valitydev/bouncer
14
0
Fork 0
mirror of https://github.com/valitydev/bouncer.git synced 2024-11-06 02:15:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

TD-222: Reuse valitydev/action-deploy-docker@v2 (#24)

Browse Source 
* Fix yamllint complaints
* Use recommended filename extension
* Bump to valitydev/bouncer-proto@de15d37
* Bump to valitydev/org-management-proto@03a269d
* Sync w/ valitydev/erlang-templates
This commit is contained in:
Andrew Mayorov 2022-07-13 11:15:36 +03:00 committed by GitHub
parent b217b6049b
commit eef94e5304
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
17 changed files with 119 additions and 184 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.env
View File

@ -1,8 +1,5 @@
# NOTE
# You SHOULD specify point releases here so that build time and run time Erlang/OTPs
# are the same. See: https://github.com/erlware/relx/pull/902
SERVICE_NAME=bouncer
OTP_VERSION=24.2.0
OTP_VERSION=24.3.4
REBAR_VERSION=3.18
THRIFT_VERSION=0.14.2.2
THRIFT_VERSION=0.14.2.3
OPA_VERSION=0.37.2

0
.github/workflows/basic-linters.yml → .github/workflows/basic-linters.yaml vendored
View File

54
.github/workflows/build-and-push-image.yaml vendored
View File

@ -1,54 +0,0 @@
name: Build and push Docker image
on:
push:
branches: [master]
env:
REGISTRY: ghcr.io
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Log in to the Container registry
uses: docker/login-action@v1
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Construct tags / labels for an image
id: meta
uses: docker/metadata-action@v3
with:
images: |
${{ env.REGISTRY }}/${{ github.repository }}
tags: |
type=sha
# https://docs.github.com/en/actions/learn-github-actions/workflow-commands-for-github-actions#setting-an-environment-variable
- name: Update environment variables
run: grep -v '^#' .env >> $GITHUB_ENV
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Setup Buildx
uses: docker/setup-buildx-action@v1
- name: Build and push Docker image
uses: docker/build-push-action@v2
with:
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
platforms: linux/amd64,linux/arm64
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: |
OTP_VERSION=${{ env.OTP_VERSION }}
THRIFT_VERSION=${{ env.THRIFT_VERSION }}
SERVICE_NAME=${{ env.SERVICE_NAME }}

44
.github/workflows/build-image.yaml vendored
View File

@ -1,43 +1,21 @@
name: Build Docker image
name: Build and publish Docker image
on:
push:
branches:
- 'master'
- 'epic/**'
pull_request:
branches: ["*"]
branches: ['**']
env:
REGISTRY: ghcr.io
jobs:
build:
build-push:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Construct tags / labels for an image
id: meta
uses: docker/metadata-action@v3
- uses: valitydev/action-deploy-docker@v2
with:
images: |
${{ env.REGISTRY }}/${{ github.repository }}
tags: |
type=sha
# https://docs.github.com/en/actions/learn-github-actions/workflow-commands-for-github-actions#setting-an-environment-variable
- name: Update environment variables
run: grep -v '^#' .env >> $GITHUB_ENV
- name: Setup Buildx
uses: docker/setup-buildx-action@v1
- name: Build Docker image
uses: docker/build-push-action@v2
with:
push: false
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: |
OTP_VERSION=${{ env.OTP_VERSION }}
THRIFT_VERSION=${{ env.THRIFT_VERSION }}
SERVICE_NAME=${{ env.SERVICE_NAME }}
registry-username: ${{ github.actor }}
registry-access-token: ${{ secrets.GITHUB_TOKEN }}

