-
Notifications
You must be signed in to change notification settings - Fork 3.8k
/
service.go
89 lines (73 loc) · 2.12 KB
/
service.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
// Copyright 2021 The Cockroach Authors.
//
// Licensed as a CockroachDB Enterprise file under the Cockroach Community
// License (the "License"); you may not use this file except in compliance with
// the License. You may obtain a copy of the License at
//
// https://github.com/cockroachdb/cockroach/blob/master/licenses/CCL.txt
package denylist
import "strings"
//go:generate mockgen -package=denylist -destination=mocks_generated.go -source=service.go . Service
// Entry records the reason for putting an item on the denylist.
// TODO(spaskob): add codes for different denial reasons.
type Entry struct {
Reason string
}
// DenyEntity represent one denied entity.
// This also serves as the spec for the config format.
type DenyEntity struct {
Item string `yaml:"item"`
Type Type `yaml:"type"`
}
// Type is the type of the denied entity
type Type int
// Enum values for Type
const (
IPAddrType Type = iota + 1
ClusterType
UnknonwType
)
var strToTypeMap = map[string]Type{
"ip": IPAddrType,
"cluster": ClusterType,
}
var typeToStrMap = map[Type]string{
IPAddrType: "ip",
ClusterType: "cluster",
}
// UnmarshalYAML implements yaml.Unmarshaler interface for type
func (typ *Type) UnmarshalYAML(unmarshal func(interface{}) error) error {
var raw string
err := unmarshal(&raw)
if err != nil {
return err
}
normalized := strings.ToLower(raw)
t, ok := strToTypeMap[normalized]
if !ok {
*typ = UnknonwType
} else {
*typ = t
}
return nil
}
// MarshalYAML implements yaml.Marshaler interface for type
func (typ Type) MarshalYAML() (interface{}, error) {
return typ.String(), nil
}
// String() implements Stringer interface for type
func (typ Type) String() string {
s, ok := typeToStrMap[typ]
if !ok {
return "UNKNOWN"
}
return s
}
// Service provides an interface for checking if an id has been denied access.
type Service interface {
// Denied returns a non-nil Entry if the id is denied. The reason for the
// denial will be in Entry.
Denied(entity DenyEntity) (*Entry, error)
// TODO(spaskob): add API for registering listeners to be notified of any
// updates (inclusion/exclusion) to the denylist.
}