2023-04-11 13:57:23 +00:00
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
|
|
|
_ "embed"
|
2024-05-15 16:09:42 +00:00
|
|
|
"errors"
|
|
|
|
"flag"
|
2023-04-11 13:57:23 +00:00
|
|
|
"fmt"
|
2024-05-15 16:09:42 +00:00
|
|
|
"go/ast"
|
2023-04-11 13:57:23 +00:00
|
|
|
"go/format"
|
2024-05-15 16:09:42 +00:00
|
|
|
"go/parser"
|
|
|
|
"go/token"
|
2023-04-11 13:57:23 +00:00
|
|
|
"html/template"
|
|
|
|
"log"
|
|
|
|
"os"
|
2024-05-15 16:09:42 +00:00
|
|
|
"slices"
|
|
|
|
"strings"
|
2023-04-11 13:57:23 +00:00
|
|
|
|
2024-05-16 17:07:44 +00:00
|
|
|
"golang.org/x/xerrors"
|
|
|
|
|
2024-05-15 16:09:42 +00:00
|
|
|
"github.com/coder/coder/v2/coderd/rbac/policy"
|
2023-04-11 13:57:23 +00:00
|
|
|
)
|
|
|
|
|
2024-05-15 16:09:42 +00:00
|
|
|
//go:embed rbacobject.gotmpl
|
|
|
|
var rbacObjectTemplate string
|
2023-04-11 13:57:23 +00:00
|
|
|
|
2024-05-15 16:09:42 +00:00
|
|
|
//go:embed codersdk.gotmpl
|
|
|
|
var codersdkTemplate string
|
|
|
|
|
|
|
|
func usage() {
|
|
|
|
_, _ = fmt.Println("Usage: rbacgen <codersdk|rbac>")
|
|
|
|
_, _ = fmt.Println("Must choose a template target.")
|
2023-04-11 13:57:23 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// main will generate a file that lists all rbac objects.
|
|
|
|
// This is to provide an "AllResources" function that is always
|
|
|
|
// in sync.
|
|
|
|
func main() {
|
2024-05-15 16:09:42 +00:00
|
|
|
flag.Parse()
|
2023-04-11 13:57:23 +00:00
|
|
|
|
2024-05-15 16:09:42 +00:00
|
|
|
if len(flag.Args()) < 1 {
|
|
|
|
usage()
|
|
|
|
os.Exit(1)
|
2023-04-11 13:57:23 +00:00
|
|
|
}
|
|
|
|
|
2024-05-15 16:09:42 +00:00
|
|
|
// It did not make sense to have 2 different generators that do essentially
|
|
|
|
// the same thing, but different format for the BE and the sdk.
|
|
|
|
// So the argument switches the go template to use.
|
|
|
|
var source string
|
|
|
|
switch strings.ToLower(flag.Args()[0]) {
|
|
|
|
case "codersdk":
|
|
|
|
source = codersdkTemplate
|
|
|
|
case "rbac":
|
|
|
|
source = rbacObjectTemplate
|
|
|
|
default:
|
|
|
|
_, _ = fmt.Fprintf(os.Stderr, "%q is not a valid templte target\n", flag.Args()[0])
|
|
|
|
usage()
|
|
|
|
os.Exit(2)
|
2023-04-11 13:57:23 +00:00
|
|
|
}
|
|
|
|
|
2024-05-15 16:09:42 +00:00
|
|
|
out, err := generateRbacObjects(source)
|
2023-04-11 13:57:23 +00:00
|
|
|
if err != nil {
|
2024-05-15 16:09:42 +00:00
|
|
|
log.Fatalf("Generate source: %s", err.Error())
|
2023-04-11 13:57:23 +00:00
|
|
|
}
|
|
|
|
|
2024-05-15 16:09:42 +00:00
|
|
|
formatted, err := format.Source(out)
|
|
|
|
if err != nil {
|
|
|
|
log.Fatalf("Format template: %s", err.Error())
