Commit399123e

committed

test prebuilds poc

1 parent1f4a9d8 commit399123eCopy full SHA for 399123e

File tree

+49

-5

lines changed

+49

-5

lines changed

Lines changed: 43 additions & 0 deletions

Lines changed: 6 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -45,16 +45,19 @@ bool_flip(b) := flipped if {`
`45`	`45`	`# -1: {false, true} or {false}`
`46`	`46`	`# 0: {}`
`47`	`47`	`# 1: {true}`
	`48`	`+# Return 0 if the set is empty (no matching permissions)`
`48`	`49`	`number(set):= c if{`
`49`	`50`	`count(set)==0`
`50`	`51`	`c:=0`
`51`	`52`	`}`
`52`	`53`
	`54`	`+# Return -1 if the set contains any 'false' (i.e., an explicit deny)`
`53`	`55`	`number(set):= c if{`
`54`	`56`	`false inset`
`55`	`57`	`c:=-1`
`56`	`58`	`}`
`57`	`59`
	`60`	`+# Return 1 if the set is non-empty and contains no 'false' (i.e., only allows)`
`58`	`61`	`number(set):= c if{`
`59`	`62`	`notfalse inset`
`60`	`63`	`set[_]`
`@@ -79,17 +82,15 @@ site := num if {`
`79`	`82`	`num:=site_allow(input.subject.roles, default_object_set)`
`80`	`83`	`}`
`81`	`84`
	`85`	`+# test := number({1, 1, -1})`
	`86`	`+prebuild_object_set:= ["*", prebuild_workspace_type]`
`82`	`87`	`site:= num if{`
`83`	`88`	`is_prebuild_workspace`
`84`		`-num:=number([`
`85`		`-site_allow(input.subject.roles, default_object_set),`
`86`		`-site_allow(input.subject.roles, [prebuild_workspace_type])`
`87`		`-])`
	`89`	`+num:=site_allow(input.subject.roles, prebuild_object_set)`
`88`	`90`	`}`
`89`	`91`
`90`	`92`	`defaultscope_site:=0`
`91`	`93`
`92`		`-`
`93`	`94`	`scope_site:= num if{`
`94`	`95`	`notis_prebuild_workspace`
`95`	`96`	`num:=site_allow(input.subject.scope, default_object_set)`

Comments

(0)