14
Dockerfile
View File

@ -2,10 +2,10 @@ ARG OTP_VERSION
# Build the release
FROM docker.io/library/erlang:${OTP_VERSION} AS builder
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
# Install thrift compiler
ARG THRIFT_VERSION
ARG TARGETARCH
RUN wget -q -O- "https://github.com/valitydev/thrift/releases/download/${THRIFT_VERSION}/thrift-${THRIFT_VERSION}-linux-${TARGETARCH}.tar.gz" \
| tar -xvz -C /usr/local/bin/
@ -16,8 +16,8 @@ COPY . /build/
# Build the release
WORKDIR /build
RUN rebar3 compile
RUN rebar3 as prod release
RUN rebar3 compile && \
rebar3 as prod release
# Make a runner image
FROM docker.io/library/erlang:${OTP_VERSION}-slim
@ -28,15 +28,15 @@ ARG SERVICE_NAME
ENV CHARSET=UTF-8
ENV LANG=C.UTF-8
# Expose SERVICE_NAME as env so CMD expands properly on start
ENV SERVICE_NAME=${SERVICE_NAME}
# Set runtime
WORKDIR /opt/${SERVICE_NAME}
COPY --from=builder /build/_build/prod/rel/${SERVICE_NAME} /opt/${SERVICE_NAME}
RUN echo "#!/bin/sh" >> /entrypoint.sh && \
echo "exec /opt/${SERVICE_NAME}/bin/${SERVICE_NAME} foreground" >> /entrypoint.sh && \
chmod +x /entrypoint.sh
ENTRYPOINT []
CMD /opt/${SERVICE_NAME}/bin/${SERVICE_NAME} foreground
CMD ["/entrypoint.sh"]
EXPOSE 8022

12
Dockerfile.dev
View File

@ -1,13 +1,17 @@
ARG OTP_VERSION
FROM docker.io/library/erlang:${OTP_VERSION}
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
# Install thrift compiler
ARG THRIFT_VERSION
ARG BUILDARCH
RUN wget -q -O- "https://github.com/valitydev/thrift/releases/download/${THRIFT_VERSION}/thrift-${THRIFT_VERSION}-linux-${BUILDARCH}.tar.gz" \
ARG TARGETARCH
RUN wget -q -O- "https://github.com/valitydev/thrift/releases/download/${THRIFT_VERSION}/thrift-${THRIFT_VERSION}-linux-${TARGETARCH}.tar.gz" \
| tar -xvz -C /usr/local/bin/
# Set env
ENV CHARSET=UTF-8
ENV LANG=C.UTF-8
CMD /bin/bash
# Set runtime
CMD ["/bin/bash"]

16
elvis.config
View File

@ -3,7 +3,7 @@
{verbose, true},
{config, [
#{
dirs => ["src"],
dirs => ["src", "include"],
filter => "*.erl",
ruleset => erl_files,
rules => [
@ -44,20 +44,28 @@
filter => "Makefile",
ruleset => makefiles
},
#{
dirs => ["."],
filter => "elvis.config",
ruleset => elvis_config
},
#{
dirs => ["."],
filter => "rebar.config",
ruleset => rebar_config,
rules => [
{elvis_text_style, line_length, #{limit => 100, skip_comments => false}},
{elvis_text_style, line_length, #{limit => 120}},
{elvis_text_style, no_tabs},
{elvis_text_style, no_trailing_whitespace}
{elvis_text_style, no_trailing_whitespace},
%% Temporarily disabled till regex pattern is available
{elvis_project, no_deps_master_rebar, disable}
]
},
#{
dirs => ["src"],
filter => "*.app.src",
rules => [
{elvis_text_style, line_length, #{limit => 100, skip_comments => false}},
{elvis_text_style, line_length, #{limit => 120}},
{elvis_text_style, no_tabs},
{elvis_text_style, no_trailing_whitespace}
]