|
2023-04-11 13:57:23 +00:00
|
|
|
}
|
|
|
|
|
2024-05-15 16:09:42 +00:00
|
|
|
_, _ = fmt.Fprint(os.Stdout, string(formatted))
|
|
|
|
}
|
|
|
|
|
|
|
|
func pascalCaseName[T ~string](name T) string {
|
|
|
|
names := strings.Split(string(name), "_")
|
|
|
|
for i := range names {
|
|
|
|
names[i] = capitalize(names[i])
|
2023-04-11 13:57:23 +00:00
|
|
|
}
|
2024-05-15 16:09:42 +00:00
|
|
|
return strings.Join(names, "")
|
|
|
|
}
|
|
|
|
|
|
|
|
func capitalize(name string) string {
|
|
|
|
return strings.ToUpper(string(name[0])) + name[1:]
|
|
|
|
}
|
2023-04-11 13:57:23 +00:00
|
|
|
|
2024-05-15 16:09:42 +00:00
|
|
|
type Definition struct {
|
|
|
|
policy.PermissionDefinition
|
|
|
|
Type string
|
|
|
|
}
|
|
|
|
|
|
|
|
func (p Definition) FunctionName() string {
|
|
|
|
if p.Name != "" {
|
|
|
|
return p.Name
|
|
|
|
}
|
|
|
|
return p.Type
|
|
|
|
}
|
|
|
|
|
|
|
|
// fileActions is required because we cannot get the variable name of the enum
|
|
|
|
// at runtime. So parse the package to get it. This is purely to ensure enum
|
|
|
|
// names are consistent, which is a bit annoying, but not too bad.
|
|
|
|
func fileActions(file *ast.File) map[string]string {
|
|
|
|
// actions is a map from the enum value -> enum name
|
|
|
|
actions := make(map[string]string)
|
|
|
|
|
|
|
|
// Find the action consts
|
|
|
|
fileDeclLoop:
|
|
|
|
for _, decl := range file.Decls {
|
|
|
|
switch typedDecl := decl.(type) {
|
|
|
|
case *ast.GenDecl:
|
|
|
|
if len(typedDecl.Specs) == 0 {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
// This is the right on, loop over all idents, pull the actions
|
|
|
|
for _, spec := range typedDecl.Specs {
|
|
|
|
vSpec, ok := spec.(*ast.ValueSpec)
|
|
|
|
if !ok {
|
|
|
|
continue fileDeclLoop
|
|
|
|
}
|
|
|
|
|
|
|
|
typeIdent, ok := vSpec.Type.(*ast.Ident)
|
|
|
|
if !ok {
|
|
|
|
continue fileDeclLoop
|
|
|
|
}
|
|
|
|
|
|
|
|
if typeIdent.Name != "Action" || len(vSpec.Values) != 1 || len(vSpec.Names) != 1 {
|
|
|
|
continue fileDeclLoop
|
|
|
|
}
|
|
|
|
|
|
|
|
literal, ok := vSpec.Values[0].(*ast.BasicLit)
|
|
|
|
if !ok {
|
|
|
|
continue fileDeclLoop
|
|
|
|
}
|
|
|
|
actions[strings.Trim(literal.Value, `"`)] = vSpec.Names[0].Name
|
|
|
|
}
|
|
|
|
default:
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return actions
|
|
|
|
}
|
|
|
|
|
|
|
|
type ActionDetails struct {
|
|
|
|
Enum string
|
|
|
|
Value string
|
|
|
|
}
|
|
|
|
|
|
|
|
// generateRbacObjects will take the policy.go file, and send it as input
|
|
|
|
// to the go templates. Some AST of the Action enum is also included.
