fix policy file generation

reearth · Oct 30, 2024 · ad272d8 · ad272d8
1 parent 0bc6639
commit ad272d8
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 59 deletions.
diff --git a/cerbos/generator/builder.go b/cerbos/generator/builder.go
@@ -1,35 +1,45 @@
 package generator
 
+type ResourceDefinition struct {
+	Resource string
+	Actions  []ActionDefinition
+}
+
+type ActionDefinition struct {
+	Action string
+	Roles  []string
+}
+
 type ResourceBuilder struct {
 	serviceName string
-	resources   map[string][]actionDefinition
+	resources   map[string][]ActionDefinition
 }
 
 func NewResourceBuilder(serviceName string) *ResourceBuilder {
 	return &ResourceBuilder{
 		serviceName: serviceName,
-		resources:   make(map[string][]actionDefinition),
+		resources:   make(map[string][]ActionDefinition),
 	}
 }
 
-func (b *ResourceBuilder) AddResource(resource string, actions []actionDefinition) *ResourceBuilder {
+func (b *ResourceBuilder) AddResource(resource string, actions []ActionDefinition) *ResourceBuilder {
 	b.resources[resource] = actions
 	return b
 }
 
 func (b *ResourceBuilder) Build() []ResourceDefinition {
 	result := make([]ResourceDefinition, 0, len(b.resources))
 	for resource, actions := range b.resources {
-		result = append(result, &resourceDefinition{
+		result = append(result, ResourceDefinition{
 			Resource: b.serviceName + ":" + resource,
 			Actions:  actions,
 		})
 	}
 	return result
 }
 
-func NewActionDefinition(action string, roles []string) actionDefinition {
-	return actionDefinition{
+func NewActionDefinition(action string, roles []string) ActionDefinition {
+	return ActionDefinition{
 		Action: action,
 		Roles:  roles,
 	}

diff --git a/cerbos/generator/policy.go b/cerbos/generator/policy.go
@@ -26,34 +26,32 @@ type Rule struct {
 	Roles   []string `yaml:"roles"`
 }
 
-type ResourceDefiner interface {
-	DefineResources(builder *ResourceBuilder) []ResourceDefinition
-}
+type DefineResourcesFunc func(builder *ResourceBuilder) []ResourceDefinition
 
-func GeneratePolicies(definer ResourceDefiner, outputDir string) error {
-	builder := NewResourceBuilder("")
-	resources := definer.DefineResources(builder)
+func GeneratePolicies(serviceName string, defineResources DefineResourcesFunc, outputDir string) error {
+	builder := NewResourceBuilder(serviceName)
+	resources := defineResources(builder)
 
 	for _, resource := range resources {
 		policy := CerbosPolicy{
 			APIVersion: "api.cerbos.dev/v1",
 			ResourcePolicy: ResourcePolicy{
 				Version:  "default",
-				Resource: resource.GetResource(),
-				Rules:    make([]Rule, 0, len(resource.GetActions())),
+				Resource: resource.Resource,
+				Rules:    make([]Rule, 0, len(resource.Actions)),
 			},
 		}
 
-		for _, action := range resource.GetActions() {
+		for _, action := range resource.Actions {
 			rule := Rule{
-				Actions: []string{action.GetAction()},
+				Actions: []string{action.Action},
 				Effect:  "EFFECT_ALLOW",
-				Roles:   action.GetRoles(),
+				Roles:   action.Roles,
 			}
 			policy.ResourcePolicy.Rules = append(policy.ResourcePolicy.Rules, rule)
 		}
 
-		filename := strings.ReplaceAll(resource.GetResource(), ":", "_")
+		filename := strings.ReplaceAll(resource.Resource, ":", "_")
 		outputPath := filepath.Join(outputDir, fmt.Sprintf("%s.yaml", filename))
 
 		if err := os.MkdirAll(outputDir, 0755); err != nil {

diff --git a/cerbos/generator/types.go b/cerbos/generator/types.go