4
rebar.lock
View File

@ -2,7 +2,7 @@
[{<<"bear">>,{pkg,<<"bear">>,<<"0.9.0">>},2},
{<<"bouncer_proto">>,
{git,"https://github.com/valitydev/bouncer-proto.git",
{ref,"3b5927d4ee59983e855f87ddaee2aac4deeae0fe"}},
{ref,"de15d375ee77c5002c55a1ba9a20a67d2c222115"}},
0},
{<<"cache">>,{pkg,<<"cache">>,<<"2.3.3">>},1},
{<<"certifi">>,{pkg,<<"certifi">>,<<"2.8.0">>},2},
@ -53,7 +53,7 @@
{<<"mimerl">>,{pkg,<<"mimerl">>,<<"1.2.0">>},2},
{<<"org_management_proto">>,
{git,"https://github.com/valitydev/org-management-proto.git",
{ref,"39d8513ced33a0a53435326f68352c220c9e41dd"}},
{ref,"03a269df4805fa604e8fd2d04241619a739e2ae3"}},
0},
{<<"parse_trans">>,{pkg,<<"parse_trans">>,<<"3.3.1">>},2},
{<<"ranch">>,{pkg,<<"ranch">>,<<"1.8.0">>},1},

4
src/bouncer.erl
View File

@ -100,7 +100,7 @@ get_handler_specs(ServiceOpts, AuditPulse, OpaClient) ->
[
{
maps:get(path, ArbiterService, <<"/v1/arbiter">>),
{{bouncer_decisions_thrift, 'Arbiter'}, {bouncer_arbiter_handler, ArbiterOpts}}
{{bouncer_decision_thrift, 'Arbiter'}, {bouncer_arbiter_handler, ArbiterOpts}}
}
].
@ -111,7 +111,7 @@ get_stub_handler_specs(ServiceOpts) ->
{
maps:get(path, OrgManagementStub, <<"/v1/org_management_stub">>),
{
{orgmgmt_auth_context_provider_thrift, 'AuthContextProvider'},
{orgmgmt_authctx_provider_thrift, 'AuthContextProvider'},
bouncer_org_management_stub
}
}

