func Load(path string) (tao.Guard, error) { s, err := NewScanner(path) if err != nil { return nil, err } t := s.NextLine() var g tao.Guard switch t { case "acl": g = tao.NewACLGuard() case "datalog": g = tao.NewTemporaryDatalogGuard() case "": return nil, fmt.Errorf("%s: first line must specify 'datalog' or 'acl'\n", path) default: return nil, fmt.Errorf("%s: expected 'datalog' or 'acl', found %q\n", path, t) } for line := s.NextLine(); line != ""; line = s.NextLine() { err = g.AddRule(line) if err != nil { return nil, fmt.Errorf("%s: %s; processing this line:\n> %s\n", path, err, line) } } return g, nil }
func newTempCAGuard(v *tao.Verifier) (tao.Guard, error) { g := tao.NewTemporaryDatalogGuard() vprin := v.ToPrincipal() rule := fmt.Sprintf(subprinRule, vprin) if err := g.AddRule(rule); err != nil { return nil, err } return g, nil }
// NewResourceMaster creates a ResourceMaster from the static ruleset and // initializes it to manage the given directory. func NewResourceMaster(filepath string) *ResourceMaster { m := &ResourceMaster{ Guard: tao.NewTemporaryDatalogGuard(), BaseDirectory: filepath, Resources: make(map[string]*Resource), Principals: make(map[string]*Principal), Policy: policy, // the global policy value. } for _, p := range m.Policy { if err := m.Guard.AddRule(p); err != nil { log.Printf("Couldn't add run '%s': %s\n", p, err) return nil } } return m }