-
Notifications
You must be signed in to change notification settings - Fork 0
/
policy_enforcer.go
91 lines (82 loc) · 2.94 KB
/
policy_enforcer.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
package go_policy_enforcer
type PolicyEnforcerInterface interface {
Enforce(resource any) bool
Match(resource any) []*Policy
}
type PolicyEnforcer struct {
PolicyEnforcerInterface
Policies *[]Policy
}
// NewPolicyEnforcer creates a new instance of PolicyEnforcer with the provided
// policies.
//
// The function takes a pointer to a slice of Policy structs as input and returns
// a PolicyEnforcerInterface.
//
// The PolicyEnforcer struct contains a pointer to the slice of policies and
// implements the PolicyEnforcerInterface.
//
// Parameters:
// - policies: A pointer to a slice of Policy structs. Each Policy represents a
// set of rules or conditions that need to be enforced.
//
// Returns:
// - PolicyEnforcerInterface: An interface that provides the Enforce method to
// check if a resource complies with the policies.
func NewPolicyEnforcer(policies *[]Policy) PolicyEnforcerInterface {
return PolicyEnforcer{
Policies: policies,
}
}
// Enforce checks if a given resource complies with all the policies.
//
// The function iterates over each policy in the PolicyEnforcer's policies slice.
//
// For each policy, it calls the Evaluate method with the provided resource.
//
// If the Evaluate method returns false, the function immediately returns false,
// indicating that the resource does not comply with the policy.
//
// If the Evaluate method returns true for all policies, the function returns true,
// indicating that the resource complies with all policies.
//
// Parameters:
// - resource: The resource to be evaluated against the policies. The type can be any valid Go type.
//
// Returns:
// - bool: A boolean value indicating whether the resource complies with all the policies.
// - true: The resource complies with all the policies.
// - false: The resource does not comply with at least one policy.
func (e PolicyEnforcer) Enforce(resource any) bool {
// If there are no policies, return false immediately, as no policy can be enforced.
if e.Policies == nil || len(*e.Policies) == 0 {
return false
}
for _, p := range *e.Policies {
if !p.Evaluate(resource) {
return false
}
}
return true
}
// Match checks if a given resource matches any of the policies and returns a slice of matching policies.
//
// The function iterates over each policy in the PolicyEnforcer's policies slice.
// For each policy, it calls the Evaluate method with the provided resource.
// If the Evaluate method returns true, the policy is added to the result slice.
//
// Parameters:
// - resource: The resource to be evaluated against the policies. The type can be any valid Go type.
//
// Returns:
// - []*Policy: A slice of pointers to policies that match the provided resource.
// If no policies match, an empty slice is returned.
func (e PolicyEnforcer) Match(resource any) []*Policy {
var policies []*Policy
for _, p := range *e.Policies {
if p.Evaluate(resource) {
policies = append(policies, &p) // If the policy matches, append it
}
}
return policies
}