Skip to content

Commit

Permalink
Merge pull request #46 from wklken/fix_eval_out_of_index
Browse files Browse the repository at this point in the history
fix(partialeval): out of index while the any condition key is empty
  • Loading branch information
wklken authored Nov 25, 2021
2 parents 19cad42 + c25401a commit a0ec6d0
Show file tree
Hide file tree
Showing 8 changed files with 38 additions and 8 deletions.
2 changes: 1 addition & 1 deletion VERSION
Original file line number Diff line number Diff line change
@@ -1 +1 @@
1.9.0
1.9.1
5 changes: 4 additions & 1 deletion pkg/abac/pdp/condition/and.go
Original file line number Diff line number Diff line change
Expand Up @@ -106,11 +106,14 @@ func (c *AndCondition) PartialEval(ctx types.EvalContextor) (bool, Condition) {
if ci.GetName() != operator.ANY {
remainedContent = append(remainedContent, ci)
}
} else if condition.GetName() == operator.ANY {
// if any, it's always true, just continue
continue
} else {
key := condition.GetKeys()[0]
dotIdx := strings.LastIndexByte(key, '.')
if dotIdx == -1 {
//panic("should contain dot in key")
// panic("should contain dot in key")
return false, nil
}
_type := key[:dotIdx]
Expand Down
10 changes: 10 additions & 0 deletions pkg/abac/pdp/condition/and_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -217,6 +217,16 @@ var _ = Describe("And", func() {
assert.True(GinkgoT(), allowed)
assert.Equal(GinkgoT(), NewAnyCondition(), nc)
})

It("any", func() {
c = NewAndCondition([]Condition{
NewAnyCondition(),
})
allowed, nc := c.(LogicalCondition).PartialEval(HitStrCtx("linux"))
assert.True(GinkgoT(), allowed)
assert.Equal(GinkgoT(), NewAnyCondition(), nc)
})

//
It("remain", func() {
allowed, nc := c.(LogicalCondition).PartialEval(MissStrCtx("linux"))
Expand Down
6 changes: 3 additions & 3 deletions pkg/abac/pdp/condition/any.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,9 +45,9 @@ func (c *AnyCondition) GetName() string {
}

// GetKeys 属性key
func (c *AnyCondition) GetKeys() []string {
return []string{}
}
// func (c *AnyCondition) GetKeys() []string {
// return []string{}
// }

// Eval 求值
func (c *AnyCondition) Eval(ctx types.EvalContextor) bool {
Expand Down
6 changes: 4 additions & 2 deletions pkg/abac/pdp/condition/any_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,15 +35,17 @@ var _ = Describe("Any", func() {
It("New", func() {
c := NewAnyCondition()
assert.Equal(GinkgoT(), "Any", c.GetName())
assert.Equal(GinkgoT(), []string{}, c.GetKeys())
assert.Equal(GinkgoT(), []string{""}, c.GetKeys())
})

It("GetName", func() {
assert.Equal(GinkgoT(), "Any", c.GetName())
})

It("GetKeys", func() {
assert.Empty(GinkgoT(), c.GetKeys())
keys := c.GetKeys()
assert.Len(GinkgoT(), keys, 1)
assert.Equal(GinkgoT(), "bk_cmdb.host.id", keys[0])
})

It("Eval", func() {
Expand Down
4 changes: 3 additions & 1 deletion pkg/abac/pdp/condition/or.go
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,9 @@ func (c *OrCondition) PartialEval(ctx types.EvalContextor) (bool, Condition) {
}

// a OR b, if a false, do nothing!

} else if condition.GetName() == operator.ANY {
// if any, it's always true, return true
return true, NewAnyCondition()
} else {
key := condition.GetKeys()[0]
dotIdx := strings.LastIndexByte(key, '.')
Expand Down
9 changes: 9 additions & 0 deletions pkg/abac/pdp/condition/or_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -242,6 +242,15 @@ var _ = Describe("Or", func() {
assert.True(GinkgoT(), allowed)
assert.Equal(GinkgoT(), NewAnyCondition(), nc)
})

It("any", func() {
c = NewOrCondition([]Condition{
NewAnyCondition(),
})
allowed, nc := c.(LogicalCondition).PartialEval(HitStrCtx("linux"))
assert.True(GinkgoT(), allowed)
assert.Equal(GinkgoT(), NewAnyCondition(), nc)
})
//
It("remain", func() {
allowed, nc := c.(LogicalCondition).PartialEval(MissStrCtx("linux"))
Expand Down
4 changes: 4 additions & 0 deletions release.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
# 1.9.1

- bugfix: partialEval out of index while the any condition key is empty

# 1.9.0

- refactor: pdp 模块重构, 完备的表达式, 支持两阶段计算
Expand Down

0 comments on commit a0ec6d0

Please sign in to comment.