graphvent/policy.go

package graphvent

import (
  "encoding/json"
  "fmt"
)

type PolicyType string
func (policy PolicyType) Hash() uint64 {
  hash := sha512.Sum512([]byte(fmt.Sprintf("POLICY: %s", string(policy))))
  return binary.BigEndian.Uint64(hash[(len(hash)-9):(len(hash)-1)])
}

const (
  RequirementOfPolicyType = PolicyType("REQUIREMENT_OF")
  PerNodePolicyType = PolicyType("PER_NODE")
  AllNodesPolicyType = PolicyType("ALL_NODES")
)

type Policy interface {
  Serializable[PolicyType]
  Allows(principal_id NodeID, action SignalType, node *Node) error
}

//TODO: Update with change from principal *Node to principal_id so sane policies can still be made
func (policy *AllNodesPolicy) Allows(principal_id NodeID, action SignalType, node *Node) error {
  return policy.Actions.Allows(action)
}

func (policy *PerNodePolicy) Allows(principal_id NodeID, action SignalType, node *Node) error {
  for id, actions := range(policy.NodeActions) {
    if id != principal_id {
      continue
    }
    for _, a := range(actions) {
      if a == action {
        return nil
      }
    }
  }
  return fmt.Errorf("%s is not in per node policy of %s", principal_id, node.ID)
}

func (policy *RequirementOfPolicy) Allows(principal_id NodeID, action SignalType, node *Node) error {
  lockable_ext, err := GetExt[*LockableExt](node)
  if err != nil {
    return err
  }

  for id, _ := range(lockable_ext.Requirements) {
    if id == principal_id {
      return policy.Actions.Allows(action)
    }
  }

  return fmt.Errorf("%s is not a requirement of %s", principal_id, node.ID)
}

type RequirementOfPolicy struct {
  AllNodesPolicy
}
func (policy *RequirementOfPolicy) Type() PolicyType {
  return RequirementOfPolicyType
}

func NewRequirementOfPolicy(actions Actions) RequirementOfPolicy {
  return RequirementOfPolicy{
    AllNodesPolicy: NewAllNodesPolicy(actions),
  }
}

type Actions []SignalType

func (actions Actions) Allows(action SignalType) error {
  for _, a := range(actions) {
    if a == action {
      return nil
    }
  }
  return fmt.Errorf("%s not in allows list", action)
}

type NodeActions map[NodeID]Actions

type AllNodesPolicyJSON struct {
  Actions Actions `json:"actions"`
}

func AllNodesPolicyLoad(init_fn func(Actions)(Policy, error)) func(*Context, []byte)(Policy, error) {
  return func(ctx *Context, data []byte)(Policy, error){
    var j AllNodesPolicyJSON
    err := json.Unmarshal(data, &j)

    if err != nil {
      return nil, err
    }

    return init_fn(j.Actions)
  }
}

func PerNodePolicyLoad(init_fn func(NodeActions)(Policy, error)) func(*Context, []byte)(Policy, error) {
  return func(ctx *Context, data []byte)(Policy, error){
    var policy PerNodePolicy
    err := json.Unmarshal(data, &policy)
    if err != nil {
      return nil, err
    }
    return init_fn(policy.NodeActions)
  }
}

func NewPerNodePolicy(node_actions NodeActions) PerNodePolicy {
  if node_actions == nil {
    node_actions = NodeActions{}
  }

  return PerNodePolicy{
    NodeActions: node_actions,
  }
}

type PerNodePolicy struct {
  NodeActions NodeActions `json:"node_actions"`
}

func (policy *PerNodePolicy) Type() PolicyType {
  return PerNodePolicyType
}

func (policy *PerNodePolicy) Serialize() ([]byte, error) {
  return json.MarshalIndent(policy, "", "  ")
}

func NewAllNodesPolicy(actions Actions) AllNodesPolicy {
  if actions == nil {
    actions = Actions{}
  }

  return AllNodesPolicy{
    Actions: actions,
  }
}

type AllNodesPolicy struct {
  Actions Actions
}

func (policy *AllNodesPolicy) Type() PolicyType {
  return AllNodesPolicyType
}

func (policy *AllNodesPolicy) Serialize() ([]byte, error) {
  return json.MarshalIndent(policy, "", "  ")
}

