ValidateConstraints validates all constraints against the current policy.
()
| 131 | |
| 132 | // ValidateConstraints validates all constraints against the current policy. |
| 133 | func (model Model) ValidateConstraints() error { |
| 134 | // Check if constraints exist |
| 135 | if model["c"] == nil || len(model["c"]) == 0 { |
| 136 | return nil // No constraints to validate |
| 137 | } |
| 138 | |
| 139 | // Check if RBAC is enabled |
| 140 | if model["g"] == nil || len(model["g"]) == 0 { |
| 141 | return errors.ErrConstraintRequiresRBAC |
| 142 | } |
| 143 | |
| 144 | // Get grouping policy |
| 145 | gAssertion := model["g"]["g"] |
| 146 | if gAssertion == nil { |
| 147 | return errors.ErrConstraintRequiresRBAC |
| 148 | } |
| 149 | |
| 150 | // Validate each constraint |
| 151 | for _, assertion := range model["c"] { |
| 152 | constraint, err := parseConstraint(assertion.Key, assertion.Value) |
| 153 | if err != nil { |
| 154 | return fmt.Errorf("%w: %s", errors.ErrConstraintParsingError, err.Error()) |
| 155 | } |
| 156 | |
| 157 | if err := model.validateConstraint(constraint, gAssertion.Policy); err != nil { |
| 158 | return err |
| 159 | } |
| 160 | } |
| 161 | |
| 162 | return nil |
| 163 | } |
| 164 | |
| 165 | // validateConstraint validates a single constraint against the policy. |
| 166 | func (model Model) validateConstraint(constraint *Constraint, groupingPolicy [][]string) error { |
no test coverage detected