예제 #1
0
파일: policy.go 프로젝트: kevinawalsh/taoca
func Load(path string) (tao.Guard, error) {
	s, err := NewScanner(path)
	if err != nil {
		return nil, err
	}
	t := s.NextLine()
	var g tao.Guard
	switch t {
	case "acl":
		g = tao.NewACLGuard()
	case "datalog":
		g = tao.NewTemporaryDatalogGuard()
	case "":
		return nil, fmt.Errorf("%s: first line must specify 'datalog' or 'acl'\n", path)
	default:
		return nil, fmt.Errorf("%s: expected 'datalog' or 'acl', found %q\n", path, t)
	}
	for line := s.NextLine(); line != ""; line = s.NextLine() {
		err = g.AddRule(line)
		if err != nil {
			return nil, fmt.Errorf("%s: %s; processing this line:\n> %s\n", path, err, line)
		}
	}
	return g, nil
}
예제 #2
0
func generateGuard(t *testing.T) *tao.Guard {
	guard := tao.NewACLGuard(nil, tao.ACLGuardDetails{})
	err := guard.Authorize(*hostName, "Host", []string{})
	if err != nil {
		t.Fatal("Error adding a rule to the guard", err)
	}
	err = guard.Authorize(*programName, "Execute", []string{})
	if err != nil {
		t.Fatal("Error adding a rule to the guard", err)
	}
	machinePrin := auth.Prin{Type: "MachineInfo", KeyHash: auth.Str(machineName)}
	err = guard.Authorize(machinePrin, "Root", []string{})
	if err != nil {
		t.Fatal("Error adding a rule to the guard", err)
	}
	return &guard
}