示例#1
0
func Load(path string) (tao.Guard, error) {
	s, err := NewScanner(path)
	if err != nil {
		return nil, err
	}
	t := s.NextLine()
	var g tao.Guard
	switch t {
	case "acl":
		g = tao.NewACLGuard()
	case "datalog":
		g = tao.NewTemporaryDatalogGuard()
	case "":
		return nil, fmt.Errorf("%s: first line must specify 'datalog' or 'acl'\n", path)
	default:
		return nil, fmt.Errorf("%s: expected 'datalog' or 'acl', found %q\n", path, t)
	}
	for line := s.NextLine(); line != ""; line = s.NextLine() {
		err = g.AddRule(line)
		if err != nil {
			return nil, fmt.Errorf("%s: %s; processing this line:\n> %s\n", path, err, line)
		}
	}
	return g, nil
}
示例#2
0
func newTempCAGuard(v *tao.Verifier) (tao.Guard, error) {
	g := tao.NewTemporaryDatalogGuard()
	vprin := v.ToPrincipal()
	rule := fmt.Sprintf(subprinRule, vprin)

	if err := g.AddRule(rule); err != nil {
		return nil, err
	}
	return g, nil
}
示例#3
0
// NewResourceMaster creates a ResourceMaster from the static ruleset and
// initializes it to manage the given directory.
func NewResourceMaster(filepath string) *ResourceMaster {
	m := &ResourceMaster{
		Guard:         tao.NewTemporaryDatalogGuard(),
		BaseDirectory: filepath,
		Resources:     make(map[string]*Resource),
		Principals:    make(map[string]*Principal),
		Policy:        policy, // the global policy value.
	}

	for _, p := range m.Policy {
		if err := m.Guard.AddRule(p); err != nil {
			log.Printf("Couldn't add run '%s': %s\n", p, err)
			return nil
		}
	}
	return m
}