From 8b58f5fd388c7d9de9095aa26c5837e68433eec2 Mon Sep 17 00:00:00 2001 From: kchiranjewee63 Date: Tue, 6 Aug 2024 19:40:10 -0400 Subject: [PATCH] Support access evaluation --- installation/resources/crds/trat-crd.yaml | 7 +- .../pkg/apis/tratteria/v1alpha1/types.go | 95 ++++++++++++++++--- .../v1alpha1/zz_generated.deepcopy.go | 18 ++++ 3 files changed, 103 insertions(+), 17 deletions(-) diff --git a/installation/resources/crds/trat-crd.yaml b/installation/resources/crds/trat-crd.yaml index 92366c6..9a9e0ac 100644 --- a/installation/resources/crds/trat-crd.yaml +++ b/installation/resources/crds/trat-crd.yaml @@ -52,7 +52,10 @@ spec: azdMapping: type: object x-kubernetes-preserve-unknown-fields: true - required: ["path", "method", "services"] + accessEvaluation: + type: object + x-kubernetes-preserve-unknown-fields: true + required: ["path", "method", "purp", "services"] status: type: object properties: @@ -81,4 +84,4 @@ spec: type: "integer" jsonPath: ".status.retries" subresources: - status: {} + status: {} \ No newline at end of file diff --git a/service/tratteriacontroller/pkg/apis/tratteria/v1alpha1/types.go b/service/tratteriacontroller/pkg/apis/tratteria/v1alpha1/types.go index 59f1297..3d4ef0d 100644 --- a/service/tratteriacontroller/pkg/apis/tratteria/v1alpha1/types.go +++ b/service/tratteriacontroller/pkg/apis/tratteria/v1alpha1/types.go @@ -11,6 +11,68 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) +// DynamicMap is a wrapper around map[string]interface{} that implements DeepCopyInterface +type DynamicMap struct { + Map map[string]interface{} `json:"-"` +} + +func (in *DynamicMap) DeepCopyInterface() interface{} { + if in == nil { + return nil + } + + out := new(DynamicMap) + + in.DeepCopyInto(out) + + return out +} + +func (in *DynamicMap) DeepCopyInto(out *DynamicMap) { + clone := make(map[string]interface{}) + + for k, v := range in.Map { + clone[k] = deepCopyJSONValue(v) + } + + out.Map = clone +} + +func deepCopyJSONValue(v interface{}) interface{} { + if v == nil { + return nil + } + + switch v := v.(type) { + case []interface{}: + arr := make([]interface{}, len(v)) + + for i, elem := range v { + arr[i] = deepCopyJSONValue(elem) + } + + return arr + case map[string]interface{}: + m := make(map[string]interface{}) + + for k, val := range v { + m[k] = deepCopyJSONValue(val) + } + + return m + default: + return v + } +} + +func (in *DynamicMap) MarshalJSON() ([]byte, error) { + return json.Marshal(in.Map) +} + +func (in *DynamicMap) UnmarshalJSON(data []byte) error { + return json.Unmarshal(data, &in.Map) +} + // +genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object @@ -23,11 +85,12 @@ type TraT struct { } type TraTSpec struct { - Path string `json:"path"` - Method string `json:"method"` - Purp string `json:"purp"` - AzdMapping map[string]AzdField `json:"azdMapping,omitempty"` - Services []ServiceSpec `json:"services"` + Path string `json:"path"` + Method string `json:"method"` + Purp string `json:"purp"` + AzdMapping map[string]AzdField `json:"azdMapping,omitempty"` + Services []ServiceSpec `json:"services"` + AccessEvaluation *DynamicMap `json:"accessEvaluation,omitempty"` } type ServiceSpec struct { @@ -74,11 +137,12 @@ type ServiceTraTVerificationRules struct { } type TraTGenerationRule struct { - TraTName string `json:"traTName"` - Path string `json:"path"` - Method string `json:"method"` - Purp string `json:"purp"` - AzdMapping AzdMapping `json:"azdmapping,omitempty"` + TraTName string `json:"traTName"` + Path string `json:"path"` + Method string `json:"method"` + Purp string `json:"purp"` + AzdMapping AzdMapping `json:"azdmapping,omitempty"` + AccessEvaluation *DynamicMap `json:"accessEvaluation,omitempty"` } // constructs TraT verification for each service present in the call chain @@ -130,11 +194,12 @@ func (traT *TraT) GetTraTVerificationRules() (map[string]*ServiceTraTVerificatio func (traT *TraT) GetTraTGenerationRule() (*TraTGenerationRule, error) { return &TraTGenerationRule{ - TraTName: traT.Name, - Path: traT.Spec.Path, - Method: traT.Spec.Method, - Purp: traT.Spec.Purp, - AzdMapping: traT.Spec.AzdMapping, + TraTName: traT.Name, + Path: traT.Spec.Path, + Method: traT.Spec.Method, + Purp: traT.Spec.Purp, + AzdMapping: traT.Spec.AzdMapping, + AccessEvaluation: traT.Spec.AccessEvaluation, }, nil } diff --git a/service/tratteriacontroller/pkg/apis/tratteria/v1alpha1/zz_generated.deepcopy.go b/service/tratteriacontroller/pkg/apis/tratteria/v1alpha1/zz_generated.deepcopy.go index c83f4d6..18511e1 100644 --- a/service/tratteriacontroller/pkg/apis/tratteria/v1alpha1/zz_generated.deepcopy.go +++ b/service/tratteriacontroller/pkg/apis/tratteria/v1alpha1/zz_generated.deepcopy.go @@ -97,6 +97,16 @@ func (in AzdMapping) DeepCopy() AzdMapping { return *out } +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DynamicMap. +func (in *DynamicMap) DeepCopy() *DynamicMap { + if in == nil { + return nil + } + out := new(DynamicMap) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Endpoint) DeepCopyInto(out *Endpoint) { *out = *in @@ -430,6 +440,10 @@ func (in *TraTGenerationRule) DeepCopyInto(out *TraTGenerationRule) { (*out)[key] = val } } + if in.AccessEvaluation != nil { + in, out := &in.AccessEvaluation, &out.AccessEvaluation + *out = (*in).DeepCopy() + } return } @@ -493,6 +507,10 @@ func (in *TraTSpec) DeepCopyInto(out *TraTSpec) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.AccessEvaluation != nil { + in, out := &in.AccessEvaluation, &out.AccessEvaluation + *out = (*in).DeepCopy() + } return }