// Extension to allow a node to hold ACL policies
type ACLExt struct {
  Policies map[PolicyType]Policy
}


func NodeList(nodes ...*Node) NodeMap {
  m := NodeMap{}
  for _, node := range(nodes) {
    m[node.ID] = node
  }
  return m
}

type PolicyLoadFunc func(*Context, []byte) (Policy, error)
type PolicyInfo struct {
  Load PolicyLoadFunc
}

type ACLExtContext struct {
  Types map[PolicyType]PolicyInfo
}

func NewACLExtContext() *ACLExtContext {
  return &ACLExtContext{
    Types: map[PolicyType]PolicyInfo{
      AllNodesPolicyType: PolicyInfo{
        Load: AllNodesPolicyLoad(func(actions Actions)(Policy, error){
          policy := NewAllNodesPolicy(actions)
          return &policy, nil
        }),
      },
      PerNodePolicyType: PolicyInfo{
        Load: PerNodePolicyLoad(func(nodes NodeActions)(Policy,error){
          policy := NewPerNodePolicy(nodes)
          return &policy, nil
        }),
      },
      RequirementOfPolicyType: PolicyInfo{
        Load: AllNodesPolicyLoad(func(actions Actions)(Policy, error){
          policy := NewRequirementOfPolicy(actions)
          return &policy, nil
        }),
      },
    },
  }
}

func (ext *ACLExt) Serialize() ([]byte, error) {
  policies := map[string][]byte{}
  for name, policy := range(ext.Policies) {
    ser, err := policy.Serialize()
    if err != nil {
      return nil, err
    }
    policies[string(name)] = ser
  }

  return json.MarshalIndent(&struct{
    Policies map[string][]byte `json:"policies"`
  }{
    Policies: policies,
  }, "", "  ")
}

func (ext *ACLExt) Process(ctx *Context, princ_id NodeID, node *Node, signal Signal) {
}

func NewACLExt(policies ...Policy) *ACLExt {
  policy_map := map[PolicyType]Policy{}
  for _, policy := range(policies) {
    _, exists := policy_map[policy.Type()]
    if exists == true {
      panic("Cannot add same policy type twice")
    }

    policy_map[policy.Type()] = policy
  }

  return &ACLExt{
    Policies: policy_map,
  }
}

func LoadACLExt(ctx *Context, data []byte) (Extension, error) {
  var j struct {
    Policies map[string][]byte `json:"policies"`
  }
  err := json.Unmarshal(data, &j)
  if err != nil {
    return nil, err
  }

  policies := make([]Policy, len(j.Policies))
  i := 0
  acl_ctx, err := GetCtx[*ACLExt, *ACLExtContext](ctx)
  if err != nil {
    return nil, err
  }
  for name, ser := range(j.Policies) {
    policy_def, exists := acl_ctx.Types[PolicyType(name)]
    if exists == false {
      return nil, fmt.Errorf("%s is not a known policy type", name)
    }
    policy, err := policy_def.Load(ctx, ser)
    if err != nil {
      return nil, err
    }

    policies[i] = policy
    i++
  }

  return NewACLExt(policies...), nil
}

func (ext *ACLExt) Type() ExtType {
  return ACLExtType
}

// Check if the extension allows the principal to perform action on node
func (ext *ACLExt) Allows(ctx *Context, principal_id NodeID, action SignalType, node *Node) error {
  ctx.Log.Logf("policy", "POLICY_EXT_ALLOWED: %+v", ext)
  errs := []error{}
  for _, policy := range(ext.Policies) {
    err := policy.Allows(principal_id, action, node)
    if err == nil {
      return nil
    }
    errs = append(errs, err)
  }
  return fmt.Errorf("POLICY_CHECK_ERRORS: %s %s.%s - %+v", principal_id, node.ID, action, errs)
}
Added policy.go 2023-07-20 23:19:10 -06:00			`package graphvent`

			`import (`
			`"encoding/json"`
Cleaned up policy.go and added start of UserOfPolicy(need to finish allows) 2023-07-25 00:50:26 -06:00			`"fmt"`
Added policy.go 2023-07-20 23:19:10 -06:00			`)`

