Commit 2a37de4
Changed files (4)
pkg
policies
rpc
pkg/policies/project.cedar → pkg/policies/album.cedar
File renamed without changes
pkg/policies/entities.json
@@ -28,19 +28,277 @@
"id": "1"
}
},
+ {
+ "uid": {
+ "type": "Organization",
+ "id": "1",
+ "attrs": {
+ "name": "default"
+ }
+ }
+ },
+ {
+ "uid": {
+ "type": "Organization",
+ "id": "2",
+ "attrs": {
+ "name": "gitlab"
+ }
+ }
+ },
+ {
+ "uid": {
+ "type": "Group",
+ "id": "1",
+ "attrs": {
+ "name": "A"
+ },
+ "parents": [
+ {
+ "type": "Organization",
+ "id": "1"
+ }
+ ]
+ }
+ },
+ {
+ "uid": {
+ "type": "Group",
+ "id": "2",
+ "attrs": {
+ "name": "B"
+ },
+ "parents": [
+ {
+ "type": "Organization",
+ "id": "1"
+ }
+ ]
+ }
+ },
+ {
+ "uid": {
+ "type": "Group",
+ "id": "3",
+ "attrs": {
+ "name": "gitlab-org"
+ },
+ "parents": [
+ {
+ "type": "Organization",
+ "id": "2"
+ }
+ ]
+ }
+ },
+ {
+ "uid": {
+ "type": "Group",
+ "id": "4",
+ "attrs": {
+ "name": "gitlab-com"
+ },
+ "parents": [
+ {
+ "type": "Organization",
+ "id": "2"
+ }
+ ]
+ }
+ },
+ {
+ "uid": {
+ "type": "Group",
+ "id": "5",
+ "attrs": {
+ "name": "gl-security"
+ },
+ "parents": [
+ {
+ "type": "Organization",
+ "id": "2"
+ },
+ {
+ "type": "Group",
+ "id": "4"
+ }
+ ]
+ }
+ },
+ {
+ "uid": {
+ "type": "Group",
+ "id": "6",
+ "attrs": {
+ "name": "test-projects"
+ },
+ "parents": [
+ {
+ "type": "Organization",
+ "id": "2"
+ },
+ {
+ "type": "Group",
+ "id": "5"
+ }
+ ]
+ }
+ },
+ {
+ "uid": {
+ "type": "Group",
+ "id": "7",
+ "attrs": {
+ "name": "support"
+ },
+ "parents": [
+ {
+ "type": "Organization",
+ "id": "2"
+ },
+ {
+ "type": "Group",
+ "id": "4"
+ }
+ ]
+ }
+ },
+ {
+ "uid": {
+ "type": "Group",
+ "id": "8",
+ "attrs": {
+ "name": "toolbox"
+ },
+ "parents": [
+ {
+ "type": "Organization",
+ "id": "2"
+ },
+ {
+ "type": "Group",
+ "id": "7"
+ }
+ ]
+ }
+ },
+ {
+ "uid": {
+ "type": "Project",
+ "id": "1",
+ "attrs": {
+ "name": "A1"
+ }
+ },
+ "parents": [
+ {
+ "type": "Group",
+ "id": "1"
+ }
+ ]
+ },
+ {
+ "uid": {
+ "type": "Project",
+ "id": "2",
+ "attrs": {
+ "name": "B1"
+ }
+ },
+ "parents": [
+ {
+ "type": "Group",
+ "id": "2"
+ }
+ ]
+ },
{
"uid": {
"type": "Project",
- "id": "3"
+ "id": "3",
+ "attrs": {
+ "name": "gitlab"
+ }
},
"parents": [
{
"type": "Group",
"id": "3"
- },
+ }
+ ]
+ },
+ {
+ "uid": {
+ "type": "Project",
+ "id": "4",
+ "attrs": {
+ "name": "eicar-test-project"
+ }
+ },
+ "parents": [
+ {
+ "type": "Group",
+ "id": "6"
+ }
+ ]
+ },
+ {
+ "uid": {
+ "type": "Project",
+ "id": "5",
+ "attrs": {
+ "name": "disclosures"
+ }
+ },
+ "parents": [
+ {
+ "type": "Group",
+ "id": "5"
+ }
+ ]
+ },
+ {
+ "uid": {
+ "type": "Project",
+ "id": "6",
+ "attrs": {
+ "name": "changelog-parser"
+ }
+ },
+ "parents": [
+ {
+ "type": "Group",
+ "id": "8"
+ }
+ ]
+ },
+ {
+ "uid": {
+ "type": "Project",
+ "id": "7",
+ "attrs": {
+ "name": "handbook"
+ }
+ },
+ "parents": [
+ {
+ "type": "Group",
+ "id": "4"
+ }
+ ]
+ },
+ {
+ "uid": {
+ "type": "Project",
+ "id": "8",
+ "attrs": {
+ "name": "www-gitlab-com"
+ }
+ },
+ "parents": [
{
- "type": "Path",
- "id": "/projects.json"
+ "type": "Group",
+ "id": "4"
}
]
}
pkg/policies/organization.cedar
@@ -0,0 +1,5 @@
+permit (
+ principal == User::"1",
+ action == Action::"read",
+ resource in Organization::"1"
+);
pkg/rpc/server_test.go
@@ -51,11 +51,11 @@ func TestServer(t *testing.T) {
assert.True(t, reply.Result)
})
- t.Run("returns gid://User/1:read_projects:gid://Organization/1", func(t *testing.T) {
+ t.Run("returns gid://User/1:read:gid://Organization/2", func(t *testing.T) {
reply, err := client.Allowed(t.Context(), &AllowRequest{
Subject: "gid://User/1",
- Permission: "read_projects",
- Resource: "gid://Organization/1",
+ Permission: "read",
+ Resource: "gid://Organization/2",
})
require.NoError(t, err)
assert.True(t, reply.Result)