github.com/greenpau/go-authcrunch@v1.1.4/pkg/acl/rule.go (about) 1 // Copyright 2022 Paul Greenberg greenpau@outlook.com 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package acl 16 17 import ( 18 "context" 19 "fmt" 20 "github.com/greenpau/go-authcrunch/pkg/errors" 21 cfgutil "github.com/greenpau/go-authcrunch/pkg/util/cfg" 22 "go.uber.org/zap" 23 "strings" 24 "sync/atomic" 25 ) 26 27 type ruleVerdict int 28 type ruleAction int 29 type ruleMatchStrategy int 30 31 const ( 32 ruleVerdictUnknown ruleVerdict = 0 33 ruleVerdictReserved ruleVerdict = 1 34 ruleVerdictDeny ruleVerdict = 2 35 ruleVerdictDenyStop ruleVerdict = 3 36 ruleVerdictContinue ruleVerdict = 4 37 ruleVerdictAllow ruleVerdict = 5 38 ruleVerdictAllowStop ruleVerdict = 6 39 40 ruleActionUnknown ruleAction = 0 41 ruleActionReserved ruleAction = 1 42 ruleActionDeny ruleAction = 2 43 ruleActionAllow ruleAction = 3 44 ) 45 46 type ruleConfig struct { 47 ruleType string 48 comment string 49 fields []string 50 index map[string]int 51 checkFields map[string]bool 52 conditions []*config 53 action ruleAction 54 logEnabled bool 55 tag string 56 logLevel string 57 counterEnabled bool 58 matchAll bool 59 } 60 61 func (cfg *ruleConfig) AsMap() map[string]interface{} { 62 m := make(map[string]interface{}) 63 m["rule_type"] = cfg.ruleType 64 if cfg.comment != "" { 65 m["comment"] = cfg.comment 66 } 67 m["fields"] = cfg.fields 68 if cfg.index != nil { 69 m["index"] = cfg.index 70 } 71 m["action"] = getRuleActionName(cfg.action) 72 m["log_enabled"] = cfg.logEnabled 73 if cfg.tag != "" { 74 m["tag"] = cfg.tag 75 } 76 if cfg.logLevel != "" { 77 m["log_level"] = cfg.logLevel 78 } 79 m["counter_enabled"] = cfg.counterEnabled 80 m["match_all"] = cfg.matchAll 81 conditions := []map[string]interface{}{} 82 for _, c := range cfg.conditions { 83 conditions = append(conditions, c.AsMap()) 84 } 85 if len(conditions) > 0 { 86 m["conditions"] = conditions 87 } 88 if cfg.checkFields != nil && len(cfg.checkFields) > 0 { 89 checkedFields := make(map[string]bool) 90 for k, v := range cfg.checkFields { 91 checkedFields[k] = v 92 } 93 m["check_fields"] = checkedFields 94 } 95 return m 96 } 97 98 // RuleConfiguration consists of a list of conditions and and actions 99 type RuleConfiguration struct { 100 Comment string `json:"comment,omitempty" xml:"comment,omitempty" yaml:"comment,omitempty"` 101 Conditions []string `json:"conditions,omitempty" xml:"conditions,omitempty" yaml:"conditions,omitempty"` 102 Action string `json:"action,omitempty" xml:"action,omitempty" yaml:"action,omitempty"` 103 } 104 105 type aclRule interface { 106 eval(context.Context, map[string]interface{}) ruleVerdict 107 getConfig(context.Context) *ruleConfig 108 emptyFields(context.Context) 109 } 110 111 type aclRuleAllowMatchAnyStop struct { 112 config *ruleConfig 113 conditions []aclRuleCondition 114 fields []string 115 } 116 117 type aclRuleAllowMatchAllStop struct { 118 config *ruleConfig 119 conditions []aclRuleCondition 120 fields []string 121 } 122 123 type aclRuleAllowStop struct { 124 config *ruleConfig 125 condition aclRuleCondition 126 field string 127 } 128 129 type aclRuleAllowMatchAny struct { 130 config *ruleConfig 131 conditions []aclRuleCondition 132 fields []string 133 } 134 135 type aclRuleAllowMatchAll struct { 136 config *ruleConfig 137 conditions []aclRuleCondition 138 fields []string 139 } 140 141 type aclRuleAllow struct { 142 config *ruleConfig 143 condition aclRuleCondition 144 field string 145 } 146 147 type aclRuleAllowWithDebugLoggerMatchAnyStop struct { 148 config *ruleConfig 149 conditions []aclRuleCondition 150 fields []string 151 logger *zap.Logger 152 tag string 153 } 154 155 type aclRuleAllowWithInfoLoggerMatchAnyStop struct { 156 config *ruleConfig 157 conditions []aclRuleCondition 158 fields []string 159 logger *zap.Logger 160 tag string 161 } 162 163 type aclRuleAllowWithWarnLoggerMatchAnyStop struct { 164 config *ruleConfig 165 conditions []aclRuleCondition 166 fields []string 167 logger *zap.Logger 168 tag string 169 } 170 171 type aclRuleAllowWithErrorLoggerMatchAnyStop struct { 172 config *ruleConfig 173 conditions []aclRuleCondition 174 fields []string 175 logger *zap.Logger 176 tag string 177 } 178 179 type aclRuleAllowWithDebugLoggerMatchAllStop struct { 180 config *ruleConfig 181 conditions []aclRuleCondition 182 fields []string 183 logger *zap.Logger 184 tag string 185 } 186 187 type aclRuleAllowWithInfoLoggerMatchAllStop struct { 188 config *ruleConfig 189 conditions []aclRuleCondition 190 fields []string 191 logger *zap.Logger 192 tag string 193 } 194 195 type aclRuleAllowWithWarnLoggerMatchAllStop struct { 196 config *ruleConfig 197 conditions []aclRuleCondition 198 fields []string 199 logger *zap.Logger 200 tag string 201 } 202 203 type aclRuleAllowWithErrorLoggerMatchAllStop struct { 204 config *ruleConfig 205 conditions []aclRuleCondition 206 fields []string 207 logger *zap.Logger 208 tag string 209 } 210 211 type aclRuleAllowWithDebugLoggerStop struct { 212 config *ruleConfig 213 condition aclRuleCondition 214 field string 215 logger *zap.Logger 216 tag string 217 } 218 219 type aclRuleAllowWithInfoLoggerStop struct { 220 config *ruleConfig 221 condition aclRuleCondition 222 field string 223 logger *zap.Logger 224 tag string 225 } 226 227 type aclRuleAllowWithWarnLoggerStop struct { 228 config *ruleConfig 229 condition aclRuleCondition 230 field string 231 logger *zap.Logger 232 tag string 233 } 234 235 type aclRuleAllowWithErrorLoggerStop struct { 236 config *ruleConfig 237 condition aclRuleCondition 238 field string 239 logger *zap.Logger 240 tag string 241 } 242 243 type aclRuleAllowWithDebugLoggerMatchAny struct { 244 config *ruleConfig 245 conditions []aclRuleCondition 246 fields []string 247 logger *zap.Logger 248 tag string 249 } 250 251 type aclRuleAllowWithInfoLoggerMatchAny struct { 252 config *ruleConfig 253 conditions []aclRuleCondition 254 fields []string 255 logger *zap.Logger 256 tag string 257 } 258 259 type aclRuleAllowWithWarnLoggerMatchAny struct { 260 config *ruleConfig 261 conditions []aclRuleCondition 262 fields []string 263 logger *zap.Logger 264 tag string 265 } 266 267 type aclRuleAllowWithErrorLoggerMatchAny struct { 268 config *ruleConfig 269 conditions []aclRuleCondition 270 fields []string 271 logger *zap.Logger 272 tag string 273 } 274 275 type aclRuleAllowWithDebugLoggerMatchAll struct { 276 config *ruleConfig 277 conditions []aclRuleCondition 278 fields []string 279 logger *zap.Logger 280 tag string 281 } 282 283 type aclRuleAllowWithInfoLoggerMatchAll struct { 284 config *ruleConfig 285 conditions []aclRuleCondition 286 fields []string 287 logger *zap.Logger 288 tag string 289 } 290 291 type aclRuleAllowWithWarnLoggerMatchAll struct { 292 config *ruleConfig 293 conditions []aclRuleCondition 294 fields []string 295 logger *zap.Logger 296 tag string 297 } 298 299 type aclRuleAllowWithErrorLoggerMatchAll struct { 300 config *ruleConfig 301 conditions []aclRuleCondition 302 fields []string 303 logger *zap.Logger 304 tag string 305 } 306 307 type aclRuleAllowWithDebugLogger struct { 308 config *ruleConfig 309 condition aclRuleCondition 310 field string 311 logger *zap.Logger 312 tag string 313 } 314 315 type aclRuleAllowWithInfoLogger struct { 316 config *ruleConfig 317 condition aclRuleCondition 318 field string 319 logger *zap.Logger 320 tag string 321 } 322 323 type aclRuleAllowWithWarnLogger struct { 324 config *ruleConfig 325 condition aclRuleCondition 326 field string 327 logger *zap.Logger 328 tag string 329 } 330 331 type aclRuleAllowWithErrorLogger struct { 332 config *ruleConfig 333 condition aclRuleCondition 334 field string 335 logger *zap.Logger 336 tag string 337 } 338 339 type aclRuleAllowWithCounterMatchAnyStop struct { 340 config *ruleConfig 341 conditions []aclRuleCondition 342 fields []string 343 counterMiss uint64 344 counterMatch uint64 345 } 346 347 type aclRuleAllowWithCounterMatchAllStop struct { 348 config *ruleConfig 349 conditions []aclRuleCondition 350 fields []string 351 counterMiss uint64 352 counterMatch uint64 353 } 354 355 type aclRuleAllowWithCounterStop struct { 356 config *ruleConfig 357 condition aclRuleCondition 358 field string 359 counterMiss uint64 360 counterMatch uint64 361 } 362 363 type aclRuleAllowWithCounterMatchAny struct { 364 config *ruleConfig 365 conditions []aclRuleCondition 366 fields []string 367 counterMiss uint64 368 counterMatch uint64 369 } 370 371 type aclRuleAllowWithCounterMatchAll struct { 372 config *ruleConfig 373 conditions []aclRuleCondition 374 fields []string 375 counterMiss uint64 376 counterMatch uint64 377 } 378 379 type aclRuleAllowWithCounter struct { 380 config *ruleConfig 381 condition aclRuleCondition 382 field string 383 counterMiss uint64 384 counterMatch uint64 385 } 386 387 type aclRuleAllowWithDebugLoggerCounterMatchAnyStop struct { 388 config *ruleConfig 389 conditions []aclRuleCondition 390 fields []string 391 logger *zap.Logger 392 tag string 393 counterMiss uint64 394 counterMatch uint64 395 } 396 397 type aclRuleAllowWithInfoLoggerCounterMatchAnyStop struct { 398 config *ruleConfig 399 conditions []aclRuleCondition 400 fields []string 401 logger *zap.Logger 402 tag string 403 counterMiss uint64 404 counterMatch uint64 405 } 406 407 type aclRuleAllowWithWarnLoggerCounterMatchAnyStop struct { 408 config *ruleConfig 409 conditions []aclRuleCondition 410 fields []string 411 logger *zap.Logger 412 tag string 413 counterMiss uint64 414 counterMatch uint64 415 } 416 417 type aclRuleAllowWithErrorLoggerCounterMatchAnyStop struct { 418 config *ruleConfig 419 conditions []aclRuleCondition 420 fields []string 421 logger *zap.Logger 422 tag string 423 counterMiss uint64 424 counterMatch uint64 425 } 426 427 type aclRuleAllowWithDebugLoggerCounterMatchAllStop struct { 428 config *ruleConfig 429 conditions []aclRuleCondition 430 fields []string 431 logger *zap.Logger 432 tag string 433 counterMiss uint64 434 counterMatch uint64 435 } 436 437 type aclRuleAllowWithInfoLoggerCounterMatchAllStop struct { 438 config *ruleConfig 439 conditions []aclRuleCondition 440 fields []string 441 logger *zap.Logger 442 tag string 443 counterMiss uint64 444 counterMatch uint64 445 } 446 447 type aclRuleAllowWithWarnLoggerCounterMatchAllStop struct { 448 config *ruleConfig 449 conditions []aclRuleCondition 450 fields []string 451 logger *zap.Logger 452 tag string 453 counterMiss uint64 454 counterMatch uint64 455 } 456 457 type aclRuleAllowWithErrorLoggerCounterMatchAllStop struct { 458 config *ruleConfig 459 conditions []aclRuleCondition 460 fields []string 461 logger *zap.Logger 462 tag string 463 counterMiss uint64 464 counterMatch uint64 465 } 466 467 type aclRuleAllowWithDebugLoggerCounterStop struct { 468 config *ruleConfig 469 condition aclRuleCondition 470 field string 471 logger *zap.Logger 472 tag string 473 counterMiss uint64 474 counterMatch uint64 475 } 476 477 type aclRuleAllowWithInfoLoggerCounterStop struct { 478 config *ruleConfig 479 condition aclRuleCondition 480 field string 481 logger *zap.Logger 482 tag string 483 counterMiss uint64 484 counterMatch uint64 485 } 486 487 type aclRuleAllowWithWarnLoggerCounterStop struct { 488 config *ruleConfig 489 condition aclRuleCondition 490 field string 491 logger *zap.Logger 492 tag string 493 counterMiss uint64 494 counterMatch uint64 495 } 496 497 type aclRuleAllowWithErrorLoggerCounterStop struct { 498 config *ruleConfig 499 condition aclRuleCondition 500 field string 501 logger *zap.Logger 502 tag string 503 counterMiss uint64 504 counterMatch uint64 505 } 506 507 type aclRuleAllowWithDebugLoggerCounterMatchAny struct { 508 config *ruleConfig 509 conditions []aclRuleCondition 510 fields []string 511 logger *zap.Logger 512 tag string 513 counterMiss uint64 514 counterMatch uint64 515 } 516 517 type aclRuleAllowWithInfoLoggerCounterMatchAny struct { 518 config *ruleConfig 519 conditions []aclRuleCondition 520 fields []string 521 logger *zap.Logger 522 tag string 523 counterMiss uint64 524 counterMatch uint64 525 } 526 527 type aclRuleAllowWithWarnLoggerCounterMatchAny struct { 528 config *ruleConfig 529 conditions []aclRuleCondition 530 fields []string 531 logger *zap.Logger 532 tag string 533 counterMiss uint64 534 counterMatch uint64 535 } 536 537 type aclRuleAllowWithErrorLoggerCounterMatchAny struct { 538 config *ruleConfig 539 conditions []aclRuleCondition 540 fields []string 541 logger *zap.Logger 542 tag string 543 counterMiss uint64 544 counterMatch uint64 545 } 546 547 type aclRuleAllowWithDebugLoggerCounterMatchAll struct { 548 config *ruleConfig 549 conditions []aclRuleCondition 550 fields []string 551 logger *zap.Logger 552 tag string 553 counterMiss uint64 554 counterMatch uint64 555 } 556 557 type aclRuleAllowWithInfoLoggerCounterMatchAll struct { 558 config *ruleConfig 559 conditions []aclRuleCondition 560 fields []string 561 logger *zap.Logger 562 tag string 563 counterMiss uint64 564 counterMatch uint64 565 } 566 567 type aclRuleAllowWithWarnLoggerCounterMatchAll struct { 568 config *ruleConfig 569 conditions []aclRuleCondition 570 fields []string 571 logger *zap.Logger 572 tag string 573 counterMiss uint64 574 counterMatch uint64 575 } 576 577 type aclRuleAllowWithErrorLoggerCounterMatchAll struct { 578 config *ruleConfig 579 conditions []aclRuleCondition 580 fields []string 581 logger *zap.Logger 582 tag string 583 counterMiss uint64 584 counterMatch uint64 585 } 586 587 type aclRuleAllowWithDebugLoggerCounter struct { 588 config *ruleConfig 589 condition aclRuleCondition 590 field string 591 logger *zap.Logger 592 tag string 593 counterMiss uint64 594 counterMatch uint64 595 } 596 597 type aclRuleAllowWithInfoLoggerCounter struct { 598 config *ruleConfig 599 condition aclRuleCondition 600 field string 601 logger *zap.Logger 602 tag string 603 counterMiss uint64 604 counterMatch uint64 605 } 606 607 type aclRuleAllowWithWarnLoggerCounter struct { 608 config *ruleConfig 609 condition aclRuleCondition 610 field string 611 logger *zap.Logger 612 tag string 613 counterMiss uint64 614 counterMatch uint64 615 } 616 617 type aclRuleAllowWithErrorLoggerCounter struct { 618 config *ruleConfig 619 condition aclRuleCondition 620 field string 621 logger *zap.Logger 622 tag string 623 counterMiss uint64 624 counterMatch uint64 625 } 626 627 type aclRuleDenyMatchAnyStop struct { 628 config *ruleConfig 629 conditions []aclRuleCondition 630 fields []string 631 } 632 633 type aclRuleDenyMatchAllStop struct { 634 config *ruleConfig 635 conditions []aclRuleCondition 636 fields []string 637 } 638 639 type aclRuleDenyStop struct { 640 config *ruleConfig 641 condition aclRuleCondition 642 field string 643 } 644 645 type aclRuleDenyMatchAny struct { 646 config *ruleConfig 647 conditions []aclRuleCondition 648 fields []string 649 } 650 651 type aclRuleDenyMatchAll struct { 652 config *ruleConfig 653 conditions []aclRuleCondition 654 fields []string 655 } 656 657 type aclRuleDeny struct { 658 config *ruleConfig 659 condition aclRuleCondition 660 field string 661 } 662 663 type aclRuleDenyWithDebugLoggerMatchAnyStop struct { 664 config *ruleConfig 665 conditions []aclRuleCondition 666 fields []string 667 logger *zap.Logger 668 tag string 669 } 670 671 type aclRuleDenyWithInfoLoggerMatchAnyStop struct { 672 config *ruleConfig 673 conditions []aclRuleCondition 674 fields []string 675 logger *zap.Logger 676 tag string 677 } 678 679 type aclRuleDenyWithWarnLoggerMatchAnyStop struct { 680 config *ruleConfig 681 conditions []aclRuleCondition 682 fields []string 683 logger *zap.Logger 684 tag string 685 } 686 687 type aclRuleDenyWithErrorLoggerMatchAnyStop struct { 688 config *ruleConfig 689 conditions []aclRuleCondition 690 fields []string 691 logger *zap.Logger 692 tag string 693 } 694 695 type aclRuleDenyWithDebugLoggerMatchAllStop struct { 696 config *ruleConfig 697 conditions []aclRuleCondition 698 fields []string 699 logger *zap.Logger 700 tag string 701 } 702 703 type aclRuleDenyWithInfoLoggerMatchAllStop struct { 704 config *ruleConfig 705 conditions []aclRuleCondition 706 fields []string 707 logger *zap.Logger 708 tag string 709 } 710 711 type aclRuleDenyWithWarnLoggerMatchAllStop struct { 712 config *ruleConfig 713 conditions []aclRuleCondition 714 fields []string 715 logger *zap.Logger 716 tag string 717 } 718 719 type aclRuleDenyWithErrorLoggerMatchAllStop struct { 720 config *ruleConfig 721 conditions []aclRuleCondition 722 fields []string 723 logger *zap.Logger 724 tag string 725 } 726 727 type aclRuleDenyWithDebugLoggerStop struct { 728 config *ruleConfig 729 condition aclRuleCondition 730 field string 731 logger *zap.Logger 732 tag string 733 } 734 735 type aclRuleDenyWithInfoLoggerStop struct { 736 config *ruleConfig 737 condition aclRuleCondition 738 field string 739 logger *zap.Logger 740 tag string 741 } 742 743 type aclRuleDenyWithWarnLoggerStop struct { 744 config *ruleConfig 745 condition aclRuleCondition 746 field string 747 logger *zap.Logger 748 tag string 749 } 750 751 type aclRuleDenyWithErrorLoggerStop struct { 752 config *ruleConfig 753 condition aclRuleCondition 754 field string 755 logger *zap.Logger 756 tag string 757 } 758 759 type aclRuleDenyWithDebugLoggerMatchAny struct { 760 config *ruleConfig 761 conditions []aclRuleCondition 762 fields []string 763 logger *zap.Logger 764 tag string 765 } 766 767 type aclRuleDenyWithInfoLoggerMatchAny struct { 768 config *ruleConfig 769 conditions []aclRuleCondition 770 fields []string 771 logger *zap.Logger 772 tag string 773 } 774 775 type aclRuleDenyWithWarnLoggerMatchAny struct { 776 config *ruleConfig 777 conditions []aclRuleCondition 778 fields []string 779 logger *zap.Logger 780 tag string 781 } 782 783 type aclRuleDenyWithErrorLoggerMatchAny struct { 784 config *ruleConfig 785 conditions []aclRuleCondition 786 fields []string 787 logger *zap.Logger 788 tag string 789 } 790 791 type aclRuleDenyWithDebugLoggerMatchAll struct { 792 config *ruleConfig 793 conditions []aclRuleCondition 794 fields []string 795 logger *zap.Logger 796 tag string 797 } 798 799 type aclRuleDenyWithInfoLoggerMatchAll struct { 800 config *ruleConfig 801 conditions []aclRuleCondition 802 fields []string 803 logger *zap.Logger 804 tag string 805 } 806 807 type aclRuleDenyWithWarnLoggerMatchAll struct { 808 config *ruleConfig 809 conditions []aclRuleCondition 810 fields []string 811 logger *zap.Logger 812 tag string 813 } 814 815 type aclRuleDenyWithErrorLoggerMatchAll struct { 816 config *ruleConfig 817 conditions []aclRuleCondition 818 fields []string 819 logger *zap.Logger 820 tag string 821 } 822 823 type aclRuleDenyWithDebugLogger struct { 824 config *ruleConfig 825 condition aclRuleCondition 826 field string 827 logger *zap.Logger 828 tag string 829 } 830 831 type aclRuleDenyWithInfoLogger struct { 832 config *ruleConfig 833 condition aclRuleCondition 834 field string 835 logger *zap.Logger 836 tag string 837 } 838 839 type aclRuleDenyWithWarnLogger struct { 840 config *ruleConfig 841 condition aclRuleCondition 842 field string 843 logger *zap.Logger 844 tag string 845 } 846 847 type aclRuleDenyWithErrorLogger struct { 848 config *ruleConfig 849 condition aclRuleCondition 850 field string 851 logger *zap.Logger 852 tag string 853 } 854 855 type aclRuleDenyWithCounterMatchAnyStop struct { 856 config *ruleConfig 857 conditions []aclRuleCondition 858 fields []string 859 counterMiss uint64 860 counterMatch uint64 861 } 862 863 type aclRuleDenyWithCounterMatchAllStop struct { 864 config *ruleConfig 865 conditions []aclRuleCondition 866 fields []string 867 counterMiss uint64 868 counterMatch uint64 869 } 870 871 type aclRuleDenyWithCounterStop struct { 872 config *ruleConfig 873 condition aclRuleCondition 874 field string 875 counterMiss uint64 876 counterMatch uint64 877 } 878 879 type aclRuleDenyWithCounterMatchAny struct { 880 config *ruleConfig 881 conditions []aclRuleCondition 882 fields []string 883 counterMiss uint64 884 counterMatch uint64 885 } 886 887 type aclRuleDenyWithCounterMatchAll struct { 888 config *ruleConfig 889 conditions []aclRuleCondition 890 fields []string 891 counterMiss uint64 892 counterMatch uint64 893 } 894 895 type aclRuleDenyWithCounter struct { 896 config *ruleConfig 897 condition aclRuleCondition 898 field string 899 counterMiss uint64 900 counterMatch uint64 901 } 902 903 type aclRuleDenyWithDebugLoggerCounterMatchAnyStop struct { 904 config *ruleConfig 905 conditions []aclRuleCondition 906 fields []string 907 logger *zap.Logger 908 tag string 909 counterMiss uint64 910 counterMatch uint64 911 } 912 913 type aclRuleDenyWithInfoLoggerCounterMatchAnyStop struct { 914 config *ruleConfig 915 conditions []aclRuleCondition 916 fields []string 917 logger *zap.Logger 918 tag string 919 counterMiss uint64 920 counterMatch uint64 921 } 922 923 type aclRuleDenyWithWarnLoggerCounterMatchAnyStop struct { 924 config *ruleConfig 925 conditions []aclRuleCondition 926 fields []string 927 logger *zap.Logger 928 tag string 929 counterMiss uint64 930 counterMatch uint64 931 } 932 933 type aclRuleDenyWithErrorLoggerCounterMatchAnyStop struct { 934 config *ruleConfig 935 conditions []aclRuleCondition 936 fields []string 937 logger *zap.Logger 938 tag string 939 counterMiss uint64 940 counterMatch uint64 941 } 942 943 type aclRuleDenyWithDebugLoggerCounterMatchAllStop struct { 944 config *ruleConfig 945 conditions []aclRuleCondition 946 fields []string 947 logger *zap.Logger 948 tag string 949 counterMiss uint64 950 counterMatch uint64 951 } 952 953 type aclRuleDenyWithInfoLoggerCounterMatchAllStop struct { 954 config *ruleConfig 955 conditions []aclRuleCondition 956 fields []string 957 logger *zap.Logger 958 tag string 959 counterMiss uint64 960 counterMatch uint64 961 } 962 963 type aclRuleDenyWithWarnLoggerCounterMatchAllStop struct { 964 config *ruleConfig 965 conditions []aclRuleCondition 966 fields []string 967 logger *zap.Logger 968 tag string 969 counterMiss uint64 970 counterMatch uint64 971 } 972 973 type aclRuleDenyWithErrorLoggerCounterMatchAllStop struct { 974 config *ruleConfig 975 conditions []aclRuleCondition 976 fields []string 977 logger *zap.Logger 978 tag string 979 counterMiss uint64 980 counterMatch uint64 981 } 982 983 type aclRuleDenyWithDebugLoggerCounterStop struct { 984 config *ruleConfig 985 condition aclRuleCondition 986 field string 987 logger *zap.Logger 988 tag string 989 counterMiss uint64 990 counterMatch uint64 991 } 992 993 type aclRuleDenyWithInfoLoggerCounterStop struct { 994 config *ruleConfig 995 condition aclRuleCondition 996 field string 997 logger *zap.Logger 998 tag string 999 counterMiss uint64 1000 counterMatch uint64 1001 } 1002 1003 type aclRuleDenyWithWarnLoggerCounterStop struct { 1004 config *ruleConfig 1005 condition aclRuleCondition 1006 field string 1007 logger *zap.Logger 1008 tag string 1009 counterMiss uint64 1010 counterMatch uint64 1011 } 1012 1013 type aclRuleDenyWithErrorLoggerCounterStop struct { 1014 config *ruleConfig 1015 condition aclRuleCondition 1016 field string 1017 logger *zap.Logger 1018 tag string 1019 counterMiss uint64 1020 counterMatch uint64 1021 } 1022 1023 type aclRuleDenyWithDebugLoggerCounterMatchAny struct { 1024 config *ruleConfig 1025 conditions []aclRuleCondition 1026 fields []string 1027 logger *zap.Logger 1028 tag string 1029 counterMiss uint64 1030 counterMatch uint64 1031 } 1032 1033 type aclRuleDenyWithInfoLoggerCounterMatchAny struct { 1034 config *ruleConfig 1035 conditions []aclRuleCondition 1036 fields []string 1037 logger *zap.Logger 1038 tag string 1039 counterMiss uint64 1040 counterMatch uint64 1041 } 1042 1043 type aclRuleDenyWithWarnLoggerCounterMatchAny struct { 1044 config *ruleConfig 1045 conditions []aclRuleCondition 1046 fields []string 1047 logger *zap.Logger 1048 tag string 1049 counterMiss uint64 1050 counterMatch uint64 1051 } 1052 1053 type aclRuleDenyWithErrorLoggerCounterMatchAny struct { 1054 config *ruleConfig 1055 conditions []aclRuleCondition 1056 fields []string 1057 logger *zap.Logger 1058 tag string 1059 counterMiss uint64 1060 counterMatch uint64 1061 } 1062 1063 type aclRuleDenyWithDebugLoggerCounterMatchAll struct { 1064 config *ruleConfig 1065 conditions []aclRuleCondition 1066 fields []string 1067 logger *zap.Logger 1068 tag string 1069 counterMiss uint64 1070 counterMatch uint64 1071 } 1072 1073 type aclRuleDenyWithInfoLoggerCounterMatchAll struct { 1074 config *ruleConfig 1075 conditions []aclRuleCondition 1076 fields []string 1077 logger *zap.Logger 1078 tag string 1079 counterMiss uint64 1080 counterMatch uint64 1081 } 1082 1083 type aclRuleDenyWithWarnLoggerCounterMatchAll struct { 1084 config *ruleConfig 1085 conditions []aclRuleCondition 1086 fields []string 1087 logger *zap.Logger 1088 tag string 1089 counterMiss uint64 1090 counterMatch uint64 1091 } 1092 1093 type aclRuleDenyWithErrorLoggerCounterMatchAll struct { 1094 config *ruleConfig 1095 conditions []aclRuleCondition 1096 fields []string 1097 logger *zap.Logger 1098 tag string 1099 counterMiss uint64 1100 counterMatch uint64 1101 } 1102 1103 type aclRuleDenyWithDebugLoggerCounter struct { 1104 config *ruleConfig 1105 condition aclRuleCondition 1106 field string 1107 logger *zap.Logger 1108 tag string 1109 counterMiss uint64 1110 counterMatch uint64 1111 } 1112 1113 type aclRuleDenyWithInfoLoggerCounter struct { 1114 config *ruleConfig 1115 condition aclRuleCondition 1116 field string 1117 logger *zap.Logger 1118 tag string 1119 counterMiss uint64 1120 counterMatch uint64 1121 } 1122 1123 type aclRuleDenyWithWarnLoggerCounter struct { 1124 config *ruleConfig 1125 condition aclRuleCondition 1126 field string 1127 logger *zap.Logger 1128 tag string 1129 counterMiss uint64 1130 counterMatch uint64 1131 } 1132 1133 type aclRuleDenyWithErrorLoggerCounter struct { 1134 config *ruleConfig 1135 condition aclRuleCondition 1136 field string 1137 logger *zap.Logger 1138 tag string 1139 counterMiss uint64 1140 counterMatch uint64 1141 } 1142 1143 type aclRuleFieldCheckAllowMatchAnyStop struct { 1144 config *ruleConfig 1145 conditions []aclRuleCondition 1146 fields []string 1147 checkFields map[string]bool 1148 } 1149 1150 type aclRuleFieldCheckAllowMatchAllStop struct { 1151 config *ruleConfig 1152 conditions []aclRuleCondition 1153 fields []string 1154 checkFields map[string]bool 1155 } 1156 1157 type aclRuleFieldCheckAllowStop struct { 1158 config *ruleConfig 1159 condition aclRuleCondition 1160 field string 1161 checkFields map[string]bool 1162 } 1163 1164 type aclRuleFieldCheckAllowMatchAny struct { 1165 config *ruleConfig 1166 conditions []aclRuleCondition 1167 fields []string 1168 checkFields map[string]bool 1169 } 1170 1171 type aclRuleFieldCheckAllowMatchAll struct { 1172 config *ruleConfig 1173 conditions []aclRuleCondition 1174 fields []string 1175 checkFields map[string]bool 1176 } 1177 1178 type aclRuleFieldCheckAllow struct { 1179 config *ruleConfig 1180 condition aclRuleCondition 1181 field string 1182 checkFields map[string]bool 1183 } 1184 1185 type aclRuleFieldCheckAllowWithDebugLoggerMatchAnyStop struct { 1186 config *ruleConfig 1187 conditions []aclRuleCondition 1188 fields []string 1189 checkFields map[string]bool 1190 logger *zap.Logger 1191 tag string 1192 } 1193 1194 type aclRuleFieldCheckAllowWithInfoLoggerMatchAnyStop struct { 1195 config *ruleConfig 1196 conditions []aclRuleCondition 1197 fields []string 1198 checkFields map[string]bool 1199 logger *zap.Logger 1200 tag string 1201 } 1202 1203 type aclRuleFieldCheckAllowWithWarnLoggerMatchAnyStop struct { 1204 config *ruleConfig 1205 conditions []aclRuleCondition 1206 fields []string 1207 checkFields map[string]bool 1208 logger *zap.Logger 1209 tag string 1210 } 1211 1212 type aclRuleFieldCheckAllowWithErrorLoggerMatchAnyStop struct { 1213 config *ruleConfig 1214 conditions []aclRuleCondition 1215 fields []string 1216 checkFields map[string]bool 1217 logger *zap.Logger 1218 tag string 1219 } 1220 1221 type aclRuleFieldCheckAllowWithDebugLoggerMatchAllStop struct { 1222 config *ruleConfig 1223 conditions []aclRuleCondition 1224 fields []string 1225 checkFields map[string]bool 1226 logger *zap.Logger 1227 tag string 1228 } 1229 1230 type aclRuleFieldCheckAllowWithInfoLoggerMatchAllStop struct { 1231 config *ruleConfig 1232 conditions []aclRuleCondition 1233 fields []string 1234 checkFields map[string]bool 1235 logger *zap.Logger 1236 tag string 1237 } 1238 1239 type aclRuleFieldCheckAllowWithWarnLoggerMatchAllStop struct { 1240 config *ruleConfig 1241 conditions []aclRuleCondition 1242 fields []string 1243 checkFields map[string]bool 1244 logger *zap.Logger 1245 tag string 1246 } 1247 1248 type aclRuleFieldCheckAllowWithErrorLoggerMatchAllStop struct { 1249 config *ruleConfig 1250 conditions []aclRuleCondition 1251 fields []string 1252 checkFields map[string]bool 1253 logger *zap.Logger 1254 tag string 1255 } 1256 1257 type aclRuleFieldCheckAllowWithDebugLoggerStop struct { 1258 config *ruleConfig 1259 condition aclRuleCondition 1260 field string 1261 checkFields map[string]bool 1262 logger *zap.Logger 1263 tag string 1264 } 1265 1266 type aclRuleFieldCheckAllowWithInfoLoggerStop struct { 1267 config *ruleConfig 1268 condition aclRuleCondition 1269 field string 1270 checkFields map[string]bool 1271 logger *zap.Logger 1272 tag string 1273 } 1274 1275 type aclRuleFieldCheckAllowWithWarnLoggerStop struct { 1276 config *ruleConfig 1277 condition aclRuleCondition 1278 field string 1279 checkFields map[string]bool 1280 logger *zap.Logger 1281 tag string 1282 } 1283 1284 type aclRuleFieldCheckAllowWithErrorLoggerStop struct { 1285 config *ruleConfig 1286 condition aclRuleCondition 1287 field string 1288 checkFields map[string]bool 1289 logger *zap.Logger 1290 tag string 1291 } 1292 1293 type aclRuleFieldCheckAllowWithDebugLoggerMatchAny struct { 1294 config *ruleConfig 1295 conditions []aclRuleCondition 1296 fields []string 1297 checkFields map[string]bool 1298 logger *zap.Logger 1299 tag string 1300 } 1301 1302 type aclRuleFieldCheckAllowWithInfoLoggerMatchAny struct { 1303 config *ruleConfig 1304 conditions []aclRuleCondition 1305 fields []string 1306 checkFields map[string]bool 1307 logger *zap.Logger 1308 tag string 1309 } 1310 1311 type aclRuleFieldCheckAllowWithWarnLoggerMatchAny struct { 1312 config *ruleConfig 1313 conditions []aclRuleCondition 1314 fields []string 1315 checkFields map[string]bool 1316 logger *zap.Logger 1317 tag string 1318 } 1319 1320 type aclRuleFieldCheckAllowWithErrorLoggerMatchAny struct { 1321 config *ruleConfig 1322 conditions []aclRuleCondition 1323 fields []string 1324 checkFields map[string]bool 1325 logger *zap.Logger 1326 tag string 1327 } 1328 1329 type aclRuleFieldCheckAllowWithDebugLoggerMatchAll struct { 1330 config *ruleConfig 1331 conditions []aclRuleCondition 1332 fields []string 1333 checkFields map[string]bool 1334 logger *zap.Logger 1335 tag string 1336 } 1337 1338 type aclRuleFieldCheckAllowWithInfoLoggerMatchAll struct { 1339 config *ruleConfig 1340 conditions []aclRuleCondition 1341 fields []string 1342 checkFields map[string]bool 1343 logger *zap.Logger 1344 tag string 1345 } 1346 1347 type aclRuleFieldCheckAllowWithWarnLoggerMatchAll struct { 1348 config *ruleConfig 1349 conditions []aclRuleCondition 1350 fields []string 1351 checkFields map[string]bool 1352 logger *zap.Logger 1353 tag string 1354 } 1355 1356 type aclRuleFieldCheckAllowWithErrorLoggerMatchAll struct { 1357 config *ruleConfig 1358 conditions []aclRuleCondition 1359 fields []string 1360 checkFields map[string]bool 1361 logger *zap.Logger 1362 tag string 1363 } 1364 1365 type aclRuleFieldCheckAllowWithDebugLogger struct { 1366 config *ruleConfig 1367 condition aclRuleCondition 1368 field string 1369 checkFields map[string]bool 1370 logger *zap.Logger 1371 tag string 1372 } 1373 1374 type aclRuleFieldCheckAllowWithInfoLogger struct { 1375 config *ruleConfig 1376 condition aclRuleCondition 1377 field string 1378 checkFields map[string]bool 1379 logger *zap.Logger 1380 tag string 1381 } 1382 1383 type aclRuleFieldCheckAllowWithWarnLogger struct { 1384 config *ruleConfig 1385 condition aclRuleCondition 1386 field string 1387 checkFields map[string]bool 1388 logger *zap.Logger 1389 tag string 1390 } 1391 1392 type aclRuleFieldCheckAllowWithErrorLogger struct { 1393 config *ruleConfig 1394 condition aclRuleCondition 1395 field string 1396 checkFields map[string]bool 1397 logger *zap.Logger 1398 tag string 1399 } 1400 1401 type aclRuleFieldCheckAllowWithCounterMatchAnyStop struct { 1402 config *ruleConfig 1403 conditions []aclRuleCondition 1404 fields []string 1405 checkFields map[string]bool 1406 counterMiss uint64 1407 counterMatch uint64 1408 } 1409 1410 type aclRuleFieldCheckAllowWithCounterMatchAllStop struct { 1411 config *ruleConfig 1412 conditions []aclRuleCondition 1413 fields []string 1414 checkFields map[string]bool 1415 counterMiss uint64 1416 counterMatch uint64 1417 } 1418 1419 type aclRuleFieldCheckAllowWithCounterStop struct { 1420 config *ruleConfig 1421 condition aclRuleCondition 1422 field string 1423 checkFields map[string]bool 1424 counterMiss uint64 1425 counterMatch uint64 1426 } 1427 1428 type aclRuleFieldCheckAllowWithCounterMatchAny struct { 1429 config *ruleConfig 1430 conditions []aclRuleCondition 1431 fields []string 1432 checkFields map[string]bool 1433 counterMiss uint64 1434 counterMatch uint64 1435 } 1436 1437 type aclRuleFieldCheckAllowWithCounterMatchAll struct { 1438 config *ruleConfig 1439 conditions []aclRuleCondition 1440 fields []string 1441 checkFields map[string]bool 1442 counterMiss uint64 1443 counterMatch uint64 1444 } 1445 1446 type aclRuleFieldCheckAllowWithCounter struct { 1447 config *ruleConfig 1448 condition aclRuleCondition 1449 field string 1450 checkFields map[string]bool 1451 counterMiss uint64 1452 counterMatch uint64 1453 } 1454 1455 type aclRuleFieldCheckAllowWithDebugLoggerCounterMatchAnyStop struct { 1456 config *ruleConfig 1457 conditions []aclRuleCondition 1458 fields []string 1459 checkFields map[string]bool 1460 logger *zap.Logger 1461 tag string 1462 counterMiss uint64 1463 counterMatch uint64 1464 } 1465 1466 type aclRuleFieldCheckAllowWithInfoLoggerCounterMatchAnyStop struct { 1467 config *ruleConfig 1468 conditions []aclRuleCondition 1469 fields []string 1470 checkFields map[string]bool 1471 logger *zap.Logger 1472 tag string 1473 counterMiss uint64 1474 counterMatch uint64 1475 } 1476 1477 type aclRuleFieldCheckAllowWithWarnLoggerCounterMatchAnyStop struct { 1478 config *ruleConfig 1479 conditions []aclRuleCondition 1480 fields []string 1481 checkFields map[string]bool 1482 logger *zap.Logger 1483 tag string 1484 counterMiss uint64 1485 counterMatch uint64 1486 } 1487 1488 type aclRuleFieldCheckAllowWithErrorLoggerCounterMatchAnyStop struct { 1489 config *ruleConfig 1490 conditions []aclRuleCondition 1491 fields []string 1492 checkFields map[string]bool 1493 logger *zap.Logger 1494 tag string 1495 counterMiss uint64 1496 counterMatch uint64 1497 } 1498 1499 type aclRuleFieldCheckAllowWithDebugLoggerCounterMatchAllStop struct { 1500 config *ruleConfig 1501 conditions []aclRuleCondition 1502 fields []string 1503 checkFields map[string]bool 1504 logger *zap.Logger 1505 tag string 1506 counterMiss uint64 1507 counterMatch uint64 1508 } 1509 1510 type aclRuleFieldCheckAllowWithInfoLoggerCounterMatchAllStop struct { 1511 config *ruleConfig 1512 conditions []aclRuleCondition 1513 fields []string 1514 checkFields map[string]bool 1515 logger *zap.Logger 1516 tag string 1517 counterMiss uint64 1518 counterMatch uint64 1519 } 1520 1521 type aclRuleFieldCheckAllowWithWarnLoggerCounterMatchAllStop struct { 1522 config *ruleConfig 1523 conditions []aclRuleCondition 1524 fields []string 1525 checkFields map[string]bool 1526 logger *zap.Logger 1527 tag string 1528 counterMiss uint64 1529 counterMatch uint64 1530 } 1531 1532 type aclRuleFieldCheckAllowWithErrorLoggerCounterMatchAllStop struct { 1533 config *ruleConfig 1534 conditions []aclRuleCondition 1535 fields []string 1536 checkFields map[string]bool 1537 logger *zap.Logger 1538 tag string 1539 counterMiss uint64 1540 counterMatch uint64 1541 } 1542 1543 type aclRuleFieldCheckAllowWithDebugLoggerCounterStop struct { 1544 config *ruleConfig 1545 condition aclRuleCondition 1546 field string 1547 checkFields map[string]bool 1548 logger *zap.Logger 1549 tag string 1550 counterMiss uint64 1551 counterMatch uint64 1552 } 1553 1554 type aclRuleFieldCheckAllowWithInfoLoggerCounterStop struct { 1555 config *ruleConfig 1556 condition aclRuleCondition 1557 field string 1558 checkFields map[string]bool 1559 logger *zap.Logger 1560 tag string 1561 counterMiss uint64 1562 counterMatch uint64 1563 } 1564 1565 type aclRuleFieldCheckAllowWithWarnLoggerCounterStop struct { 1566 config *ruleConfig 1567 condition aclRuleCondition 1568 field string 1569 checkFields map[string]bool 1570 logger *zap.Logger 1571 tag string 1572 counterMiss uint64 1573 counterMatch uint64 1574 } 1575 1576 type aclRuleFieldCheckAllowWithErrorLoggerCounterStop struct { 1577 config *ruleConfig 1578 condition aclRuleCondition 1579 field string 1580 checkFields map[string]bool 1581 logger *zap.Logger 1582 tag string 1583 counterMiss uint64 1584 counterMatch uint64 1585 } 1586 1587 type aclRuleFieldCheckAllowWithDebugLoggerCounterMatchAny struct { 1588 config *ruleConfig 1589 conditions []aclRuleCondition 1590 fields []string 1591 checkFields map[string]bool 1592 logger *zap.Logger 1593 tag string 1594 counterMiss uint64 1595 counterMatch uint64 1596 } 1597 1598 type aclRuleFieldCheckAllowWithInfoLoggerCounterMatchAny struct { 1599 config *ruleConfig 1600 conditions []aclRuleCondition 1601 fields []string 1602 checkFields map[string]bool 1603 logger *zap.Logger 1604 tag string 1605 counterMiss uint64 1606 counterMatch uint64 1607 } 1608 1609 type aclRuleFieldCheckAllowWithWarnLoggerCounterMatchAny struct { 1610 config *ruleConfig 1611 conditions []aclRuleCondition 1612 fields []string 1613 checkFields map[string]bool 1614 logger *zap.Logger 1615 tag string 1616 counterMiss uint64 1617 counterMatch uint64 1618 } 1619 1620 type aclRuleFieldCheckAllowWithErrorLoggerCounterMatchAny struct { 1621 config *ruleConfig 1622 conditions []aclRuleCondition 1623 fields []string 1624 checkFields map[string]bool 1625 logger *zap.Logger 1626 tag string 1627 counterMiss uint64 1628 counterMatch uint64 1629 } 1630 1631 type aclRuleFieldCheckAllowWithDebugLoggerCounterMatchAll struct { 1632 config *ruleConfig 1633 conditions []aclRuleCondition 1634 fields []string 1635 checkFields map[string]bool 1636 logger *zap.Logger 1637 tag string 1638 counterMiss uint64 1639 counterMatch uint64 1640 } 1641 1642 type aclRuleFieldCheckAllowWithInfoLoggerCounterMatchAll struct { 1643 config *ruleConfig 1644 conditions []aclRuleCondition 1645 fields []string 1646 checkFields map[string]bool 1647 logger *zap.Logger 1648 tag string 1649 counterMiss uint64 1650 counterMatch uint64 1651 } 1652 1653 type aclRuleFieldCheckAllowWithWarnLoggerCounterMatchAll struct { 1654 config *ruleConfig 1655 conditions []aclRuleCondition 1656 fields []string 1657 checkFields map[string]bool 1658 logger *zap.Logger 1659 tag string 1660 counterMiss uint64 1661 counterMatch uint64 1662 } 1663 1664 type aclRuleFieldCheckAllowWithErrorLoggerCounterMatchAll struct { 1665 config *ruleConfig 1666 conditions []aclRuleCondition 1667 fields []string 1668 checkFields map[string]bool 1669 logger *zap.Logger 1670 tag string 1671 counterMiss uint64 1672 counterMatch uint64 1673 } 1674 1675 type aclRuleFieldCheckAllowWithDebugLoggerCounter struct { 1676 config *ruleConfig 1677 condition aclRuleCondition 1678 field string 1679 checkFields map[string]bool 1680 logger *zap.Logger 1681 tag string 1682 counterMiss uint64 1683 counterMatch uint64 1684 } 1685 1686 type aclRuleFieldCheckAllowWithInfoLoggerCounter struct { 1687 config *ruleConfig 1688 condition aclRuleCondition 1689 field string 1690 checkFields map[string]bool 1691 logger *zap.Logger 1692 tag string 1693 counterMiss uint64 1694 counterMatch uint64 1695 } 1696 1697 type aclRuleFieldCheckAllowWithWarnLoggerCounter struct { 1698 config *ruleConfig 1699 condition aclRuleCondition 1700 field string 1701 checkFields map[string]bool 1702 logger *zap.Logger 1703 tag string 1704 counterMiss uint64 1705 counterMatch uint64 1706 } 1707 1708 type aclRuleFieldCheckAllowWithErrorLoggerCounter struct { 1709 config *ruleConfig 1710 condition aclRuleCondition 1711 field string 1712 checkFields map[string]bool 1713 logger *zap.Logger 1714 tag string 1715 counterMiss uint64 1716 counterMatch uint64 1717 } 1718 1719 type aclRuleFieldCheckDenyMatchAnyStop struct { 1720 config *ruleConfig 1721 conditions []aclRuleCondition 1722 fields []string 1723 checkFields map[string]bool 1724 } 1725 1726 type aclRuleFieldCheckDenyMatchAllStop struct { 1727 config *ruleConfig 1728 conditions []aclRuleCondition 1729 fields []string 1730 checkFields map[string]bool 1731 } 1732 1733 type aclRuleFieldCheckDenyStop struct { 1734 config *ruleConfig 1735 condition aclRuleCondition 1736 field string 1737 checkFields map[string]bool 1738 } 1739 1740 type aclRuleFieldCheckDenyMatchAny struct { 1741 config *ruleConfig 1742 conditions []aclRuleCondition 1743 fields []string 1744 checkFields map[string]bool 1745 } 1746 1747 type aclRuleFieldCheckDenyMatchAll struct { 1748 config *ruleConfig 1749 conditions []aclRuleCondition 1750 fields []string 1751 checkFields map[string]bool 1752 } 1753 1754 type aclRuleFieldCheckDeny struct { 1755 config *ruleConfig 1756 condition aclRuleCondition 1757 field string 1758 checkFields map[string]bool 1759 } 1760 1761 type aclRuleFieldCheckDenyWithDebugLoggerMatchAnyStop struct { 1762 config *ruleConfig 1763 conditions []aclRuleCondition 1764 fields []string 1765 checkFields map[string]bool 1766 logger *zap.Logger 1767 tag string 1768 } 1769 1770 type aclRuleFieldCheckDenyWithInfoLoggerMatchAnyStop struct { 1771 config *ruleConfig 1772 conditions []aclRuleCondition 1773 fields []string 1774 checkFields map[string]bool 1775 logger *zap.Logger 1776 tag string 1777 } 1778 1779 type aclRuleFieldCheckDenyWithWarnLoggerMatchAnyStop struct { 1780 config *ruleConfig 1781 conditions []aclRuleCondition 1782 fields []string 1783 checkFields map[string]bool 1784 logger *zap.Logger 1785 tag string 1786 } 1787 1788 type aclRuleFieldCheckDenyWithErrorLoggerMatchAnyStop struct { 1789 config *ruleConfig 1790 conditions []aclRuleCondition 1791 fields []string 1792 checkFields map[string]bool 1793 logger *zap.Logger 1794 tag string 1795 } 1796 1797 type aclRuleFieldCheckDenyWithDebugLoggerMatchAllStop struct { 1798 config *ruleConfig 1799 conditions []aclRuleCondition 1800 fields []string 1801 checkFields map[string]bool 1802 logger *zap.Logger 1803 tag string 1804 } 1805 1806 type aclRuleFieldCheckDenyWithInfoLoggerMatchAllStop struct { 1807 config *ruleConfig 1808 conditions []aclRuleCondition 1809 fields []string 1810 checkFields map[string]bool 1811 logger *zap.Logger 1812 tag string 1813 } 1814 1815 type aclRuleFieldCheckDenyWithWarnLoggerMatchAllStop struct { 1816 config *ruleConfig 1817 conditions []aclRuleCondition 1818 fields []string 1819 checkFields map[string]bool 1820 logger *zap.Logger 1821 tag string 1822 } 1823 1824 type aclRuleFieldCheckDenyWithErrorLoggerMatchAllStop struct { 1825 config *ruleConfig 1826 conditions []aclRuleCondition 1827 fields []string 1828 checkFields map[string]bool 1829 logger *zap.Logger 1830 tag string 1831 } 1832 1833 type aclRuleFieldCheckDenyWithDebugLoggerStop struct { 1834 config *ruleConfig 1835 condition aclRuleCondition 1836 field string 1837 checkFields map[string]bool 1838 logger *zap.Logger 1839 tag string 1840 } 1841 1842 type aclRuleFieldCheckDenyWithInfoLoggerStop struct { 1843 config *ruleConfig 1844 condition aclRuleCondition 1845 field string 1846 checkFields map[string]bool 1847 logger *zap.Logger 1848 tag string 1849 } 1850 1851 type aclRuleFieldCheckDenyWithWarnLoggerStop struct { 1852 config *ruleConfig 1853 condition aclRuleCondition 1854 field string 1855 checkFields map[string]bool 1856 logger *zap.Logger 1857 tag string 1858 } 1859 1860 type aclRuleFieldCheckDenyWithErrorLoggerStop struct { 1861 config *ruleConfig 1862 condition aclRuleCondition 1863 field string 1864 checkFields map[string]bool 1865 logger *zap.Logger 1866 tag string 1867 } 1868 1869 type aclRuleFieldCheckDenyWithDebugLoggerMatchAny struct { 1870 config *ruleConfig 1871 conditions []aclRuleCondition 1872 fields []string 1873 checkFields map[string]bool 1874 logger *zap.Logger 1875 tag string 1876 } 1877 1878 type aclRuleFieldCheckDenyWithInfoLoggerMatchAny struct { 1879 config *ruleConfig 1880 conditions []aclRuleCondition 1881 fields []string 1882 checkFields map[string]bool 1883 logger *zap.Logger 1884 tag string 1885 } 1886 1887 type aclRuleFieldCheckDenyWithWarnLoggerMatchAny struct { 1888 config *ruleConfig 1889 conditions []aclRuleCondition 1890 fields []string 1891 checkFields map[string]bool 1892 logger *zap.Logger 1893 tag string 1894 } 1895 1896 type aclRuleFieldCheckDenyWithErrorLoggerMatchAny struct { 1897 config *ruleConfig 1898 conditions []aclRuleCondition 1899 fields []string 1900 checkFields map[string]bool 1901 logger *zap.Logger 1902 tag string 1903 } 1904 1905 type aclRuleFieldCheckDenyWithDebugLoggerMatchAll struct { 1906 config *ruleConfig 1907 conditions []aclRuleCondition 1908 fields []string 1909 checkFields map[string]bool 1910 logger *zap.Logger 1911 tag string 1912 } 1913 1914 type aclRuleFieldCheckDenyWithInfoLoggerMatchAll struct { 1915 config *ruleConfig 1916 conditions []aclRuleCondition 1917 fields []string 1918 checkFields map[string]bool 1919 logger *zap.Logger 1920 tag string 1921 } 1922 1923 type aclRuleFieldCheckDenyWithWarnLoggerMatchAll struct { 1924 config *ruleConfig 1925 conditions []aclRuleCondition 1926 fields []string 1927 checkFields map[string]bool 1928 logger *zap.Logger 1929 tag string 1930 } 1931 1932 type aclRuleFieldCheckDenyWithErrorLoggerMatchAll struct { 1933 config *ruleConfig 1934 conditions []aclRuleCondition 1935 fields []string 1936 checkFields map[string]bool 1937 logger *zap.Logger 1938 tag string 1939 } 1940 1941 type aclRuleFieldCheckDenyWithDebugLogger struct { 1942 config *ruleConfig 1943 condition aclRuleCondition 1944 field string 1945 checkFields map[string]bool 1946 logger *zap.Logger 1947 tag string 1948 } 1949 1950 type aclRuleFieldCheckDenyWithInfoLogger struct { 1951 config *ruleConfig 1952 condition aclRuleCondition 1953 field string 1954 checkFields map[string]bool 1955 logger *zap.Logger 1956 tag string 1957 } 1958 1959 type aclRuleFieldCheckDenyWithWarnLogger struct { 1960 config *ruleConfig 1961 condition aclRuleCondition 1962 field string 1963 checkFields map[string]bool 1964 logger *zap.Logger 1965 tag string 1966 } 1967 1968 type aclRuleFieldCheckDenyWithErrorLogger struct { 1969 config *ruleConfig 1970 condition aclRuleCondition 1971 field string 1972 checkFields map[string]bool 1973 logger *zap.Logger 1974 tag string 1975 } 1976 1977 type aclRuleFieldCheckDenyWithCounterMatchAnyStop struct { 1978 config *ruleConfig 1979 conditions []aclRuleCondition 1980 fields []string 1981 checkFields map[string]bool 1982 counterMiss uint64 1983 counterMatch uint64 1984 } 1985 1986 type aclRuleFieldCheckDenyWithCounterMatchAllStop struct { 1987 config *ruleConfig 1988 conditions []aclRuleCondition 1989 fields []string 1990 checkFields map[string]bool 1991 counterMiss uint64 1992 counterMatch uint64 1993 } 1994 1995 type aclRuleFieldCheckDenyWithCounterStop struct { 1996 config *ruleConfig 1997 condition aclRuleCondition 1998 field string 1999 checkFields map[string]bool 2000 counterMiss uint64 2001 counterMatch uint64 2002 } 2003 2004 type aclRuleFieldCheckDenyWithCounterMatchAny struct { 2005 config *ruleConfig 2006 conditions []aclRuleCondition 2007 fields []string 2008 checkFields map[string]bool 2009 counterMiss uint64 2010 counterMatch uint64 2011 } 2012 2013 type aclRuleFieldCheckDenyWithCounterMatchAll struct { 2014 config *ruleConfig 2015 conditions []aclRuleCondition 2016 fields []string 2017 checkFields map[string]bool 2018 counterMiss uint64 2019 counterMatch uint64 2020 } 2021 2022 type aclRuleFieldCheckDenyWithCounter struct { 2023 config *ruleConfig 2024 condition aclRuleCondition 2025 field string 2026 checkFields map[string]bool 2027 counterMiss uint64 2028 counterMatch uint64 2029 } 2030 2031 type aclRuleFieldCheckDenyWithDebugLoggerCounterMatchAnyStop struct { 2032 config *ruleConfig 2033 conditions []aclRuleCondition 2034 fields []string 2035 checkFields map[string]bool 2036 logger *zap.Logger 2037 tag string 2038 counterMiss uint64 2039 counterMatch uint64 2040 } 2041 2042 type