Skip to content

Commit

Permalink
rework example_test to use whole-block parsing and parameter substitu…
Browse files Browse the repository at this point in the history
…tion
  • Loading branch information
divarvel committed May 16, 2023
1 parent ea12d1b commit cde49ce
Showing 1 changed file with 31 additions and 68 deletions.
99 changes: 31 additions & 68 deletions example_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,43 +12,19 @@ import (
func ExampleBiscuit() {
rng := rand.Reader
publicRoot, privateRoot, _ := ed25519.GenerateKey(rng)
builder := biscuit.NewBuilder(privateRoot)

fact1, err := parser.FromStringFact(`right("/a/file1.txt", "read")`)
if err != nil {
panic(fmt.Errorf("failed to parse authority facts: %v", err))
}
err = builder.AddAuthorityFact(fact1)
if err != nil {
panic(fmt.Errorf("failed to add authority facts: %v", err))
}

fact2, err := parser.FromStringFact(`right("/a/file1.txt", "write")`)
if err != nil {
panic(fmt.Errorf("failed to parse authority facts: %v", err))
}
err = builder.AddAuthorityFact(fact2)
if err != nil {
panic(fmt.Errorf("failed to add authority facts: %v", err))
}

fact3, err := parser.FromStringFact(`right("/a/file2.txt", "read")`)
if err != nil {
panic(fmt.Errorf("failed to parse authority facts: %v", err))
}
err = builder.AddAuthorityFact(fact3)
authority, err := parser.FromStringBlockWithParams(`
right("/a/file1.txt", {read});
right("/a/file1.txt", {write});
right("/a/file2.txt", {read});
right("/a/file3.txt", {write});
`, map[string]biscuit.Term{"read": biscuit.String("read"), "write": biscuit.String("write")})
if err != nil {
panic(fmt.Errorf("failed to add authority facts: %v", err))
panic(fmt.Errorf("failed to parse authority block: %v", err))
}

fact4, err := parser.FromStringFact(`right("/a/file3.txt", "write")`)
if err != nil {
panic(fmt.Errorf("failed to parse authority facts: %v", err))
}
err = builder.AddAuthorityFact(fact4)
if err != nil {
panic(fmt.Errorf("failed to add authority facts: %v", err))
}
builder := biscuit.NewBuilder(privateRoot)
builder.AddBlock(authority)

b, err := builder.Build()
if err != nil {
Expand All @@ -69,14 +45,14 @@ func ExampleBiscuit() {

blockBuilder := deser.CreateBlock()

check, err := parser.FromStringCheck(`check if resource($file), operation($permission), ["read"].contains($permission)`)
if err != nil {
panic(fmt.Errorf("failed to parse check: %v", err))
}
err = blockBuilder.AddCheck(check)
block, err := parser.FromStringBlockWithParams(`
check if resource($file), operation($permission), [{read}].contains($permission);`,
map[string]biscuit.Term{"read": biscuit.String("read")})

if err != nil {
panic(fmt.Errorf("failed to add block check: %v", err))
panic(fmt.Errorf("failed to parse block: %v", err))
}
blockBuilder.AddBlock(block)

b2, err := deser.Append(rng, blockBuilder.Build())
if err != nil {
Expand All @@ -101,26 +77,20 @@ func ExampleBiscuit() {
panic(fmt.Errorf("failed to create verifier: %v", err))
}

vfact1, err := parser.FromStringFact(`resource("/a/file1.txt")`)
if err != nil {
panic(fmt.Errorf("failed to parse verifier fact: %v", err))
}
v1.AddFact(vfact1)

vfact2, err := parser.FromStringFact(`operation("read")`)
if err != nil {
panic(fmt.Errorf("failed to parse verifier fact: %v", err))
}
v1.AddFact(vfact2)
authorizer, err := parser.FromStringAuthorizerWithParams(`
resource({res});
operation({op});
allow if right({res}, {op});
`, map[string]biscuit.Term{"res": biscuit.String("/a/file1.txt"), "op": biscuit.String("read")})

policy, err := parser.FromStringPolicy(`allow if resource("/a/file1.txt")`)
if err != nil {
panic(fmt.Errorf("failed to parse verifier policy: %v", err))
panic(fmt.Errorf("failed to parse authorizer: %v", err))
}
v1.AddPolicy(policy)
v1.AddAuthorizer(authorizer)

if err := v1.Authorize(); err != nil {
fmt.Println(v1.PrintWorld())
// fmt.Println(v1.PrintWorld())

fmt.Println("forbidden to read /a/file1.txt")
} else {
//fmt.Println(v1.PrintWorld())
Expand All @@ -130,23 +100,16 @@ func ExampleBiscuit() {

v1, _ = b2.Authorizer(publicRoot)

vfact1, err = parser.FromStringFact(`resource("/a/file1.txt")`)
if err != nil {
panic(fmt.Errorf("failed to parse verifier fact: %v", err))
}
v1.AddFact(vfact1)

vfact2, err = parser.FromStringFact(`operation("write")`)
if err != nil {
panic(fmt.Errorf("failed to parse verifier fact: %v", err))
}
v1.AddFact(vfact2)
authorizer, err = parser.FromStringAuthorizerWithParams(`
resource({res});
operation({op});
allow if right({res}, {op});
`, map[string]biscuit.Term{"res": biscuit.String("/a/file1.txt"), "op": biscuit.String("write")})

policy, err = parser.FromStringPolicy(`allow if resource("/a/file1.txt")`)
if err != nil {
panic(fmt.Errorf("failed to parse verifier policy: %v", err))
panic(fmt.Errorf("failed to parse authorizer: %v", err))
}
v1.AddPolicy(policy)
v1.AddAuthorizer(authorizer)

if err := v1.Authorize(); err != nil {
fmt.Println("forbidden to write /a/file1.txt")
Expand Down

0 comments on commit cde49ce

Please sign in to comment.