38
src/bouncer_arbiter_handler.erl
View File

@ -1,6 +1,8 @@
-module(bouncer_arbiter_handler).
-include_lib("bouncer_proto/include/bouncer_decisions_thrift.hrl").
-include_lib("bouncer_proto/include/bouncer_decision_thrift.hrl").
-include_lib("bouncer_proto/include/bouncer_ctx_thrift.hrl").
-include_lib("bouncer_proto/include/bouncer_rstn_thrift.hrl").
%% Woody handler
@ -56,10 +58,10 @@ handle_judge(RulesetID, ContextIn, St0) ->
{ok, encode_judgement(Judgement)};
{error, ruleset_notfound = Reason} ->
ok = handle_judgement_beat({failed, Reason}, St2),
throw({woody, business, #bdcs_RulesetNotFound{}});
throw({woody, business, #decision_RulesetNotFound{}});
{error, {ruleset_invalid, _} = Reason} ->
ok = handle_judgement_beat({failed, Reason}, St2),
throw({woody, business, #bdcs_InvalidRuleset{}});
throw({woody, business, #decision_InvalidRuleset{}});
{error, Reason} ->
handle_network_error(Reason, St2)
end.
@ -77,32 +79,32 @@ handle_network_error({unknown, Reason} = Error, St) ->
-type fragment_id() :: binary().
-type fragment_metadata() :: #{atom() => _}.
-type thrift_judgement() :: bouncer_decisions_thrift:'Judgement'().
-type thrift_context() :: bouncer_decisions_thrift:'Context'().
-type thrift_fragment() :: bouncer_context_thrift:'ContextFragment'().
-type thrift_fragment_type() :: bouncer_context_thrift:'ContextFragmentType'().
-type thrift_judgement() :: bouncer_decision_thrift:'Judgement'().
-type thrift_context() :: bouncer_decision_thrift:'Context'().
-type thrift_fragment() :: bouncer_ctx_thrift:'ContextFragment'().
-type thrift_fragment_type() :: bouncer_ctx_thrift:'ContextFragmentType'().
-spec encode_judgement(bouncer_arbiter:judgement()) -> thrift_judgement().
encode_judgement({Resolution, _Assertions}) ->
#bdcs_Judgement{
#decision_Judgement{
resolution = encode_resolution(Resolution)
}.
encode_resolution(allowed) ->
{allowed, #bdcs_ResolutionAllowed{}};
{allowed, #decision_ResolutionAllowed{}};
encode_resolution(forbidden) ->
{forbidden, #bdcs_ResolutionForbidden{}};
{forbidden, #decision_ResolutionForbidden{}};
encode_resolution({restricted, Restrictions}) ->
{restricted, #bdcs_ResolutionRestricted{
{restricted, #decision_ResolutionRestricted{
restrictions = encode_restrictions(Restrictions)
}}.
encode_restrictions(Restrictions) ->
{struct, _, StructDef} = bouncer_restriction_thrift:struct_info('Restrictions'),
bouncer_thrift:json_to_thrift_struct(StructDef, Restrictions, #brstn_Restrictions{}).
{struct, _, StructDef} = bouncer_rstn_thrift:struct_info('Restrictions'),
bouncer_thrift:json_to_thrift_struct(StructDef, Restrictions, #rstn_Restrictions{}).
-spec decode_context(thrift_context(), st()) -> {bouncer_context:ctx(), st()}.
decode_context(#bdcs_Context{fragments = FragmentsIn}, St0) ->
decode_context(#decision_Context{fragments = FragmentsIn}, St0) ->
% 1. Decode each fragment.
{Fragments, St1} = decode_fragments(FragmentsIn, St0),
% 2. Merge each decoded context into an empty context. Accumulate conflicts associated with
@ -131,7 +133,7 @@ decode_context(#bdcs_Context{fragments = FragmentsIn}, St0) ->
% системы рано или поздно они где-нибудь появятся), быть может стоит это сделать
% сразу?
ok = handle_judgement_beat({failed, {conflicting_context, Conflicts}}, St1),
throw({woody, business, #bdcs_InvalidContext{}})
throw({woody, business, #decision_InvalidContext{}})
end.
-spec decode_fragments(#{fragment_id() => thrift_fragment()}, st()) ->
@ -139,8 +141,8 @@ decode_context(#bdcs_Context{fragments = FragmentsIn}, St0) ->
decode_fragments(Fragments, St0) ->
{Ctxs, Errors, PulseMeta} = maps:fold(
fun(ID, Fragment, {CtxAcc, ErrorAcc, PulseMetaAcc}) ->
Type = Fragment#bctx_ContextFragment.type,
Content = genlib:define(Fragment#bctx_ContextFragment.content, <<>>),
Type = Fragment#ctx_ContextFragment.type,
Content = genlib:define(Fragment#ctx_ContextFragment.content, <<>>),
case decode_fragment(Type, Content) of
{ok, Ctx, Meta} ->
PulseMeta = #{
@ -170,7 +172,7 @@ decode_fragments(Fragments, St0) ->
{Ctxs, St1};
_ ->
ok = handle_judgement_beat({failed, {malformed_context, Errors}}, St1),
throw({woody, business, #bdcs_InvalidContext{}})
throw({woody, business, #decision_InvalidContext{}})
end.
-spec decode_fragment(thrift_fragment_type(), _Content :: binary()) ->