aclRuleFieldCheckDenyWithInfoLoggerCounterMatchAnyStop struct { 2043 config *ruleConfig 2044 conditions []aclRuleCondition 2045 fields []string 2046 checkFields map[string]bool 2047 logger *zap.Logger 2048 tag string 2049 counterMiss uint64 2050 counterMatch uint64 2051 } 2052 2053 type aclRuleFieldCheckDenyWithWarnLoggerCounterMatchAnyStop struct { 2054 config *ruleConfig 2055 conditions []aclRuleCondition 2056 fields []string 2057 checkFields map[string]bool 2058 logger *zap.Logger 2059 tag string 2060 counterMiss uint64 2061 counterMatch uint64 2062 } 2063 2064 type aclRuleFieldCheckDenyWithErrorLoggerCounterMatchAnyStop struct { 2065 config *ruleConfig 2066 conditions []aclRuleCondition 2067 fields []string 2068 checkFields map[string]bool 2069 logger *zap.Logger 2070 tag string 2071 counterMiss uint64 2072 counterMatch uint64 2073 } 2074 2075 type aclRuleFieldCheckDenyWithDebugLoggerCounterMatchAllStop struct { 2076 config *ruleConfig 2077 conditions []aclRuleCondition 2078 fields []string 2079 checkFields map[string]bool 2080 logger *zap.Logger 2081 tag string 2082 counterMiss uint64 2083 counterMatch uint64 2084 } 2085 2086 type aclRuleFieldCheckDenyWithInfoLoggerCounterMatchAllStop struct { 2087 config *ruleConfig 2088 conditions []aclRuleCondition 2089 fields []string 2090 checkFields map[string]bool 2091 logger *zap.Logger 2092 tag string 2093 counterMiss uint64 2094 counterMatch uint64 2095 } 2096 2097 type aclRuleFieldCheckDenyWithWarnLoggerCounterMatchAllStop struct { 2098 config *ruleConfig 2099 conditions []aclRuleCondition 2100 fields []string 2101 checkFields map[string]bool 2102 logger *zap.Logger 2103 tag string 2104 counterMiss uint64 2105 counterMatch uint64 2106 } 2107 2108 type aclRuleFieldCheckDenyWithErrorLoggerCounterMatchAllStop struct { 2109 config *ruleConfig 2110 conditions []aclRuleCondition 2111 fields []string 2112 checkFields map[string]bool 2113 logger *zap.Logger 2114 tag string 2115 counterMiss uint64 2116 counterMatch uint64 2117 } 2118 2119 type aclRuleFieldCheckDenyWithDebugLoggerCounterStop struct { 2120 config *ruleConfig 2121 condition aclRuleCondition 2122 field string 2123 checkFields map[string]bool 2124 logger *zap.Logger 2125 tag string 2126 counterMiss uint64 2127 counterMatch uint64 2128 } 2129 2130 type aclRuleFieldCheckDenyWithInfoLoggerCounterStop struct { 2131 config *ruleConfig 2132 condition aclRuleCondition 2133 field string 2134 checkFields map[string]bool 2135 logger *zap.Logger 2136 tag string 2137 counterMiss uint64 2138 counterMatch uint64 2139 } 2140 2141 type aclRuleFieldCheckDenyWithWarnLoggerCounterStop struct { 2142 config *ruleConfig 2143 condition aclRuleCondition 2144 field string 2145 checkFields map[string]bool 2146 logger *zap.Logger 2147 tag string 2148 counterMiss uint64 2149 counterMatch uint64 2150 } 2151 2152 type aclRuleFieldCheckDenyWithErrorLoggerCounterStop struct { 2153 config *ruleConfig 2154 condition aclRuleCondition 2155 field string 2156 checkFields map[string]bool 2157 logger *zap.Logger 2158 tag string 2159 counterMiss uint64 2160 counterMatch uint64 2161 } 2162 2163 type aclRuleFieldCheckDenyWithDebugLoggerCounterMatchAny struct { 2164 config *ruleConfig 2165 conditions []aclRuleCondition 2166 fields []string 2167 checkFields map[string]bool 2168 logger *zap.Logger 2169 tag string 2170 counterMiss uint64 2171 counterMatch uint64 2172 } 2173 2174 type aclRuleFieldCheckDenyWithInfoLoggerCounterMatchAny struct { 2175 config *ruleConfig 2176 conditions []aclRuleCondition 2177 fields []string 2178 checkFields map[string]bool 2179 logger *zap.Logger 2180 tag string 2181 counterMiss uint64 2182 counterMatch uint64 2183 } 2184 2185 type aclRuleFieldCheckDenyWithWarnLoggerCounterMatchAny struct { 2186 config *ruleConfig 2187 conditions []aclRuleCondition 2188 fields []string 2189 checkFields map[string]bool 2190 logger *zap.Logger 2191 tag string 2192 counterMiss uint64 2193 counterMatch uint64 2194 } 2195 2196 type aclRuleFieldCheckDenyWithErrorLoggerCounterMatchAny struct { 2197 config *ruleConfig 2198 conditions []aclRuleCondition 2199 fields []string 2200 checkFields map[string]bool 2201 logger *zap.Logger 2202 tag string 2203 counterMiss uint64 2204 counterMatch uint64 2205 } 2206 2207 type aclRuleFieldCheckDenyWithDebugLoggerCounterMatchAll struct { 2208 config *ruleConfig 2209 conditions []aclRuleCondition 2210 fields []string 2211 checkFields map[string]bool 2212 logger *zap.Logger 2213 tag string 2214 counterMiss uint64 2215 counterMatch uint64 2216 } 2217 2218 type aclRuleFieldCheckDenyWithInfoLoggerCounterMatchAll struct { 2219 config *ruleConfig 2220 conditions []aclRuleCondition 2221 fields []string 2222 checkFields map[string]bool 2223 logger *zap.Logger 2224 tag string 2225 counterMiss uint64 2226 counterMatch uint64 2227 } 2228 2229 type aclRuleFieldCheckDenyWithWarnLoggerCounterMatchAll struct { 2230 config *ruleConfig 2231 conditions []aclRuleCondition 2232 fields []string 2233 checkFields map[string]bool 2234 logger *zap.Logger 2235 tag string 2236 counterMiss uint64 2237 counterMatch uint64 2238 } 2239 2240 type aclRuleFieldCheckDenyWithErrorLoggerCounterMatchAll struct { 2241 config *ruleConfig 2242 conditions []aclRuleCondition 2243 fields []string 2244 checkFields map[string]bool 2245 logger *zap.Logger 2246 tag string 2247 counterMiss uint64 2248 counterMatch uint64 2249 } 2250 2251 type aclRuleFieldCheckDenyWithDebugLoggerCounter struct { 2252 config *ruleConfig 2253 condition aclRuleCondition 2254 field string 2255 checkFields map[string]bool 2256 logger *zap.Logger 2257 tag string 2258 counterMiss uint64 2259 counterMatch uint64 2260 } 2261 2262 type aclRuleFieldCheckDenyWithInfoLoggerCounter struct { 2263 config *ruleConfig 2264 condition aclRuleCondition 2265 field string 2266 checkFields map[string]bool 2267 logger *zap.Logger 2268 tag string 2269 counterMiss uint64 2270 counterMatch uint64 2271 } 2272 2273 type aclRuleFieldCheckDenyWithWarnLoggerCounter struct { 2274 config *ruleConfig 2275 condition aclRuleCondition 2276 field string 2277 checkFields map[string]bool 2278 logger *zap.Logger 2279 tag string 2280 counterMiss uint64 2281 counterMatch uint64 2282 } 2283 2284 type aclRuleFieldCheckDenyWithErrorLoggerCounter struct { 2285 config *ruleConfig 2286 condition aclRuleCondition 2287 field string 2288 checkFields map[string]bool 2289 logger *zap.Logger 2290 tag string 2291 counterMiss uint64 2292 counterMatch uint64 2293 } 2294 2295 func (rule *aclRuleAllowMatchAnyStop) getConfig(ctx context.Context) *ruleConfig { 2296 return rule.config 2297 } 2298 2299 func (rule *aclRuleAllowMatchAllStop) getConfig(ctx context.Context) *ruleConfig { 2300 return rule.config 2301 } 2302 2303 func (rule *aclRuleAllowStop) getConfig(ctx context.Context) *ruleConfig { 2304 return rule.config 2305 } 2306 2307 func (rule *aclRuleAllowMatchAny) getConfig(ctx context.Context) *ruleConfig { 2308 return rule.config 2309 } 2310 2311 func (rule *aclRuleAllowMatchAll) getConfig(ctx context.Context) *ruleConfig { 2312 return rule.config 2313 } 2314 2315 func (rule *aclRuleAllow) getConfig(ctx context.Context) *ruleConfig { 2316 return rule.config 2317 } 2318 2319 func (rule *aclRuleAllowWithDebugLoggerMatchAnyStop) getConfig(ctx context.Context) *ruleConfig { 2320 return rule.config 2321 } 2322 2323 func (rule *aclRuleAllowWithInfoLoggerMatchAnyStop) getConfig(ctx context.Context) *ruleConfig { 2324 return rule.config 2325 } 2326 2327 func (rule *aclRuleAllowWithWarnLoggerMatchAnyStop) getConfig(ctx context.Context) *ruleConfig { 2328 return rule.config 2329 } 2330 2331 func (rule *aclRuleAllowWithErrorLoggerMatchAnyStop) getConfig(ctx context.Context) *ruleConfig { 2332 return rule.config 2333 } 2334 2335 func (rule *aclRuleAllowWithDebugLoggerMatchAllStop) getConfig(ctx context.Context) *ruleConfig { 2336 return rule.config 2337 } 2338 2339 func (rule *aclRuleAllowWithInfoLoggerMatchAllStop) getConfig(ctx context.Context) *ruleConfig { 2340 return rule.config 2341 } 2342 2343 func (rule *aclRuleAllowWithWarnLoggerMatchAllStop) getConfig(ctx context.Context) *ruleConfig { 2344 return rule.config 2345 } 2346 2347 func (rule *aclRuleAllowWithErrorLoggerMatchAllStop) getConfig(ctx context.Context) *ruleConfig { 2348 return rule.config 2349 } 2350 2351 func (rule *aclRuleAllowWithDebugLoggerStop) getConfig(ctx context.Context) *ruleConfig { 2352 return rule.config 2353 } 2354 2355 func (rule *aclRuleAllowWithInfoLoggerStop) getConfig(ctx context.Context) *ruleConfig { 2356 return rule.config 2357 } 2358 2359 func (rule *aclRuleAllowWithWarnLoggerStop) getConfig(ctx context.Context) *ruleConfig { 2360 return rule.config 2361 } 2362 2363 func (rule *aclRuleAllowWithErrorLoggerStop) getConfig(ctx context.Context) *ruleConfig { 2364 return rule.config 2365 } 2366 2367 func (rule *aclRuleAllowWithDebugLoggerMatchAny) getConfig(ctx context.Context) *ruleConfig { 2368 return rule.config 2369 } 2370 2371 func (rule *aclRuleAllowWithInfoLoggerMatchAny) getConfig(ctx context.Context) *ruleConfig { 2372 return rule.config 2373 } 2374 2375 func (rule *aclRuleAllowWithWarnLoggerMatchAny) getConfig(ctx context.Context) *ruleConfig { 2376 return rule.config 2377 } 2378 2379 func (rule *aclRuleAllowWithErrorLoggerMatchAny) getConfig(ctx context.Context) *ruleConfig { 2380 return rule.config 2381 } 2382 2383 func (rule *aclRuleAllowWithDebugLoggerMatchAll) getConfig(ctx context.Context) *ruleConfig { 2384 return rule.config 2385 } 2386 2387 func (rule *aclRuleAllowWithInfoLoggerMatchAll) getConfig(ctx context.Context) *ruleConfig { 2388 return rule.config 2389 } 2390 2391 func (rule *aclRuleAllowWithWarnLoggerMatchAll) getConfig(ctx context.Context) *ruleConfig { 2392 return rule.config 2393 } 2394 2395 func (rule *aclRuleAllowWithErrorLoggerMatchAll) getConfig(ctx context.Context) *ruleConfig { 2396 return rule.config 2397 } 2398 2399 func (rule *aclRuleAllowWithDebugLogger) getConfig(ctx context.Context) *ruleConfig { 2400 return rule.config 2401 } 2402 2403 func (rule *aclRuleAllowWithInfoLogger) getConfig(ctx context.Context) *ruleConfig { 2404 return rule.config 2405 } 2406 2407 func (rule *aclRuleAllowWithWarnLogger) getConfig(ctx context.Context) *ruleConfig { 2408 return rule.config 2409 } 2410 2411 func (rule *aclRuleAllowWithErrorLogger) getConfig(ctx context.Context) *ruleConfig { 2412 return rule.config 2413 } 2414 2415 func (rule *aclRuleAllowWithCounterMatchAnyStop) getConfig(ctx context.Context) *ruleConfig { 2416 return rule.config 2417 } 2418 2419 func (rule *aclRuleAllowWithCounterMatchAllStop) getConfig(ctx context.Context) *ruleConfig { 2420 return rule.config 2421 } 2422 2423 func (rule *aclRuleAllowWithCounterStop) getConfig(ctx context.Context) *ruleConfig { 2424 return rule.config 2425 } 2426 2427 func (rule *aclRuleAllowWithCounterMatchAny) getConfig(ctx context.Context) *ruleConfig { 2428 return rule.config 2429 } 2430 2431 func (rule *aclRuleAllowWithCounterMatchAll) getConfig(ctx context.Context) *ruleConfig { 2432 return rule.config 2433 } 2434 2435 func (rule *aclRuleAllowWithCounter) getConfig(ctx context.Context) *ruleConfig { 2436 return rule.config 2437 } 2438 2439 func (rule *aclRuleAllowWithDebugLoggerCounterMatchAnyStop) getConfig(ctx context.Context) *ruleConfig { 2440 return rule.config 2441 } 2442 2443 func (rule *aclRuleAllowWithInfoLoggerCounterMatchAnyStop) getConfig(ctx context.Context) *ruleConfig { 2444 return rule.config 2445 } 2446 2447 func (rule *aclRuleAllowWithWarnLoggerCounterMatchAnyStop) getConfig(ctx context.Context) *ruleConfig { 2448 return rule.config 2449 } 2450 2451 func (rule *aclRuleAllowWithErrorLoggerCounterMatchAnyStop) getConfig(ctx context.Context) *ruleConfig { 2452 return rule.config 2453 } 2454 2455 func (rule *aclRuleAllowWithDebugLoggerCounterMatchAllStop) getConfig(ctx context.Context) *ruleConfig { 2456 return rule.config 2457 } 2458 2459 func (rule *aclRuleAllowWithInfoLoggerCounterMatchAllStop) getConfig(ctx context.Context) *ruleConfig { 2460 return rule.config 2461 } 2462 2463 func (rule *aclRuleAllowWithWarnLoggerCounterMatchAllStop) getConfig(ctx context.Context) *ruleConfig { 2464 return rule.config 2465 } 2466 2467 func (rule *aclRuleAllowWithErrorLoggerCounterMatchAllStop) getConfig(ctx context.Context) *ruleConfig { 2468 return rule.config 2469 } 2470 2471 func (rule *aclRuleAllowWithDebugLoggerCounterStop) getConfig(ctx context.Context) *ruleConfig { 2472 return rule.config 2473 } 2474 2475 func (rule *aclRuleAllowWithInfoLoggerCounterStop) getConfig(ctx context.Context) *ruleConfig { 2476 return rule.config 2477 } 2478 2479 func (rule *aclRuleAllowWithWarnLoggerCounterStop) getConfig(ctx context.Context) *ruleConfig { 2480 return rule.config 2481 } 2482 2483 func (rule *aclRuleAllowWithErrorLoggerCounterStop) getConfig(ctx context.Context) *ruleConfig { 2484 return rule.config 2485 } 2486 2487 func (rule *aclRuleAllowWithDebugLoggerCounterMatchAny) getConfig(ctx context.Context) *ruleConfig { 2488 return rule.config 2489 } 2490 2491 func (rule *aclRuleAllowWithInfoLoggerCounterMatchAny) getConfig(ctx context.Context) *ruleConfig { 2492 return rule.config 2493 } 2494 2495 func (rule *aclRuleAllowWithWarnLoggerCounterMatchAny) getConfig(ctx context.Context) *ruleConfig { 2496 return rule.config 2497 } 2498 2499 func (rule *aclRuleAllowWithErrorLoggerCounterMatchAny) getConfig(ctx context.Context) *ruleConfig { 2500 return rule.config 2501 } 2502 2503 func (rule *aclRuleAllowWithDebugLoggerCounterMatchAll) getConfig(ctx context.Context) *ruleConfig { 2504 return rule.config 2505 } 2506 2507 func (rule *aclRuleAllowWithInfoLoggerCounterMatchAll) getConfig(ctx context.Context) *ruleConfig { 2508 return rule.config 2509 } 2510 2511 func (rule *aclRuleAllowWithWarnLoggerCounterMatchAll) getConfig(ctx context.Context) *ruleConfig { 2512 return rule.config 2513 } 2514 2515 func (rule *aclRuleAllowWithErrorLoggerCounterMatchAll) getConfig(ctx context.Context) *ruleConfig { 2516 return rule.config 2517 } 2518 2519 func (rule *aclRuleAllowWithDebugLoggerCounter) getConfig(ctx context.Context) *ruleConfig { 2520 return rule.config 2521 } 2522 2523 func (rule *aclRuleAllowWithInfoLoggerCounter) getConfig(ctx context.Context) *ruleConfig { 2524 return rule.config 2525 } 2526 2527 func (rule *aclRuleAllowWithWarnLoggerCounter) getConfig(ctx context.Context) *ruleConfig { 2528 return rule.config 2529 } 2530 2531 func (rule *aclRuleAllowWithErrorLoggerCounter) getConfig(ctx context.Context) *ruleConfig { 2532 return rule.config 2533 } 2534 2535 func (rule *aclRuleDenyMatchAnyStop) getConfig(ctx context.Context) *ruleConfig { 2536 return rule.config 2537 } 2538 2539 func (rule *aclRuleDenyMatchAllStop) getConfig(ctx context.Context) *ruleConfig { 2540 return rule.config 2541 } 2542 2543 func (rule *aclRuleDenyStop) getConfig(ctx context.Context) *ruleConfig { 2544 return rule.config 2545 } 2546 2547 func (rule *aclRuleDenyMatchAny) getConfig(ctx context.Context) *ruleConfig { 2548 return rule.config 2549 } 2550 2551 func (rule *aclRuleDenyMatchAll) getConfig(ctx context.Context) *ruleConfig { 2552 return rule.config 2553 } 2554 2555 func (rule *aclRuleDeny) getConfig(ctx context.Context) *ruleConfig { 2556 return rule.config 2557 } 2558 2559 func (rule *aclRuleDenyWithDebugLoggerMatchAnyStop) getConfig(ctx context.Context) *ruleConfig { 2560 return rule.config 2561 } 2562 2563 func (rule *aclRuleDenyWithInfoLoggerMatchAnyStop) getConfig(ctx context.Context) *ruleConfig { 2564 return rule.config 2565 } 2566 2567 func (rule *aclRuleDenyWithWarnLoggerMatchAnyStop) getConfig(ctx context.Context) *ruleConfig { 2568 return rule.config 2569 } 2570 2571 func (rule *aclRuleDenyWithErrorLoggerMatchAnyStop) getConfig(ctx context.Context) *ruleConfig { 2572 return rule.config 2573 } 2574 2575 func (rule *aclRuleDenyWithDebugLoggerMatchAllStop) getConfig(ctx context.Context) *ruleConfig { 2576 return rule.config 2577 } 2578 2579 func (rule *aclRuleDenyWithInfoLoggerMatchAllStop) getConfig(ctx context.Context) *ruleConfig { 2580 return rule.config 2581 } 2582 2583 func (rule *aclRuleDenyWithWarnLoggerMatchAllStop) getConfig(ctx context.Context) *ruleConfig { 2584 return rule.config 2585 } 2586 2587 func (rule *aclRuleDenyWithErrorLoggerMatchAllStop) getConfig(ctx context.Context) *ruleConfig { 2588 return rule.config 2589 } 2590 2591 func (rule *aclRuleDenyWithDebugLoggerStop) getConfig(ctx context.Context) *ruleConfig { 2592 return rule.config 2593 } 2594 2595 func (rule *aclRuleDenyWithInfoLoggerStop) getConfig(ctx context.Context) *ruleConfig { 2596 return rule.config 2597 } 2598 2599 func (rule *aclRuleDenyWithWarnLoggerStop) getConfig(ctx context.Context) *ruleConfig { 2600 return rule.config 2601 } 2602 2603 func (rule *aclRuleDenyWithErrorLoggerStop) getConfig(ctx context.Context) *ruleConfig { 2604 return rule.config 2605 } 2606 2607 func (rule *aclRuleDenyWithDebugLoggerMatchAny) getConfig(ctx context.Context) *ruleConfig { 2608 return rule.config 2609 } 2610 2611 func (rule *aclRuleDenyWithInfoLoggerMatchAny) getConfig(ctx context.Context) *ruleConfig { 2612 return rule.config 2613 } 2614 2615 func (rule *aclRuleDenyWithWarnLoggerMatchAny) getConfig(ctx context.Context) *ruleConfig { 2616 return rule.config 2617 } 2618 2619 func (rule *aclRuleDenyWithErrorLoggerMatchAny) getConfig(ctx context.Context) *ruleConfig { 2620 return rule.config 2621 } 2622 2623 func (rule *aclRuleDenyWithDebugLoggerMatchAll) getConfig(ctx context.Context) *ruleConfig { 2624 return rule.config 2625 } 2626 2627 func (rule *aclRuleDenyWithInfoLoggerMatchAll) getConfig(ctx context.Context) *ruleConfig { 2628 return rule.config 2629 } 2630 2631 func (rule *aclRuleDenyWithWarnLoggerMatchAll) getConfig(ctx context.Context) *ruleConfig { 2632 return rule.config 2633 } 2634 2635 func (rule *aclRuleDenyWithErrorLoggerMatchAll) getConfig(ctx context.Context) *ruleConfig { 2636 return rule.config 2637 } 2638 2639 func (rule *aclRuleDenyWithDebugLogger) getConfig(ctx context.Context) *ruleConfig { 2640 return rule.config 2641 } 2642 2643 func (rule *aclRuleDenyWithInfoLogger) getConfig(ctx context.Context) *ruleConfig { 2644 return rule.config 2645 } 2646 2647 func (rule *aclRuleDenyWithWarnLogger) getConfig(ctx context.Context) *ruleConfig { 2648 return rule.config 2649 } 2650 2651 func (rule *aclRuleDenyWithErrorLogger) getConfig(ctx context.Context) *ruleConfig { 2652 return rule.config 2653 } 2654 2655 func (rule *aclRuleDenyWithCounterMatchAnyStop) getConfig(ctx context.Context) *ruleConfig { 2656 return rule.config 2657 } 2658 2659 func (rule *aclRuleDenyWithCounterMatchAllStop) getConfig(ctx context.Context) *ruleConfig { 2660 return rule.config 2661 } 2662 2663 func (rule *aclRuleDenyWithCounterStop) getConfig(ctx context.Context) *ruleConfig { 2664 return rule.config 2665 } 2666 2667 func (rule *aclRuleDenyWithCounterMatchAny) getConfig(ctx context.Context) *ruleConfig { 2668 return rule.config 2669 } 2670 2671 func (rule *aclRuleDenyWithCounterMatchAll) getConfig(ctx context.Context) *ruleConfig { 2672 return rule.config 2673 } 2674 2675 func (rule *aclRuleDenyWithCounter) getConfig(ctx context.Context) *ruleConfig { 2676 return rule.config 2677 } 2678 2679 func (rule *aclRuleDenyWithDebugLoggerCounterMatchAnyStop) getConfig(ctx context.Context) *ruleConfig { 2680 return rule.config 2681 } 2682 2683 func (rule *aclRuleDenyWithInfoLoggerCounterMatchAnyStop) getConfig(ctx context.Context) *ruleConfig { 2684 return rule.config 2685 } 2686 2687 func (rule *aclRuleDenyWithWarnLoggerCounterMatchAnyStop) getConfig(ctx context.Context) *ruleConfig { 2688 return rule.config 2689 } 2690 2691 func (rule *aclRuleDenyWithErrorLoggerCounterMatchAnyStop) getConfig(ctx context.Context) *ruleConfig { 2692 return rule.config 2693 } 2694 2695 func (rule *aclRuleDenyWithDebugLoggerCounterMatchAllStop) getConfig(ctx context.Context) *ruleConfig { 2696 return rule.config 2697 } 2698 2699 func (rule *aclRuleDenyWithInfoLoggerCounterMatchAllStop) getConfig(ctx context.Context) *ruleConfig { 2700 return rule.config 2701 } 2702 2703 func (rule *aclRuleDenyWithWarnLoggerCounterMatchAllStop) getConfig(ctx context.Context) *ruleConfig { 2704 return rule.config 2705 } 2706 2707 func (rule *aclRuleDenyWithErrorLoggerCounterMatchAllStop) getConfig(ctx context.Context) *ruleConfig { 2708 return rule.config 2709 } 2710 2711 func (rule *aclRuleDenyWithDebugLoggerCounterStop) getConfig(ctx context.Context) *ruleConfig { 2712 return rule.config 2713 } 2714 2715 func (rule *aclRuleDenyWithInfoLoggerCounterStop) getConfig(ctx context.Context) *ruleConfig { 2716 return rule.config 2717 } 2718 2719 func (rule *aclRuleDenyWithWarnLoggerCounterStop) getConfig(ctx context.Context) *ruleConfig { 2720 return rule.config 2721 } 2722 2723 func (rule *aclRuleDenyWithErrorLoggerCounterStop) getConfig(ctx context.Context) *ruleConfig { 2724 return rule.config 2725 } 2726 2727 func (rule *aclRuleDenyWithDebugLoggerCounterMatchAny) getConfig(ctx context.Context) *ruleConfig { 2728 return rule.config 2729 } 2730 2731 func (rule *aclRuleDenyWithInfoLoggerCounterMatchAny) getConfig(ctx context.Context) *ruleConfig { 2732 return rule.config 2733 } 2734 2735 func (rule *aclRuleDenyWithWarnLoggerCounterMatchAny) getConfig(ctx context.Context) *ruleConfig { 2736 return rule.config 2737 } 2738 2739 func (rule *aclRuleDenyWithErrorLoggerCounterMatchAny) getConfig(ctx context.Context) *ruleConfig { 2740 return rule.config 2741 } 2742 2743 func (rule *aclRuleDenyWithDebugLoggerCounterMatchAll) getConfig(ctx context.Context) *ruleConfig { 2744 return rule.config 2745 } 2746 2747 func (rule *aclRuleDenyWithInfoLoggerCounterMatchAll) getConfig(ctx context.Context) *ruleConfig { 2748 return rule.config 2749 } 2750 2751 func (rule *aclRuleDenyWithWarnLoggerCounterMatchAll) getConfig(ctx context.Context) *ruleConfig { 2752 return rule.config 2753 } 2754 2755 func (rule *aclRuleDenyWithErrorLoggerCounterMatchAll) getConfig(ctx context.Context) *ruleConfig { 2756 return rule.config 2757 } 2758 2759 func (rule *aclRuleDenyWithDebugLoggerCounter) getConfig(ctx context.Context) *ruleConfig { 2760 return rule.config 2761 } 2762 2763 func (rule *aclRuleDenyWithInfoLoggerCounter) getConfig(ctx context.Context) *ruleConfig { 2764 return rule.config 2765 } 2766 2767 func (rule *aclRuleDenyWithWarnLoggerCounter) getConfig(ctx context.Context) *ruleConfig { 2768 return rule.config 2769 } 2770 2771 func (rule *aclRuleDenyWithErrorLoggerCounter) getConfig(ctx context.Context) *ruleConfig { 2772 return rule.config 2773 } 2774 2775 func (rule *aclRuleFieldCheckAllowMatchAnyStop) getConfig(ctx context.Context) *ruleConfig { 2776 return rule.config 2777 } 2778 2779 func (rule *aclRuleFieldCheckAllowMatchAllStop) getConfig(ctx context.Context) *ruleConfig { 2780 return rule.config 2781 } 2782 2783 func (rule *aclRuleFieldCheckAllowStop) getConfig(ctx context.Context) *ruleConfig { 2784 return rule.config 2785 } 2786 2787 func (rule *aclRuleFieldCheckAllowMatchAny) getConfig(ctx context.Context) *ruleConfig { 2788 return rule.config 2789 } 2790 2791 func (rule *aclRuleFieldCheckAllowMatchAll) getConfig(ctx context.Context) *ruleConfig { 2792 return rule.config 2793 } 2794 2795 func (rule *aclRuleFieldCheckAllow) getConfig(ctx context.Context) *ruleConfig { 2796 return rule.config 2797 } 2798 2799 func (rule *aclRuleFieldCheckAllowWithDebugLoggerMatchAnyStop) getConfig(ctx context.Context) *ruleConfig { 2800 return rule.config 2801 } 2802 2803 func (rule *aclRuleFieldCheckAllowWithInfoLoggerMatchAnyStop) getConfig(ctx context.Context) *ruleConfig { 2804 return rule.config 2805 } 2806 2807 func (rule *aclRuleFieldCheckAllowWithWarnLoggerMatchAnyStop) getConfig(ctx context.Context) *ruleConfig { 2808 return rule.config 2809 } 2810 2811 func (rule *aclRuleFieldCheckAllowWithErrorLoggerMatchAnyStop) getConfig(ctx context.Context) *ruleConfig { 2812 return rule.config 2813 } 2814 2815 func (rule *aclRuleFieldCheckAllowWithDebugLoggerMatchAllStop) getConfig(ctx context.Context) *ruleConfig { 2816 return rule.config 2817 } 2818 2819 func (rule *aclRuleFieldCheckAllowWithInfoLoggerMatchAllStop) getConfig(ctx context.Context) *ruleConfig { 2820 return rule.config 2821 } 2822 2823 func (rule *aclRuleFieldCheckAllowWithWarnLoggerMatchAllStop) getConfig(ctx context.Context) *ruleConfig { 2824 return rule.config 2825 } 2826 