Moved ExtType and PolicyType definitions to one block 2023-07-27 23:15:58 -06:00			`type PolicyType string`
			`func (policy PolicyType) Hash() uint64 {`
			`hash := sha512.Sum512([]byte(fmt.Sprintf("POLICY: %s", string(policy))))`
			`return binary.BigEndian.Uint64(hash[(len(hash)-9):(len(hash)-1)])`
			`}`

			`const (`
			`RequirementOfPolicyType = PolicyType("REQUIREMENT_OF")`
			`PerNodePolicyType = PolicyType("PER_NODE")`
			`AllNodesPolicyType = PolicyType("ALL_NODES")`
			`)`

Added policy.go 2023-07-20 23:19:10 -06:00			`type Policy interface {`
Changed NewNode to return a pointer and add the node to the context 2023-07-26 15:08:14 -06:00			`Serializable[PolicyType]`
Added naive locking sequence with short test 2023-07-27 18:08:43 -06:00			`Allows(principal_id NodeID, action SignalType, node *Node) error`
Changed SendUpdate to Node.Process, and changed principal to ID to prepare for decoupling nodes 2023-07-27 01:30:32 -06:00			`}`

Added some policies back, and changed the policy check to pass errors instead of booleans 2023-07-27 09:32:33 -06:00			`//TODO: Update with change from principal *Node to principal_id so sane policies can still be made`
Added naive locking sequence with short test 2023-07-27 18:08:43 -06:00			`func (policy AllNodesPolicy) Allows(principal_id NodeID, action SignalType, node Node) error {`
Changed SendUpdate to Node.Process, and changed principal to ID to prepare for decoupling nodes 2023-07-27 01:30:32 -06:00			`return policy.Actions.Allows(action)`
			`}`

Added naive locking sequence with short test 2023-07-27 18:08:43 -06:00			`func (policy PerNodePolicy) Allows(principal_id NodeID, action SignalType, node Node) error {`
Changed SendUpdate to Node.Process, and changed principal to ID to prepare for decoupling nodes 2023-07-27 01:30:32 -06:00			`for id, actions := range(policy.NodeActions) {`
			`if id != principal_id {`
			`continue`
			`}`
			`for _, a := range(actions) {`
			`if a == action {`
Added some policies back, and changed the policy check to pass errors instead of booleans 2023-07-27 09:32:33 -06:00			`return nil`
Changed SendUpdate to Node.Process, and changed principal to ID to prepare for decoupling nodes 2023-07-27 01:30:32 -06:00			`}`
			`}`
			`}`
Added some policies back, and changed the policy check to pass errors instead of booleans 2023-07-27 09:32:33 -06:00			`return fmt.Errorf("%s is not in per node policy of %s", principal_id, node.ID)`
Changed SendUpdate to Node.Process, and changed principal to ID to prepare for decoupling nodes 2023-07-27 01:30:32 -06:00			`}`

Added naive locking sequence with short test 2023-07-27 18:08:43 -06:00			`func (policy RequirementOfPolicy) Allows(principal_id NodeID, action SignalType, node Node) error {`
Added some policies back, and changed the policy check to pass errors instead of booleans 2023-07-27 09:32:33 -06:00			`lockable_ext, err := GetExt[*LockableExt](node)`
			`if err != nil {`
			`return err`
			`}`

Added naive locking sequence with short test 2023-07-27 18:08:43 -06:00			`for id, _ := range(lockable_ext.Requirements) {`
Added some policies back, and changed the policy check to pass errors instead of booleans 2023-07-27 09:32:33 -06:00			`if id == principal_id {`
			`return policy.Actions.Allows(action)`
			`}`
			`}`

			`return fmt.Errorf("%s is not a requirement of %s", principal_id, node.ID)`
Changed SendUpdate to Node.Process, and changed principal to ID to prepare for decoupling nodes 2023-07-27 01:30:32 -06:00			`}`

