diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index cfef4f58c..63b0ce8cf 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -84,7 +84,7 @@ jobs: run: go mod tidy - name: install spicedb binary uses: authzed/action-spicedb@v1 - - name: run proxy tests + - name: run regression tests env: POSTGRES_PASSWORD: postgres run: make e2e-regression-test diff --git a/internal/proxy/middleware/authz/authz.go b/internal/proxy/middleware/authz/authz.go index 547beed22..96021b8ff 100644 --- a/internal/proxy/middleware/authz/authz.go +++ b/internal/proxy/middleware/authz/authz.go @@ -14,7 +14,7 @@ import ( "github.com/goto/shield/core/group" "github.com/goto/shield/core/resource" "github.com/goto/shield/core/user" - proxyattr "github.com/goto/shield/internal/proxy/attribute" + "github.com/goto/shield/internal/proxy/attribute" "github.com/goto/shield/internal/proxy/middleware" "github.com/goto/shield/internal/schema" "github.com/goto/shield/pkg/body_extractor" @@ -46,7 +46,7 @@ type Authz struct { type Config struct { Actions []string `yaml:"actions" mapstructure:"actions"` Permissions []Permission `yaml:"permissions" mapstructure:"permissions"` - Attributes map[string]proxyattr.Attribute `yaml:"attributes" mapstructure:"attributes"` + Attributes map[string]attribute.Attribute `yaml:"attributes" mapstructure:"attributes"` } type Permission struct { @@ -133,7 +133,7 @@ func (c *Authz) ServeHTTP(rw http.ResponseWriter, req *http.Request) { _ = res switch attr.Type { - case proxyattr.TypeGRPCPayload: + case attribute.TypeGRPCPayload: // check if grpc request if !strings.HasPrefix(req.Header.Get("Content-Type"), "application/grpc") { c.log.Error("middleware: not a grpc request", "attr", attr) @@ -151,7 +151,7 @@ func (c *Authz) ServeHTTP(rw http.ResponseWriter, req *http.Request) { permissionAttributes[res] = payloadField c.log.Info("middleware: extracted", "field", payloadField, "attr", attr) - case proxyattr.TypeJSONPayload: + case attribute.TypeJSONPayload: if attr.Key == "" { c.log.Error("middleware: payload key field empty") c.notAllowed(rw, nil) @@ -167,7 +167,7 @@ func (c *Authz) ServeHTTP(rw http.ResponseWriter, req *http.Request) { permissionAttributes[res] = payloadField c.log.Info("middleware: extracted", "field", payloadField, "attr", attr) - case proxyattr.TypeHeader: + case attribute.TypeHeader: if attr.Key == "" { c.log.Error("middleware: header key field empty") c.notAllowed(rw, nil) @@ -183,7 +183,7 @@ func (c *Authz) ServeHTTP(rw http.ResponseWriter, req *http.Request) { permissionAttributes[res] = headerAttr c.log.Info("middleware: extracted", "field", headerAttr, "attr", attr) - case proxyattr.TypeQuery: + case attribute.TypeQuery: if attr.Key == "" { c.log.Error("middleware: query key field empty") c.notAllowed(rw, nil) @@ -199,7 +199,7 @@ func (c *Authz) ServeHTTP(rw http.ResponseWriter, req *http.Request) { permissionAttributes[res] = queryAttr c.log.Info("middleware: extracted", "field", queryAttr, "attr", attr) - case proxyattr.TypeConstant: + case attribute.TypeConstant: if attr.Value == "" { c.log.Error("middleware: constant value empty") c.notAllowed(rw, nil) @@ -279,7 +279,7 @@ func (c *Authz) ServeHTTP(rw http.ResponseWriter, req *http.Request) { func (c Authz) preparePermissionResource(ctx context.Context, perm Permission, attrs map[string]interface{}) (resource.Resource, error) { resourceName, ok := attrs[perm.Attribute].(string) if !ok { - resourceName = proxyattr.ComposeAttribute(perm.Attribute, attrs) + resourceName = attribute.ComposeAttribute(perm.Attribute, attrs) } res := resource.Resource{