ockam_api 0.48.0

Ockam's request-response API
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118

use either::Either;
use minicbor::Decoder;

use crate::cli_state::{StateDirTrait, StateItemTrait};
use crate::nodes::BackgroundNode;
use ockam_abac::expr::{eq, ident, str};
use ockam_abac::{Action, Resource};
use ockam_core::api::{Error, Request, RequestHeader, Response};
use ockam_core::{async_trait, Result};
use ockam_node::Context;

use crate::nodes::models::policy::{Expression, Policy, PolicyList};

use super::NodeManager;

impl NodeManager {
    pub(super) async fn add_policy(
        &self,
        resource: &str,
        action: &str,
        req: &RequestHeader,
        dec: &mut Decoder<'_>,
    ) -> Result<Response<()>, Response<Error>> {
        let p: Policy = dec.decode()?;
        let r = Resource::new(resource);
        let a = Action::new(action);
        self.policies.set_policy(&r, &a, p.expression()).await?;
        Ok(Response::ok(req))
    }

    pub(super) async fn get_policy<'a>(
        &self,
        req: &'a RequestHeader,
        resource: &str,
        action: &str,
    ) -> Result<Either<Response<Error>, Response<Policy>>> {
        let r = Resource::new(resource);
        let a = Action::new(action);
        if let Some(e) = self.policies.get_policy(&r, &a).await? {
            Ok(Either::Right(Response::ok(req).body(Policy::new(e))))
        } else {
            Ok(Either::Left(Response::not_found(req, "policy not found")))
        }
    }

    pub(super) async fn list_policies(
        &self,
        req: &RequestHeader,
        res: &str,
    ) -> Result<Response<PolicyList>, Response<Error>> {
        let r = Resource::new(res);
        let p = self.policies.policies(&r).await?;
        let p = p.into_iter().map(|(a, e)| Expression::new(a, e)).collect();
        Ok(Response::ok(req).body(PolicyList::new(p)))
    }

    pub(super) async fn del_policy(
        &self,
        req: &RequestHeader,
        res: &str,
        act: &str,
    ) -> Result<Response<()>, Response<Error>> {
        let r = Resource::new(res);
        let a = Action::new(act);
        self.policies.del_policy(&r, &a).await?;
        Ok(Response::ok(req))
    }
}

pub(crate) fn policy_path(r: &Resource, a: &Action) -> String {
    format!("/policy/{r}/{a}")
}

#[async_trait]
pub trait Policies {
    async fn add_policy_to_project(&self, ctx: &Context, resource_name: &str)
        -> miette::Result<()>;
}

#[async_trait]
impl Policies for BackgroundNode {
    async fn add_policy_to_project(
        &self,
        ctx: &Context,
        resource_name: &str,
    ) -> miette::Result<()> {
        let project_id = match self
            .cli_state()
            .nodes
            .get(self.node_name())?
            .config()
            .setup()
            .project
            .to_owned()
        {
            None => return Ok(()),
            Some(p) => p.id,
        };

        let resource = Resource::new(resource_name);
        let policies: PolicyList = self
            .ask(ctx, Request::get(format!("/policy/{resource}")))
            .await?;
        if !policies.expressions().is_empty() {
            return Ok(());
        }

        let policy = {
            let expr = eq([ident("subject.trust_context_id"), str(project_id)]);
            Policy::new(expr)
        };
        let action = Action::new("handle_message");
        let request = Request::post(policy_path(&resource, &action)).body(policy);
        self.tell(ctx, request).await?;

        Ok(())
    }
}