2827 func (rule *aclRuleFieldCheckAllowWithErrorLoggerMatchAllStop) getConfig(ctx context.Context) *ruleConfig { 2828 return rule.config 2829 } 2830 2831 func (rule *aclRuleFieldCheckAllowWithDebugLoggerStop) getConfig(ctx context.Context) *ruleConfig { 2832 return rule.config 2833 } 2834 2835 func (rule *aclRuleFieldCheckAllowWithInfoLoggerStop) getConfig(ctx context.Context) *ruleConfig { 2836 return rule.config 2837 } 2838 2839 func (rule *aclRuleFieldCheckAllowWithWarnLoggerStop) getConfig(ctx context.Context) *ruleConfig { 2840 return rule.config 2841 } 2842 2843 func (rule *aclRuleFieldCheckAllowWithErrorLoggerStop) getConfig(ctx context.Context) *ruleConfig { 2844 return rule.config 2845 } 2846 2847 func (rule *aclRuleFieldCheckAllowWithDebugLoggerMatchAny) getConfig(ctx context.Context) *ruleConfig { 2848 return rule.config 2849 } 2850 2851 func (rule *aclRuleFieldCheckAllowWithInfoLoggerMatchAny) getConfig(ctx context.Context) *ruleConfig { 2852 return rule.config 2853 } 2854 2855 func (rule *aclRuleFieldCheckAllowWithWarnLoggerMatchAny) getConfig(ctx context.Context) *ruleConfig { 2856 return rule.config 2857 } 2858 2859 func (rule *aclRuleFieldCheckAllowWithErrorLoggerMatchAny) getConfig(ctx context.Context) *ruleConfig { 2860 return rule.config 2861 } 2862 2863 func (rule *aclRuleFieldCheckAllowWithDebugLoggerMatchAll) getConfig(ctx context.Context) *ruleConfig { 2864 return rule.config 2865 } 2866 2867 func (rule *aclRuleFieldCheckAllowWithInfoLoggerMatchAll) getConfig(ctx context.Context) *ruleConfig { 2868 return rule.config 2869 } 2870 2871 func (rule *aclRuleFieldCheckAllowWithWarnLoggerMatchAll) getConfig(ctx context.Context) *ruleConfig { 2872 return rule.config 2873 } 2874 2875 func (rule *aclRuleFieldCheckAllowWithErrorLoggerMatchAll) getConfig(ctx context.Context) *ruleConfig { 2876 return rule.config 2877 } 2878 2879 func (rule *aclRuleFieldCheckAllowWithDebugLogger) getConfig(ctx context.Context) *ruleConfig { 2880 return rule.config 2881 } 2882 2883 func (rule *aclRuleFieldCheckAllowWithInfoLogger) getConfig(ctx context.Context) *ruleConfig { 2884 return rule.config 2885 } 2886 2887 func (rule *aclRuleFieldCheckAllowWithWarnLogger) getConfig(ctx context.Context) *ruleConfig { 2888 return rule.config 2889 } 2890 2891 func (rule *aclRuleFieldCheckAllowWithErrorLogger) getConfig(ctx context.Context) *ruleConfig { 2892 return rule.config 2893 } 2894 2895 func (rule *aclRuleFieldCheckAllowWithCounterMatchAnyStop) getConfig(ctx context.Context) *ruleConfig { 2896 return rule.config 2897 } 2898 2899 func (rule *aclRuleFieldCheckAllowWithCounterMatchAllStop) getConfig(ctx context.Context) *ruleConfig { 2900 return rule.config 2901 } 2902 2903 func (rule *aclRuleFieldCheckAllowWithCounterStop) getConfig(ctx context.Context) *ruleConfig { 2904 return rule.config 2905 } 2906 2907 func (rule *aclRuleFieldCheckAllowWithCounterMatchAny) getConfig(ctx context.Context) *ruleConfig { 2908 return rule.config 2909 } 2910 2911 func (rule *aclRuleFieldCheckAllowWithCounterMatchAll) getConfig(ctx context.Context) *ruleConfig { 2912 return rule.config 2913 } 2914 2915 func (rule *aclRuleFieldCheckAllowWithCounter) getConfig(ctx context.Context) *ruleConfig { 2916 return rule.config 2917 } 2918 2919 func (rule *aclRuleFieldCheckAllowWithDebugLoggerCounterMatchAnyStop) getConfig(ctx context.Context) *ruleConfig { 2920 return rule.config 2921 } 2922 2923 func (rule *aclRuleFieldCheckAllowWithInfoLoggerCounterMatchAnyStop) getConfig(ctx context.Context) *ruleConfig { 2924 return rule.config 2925 } 2926 2927 func (rule *aclRuleFieldCheckAllowWithWarnLoggerCounterMatchAnyStop) getConfig(ctx context.Context) *ruleConfig { 2928 return rule.config 2929 } 2930 2931 func (rule *aclRuleFieldCheckAllowWithErrorLoggerCounterMatchAnyStop) getConfig(ctx context.Context) *ruleConfig { 2932 return rule.config 2933 } 2934 2935 func (rule *aclRuleFieldCheckAllowWithDebugLoggerCounterMatchAllStop) getConfig(ctx context.Context) *ruleConfig { 2936 return rule.config 2937 } 2938 2939 func (rule *aclRuleFieldCheckAllowWithInfoLoggerCounterMatchAllStop) getConfig(ctx context.Context) *ruleConfig { 2940 return rule.config 2941 } 2942 2943 func (rule *aclRuleFieldCheckAllowWithWarnLoggerCounterMatchAllStop) getConfig(ctx context.Context) *ruleConfig { 2944 return rule.config 2945 } 2946 2947 func (rule *aclRuleFieldCheckAllowWithErrorLoggerCounterMatchAllStop) getConfig(ctx context.Context) *ruleConfig { 2948 return rule.config 2949 } 2950 2951 func (rule *aclRuleFieldCheckAllowWithDebugLoggerCounterStop) getConfig(ctx context.Context) *ruleConfig { 2952 return rule.config 2953 } 2954 2955 func (rule *aclRuleFieldCheckAllowWithInfoLoggerCounterStop) getConfig(ctx context.Context) *ruleConfig { 2956 return rule.config 2957 } 2958 2959 func (rule *aclRuleFieldCheckAllowWithWarnLoggerCounterStop) getConfig(ctx context.Context) *ruleConfig { 2960 return rule.config 2961 } 2962 2963 func (rule *aclRuleFieldCheckAllowWithErrorLoggerCounterStop) getConfig(ctx context.Context) *ruleConfig { 2964 return rule.config 2965 } 2966 2967 func (rule *aclRuleFieldCheckAllowWithDebugLoggerCounterMatchAny) getConfig(ctx context.Context) *ruleConfig { 2968 return rule.config 2969 } 2970 2971 func (rule *aclRuleFieldCheckAllowWithInfoLoggerCounterMatchAny) getConfig(ctx context.Context) *ruleConfig { 2972 return rule.config 2973 } 2974 2975 func (rule *aclRuleFieldCheckAllowWithWarnLoggerCounterMatchAny) getConfig(ctx context.Context) *ruleConfig { 2976 return rule.config 2977 } 2978 2979 func (rule *aclRuleFieldCheckAllowWithErrorLoggerCounterMatchAny) getConfig(ctx context.Context) *ruleConfig { 2980 return rule.config 2981 } 2982 2983 func (rule *aclRuleFieldCheckAllowWithDebugLoggerCounterMatchAll) getConfig(ctx context.Context) *ruleConfig { 2984 return rule.config 2985 } 2986 2987 func (rule *aclRuleFieldCheckAllowWithInfoLoggerCounterMatchAll) getConfig(ctx context.Context) *ruleConfig { 2988 return rule.config 2989 } 2990 2991 func (rule *aclRuleFieldCheckAllowWithWarnLoggerCounterMatchAll) getConfig(ctx context.Context) *ruleConfig { 2992 return rule.config 2993 } 2994 2995 func (rule *aclRuleFieldCheckAllowWithErrorLoggerCounterMatchAll) getConfig(ctx context.Context) *ruleConfig { 2996 return rule.config 2997 } 2998 2999 func (rule *aclRuleFieldCheckAllowWithDebugLoggerCounter) getConfig(ctx context.Context) *ruleConfig { 3000 return rule.config 3001 } 3002 3003 func (rule *aclRuleFieldCheckAllowWithInfoLoggerCounter) getConfig(ctx context.Context) *ruleConfig { 3004 return rule.config 3005 } 3006 3007 func (rule *aclRuleFieldCheckAllowWithWarnLoggerCounter) getConfig(ctx context.Context) *ruleConfig { 3008 return rule.config 3009 } 3010 3011 func (rule *aclRuleFieldCheckAllowWithErrorLoggerCounter) getConfig(ctx context.Context) *ruleConfig { 3012 return rule.config 3013 } 3014 3015 func (rule *aclRuleFieldCheckDenyMatchAnyStop) getConfig(ctx context.Context) *ruleConfig { 3016 return rule.config 3017 } 3018 3019 func (rule *aclRuleFieldCheckDenyMatchAllStop) getConfig(ctx context.Context) *ruleConfig { 3020 return rule.config 3021 } 3022 3023 func (rule *aclRuleFieldCheckDenyStop) getConfig(ctx context.Context) *ruleConfig { 3024 return rule.config 3025 } 3026 3027 func (rule *aclRuleFieldCheckDenyMatchAny) getConfig(ctx context.Context) *ruleConfig { 3028 return rule.config 3029 } 3030 3031 func (rule *aclRuleFieldCheckDenyMatchAll) getConfig(ctx context.Context) *ruleConfig { 3032 return rule.config 3033 } 3034 3035 func (rule *aclRuleFieldCheckDeny) getConfig(ctx context.Context) *ruleConfig { 3036 return rule.config 3037 } 3038 3039 func (rule *aclRuleFieldCheckDenyWithDebugLoggerMatchAnyStop) getConfig(ctx context.Context) *ruleConfig { 3040 return rule.config 3041 } 3042 3043 func (rule *aclRuleFieldCheckDenyWithInfoLoggerMatchAnyStop) getConfig(ctx context.Context) *ruleConfig { 3044 return rule.config 3045 } 3046 3047 func (rule *aclRuleFieldCheckDenyWithWarnLoggerMatchAnyStop) getConfig(ctx context.Context) *ruleConfig { 3048 return rule.config 3049 } 3050 3051 func (rule *aclRuleFieldCheckDenyWithErrorLoggerMatchAnyStop) getConfig(ctx context.Context) *ruleConfig { 3052 return rule.config 3053 } 3054 3055 func (rule *aclRuleFieldCheckDenyWithDebugLoggerMatchAllStop) getConfig(ctx context.Context) *ruleConfig { 3056 return rule.config 3057 } 3058 3059 func (rule *aclRuleFieldCheckDenyWithInfoLoggerMatchAllStop) getConfig(ctx context.Context) *ruleConfig { 3060 return rule.config 3061 } 3062 3063 func (rule *aclRuleFieldCheckDenyWithWarnLoggerMatchAllStop) getConfig(ctx context.Context) *ruleConfig { 3064 return rule.config 3065 } 3066 3067 func (rule *aclRuleFieldCheckDenyWithErrorLoggerMatchAllStop) getConfig(ctx context.Context) *ruleConfig { 3068 return rule.config 3069 } 3070 3071 func (rule *aclRuleFieldCheckDenyWithDebugLoggerStop) getConfig(ctx context.Context) *ruleConfig { 3072 return rule.config 3073 } 3074 3075 func (rule *aclRuleFieldCheckDenyWithInfoLoggerStop) getConfig(ctx context.Context) *ruleConfig { 3076 return rule.config 3077 } 3078 3079 func (rule *aclRuleFieldCheckDenyWithWarnLoggerStop) getConfig(ctx context.Context) *ruleConfig { 3080 return rule.config 3081 } 3082 3083 func (rule *aclRuleFieldCheckDenyWithErrorLoggerStop) getConfig(ctx context.Context) *ruleConfig { 3084 return rule.config 3085 } 3086 3087 func (rule *aclRuleFieldCheckDenyWithDebugLoggerMatchAny) getConfig(ctx context.Context) *ruleConfig { 3088 return rule.config 3089 } 3090 3091 func (rule *aclRuleFieldCheckDenyWithInfoLoggerMatchAny) getConfig(ctx context.Context) *ruleConfig { 3092 return rule.config 3093 } 3094 3095 func (rule *aclRuleFieldCheckDenyWithWarnLoggerMatchAny) getConfig(ctx context.Context) *ruleConfig { 3096 return rule.config 3097 } 3098 3099 func (rule *aclRuleFieldCheckDenyWithErrorLoggerMatchAny) getConfig(ctx context.Context) *ruleConfig { 3100 return rule.config 3101 } 3102 3103 func (rule *aclRuleFieldCheckDenyWithDebugLoggerMatchAll) getConfig(ctx context.Context) *ruleConfig { 3104 return rule.config 3105 } 3106 3107 func (rule *aclRuleFieldCheckDenyWithInfoLoggerMatchAll) getConfig(ctx context.Context) *ruleConfig { 3108 return rule.config 3109 } 3110 3111 func (rule *aclRuleFieldCheckDenyWithWarnLoggerMatchAll) getConfig(ctx context.Context) *ruleConfig { 3112 return rule.config 3113 } 3114 3115 func (rule *aclRuleFieldCheckDenyWithErrorLoggerMatchAll) getConfig(ctx context.Context) *ruleConfig { 3116 return rule.config 3117 } 3118 3119 func (rule *aclRuleFieldCheckDenyWithDebugLogger) getConfig(ctx context.Context) *ruleConfig { 3120 return rule.config 3121 } 3122 3123 func (rule *aclRuleFieldCheckDenyWithInfoLogger) getConfig(ctx context.Context) *ruleConfig { 3124 return rule.config 3125 } 3126 3127 func (rule *aclRuleFieldCheckDenyWithWarnLogger) getConfig(ctx context.Context) *ruleConfig { 3128 return rule.config 3129 } 3130 3131 func (rule *aclRuleFieldCheckDenyWithErrorLogger) getConfig(ctx context.Context) *ruleConfig { 3132 return rule.config 3133 } 3134 3135 func (rule *aclRuleFieldCheckDenyWithCounterMatchAnyStop) getConfig(ctx context.Context) *ruleConfig { 3136 return rule.config 3137 } 3138 3139 func (rule *aclRuleFieldCheckDenyWithCounterMatchAllStop) getConfig(ctx context.Context) *ruleConfig { 3140 return rule.config 3141 } 3142 3143 func (rule *aclRuleFieldCheckDenyWithCounterStop) getConfig(ctx context.Context) *ruleConfig { 3144 return rule.config 3145 } 3146 3147 func (rule *aclRuleFieldCheckDenyWithCounterMatchAny) getConfig(ctx context.Context) *ruleConfig { 3148 return rule.config 3149 } 3150 3151 func (rule *aclRuleFieldCheckDenyWithCounterMatchAll) getConfig(ctx context.Context) *ruleConfig { 3152 return rule.config 3153 } 3154 3155 func (rule *aclRuleFieldCheckDenyWithCounter) getConfig(ctx context.Context) *ruleConfig { 3156 return rule.config 3157 } 3158 3159 func (rule *aclRuleFieldCheckDenyWithDebugLoggerCounterMatchAnyStop) getConfig(ctx context.Context) *ruleConfig { 3160 return rule.config 3161 } 3162 3163 func (rule *aclRuleFieldCheckDenyWithInfoLoggerCounterMatchAnyStop) getConfig(ctx context.Context) *ruleConfig { 3164 return rule.config 3165 } 3166 3167 func (rule *aclRuleFieldCheckDenyWithWarnLoggerCounterMatchAnyStop) getConfig(ctx context.Context) *ruleConfig { 3168 return rule.config 3169 } 3170 3171 func (rule *aclRuleFieldCheckDenyWithErrorLoggerCounterMatchAnyStop) getConfig(ctx context.Context) *ruleConfig { 3172 return rule.config 3173 } 3174 3175 func (rule *aclRuleFieldCheckDenyWithDebugLoggerCounterMatchAllStop) getConfig(ctx context.Context) *ruleConfig { 3176 return rule.config 3177 } 3178 3179 func (rule *aclRuleFieldCheckDenyWithInfoLoggerCounterMatchAllStop) getConfig(ctx context.Context) *ruleConfig { 3180 return rule.config 3181 } 3182 3183 func (rule *aclRuleFieldCheckDenyWithWarnLoggerCounterMatchAllStop) getConfig(ctx context.Context) *ruleConfig { 3184 return rule.config 3185 } 3186 3187 func (rule *aclRuleFieldCheckDenyWithErrorLoggerCounterMatchAllStop) getConfig(ctx context.Context) *ruleConfig { 3188 return rule.config 3189 } 3190 3191 func (rule *aclRuleFieldCheckDenyWithDebugLoggerCounterStop) getConfig(ctx context.Context) *ruleConfig { 3192 return rule.config 3193 } 3194 3195 func (rule *aclRuleFieldCheckDenyWithInfoLoggerCounterStop) getConfig(ctx context.Context) *ruleConfig { 3196 return rule.config 3197 } 3198 3199 func (rule *aclRuleFieldCheckDenyWithWarnLoggerCounterStop) getConfig(ctx context.Context) *ruleConfig { 3200 return rule.config 3201 } 3202 3203 func (rule *aclRuleFieldCheckDenyWithErrorLoggerCounterStop) getConfig(ctx context.Context) *ruleConfig { 3204 return rule.config 3205 } 3206 3207 func (rule *aclRuleFieldCheckDenyWithDebugLoggerCounterMatchAny) getConfig(ctx context.Context) *ruleConfig { 3208 return rule.config 3209 } 3210 3211 func (rule *aclRuleFieldCheckDenyWithInfoLoggerCounterMatchAny) getConfig(ctx context.Context) *ruleConfig { 3212 return rule.config 3213 } 3214 3215 func (rule *aclRuleFieldCheckDenyWithWarnLoggerCounterMatchAny) getConfig(ctx context.Context) *ruleConfig { 3216 return rule.config 3217 } 3218 3219 func (rule *aclRuleFieldCheckDenyWithErrorLoggerCounterMatchAny) getConfig(ctx context.Context) *ruleConfig { 3220 return rule.config 3221 } 3222 3223 func (rule *aclRuleFieldCheckDenyWithDebugLoggerCounterMatchAll) getConfig(ctx context.Context) *ruleConfig { 3224 return rule.config 3225 } 3226 3227 func (rule *aclRuleFieldCheckDenyWithInfoLoggerCounterMatchAll) getConfig(ctx context.Context) *ruleConfig { 3228 return rule.config 3229 } 3230 3231 func (rule *aclRuleFieldCheckDenyWithWarnLoggerCounterMatchAll) getConfig(ctx context.Context) *ruleConfig { 3232 return rule.config 3233 } 3234 3235 func (rule *aclRuleFieldCheckDenyWithErrorLoggerCounterMatchAll) getConfig(ctx context.Context) *ruleConfig { 3236 return rule.config 3237 } 3238 3239 func (rule *aclRuleFieldCheckDenyWithDebugLoggerCounter) getConfig(ctx context.Context) *ruleConfig { 3240 return rule.config 3241 } 3242 3243 func (rule *aclRuleFieldCheckDenyWithInfoLoggerCounter) getConfig(ctx context.Context) *ruleConfig { 3244 return rule.config 3245 } 3246 3247 func (rule *aclRuleFieldCheckDenyWithWarnLoggerCounter) getConfig(ctx context.Context) *ruleConfig { 3248 return rule.config 3249 } 3250 3251 func (rule *aclRuleFieldCheckDenyWithErrorLoggerCounter) getConfig(ctx context.Context) *ruleConfig { 3252 return rule.config 3253 } 3254 3255 func (rule *aclRuleAllowMatchAnyStop) emptyFields(ctx context.Context) { 3256 rule.fields = make([]string, 0) 3257 } 3258 3259 func (rule *aclRuleAllowMatchAllStop) emptyFields(ctx context.Context) { 3260 rule.fields = make([]string, 0) 3261 } 3262 3263 func (rule *aclRuleAllowStop) emptyFields(ctx context.Context) { 3264 rule.field = "" 3265 } 3266 3267 func (rule *aclRuleAllowMatchAny) emptyFields(ctx context.Context) { 3268 rule.fields = make([]string, 0) 3269 } 3270 3271 func (rule *aclRuleAllowMatchAll) emptyFields(ctx context.Context) { 3272 rule.fields = make([]string, 0) 3273 } 3274 3275 func (rule *aclRuleAllow) emptyFields(ctx context.Context) { 3276 rule.field = "" 3277 } 3278 3279 func (rule *aclRuleAllowWithDebugLoggerMatchAnyStop) emptyFields(ctx context.Context) { 3280 rule.fields = make([]string, 0) 3281 } 3282 3283 func (rule *aclRuleAllowWithInfoLoggerMatchAnyStop) emptyFields(ctx context.Context) { 3284 rule.fields = make([]string, 0) 3285 } 3286 3287 func (rule *aclRuleAllowWithWarnLoggerMatchAnyStop) emptyFields(ctx context.Context) { 3288 rule.fields = make([]string, 0) 3289 } 3290 3291 func (rule *aclRuleAllowWithErrorLoggerMatchAnyStop) emptyFields(ctx context.Context) { 3292 rule.fields = make([]string, 0) 3293 } 3294 3295 func (rule *aclRuleAllowWithDebugLoggerMatchAllStop) emptyFields(ctx context.Context) { 3296 rule.fields = make([]string, 0) 3297 } 3298 3299 func (rule *aclRuleAllowWithInfoLoggerMatchAllStop) emptyFields(ctx context.Context) { 3300 rule.fields = make([]string, 0) 3301 } 3302 3303 func (rule *aclRuleAllowWithWarnLoggerMatchAllStop) emptyFields(ctx context.Context) { 3304 rule.fields = make([]string, 0) 3305 } 3306 3307 func (rule *aclRuleAllowWithErrorLoggerMatchAllStop) emptyFields(ctx context.Context) { 3308 rule.fields = make([]string, 0) 3309 } 3310 3311 func (rule *aclRuleAllowWithDebugLoggerStop) emptyFields(ctx context.Context) { 3312 rule.field = "" 3313 } 3314 3315 func (rule *aclRuleAllowWithInfoLoggerStop) emptyFields(ctx context.Context) { 3316 rule.field = "" 3317 } 3318 3319 func (rule *aclRuleAllowWithWarnLoggerStop) emptyFields(ctx context.Context) { 3320 rule.field = "" 3321 } 3322 3323 func (rule *aclRuleAllowWithErrorLoggerStop) emptyFields(ctx context.Context) { 3324 rule.field = "" 3325 } 3326 3327 func (rule *aclRuleAllowWithDebugLoggerMatchAny) emptyFields(ctx context.Context) { 3328 rule.fields = make([]string, 0) 3329 } 3330 3331 func (rule *aclRuleAllowWithInfoLoggerMatchAny) emptyFields(ctx context.Context) { 3332 rule.fields = make([]string, 0) 3333 } 3334 3335 func (rule *aclRuleAllowWithWarnLoggerMatchAny) emptyFields(ctx context.Context) { 3336 rule.fields = make([]string, 0) 3337 } 3338 3339 func (rule *aclRuleAllowWithErrorLoggerMatchAny) emptyFields(ctx context.Context) { 3340 rule.fields = make([]string, 0) 3341 } 3342 3343 func (rule *aclRuleAllowWithDebugLoggerMatchAll) emptyFields(ctx context.Context) { 3344 rule.fields = make([]string, 0) 3345 } 3346 3347 func (rule *aclRuleAllowWithInfoLoggerMatchAll) emptyFields(ctx context.Context) { 3348 rule.fields = make([]string, 0) 3349 } 3350 3351 func (rule *aclRuleAllowWithWarnLoggerMatchAll) emptyFields(ctx context.Context) { 3352 rule.fields = make([]string, 0) 3353 } 3354 3355 func (rule *aclRuleAllowWithErrorLoggerMatchAll) emptyFields(ctx context.Context) { 3356 rule.fields = make([]string, 0) 3357 } 3358 3359 func (rule *aclRuleAllowWithDebugLogger) emptyFields(ctx context.Context) { 3360 rule.field = "" 3361 } 3362 3363 func (rule *aclRuleAllowWithInfoLogger) emptyFields(ctx context.Context) { 3364 rule.field = "" 3365 } 3366 3367 func (rule *aclRuleAllowWithWarnLogger) emptyFields(ctx context.Context) { 3368 rule.field = "" 3369 } 3370 3371 func (rule *aclRuleAllowWithErrorLogger) emptyFields(ctx context.Context) { 3372 rule.field = "" 3373 } 3374 3375 func (rule *aclRuleAllowWithCounterMatchAnyStop) emptyFields(ctx context.Context) { 3376 rule.fields = make([]string, 0) 3377 } 3378 3379 func (rule *aclRuleAllowWithCounterMatchAllStop) emptyFields(ctx context.Context) { 3380 rule.fields = make([]string, 0) 3381 } 3382 3383 func (rule *aclRuleAllowWithCounterStop) emptyFields(ctx context.Context) { 3384 rule.field = "" 3385 } 3386 3387 func (rule *aclRuleAllowWithCounterMatchAny) emptyFields(ctx context.Context) { 3388 rule.fields = make([]string, 0) 3389 } 3390 3391 func (rule *aclRuleAllowWithCounterMatchAll) emptyFields(ctx context.Context) { 3392 rule.fields = make([]string, 0) 3393 } 3394 3395 func (rule *aclRuleAllowWithCounter) emptyFields(ctx context.Context) { 3396 rule.field = "" 3397 } 3398 3399 func (rule *aclRuleAllowWithDebugLoggerCounterMatchAnyStop) emptyFields(ctx context.Context) { 3400 rule.fields = make([]string, 0) 3401 } 3402 3403 func (rule *aclRuleAllowWithInfoLoggerCounterMatchAnyStop) emptyFields(ctx context.Context) { 3404 rule.fields = make([]string, 0) 3405 } 3406 3407 func (rule *aclRuleAllowWithWarnLoggerCounterMatchAnyStop) emptyFields(ctx context.Context) { 3408 rule.fields = make([]string, 0) 3409 } 3410 3411 func (rule *aclRuleAllowWithErrorLoggerCounterMatchAnyStop) emptyFields(ctx context.Context) { 3412 rule.fields = make([]string, 0) 3413 } 3414 3415 func (rule *aclRuleAllowWithDebugLoggerCounterMatchAllStop) emptyFields(ctx context.Context) { 3416 rule.fields = make([]string, 0) 3417 } 3418 3419 func (rule *aclRuleAllowWithInfoLoggerCounterMatchAllStop) emptyFields(ctx context.Context) { 3420 rule.fields = make([]string, 0) 3421 } 3422 3423 func (rule *aclRuleAllowWithWarnLoggerCounterMatchAllStop) emptyFields(ctx context.Context) { 3424 rule.fields = make([]string, 0) 3425 } 3426 3427 func (rule *aclRuleAllowWithErrorLoggerCounterMatchAllStop) emptyFields(ctx context.Context) { 3428 rule.fields = make([]string, 0) 3429 } 3430 3431 func (rule *aclRuleAllowWithDebugLoggerCounterStop) emptyFields(ctx context.Context) { 3432 rule.field = "" 3433 } 3434 3435 func (rule *aclRuleAllowWithInfoLoggerCounterStop) emptyFields(ctx context.Context) { 3436 rule.field = "" 3437 } 3438 3439 func (rule *aclRuleAllowWithWarnLoggerCounterStop) emptyFields(ctx context.Context) { 3440 rule.field = "" 3441 } 3442 3443 func (rule *aclRuleAllowWithErrorLoggerCounterStop) emptyFields(ctx context.Context) { 3444 rule.field = "" 3445 } 3446 3447 func (rule *aclRuleAllowWithDebugLoggerCounterMatchAny) emptyFields(ctx context.Context) { 3448 rule.fields = make([]string, 0) 3449 } 3450 3451 func (rule *aclRuleAllowWithInfoLoggerCounterMatchAny) emptyFields(ctx context.Context) { 3452 rule.fields = make([]string, 0) 3453 } 3454 3455 func (rule *aclRuleAllowWithWarnLoggerCounterMatchAny) emptyFields(ctx context.Context) { 3456 rule.fields = make([]string, 0) 3457 } 3458 3459 func (rule *aclRuleAllowWithErrorLoggerCounterMatchAny) emptyFields(ctx context.Context) { 3460 rule.fields = make([]string, 0) 3461 } 3462 3463 func (rule *aclRuleAllowWithDebugLoggerCounterMatchAll) emptyFields(ctx context.Context) { 3464 rule.fields = make([]string, 0) 3465 } 3466 3467 func (rule *aclRuleAllowWithInfoLoggerCounterMatchAll) emptyFields(ctx context.Context) { 3468 rule.fields = make([]string, 0) 3469 } 3470 3471 func (rule *aclRuleAllowWithWarnLoggerCounterMatchAll) emptyFields(ctx context.Context) { 3472 rule.fields = make([]string, 0) 3473 } 3474 3475 func (rule *aclRuleAllowWithErrorLoggerCounterMatchAll) emptyFields(ctx context.Context) { 3476 rule.fields = make([]string, 0) 3477 } 3478 3479 func (rule *aclRuleAllowWithDebugLoggerCounter) emptyFields(ctx context.Context) { 3480 rule.field = "" 3481 } 3482 3483 func (rule *aclRuleAllowWithInfoLoggerCounter) emptyFields(ctx context.Context) { 3484 rule.field = "" 3485 } 3486 3487 func (rule *aclRuleAllowWithWarnLoggerCounter) emptyFields(ctx context.Context) { 3488 rule.field = "" 3489 } 3490 3491 func (rule *aclRuleAllowWithErrorLoggerCounter) emptyFields(ctx context.Context) { 3492 rule.field = "" 3493 } 3494 3495 func (rule *aclRuleDenyMatchAnyStop) emptyFields(ctx context.Context) { 3496 rule.fields = make([]string, 0) 3497 } 3498 3499 func (rule *aclRuleDenyMatchAllStop) emptyFields(ctx context.Context) { 3500 rule.fields = make([]string, 0) 3501 } 3502 3503 func (rule *aclRuleDenyStop) emptyFields(ctx context.Context) { 3504 rule.field = "" 3505 } 3506 3507 func (rule *aclRuleDenyMatchAny) emptyFields(ctx context.Context) { 3508 rule.fields = make([]string, 0) 3509 } 3510 3511 func (rule *aclRuleDenyMatchAll) emptyFields(ctx context.Context) { 3512 rule.fields = make([]string, 0) 3513 } 3514 3515 func (rule *aclRuleDeny) emptyFields(ctx context.Context) { 3516 rule.field = "" 3517 } 3518 3519 func (rule *aclRuleDenyWithDebugLoggerMatchAnyStop) emptyFields(ctx context.Context) { 3520 rule.fields = make([]string, 0) 3521 } 3522 3523 func (rule *aclRuleDenyWithInfoLoggerMatchAnyStop) emptyFields(ctx context.Context) { 3524 