feat: add context.Context to interfaces (#163)

Signed-off-by: Tabias Pittman <[email protected]>

Author: TabiasP

audit_logger.go

@@ -20,8 +20,10 @@
 
 package ladon
 
+import "context"
+
 // AuditLogger tracks denied and granted authorizations.
 type AuditLogger interface {
-	LogRejectedAccessRequest(request *Request, pool Policies, deciders Policies)
-	LogGrantedAccessRequest(request *Request, pool Policies, deciders Policies)
+	LogRejectedAccessRequest(ctx context.Context, request *Request, pool Policies, deciders Policies)
+	LogGrantedAccessRequest(ctx context.Context, request *Request, pool Policies, deciders Policies)
 }

audit_logger_info.go

@@ -21,6 +21,7 @@
 package ladon
 
 import (
+	"context"
 	"log"
 	"os"
 	"strings"
@@ -38,7 +39,7 @@ func (a *AuditLoggerInfo) logger() *log.Logger {
 	return a.Logger
 }
 
-func (a *AuditLoggerInfo) LogRejectedAccessRequest(r *Request, p Policies, d Policies) {
+func (a *AuditLoggerInfo) LogRejectedAccessRequest(ctx context.Context, r *Request, p Policies, d Policies) {
 	if len(d) > 1 {
 		allowed := joinPoliciesNames(d[0 : len(d)-1])
 		denied := d[len(d)-1].GetID()
@@ -51,7 +52,7 @@ func (a *AuditLoggerInfo) LogRejectedAccessRequest(r *Request, p Policies, d Pol
 	}
 }
 
-func (a *AuditLoggerInfo) LogGrantedAccessRequest(r *Request, p Policies, d Policies) {
+func (a *AuditLoggerInfo) LogGrantedAccessRequest(ctx context.Context, r *Request, p Policies, d Policies) {
 	a.logger().Printf("policies %s allow access", joinPoliciesNames(d))
 }
 

audit_logger_noop.go

@@ -20,10 +20,14 @@
 
 package ladon
 
+import "context"
+
 // AuditLoggerNoOp is the default AuditLogger, that tracks nothing.
 type AuditLoggerNoOp struct{}
 
-func (*AuditLoggerNoOp) LogRejectedAccessRequest(r *Request, p Policies, d Policies) {}
-func (*AuditLoggerNoOp) LogGrantedAccessRequest(r *Request, p Policies, d Policies)  {}
+func (*AuditLoggerNoOp) LogRejectedAccessRequest(ctx context.Context, r *Request, p Policies, d Policies) {
+}
+func (*AuditLoggerNoOp) LogGrantedAccessRequest(ctx context.Context, r *Request, p Policies, d Policies) {
+}
 
 var DefaultAuditLogger = &AuditLoggerNoOp{}

audit_logger_test.go

@@ -22,6 +22,7 @@ package ladon_test
 
 import (
 	"bytes"
+	"context"
 	"log"
 	"testing"
 
@@ -41,21 +42,23 @@ func TestAuditLogger(t *testing.T) {
 		},
 	}
 
-	warden.Manager.Create(&DefaultPolicy{
+	ctx := context.Background()
+
+	warden.Manager.Create(ctx, &DefaultPolicy{
 		ID:        "no-updates",
 		Subjects:  []string{"<.*>"},
 		Actions:   []string{"update"},
 		Resources: []string{"<.*>"},
 		Effect:    DenyAccess,
 	})
-	warden.Manager.Create(&DefaultPolicy{
+	warden.Manager.Create(ctx, &DefaultPolicy{
 		ID:        "yes-deletes",
 		Subjects:  []string{"<.*>"},
 		Actions:   []string{"delete"},
 		Resources: []string{"<.*>"},
 		Effect:    AllowAccess,
 	})
-	warden.Manager.Create(&DefaultPolicy{
+	warden.Manager.Create(ctx, &DefaultPolicy{
 		ID:        "no-bob",
 		Subjects:  []string{"bob"},
 		Actions:   []string{"delete"},
@@ -64,15 +67,15 @@ func TestAuditLogger(t *testing.T) {
 	})
 
 	r := &Request{}
-	assert.NotNil(t, warden.IsAllowed(r))
+	assert.NotNil(t, warden.IsAllowed(ctx, r))
 	assert.Equal(t, "no policy allowed access\n", output.String())
 
 	output.Reset()
 
 	r = &Request{
 		Action: "update",
 	}
-	assert.NotNil(t, warden.IsAllowed(r))
+	assert.NotNil(t, warden.IsAllowed(ctx, r))
 	assert.Equal(t, "policy no-updates forcefully denied the access\n", output.String())
 
