forked from TykTechnologies/tyk
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpolicy.go
196 lines (160 loc) · 5.22 KB
/
policy.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
package main
import (
"encoding/json"
"github.com/Sirupsen/logrus"
"gopkg.in/mgo.v2/bson"
"io/ioutil"
"net/http"
)
type Policy struct {
MID bson.ObjectId `bson:"_id,omitempty" json:"_id"`
ID string `bson:"id,omitempty" json:"id"`
OrgID string `bson:"org_id" json:"org_id"`
Rate float64 `bson:"rate" json:"rate"`
Per float64 `bson:"per" json:"per"`
QuotaMax int64 `bson:"quota_max" json:"quota_max"`
QuotaRenewalRate int64 `bson:"quota_renewal_rate" json:"quota_renewal_rate"`
AccessRights map[string]AccessDefinition `bson:"access_rights" json:"access_rights"`
HMACEnabled bool `bson:"hmac_enabled" json:"hmac_enabled"`
Active bool `bson:"active" json:"active"`
IsInactive bool `bson:"is_inactive" json:"is_inactive"`
Tags []string `bson:"tags" json:"tags"`
KeyExpiresIn int64 `bson:"key_expires_in" json:"key_expires_in"`
}
type DBAccessDefinition struct {
APIName string `json:"apiname"`
APIID string `json:"apiid"`
Versions []string `json:"versions"`
AllowedURLs []AccessSpec `bson:"allowed_urls" json:"allowed_urls"` // mapped string MUST be a valid regex
}
func (d *DBAccessDefinition) ToRegularAD() AccessDefinition {
thisAD := AccessDefinition{
APIName: d.APIName,
APIID: d.APIID,
Versions: d.Versions,
AllowedURLs: d.AllowedURLs,
}
return thisAD
}
type DBPolicy struct {
Policy
AccessRights map[string]DBAccessDefinition `bson:"access_rights" json:"access_rights"`
}
func (d *DBPolicy) ToRegularPolicy() Policy {
thisPolicy := Policy(d.Policy)
thisPolicy.AccessRights = make(map[string]AccessDefinition)
for k, v := range d.AccessRights {
thisPolicy.AccessRights[k] = v.ToRegularAD()
}
return thisPolicy
}
func LoadPoliciesFromFile(filePath string) map[string]Policy {
policies := make(map[string]Policy)
policyConfig, err := ioutil.ReadFile(filePath)
if err != nil {
log.WithFields(logrus.Fields{
"prefix": "policy",
}).Error("Couldn't load policy file: ", err)
return policies
}
mErr := json.Unmarshal(policyConfig, &policies)
if mErr != nil {
log.WithFields(logrus.Fields{
"prefix": "policy",
}).Error("Couldn't unmarshal policies: ", mErr)
}
return policies
}
// LoadPoliciesFromDashboard will connect and download Policies from a Tyk Dashboard instance.
func LoadPoliciesFromDashboard(endpoint string, secret string, allowExplicit bool) map[string]Policy {
policies := make(map[string]Policy)
// Get the definitions
log.Debug("Calling: ", endpoint)
newRequest, err := http.NewRequest("GET", endpoint, nil)
if err != nil {
log.Error("Failed to create request: ", err)
}
newRequest.Header.Add("authorization", secret)
newRequest.Header.Add("x-tyk-nodeid", NodeID)
ServiceNonceMutex.Lock()
newRequest.Header.Add("x-tyk-nonce", ServiceNonce)
ServiceNonceMutex.Unlock()
c := &http.Client{}
response, reqErr := c.Do(newRequest)
if reqErr != nil {
log.Error("Request failed: ", reqErr)
return policies
}
defer response.Body.Close()
retBody, err := ioutil.ReadAll(response.Body)
if err != nil {
log.Error("Failed to read body: ", err)
return policies
}
// Extract Policies
type NodeResponseOK struct {
Status string
Message []DBPolicy
Nonce string
}
thisList := NodeResponseOK{}
decErr := json.Unmarshal(retBody, &thisList)
if decErr != nil {
log.Error("Failed to decode body: ", decErr)
return policies
}
ServiceNonceMutex.Lock()
ServiceNonce = thisList.Nonce
log.Debug("Loading Policies Finished: Nonce Set: ", ServiceNonce)
ServiceNonceMutex.Unlock()
for _, p := range thisList.Message {
thisID := p.MID.Hex()
if allowExplicit {
if p.ID != "" {
thisID = p.ID
}
}
p.ID = thisID
_, foundP := policies[thisID]
if !foundP {
policies[thisID] = p.ToRegularPolicy()
log.WithFields(logrus.Fields{
"prefix": "policy",
}).Info("--> Processing policy ID: ", p.ID)
log.Debug("POLICY ACCESS RIGHTS: ", p.AccessRights)
} else {
log.WithFields(logrus.Fields{
"prefix": "policy",
"policyID": p.ID,
"OrgID": p.OrgID,
}).Warning("--> Skipping policy, new item has a duplicate ID!")
}
}
return policies
}
func LoadPoliciesFromRPC(orgId string) map[string]Policy {
dbPolicyList := make([]Policy, 0)
policies := make(map[string]Policy)
store := &RPCStorageHandler{UserKey: config.SlaveOptions.APIKey, Address: config.SlaveOptions.ConnectionString}
store.Connect()
rpcPolicies := store.GetPolicies(orgId)
store.Disconnect()
jErr1 := json.Unmarshal([]byte(rpcPolicies), &dbPolicyList)
if jErr1 != nil {
log.WithFields(logrus.Fields{
"prefix": "policy",
}).Error("Failed decode: ", jErr1)
return policies
}
log.WithFields(logrus.Fields{
"prefix": "policy",
}).Info("Policies found: ", len(dbPolicyList))
for _, p := range dbPolicyList {
p.ID = p.MID.Hex()
policies[p.MID.Hex()] = p
log.WithFields(logrus.Fields{
"prefix": "policy",
}).Info("--> Processing policy ID: ", p.ID)
}
return policies
}