26
src/bouncer_context_v1.erl
View File

@ -1,6 +1,6 @@
-module(bouncer_context_v1).
-include_lib("bouncer_proto/include/bouncer_context_v1_thrift.hrl").
-include_lib("bouncer_proto/include/bouncer_ctx_v1_thrift.hrl").
-type vsn() :: integer().
-type format() :: thrift.
@ -19,10 +19,10 @@
%%
-define(THRIFT_TYPE,
{struct, struct, {bouncer_context_v1_thrift, 'ContextFragment'}}
{struct, struct, {bouncer_ctx_v1_thrift, 'ContextFragment'}}
).
-type thrift_ctx_fragment() :: bouncer_context_v1_thrift:'ContextFragment'().
-type thrift_ctx_fragment() :: bouncer_ctx_v1_thrift:'ContextFragment'().
-spec decode(format(), _Content :: binary()) ->
{ok, bouncer_context:ctx(), metadata()} | {error, _Reason}.
@ -41,31 +41,31 @@ decode(thrift, Content) ->
end.
-spec from_thrift(thrift_ctx_fragment()) -> {ok, bouncer_context:ctx(), metadata()}.
from_thrift(#bctx_v1_ContextFragment{} = Ctx0) ->
from_thrift(#ctx_v1_ContextFragment{} = Ctx0) ->
Ctx1 = try_upgrade(Ctx0),
Metadata = #{
version => #{
current => Ctx1#bctx_v1_ContextFragment.vsn,
original => Ctx0#bctx_v1_ContextFragment.vsn,
latest => ?BCTX_V1_HEAD
current => Ctx1#ctx_v1_ContextFragment.vsn,
original => Ctx0#ctx_v1_ContextFragment.vsn,
latest => ?CTX_V1_HEAD
}
},
{ok, from_thrift_context(Ctx1), Metadata}.
from_thrift_context(Ctx) ->
{struct, _, [_VsnField | StructDef]} =
bouncer_context_v1_thrift:struct_info('ContextFragment'),
bouncer_ctx_v1_thrift:struct_info('ContextFragment'),
% NOTE
% This 3 refers to the first data field in a ContextFragment, after version field.
bouncer_thrift:from_thrift_struct(StructDef, Ctx, 3, #{}).
-spec try_upgrade(thrift_ctx_fragment()) -> thrift_ctx_fragment().
try_upgrade(#bctx_v1_ContextFragment{vsn = 1} = Ctx) ->
try_upgrade(#ctx_v1_ContextFragment{vsn = 1} = Ctx) ->
% no legacy data producers
% legacy structures have been removed
% nothing to update
Ctx#bctx_v1_ContextFragment{vsn = ?BCTX_V1_HEAD};
try_upgrade(#bctx_v1_ContextFragment{vsn = ?BCTX_V1_HEAD} = Ctx) ->
Ctx#ctx_v1_ContextFragment{vsn = ?CTX_V1_HEAD};
try_upgrade(#ctx_v1_ContextFragment{vsn = ?CTX_V1_HEAD} = Ctx) ->
Ctx.
%%
@ -83,5 +83,5 @@ encode(thrift, Context) ->
-spec to_thrift(bouncer_context:ctx()) -> thrift_ctx_fragment() | no_return().
to_thrift(Context) ->
{struct, _, StructDef} = bouncer_context_v1_thrift:struct_info('ContextFragment'),
bouncer_thrift:to_thrift_struct(StructDef, Context, #bctx_v1_ContextFragment{}).
{struct, _, StructDef} = bouncer_ctx_v1_thrift:struct_info('ContextFragment'),
bouncer_thrift:to_thrift_struct(StructDef, Context, #ctx_v1_ContextFragment{}).

19
src/bouncer_org_management_stub.erl
View File

@ -1,33 +1,34 @@
%% TODO delete after org_management is done
-module(bouncer_org_management_stub).
-include_lib("org_management_proto/include/orgmgmt_context_thrift.hrl").
-include_lib("bouncer_proto/include/bouncer_context_v1_thrift.hrl").
-include_lib("bouncer_proto/include/bouncer_ctx_thrift.hrl").
-include_lib("bouncer_proto/include/bouncer_ctx_v1_thrift.hrl").
-include_lib("bouncer_proto/include/bouncer_base_thrift.hrl").
-behaviour(woody_server_thrift_handler).
-export([handle_function/4]).
-define(THRIFT_TYPE,
{struct, struct, {bouncer_context_v1_thrift, 'ContextFragment'}}
{struct, struct, {bouncer_ctx_v1_thrift, 'ContextFragment'}}
).
-spec handle_function(woody:func(), woody:args(), woody_context:ctx(), woody_state:st()) ->
{ok, woody:result()}.
handle_function('GetUserContext', {UserID}, _WoodyCtx, _Opts) ->
ContextFragmentV1 = #bctx_v1_ContextFragment{
user = #bctx_v1_User{
ContextFragmentV1 = #ctx_v1_ContextFragment{
user = #ctx_v1_User{
id = UserID,
orgs = [
#bctx_v1_Organization{
#ctx_v1_Organization{
id = UserID,
owner = #bouncer_base_Entity{id = UserID},
party = #bouncer_base_Entity{id = UserID}
owner = #base_Entity{id = UserID},
party = #base_Entity{id = UserID}
}
]
}
},
{ok, #bctx_ContextFragment{
{ok, #ctx_ContextFragment{
type = v1_thrift_binary,
content = encode_context_fragment(ContextFragmentV1)
}}.

