add Policy Schema to README.md

Ahoo-Wang · Jan 2, 2023 · 1a944f4 · 1a944f4
1 parent ae16562
commit 1a944f4
Show file tree

Hide file tree

Showing 3 changed files with 130 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -29,6 +29,103 @@ RBAC-based And Policy-based Multi-Tenant Reactive Security Framework.
 
 ![Gateway](document/design/assets/Gateway.svg)
 
+## Policy Schema
+
+[Policy Schema](document/cosec-policy.schema.json)
+
+```json
+{
+  "id": "2",
+  "name": "auth",
+  "category": "auth",
+  "description": "",
+  "type": "global",
+  "tenantId": "1",
+  "statements": [
+    {
+      "effect": "allow",
+      "actions": [
+        {
+          "type": "all"
+        },
+        {
+          "type": "none"
+        },
+        {
+          "type": "path",
+          "methods": [
+            "GET",
+            "POST",
+            "PUT",
+            "DELETE"
+          ],
+          "pattern": "/user/{userId}/*"
+        }
+      ],
+      "conditions": [
+        {
+          "type": "authenticated"
+        },
+        {
+          "type": "in",
+          "part": "context.principal.id",
+          "in": [
+            "userId"
+          ]
+        }
+      ]
+    },
+    {
+      "effect": "deny",
+      "actions": [
+        {
+          "type": "all",
+          "methods": [
+            "GET"
+          ]
+        },
+        {
+          "type": "none"
+        },
+        {
+          "type": "path",
+          "pattern": ".*"
+        },
+        {
+          "type": "path",
+          "pattern": "#{principal.id}.*"
+        },
+        {
+          "type": "reg",
+          "pattern": ".*"
+        },
+        {
+          "type": "reg",
+          "pattern": "#{principal.id}.*"
+        }
+      ],
+      "conditions": [
+        {
+          "type": "all"
+        },
+        {
+          "type": "none"
+        },
+        {
+          "type": "spel",
+          "pattern": "context.principal.id=='1'"
+        },
+        {
+          "type": "ognl",
+          "pattern": "path == \"auth/login\""
+        }
+      ]
+    }
+  ]
+}
+
+```
+
 ## Thanks
 
 CoSec permission policy design refers to [AWS IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html) .
diff --git a/codecov.yml b/codecov.yml
@@ -9,7 +9,7 @@ coverage:
         threshold: 1%
     project:
       default:
-        target: 60%
+        target: 80%
         threshold: 1%
 ignore:
   - "document/.*"

diff --git a/cosec-core/src/test/resources/policy.json b/cosec-core/src/test/resources/policy.json
@@ -3,11 +3,41 @@
   "name": "auth",
   "category": "auth",
   "description": "",
-  "type": "system",
+  "type": "global",
   "tenantId": "1",
   "statements": [
     {
-      "effect": "allow"
+      "effect": "allow",
+      "actions": [
+        {
+          "type": "all"
+        },
+        {
+          "type": "none"
+        },
+        {
+          "type": "path",
+          "methods": [
+            "GET",
+            "POST",
+            "PUT",
+            "DELETE"
+          ],
+          "pattern": "/user/{userId}/*"
+        }
+      ],
+      "conditions": [
+        {
+          "type": "authenticated"
+        },
+        {
+          "type": "in",
+          "part": "context.principal.id",
+          "in": [
+            "userId"
+          ]
+        }
+      ]
     },
     {
       "effect": "deny",