Changed NewNode to return a pointer and add the node to the context 2023-07-26 15:08:14 -06:00			`type RequirementOfPolicy struct {`
Added some policies back, and changed the policy check to pass errors instead of booleans 2023-07-27 09:32:33 -06:00			`AllNodesPolicy`
Changed NewNode to return a pointer and add the node to the context 2023-07-26 15:08:14 -06:00			`}`
			`func (policy *RequirementOfPolicy) Type() PolicyType {`
			`return RequirementOfPolicyType`
			`}`

Added some policies back, and changed the policy check to pass errors instead of booleans 2023-07-27 09:32:33 -06:00			`func NewRequirementOfPolicy(actions Actions) RequirementOfPolicy {`
Changed NewNode to return a pointer and add the node to the context 2023-07-26 15:08:14 -06:00			`return RequirementOfPolicy{`
Added some policies back, and changed the policy check to pass errors instead of booleans 2023-07-27 09:32:33 -06:00			`AllNodesPolicy: NewAllNodesPolicy(actions),`
Changed NewNode to return a pointer and add the node to the context 2023-07-26 15:08:14 -06:00			`}`
			`}`

Added naive locking sequence with short test 2023-07-27 18:08:43 -06:00			`type Actions []SignalType`
Added RequirementOfPolicy and thread extension child loading 2023-07-26 15:40:33 -06:00
Added naive locking sequence with short test 2023-07-27 18:08:43 -06:00			`func (actions Actions) Allows(action SignalType) error {`
Added RequirementOfPolicy and thread extension child loading 2023-07-26 15:40:33 -06:00			`for _, a := range(actions) {`
			`if a == action {`
Added some policies back, and changed the policy check to pass errors instead of booleans 2023-07-27 09:32:33 -06:00			`return nil`
Added RequirementOfPolicy and thread extension child loading 2023-07-26 15:40:33 -06:00			`}`
			`}`
Added some policies back, and changed the policy check to pass errors instead of booleans 2023-07-27 09:32:33 -06:00			`return fmt.Errorf("%s not in allows list", action)`
Added RequirementOfPolicy and thread extension child loading 2023-07-26 15:40:33 -06:00			`}`

			`type NodeActions map[NodeID]Actions`
Added ParentOfPolicy and ChildOfPolicy 2023-07-26 13:28:03 -06:00
Added some policies back, and changed the policy check to pass errors instead of booleans 2023-07-27 09:32:33 -06:00			`type AllNodesPolicyJSON struct {`
			Actions Actions `json:"actions"`
			`}`

			`func AllNodesPolicyLoad(init_fn func(Actions)(Policy, error)) func(*Context, []byte)(Policy, error) {`
			`return func(ctx *Context, data []byte)(Policy, error){`
			`var j AllNodesPolicyJSON`
			`err := json.Unmarshal(data, &j)`

			`if err != nil {`
			`return nil, err`
			`}`

			`return init_fn(j.Actions)`
			`}`
			`}`

Changed NewNode to return a pointer and add the node to the context 2023-07-26 15:08:14 -06:00			`func PerNodePolicyLoad(init_fn func(NodeActions)(Policy, error)) func(*Context, []byte)(Policy, error) {`
			`return func(ctx *Context, data []byte)(Policy, error){`
Added naive locking sequence with short test 2023-07-27 18:08:43 -06:00			`var policy PerNodePolicy`
			`err := json.Unmarshal(data, &policy)`
Added ParentOfPolicy and ChildOfPolicy 2023-07-26 13:28:03 -06:00			`if err != nil {`
			`return nil, err`
			`}`
Added naive locking sequence with short test 2023-07-27 18:08:43 -06:00			`return init_fn(policy.NodeActions)`
Added ParentOfPolicy and ChildOfPolicy 2023-07-26 13:28:03 -06:00			`}`
Changed NewNode to return a pointer and add the node to the context 2023-07-26 15:08:14 -06:00			`}`
Added ParentOfPolicy and ChildOfPolicy 2023-07-26 13:28:03 -06:00
Changed NewNode to return a pointer and add the node to the context 2023-07-26 15:08:14 -06:00			`func NewPerNodePolicy(node_actions NodeActions) PerNodePolicy {`
Added ParentOfPolicy and ChildOfPolicy 2023-07-26 13:28:03 -06:00			`if node_actions == nil {`
Added RequirementOfPolicy and thread extension child loading 2023-07-26 15:40:33 -06:00			`node_actions = NodeActions{}`
Added ParentOfPolicy and ChildOfPolicy 2023-07-26 13:28:03 -06:00			`}`