7
test/bouncer_audit_tests_SUITE.erl
View File

@ -1,6 +1,5 @@
-module(bouncer_audit_tests_SUITE).
-include_lib("common_test/include/ct.hrl").
-include_lib("stdlib/include/assert.hrl").
-export([all/0]).
@ -15,7 +14,7 @@
-export([write_error_fails_request/1]).
-export([write_queue_contention/1]).
-include_lib("bouncer_proto/include/bouncer_decisions_thrift.hrl").
-include_lib("bouncer_proto/include/bouncer_decision_thrift.hrl").
-type config() :: ct_helper:config().
-type testcase_name() :: atom().
@ -68,7 +67,7 @@ end_per_testcase(_Name, _C) ->
%%
-define(CONTEXT(Fragments), #bdcs_Context{fragments = Fragments}).
-define(CONTEXT(Fragments), #decision_Context{fragments = Fragments}).
-spec invalid_config_fails_start(config()) -> ok.
-spec unrecognized_config_fails_start(config()) -> ok.
@ -251,7 +250,7 @@ call(ServiceName, Fn, Args, {WoodyCtx, ServiceURLs}) ->
end.
get_service_spec(arbiter) ->
{bouncer_decisions_thrift, 'Arbiter'}.
{bouncer_decision_thrift, 'Arbiter'}.
%%

6
test/bouncer_gunner_metrics_SUITE.erl
View File

@ -19,7 +19,7 @@
%%
-include_lib("bouncer_proto/include/bouncer_decisions_thrift.hrl").
-include_lib("bouncer_proto/include/bouncer_decision_thrift.hrl").
-define(CONFIG(Key, C), (element(2, lists:keyfind(Key, 1, C)))).
-define(OPA_HOST, "opa").
@ -68,7 +68,7 @@ end_per_testcase(_Name, C) ->
-spec basic_metrics_test(config()) -> _.
basic_metrics_test(C) ->
_ = call_judge("service/authz/api", #bdcs_Context{fragments = #{}}, mk_client(C)),
_ = call_judge("service/authz/api", #decision_Context{fragments = #{}}, mk_client(C)),
_ = timer:sleep(100),
?assertEqual(25, get_metric([gunner, config, connections, max])),
?assertEqual(5, get_metric([gunner, config, connections, min])),
@ -112,7 +112,7 @@ call(ServiceName, Fn, Args, {WoodyCtx, ServiceURLs}) ->
end.
get_service_spec(arbiter) ->
{bouncer_decisions_thrift, 'Arbiter'}.
{bouncer_decision_thrift, 'Arbiter'}.
%%

9
test/bouncer_stub_tests_SUITE.erl
View File

@ -1,9 +1,9 @@
%% TODO delete after org_management is done
-module(bouncer_stub_tests_SUITE).
-include_lib("common_test/include/ct.hrl").
-include_lib("stdlib/include/assert.hrl").
-include_lib("org_management_proto/include/orgmgmt_context_thrift.hrl").
-include_lib("bouncer_proto/include/bouncer_ctx_thrift.hrl").
-export([all/0]).
-export([groups/0]).
@ -26,7 +26,6 @@
-define(OPA_HOST, "opa").
-define(OPA_ENDPOINT, {?OPA_HOST, 8181}).
-define(API_RULESET_ID, "service/authz/api").
-spec all() -> [{group, group_name()}].
all() ->
@ -119,7 +118,7 @@ orgmgmt_get_user_context_ok(C) ->
Client = mk_client(C),
UserID = <<"UserID">>,
?assertMatch(
#bctx_ContextFragment{
#ctx_ContextFragment{
type = v1_thrift_binary,
content = _Content
},
@ -148,4 +147,4 @@ call(ServiceName, Fn, Args, {WoodyCtx, ServiceURLs}) ->
end.
get_service_spec(org_management) ->
{orgmgmt_auth_context_provider_thrift, 'AuthContextProvider'}.
{orgmgmt_authctx_provider_thrift, 'AuthContextProvider'}.