 	output.Reset()
@@ -81,7 +84,7 @@ func TestAuditLogger(t *testing.T) {
 		Subject: "bob",
 		Action:  "delete",
 	}
-	assert.NotNil(t, warden.IsAllowed(r))
+	assert.NotNil(t, warden.IsAllowed(ctx, r))
 	assert.Equal(t, "policies yes-deletes allow access, but policy no-bob forcefully denied it\n", output.String())
 
 	output.Reset()
@@ -90,6 +93,6 @@ func TestAuditLogger(t *testing.T) {
 		Subject: "alice",
 		Action:  "delete",
 	}
-	assert.Nil(t, warden.IsAllowed(r))
+	assert.Nil(t, warden.IsAllowed(ctx, r))
 	assert.Equal(t, "policies yes-deletes allow access\n", output.String())
 }

benchmark_warden_test.go

@@ -21,6 +21,7 @@
 package ladon_test
 
 import (
+	"context"
 	"fmt"
 	"strconv"
 	"testing"
@@ -50,16 +51,18 @@ func benchmarkLadon(i int, b *testing.B, warden *ladon.Ladon) {
 	//	sem <- true
 	//}
 
+	ctx := context.Background()
+
 	for _, pol := range generatePolicies(i) {
-		if err := warden.Manager.Create(pol); err != nil {
+		if err := warden.Manager.Create(ctx, pol); err != nil {
 			b.Logf("Got error from warden.Manager.Create: %s", err)
 		}
 	}
 
 	b.ResetTimer()
 	var err error
 	for n := 0; n < b.N; n++ {
-		if err = warden.IsAllowed(&ladon.Request{
+		if err = warden.IsAllowed(ctx, &ladon.Request{
 			Subject:  "5",
 			Action:   "bar",
 			Resource: "baz",

condition.go

@@ -21,6 +21,7 @@
 package ladon
 
 import (
+	"context"
 	"encoding/json"
 
 	"github.com/pkg/errors"
@@ -32,7 +33,7 @@ type Condition interface {
 	GetName() string
 
 	// Fulfills returns true if the request is fulfilled by the condition.
-	Fulfills(interface{}, *Request) bool
+	Fulfills(context.Context, interface{}, *Request) bool
 }
 
 // Conditions is a collection of conditions.
@@ -129,6 +130,6 @@ var ConditionFactories = map[string]func() Condition{
 		return new(ResourceContainsCondition)
 	},
 	new(BooleanCondition).GetName(): func() Condition {
-		return new (BooleanCondition)
+		return new(BooleanCondition)
 	},
 }

condition_boolean.go

@@ -1,5 +1,7 @@
 package ladon
 
+import "context"
+
 /*
 BooleanCondition is used to determine if a boolean context matches an expected
 boolean condition.
@@ -18,7 +20,7 @@ func (c *BooleanCondition) GetName() string {
 
 // Fulfills determines if the BooleanCondition is fulfilled.
 // The BooleanCondition is fulfilled if the provided boolean value matches the conditions boolean value.
-func (c *BooleanCondition) Fulfills(value interface{}, _ *Request) bool {
+func (c *BooleanCondition) Fulfills(ctx context.Context, value interface{}, _ *Request) bool {
 	val, ok := value.(bool)
 
 	return ok && val == c.BooleanValue

condition_cidr.go

@@ -21,6 +21,7 @@
 package ladon
 
 import (
+	"context"
 	"net"
 )
 
@@ -30,7 +31,7 @@ type CIDRCondition struct {
 }
 
 // Fulfills returns true if the the request is fulfilled by the condition.
-func (c *CIDRCondition) Fulfills(value interface{}, _ *Request) bool {
+func (c *CIDRCondition) Fulfills(ctx context.Context, value interface{}, _ *Request) bool {
 	ips, ok := value.(string)
 	if !ok {
 		return false

condition_cidr_test.go

@@ -21,6 +21,7 @@
 package ladon
 
 import (
+	"context"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
@@ -42,6 +43,6 @@ func TestCIDRMatch(t *testing.T) {
 			CIDR: c.cidr,
 		}
 
-		assert.Equal(t, c.pass, condition.Fulfills(c.ip, new(Request)), "%s; %s", c.ip, c.cidr)
+		assert.Equal(t, c.pass, condition.Fulfills(context.Background(), c.ip, new(Request)), "%s; %s", c.ip, c.cidr)
 	}
 }

condition_resource_contains.go

@@ -20,13 +20,16 @@
 
 package ladon
 
-import "strings"
+import (
+	"context"
+	"strings"
+)
 
 // ResourceContainsCondition is fulfilled if the context matches a substring within the resource name
 type ResourceContainsCondition struct{}
 
 // Fulfills returns true if the request's resouce contains the given value string
-func (c *ResourceContainsCondition) Fulfills(value interface{}, r *Request) bool {
+func (c *ResourceContainsCondition) Fulfills(ctx context.Context, value interface{}, r *Request) bool {
 
 	filter, ok := value.(map[string]interface{})
 	if !ok {