Skip to content

Commit

Permalink
fix bug in acl config validation
Browse files Browse the repository at this point in the history
  • Loading branch information
@kauncoder
kauncoder committed Apr 26, 2024
1 parent 7c64d99 commit 76220b7
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 1 deletion.
1 change: 1 addition & 0 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion zenoh/src/net/routing/interceptor/access_control.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ pub(crate) fn acl_interceptor_factories(
enforcer: Arc::new(policy_enforcer),
}))
}
Err(e) => tracing::error!("Access control inizialization error: {}", e),
Err(e) => tracing::error!("Access control not enabled due to: {}", e),
}
} else {
tracing::debug!("Access control is disabled");
Expand Down
14 changes: 14 additions & 0 deletions zenoh/src/net/routing/interceptor/authorization.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -199,10 +199,24 @@ impl PolicyEnforcer {
) -> ZResult<PolicyInformation> {
let mut policy_rules: Vec<PolicyRule> = Vec::new();
for config_rule in config_rule_set {
// config validation
if config_rule.interfaces.is_empty()
|| config_rule.actions.is_empty()
|| config_rule.flows.is_empty()
|| config_rule.key_exprs.is_empty()
{
bail!("error from bad config");
}
for subject in &config_rule.interfaces {
if subject.trim().is_empty() {
bail!("error from bad interface value");
}
for flow in &config_rule.flows {
for action in &config_rule.actions {
for key_expr in &config_rule.key_exprs {
if key_expr.trim().is_empty() {
bail!("error from bad key-expression value");
}
policy_rules.push(PolicyRule {
subject: Subject::Interface(subject.clone()),
key_expr: key_expr.clone(),
Expand Down

0 comments on commit 76220b7

Please sign in to comment.