rule.fields = make([]string, 0) 3525 } 3526 3527 func (rule *aclRuleDenyWithWarnLoggerMatchAnyStop) emptyFields(ctx context.Context) { 3528 rule.fields = make([]string, 0) 3529 } 3530 3531 func (rule *aclRuleDenyWithErrorLoggerMatchAnyStop) emptyFields(ctx context.Context) { 3532 rule.fields = make([]string, 0) 3533 } 3534 3535 func (rule *aclRuleDenyWithDebugLoggerMatchAllStop) emptyFields(ctx context.Context) { 3536 rule.fields = make([]string, 0) 3537 } 3538 3539 func (rule *aclRuleDenyWithInfoLoggerMatchAllStop) emptyFields(ctx context.Context) { 3540 rule.fields = make([]string, 0) 3541 } 3542 3543 func (rule *aclRuleDenyWithWarnLoggerMatchAllStop) emptyFields(ctx context.Context) { 3544 rule.fields = make([]string, 0) 3545 } 3546 3547 func (rule *aclRuleDenyWithErrorLoggerMatchAllStop) emptyFields(ctx context.Context) { 3548 rule.fields = make([]string, 0) 3549 } 3550 3551 func (rule *aclRuleDenyWithDebugLoggerStop) emptyFields(ctx context.Context) { 3552 rule.field = "" 3553 } 3554 3555 func (rule *aclRuleDenyWithInfoLoggerStop) emptyFields(ctx context.Context) { 3556 rule.field = "" 3557 } 3558 3559 func (rule *aclRuleDenyWithWarnLoggerStop) emptyFields(ctx context.Context) { 3560 rule.field = "" 3561 } 3562 3563 func (rule *aclRuleDenyWithErrorLoggerStop) emptyFields(ctx context.Context) { 3564 rule.field = "" 3565 } 3566 3567 func (rule *aclRuleDenyWithDebugLoggerMatchAny) emptyFields(ctx context.Context) { 3568 rule.fields = make([]string, 0) 3569 } 3570 3571 func (rule *aclRuleDenyWithInfoLoggerMatchAny) emptyFields(ctx context.Context) { 3572 rule.fields = make([]string, 0) 3573 } 3574 3575 func (rule *aclRuleDenyWithWarnLoggerMatchAny) emptyFields(ctx context.Context) { 3576 rule.fields = make([]string, 0) 3577 } 3578 3579 func (rule *aclRuleDenyWithErrorLoggerMatchAny) emptyFields(ctx context.Context) { 3580 rule.fields = make([]string, 0) 3581 } 3582 3583 func (rule *aclRuleDenyWithDebugLoggerMatchAll) emptyFields(ctx context.Context) { 3584 rule.fields = make([]string, 0) 3585 } 3586 3587 func (rule *aclRuleDenyWithInfoLoggerMatchAll) emptyFields(ctx context.Context) { 3588 rule.fields = make([]string, 0) 3589 } 3590 3591 func (rule *aclRuleDenyWithWarnLoggerMatchAll) emptyFields(ctx context.Context) { 3592 rule.fields = make([]string, 0) 3593 } 3594 3595 func (rule *aclRuleDenyWithErrorLoggerMatchAll) emptyFields(ctx context.Context) { 3596 rule.fields = make([]string, 0) 3597 } 3598 3599 func (rule *aclRuleDenyWithDebugLogger) emptyFields(ctx context.Context) { 3600 rule.field = "" 3601 } 3602 3603 func (rule *aclRuleDenyWithInfoLogger) emptyFields(ctx context.Context) { 3604 rule.field = "" 3605 } 3606 3607 func (rule *aclRuleDenyWithWarnLogger) emptyFields(ctx context.Context) { 3608 rule.field = "" 3609 } 3610 3611 func (rule *aclRuleDenyWithErrorLogger) emptyFields(ctx context.Context) { 3612 rule.field = "" 3613 } 3614 3615 func (rule *aclRuleDenyWithCounterMatchAnyStop) emptyFields(ctx context.Context) { 3616 rule.fields = make([]string, 0) 3617 } 3618 3619 func (rule *aclRuleDenyWithCounterMatchAllStop) emptyFields(ctx context.Context) { 3620 rule.fields = make([]string, 0) 3621 } 3622 3623 func (rule *aclRuleDenyWithCounterStop) emptyFields(ctx context.Context) { 3624 rule.field = "" 3625 } 3626 3627 func (rule *aclRuleDenyWithCounterMatchAny) emptyFields(ctx context.Context) { 3628 rule.fields = make([]string, 0) 3629 } 3630 3631 func (rule *aclRuleDenyWithCounterMatchAll) emptyFields(ctx context.Context) { 3632 rule.fields = make([]string, 0) 3633 } 3634 3635 func (rule *aclRuleDenyWithCounter) emptyFields(ctx context.Context) { 3636 rule.field = "" 3637 } 3638 3639 func (rule *aclRuleDenyWithDebugLoggerCounterMatchAnyStop) emptyFields(ctx context.Context) { 3640 rule.fields = make([]string, 0) 3641 } 3642 3643 func (rule *aclRuleDenyWithInfoLoggerCounterMatchAnyStop) emptyFields(ctx context.Context) { 3644 rule.fields = make([]string, 0) 3645 } 3646 3647 func (rule *aclRuleDenyWithWarnLoggerCounterMatchAnyStop) emptyFields(ctx context.Context) { 3648 rule.fields = make([]string, 0) 3649 } 3650 3651 func (rule *aclRuleDenyWithErrorLoggerCounterMatchAnyStop) emptyFields(ctx context.Context) { 3652 rule.fields = make([]string, 0) 3653 } 3654 3655 func (rule *aclRuleDenyWithDebugLoggerCounterMatchAllStop) emptyFields(ctx context.Context) { 3656 rule.fields = make([]string, 0) 3657 } 3658 3659 func (rule *aclRuleDenyWithInfoLoggerCounterMatchAllStop) emptyFields(ctx context.Context) { 3660 rule.fields = make([]string, 0) 3661 } 3662 3663 func (rule *aclRuleDenyWithWarnLoggerCounterMatchAllStop) emptyFields(ctx context.Context) { 3664 rule.fields = make([]string, 0) 3665 } 3666 3667 func (rule *aclRuleDenyWithErrorLoggerCounterMatchAllStop) emptyFields(ctx context.Context) { 3668 rule.fields = make([]string, 0) 3669 } 3670 3671 func (rule *aclRuleDenyWithDebugLoggerCounterStop) emptyFields(ctx context.Context) { 3672 rule.field = "" 3673 } 3674 3675 func (rule *aclRuleDenyWithInfoLoggerCounterStop) emptyFields(ctx context.Context) { 3676 rule.field = "" 3677 } 3678 3679 func (rule *aclRuleDenyWithWarnLoggerCounterStop) emptyFields(ctx context.Context) { 3680 rule.field = "" 3681 } 3682 3683 func (rule *aclRuleDenyWithErrorLoggerCounterStop) emptyFields(ctx context.Context) { 3684 rule.field = "" 3685 } 3686 3687 func (rule *aclRuleDenyWithDebugLoggerCounterMatchAny) emptyFields(ctx context.Context) { 3688 rule.fields = make([]string, 0) 3689 } 3690 3691 func (rule *aclRuleDenyWithInfoLoggerCounterMatchAny) emptyFields(ctx context.Context) { 3692 rule.fields = make([]string, 0) 3693 } 3694 3695 func (rule *aclRuleDenyWithWarnLoggerCounterMatchAny) emptyFields(ctx context.Context) { 3696 rule.fields = make([]string, 0) 3697 } 3698 3699 func (rule *aclRuleDenyWithErrorLoggerCounterMatchAny) emptyFields(ctx context.Context) { 3700 rule.fields = make([]string, 0) 3701 } 3702 3703 func (rule *aclRuleDenyWithDebugLoggerCounterMatchAll) emptyFields(ctx context.Context) { 3704 rule.fields = make([]string, 0) 3705 } 3706 3707 func (rule *aclRuleDenyWithInfoLoggerCounterMatchAll) emptyFields(ctx context.Context) { 3708 rule.fields = make([]string, 0) 3709 } 3710 3711 func (rule *aclRuleDenyWithWarnLoggerCounterMatchAll) emptyFields(ctx context.Context) { 3712 rule.fields = make([]string, 0) 3713 } 3714 3715 func (rule *aclRuleDenyWithErrorLoggerCounterMatchAll) emptyFields(ctx context.Context) { 3716 rule.fields = make([]string, 0) 3717 } 3718 3719 func (rule *aclRuleDenyWithDebugLoggerCounter) emptyFields(ctx context.Context) { 3720 rule.field = "" 3721 } 3722 3723 func (rule *aclRuleDenyWithInfoLoggerCounter) emptyFields(ctx context.Context) { 3724 rule.field = "" 3725 } 3726 3727 func (rule *aclRuleDenyWithWarnLoggerCounter) emptyFields(ctx context.Context) { 3728 rule.field = "" 3729 } 3730 3731 func (rule *aclRuleDenyWithErrorLoggerCounter) emptyFields(ctx context.Context) { 3732 rule.field = "" 3733 } 3734 3735 func (rule *aclRuleFieldCheckAllowMatchAnyStop) emptyFields(ctx context.Context) { 3736 rule.fields = make([]string, 0) 3737 } 3738 3739 func (rule *aclRuleFieldCheckAllowMatchAllStop) emptyFields(ctx context.Context) { 3740 rule.fields = make([]string, 0) 3741 } 3742 3743 func (rule *aclRuleFieldCheckAllowStop) emptyFields(ctx context.Context) { 3744 rule.field = "" 3745 } 3746 3747 func (rule *aclRuleFieldCheckAllowMatchAny) emptyFields(ctx context.Context) { 3748 rule.fields = make([]string, 0) 3749 } 3750 3751 func (rule *aclRuleFieldCheckAllowMatchAll) emptyFields(ctx context.Context) { 3752 rule.fields = make([]string, 0) 3753 } 3754 3755 func (rule *aclRuleFieldCheckAllow) emptyFields(ctx context.Context) { 3756 rule.field = "" 3757 } 3758 3759 func (rule *aclRuleFieldCheckAllowWithDebugLoggerMatchAnyStop) emptyFields(ctx context.Context) { 3760 rule.fields = make([]string, 0) 3761 } 3762 3763 func (rule *aclRuleFieldCheckAllowWithInfoLoggerMatchAnyStop) emptyFields(ctx context.Context) { 3764 rule.fields = make([]string, 0) 3765 } 3766 3767 func (rule *aclRuleFieldCheckAllowWithWarnLoggerMatchAnyStop) emptyFields(ctx context.Context) { 3768 rule.fields = make([]string, 0) 3769 } 3770 3771 func (rule *aclRuleFieldCheckAllowWithErrorLoggerMatchAnyStop) emptyFields(ctx context.Context) { 3772 rule.fields = make([]string, 0) 3773 } 3774 3775 func (rule *aclRuleFieldCheckAllowWithDebugLoggerMatchAllStop) emptyFields(ctx context.Context) { 3776 rule.fields = make([]string, 0) 3777 } 3778 3779 func (rule *aclRuleFieldCheckAllowWithInfoLoggerMatchAllStop) emptyFields(ctx context.Context) { 3780 rule.fields = make([]string, 0) 3781 } 3782 3783 func (rule *aclRuleFieldCheckAllowWithWarnLoggerMatchAllStop) emptyFields(ctx context.Context) { 3784 rule.fields = make([]string, 0) 3785 } 3786 3787 func (rule *aclRuleFieldCheckAllowWithErrorLoggerMatchAllStop) emptyFields(ctx context.Context) { 3788 rule.fields = make([]string, 0) 3789 } 3790 3791 func (rule *aclRuleFieldCheckAllowWithDebugLoggerStop) emptyFields(ctx context.Context) { 3792 rule.field = "" 3793 } 3794 3795 func (rule *aclRuleFieldCheckAllowWithInfoLoggerStop) emptyFields(ctx context.Context) { 3796 rule.field = "" 3797 } 3798 3799 func (rule *aclRuleFieldCheckAllowWithWarnLoggerStop) emptyFields(ctx context.Context) { 3800 rule.field = "" 3801 } 3802 3803 func (rule *aclRuleFieldCheckAllowWithErrorLoggerStop) emptyFields(ctx context.Context) { 3804 rule.field = "" 3805 } 3806 3807 func (rule *aclRuleFieldCheckAllowWithDebugLoggerMatchAny) emptyFields(ctx context.Context) { 3808 rule.fields = make([]string, 0) 3809 } 3810 3811 func (rule *aclRuleFieldCheckAllowWithInfoLoggerMatchAny) emptyFields(ctx context.Context) { 3812 rule.fields = make([]string, 0) 3813 } 3814 3815 func (rule *aclRuleFieldCheckAllowWithWarnLoggerMatchAny) emptyFields(ctx context.Context) { 3816 rule.fields = make([]string, 0) 3817 } 3818 3819 func (rule *aclRuleFieldCheckAllowWithErrorLoggerMatchAny) emptyFields(ctx context.Context) { 3820 rule.fields = make([]string, 0) 3821 } 3822 3823 func (rule *aclRuleFieldCheckAllowWithDebugLoggerMatchAll) emptyFields(ctx context.Context) { 3824 rule.fields = make([]string, 0) 3825 } 3826 3827 func (rule *aclRuleFieldCheckAllowWithInfoLoggerMatchAll) emptyFields(ctx context.Context) { 3828 rule.fields = make([]string, 0) 3829 } 3830 3831 func (rule *aclRuleFieldCheckAllowWithWarnLoggerMatchAll) emptyFields(ctx context.Context) { 3832 rule.fields = make([]string, 0) 3833 } 3834 3835 func (rule *aclRuleFieldCheckAllowWithErrorLoggerMatchAll) emptyFields(ctx context.Context) { 3836 rule.fields = make([]string, 0) 3837 } 3838 3839 func (rule *aclRuleFieldCheckAllowWithDebugLogger) emptyFields(ctx context.Context) { 3840 rule.field = "" 3841 } 3842 3843 func (rule *aclRuleFieldCheckAllowWithInfoLogger) emptyFields(ctx context.Context) { 3844 rule.field = "" 3845 } 3846 3847 func (rule *aclRuleFieldCheckAllowWithWarnLogger) emptyFields(ctx context.Context) { 3848 rule.field = "" 3849 } 3850 3851 func (rule *aclRuleFieldCheckAllowWithErrorLogger) emptyFields(ctx context.Context) { 3852 rule.field = "" 3853 } 3854 3855 func (rule *aclRuleFieldCheckAllowWithCounterMatchAnyStop) emptyFields(ctx context.Context) { 3856 rule.fields = make([]string, 0) 3857 } 3858 3859 func (rule *aclRuleFieldCheckAllowWithCounterMatchAllStop) emptyFields(ctx context.Context) { 3860 rule.fields = make([]string, 0) 3861 } 3862 3863 func (rule *aclRuleFieldCheckAllowWithCounterStop) emptyFields(ctx context.Context) { 3864 rule.field = "" 3865 } 3866 3867 func (rule *aclRuleFieldCheckAllowWithCounterMatchAny) emptyFields(ctx context.Context) { 3868 rule.fields = make([]string, 0) 3869 } 3870 3871 func (rule *aclRuleFieldCheckAllowWithCounterMatchAll) emptyFields(ctx context.Context) { 3872 rule.fields = make([]string, 0) 3873 } 3874 3875 func (rule *aclRuleFieldCheckAllowWithCounter) emptyFields(ctx context.Context) { 3876 rule.field = "" 3877 } 3878 3879 func (rule *aclRuleFieldCheckAllowWithDebugLoggerCounterMatchAnyStop) emptyFields(ctx context.Context) { 3880 rule.fields = make([]string, 0) 3881 } 3882 3883 func (rule *aclRuleFieldCheckAllowWithInfoLoggerCounterMatchAnyStop) emptyFields(ctx context.Context) { 3884 rule.fields = make([]string, 0) 3885 } 3886 3887 func (rule *aclRuleFieldCheckAllowWithWarnLoggerCounterMatchAnyStop) emptyFields(ctx context.Context) { 3888 rule.fields = make([]string, 0) 3889 } 3890 3891 func (rule *aclRuleFieldCheckAllowWithErrorLoggerCounterMatchAnyStop) emptyFields(ctx context.Context) { 3892 rule.fields = make([]string, 0) 3893 } 3894 3895 func (rule *aclRuleFieldCheckAllowWithDebugLoggerCounterMatchAllStop) emptyFields(ctx context.Context) { 3896 rule.fields = make([]string, 0) 3897 } 3898 3899 func (rule *aclRuleFieldCheckAllowWithInfoLoggerCounterMatchAllStop) emptyFields(ctx context.Context) { 3900 rule.fields = make([]string, 0) 3901 } 3902 3903 func (rule *aclRuleFieldCheckAllowWithWarnLoggerCounterMatchAllStop) emptyFields(ctx context.Context) { 3904 rule.fields = make([]string, 0) 3905 } 3906 3907 func (rule *aclRuleFieldCheckAllowWithErrorLoggerCounterMatchAllStop) emptyFields(ctx context.Context) { 3908 rule.fields = make([]string, 0) 3909 } 3910 3911 func (rule *aclRuleFieldCheckAllowWithDebugLoggerCounterStop) emptyFields(ctx context.Context) { 3912 rule.field = "" 3913 } 3914 3915 func (rule *aclRuleFieldCheckAllowWithInfoLoggerCounterStop) emptyFields(ctx context.Context) { 3916 rule.field = "" 3917 } 3918 3919 func (rule *aclRuleFieldCheckAllowWithWarnLoggerCounterStop) emptyFields(ctx context.Context) { 3920 rule.field = "" 3921 } 3922 3923 func (rule *aclRuleFieldCheckAllowWithErrorLoggerCounterStop) emptyFields(ctx context.Context) { 3924 rule.field = "" 3925 } 3926 3927 func (rule *aclRuleFieldCheckAllowWithDebugLoggerCounterMatchAny) emptyFields(ctx context.Context) { 3928 rule.fields = make([]string, 0) 3929 } 3930 3931 func (rule *aclRuleFieldCheckAllowWithInfoLoggerCounterMatchAny) emptyFields(ctx context.Context) { 3932 rule.fields = make([]string, 0) 3933 } 3934 3935 func (rule *aclRuleFieldCheckAllowWithWarnLoggerCounterMatchAny) emptyFields(ctx context.Context) { 3936 rule.fields = make([]string, 0) 3937 } 3938 3939 func (rule *aclRuleFieldCheckAllowWithErrorLoggerCounterMatchAny) emptyFields(ctx context.Context) { 3940 rule.fields = make([]string, 0) 3941 } 3942 3943 func (rule *aclRuleFieldCheckAllowWithDebugLoggerCounterMatchAll) emptyFields(ctx context.Context) { 3944 rule.fields = make([]string, 0) 3945 } 3946 3947 func (rule *aclRuleFieldCheckAllowWithInfoLoggerCounterMatchAll) emptyFields(ctx context.Context) { 3948 rule.fields = make([]string, 0) 3949 } 3950 3951 func (rule *aclRuleFieldCheckAllowWithWarnLoggerCounterMatchAll) emptyFields(ctx context.Context) { 3952 rule.fields = make([]string, 0) 3953 } 3954 3955 func (rule *aclRuleFieldCheckAllowWithErrorLoggerCounterMatchAll) emptyFields(ctx context.Context) { 3956 rule.fields = make([]string, 0) 3957 } 3958 3959 func (rule *aclRuleFieldCheckAllowWithDebugLoggerCounter) emptyFields(ctx context.Context) { 3960 rule.field = "" 3961 } 3962 3963 func (rule *aclRuleFieldCheckAllowWithInfoLoggerCounter) emptyFields(ctx context.Context) { 3964 rule.field = "" 3965 } 3966 3967 func (rule *aclRuleFieldCheckAllowWithWarnLoggerCounter) emptyFields(ctx context.Context) { 3968 rule.field = "" 3969 } 3970 3971 func (rule *aclRuleFieldCheckAllowWithErrorLoggerCounter) emptyFields(ctx context.Context) { 3972 rule.field = "" 3973 } 3974 3975 func (rule *aclRuleFieldCheckDenyMatchAnyStop) emptyFields(ctx context.Context) { 3976 rule.fields = make([]string, 0) 3977 } 3978 3979 func (rule *aclRuleFieldCheckDenyMatchAllStop) emptyFields(ctx context.Context) { 3980 rule.fields = make([]string, 0) 3981 } 3982 3983 func (rule *aclRuleFieldCheckDenyStop) emptyFields(ctx context.Context) { 3984 rule.field = "" 3985 } 3986 3987 func (rule *aclRuleFieldCheckDenyMatchAny) emptyFields(ctx context.Context) { 3988 rule.fields = make([]string, 0) 3989 } 3990 3991 func (rule *aclRuleFieldCheckDenyMatchAll) emptyFields(ctx context.Context) { 3992 rule.fields = make([]string, 0) 3993 } 3994 3995 func (rule *aclRuleFieldCheckDeny) emptyFields(ctx context.Context) { 3996 rule.field = "" 3997 } 3998 3999 func (rule *aclRuleFieldCheckDenyWithDebugLoggerMatchAnyStop) emptyFields(ctx context.Context) { 4000 rule.fields = make([]string, 0) 4001 } 4002 4003 func (rule *aclRuleFieldCheckDenyWithInfoLoggerMatchAnyStop) emptyFields(ctx context.Context) { 4004 rule.fields = make([]string, 0) 4005 } 4006 4007 func (rule *aclRuleFieldCheckDenyWithWarnLoggerMatchAnyStop) emptyFields(ctx context.Context) { 4008 rule.fields = make([]string, 0) 4009 } 4010 4011 func (rule *aclRuleFieldCheckDenyWithErrorLoggerMatchAnyStop) emptyFields(ctx context.Context) { 4012 rule.fields = make([]string, 0) 4013 } 4014 4015 func (rule *aclRuleFieldCheckDenyWithDebugLoggerMatchAllStop) emptyFields(ctx context.Context) { 4016 rule.fields = make([]string, 0) 4017 } 4018 4019 func (rule *aclRuleFieldCheckDenyWithInfoLoggerMatchAllStop) emptyFields(ctx context.Context) { 4020 rule.fields = make([]string, 0) 4021 } 4022 4023 func (rule *aclRuleFieldCheckDenyWithWarnLoggerMatchAllStop) emptyFields(ctx context.Context) { 4024 rule.fields = make([]string, 0) 4025 } 4026 4027 func (rule *aclRuleFieldCheckDenyWithErrorLoggerMatchAllStop) emptyFields(ctx context.Context) { 4028 rule.fields = make([]string, 0) 4029 } 4030 4031 func (rule *aclRuleFieldCheckDenyWithDebugLoggerStop) emptyFields(ctx context.Context) { 4032 rule.field = "" 4033 } 4034 4035 func (rule *aclRuleFieldCheckDenyWithInfoLoggerStop) emptyFields(ctx context.Context) { 4036 rule.field = "" 4037 } 4038 4039 func (rule *aclRuleFieldCheckDenyWithWarnLoggerStop) emptyFields(ctx context.Context) { 4040 rule.field = "" 4041 } 4042 4043 func (rule *aclRuleFieldCheckDenyWithErrorLoggerStop) emptyFields(ctx context.Context) { 4044 rule.field = "" 4045 } 4046 4047 func (rule *aclRuleFieldCheckDenyWithDebugLoggerMatchAny) emptyFields(ctx context.Context) { 4048 rule.fields = make([]string, 0) 4049 } 4050 4051 func (rule *aclRuleFieldCheckDenyWithInfoLoggerMatchAny) emptyFields(ctx context.Context) { 4052 rule.fields = make([]string, 0) 4053 } 4054 4055 func (rule *aclRuleFieldCheckDenyWithWarnLoggerMatchAny) emptyFields(ctx context.Context) { 4056 rule.fields = make([]string, 0) 4057 } 4058 4059 func (rule *aclRuleFieldCheckDenyWithErrorLoggerMatchAny) emptyFields(ctx context.Context) { 4060 rule.fields = make([]string, 0) 4061 } 4062 4063 func (rule *aclRuleFieldCheckDenyWithDebugLoggerMatchAll) emptyFields(ctx context.Context) { 4064 rule.fields = make([]string, 0) 4065 } 4066 4067 func (rule *aclRuleFieldCheckDenyWithInfoLoggerMatchAll) emptyFields(ctx context.Context) { 4068 rule.fields = make([]string, 0) 4069 } 4070 4071 func (rule *aclRuleFieldCheckDenyWithWarnLoggerMatchAll) emptyFields(ctx context.Context) { 4072 rule.fields = make([]string, 0) 4073 } 4074 4075 func (rule *aclRuleFieldCheckDenyWithErrorLoggerMatchAll) emptyFields(ctx context.Context) { 4076 rule.fields = make([]string, 0) 4077 } 4078 4079 func (rule *aclRuleFieldCheckDenyWithDebugLogger) emptyFields(ctx context.Context) { 4080 rule.field = "" 4081 } 4082 4083 func (rule *aclRuleFieldCheckDenyWithInfoLogger) emptyFields(ctx context.Context) { 4084 rule.field = "" 4085 } 4086 4087 func (rule *aclRuleFieldCheckDenyWithWarnLogger) emptyFields(ctx context.Context) { 4088 rule.field = "" 4089 } 4090 4091 func (rule *aclRuleFieldCheckDenyWithErrorLogger) emptyFields(ctx context.Context) { 4092 rule.field = "" 4093 } 4094 4095 func (rule *aclRuleFieldCheckDenyWithCounterMatchAnyStop) emptyFields(ctx context.Context) { 4096 rule.fields = make([]string, 0) 4097 } 4098 4099 func (rule *aclRuleFieldCheckDenyWithCounterMatchAllStop) emptyFields(ctx context.Context) { 4100 rule.fields = make([]string, 0) 4101 } 4102 4103 func (rule *aclRuleFieldCheckDenyWithCounterStop) emptyFields(ctx context.Context) { 4104 rule.field = "" 4105 } 4106 4107 func (rule *aclRuleFieldCheckDenyWithCounterMatchAny) emptyFields(ctx context.Context) { 4108 rule.fields = make([]string, 0) 4109 } 4110 4111 func (rule *aclRuleFieldCheckDenyWithCounterMatchAll) emptyFields(ctx context.Context) { 4112 rule.fields = make([]string, 0) 4113 } 4114 4115 func (rule *aclRuleFieldCheckDenyWithCounter) emptyFields(ctx context.Context) { 4116 rule.field = "" 4117 } 4118 4119 func (rule *aclRuleFieldCheckDenyWithDebugLoggerCounterMatchAnyStop) emptyFields(ctx context.Context) { 4120 rule.fields = make([]string, 0) 4121 } 4122 4123 func (rule *aclRuleFieldCheckDenyWithInfoLoggerCounterMatchAnyStop) emptyFields(ctx context.Context) { 4124 rule.fields = make([]string, 0) 4125 } 4126 4127 func (rule *aclRuleFieldCheckDenyWithWarnLoggerCounterMatchAnyStop) emptyFields(ctx context.Context) { 4128 rule.fields = make([]string, 0) 4129 } 4130 4131 func (rule *aclRuleFieldCheckDenyWithErrorLoggerCounterMatchAnyStop) emptyFields(ctx context.Context) { 4132 rule.fields = make([]string, 0) 4133 } 4134 4135 func (rule *aclRuleFieldCheckDenyWithDebugLoggerCounterMatchAllStop) emptyFields(ctx context.Context) { 4136 rule.fields = make([]string, 0) 4137 } 4138 4139 func (rule *aclRuleFieldCheckDenyWithInfoLoggerCounterMatchAllStop) emptyFields(ctx context.Context) { 4140 rule.fields = make([]string, 0) 4141 } 4142 4143 func (rule *aclRuleFieldCheckDenyWithWarnLoggerCounterMatchAllStop) emptyFields(ctx context.Context) { 4144 rule.fields = make([]string, 0) 4145 } 4146 4147 func (rule *aclRuleFieldCheckDenyWithErrorLoggerCounterMatchAllStop) emptyFields(ctx context.Context) { 4148 rule.fields = make([]string, 0) 4149 } 4150 4151 func (rule *aclRuleFieldCheckDenyWithDebugLoggerCounterStop) emptyFields(ctx context.Context) { 4152 rule.field = "" 4153 } 4154 4155 func (rule *aclRuleFieldCheckDenyWithInfoLoggerCounterStop) emptyFields(ctx context.Context) { 4156 rule.field = "" 4157 } 4158 4159 func (rule *aclRuleFieldCheckDenyWithWarnLoggerCounterStop) emptyFields(ctx context.Context) { 4160 rule.field = "" 4161 } 4162 4163 func (rule *aclRuleFieldCheckDenyWithErrorLoggerCounterStop) emptyFields(ctx context.Context) { 4164 rule.field = "" 4165 } 4166 4167 func (rule *aclRuleFieldCheckDenyWithDebugLoggerCounterMatchAny) emptyFields(ctx context.Context) { 4168 rule.fields = make([]string, 0) 4169 } 4170 4171 func (rule *aclRuleFieldCheckDenyWithInfoLoggerCounterMatchAny) emptyFields(ctx context.Context) { 4172 rule.fields = make([]string, 0) 4173 } 4174 4175 func (rule *aclRuleFieldCheckDenyWithWarnLoggerCounterMatchAny) emptyFields(ctx context.Context) { 4176 rule.fields = make([]string, 0) 4177 } 4178 4179 func (rule *aclRuleFieldCheckDenyWithErrorLoggerCounterMatchAny) emptyFields(ctx context.Context) { 4180 rule.fields = make([]string, 0) 4181 } 4182 4183 func (rule *aclRuleFieldCheckDenyWithDebugLoggerCounterMatchAll) emptyFields(ctx context.Context) { 4184 rule.fields = make([]string, 0) 4185 } 4186 4187 func (rule *aclRuleFieldCheckDenyWithInfoLoggerCounterMatchAll) emptyFields(ctx context.Context) { 4188 rule.fields = make([]string, 0) 4189 } 4190 4191 func (rule *aclRuleFieldCheckDenyWithWarnLoggerCounterMatchAll) emptyFields(ctx context.Context) { 4192 rule.fields = make([]string, 0) 4193 } 4194 4195 func (rule *aclRuleFieldCheckDenyWithErrorLoggerCounterMatchAll) emptyFields(ctx context.Context) { 4196 rule.fields = make([]string, 0) 4197 } 4198 4199 func (rule *aclRuleFieldCheckDenyWithDebugLoggerCounter) emptyFields(ctx context.Context) { 4200 rule.field = "" 4201 } 4202 4203 func (rule *aclRuleFieldCheckDenyWithInfoLoggerCounter) emptyFields(ctx context.Context) { 4204 rule.field = "" 4205 } 4206 4207 func (rule *aclRuleFieldCheckDenyWithWarnLoggerCounter) emptyFields(ctx context.Context) { 4208 rule.field = "" 4209 } 4210 4211 func (rule *aclRuleFieldCheckDenyWithErrorLoggerCounter) emptyFields(ctx context.Context) { 4212 rule.field = "" 4213 } 4214 4215 func newACLRule(ctx context.Context, ruleID int, cfg *RuleConfiguration, logger *zap.Logger) (aclRule, error) { 4216 var action, logLevel, tag string 4217 var fieldCondFound bool 4218 var stopEnabled, logEnabled, counterEnabled, matchAny bool 4219 var skipNext, lastToken bool 4220 var conditions []aclRuleCondition 4221 var condConfigs []*config 4222 var fields []string 4223 fieldIndex := make(map[string]int) 4224 checkFields := make(map[string]bool) 4225 4226 for i, c := range cfg.Conditions { 4227 tokens, err := cfgutil.DecodeArgs(c) 4228 if err != nil { 4229 return nil, errors.ErrACLRuleSyntaxExtractCondToken.WithArgs(err) 4230 } 4231 parsedACLRuleCondition, err := newACLRuleCondition(ctx, tokens) 4232 if err != nil { 4233 return nil, errors.ErrACLRuleSyntax.WithArgs(err) 4234 } 4235 conditions = append(conditions, parsedACLRuleCondition) 4236 condConfig := parsedACLRuleCondition.getConfig(ctx) 4237 condConfigs = append(condConfigs, condConfig) 4238 if _, exists := fieldIndex[condConfig.field]; exists { 4239 return nil, errors.ErrACLRuleSyntaxDuplicateField.WithArgs(condConfig.field) 4240 } 4241 fieldIndex[condConfig.field] = i 4242 fields = append(fields, condConfig.field) 4243 4244 // Identify conditions with field exists and not exists match strategies. 