Changed NewNode to return a pointer and add the node to the context 2023-07-26 15:08:14 -06:00			`return PerNodePolicy{`
Added ParentOfPolicy and ChildOfPolicy 2023-07-26 13:28:03 -06:00			`NodeActions: node_actions,`
			`}`
			`}`

			`type PerNodePolicy struct {`
Added naive locking sequence with short test 2023-07-27 18:08:43 -06:00			NodeActions NodeActions `json:"node_actions"`
Added ParentOfPolicy and ChildOfPolicy 2023-07-26 13:28:03 -06:00			`}`

Changed NewNode to return a pointer and add the node to the context 2023-07-26 15:08:14 -06:00			`func (policy *PerNodePolicy) Type() PolicyType {`
Added ParentOfPolicy and ChildOfPolicy 2023-07-26 13:28:03 -06:00			`return PerNodePolicyType`
			`}`

Changed NewNode to return a pointer and add the node to the context 2023-07-26 15:08:14 -06:00			`func (policy *PerNodePolicy) Serialize() ([]byte, error) {`
Added naive locking sequence with short test 2023-07-27 18:08:43 -06:00			`return json.MarshalIndent(policy, "", " ")`
Added ParentOfPolicy and ChildOfPolicy 2023-07-26 13:28:03 -06:00			`}`

Added SimpleListenerNode to test suite 2023-07-27 00:30:24 -06:00			`func NewAllNodesPolicy(actions Actions) AllNodesPolicy {`
			`if actions == nil {`
			`actions = Actions{}`
			`}`

			`return AllNodesPolicy{`
			`Actions: actions,`
			`}`
			`}`

			`type AllNodesPolicy struct {`
Added some policies back, and changed the policy check to pass errors instead of booleans 2023-07-27 09:32:33 -06:00			`Actions Actions`
Added SimpleListenerNode to test suite 2023-07-27 00:30:24 -06:00			`}`

			`func (policy *AllNodesPolicy) Type() PolicyType {`
			`return AllNodesPolicyType`
			`}`

			`func (policy *AllNodesPolicy) Serialize() ([]byte, error) {`
			`return json.MarshalIndent(policy, "", " ")`
			`}`

Moved from inheritance to extensions 2023-07-25 21:43:15 -06:00			`// Extension to allow a node to hold ACL policies`
Added some policies back, and changed the policy check to pass errors instead of booleans 2023-07-27 09:32:33 -06:00			`type ACLExt struct {`
Moved from inheritance to extensions 2023-07-25 21:43:15 -06:00			`Policies map[PolicyType]Policy`
Added policy.go 2023-07-20 23:19:10 -06:00			`}`

Added gql to the rework 2023-07-26 00:18:11 -06:00
Added ParentOfPolicy and ChildOfPolicy 2023-07-26 13:28:03 -06:00			`func NodeList(nodes ...*Node) NodeMap {`
			`m := NodeMap{}`
			`for _, node := range(nodes) {`
			`m[node.ID] = node`
			`}`
			`return m`
			`}`

Moved from inheritance to extensions 2023-07-25 21:43:15 -06:00			`type PolicyLoadFunc func(*Context, []byte) (Policy, error)`
			`type PolicyInfo struct {`
			`Load PolicyLoadFunc`
Added policy.go 2023-07-20 23:19:10 -06:00			`}`

Added some policies back, and changed the policy check to pass errors instead of booleans 2023-07-27 09:32:33 -06:00			`type ACLExtContext struct {`
Moved from inheritance to extensions 2023-07-25 21:43:15 -06:00			`Types map[PolicyType]PolicyInfo`
Added policy.go 2023-07-20 23:19:10 -06:00			`}`

