsException("Action forbidden: " + result.getDeny().get(0).getRule().getMsg());
    }
}
Also used : EntityRule(com.walmartlabs.concord.policyengine.EntityRule) PolicyEngine(com.walmartlabs.concord.policyengine.PolicyEngine) ValidationErrorsException(org.sonatype.siesta.ValidationErrorsException)

Example 2 with EntityRule

use of com.walmartlabs.concord.policyengine.EntityRule in project concord by walmartlabs.

the class PolicyCacheTest method allowNullValues.

@Test
public void allowNullValues() {
    PolicyCache.Dao dao = mock(PolicyCache.Dao.class);
    PolicyCache pc = new PolicyCache(TestObjectMapper.INSTANCE, new PolicyCacheConfiguration(), dao);
    // ---
    Map<String, Object> ruleParams = new HashMap<>();
    ruleParams.put("nullValue", null);
    ruleParams.put("nullValue2", null);
    Map<String, Object> conditions = Collections.singletonMap("entity", ImmutableMap.of("params", ruleParams));
    Map<String, Object> denyEntityRule = new HashMap<>();
    denyEntityRule.put("msg", "test message");
    denyEntityRule.put("action", "create");
    denyEntityRule.put("entity", "trigger");
    denyEntityRule.put("conditions", conditions);
    Map<String, Object> rules = new HashMap<>();
    rules.put("entity", Collections.singletonMap("deny", Collections.singletonList(denyEntityRule)));
    List<PolicyCache.PolicyRules> policies = Collections.singletonList(PolicyCache.PolicyRules.builder().id(UUID.randomUUID()).name("test").rules(rules).build());
    // ---
    Map<UUID, PolicyCache.Policy> merged = pc.mergePolicies(policies);
    assertEquals(1, merged.size());
    PolicyEngineRules actualRules = merged.values().iterator().next().rules();
    assertEquals(1, actualRules.getEntityRules().getDeny().size());
    EntityRule actualRule = actualRules.getEntityRules().getDeny().get(0);
    assertEquals(conditions, actualRule.getConditions());
}
Also used : PolicyCacheConfiguration(com.walmartlabs.concord.server.cfg.PolicyCacheConfiguration) EntityRule(com.walmartlabs.concord.policyengine.EntityRule) PolicyEngineRules(com.walmartlabs.concord.policyengine.PolicyEngineRules) Test(org.junit.jupiter.api.Test)

Aggregations

EntityRule (com.walmartlabs.concord.policyengine.EntityRule)2 PolicyEngine (com.walmartlabs.concord.policyengine.PolicyEngine)1 PolicyEngineRules (com.walmartlabs.concord.policyengine.PolicyEngineRules)1 PolicyCacheConfiguration (com.walmartlabs.concord.server.cfg.PolicyCacheConfiguration)1 Test (org.junit.jupiter.api.Test)1 ValidationErrorsException (org.sonatype.siesta.ValidationErrorsException)1