use of com.walmartlabs.concord.policyengine.EntityRule in project concord by walmartlabs.
the class PolicyManager method checkEntity.
public void checkEntity(UUID orgId, UUID projectId, EntityType entityType, EntityAction action, UserEntry owner, Map<String, Object> entityAttrs) {
PolicyEngine pe = get(orgId, projectId, UserPrincipal.assertCurrent().getId());
if (pe == null) {
return;
}
CheckResult<EntityRule, Map<String, Object>> result = pe.getEntityPolicy().check(entityType.id(), action.id(), () -> {
Map<String, Object> attrs = new HashMap<>();
attrs.put("owner", getOwnerAttrs(owner));
attrs.put("entity", entityAttrs);
return attrs;
});
if (!result.getDeny().isEmpty()) {
throw new ValidationErrorsException("Action forbidden: " + result.getDeny().get(0).getRule().getMsg());
}
}
use of com.walmartlabs.concord.policyengine.EntityRule in project concord by walmartlabs.
the class PolicyCacheTest method allowNullValues.
@Test
public void allowNullValues() {
PolicyCache.Dao dao = mock(PolicyCache.Dao.class);
PolicyCache pc = new PolicyCache(TestObjectMapper.INSTANCE, new PolicyCacheConfiguration(), dao);
// ---
Map<String, Object> ruleParams = new HashMap<>();
ruleParams.put("nullValue", null);
ruleParams.put("nullValue2", null);
Map<String, Object> conditions = Collections.singletonMap("entity", ImmutableMap.of("params", ruleParams));
Map<String, Object> denyEntityRule = new HashMap<>();
denyEntityRule.put("msg", "test message");
denyEntityRule.put("action", "create");
denyEntityRule.put("entity", "trigger");
denyEntityRule.put("conditions", conditions);
Map<String, Object> rules = new HashMap<>();
rules.put("entity", Collections.singletonMap("deny", Collections.singletonList(denyEntityRule)));
List<PolicyCache.PolicyRules> policies = Collections.singletonList(PolicyCache.PolicyRules.builder().id(UUID.randomUUID()).name("test").rules(rules).build());
// ---
Map<UUID, PolicyCache.Policy> merged = pc.mergePolicies(policies);
assertEquals(1, merged.size());
PolicyEngineRules actualRules = merged.values().iterator().next().rules();
assertEquals(1, actualRules.getEntityRules().getDeny().size());
EntityRule actualRule = actualRules.getEntityRules().getDeny().get(0);
assertEquals(conditions, actualRule.getConditions());
}
Aggregations