Added some policies back, and changed the policy check to pass errors instead of booleans 2023-07-27 09:32:33 -06:00			`func NewACLExtContext() *ACLExtContext {`
			`return &ACLExtContext{`
Added ParentOfPolicy and ChildOfPolicy 2023-07-26 13:28:03 -06:00			`Types: map[PolicyType]PolicyInfo{`
Added some policies back, and changed the policy check to pass errors instead of booleans 2023-07-27 09:32:33 -06:00			`AllNodesPolicyType: PolicyInfo{`
			`Load: AllNodesPolicyLoad(func(actions Actions)(Policy, error){`
			`policy := NewAllNodesPolicy(actions)`
			`return &policy, nil`
			`}),`
			`},`
Added ParentOfPolicy and ChildOfPolicy 2023-07-26 13:28:03 -06:00			`PerNodePolicyType: PolicyInfo{`
Changed NewNode to return a pointer and add the node to the context 2023-07-26 15:08:14 -06:00			`Load: PerNodePolicyLoad(func(nodes NodeActions)(Policy,error){`
			`policy := NewPerNodePolicy(nodes)`
			`return &policy, nil`
			`}),`
Added ParentOfPolicy and ChildOfPolicy 2023-07-26 13:28:03 -06:00			`},`
Changed NewNode to return a pointer and add the node to the context 2023-07-26 15:08:14 -06:00			`RequirementOfPolicyType: PolicyInfo{`
Added some policies back, and changed the policy check to pass errors instead of booleans 2023-07-27 09:32:33 -06:00			`Load: AllNodesPolicyLoad(func(actions Actions)(Policy, error){`
			`policy := NewRequirementOfPolicy(actions)`
Changed NewNode to return a pointer and add the node to the context 2023-07-26 15:08:14 -06:00			`return &policy, nil`
			`}),`
Added ParentOfPolicy and ChildOfPolicy 2023-07-26 13:28:03 -06:00			`},`
			`},`
			`}`
Added gql to the rework 2023-07-26 00:18:11 -06:00			`}`

Added some policies back, and changed the policy check to pass errors instead of booleans 2023-07-27 09:32:33 -06:00			`func (ext *ACLExt) Serialize() ([]byte, error) {`
Moved from inheritance to extensions 2023-07-25 21:43:15 -06:00			`policies := map[string][]byte{}`
			`for name, policy := range(ext.Policies) {`
			`ser, err := policy.Serialize()`
Added policy.go 2023-07-20 23:19:10 -06:00			`if err != nil {`
			`return nil, err`
			`}`
Moved from inheritance to extensions 2023-07-25 21:43:15 -06:00			`policies[string(name)] = ser`
Added policy.go 2023-07-20 23:19:10 -06:00			`}`

Moved from inheritance to extensions 2023-07-25 21:43:15 -06:00			`return json.MarshalIndent(&struct{`
			Policies map[string][]byte `json:"policies"`
			`}{`
			`Policies: policies,`
			`}, "", " ")`
Added PerTagPolicy 2023-07-21 13:55:27 -06:00			`}`

Switched from thread being the callback engine to node being the callback engine 2023-07-27 15:27:14 -06:00			`func (ext ACLExt) Process(ctx Context, princ_id NodeID, node *Node, signal Signal) {`
Added PerTagPolicy 2023-07-21 13:55:27 -06:00			`}`

Cleaned up initialization 2023-07-27 11:33:11 -06:00			`func NewACLExt(policies ...Policy) *ACLExt {`
			`policy_map := map[PolicyType]Policy{}`
			`for _, policy := range(policies) {`
			`_, exists := policy_map[policy.Type()]`
			`if exists == true {`
			`panic("Cannot add same policy type twice")`
Added SimpleListenerNode to test suite 2023-07-27 00:30:24 -06:00			`}`
Cleaned up initialization 2023-07-27 11:33:11 -06:00
			`policy_map[policy.Type()] = policy`
Added SimpleListenerNode to test suite 2023-07-27 00:30:24 -06:00			`}`

Added some policies back, and changed the policy check to pass errors instead of booleans 2023-07-27 09:32:33 -06:00			`return &ACLExt{`
Cleaned up initialization 2023-07-27 11:33:11 -06:00			`Policies: policy_map,`
Added ParentOfPolicy and ChildOfPolicy 2023-07-26 13:28:03 -06:00			`}`
			`}`