41
test/bouncer_tests_SUITE.erl
View File

@ -33,7 +33,8 @@
-export([handle_beat/3]).
-include_lib("bouncer_proto/include/bouncer_decisions_thrift.hrl").
-include_lib("bouncer_proto/include/bouncer_decision_thrift.hrl").
-include_lib("bouncer_proto/include/bouncer_ctx_thrift.hrl").
-type config() :: ct_helper:config().
-type group_name() :: atom().
@ -166,8 +167,8 @@ end_per_testcase(_Name, _C) ->
%%
-define(CONTEXT(Fragments), #bdcs_Context{fragments = Fragments}).
-define(JUDGEMENT(Resolution), #bdcs_Judgement{resolution = Resolution}).
-define(CONTEXT(Fragments), #decision_Context{fragments = Fragments}).
-define(JUDGEMENT(Resolution), #decision_Judgement{resolution = Resolution}).
-spec missing_ruleset_notfound(config()) -> ok.
-spec incorrect_ruleset_invalid1(config()) -> ok.
@ -182,7 +183,7 @@ missing_ruleset_notfound(C) ->
Client = mk_client(C),
MissingRulesetID = "missing_ruleset",
?assertThrow(
#bdcs_RulesetNotFound{},
#decision_RulesetNotFound{},
call_judge(MissingRulesetID, ?CONTEXT(#{}), Client)
),
?assertMatch(
@ -193,7 +194,7 @@ missing_ruleset_notfound(C) ->
incorrect_ruleset_invalid1(C) ->
Client = mk_client(C),
?assertThrow(
#bdcs_InvalidRuleset{},
#decision_InvalidRuleset{},
call_judge("trivial/incorrect1", ?CONTEXT(#{}), Client)
),
?assertMatch(
@ -208,7 +209,7 @@ incorrect_ruleset_invalid1(C) ->
incorrect_ruleset_invalid2(C) ->
Client = mk_client(C),
?assertThrow(
#bdcs_InvalidRuleset{},
#decision_InvalidRuleset{},
call_judge("trivial/incorrect2", ?CONTEXT(#{}), Client)
),
?assertMatch(
@ -223,7 +224,7 @@ incorrect_ruleset_invalid2(C) ->
incorrect_ruleset_invalid3(C) ->
Client = mk_client(C),
?assertThrow(
#bdcs_InvalidRuleset{},
#decision_InvalidRuleset{},
call_judge("trivial/incorrect3", ?CONTEXT(#{}), Client)
),
?assertMatch(
@ -237,10 +238,10 @@ incorrect_ruleset_invalid3(C) ->
missing_content_invalid_context(C) ->
Client = mk_client(C),
NoContentFragment = #bctx_ContextFragment{type = v1_thrift_binary},
NoContentFragment = #ctx_ContextFragment{type = v1_thrift_binary},
Context = ?CONTEXT(#{<<"missing">> => NoContentFragment}),
?assertThrow(
#bdcs_InvalidContext{},
#decision_InvalidContext{},
call_judge(?API_RULESET_ID, Context, Client)
),
?assertMatch(
@ -255,10 +256,10 @@ missing_content_invalid_context(C) ->
junk_content_invalid_context(C) ->
Client = mk_client(C),
Junk = <<"STOP RIGHT THERE YOU CRIMINAL SCUM!">>,
JunkFragment = #bctx_ContextFragment{type = v1_thrift_binary, content = Junk},
JunkFragment = #ctx_ContextFragment{type = v1_thrift_binary, content = Junk},
Context = ?CONTEXT(#{<<"missing">> => JunkFragment}),
