Merge pull request #64 from angrylogic/enable_wildcard_with_prefix

Enable wildcard with prefix.
nemosupremo · Sep 18, 2018 · 389484f · 389484f
2 parents c6c460e + 9dd7582
commit 389484f
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 1 deletion.
diff --git a/policy/policy.go b/policy/policy.go
@@ -13,6 +13,7 @@ type Policy struct {
 	Roles         []string `json:"roles"`
 	NumUses       int      `json:"num_uses"`
 	strictestPath []byte
+	wildcard      bool
 }
 
 func (p *Policy) merge(path []byte, other Policy) {
@@ -51,6 +52,9 @@ func LoadPoliciesFromJson(data []byte) (*Policies, error) {
 		tree := iradix.New()
 		txn := tree.Txn()
 		for k, v := range pol {
+			if strings.HasSuffix(k, "*") {
+				v.wildcard = true
+			}
 			if strings.HasSuffix(k, ":") {
 				return nil, errors.New("Invalid key name '" + k + "'. Keys must not end with a ':'")
 			}
@@ -79,7 +83,10 @@ func (p *Policies) Get(path string) (*Policy, bool) {
 
 	walkFn := func(k []byte, _v interface{}) bool {
 		v := _v.(Policy)
-		if bytes.Equal(k, []byte(path)) || k[len(k)-1] == ':' {
+		if v.wildcard && bytes.HasPrefix([]byte(path), k) {
+			ret.merge(k, v)
+			foundPolicy = true
+		} else if bytes.Equal(k, []byte(path)) {
 			ret.merge(k, v)
 			foundPolicy = true
 		}

diff --git a/policy/policy_test.go b/policy/policy_test.go
@@ -36,6 +36,10 @@ const samplePolicy = `{
 	"mesos:framework:task2":{
 		"roles":["mesos_framework_task2"],
 		"num_uses":1
+	},
+	"mesos:framework:service/*": {
+	    "roles":["mesos_framework_service"],
+	    "num_uses":1
 	}
 }`
 
@@ -79,6 +83,10 @@ func TestSamplePolicy(t *testing.T) {
 			t.Fatalf("Test of '%s' failed. Expected: %v Had: %v", "mesos:jamp", expected, actual)
 		}
 
+		if pass, expected, actual := shouldContainAll(mustGet(pols.Get("mesos:framework:service/instance-1")), "wildcard", "mesos_child", "mesos_framework_child", "mesos_framework_service"); !pass {
+			t.Fatalf("Test of '%s' failed. Expected: %v Had: %v", "mesos:framework:service/instance-1", expected, actual)
+		}
+
 		if pass, _, actual := shouldContainAll(mustGet(pols.Get("mesos:framework:task2")), "mesos_framework_task"); pass {
 			t.Fatalf("Test of '%s' failed. 'task2' should not conatain permission of 'task'. Had: %v", "mesos:framework:task", actual)
 		}