Added some policies back, and changed the policy check to pass errors instead of booleans 2023-07-27 09:32:33 -06:00			`func LoadACLExt(ctx *Context, data []byte) (Extension, error) {`
Moved from inheritance to extensions 2023-07-25 21:43:15 -06:00			`var j struct {`
			Policies map[string][]byte `json:"policies"`
Added more policy types, removed tags 2023-07-24 22:52:15 -06:00			`}`
Moved from inheritance to extensions 2023-07-25 21:43:15 -06:00			`err := json.Unmarshal(data, &j)`
			`if err != nil {`
			`return nil, err`
Added PerTagPolicy 2023-07-21 13:55:27 -06:00			`}`

Cleaned up initialization 2023-07-27 11:33:11 -06:00			`policies := make([]Policy, len(j.Policies))`
			`i := 0`
Added comments and switched from a bool/mutex combo to prevent double-start to an atomic bool 2023-07-27 16:06:56 -06:00			`acl_ctx, err := GetCtx[ACLExt, ACLExtContext](ctx)`
			`if err != nil {`
			`return nil, err`
			`}`
Moved from inheritance to extensions 2023-07-25 21:43:15 -06:00			`for name, ser := range(j.Policies) {`
			`policy_def, exists := acl_ctx.Types[PolicyType(name)]`
			`if exists == false {`
			`return nil, fmt.Errorf("%s is not a known policy type", name)`
Added more policy types, removed tags 2023-07-24 22:52:15 -06:00			`}`
Moved from inheritance to extensions 2023-07-25 21:43:15 -06:00			`policy, err := policy_def.Load(ctx, ser)`
			`if err != nil {`
			`return nil, err`
Added more policy types, removed tags 2023-07-24 22:52:15 -06:00			`}`

Cleaned up initialization 2023-07-27 11:33:11 -06:00			`policies[i] = policy`
			`i++`
Added more policy types, removed tags 2023-07-24 22:52:15 -06:00			`}`
Added PerTagPolicy 2023-07-21 13:55:27 -06:00
Cleaned up initialization 2023-07-27 11:33:11 -06:00			`return NewACLExt(policies...), nil`
Added DependencyPolicy 2023-07-24 01:12:30 -06:00			`}`

Added some policies back, and changed the policy check to pass errors instead of booleans 2023-07-27 09:32:33 -06:00			`func (ext *ACLExt) Type() ExtType {`
			`return ACLExtType`
Added DependencyPolicy 2023-07-24 01:12:30 -06:00			`}`

Moved from inheritance to extensions 2023-07-25 21:43:15 -06:00			`// Check if the extension allows the principal to perform action on node`
Added naive locking sequence with short test 2023-07-27 18:08:43 -06:00			`func (ext ACLExt) Allows(ctx Context, principal_id NodeID, action SignalType, node *Node) error {`
Switched from thread being the callback engine to node being the callback engine 2023-07-27 15:27:14 -06:00			`ctx.Log.Logf("policy", "POLICY_EXT_ALLOWED: %+v", ext)`
Added some policies back, and changed the policy check to pass errors instead of booleans 2023-07-27 09:32:33 -06:00			`errs := []error{}`
Moved from inheritance to extensions 2023-07-25 21:43:15 -06:00			`for _, policy := range(ext.Policies) {`
Switched from thread being the callback engine to node being the callback engine 2023-07-27 15:27:14 -06:00			`err := policy.Allows(principal_id, action, node)`
Added some policies back, and changed the policy check to pass errors instead of booleans 2023-07-27 09:32:33 -06:00			`if err == nil {`
			`return nil`
Added DependencyPolicy 2023-07-24 01:12:30 -06:00			`}`
Added some policies back, and changed the policy check to pass errors instead of booleans 2023-07-27 09:32:33 -06:00			`errs = append(errs, err)`
Added DependencyPolicy 2023-07-24 01:12:30 -06:00			`}`
Added some policies back, and changed the policy check to pass errors instead of booleans 2023-07-27 09:32:33 -06:00			`return fmt.Errorf("POLICY_CHECK_ERRORS: %s %s.%s - %+v", principal_id, node.ID, action, errs)`
Added DependencyPolicy 2023-07-24 01:12:30 -06:00			`}`