Add PG creds + policy/tags UI; fix lint and build
- internal/ui/ui.go: add PGCred, Tags to AccountDetailData; register
PUT /accounts/{id}/pgcreds and PUT /accounts/{id}/tags routes; add
pgcreds_form.html and tags_editor.html to shared template set; remove
unused AccountTagsData; fix fieldalignment on PolicyRuleView, PoliciesData
- internal/ui/handlers_accounts.go: add handleSetPGCreds — encrypts
password via crypto.SealAESGCM, writes audit EventPGCredUpdated, renders
pgcreds_form fragment; password never echoed; load PG creds and tags in
handleAccountDetail
- internal/ui/handlers_policy.go: fix handleSetAccountTags to render with
AccountDetailData instead of removed AccountTagsData
- internal/ui/ui_test.go: add 5 PG credential UI tests
- web/templates/fragments/pgcreds_form.html: new fragment — metadata display
+ set/replace form; system accounts only; password write-only
- web/templates/fragments/tags_editor.html: new fragment — textarea editor
with HTMX PUT for atomic tag replacement
- web/templates/fragments/policy_form.html: rewrite to use structured fields
matching handleCreatePolicyRule (roles/account_types/actions multi-select,
resource_type, subject_uuid, service_names, required_tags, checkbox)
- web/templates/policies.html: new policies management page
- web/templates/fragments/policy_row.html: new HTMX table row with toggle
and delete
- web/templates/account_detail.html: add Tags card and PG Credentials card
- web/templates/base.html: add Policies nav link
- internal/server/server.go: remove ~220 lines of duplicate tag/policy
handler code (real implementations are in handlers_policy.go)
- internal/policy/engine_wrapper.go: fix corrupted source; use errors.New
- internal/db/policy_test.go: use model.AccountTypeHuman constant
- cmd/mciasctl/main.go: add nolint:gosec to int(os.Stdin.Fd()) calls
- gofmt/goimports: db/policy_test.go, policy/defaults.go,
policy/engine_test.go, ui/ui.go, cmd/mciasctl/main.go
- fieldalignment: model.PolicyRuleRecord, policy.Engine, policy.Rule,
policy.RuleBody, ui.PolicyRuleView
Security: PG password encrypted AES-256-GCM with fresh random nonce before
storage; plaintext never logged or returned in any response; audit event
written on every credential write.
This commit is contained in:
83
internal/policy/engine_wrapper.go
Normal file
83
internal/policy/engine_wrapper.go
Normal file
@@ -0,0 +1,83 @@
|
||||
package policy
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"sync"
|
||||
)
|
||||
|
||||
// Engine wraps the stateless Evaluate function with an in-memory cache of
|
||||
// operator rules loaded from the database. Built-in default rules are always
|
||||
// merged in at evaluation time; they do not appear in the cache.
|
||||
//
|
||||
// The Engine is safe for concurrent use. Call Reload() after any change to the
|
||||
// policy_rules table to refresh the cached rule set without restarting.
|
||||
type Engine struct {
|
||||
rules []Rule
|
||||
mu sync.RWMutex
|
||||
}
|
||||
|
||||
// NewEngine creates an Engine with an initially empty operator rule set.
|
||||
// Call Reload (or load rules directly) before use in production.
|
||||
func NewEngine() *Engine {
|
||||
return &Engine{}
|
||||
}
|
||||
|
||||
// SetRules atomically replaces the cached operator rule set.
|
||||
// records is a slice of PolicyRuleRecord values (from the database layer).
|
||||
// Only enabled records are converted to Rule values.
|
||||
//
|
||||
// Security: rule_json is decoded into a RuleBody struct before being merged
|
||||
// into a Rule. This prevents the database from injecting values into the ID or
|
||||
// Description fields that are stored as dedicated columns.
|
||||
func (e *Engine) SetRules(records []PolicyRecord) error {
|
||||
rules := make([]Rule, 0, len(records))
|
||||
for _, rec := range records {
|
||||
if !rec.Enabled {
|
||||
continue
|
||||
}
|
||||
var body RuleBody
|
||||
if err := json.Unmarshal([]byte(rec.RuleJSON), &body); err != nil {
|
||||
return fmt.Errorf("policy: decode rule %d %q: %w", rec.ID, rec.Description, err)
|
||||
}
|
||||
rules = append(rules, Rule{
|
||||
ID: rec.ID,
|
||||
Description: rec.Description,
|
||||
Priority: rec.Priority,
|
||||
Roles: body.Roles,
|
||||
AccountTypes: body.AccountTypes,
|
||||
SubjectUUID: body.SubjectUUID,
|
||||
Actions: body.Actions,
|
||||
ResourceType: body.ResourceType,
|
||||
OwnerMatchesSubject: body.OwnerMatchesSubject,
|
||||
ServiceNames: body.ServiceNames,
|
||||
RequiredTags: body.RequiredTags,
|
||||
Effect: body.Effect,
|
||||
})
|
||||
}
|
||||
|
||||
e.mu.Lock()
|
||||
e.rules = rules
|
||||
e.mu.Unlock()
|
||||
return nil
|
||||
}
|
||||
|
||||
// Evaluate runs the policy engine against the given input using the cached
|
||||
// operator rules plus compiled-in defaults.
|
||||
func (e *Engine) Evaluate(input PolicyInput) (Effect, *Rule) {
|
||||
e.mu.RLock()
|
||||
rules := e.rules
|
||||
e.mu.RUnlock()
|
||||
return Evaluate(input, rules)
|
||||
}
|
||||
|
||||
// PolicyRecord is the minimal interface the Engine needs from the DB layer.
|
||||
// Using a local struct avoids importing the db or model packages from policy,
|
||||
// which would create a dependency cycle.
|
||||
type PolicyRecord struct {
|
||||
Description string
|
||||
RuleJSON string
|
||||
ID int64
|
||||
Priority int
|
||||
Enabled bool
|
||||
}
|
||||
Reference in New Issue
Block a user