4245 switch condConfig.matchStrategy { 4246 case fieldFound: 4247 fieldCondFound = true 4248 // Covers "field exists". 4249 checkFields[condConfig.field] = true 4250 case fieldNotFound: 4251 // Covers "field not exists". 4252 fieldCondFound = true 4253 checkFields[condConfig.field] = false 4254 } 4255 } 4256 4257 tokens, err := cfgutil.DecodeArgs(cfg.Action) 4258 if err != nil { 4259 return nil, errors.ErrACLRuleSyntaxExtractActionToken.WithArgs(err) 4260 } 4261 for i, token := range tokens { 4262 if len(tokens) == (i + 1) { 4263 lastToken = true 4264 } 4265 if skipNext { 4266 skipNext = false 4267 continue 4268 } 4269 switch token { 4270 case "allow", "deny", "reserved": 4271 if i != 0 { 4272 return nil, errors.ErrACLRuleSyntaxAllowPreceed.WithArgs(token) 4273 } 4274 action = token 4275 if !lastToken { 4276 if tokens[i+1] == "any" { 4277 matchAny = true 4278 skipNext = true 4279 } 4280 } 4281 case "stop": 4282 stopEnabled = true 4283 case "counter": 4284 counterEnabled = true 4285 case "log": 4286 logEnabled = true 4287 if lastToken { 4288 logLevel = "info" 4289 } else { 4290 switch tokens[i+1] { 4291 case "debug", "info", "warn", "error": 4292 logLevel = tokens[i+1] 4293 skipNext = true 4294 default: 4295 logLevel = "info" 4296 } 4297 } 4298 case "tag": 4299 if lastToken { 4300 return nil, errors.ErrACLRuleSyntaxTagFollowedByValue.WithArgs(token) 4301 } 4302 tag = tokens[i+1] 4303 skipNext = true 4304 case "and", "with": 4305 default: 4306 return nil, errors.ErrACLRuleSyntaxInvalidToken.WithArgs(token) 4307 } 4308 } 4309 4310 ruleTypeName := "aclRule" 4311 4312 if fieldCondFound { 4313 ruleTypeName += "FieldCheck" 4314 } 4315 4316 // Action directives. 4317 switch action { 4318 case "allow": 4319 ruleTypeName += "Allow" 4320 case "deny": 4321 ruleTypeName += "Deny" 4322 case "reserved": 4323 ruleTypeName += "Reserved" 4324 } 4325 4326 // Log and counter directives. 4327 if logEnabled || counterEnabled { 4328 ruleTypeName += "With" 4329 } 4330 if logEnabled { 4331 ruleTypeName += strings.Title(logLevel) + "Logger" 4332 if logger == nil { 4333 return nil, errors.ErrACLRuleSyntaxLoggerNotFound.WithArgs(ruleTypeName) 4334 } 4335 } 4336 if counterEnabled { 4337 ruleTypeName += "Counter" 4338 } 4339 4340 switch len(conditions) { 4341 case 0: 4342 return nil, errors.ErrACLRuleSyntaxCondNotFound 4343 case 1: 4344 default: 4345 // Matching all or any conditions. 4346 if matchAny { 4347 ruleTypeName += "MatchAny" 4348 } else { 4349 ruleTypeName += "MatchAll" 4350 } 4351 } 4352 4353 // Stop on match. 4354 if stopEnabled { 4355 ruleTypeName += "Stop" 4356 } 4357 4358 // Tagging. 4359 if tag == "" { 4360 tag = fmt.Sprintf("rule%d", ruleID) 4361 } 4362 4363 // Build rules. 4364 var r aclRule 4365 switch ruleTypeName { 4366 case "aclRuleAllowMatchAnyStop": 4367 rule := &aclRuleAllowMatchAnyStop{ 4368 config: &ruleConfig{ 4369 ruleType: "aclRuleAllowMatchAnyStop", 4370 logEnabled: logEnabled, 4371 counterEnabled: counterEnabled, 4372 comment: cfg.Comment, 4373 action: ruleActionAllow, 4374 conditions: condConfigs, 4375 fields: fields, 4376 }, 4377 conditions: conditions, 4378 fields: fields, 4379 } 4380 r = rule 4381 case "aclRuleAllowMatchAllStop": 4382 rule := &aclRuleAllowMatchAllStop{ 4383 config: &ruleConfig{ 4384 ruleType: "aclRuleAllowMatchAllStop", 4385 logEnabled: logEnabled, 4386 counterEnabled: counterEnabled, 4387 comment: cfg.Comment, 4388 action: ruleActionAllow, 4389 matchAll: true, 4390 conditions: condConfigs, 4391 fields: fields, 4392 }, 4393 conditions: conditions, 4394 fields: fields, 4395 } 4396 r = rule 4397 case "aclRuleAllowStop": 4398 rule := &aclRuleAllowStop{ 4399 config: &ruleConfig{ 4400 ruleType: "aclRuleAllowStop", 4401 logEnabled: logEnabled, 4402 counterEnabled: counterEnabled, 4403 comment: cfg.Comment, 4404 action: ruleActionAllow, 4405 matchAll: true, 4406 conditions: condConfigs, 4407 fields: fields, 4408 }, 4409 condition: conditions[0], 4410 field: fields[0], 4411 } 4412 r = rule 4413 case "aclRuleAllowMatchAny": 4414 rule := &aclRuleAllowMatchAny{ 4415 config: &ruleConfig{ 4416 ruleType: "aclRuleAllowMatchAny", 4417 logEnabled: logEnabled, 4418 counterEnabled: counterEnabled, 4419 comment: cfg.Comment, 4420 action: ruleActionAllow, 4421 conditions: condConfigs, 4422 fields: fields, 4423 }, 4424 conditions: conditions, 4425 fields: fields, 4426 } 4427 r = rule 4428 case "aclRuleAllowMatchAll": 4429 rule := &aclRuleAllowMatchAll{ 4430 config: &ruleConfig{ 4431 ruleType: "aclRuleAllowMatchAll", 4432 logEnabled: logEnabled, 4433 counterEnabled: counterEnabled, 4434 comment: cfg.Comment, 4435 action: ruleActionAllow, 4436 matchAll: true, 4437 conditions: condConfigs, 4438 fields: fields, 4439 }, 4440 conditions: conditions, 4441 fields: fields, 4442 } 4443 r = rule 4444 case "aclRuleAllow": 4445 rule := &aclRuleAllow{ 4446 config: &ruleConfig{ 4447 ruleType: "aclRuleAllow", 4448 logEnabled: logEnabled, 4449 counterEnabled: counterEnabled, 4450 comment: cfg.Comment, 4451 action: ruleActionAllow, 4452 matchAll: true, 4453 conditions: condConfigs, 4454 fields: fields, 4455 }, 4456 condition: conditions[0], 4457 field: fields[0], 4458 } 4459 r = rule 4460 case "aclRuleAllowWithDebugLoggerMatchAnyStop": 4461 rule := &aclRuleAllowWithDebugLoggerMatchAnyStop{ 4462 config: &ruleConfig{ 4463 ruleType: "aclRuleAllowWithDebugLoggerMatchAnyStop", 4464 logEnabled: logEnabled, 4465 counterEnabled: counterEnabled, 4466 comment: cfg.Comment, 4467 action: ruleActionAllow, 4468 tag: tag, 4469 logLevel: logLevel, 4470 conditions: condConfigs, 4471 fields: fields, 4472 }, 4473 conditions: conditions, 4474 fields: fields, 4475 tag: tag, 4476 logger: logger, 4477 } 4478 r = rule 4479 case "aclRuleAllowWithInfoLoggerMatchAnyStop": 4480 rule := &aclRuleAllowWithInfoLoggerMatchAnyStop{ 4481 config: &ruleConfig{ 4482 ruleType: "aclRuleAllowWithInfoLoggerMatchAnyStop", 4483 logEnabled: logEnabled, 4484 counterEnabled: counterEnabled, 4485 comment: cfg.Comment, 4486 action: ruleActionAllow, 4487 tag: tag, 4488 logLevel: logLevel, 4489 conditions: condConfigs, 4490 fields: fields, 4491 }, 4492 conditions: conditions, 4493 fields: fields, 4494 tag: tag, 4495 logger: logger, 4496 } 4497 r = rule 4498 case "aclRuleAllowWithWarnLoggerMatchAnyStop": 4499 rule := &aclRuleAllowWithWarnLoggerMatchAnyStop{ 4500 config: &ruleConfig{ 4501 ruleType: "aclRuleAllowWithWarnLoggerMatchAnyStop", 4502 logEnabled: logEnabled, 4503 counterEnabled: counterEnabled, 4504 comment: cfg.Comment, 4505 action: ruleActionAllow, 4506 tag: tag, 4507 logLevel: logLevel, 4508 conditions: condConfigs, 4509 fields: fields, 4510 }, 4511 conditions: conditions, 4512 fields: fields, 4513 tag: tag, 4514 logger: logger, 4515 } 4516 r = rule 4517 case "aclRuleAllowWithErrorLoggerMatchAnyStop": 4518 rule := &aclRuleAllowWithErrorLoggerMatchAnyStop{ 4519 config: &ruleConfig{ 4520 ruleType: "aclRuleAllowWithErrorLoggerMatchAnyStop", 4521 logEnabled: logEnabled, 4522 counterEnabled: counterEnabled, 4523 comment: cfg.Comment, 4524 action: ruleActionAllow, 4525 tag: tag, 4526 logLevel: logLevel, 4527 conditions: condConfigs, 4528 fields: fields, 4529 }, 4530 conditions: conditions, 4531 fields: fields, 4532 tag: tag, 4533 logger: logger, 4534 } 4535 r = rule 4536 case "aclRuleAllowWithDebugLoggerMatchAllStop": 4537 rule := &aclRuleAllowWithDebugLoggerMatchAllStop{ 4538 config: &ruleConfig{ 4539 ruleType: "aclRuleAllowWithDebugLoggerMatchAllStop", 4540 logEnabled: logEnabled, 4541 counterEnabled: counterEnabled, 4542 comment: cfg.Comment, 4543 action: ruleActionAllow, 4544 tag: tag, 4545 logLevel: logLevel, 4546 matchAll: true, 4547 conditions: condConfigs, 4548 fields: fields, 4549 }, 4550 conditions: conditions, 4551 fields: fields, 4552 tag: tag, 4553 logger: logger, 4554 } 4555 r = rule 4556 case "aclRuleAllowWithInfoLoggerMatchAllStop": 4557 rule := &aclRuleAllowWithInfoLoggerMatchAllStop{ 4558 config: &ruleConfig{ 4559 ruleType: "aclRuleAllowWithInfoLoggerMatchAllStop", 4560 logEnabled: logEnabled, 4561 counterEnabled: counterEnabled, 4562 comment: cfg.Comment, 4563 action: ruleActionAllow, 4564 tag: tag, 4565 logLevel: logLevel, 4566 matchAll: true, 4567 conditions: condConfigs, 4568 fields: fields, 4569 }, 4570 conditions: conditions, 4571 fields: fields, 4572 tag: tag, 4573 logger: logger, 4574 } 4575 r = rule 4576 case "aclRuleAllowWithWarnLoggerMatchAllStop": 4577 rule := &aclRuleAllowWithWarnLoggerMatchAllStop{ 4578 config: &ruleConfig{ 4579 ruleType: "aclRuleAllowWithWarnLoggerMatchAllStop", 4580 logEnabled: logEnabled, 4581 counterEnabled: counterEnabled, 4582 comment: cfg.Comment, 4583 action: ruleActionAllow, 4584 tag: tag, 4585 logLevel: logLevel, 4586 matchAll: true, 4587 conditions: condConfigs, 4588 fields: fields, 4589 }, 4590 conditions: conditions, 4591 fields: fields, 4592 tag: tag, 4593 logger: logger, 4594 } 4595 r = rule 4596 case "aclRuleAllowWithErrorLoggerMatchAllStop": 4597 rule := &aclRuleAllowWithErrorLoggerMatchAllStop{ 4598 config: &ruleConfig{ 4599 ruleType: "aclRuleAllowWithErrorLoggerMatchAllStop", 4600 logEnabled: logEnabled, 4601 counterEnabled: counterEnabled, 4602 comment: cfg.Comment, 4603 action: ruleActionAllow, 4604 tag: tag, 4605 logLevel: logLevel, 4606 matchAll: true, 4607 conditions: condConfigs, 4608 fields: fields, 4609 }, 4610 conditions: conditions, 4611 fields: fields, 4612 tag: tag, 4613 logger: logger, 4614 } 4615 r = rule 4616 case "aclRuleAllowWithDebugLoggerStop": 4617 rule := &aclRuleAllowWithDebugLoggerStop{ 4618 config: &ruleConfig{ 4619 ruleType: "aclRuleAllowWithDebugLoggerStop", 4620 logEnabled: logEnabled, 4621 counterEnabled: counterEnabled, 4622 comment: cfg.Comment, 4623 action: ruleActionAllow, 4624 tag: tag, 4625 logLevel: logLevel, 4626 matchAll: true, 4627 conditions: condConfigs, 4628 fields: fields, 4629 }, 4630 condition: conditions[0], 4631 field: fields[0], 4632 tag: tag, 4633 logger: logger, 4634 } 4635 r = rule 4636 case "aclRuleAllowWithInfoLoggerStop": 4637 rule := &aclRuleAllowWithInfoLoggerStop{ 4638 config: &ruleConfig{ 4639 ruleType: "aclRuleAllowWithInfoLoggerStop", 4640 logEnabled: logEnabled, 4641 counterEnabled: counterEnabled, 4642 comment: cfg.Comment, 4643 action: ruleActionAllow, 4644 tag: tag, 4645 logLevel: logLevel, 4646 matchAll: true, 4647 conditions: condConfigs, 4648 fields: fields, 4649 }, 4650 condition: conditions[0], 4651 field: fields[0], 4652 tag: tag, 4653 logger: logger, 4654 } 4655 r = rule 4656 case "aclRuleAllowWithWarnLoggerStop": 4657 rule := &aclRuleAllowWithWarnLoggerStop{ 4658 config: &ruleConfig{ 4659 ruleType: "aclRuleAllowWithWarnLoggerStop", 4660 logEnabled: logEnabled, 4661 counterEnabled: counterEnabled, 4662 comment: cfg.Comment, 4663 action: ruleActionAllow, 4664 tag: tag, 4665 logLevel: logLevel, 4666 matchAll: true, 4667 conditions: condConfigs, 4668 fields: fields, 4669 }, 4670 condition: conditions[0], 4671 field: fields[0], 4672 tag: tag, 4673 logger: logger, 4674 } 4675 r = rule 4676 case "aclRuleAllowWithErrorLoggerStop": 4677 rule := &aclRuleAllowWithErrorLoggerStop{ 4678 config: &ruleConfig{ 4679 ruleType: "aclRuleAllowWithErrorLoggerStop", 4680 logEnabled: logEnabled, 4681 counterEnabled: counterEnabled, 4682 comment: cfg.Comment, 4683 action: ruleActionAllow, 4684 tag: tag, 4685 logLevel: logLevel, 4686 matchAll: true, 4687 conditions: condConfigs, 4688 fields: fields, 4689 }, 4690 condition: conditions[0], 4691 field: fields[0], 4692 tag: tag, 4693 logger: logger, 4694 } 4695 r = rule 4696 case "aclRuleAllowWithDebugLoggerMatchAny": 4697 rule := &aclRuleAllowWithDebugLoggerMatchAny{ 4698 config: &ruleConfig{ 4699 ruleType: "aclRuleAllowWithDebugLoggerMatchAny", 4700 logEnabled: logEnabled, 4701 counterEnabled: counterEnabled, 4702 comment: cfg.Comment, 4703 action: ruleActionAllow, 4704 tag: tag, 4705 logLevel: logLevel, 4706 conditions: condConfigs, 4707 fields: fields, 4708 }, 4709 conditions: conditions, 4710 fields: fields, 4711 tag: tag, 4712 logger: logger, 4713 } 4714 r = rule 4715 case "aclRuleAllowWithInfoLoggerMatchAny": 4716 rule := &aclRuleAllowWithInfoLoggerMatchAny{ 4717 config: &ruleConfig{ 4718 ruleType: "aclRuleAllowWithInfoLoggerMatchAny", 4719 logEnabled: logEnabled, 4720 counterEnabled: counterEnabled, 4721 comment: cfg.Comment, 4722 action: ruleActionAllow, 4723 tag: tag, 4724 logLevel: logLevel, 4725 conditions: condConfigs, 4726 fields: fields, 4727 }, 4728 conditions: conditions, 4729 fields: fields, 4730 tag: tag, 4731 logger: logger, 4732 } 4733 r = rule 4734 case "aclRuleAllowWithWarnLoggerMatchAny": 4735 rule := &aclRuleAllowWithWarnLoggerMatchAny{ 4736 config: &ruleConfig{ 4737 ruleType: "aclRuleAllowWithWarnLoggerMatchAny", 4738 logEnabled: logEnabled, 4739 counterEnabled: counterEnabled, 4740 comment: cfg.Comment, 4741 action: ruleActionAllow, 4742 tag: tag, 4743 logLevel: logLevel, 4744 conditions: condConfigs, 4745 fields: fields, 4746 }, 4747 conditions: conditions, 4748 fields: fields, 4749 tag: tag, 4750 logger: logger, 4751 } 4752 r = rule 4753 case "aclRuleAllowWithErrorLoggerMatchAny": 4754 rule := &aclRuleAllowWithErrorLoggerMatchAny{ 4755 config: &ruleConfig{ 4756 ruleType: "aclRuleAllowWithErrorLoggerMatchAny", 4757 logEnabled: logEnabled, 4758 counterEnabled: counterEnabled, 4759 comment: cfg.Comment, 4760 action: ruleActionAllow, 4761 tag: tag, 4762 logLevel: logLevel, 4763 conditions: condConfigs, 4764 fields: fields, 4765 }, 4766 conditions: conditions, 4767 fields: fields, 4768 tag: tag, 4769 logger: logger, 4770 } 4771 r = rule 4772 case "aclRuleAllowWithDebugLoggerMatchAll": 4773 rule := &aclRuleAllowWithDebugLoggerMatchAll{ 4774 config: &ruleConfig{ 4775 ruleType: "aclRuleAllowWithDebugLoggerMatchAll", 4776 logEnabled: logEnabled, 4777 counterEnabled: counterEnabled, 4778 comment: cfg.Comment, 4779 action: ruleActionAllow, 4780 tag: tag, 4781 logLevel: logLevel, 4782 matchAll: true, 4783 conditions: condConfigs, 4784 fields: fields, 4785 }, 4786 conditions: conditions, 4787 fields: fields, 4788 tag: tag, 4789 logger: logger, 4790 } 4791 r = rule 4792 case "aclRuleAllowWithInfoLoggerMatchAll": 4793 rule := &aclRuleAllowWithInfoLoggerMatchAll{ 4794 config: &ruleConfig{ 4795 ruleType: "aclRuleAllowWithInfoLoggerMatchAll", 4796 logEnabled: logEnabled, 4797 counterEnabled: counterEnabled, 4798 comment: cfg.Comment, 4799 action: ruleActionAllow, 4800 tag: tag, 4801 logLevel: logLevel, 4802 matchAll: true, 4803 conditions: condConfigs, 4804 fields: fields, 4805 }, 4806 conditions: conditions, 4807 fields: fields, 4808 tag: tag, 4809 logger: logger, 4810 } 4811 r = rule 4812 case "aclRuleAllowWithWarnLoggerMatchAll": 4813 rule := &aclRuleAllowWithWarnLoggerMatchAll{ 4814 config: &ruleConfig{ 4815 ruleType: "aclRuleAllowWithWarnLoggerMatchAll", 4816 logEnabled: logEnabled, 4817 counterEnabled: counterEnabled, 4818 comment: cfg.Comment, 4819 action: ruleActionAllow, 4820 tag: tag, 4821 logLevel: logLevel, 4822 matchAll: true, 4823 conditions: condConfigs, 4824 fields: fields, 4825 }, 4826 conditions: conditions, 4827 fields: fields, 4828 tag: tag, 4829 logger: logger, 4830 } 4831 r = rule 4832 case "aclRuleAllowWithErrorLoggerMatchAll": 4833 rule := &aclRuleAllowWithErrorLoggerMatchAll{ 4834 config: &ruleConfig{ 4835 ruleType: "aclRuleAllowWithErrorLoggerMatchAll", 4836 logEnabled: logEnabled, 4837 counterEnabled: counterEnabled, 4838 comment: cfg.Comment, 4839 action: ruleActionAllow, 4840 tag: tag, 4841 logLevel: logLevel, 4842 matchAll: true, 4843 conditions: condConfigs, 4844 fields: fields, 4845 }, 4846 conditions: conditions, 4847 fields: fields, 4848 tag: tag, 4849 logger: logger, 4850 } 4851 r = rule 4852 case "aclRuleAllowWithDebugLogger": 4853 rule := &aclRuleAllowWithDebugLogger{ 4854 config: &ruleConfig{ 4855 ruleType: "aclRuleAllowWithDebugLogger", 4856 logEnabled: logEnabled, 4857 counterEnabled: counterEnabled, 4858 comment: cfg.Comment, 4859 action: ruleActionAllow, 4860 tag: tag, 4861 logLevel: logLevel, 4862 matchAll: true, 4863 conditions: condConfigs, 4864 fields: fields, 4865 }, 4866 condition: conditions[0], 4867 field: fields[0], 4868 tag: tag, 4869 logger: logger, 4870 } 4871 r = rule 4872 case "aclRuleAllowWithInfoLogger": 4873 rule := &aclRuleAllowWithInfoLogger{ 4874 config: &ruleConfig{ 4875 ruleType: "aclRuleAllowWithInfoLogger", 4876 logEnabled: logEnabled, 4877 counterEnabled: counterEnabled, 4878 comment: cfg.Comment, 4879 action: ruleActionAllow, 4880 tag: tag, 4881 logLevel: logLevel, 4882 matchAll: true, 4883 conditions: condConfigs, 4884 fields: fields, 4885 }, 4886 condition: conditions[0], 4887 field: fields[0], 4888 tag: tag, 4889 logger: logger, 4890 } 4891 r = rule 4892 case "aclRuleAllowWithWarnLogger": 4893 rule := &aclRuleAllowWithWarnLogger{ 4894 config: &ruleConfig{ 4895 ruleType: "aclRuleAllowWithWarnLogger", 4896 logEnabled: logEnabled, 4897 counterEnabled: counterEnabled, 4898 comment: cfg.Comment, 4899 action: ruleActionAllow, 4900 tag: tag, 4901 logLevel: logLevel, 4902 matchAll: true, 4903 conditions: condConfigs, 4904 fields: fields, 4905 }, 4906 condition: conditions[0], 4907 field: fields[0], 4908 tag: tag, 4909 logger: logger, 4910 } 4911 r = rule 4912 case "aclRuleAllowWithErrorLogger": 4913 rule := &aclRuleAllowWithErrorLogger{ 4914 config: &ruleConfig{ 4915 ruleType: "aclRuleAllowWithErrorLogger", 4916 logEnabled: logEnabled, 4917 counterEnabled: counterEnabled, 4918 comment: cfg.Comment, 4919 action: ruleActionAllow, 4920 tag: tag, 4921 logLevel: logLevel, 4922 matchAll: true, 4923 conditions: condConfigs, 4924 fields: fields, 4925 }, 4926 condition: conditions[0], 4927 field: fields[0], 4928 tag: tag, 4929 logger: logger, 4930 } 4931 r = rule 4932 case "aclRuleAllowWithCounterMatchAnyStop": 4933 rule := &aclRuleAllowWithCounterMatchAnyStop{ 4934 config: &ruleConfig{ 4935 ruleType: "aclRuleAllowWithCounterMatchAnyStop", 4936 logEnabled: logEnabled, 4937 counterEnabled: counterEnabled, 4938 comment: cfg.Comment, 4939 action: ruleActionAllow, 4940 conditions: condConfigs, 4941 fields: fields, 4942 }, 4943 conditions: conditions, 4944 fields: fields, 4945 } 4946 r = rule 4947 case "aclRuleAllowWithCounterMatchAllStop": 4948 rule := &aclRuleAllowWithCounterMatchAllStop{ 4949 config: &ruleConfig{ 4950 ruleType: "aclRuleAllowWithCounterMatchAllStop", 4951 logEnabled: logEnabled, 4952 counterEnabled: counterEnabled, 4953 comment: cfg.Comment, 4954 action: ruleActionAllow, 4955 matchAll: true, 4956 conditions: condConfigs, 4957 fields: fields, 4958 }, 4959 conditions: conditions, 4960 fields: fields, 4961 } 4962 r = rule 4963 case "aclRuleAllowWithCounterStop": 4964 rule := &aclRuleAllowWithCounterStop{ 4965 config: &ruleConfig{ 4966 ruleType: "aclRuleAllowWithCounterStop", 4967 logEnabled: logEnabled, 4968 counterEnabled: counterEnabled, 4969 comment: cfg.Comment, 4970 action: ruleActionAllow, 4971 matchAll: true, 4972 conditions: condConfigs, 4973 fields: fields, 4974 }, 4975 condition: conditions[0], 4976 field: fields[0], 4977 } 4978 r = rule 4979 case "aclRuleAllowWithCounterMatchAny": 4980 rule := &aclRuleAllowWithCounterMatchAny{ 4981 config: &ruleConfig{ 4982 ruleType: "aclRuleAllowWithCounterMatchAny", 4983 logEnabled: logEnabled, 4984 counterEnabled: counterEnabled, 4985 comment: cfg.Comment, 4986 action: ruleActionAllow, 4987 conditions: condConfigs, 4988 fields: fields, 4989 }, 4990 conditions: conditions, 4991 fields: fields, 4992 } 4993 r = rule 4994 case "aclRuleAllowWithCounterMatchAll": 4995 rule := &aclRuleAllowWithCounterMatchAll{ 4996 config: &ruleConfig{ 4997 ruleType: "aclRuleAllowWithCounterMatchAll", 4998 logEnabled: logEnabled, 4999 counterEnabled: counterEnabled, 5000 comment: cfg.Comment, 5001 action: ruleActionAllow, 5002 matchAll: true, 5003 conditions: condConfigs, 5004 fields: fields, 5005 }, 5006 conditions: conditions, 5007 fields: fields, 5008 } 5009 r = rule 5010 case "aclRuleAllowWithCounter": 5011 rule := &aclRuleAllowWithCounter{ 5012 config: &ruleConfig{ 5013 ruleType: "aclRuleAllowWithCounter", 5014 logEnabled: logEnabled, 5015 counterEnabled: counterEnabled, 5016 comment: cfg.Comment, 5017 action: ruleActionAllow, 5018 matchAll: true, 5019 conditions: condConfigs, 5020 fields: fields, 5021 }, 5022 condition: conditions[0], 5023 field: fields[0], 5024 } 5025 r = rule 5026 case "aclRuleAllowWithDebugLoggerCounterMatchAnyStop": 5027 rule := &aclRuleAllowWithDebugLoggerCounterMatchAnyStop{ 5028 config: &ruleConfig{ 5029 ruleType: "aclRuleAllowWithDebugLoggerCounterMatchAnyStop", 5030 logEnabled: logEnabled, 5031 counterEnabled: counterEnabled, 5032 comment: cfg.Comment, 5033 action: ruleActionAllow, 5034 tag: tag, 5035 logLevel: logLevel, 5036 conditions: condConfigs, 5037 fields: fields, 5038 }, 5039 conditions: conditions, 5040 fields: fields, 5041 tag: tag, 5042 logger: logger, 5043 } 5044 r = rule 5045 case "aclRuleAllowWithInfoLoggerCounterMatchAnyStop": 5046 rule := &aclRuleAllowWithInfoLoggerCounterMatchAnyStop{ 5047 config: &ruleConfig{ 5048 ruleType: "aclRuleAllowWithInfoLoggerCounterMatchAnyStop", 5049 logEnabled: logEnabled, 5050 counterEnabled: counterEnabled, 5051 comment: cfg.Comment, 5052 action: ruleActionAllow, 5053 tag: tag, 5054 logLevel: logLevel, 5055 conditions: condConfigs, 5056 fields: fields, 5057 }, 5058 conditions: conditions, 5059 fields: fields, 5060 tag: tag, 5061 logger: logger, 5062 } 5063 r = rule 5064 case "aclRuleAllowWithWarnLoggerCounterMatchAnyStop": 5065 rule := &aclRuleAllowWithWarnLoggerCounterMatchAnyStop{ 5066 config: &ruleConfig{ 5067 ruleType: "aclRuleAllowWithWarnLoggerCounterMatchAnyStop", 5068 logEnabled: logEnabled, 5069 counterEnabled: counterEnabled, 5070 comment: cfg.Comment, 5071 action: ruleActionAllow, 5072 tag: tag, 5073 logLevel: logLevel, 5074 conditions: condConfigs, 5075 fields: fields, 5076 }, 5077 conditions: conditions, 5078 fields: fields, 5079 tag: tag, 5080 logger: logger, 5081 } 5082 r = rule 5083 case "aclRuleAllowWithErrorLoggerCounterMatchAnyStop": 5084 rule := &aclRuleAllowWithErrorLoggerCounterMatchAnyStop{ 5085 config: &ruleConfig{ 5086 ruleType: "aclRuleAllowWithErrorLoggerCounterMatchAnyStop", 5087 logEnabled: logEnabled, 5088 counterEnabled: counterEnabled, 5089 comment: cfg.Comment, 5090 action: ruleActionAllow, 5091 tag: tag, 5092 logLevel: logLevel, 5093 conditions: condConfigs, 5094 fields: fields, 5095 }, 5096 conditions: conditions, 5097 fields: fields, 5098 tag: tag, 5099 logger: logger, 5100 } 5101 r = rule 5102 case "aclRuleAllowWithDebugLoggerCounterMatchAllStop": 5103 rule := &aclRuleAllowWithDebugLoggerCounterMatchAllStop{ 5104 config: &ruleConfig{ 5105 ruleType: "aclRuleAllowWithDebugLoggerCounterMatchAllStop", 5106 logEnabled: logEnabled, 5107 counterEnabled: counterEnabled, 5108 comment: cfg.Comment, 5109 action: ruleActionAllow, 5110 tag: tag, 5111 logLevel: logLevel, 5112 matchAll: true, 5113 conditions: condConfigs, 5114 fields: fields, 5115 }, 5116 conditions: conditions, 5117 fields: fields, 5118 tag: tag, 5119 logger: logger, 5120 } 5121 r = rule 5122 case "aclRuleAllowWithInfoLoggerCounterMatchAllStop": 5123 rule := &aclRuleAllowWithInfoLoggerCounterMatchAllStop{ 5124 config: &ruleConfig{ 5125 ruleType: "aclRuleAllowWithInfoLoggerCounterMatchAllStop", 5126 logEnabled: logEnabled, 5127 counterEnabled: counterEnabled, 5128 comment: cfg.Comment, 5129 action: ruleActionAllow, 5130 tag: tag, 5131 logLevel: logLevel, 5132 matchAll: true, 5133 conditions: condConfigs, 5134 fields: fields, 5135 }, 5136 conditions: conditions, 5137 fields: fields, 5138 tag: tag, 5139 logger: logger, 5140 } 5141 r = rule 5142 case "aclRuleAllowWithWarnLoggerCounterMatchAllStop": 5143 rule := &aclRuleAllowWithWarnLoggerCounterMatchAllStop{ 5144 config: &ruleConfig{ 5145 ruleType: "aclRuleAllowWithWarnLoggerCounterMatchAllStop", 5146 logEnabled: logEnabled, 5147 counterEnabled: counterEnabled, 5148 comment: cfg.Comment, 5149 action: ruleActionAllow, 5150 tag: tag, 5151 logLevel: logLevel, 5152 matchAll: true, 5153 conditions: condConfigs, 5154 fields: fields, 5155 }, 5156 conditions: conditions, 5157 fields: fields, 5158 tag: tag, 5159 logger: logger, 5160 } 5161 r = rule 5162 case "aclRuleAllowWithErrorLoggerCounterMatchAllStop": 5163 rule := &aclRuleAllowWithErrorLoggerCounterMatchAllStop{ 5164 config: &ruleConfig{ 5165 ruleType: "aclRuleAllowWithErrorLoggerCounterMatchAllStop", 5166 logEnabled: logEnabled, 5167 counterEnabled: counterEnabled, 5168 comment: cfg.Comment, 5169 action: ruleActionAllow, 5170 tag: tag, 5171 logLevel: logLevel, 5172 matchAll: true, 5173 conditions: condConfigs, 5174 fields: fields, 5175 }, 5176 conditions: conditions, 5177 fields: fields, 5178 tag: tag, 5179 logger: logger, 5180 } 5181 r = rule 5182 case "aclRuleAllowWithDebugLoggerCounterStop": 5183 rule := &aclRuleAllowWithDebugLoggerCounterStop{ 5184 config: &ruleConfig{ 5185 ruleType: "aclRuleAllowWithDebugLoggerCounterStop", 5186 logEnabled: logEnabled, 5187 counterEnabled: counterEnabled, 5188 comment: cfg.Comment, 5189 action: ruleActionAllow, 5190 tag: tag, 5191 logLevel: logLevel, 5192 matchAll: true, 5193 conditions: condConfigs, 5194 fields: fields, 5195 }, 5196 condition: conditions[0], 5197 field: fields[0], 5198 tag: tag, 5199 logger: logger, 5200 } 5201 r = rule 5202 case "aclRuleAllowWithInfoLoggerCounterStop": 5203 rule := &aclRuleAllowWithInfoLoggerCounterStop{ 5204 config: &ruleConfig{ 5205 ruleType: "aclRuleAllowWithInfoLoggerCounterStop", 5206 logEnabled: logEnabled, 5207 counterEnabled: counterEnabled, 5208 comment: cfg.Comment, 5209 action: ruleActionAllow, 5210 tag: tag, 5211 logLevel: logLevel, 5212 matchAll: true, 5213 conditions: condConfigs, 5214 fields: fields, 5215 }, 5216 condition: conditions[0], 5217 field: fields[0], 5218 tag: tag, 5219 logger: logger, 5220 } 5221 r = rule 5222 case "aclRuleAllowWithWarnLoggerCounterStop": 5223 rule := &aclRuleAllowWithWarnLoggerCounterStop{ 5224 config: &ruleConfig{ 5225 ruleType: "aclRuleAllowWithWarnLoggerCounterStop", 5226 logEnabled: logEnabled, 5227 counterEnabled: counterEnabled, 5228 comment: cfg.Comment, 5229 action: ruleActionAllow, 5230 tag: tag, 5231 logLevel: logLevel, 5232 matchAll: true, 5233 conditions: condConfigs, 5234 fields: fields, 5235 }, 5236 condition: conditions[0], 5237 field: fields[0], 5238 tag: tag, 5239 logger: logger, 5240 } 5241 r = rule 5242 case "aclRuleAllowWithErrorLoggerCounterStop": 5243 rule := &aclRuleAllowWithErrorLoggerCounterStop{ 5244 config: &ruleConfig{ 5245 ruleType: "aclRuleAllowWithErrorLoggerCounterStop", 5246 logEnabled: logEnabled, 5247 counterEnabled: counterEnabled, 5248 comment: cfg.Comment, 5249 action: ruleActionAllow, 5250 tag: tag, 5251 logLevel: logLevel, 5252 matchAll: true, 5253 conditions: condConfigs, 5254 fields: fields, 5255 }, 5256 condition: conditions[0], 5257 field: fields[0], 5258 tag: tag, 5259 logger: logger, 5260 } 5261 r = rule 5262 case "aclRuleAllowWithDebugLoggerCounterMatchAny": 5263 rule := &aclRuleAllowWithDebugLoggerCounterMatchAny{ 5264 config: &ruleConfig{ 5265 ruleType: "aclRuleAllowWithDebugLoggerCounterMatchAny", 5266 logEnabled: logEnabled, 5267 counterEnabled: counterEnabled, 5268 comment: cfg.Comment, 5269 action: ruleActionAllow, 5270 tag: tag, 5271 logLevel: logLevel, 5272 conditions: condConfigs, 5273 fields: fields, 5274 }, 5275 conditions: conditions, 5276 fields: fields, 5277 tag: tag, 5278 logger: logger, 5279 } 5280 r = rule 5281 case "aclRuleAllowWithInfoLoggerCounterMatchAny": 5282 rule := &aclRuleAllowWithInfoLoggerCounterMatchAny{ 5283 config: &ruleConfig{ 5284 ruleType: "aclRuleAllowWithInfoLoggerCounterMatchAny", 5285 logEnabled: logEnabled, 5286 counterEnabled: counterEnabled, 5287 comment: cfg.Comment, 5288 action: ruleActionAllow, 5289 tag: tag, 5290 logLevel: logLevel, 5291 conditions: condConfigs, 5292 fields: fields, 5293 }, 5294 conditions: conditions, 5295 fields: fields, 5296 tag: tag, 5297 logger: logger, 5298 } 5299 r = rule 5300 case "aclRuleAllowWithWarnLoggerCounterMatchAny": 5301 rule := &aclRuleAllowWithWarnLoggerCounterMatchAny{ 5302 config: &ruleConfig{ 5303 ruleType: "aclRuleAllowWithWarnLoggerCounterMatchAny", 5304 logEnabled: logEnabled, 5305 counterEnabled: counterEnabled, 5306 comment: cfg.Comment, 5307 action: ruleActionAllow, 5308 tag: tag, 5309 logLevel: logLevel, 5310 conditions: condConfigs, 5311 fields: fields, 5312 }, 5313 conditions: conditions, 5314 fields: fields, 5315 tag: tag, 5316 logger: logger, 5317 } 5318 r = rule 5319 case "aclRuleAllowWithErrorLoggerCounterMatchAny": 5320 rule := &aclRuleAllowWithErrorLoggerCounterMatchAny{ 5321 config: &ruleConfig{ 5322 ruleType: "aclRuleAllowWithErrorLoggerCounterMatchAny", 5323 logEnabled: logEnabled, 5324 counterEnabled: counterEnabled, 5325 comment: cfg.Comment, 5326 action: ruleActionAllow, 5327 tag: tag, 5328 logLevel: logLevel, 5329 conditions: condConfigs, 5330 fields: fields, 5331 }, 5332 conditions: conditions, 5333 fields: fields, 5334 tag: tag, 5335 logger: logger, 5336 } 5337 r = rule 5338 case "aclRuleAllowWithDebugLoggerCounterMatchAll": 5339 rule := &aclRuleAllowWithDebugLoggerCounterMatchAll{ 5340 config: &ruleConfig{ 5341 ruleType: "aclRuleAllowWithDebugLoggerCounterMatchAll", 5342 logEnabled: logEnabled, 5343 counterEnabled: counterEnabled, 5344 comment: cfg.Comment, 5345 action: ruleActionAllow, 5346 tag: tag, 5347 logLevel: logLevel, 5348 matchAll: true, 5349 conditions: condConfigs, 5350 fields: fields, 5351 }, 5352 conditions: conditions, 5353 fields: fields, 5354 tag: tag, 5355 logger: logger, 5356 } 5357 r = rule 5358 case "aclRuleAllowWithInfoLoggerCounterMatchAll": 5359 rule := &aclRuleAllowWithInfoLoggerCounterMatchAll{ 5360 config: &ruleConfig{ 5361 ruleType: "aclRuleAllowWithInfoLoggerCounterMatchAll", 5362 logEnabled: logEnabled, 5363 counterEnabled: counterEnabled, 5364 comment: cfg.Comment, 5365 action: ruleActionAllow, 5366 tag: tag, 5367 logLevel: logLevel, 5368 matchAll: true, 5369 conditions: condConfigs, 5370 fields: fields, 5371 }, 5372 conditions: conditions, 5373 fields: fields, 5374 tag: tag, 5375 logger: logger, 5376 } 5377 r = rule 5378 case "aclRuleAllowWithWarnLoggerCounterMatchAll": 5379 rule := &aclRuleAllowWithWarnLoggerCounterMatchAll{ 5380 config: &ruleConfig{ 5381 ruleType: "aclRuleAllowWithWarnLoggerCounterMatchAll", 5382 logEnabled: logEnabled, 5383 counterEnabled: counterEnabled, 5384 comment: cfg.Comment, 5385 action: ruleActionAllow, 5386 tag: tag, 5387 logLevel: logLevel, 5388 matchAll: true, 5389 conditions: condConfigs, 5390 fields: fields, 5391 }, 5392 conditions: conditions, 5393 fields: fields, 5394 tag: tag, 5395 logger: logger, 5396 } 5397 r = rule 5398 case "aclRuleAllowWithErrorLoggerCounterMatchAll": 5399 rule := &aclRuleAllowWithErrorLoggerCounterMatchAll{ 5400 config: &ruleConfig{ 5401 ruleType: "aclRuleAllowWithErrorLoggerCounterMatchAll", 5402 logEnabled: logEnabled, 5403 counterEnabled: counterEnabled, 5404 comment: cfg.Comment, 5405 action: ruleActionAllow, 5406 tag: tag, 5407 logLevel: logLevel, 5408 matchAll: true, 5409 conditions: condConfigs, 5410 fields: fields, 5411 }, 5412 conditions: conditions, 5413 fields: fields, 5414 tag: tag, 5415 logger: logger, 5416 } 5417 r = rule 5418 case "aclRuleAllowWithDebugLoggerCounter": 5419 rule := &aclRuleAllowWithDebugLoggerCounter{ 5420 config: &ruleConfig{ 5421 ruleType: "aclRuleAllowWithDebugLoggerCounter", 5422 logEnabled: logEnabled, 5423 counterEnabled: counterEnabled, 5424 comment: cfg.Comment, 5425 action: ruleActionAllow, 5426 tag: tag, 5427 logLevel: logLevel, 5428 matchAll: true, 5429 conditions: condConfigs, 5430 fields: fields, 5431 }, 5432 condition: conditions[0], 5433 field: fields[0], 5434 tag: tag, 5435 logger: logger, 5436 } 5437 r = rule 5438 case "aclRuleAllowWithInfoLoggerCounter": 5439 rule := &aclRuleAllowWithInfoLoggerCounter{ 5440 config: &ruleConfig{ 5441 ruleType: "aclRuleAllowWithInfoLoggerCounter", 5442 logEnabled: logEnabled, 5443 counterEnabled: counterEnabled, 5444 comment: cfg.Comment, 5445 action: ruleActionAllow, 5446 tag: tag, 5447 logLevel: logLevel, 5448 matchAll: true, 5449 conditions: condConfigs, 5450 fields: fields, 5451 }, 5452 condition: conditions[0], 5453 field: fields[0], 5454 tag: tag, 5455 logger: logger, 5456 } 5457 r = rule 5458 case "aclRuleAllowWithWarnLoggerCounter": 5459 rule := &aclRuleAllowWithWarnLoggerCounter{ 5460 config: &ruleConfig{ 5461 ruleType: "aclRuleAllowWithWarnLoggerCounter", 5462 logEnabled: logEnabled, 5463 counterEnabled: counterEnabled, 5464 comment: cfg.Comment, 5465 action: ruleActionAllow, 5466 tag: tag, 5467 logLevel: logLevel, 5468 matchAll: true, 5469 conditions: condConfigs, 5470 fields: fields, 5471 }, 5472 condition: conditions[0], 5473 field: fields[0], 5474 tag: tag, 5475 logger: logger, 5476 } 5477 r = rule 5478 case "aclRuleAllowWithErrorLoggerCounter": 5479 rule := &aclRuleAllowWithErrorLoggerCounter{ 5480 config: &ruleConfig{ 5481 ruleType: "aclRuleAllowWithErrorLoggerCounter", 5482 logEnabled: logEnabled, 5483 counterEnabled: counterEnabled, 5484 comment: cfg.Comment, 5485 action: ruleActionAllow, 5486 tag: tag, 5487 logLevel: logLevel, 5488 matchAll: true, 5489 conditions: condConfigs, 5490 fields: fields, 5491 }, 5492 condition: conditions[0], 5493 field: fields[0], 5494 tag: tag, 5495 logger: logger, 5496 } 5497 r = rule 5498 case "aclRuleDenyMatchAnyStop": 5499 rule := &aclRuleDenyMatchAnyStop{ 5500 config: &ruleConfig{ 5501 ruleType: "aclRuleDenyMatchAnyStop", 5502 logEnabled: logEnabled, 5503 counterEnabled: counterEnabled, 5504 comment: cfg.Comment, 5505 action: ruleActionDeny, 5506 conditions: condConfigs, 5507 fields: fields, 5508 }, 5509 conditions: conditions, 5510 fields: fields, 5511 } 5512 r = rule 5513 case "aclRuleDenyMatchAllStop": 5514 rule := &aclRuleDenyMatchAllStop{ 5515 config: &ruleConfig{ 5516 ruleType: "aclRuleDenyMatchAllStop", 5517 logEnabled: logEnabled, 5518 counterEnabled: counterEnabled, 5519 comment: cfg.Comment, 5520 action: ruleActionDeny, 5521 matchAll: true, 5522 conditions: condConfigs, 5523 fields: fields, 5524 }, 5525 conditions: conditions, 5526 fields: fields, 5527 } 5528 r = rule 5529 case "aclRuleDenyStop": 5530 rule := &aclRuleDenyStop{ 5531 config: &ruleConfig{ 5532 ruleType: "aclRuleDenyStop", 5533 logEnabled: logEnabled, 5534 counterEnabled: counterEnabled, 5535 comment: cfg.Comment, 5536 action: ruleActionDeny, 5537 matchAll: true, 5538 conditions: condConfigs, 5539 fields: fields, 5540 }, 5541 condition: conditions[0], 5542 field: fields[0], 5543 } 5544 r = rule 5545 case "aclRuleDenyMatchAny": 5546 rule := &aclRuleDenyMatchAny{ 5547 config: &ruleConfig{ 5548 ruleType: "aclRuleDenyMatchAny", 5549 logEnabled: logEnabled, 5550 counterEnabled: counterEnabled, 5551 comment: cfg.Comment, 5552 action: ruleActionDeny, 5553 conditions: condConfigs, 5554 fields: fields, 5555 }, 5556 conditions: conditions, 5557 fields: fields, 5558 } 5559 r = rule 5560 case "aclRuleDenyMatchAll": 5561 rule := &aclRuleDenyMatchAll{ 5562 config: &ruleConfig{ 5563 ruleType: "aclRuleDenyMatchAll", 5564 logEnabled: logEnabled, 5565 counterEnabled: counterEnabled, 5566 comment: cfg.Comment, 5567 action: ruleActionDeny, 5568 matchAll: true, 5569 conditions: condConfigs, 5570 fields: fields, 5571 }, 5572 conditions: conditions, 5573 fields: fields, 5574 } 5575 r = rule 5576 case "aclRuleDeny": 5577 rule := &aclRuleDeny{ 5578 config: &ruleConfig{ 5579 ruleType: "aclRuleDeny", 5580 logEnabled: logEnabled, 5581 counterEnabled: counterEnabled, 5582 comment: cfg.Comment, 5583 action: ruleActionDeny, 5584 matchAll: true, 5585 conditions: condConfigs, 5586 fields: fields, 5587 }, 5588 condition: conditions[0], 5589 field: fields[0], 5590 } 5591 r = rule 5592 case "aclRuleDenyWithDebugLoggerMatchAnyStop": 5593 rule := &aclRuleDenyWithDebugLoggerMatchAnyStop{ 5594 config: &ruleConfig{ 5595 ruleType: "aclRuleDenyWithDebugLoggerMatchAnyStop", 5596 logEnabled: logEnabled, 5597 counterEnabled: counterEnabled, 5598 comment: cfg.Comment, 5599 action: ruleActionDeny, 5600 tag: tag, 5601 logLevel: logLevel, 5602 conditions: condConfigs, 5603 fields: fields, 5604 }, 5605 conditions: conditions, 5606 fields: fields, 5607 tag: tag, 5608 logger: logger, 5609 } 5610 r = rule 5611 case "aclRuleDenyWithInfoLoggerMatchAnyStop": 5612 rule := &aclRuleDenyWithInfoLoggerMatchAnyStop{ 5613 config: &ruleConfig{ 5614 ruleType: "aclRuleDenyWithInfoLoggerMatchAnyStop", 5615 logEnabled: logEnabled, 5616 counterEnabled: counterEnabled, 5617 comment: cfg.Comment, 5618 action: ruleActionDeny, 5619 tag: tag, 5620 logLevel: logLevel, 5621 conditions: condConfigs, 5622 fields: fields, 5623 }, 5624 conditions: conditions, 5625 fields: fields, 5626 tag: tag, 5627 logger: logger, 5628 } 5629 r = rule 5630 case "aclRuleDenyWithWarnLoggerMatchAnyStop": 5631 rule := &aclRuleDenyWithWarnLoggerMatchAnyStop{ 5632 config: &ruleConfig{ 5633 ruleType: "aclRuleDenyWithWarnLoggerMatchAnyStop", 5634 logEnabled: logEnabled, 5635 counterEnabled: counterEnabled, 5636 comment: cfg.Comment, 5637 action: ruleActionDeny, 5638 tag: tag, 5639 logLevel: logLevel, 5640 conditions: condConfigs, 5641 fields: fields, 5642 }, 5643 conditions: conditions, 5644 fields: fields, 5645 tag: tag, 5646 logger: logger, 5647 } 5648 r = rule 5649 case "aclRuleDenyWithErrorLoggerMatchAnyStop": 5650 rule := &aclRuleDenyWithErrorLoggerMatchAnyStop{ 5651 config: &ruleConfig{ 5652 ruleType: "aclRuleDenyWithErrorLoggerMatchAnyStop", 5653 logEnabled: logEnabled, 5654 counterEnabled: counterEnabled, 5655 comment: cfg.Comment, 5656 action: ruleActionDeny, 5657 tag: tag, 5658 logLevel: logLevel, 5659 conditions: condConfigs, 5660 fields: fields, 5661 }, 5662 conditions: conditions, 5663 fields: fields, 5664 tag: tag, 5665 logger: logger, 5666 } 5667 r = rule 5668 case "aclRuleDenyWithDebugLoggerMatchAllStop": 5669 rule := &aclRuleDenyWithDebugLoggerMatchAllStop{ 5670 config: &ruleConfig{ 5671 ruleType: "aclRuleDenyWithDebugLoggerMatchAllStop", 5672 logEnabled: logEnabled, 5673 counterEnabled: counterEnabled, 5674 comment: cfg.Comment, 5675 action: ruleActionDeny, 5676 tag: tag, 5677 logLevel: logLevel, 5678 matchAll: true, 5679 conditions: condConfigs, 5680 fields: fields, 5681 }, 5682 conditions: conditions, 5683 fields: fields, 5684 tag: tag, 5685 logger: logger, 5686 } 5687 r = rule 5688 case "aclRuleDenyWithInfoLoggerMatchAllStop": 5689 rule := &aclRuleDenyWithInfoLoggerMatchAllStop{ 5690 config: &ruleConfig{ 5691 ruleType: "aclRuleDenyWithInfoLoggerMatchAllStop", 5692 logEnabled: logEnabled, 5693 counterEnabled: counterEnabled, 5694 comment: cfg.Comment, 5695 action: ruleActionDeny, 5696 tag: tag, 5697 logLevel: logLevel, 5698 matchAll: true, 5699 conditions: condConfigs, 5700 fields: fields, 5701 }, 5702 conditions: conditions, 5703 fields: fields, 5704 tag: tag, 5705 logger: logger, 5706 } 5707 r = rule 5708 case "aclRuleDenyWithWarnLoggerMatchAllStop": 5709 rule := &aclRuleDenyWithWarnLoggerMatchAllStop{ 5710 config: &ruleConfig{ 5711 ruleType: "aclRuleDenyWithWarnLoggerMatchAllStop", 5712 logEnabled: logEnabled, 5713 counterEnabled: counterEnabled, 5714 comment: cfg.Comment, 5715 action: ruleActionDeny, 5716 tag: tag, 5717 logLevel: logLevel, 5718 matchAll: true, 5719 conditions: condConfigs, 5720 fields: fields, 5721 }, 5722 conditions: conditions, 5723 fields: fields, 5724 tag: tag, 5725 logger: logger, 5726 } 5727 r = rule 5728 case "aclRuleDenyWithErrorLoggerMatchAllStop": 5729 rule := &aclRuleDenyWithErrorLoggerMatchAllStop{ 5730 config: &ruleConfig{ 5731 ruleType: "aclRuleDenyWithErrorLoggerMatchAllStop", 5732 logEnabled: logEnabled, 5733 counterEnabled: counterEnabled, 5734 comment: cfg.Comment, 5735 action: ruleActionDeny, 5736 tag: tag, 5737 logLevel: logLevel, 5738 matchAll: true, 5739 conditions: condConfigs, 5740 fields: fields, 5741 }, 5742 conditions: conditions, 5743 fields: fields, 5744 tag: tag, 5745 logger: logger, 5746 } 5747 r = rule 5748 case "aclRuleDenyWithDebugLoggerStop": 5749 rule := &aclRuleDenyWithDebugLoggerStop{ 5750 config: &ruleConfig{ 5751 ruleType: "aclRuleDenyWithDebugLoggerStop", 5752 logEnabled: logEnabled, 5753 counterEnabled: counterEnabled, 5754 comment: cfg.Comment, 5755 action: ruleActionDeny, 5756 tag: tag, 5757 logLevel: logLevel, 5758 matchAll: true, 5759 conditions: condConfigs, 5760 fields: fields, 5761 }, 5762 condition: conditions[0], 5763 field: fields[0], 5764 tag: tag, 5765 logger: logger, 5766 } 5767 r = rule 5768 case "aclRuleDenyWithInfoLoggerStop": 5769 rule := &aclRuleDenyWithInfoLoggerStop{ 5770 config: &ruleConfig{ 5771 ruleType: "aclRuleDenyWithInfoLoggerStop", 5772 logEnabled: logEnabled, 5773 counterEnabled: counterEnabled, 5774 comment: cfg.Comment, 5775 action: ruleActionDeny, 5776 tag: tag, 5777 logLevel: logLevel, 5778 matchAll: true, 5779 conditions: condConfigs, 5780 fields: fields, 5781 }, 5782 condition: conditions[0], 5783 field: fields[0], 5784 tag: tag, 5785 logger: logger, 5786 } 5787 r = rule 5788 case "aclRuleDenyWithWarnLoggerStop": 5789 rule := &aclRuleDenyWithWarnLoggerStop{ 5790 config: &ruleConfig{ 5791 ruleType: "aclRuleDenyWithWarnLoggerStop", 5792 logEnabled: logEnabled, 5793 counterEnabled: counterEnabled, 5794 comment: cfg.Comment, 5795 action: ruleActionDeny, 5796 tag: tag, 5797 logLevel: logLevel, 5798 matchAll: true, 5799 conditions: condConfigs, 5800 fields: fields, 5801 }, 5802 condition: conditions[0], 5803 field: fields[0], 5804 tag: tag, 5805 logger: logger, 5806 } 5807 r = rule 5808 case "aclRuleDenyWithErrorLoggerStop": 5809 rule := &aclRuleDenyWithErrorLoggerStop{ 5810 config: &ruleConfig{ 5811 ruleType: "aclRuleDenyWithErrorLoggerStop", 5812 logEnabled: logEnabled, 5813 counterEnabled: counterEnabled, 5814 comment: cfg.Comment, 5815 action: ruleActionDeny, 5816 tag: tag, 5817 logLevel: logLevel, 5818 matchAll: true, 5819 conditions: condConfigs, 5820 fields: fields, 5821 }, 5822 condition: conditions[0], 5823 field: fields[0], 5824 tag: tag, 5825 logger: logger, 5826 } 5827 r = rule 5828 case "aclRuleDenyWithDebugLoggerMatchAny": 5829 rule := &aclRuleDenyWithDebugLoggerMatchAny{ 5830 config: &ruleConfig{ 5831 ruleType: "aclRuleDenyWithDebugLoggerMatchAny", 5832 logEnabled: logEnabled, 5833 counterEnabled: counterEnabled, 5834 comment: cfg.Comment, 5835 action: ruleActionDeny, 5836 tag: tag, 5837 logLevel: logLevel, 5838 conditions: condConfigs, 5839 fields: fields, 5840 }, 5841 conditions: conditions, 5842 fields: fields, 5843 tag: tag, 5844 logger: logger, 5845 } 5846 r = rule 5847 case "aclRuleDenyWithInfoLoggerMatchAny": 5848 rule := &aclRuleDenyWithInfoLoggerMatchAny{ 5849 config: &ruleConfig{ 5850 ruleType: "aclRuleDenyWithInfoLoggerMatchAny", 5851 logEnabled: logEnabled, 5852 counterEnabled: counterEnabled, 5853 comment: cfg.Comment, 5854 action: ruleActionDeny, 5855 tag: tag, 5856 logLevel: logLevel, 5857 conditions: condConfigs, 5858 fields: fields, 5859 }, 5860 conditions: conditions, 5861 fields: fields, 5862 tag: tag, 5863 logger: logger, 5864 } 5865 r = rule 5866 case "aclRuleDenyWithWarnLoggerMatchAny": 5867 rule := &aclRuleDenyWithWarnLoggerMatchAny{ 5868 config: &ruleConfig{ 5869 ruleType: "aclRuleDenyWithWarnLoggerMatchAny", 5870 logEnabled: logEnabled, 5871 counterEnabled: counterEnabled, 5872 comment: cfg.Comment, 5873 action: ruleActionDeny, 5874 tag: tag, 5875 logLevel: logLevel, 5876 conditions: condConfigs, 5877 fields: fields, 5878 }, 5879 conditions: conditions, 5880 fields: fields, 5881 tag: tag, 5882 logger: logger, 5883 } 5884 r = rule 5885 case "aclRuleDenyWithErrorLoggerMatchAny": 5886 rule := &aclRuleDenyWithErrorLoggerMatchAny{ 5887 config: &ruleConfig{ 5888 ruleType: "aclRuleDenyWithErrorLoggerMatchAny", 5889 logEnabled: logEnabled, 5890 counterEnabled: counterEnabled, 5891 comment: cfg.Comment, 5892 action: ruleActionDeny, 5893 tag: tag, 5894 logLevel: logLevel, 5895 conditions: condConfigs, 5896 fields: fields, 5897 }, 5898 conditions: conditions, 5899 fields: fields, 5900 tag: tag, 5901 logger: logger, 5902 } 5903 r = rule 5904 case "aclRuleDenyWithDebugLoggerMatchAll": 5905 rule := &aclRuleDenyWithDebugLoggerMatchAll{ 5906 config: &ruleConfig{ 5907 ruleType: "aclRuleDenyWithDebugLoggerMatchAll", 5908 logEnabled: logEnabled, 5909 counterEnabled: counterEnabled, 5910 comment: cfg.Comment, 5911 action: ruleActionDeny, 5912 tag: tag, 5913 logLevel: logLevel, 5914 matchAll: true, 5915 conditions: condConfigs, 5916 fields: fields, 5917 }, 5918 conditions: conditions, 5919 fields: fields, 5920 tag: tag, 5921 logger: logger, 5922 } 5923 r = rule 5924 case "aclRuleDenyWithInfoLoggerMatchAll": 5925 rule := &aclRuleDenyWithInfoLoggerMatchAll{ 5926 config: &ruleConfig{ 5927 ruleType: "aclRuleDenyWithInfoLoggerMatchAll", 5928 logEnabled: logEnabled, 5929 counterEnabled: counterEnabled, 5930 comment: cfg.Comment, 5931 action: ruleActionDeny, 5932 tag: tag, 5933 logLevel: logLevel, 5934 matchAll: true, 5935 conditions: condConfigs, 5936 fields: fields, 5937 }, 5938 conditions: conditions, 5939 fields: fields, 5940 tag: tag, 5941 logger: logger, 5942 } 5943 r = rule 5944 case "aclRuleDenyWithWarnLoggerMatchAll": 5945 rule := &aclRuleDenyWithWarnLoggerMatchAll{ 5946 config: &ruleConfig{ 5947 ruleType: "aclRuleDenyWithWarnLoggerMatchAll", 5948 logEnabled: logEnabled, 5949 counterEnabled: counterEnabled, 5950 comment: cfg.Comment, 5951 action: ruleActionDeny, 5952 tag: tag, 5953 logLevel: logLevel, 5954 matchAll: true, 5955 conditions: condConfigs, 5956 fields: fields, 5957 }, 5958 conditions: conditions, 5959 fields: fields, 5960 tag: tag, 5961 logger: logger, 5962 } 5963 r = rule 5964 case "aclRuleDenyWithErrorLoggerMatchAll": 5965 rule := &aclRuleDenyWithErrorLoggerMatchAll{ 5966 config: &ruleConfig{ 5967 ruleType: "aclRuleDenyWithErrorLoggerMatchAll", 5968 logEnabled: logEnabled, 5969 counterEnabled: counterEnabled, 5970 comment: cfg.Comment, 5971 action: ruleActionDeny, 5972 tag: tag, 5973 logLevel: logLevel, 5974 matchAll: true, 5975 conditions: condConfigs, 5976 fields: fields, 5977 }, 5978 conditions: conditions, 5979 fields: fields, 5980 tag: tag, 5981 logger: logger, 5982 } 5983 r = rule 5984 case "aclRuleDenyWithDebugLogger": 5985 rule := &aclRuleDenyWithDebugLogger{ 5986 config: &ruleConfig{ 5987 ruleType: "aclRuleDenyWithDebugLogger", 5988 logEnabled: logEnabled, 5989 counterEnabled: counterEnabled, 5990 comment: cfg.Comment, 5991 action: ruleActionDeny, 5992 tag: tag, 5993 logLevel: logLevel, 5994 matchAll: true, 5995 conditions: condConfigs, 5996 fields: fields, 5997 }, 5998 condition: conditions[0], 5999 field: fields[0], 6000 tag: tag, 6001 logger: logger, 6002 } 6003 r = rule 6004 case "aclRuleDenyWithInfoLogger": 6005 rule := &aclRuleDenyWithInfoLogger{ 6006 config: &ruleConfig{ 6007 ruleType: "aclRuleDenyWithInfoLogger", 6008 logEnabled: logEnabled, 6009 counterEnabled: counterEnabled, 6010 comment: cfg.Comment, 6011 action: ruleActionDeny, 6012 tag: tag, 6013 logLevel: logLevel, 6014 matchAll: true, 6015 conditions: condConfigs, 6016 fields: fields, 6017 }, 6018 condition: conditions[0], 6019 field: fields[0], 6020 tag: tag, 6021 logger: logger, 6022 } 6023 r = rule 6024 case "aclRuleDenyWithWarnLogger": 6025 rule := &aclRuleDenyWithWarnLogger{ 6026 config: &ruleConfig{ 6027 ruleType: "aclRuleDenyWithWarnLogger", 6028 logEnabled: logEnabled, 6029 counterEnabled: counterEnabled, 6030 comment: cfg.Comment, 6031 action: ruleActionDeny, 6032 tag: tag, 6033 logLevel: logLevel, 6034 matchAll: true, 6035 conditions: condConfigs, 6036 fields: fields, 6037 }, 6038 condition: conditions[0], 6039 field: fields[0], 6040 tag: tag, 6041 logger: logger, 6042 } 6043 r = rule 6044 case "aclRuleDenyWithErrorLogger": 6045 rule := &aclRuleDenyWithErrorLogger{ 6046 config: &ruleConfig{ 6047 ruleType: "aclRuleDenyWithErrorLogger", 6048 logEnabled: logEnabled, 6049 counterEnabled: counterEnabled, 6050 comment: cfg.Comment, 6051 action: ruleActionDeny, 6052 tag: tag, 6053 logLevel: logLevel, 6054 