|
|
|
|
func generateRbacObjects(templateSource string) ([]byte, error) {
|
|
|
|
// Parse the policy.go file for the action enums
|
|
|
|
f, err := parser.ParseFile(token.NewFileSet(), "./coderd/rbac/policy/policy.go", nil, parser.ParseComments)
|
2023-04-11 13:57:23 +00:00
|
|
|
if err != nil {
|
2024-05-16 17:07:44 +00:00
|
|
|
return nil, xerrors.Errorf("parsing policy.go: %w", err)
|
2024-05-15 16:09:42 +00:00
|
|
|
}
|
|
|
|
actionMap := fileActions(f)
|
|
|
|
actionList := make([]ActionDetails, 0)
|
|
|
|
for value, enum := range actionMap {
|
|
|
|
actionList = append(actionList, ActionDetails{
|
|
|
|
Enum: enum,
|
|
|
|
Value: value,
|
|
|
|
})
|
2023-04-11 13:57:23 +00:00
|
|
|
}
|
|
|
|
|
2024-05-15 16:09:42 +00:00
|
|
|
// Sorting actions for auto gen consistency.
|
|
|
|
slices.SortFunc(actionList, func(a, b ActionDetails) int {
|
|
|
|
return strings.Compare(a.Enum, b.Enum)
|
2023-04-11 13:57:23 +00:00
|
|
|
})
|
|
|
|
|
2024-05-15 16:09:42 +00:00
|
|
|
var errorList []error
|
|
|
|
var x int
|
|
|
|
tpl, err := template.New("object.gotmpl").Funcs(template.FuncMap{
|
|
|
|
"capitalize": capitalize,
|
|
|
|
"pascalCaseName": pascalCaseName[string],
|
|
|
|
"actionsList": func() []ActionDetails {
|
|
|
|
return actionList
|
|
|
|
},
|
|
|
|
"actionEnum": func(action policy.Action) string {
|
|
|
|
x++
|
|
|
|
v, ok := actionMap[string(action)]
|
|
|
|
if !ok {
|
2024-05-16 17:07:44 +00:00
|
|
|
errorList = append(errorList, xerrors.Errorf("action value %q does not have a constant a matching enum constant", action))
|
2024-05-15 16:09:42 +00:00
|
|
|
}
|
|
|
|
return v
|
|
|
|
},
|
|
|
|
"concat": func(strs ...string) string { return strings.Join(strs, "") },
|
|
|
|
}).Parse(templateSource)
|
2023-04-11 13:57:23 +00:00
|
|
|
if err != nil {
|
2024-05-16 17:07:44 +00:00
|
|
|
return nil, xerrors.Errorf("parse template: %w", err)
|
2023-04-11 13:57:23 +00:00
|
|
|
}
|
|
|
|
|
2024-05-15 16:09:42 +00:00
|
|
|
// Convert to sorted list for autogen consistency.
|
|
|
|
var out bytes.Buffer
|
|
|
|
list := make([]Definition, 0)
|
|
|
|
for t, v := range policy.RBACPermissions {
|
|
|
|
v := v
|
|
|
|
list = append(list, Definition{
|
|
|
|
PermissionDefinition: v,
|
|
|
|
Type: t,
|
|
|
|
})
|
2023-04-11 13:57:23 +00:00
|
|
|
}
|
|
|
|
|
2024-05-15 16:09:42 +00:00
|
|
|
slices.SortFunc(list, func(a, b Definition) int {
|
|
|
|
return strings.Compare(a.Type, b.Type)
|
|
|
|
})
|
2023-04-11 13:57:23 +00:00
|
|
|
|
2024-05-15 16:09:42 +00:00
|
|
|
err = tpl.Execute(&out, list)
|
|
|
|
if err != nil {
|
2024-05-16 17:07:44 +00:00
|
|
|
return nil, xerrors.Errorf("execute template: %w", err)
|
2024-05-15 16:09:42 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if len(errorList) > 0 {
|
|
|
|
return nil, errors.Join(errorList...)
|
2023-04-11 13:57:23 +00:00
|
|
|
}
|
2024-05-15 16:09:42 +00:00
|
|
|
|
|
|
|
return out.Bytes(), nil
|
2023-04-11 13:57:23 +00:00
|
|
|
}
|