-
Notifications
You must be signed in to change notification settings - Fork 33
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
drop user-defined top-level conditions in the authpolicy if favour of…
… cel predicates only Signed-off-by: Guilherme Cassolato <[email protected]>
- Loading branch information
1 parent
a925273
commit a189890
Showing
18 changed files
with
239 additions
and
720 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
package v1beta3 | ||
|
||
import ( | ||
"github.com/samber/lo" | ||
|
||
kuadrantv1 "github.com/kuadrant/kuadrant-operator/api/v1" | ||
) | ||
|
||
func NewPredicate(predicate string) Predicate { | ||
return Predicate{Predicate: predicate} | ||
} | ||
|
||
// Predicate defines one CEL expression that must be evaluated to bool | ||
type Predicate struct { | ||
// +kubebuilder:validation:MinLength=1 | ||
Predicate string `json:"predicate"` | ||
} | ||
|
||
func NewWhenPredicates(predicates ...string) WhenPredicates { | ||
whenPredicates := make(WhenPredicates, 0) | ||
for _, predicate := range predicates { | ||
whenPredicates = append(whenPredicates, NewPredicate(predicate)) | ||
} | ||
|
||
return whenPredicates | ||
} | ||
|
||
type WhenPredicates []Predicate | ||
|
||
func (w WhenPredicates) Extend(other WhenPredicates) WhenPredicates { | ||
return append(w, other...) | ||
} | ||
|
||
func (w WhenPredicates) Into() []string { | ||
if w == nil { | ||
return nil | ||
} | ||
|
||
return lo.Map(w, func(p Predicate, _ int) string { return p.Predicate }) | ||
} | ||
|
||
type MergeableWhenPredicates struct { | ||
// Overall conditions for the policy to be enforced. | ||
// If omitted, the policy will be enforced at all requests to the protected routes. | ||
// If present, all conditions must match for the policy to be enforced. | ||
// +optional | ||
Predicates WhenPredicates `json:"when,omitempty"` | ||
|
||
// Source stores the locator of the policy where the limit is orignaly defined (internal use) | ||
Source string `json:"-"` | ||
} | ||
|
||
var _ kuadrantv1.MergeableRule = &MergeableWhenPredicates{} | ||
|
||
func (p *MergeableWhenPredicates) GetSpec() any { | ||
return p.Predicates | ||
} | ||
|
||
func (p *MergeableWhenPredicates) GetSource() string { | ||
return p.Source | ||
} | ||
|
||
func (p *MergeableWhenPredicates) WithSource(source string) kuadrantv1.MergeableRule { | ||
p.Source = source | ||
return p | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.