validateConstraint validates a single constraint against the policy.
(constraint *Constraint, groupingPolicy [][]string)
| 164 | |
| 165 | // validateConstraint validates a single constraint against the policy. |
| 166 | func (model Model) validateConstraint(constraint *Constraint, groupingPolicy [][]string) error { |
| 167 | switch constraint.Type { |
| 168 | case ConstraintTypeSOD: |
| 169 | return model.validateSOD(constraint, groupingPolicy) |
| 170 | case ConstraintTypeSODMax: |
| 171 | return model.validateSODMax(constraint, groupingPolicy) |
| 172 | case ConstraintTypeRoleMax: |
| 173 | return model.validateRoleMax(constraint, groupingPolicy) |
| 174 | case ConstraintTypeRolePre: |
| 175 | return model.validateRolePre(constraint, groupingPolicy) |
| 176 | default: |
| 177 | return fmt.Errorf("unknown constraint type") |
| 178 | } |
| 179 | } |
| 180 | |
| 181 | // buildUserRoleMap builds a map of users to their assigned roles from grouping policy. |
| 182 | func buildUserRoleMap(groupingPolicy [][]string) map[string]map[string]bool { |
no test coverage detected