Skip to content

Commit

Permalink
implement support for role-binding v2 schema and IAPL
Browse files Browse the repository at this point in the history
Signed-off-by: Bailin He <[email protected]>
  • Loading branch information
bailinhe committed Mar 5, 2024
1 parent 7064a66 commit 8efc9e7
Show file tree
Hide file tree
Showing 13 changed files with 1,043 additions and 126 deletions.
5 changes: 5 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -22,3 +22,8 @@

# NATS dirs
.devcontainer/nsc/
resolver.conf

# binary files
permissions-api
tmp
26 changes: 25 additions & 1 deletion cmd/schema_mermaid.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,13 @@ import (

var (
mermaidTemplate = `erDiagram
{{- if ne .RBAC.RoleResource nil}}
{{ .RBAC.RoleBindingResource }} }o--o{ {{ .RBAC.RoleResource }} : role
{{- range $subj := .RBAC.RoleBindingSubjects }}
{{ $.RBAC.RoleBindingResource }} }o--o{ {{ $subj.Name }} : subject
{{- end }}
{{- end }}
{{- range $resource := .ResourceTypes }}
{{ $resource.Name }} {
id_prefix {{ $resource.IDPrefix }}
Expand All @@ -29,6 +36,11 @@ var (
{{- range $targetName := $rel.TargetTypeNames }}
{{ $resource.Name }} }o--o{ {{ $targetName }} : {{ $rel.Relation }}
{{- end }}
{{- range $target := $rel.TargetTypes }}
{{ $resource.Name }} }o--o{ {{ $target.Name -}} : {{ $rel.Relation -}}
{{- end }}
{{- end }}
{{- end }}
{{- range $union := .Unions }}
Expand All @@ -45,7 +57,13 @@ var (
{{- range $typ := $union.ResourceTypeNames }}
{{ $union.Name }} ||--|| {{ $typ }} : alias
{{- end }}
{{- end }}`
{{- range $typ := $union.ResourceTypes }}
{{ $union.Name }} ||--|| {{ $typ.Name -}} : alias
{{- end}}
{{- end }}
`

mermaidTmpl = template.Must(template.New("mermaid").Parse(mermaidTemplate))
)
Expand All @@ -55,6 +73,7 @@ type mermaidContext struct {
Unions []iapl.Union
Actions map[string][]string
RelatedActions map[string]map[string][]string
RBAC *iapl.RBAC
}

func outputPolicyMermaid(filePath string, markdown bool) {
Expand Down Expand Up @@ -99,6 +118,11 @@ func outputPolicyMermaid(filePath string, markdown bool) {
Unions: policy.Unions,
Actions: actions,
RelatedActions: relatedActions,
RBAC: nil,
}

if policy.RBAC != nil {
ctx.RBAC = policy.RBAC
}

var out bytes.Buffer
Expand Down
2 changes: 2 additions & 0 deletions internal/iapl/errors.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,4 +13,6 @@ var (
ErrorUnknownRelation = errors.New("unknown relation")
// ErrorUnknownAction represents an error where an action is not defined.
ErrorUnknownAction = errors.New("unknown action")
// ErrorMissingRelationship represents an error where a mandatory relationship is missing.
ErrorMissingRelationship = errors.New("missing relationship")
)
Loading

0 comments on commit 8efc9e7

Please sign in to comment.