?assertThrow(
#bdcs_InvalidContext{},
#decision_InvalidContext{},
call_judge(?API_RULESET_ID, Context, Client)
),
?assertMatch(
@ -295,7 +296,7 @@ conflicting_context_invalid(C) ->
<<"frag2">> => mk_ctx_v1_fragment(Fragment2)
}),
?assertThrow(
#bdcs_InvalidContext{},
#decision_InvalidContext{},
call_judge(?API_RULESET_ID, Context, Client)
),
?assertEqual(
@ -344,7 +345,7 @@ distinct_sets_context_valid(C) ->
<<"frag2">> => mk_ctx_v1_fragment(Fragment2)
}),
?assertMatch(
#bdcs_Judgement{},
#decision_Judgement{},
call_judge(?API_RULESET_ID, Context, Client)
),
?assertMatch(
@ -380,7 +381,7 @@ restricted_search_invoices_shop_manager(C) ->
]),
Context = ?CONTEXT(#{<<"root">> => mk_ctx_v1_fragment(Fragment)}),
?assertMatch(
?JUDGEMENT({restricted, #bdcs_ResolutionRestricted{}}),
?JUDGEMENT({restricted, #decision_ResolutionRestricted{}}),
call_judge(?API_RULESET_ID, Context, Client)
),
?assertMatch(
@ -400,7 +401,7 @@ forbidden_expired(C) ->
}),
Context = ?CONTEXT(#{<<"root">> => mk_ctx_v1_fragment(Fragment)}),
?assertMatch(
?JUDGEMENT({forbidden, #bdcs_ResolutionForbidden{}}),
?JUDGEMENT({forbidden, #decision_ResolutionForbidden{}}),
call_judge(?API_RULESET_ID, Context, Client)
),
?assertMatch(
@ -418,7 +419,7 @@ forbidden_blacklisted_ip(C) ->
]),
Context = ?CONTEXT(#{<<"root">> => mk_ctx_v1_fragment(Fragment)}),
?assertMatch(
?JUDGEMENT({forbidden, #bdcs_ResolutionForbidden{}}),
?JUDGEMENT({forbidden, #decision_ResolutionForbidden{}}),
call_judge(?API_RULESET_ID, Context, Client)
),
?assertMatch(
@ -430,7 +431,7 @@ forbidden_w_empty_context(C) ->
Client1 = mk_client(C),
EmptyFragment = mk_ctx_v1_fragment(#{}),
?assertMatch(
?JUDGEMENT({forbidden, #bdcs_ResolutionForbidden{}}),
?JUDGEMENT({forbidden, #decision_ResolutionForbidden{}}),
call_judge(?API_RULESET_ID, ?CONTEXT(#{}), Client1)
),
?assertMatch(
@ -439,7 +440,7 @@ forbidden_w_empty_context(C) ->
),
Client2 = mk_client(C),
?assertMatch(
?JUDGEMENT({forbidden, #bdcs_ResolutionForbidden{}}),
?JUDGEMENT({forbidden, #decision_ResolutionForbidden{}}),
call_judge(?API_RULESET_ID, ?CONTEXT(#{<<"empty">> => EmptyFragment}), Client2)
),
?assertMatch(
@ -617,7 +618,7 @@ mk_ordset(L) ->
mk_ctx_v1_fragment(Context) ->
{ok, Content} = bouncer_context_v1:encode(thrift, Context),
#bctx_ContextFragment{type = v1_thrift_binary, content = Content}.
#ctx_ContextFragment{type = v1_thrift_binary, content = Content}.
%%
@ -643,7 +644,7 @@ call(ServiceName, Fn, Args, {WoodyCtx, ServiceURLs}) ->
end.
get_service_spec(arbiter) ->
{bouncer_decisions_thrift, 'Arbiter'}.
{bouncer_decision_thrift, 'Arbiter'}.
%%