// Subprincipal returns subprincipal DatalogGuard, for temporary guards, or
// DatalogGuard(<key>) for persistent guards.
func (g *DatalogGuard) Subprincipal() auth.SubPrin {
e := auth.PrinExt{Name: "DatalogGuard"}
if g.Key == nil {
ser, err := proto.Marshal(&g.db)
if err == nil {
hash := sha256.Sum256(ser)
e.Arg = append(e.Arg, auth.Bytes(hash[:]))
}
} else {
e.Arg = append(e.Arg, g.Key.ToPrincipal())
}
return auth.SubPrin{e}
}
// Subprincipal returns a unique subprincipal for this policy.
func (a *ACLGuard) Subprincipal() auth.SubPrin {
e := auth.PrinExt{Name: "ACLGuard"}
if a.Key == nil {
ser, err := proto.Marshal(&ACLSet{Entries: a.ACL})
if err == nil {
hash := sha256.Sum256(ser)
e.Arg = append(e.Arg, auth.Bytes(hash[:]))
}
} else {
e.Arg = append(e.Arg, a.Key.ToPrincipal())
}
return auth.SubPrin{e}
}