matchAll: true, 6055 conditions: condConfigs, 6056 fields: fields, 6057 }, 6058 condition: conditions[0], 6059 field: fields[0], 6060 tag: tag, 6061 logger: logger, 6062 } 6063 r = rule 6064 case "aclRuleDenyWithCounterMatchAnyStop": 6065 rule := &aclRuleDenyWithCounterMatchAnyStop{ 6066 config: &ruleConfig{ 6067 ruleType: "aclRuleDenyWithCounterMatchAnyStop", 6068 logEnabled: logEnabled, 6069 counterEnabled: counterEnabled, 6070 comment: cfg.Comment, 6071 action: ruleActionDeny, 6072 conditions: condConfigs, 6073 fields: fields, 6074 }, 6075 conditions: conditions, 6076 fields: fields, 6077 } 6078 r = rule 6079 case "aclRuleDenyWithCounterMatchAllStop": 6080 rule := &aclRuleDenyWithCounterMatchAllStop{ 6081 config: &ruleConfig{ 6082 ruleType: "aclRuleDenyWithCounterMatchAllStop", 6083 logEnabled: logEnabled, 6084 counterEnabled: counterEnabled, 6085 comment: cfg.Comment, 6086 action: ruleActionDeny, 6087 matchAll: true, 6088 conditions: condConfigs, 6089 fields: fields, 6090 }, 6091 conditions: conditions, 6092 fields: fields, 6093 } 6094 r = rule 6095 case "aclRuleDenyWithCounterStop": 6096 rule := &aclRuleDenyWithCounterStop{ 6097 config: &ruleConfig{ 6098 ruleType: "aclRuleDenyWithCounterStop", 6099 logEnabled: logEnabled, 6100 counterEnabled: counterEnabled, 6101 comment: cfg.Comment, 6102 action: ruleActionDeny, 6103 matchAll: true, 6104 conditions: condConfigs, 6105 fields: fields, 6106 }, 6107 condition: conditions[0], 6108 field: fields[0], 6109 } 6110 r = rule 6111 case "aclRuleDenyWithCounterMatchAny": 6112 rule := &aclRuleDenyWithCounterMatchAny{ 6113 config: &ruleConfig{ 6114 ruleType: "aclRuleDenyWithCounterMatchAny", 6115 logEnabled: logEnabled, 6116 counterEnabled: counterEnabled, 6117 comment: cfg.Comment, 6118 action: ruleActionDeny, 6119 conditions: condConfigs, 6120 fields: fields, 6121 }, 6122 conditions: conditions, 6123 fields: fields, 6124 } 6125 r = rule 6126 case "aclRuleDenyWithCounterMatchAll": 6127 rule := &aclRuleDenyWithCounterMatchAll{ 6128 config: &ruleConfig{ 6129 ruleType: "aclRuleDenyWithCounterMatchAll", 6130 logEnabled: logEnabled, 6131 counterEnabled: counterEnabled, 6132 comment: cfg.Comment, 6133 action: ruleActionDeny, 6134 matchAll: true, 6135 conditions: condConfigs, 6136 fields: fields, 6137 }, 6138 conditions: conditions, 6139 fields: fields, 6140 } 6141 r = rule 6142 case "aclRuleDenyWithCounter": 6143 rule := &aclRuleDenyWithCounter{ 6144 config: &ruleConfig{ 6145 ruleType: "aclRuleDenyWithCounter", 6146 logEnabled: logEnabled, 6147 counterEnabled: counterEnabled, 6148 comment: cfg.Comment, 6149 action: ruleActionDeny, 6150 matchAll: true, 6151 conditions: condConfigs, 6152 fields: fields, 6153 }, 6154 condition: conditions[0], 6155 field: fields[0], 6156 } 6157 r = rule 6158 case "aclRuleDenyWithDebugLoggerCounterMatchAnyStop": 6159 rule := &aclRuleDenyWithDebugLoggerCounterMatchAnyStop{ 6160 config: &ruleConfig{ 6161 ruleType: "aclRuleDenyWithDebugLoggerCounterMatchAnyStop", 6162 logEnabled: logEnabled, 6163 counterEnabled: counterEnabled, 6164 comment: cfg.Comment, 6165 action: ruleActionDeny, 6166 tag: tag, 6167 logLevel: logLevel, 6168 conditions: condConfigs, 6169 fields: fields, 6170 }, 6171 conditions: conditions, 6172 fields: fields, 6173 tag: tag, 6174 logger: logger, 6175 } 6176 r = rule 6177 case "aclRuleDenyWithInfoLoggerCounterMatchAnyStop": 6178 rule := &aclRuleDenyWithInfoLoggerCounterMatchAnyStop{ 6179 config: &ruleConfig{ 6180 ruleType: "aclRuleDenyWithInfoLoggerCounterMatchAnyStop", 6181 logEnabled: logEnabled, 6182 counterEnabled: counterEnabled, 6183 comment: cfg.Comment, 6184 action: ruleActionDeny, 6185 tag: tag, 6186 logLevel: logLevel, 6187 conditions: condConfigs, 6188 fields: fields, 6189 }, 6190 conditions: conditions, 6191 fields: fields, 6192 tag: tag, 6193 logger: logger, 6194 } 6195 r = rule 6196 case "aclRuleDenyWithWarnLoggerCounterMatchAnyStop": 6197 rule := &aclRuleDenyWithWarnLoggerCounterMatchAnyStop{ 6198 config: &ruleConfig{ 6199 ruleType: "aclRuleDenyWithWarnLoggerCounterMatchAnyStop", 6200 logEnabled: logEnabled, 6201 counterEnabled: counterEnabled, 6202 comment: cfg.Comment, 6203 action: ruleActionDeny, 6204 tag: tag, 6205 logLevel: logLevel, 6206 conditions: condConfigs, 6207 fields: fields, 6208 }, 6209 conditions: conditions, 6210 fields: fields, 6211 tag: tag, 6212 logger: logger, 6213 } 6214 r = rule 6215 case "aclRuleDenyWithErrorLoggerCounterMatchAnyStop": 6216 rule := &aclRuleDenyWithErrorLoggerCounterMatchAnyStop{ 6217 config: &ruleConfig{ 6218 ruleType: "aclRuleDenyWithErrorLoggerCounterMatchAnyStop", 6219 logEnabled: logEnabled, 6220 counterEnabled: counterEnabled, 6221 comment: cfg.Comment, 6222 action: ruleActionDeny, 6223 tag: tag, 6224 logLevel: logLevel, 6225 conditions: condConfigs, 6226 fields: fields, 6227 }, 6228 conditions: conditions, 6229 fields: fields, 6230 tag: tag, 6231 logger: logger, 6232 } 6233 r = rule 6234 case "aclRuleDenyWithDebugLoggerCounterMatchAllStop": 6235 rule := &aclRuleDenyWithDebugLoggerCounterMatchAllStop{ 6236 config: &ruleConfig{ 6237 ruleType: "aclRuleDenyWithDebugLoggerCounterMatchAllStop", 6238 logEnabled: logEnabled, 6239 counterEnabled: counterEnabled, 6240 comment: cfg.Comment, 6241 action: ruleActionDeny, 6242 tag: tag, 6243 logLevel: logLevel, 6244 matchAll: true, 6245 conditions: condConfigs, 6246 fields: fields, 6247 }, 6248 conditions: conditions, 6249 fields: fields, 6250 tag: tag, 6251 logger: logger, 6252 } 6253 r = rule 6254 case "aclRuleDenyWithInfoLoggerCounterMatchAllStop": 6255 rule := &aclRuleDenyWithInfoLoggerCounterMatchAllStop{ 6256 config: &ruleConfig{ 6257 ruleType: "aclRuleDenyWithInfoLoggerCounterMatchAllStop", 6258 logEnabled: logEnabled, 6259 counterEnabled: counterEnabled, 6260 comment: cfg.Comment, 6261 action: ruleActionDeny, 6262 tag: tag, 6263 logLevel: logLevel, 6264 matchAll: true, 6265 conditions: condConfigs, 6266 fields: fields, 6267 }, 6268 conditions: conditions, 6269 fields: fields, 6270 tag: tag, 6271 logger: logger, 6272 } 6273 r = rule 6274 case "aclRuleDenyWithWarnLoggerCounterMatchAllStop": 6275 rule := &aclRuleDenyWithWarnLoggerCounterMatchAllStop{ 6276 config: &ruleConfig{ 6277 ruleType: "aclRuleDenyWithWarnLoggerCounterMatchAllStop", 6278 logEnabled: logEnabled, 6279 counterEnabled: counterEnabled, 6280 comment: cfg.Comment, 6281 action: ruleActionDeny, 6282 tag: tag, 6283 logLevel: logLevel, 6284 matchAll: true, 6285 conditions: condConfigs, 6286 fields: fields, 6287 }, 6288 conditions: conditions, 6289 fields: fields, 6290 tag: tag, 6291 logger: logger, 6292 } 6293 r = rule 6294 case "aclRuleDenyWithErrorLoggerCounterMatchAllStop": 6295 rule := &aclRuleDenyWithErrorLoggerCounterMatchAllStop{ 6296 config: &ruleConfig{ 6297 ruleType: "aclRuleDenyWithErrorLoggerCounterMatchAllStop", 6298 logEnabled: logEnabled, 6299 counterEnabled: counterEnabled, 6300 comment: cfg.Comment, 6301 action: ruleActionDeny, 6302 tag: tag, 6303 logLevel: logLevel, 6304 matchAll: true, 6305 conditions: condConfigs, 6306 fields: fields, 6307 }, 6308 conditions: conditions, 6309 fields: fields, 6310 tag: tag, 6311 logger: logger, 6312 } 6313 r = rule 6314 case "aclRuleDenyWithDebugLoggerCounterStop": 6315 rule := &aclRuleDenyWithDebugLoggerCounterStop{ 6316 config: &ruleConfig{ 6317 ruleType: "aclRuleDenyWithDebugLoggerCounterStop", 6318 logEnabled: logEnabled, 6319 counterEnabled: counterEnabled, 6320 comment: cfg.Comment, 6321 action: ruleActionDeny, 6322 tag: tag, 6323 logLevel: logLevel, 6324 matchAll: true, 6325 conditions: condConfigs, 6326 fields: fields, 6327 }, 6328 condition: conditions[0], 6329 field: fields[0], 6330 tag: tag, 6331 logger: logger, 6332 } 6333 r = rule 6334 case "aclRuleDenyWithInfoLoggerCounterStop": 6335 rule := &aclRuleDenyWithInfoLoggerCounterStop{ 6336 config: &ruleConfig{ 6337 ruleType: "aclRuleDenyWithInfoLoggerCounterStop", 6338 logEnabled: logEnabled, 6339 counterEnabled: counterEnabled, 6340 comment: cfg.Comment, 6341 action: ruleActionDeny, 6342 tag: tag, 6343 logLevel: logLevel, 6344 matchAll: true, 6345 conditions: condConfigs, 6346 fields: fields, 6347 }, 6348 condition: conditions[0], 6349 field: fields[0], 6350 tag: tag, 6351 logger: logger, 6352 } 6353 r = rule 6354 case "aclRuleDenyWithWarnLoggerCounterStop": 6355 rule := &aclRuleDenyWithWarnLoggerCounterStop{ 6356 config: &ruleConfig{ 6357 ruleType: "aclRuleDenyWithWarnLoggerCounterStop", 6358 logEnabled: logEnabled, 6359 counterEnabled: counterEnabled, 6360 comment: cfg.Comment, 6361 action: ruleActionDeny, 6362 tag: tag, 6363 logLevel: logLevel, 6364 matchAll: true, 6365 conditions: condConfigs, 6366 fields: fields, 6367 }, 6368 condition: conditions[0], 6369 field: fields[0], 6370 tag: tag, 6371 logger: logger, 6372 } 6373 r = rule 6374 case "aclRuleDenyWithErrorLoggerCounterStop": 6375 rule := &aclRuleDenyWithErrorLoggerCounterStop{ 6376 config: &ruleConfig{ 6377 ruleType: "aclRuleDenyWithErrorLoggerCounterStop", 6378 logEnabled: logEnabled, 6379 counterEnabled: counterEnabled, 6380 comment: cfg.Comment, 6381 action: ruleActionDeny, 6382 tag: tag, 6383 logLevel: logLevel, 6384 matchAll: true, 6385 conditions: condConfigs, 6386 fields: fields, 6387 }, 6388 condition: conditions[0], 6389 field: fields[0], 6390 tag: tag, 6391 logger: logger, 6392 } 6393 r = rule 6394 case "aclRuleDenyWithDebugLoggerCounterMatchAny": 6395 rule := &aclRuleDenyWithDebugLoggerCounterMatchAny{ 6396 config: &ruleConfig{ 6397 ruleType: "aclRuleDenyWithDebugLoggerCounterMatchAny", 6398 logEnabled: logEnabled, 6399 counterEnabled: counterEnabled, 6400 comment: cfg.Comment, 6401 action: ruleActionDeny, 6402 tag: tag, 6403 logLevel: logLevel, 6404 conditions: condConfigs, 6405 fields: fields, 6406 }, 6407 conditions: conditions, 6408 fields: fields, 6409 tag: tag, 6410 logger: logger, 6411 } 6412 r = rule 6413 case "aclRuleDenyWithInfoLoggerCounterMatchAny": 6414 rule := &aclRuleDenyWithInfoLoggerCounterMatchAny{ 6415 config: &ruleConfig{ 6416 ruleType: "aclRuleDenyWithInfoLoggerCounterMatchAny", 6417 logEnabled: logEnabled, 6418 counterEnabled: counterEnabled, 6419 comment: cfg.Comment, 6420 action: ruleActionDeny, 6421 tag: tag, 6422 logLevel: logLevel, 6423 conditions: condConfigs, 6424 fields: fields, 6425 }, 6426 conditions: conditions, 6427 fields: fields, 6428 tag: tag, 6429 logger: logger, 6430 } 6431 r = rule 6432 case "aclRuleDenyWithWarnLoggerCounterMatchAny": 6433 rule := &aclRuleDenyWithWarnLoggerCounterMatchAny{ 6434 config: &ruleConfig{ 6435 ruleType: "aclRuleDenyWithWarnLoggerCounterMatchAny", 6436 logEnabled: logEnabled, 6437 counterEnabled: counterEnabled, 6438 comment: cfg.Comment, 6439 action: ruleActionDeny, 6440 tag: tag, 6441 logLevel: logLevel, 6442 conditions: condConfigs, 6443 fields: fields, 6444 }, 6445 conditions: conditions, 6446 fields: fields, 6447 tag: tag, 6448 logger: logger, 6449 } 6450 r = rule 6451 case "aclRuleDenyWithErrorLoggerCounterMatchAny": 6452 rule := &aclRuleDenyWithErrorLoggerCounterMatchAny{ 6453 config: &ruleConfig{ 6454 ruleType: "aclRuleDenyWithErrorLoggerCounterMatchAny", 6455 logEnabled: logEnabled, 6456 counterEnabled: counterEnabled, 6457 comment: cfg.Comment, 6458 action: ruleActionDeny, 6459 tag: tag, 6460 logLevel: logLevel, 6461 conditions: condConfigs, 6462 fields: fields, 6463 }, 6464 conditions: conditions, 6465 fields: fields, 6466 tag: tag, 6467 logger: logger, 6468 } 6469 r = rule 6470 case "aclRuleDenyWithDebugLoggerCounterMatchAll": 6471 rule := &aclRuleDenyWithDebugLoggerCounterMatchAll{ 6472 config: &ruleConfig{ 6473 ruleType: "aclRuleDenyWithDebugLoggerCounterMatchAll", 6474 logEnabled: logEnabled, 6475 counterEnabled: counterEnabled, 6476 comment: cfg.Comment, 6477 action: ruleActionDeny, 6478 tag: tag, 6479 logLevel: logLevel, 6480 matchAll: true, 6481 conditions: condConfigs, 6482 fields: fields, 6483 }, 6484 conditions: conditions, 6485 fields: fields, 6486 tag: tag, 6487 logger: logger, 6488 } 6489 r = rule 6490 case "aclRuleDenyWithInfoLoggerCounterMatchAll": 6491 rule := &aclRuleDenyWithInfoLoggerCounterMatchAll{ 6492 config: &ruleConfig{ 6493 ruleType: "aclRuleDenyWithInfoLoggerCounterMatchAll", 6494 logEnabled: logEnabled, 6495 counterEnabled: counterEnabled, 6496 comment: cfg.Comment, 6497 action: ruleActionDeny, 6498 tag: tag, 6499 logLevel: logLevel, 6500 matchAll: true, 6501 conditions: condConfigs, 6502 fields: fields, 6503 }, 6504 conditions: conditions, 6505 fields: fields, 6506 tag: tag, 6507 logger: logger, 6508 } 6509 r = rule 6510 case "aclRuleDenyWithWarnLoggerCounterMatchAll": 6511 rule := &aclRuleDenyWithWarnLoggerCounterMatchAll{ 6512 config: &ruleConfig{ 6513 ruleType: "aclRuleDenyWithWarnLoggerCounterMatchAll", 6514 logEnabled: logEnabled, 6515 counterEnabled: counterEnabled, 6516 comment: cfg.Comment, 6517 action: ruleActionDeny, 6518 tag: tag, 6519 logLevel: logLevel, 6520 matchAll: true, 6521 conditions: condConfigs, 6522 fields: fields, 6523 }, 6524 conditions: conditions, 6525 fields: fields, 6526 tag: tag, 6527 logger: logger, 6528 } 6529 r = rule 6530 case "aclRuleDenyWithErrorLoggerCounterMatchAll": 6531 rule := &aclRuleDenyWithErrorLoggerCounterMatchAll{ 6532 config: &ruleConfig{ 6533 ruleType: "aclRuleDenyWithErrorLoggerCounterMatchAll", 6534 logEnabled: logEnabled, 6535 counterEnabled: counterEnabled, 6536 comment: cfg.Comment, 6537 action: ruleActionDeny, 6538 tag: tag, 6539 logLevel: logLevel, 6540 matchAll: true, 6541 conditions: condConfigs, 6542 fields: fields, 6543 }, 6544 conditions: conditions, 6545 fields: fields, 6546 tag: tag, 6547 logger: logger, 6548 } 6549 r = rule 6550 case "aclRuleDenyWithDebugLoggerCounter": 6551 rule := &aclRuleDenyWithDebugLoggerCounter{ 6552 config: &ruleConfig{ 6553 ruleType: "aclRuleDenyWithDebugLoggerCounter", 6554 logEnabled: logEnabled, 6555 counterEnabled: counterEnabled, 6556 comment: cfg.Comment, 6557 action: ruleActionDeny, 6558 tag: tag, 6559 logLevel: logLevel, 6560 matchAll: true, 6561 conditions: condConfigs, 6562 fields: fields, 6563 }, 6564 condition: conditions[0], 6565 field: fields[0], 6566 tag: tag, 6567 logger: logger, 6568 } 6569 r = rule 6570 case "aclRuleDenyWithInfoLoggerCounter": 6571 rule := &aclRuleDenyWithInfoLoggerCounter{ 6572 config: &ruleConfig{ 6573 ruleType: "aclRuleDenyWithInfoLoggerCounter", 6574 logEnabled: logEnabled, 6575 counterEnabled: counterEnabled, 6576 comment: cfg.Comment, 6577 action: ruleActionDeny, 6578 tag: tag, 6579 logLevel: logLevel, 6580 matchAll: true, 6581 conditions: condConfigs, 6582 fields: fields, 6583 }, 6584 condition: conditions[0], 6585 field: fields[0], 6586 tag: tag, 6587 logger: logger, 6588 } 6589 r = rule 6590 case "aclRuleDenyWithWarnLoggerCounter": 6591 rule := &aclRuleDenyWithWarnLoggerCounter{ 6592 config: &ruleConfig{ 6593 ruleType: "aclRuleDenyWithWarnLoggerCounter", 6594 logEnabled: logEnabled, 6595 counterEnabled: counterEnabled, 6596 comment: cfg.Comment, 6597 action: ruleActionDeny, 6598 tag: tag, 6599 logLevel: logLevel, 6600 matchAll: true, 6601 conditions: condConfigs, 6602 fields: fields, 6603 }, 6604 condition: conditions[0], 6605 field: fields[0], 6606 tag: tag, 6607 logger: logger, 6608 } 6609 r = rule 6610 case "aclRuleDenyWithErrorLoggerCounter": 6611 rule := &aclRuleDenyWithErrorLoggerCounter{ 6612 config: &ruleConfig{ 6613 ruleType: "aclRuleDenyWithErrorLoggerCounter", 6614 logEnabled: logEnabled, 6615 counterEnabled: counterEnabled, 6616 comment: cfg.Comment, 6617 action: ruleActionDeny, 6618 tag: tag, 6619 logLevel: logLevel, 6620 matchAll: true, 6621 conditions: condConfigs, 6622 fields: fields, 6623 }, 6624 condition: conditions[0], 6625 field: fields[0], 6626 tag: tag, 6627 logger: logger, 6628 } 6629 r = rule 6630 case "aclRuleFieldCheckAllowMatchAnyStop": 6631 rule := &aclRuleFieldCheckAllowMatchAnyStop{ 6632 config: &ruleConfig{ 6633 ruleType: "aclRuleFieldCheckAllowMatchAnyStop", 6634 logEnabled: logEnabled, 6635 counterEnabled: counterEnabled, 6636 comment: cfg.Comment, 6637 action: ruleActionAllow, 6638 checkFields: checkFields, 6639 conditions: condConfigs, 6640 fields: fields, 6641 }, 6642 conditions: conditions, 6643 fields: fields, 6644 checkFields: checkFields, 6645 } 6646 r = rule 6647 case "aclRuleFieldCheckAllowMatchAllStop": 6648 rule := &aclRuleFieldCheckAllowMatchAllStop{ 6649 config: &ruleConfig{ 6650 ruleType: "aclRuleFieldCheckAllowMatchAllStop", 6651 logEnabled: logEnabled, 6652 counterEnabled: counterEnabled, 6653 comment: cfg.Comment, 6654 action: ruleActionAllow, 6655 checkFields: checkFields, 6656 matchAll: true, 6657 conditions: condConfigs, 6658 fields: fields, 6659 }, 6660 conditions: conditions, 6661 fields: fields, 6662 checkFields: checkFields, 6663 } 6664 r = rule 6665 case "aclRuleFieldCheckAllowStop": 6666 rule := &aclRuleFieldCheckAllowStop{ 6667 config: &ruleConfig{ 6668 ruleType: "aclRuleFieldCheckAllowStop", 6669 logEnabled: logEnabled, 6670 counterEnabled: counterEnabled, 6671 comment: cfg.Comment, 6672 action: ruleActionAllow, 6673 checkFields: checkFields, 6674 matchAll: true, 6675 conditions: condConfigs, 6676 fields: fields, 6677 }, 6678 condition: conditions[0], 6679 field: fields[0], 6680 checkFields: checkFields, 6681 } 6682 r = rule 6683 case "aclRuleFieldCheckAllowMatchAny": 6684 rule := &aclRuleFieldCheckAllowMatchAny{ 6685 config: &ruleConfig{ 6686 ruleType: "aclRuleFieldCheckAllowMatchAny", 6687 logEnabled: logEnabled, 6688 counterEnabled: counterEnabled, 6689 comment: cfg.Comment, 6690 action: ruleActionAllow, 6691 checkFields: checkFields, 6692 conditions: condConfigs, 6693 fields: fields, 6694 }, 6695 conditions: conditions, 6696 fields: fields, 6697 checkFields: checkFields, 6698 } 6699 r = rule 6700 case "aclRuleFieldCheckAllowMatchAll": 6701 rule := &aclRuleFieldCheckAllowMatchAll{ 6702 config: &ruleConfig{ 6703 ruleType: "aclRuleFieldCheckAllowMatchAll", 6704 logEnabled: logEnabled, 6705 counterEnabled: counterEnabled, 6706 comment: cfg.Comment, 6707 action: ruleActionAllow, 6708 checkFields: checkFields, 6709 matchAll: true, 6710 conditions: condConfigs, 6711 fields: fields, 6712 }, 6713 conditions: conditions, 6714 fields: fields, 6715 checkFields: checkFields, 6716 } 6717 r = rule 6718 case "aclRuleFieldCheckAllow": 6719 rule := &aclRuleFieldCheckAllow{ 6720 config: &ruleConfig{ 6721 ruleType: "aclRuleFieldCheckAllow", 6722 logEnabled: logEnabled, 6723 counterEnabled: counterEnabled, 6724 comment: cfg.Comment, 6725 action: ruleActionAllow, 6726 checkFields: checkFields, 6727 matchAll: true, 6728 conditions: condConfigs, 6729 fields: fields, 6730 }, 6731 condition: conditions[0], 6732 field: fields[0], 6733 checkFields: checkFields, 6734 } 6735 r = rule 6736 case "aclRuleFieldCheckAllowWithDebugLoggerMatchAnyStop": 6737 rule := &aclRuleFieldCheckAllowWithDebugLoggerMatchAnyStop{ 6738 config: &ruleConfig{ 6739 ruleType: "aclRuleFieldCheckAllowWithDebugLoggerMatchAnyStop", 6740 logEnabled: logEnabled, 6741 counterEnabled: counterEnabled, 6742 comment: cfg.Comment, 6743 action: ruleActionAllow, 6744 tag: tag, 6745 logLevel: logLevel, 6746 checkFields: checkFields, 6747 conditions: condConfigs, 6748 fields: fields, 6749 }, 6750 conditions: conditions, 6751 fields: fields, 6752 checkFields: checkFields, 6753 tag: tag, 6754 logger: logger, 6755 } 6756 r = rule 6757 case "aclRuleFieldCheckAllowWithInfoLoggerMatchAnyStop": 6758 rule := &aclRuleFieldCheckAllowWithInfoLoggerMatchAnyStop{ 6759 config: &ruleConfig{ 6760 ruleType: "aclRuleFieldCheckAllowWithInfoLoggerMatchAnyStop", 6761 logEnabled: logEnabled, 6762 counterEnabled: counterEnabled, 6763 comment: cfg.Comment, 6764 action: ruleActionAllow, 6765 tag: tag, 6766 logLevel: logLevel, 6767 checkFields: checkFields, 6768 conditions: condConfigs, 6769 fields: fields, 6770 }, 6771 conditions: conditions, 6772 fields: fields, 6773 checkFields: checkFields, 6774 tag: tag, 6775 logger: logger, 6776 } 6777 r = rule 6778 case "aclRuleFieldCheckAllowWithWarnLoggerMatchAnyStop": 6779 rule := &aclRuleFieldCheckAllowWithWarnLoggerMatchAnyStop{ 6780 config: &ruleConfig{ 6781 ruleType: "aclRuleFieldCheckAllowWithWarnLoggerMatchAnyStop", 6782 logEnabled: logEnabled, 6783 counterEnabled: counterEnabled, 6784 comment: cfg.Comment, 6785 action: ruleActionAllow, 6786 tag: tag, 6787 logLevel: logLevel, 6788 checkFields: checkFields, 6789 conditions: condConfigs, 6790 fields: fields, 6791 }, 6792 conditions: conditions, 6793 fields: fields, 6794 checkFields: checkFields, 6795 tag: tag, 6796 logger: logger, 6797 } 6798 r = rule 6799 case "aclRuleFieldCheckAllowWithErrorLoggerMatchAnyStop": 6800 rule := &aclRuleFieldCheckAllowWithErrorLoggerMatchAnyStop{ 6801 config: &ruleConfig{ 6802 ruleType: "aclRuleFieldCheckAllowWithErrorLoggerMatchAnyStop", 6803 logEnabled: logEnabled, 6804 counterEnabled: counterEnabled, 6805 comment: cfg.Comment, 6806 action: ruleActionAllow, 6807 tag: tag, 6808 logLevel: logLevel, 6809 checkFields: checkFields, 6810 conditions: condConfigs, 6811 fields: fields, 6812 }, 6813 conditions: conditions, 6814 fields: fields, 6815 checkFields: checkFields, 6816 tag: tag, 6817 logger: logger, 6818 } 6819 r = rule 6820 case "aclRuleFieldCheckAllowWithDebugLoggerMatchAllStop": 6821 rule := &aclRuleFieldCheckAllowWithDebugLoggerMatchAllStop{ 6822 config: &ruleConfig{ 6823 ruleType: "aclRuleFieldCheckAllowWithDebugLoggerMatchAllStop", 6824 logEnabled: logEnabled, 6825 counterEnabled: counterEnabled, 6826 comment: cfg.Comment, 6827 action: ruleActionAllow, 6828 tag: tag, 6829 logLevel: logLevel, 6830 checkFields: checkFields, 6831 matchAll: true, 6832 conditions: condConfigs, 6833 fields: fields, 6834 }, 6835 conditions: conditions, 6836 fields: fields, 6837 checkFields: checkFields, 6838 tag: tag, 6839 logger: logger, 6840 } 6841 r = rule 6842 case "aclRuleFieldCheckAllowWithInfoLoggerMatchAllStop": 6843 rule := &aclRuleFieldCheckAllowWithInfoLoggerMatchAllStop{ 6844 config: &ruleConfig{ 6845 ruleType: "aclRuleFieldCheckAllowWithInfoLoggerMatchAllStop", 6846 logEnabled: logEnabled, 6847 counterEnabled: counterEnabled, 6848 comment: cfg.Comment, 6849 action: ruleActionAllow, 6850 tag: tag, 6851 logLevel: logLevel, 6852 checkFields: checkFields, 6853 matchAll: true, 6854 conditions: condConfigs, 6855 fields: fields, 6856 }, 6857 conditions: conditions, 6858 fields: fields, 6859 checkFields: checkFields, 6860 tag: tag, 6861 logger: logger, 6862 } 6863 r = rule 6864 case "aclRuleFieldCheckAllowWithWarnLoggerMatchAllStop": 6865 rule := &aclRuleFieldCheckAllowWithWarnLoggerMatchAllStop{ 6866 config: &ruleConfig{ 6867 ruleType: "aclRuleFieldCheckAllowWithWarnLoggerMatchAllStop", 6868 logEnabled: logEnabled, 6869 counterEnabled: counterEnabled, 6870 comment: cfg.Comment, 6871 action: ruleActionAllow, 6872 tag: tag, 6873 logLevel: logLevel, 6874 checkFields: checkFields, 6875 matchAll: true, 6876 conditions: condConfigs, 6877 fields: fields, 6878 }, 6879 conditions: conditions, 6880 fields: fields, 6881 checkFields: checkFields, 6882 tag: tag, 6883 logger: logger, 6884 } 6885 r = rule 6886 case "aclRuleFieldCheckAllowWithErrorLoggerMatchAllStop": 6887 rule := &aclRuleFieldCheckAllowWithErrorLoggerMatchAllStop{ 6888 config: &ruleConfig{ 6889 ruleType: "aclRuleFieldCheckAllowWithErrorLoggerMatchAllStop", 6890 logEnabled: logEnabled, 6891 counterEnabled: counterEnabled, 6892 comment: cfg.Comment, 6893 action: ruleActionAllow, 6894 tag: tag, 6895 logLevel: logLevel, 6896 checkFields: checkFields, 6897 matchAll: true, 6898 conditions: condConfigs, 6899 fields: fields, 6900 }, 6901 conditions: conditions, 6902 fields: fields, 6903 checkFields: checkFields, 6904 tag: tag, 6905 logger: logger, 6906 } 6907 r = rule 6908 case "aclRuleFieldCheckAllowWithDebugLoggerStop": 6909 rule := &aclRuleFieldCheckAllowWithDebugLoggerStop{ 6910 config: &ruleConfig{ 6911 ruleType: "aclRuleFieldCheckAllowWithDebugLoggerStop", 6912 logEnabled: logEnabled, 6913 counterEnabled: counterEnabled, 6914 comment: cfg.Comment, 6915 action: ruleActionAllow, 6916 tag: tag, 6917 logLevel: logLevel, 6918 checkFields: checkFields, 6919 matchAll: true, 6920 conditions: condConfigs, 6921 fields: fields, 6922 }, 6923 condition: conditions[0], 6924 field: fields[0], 6925 checkFields: checkFields, 6926 tag: tag, 6927 logger: logger, 6928 } 6929 r = rule 6930 case "aclRuleFieldCheckAllowWithInfoLoggerStop": 6931 rule := &aclRuleFieldCheckAllowWithInfoLoggerStop{ 6932 config: &ruleConfig{ 6933 ruleType: "aclRuleFieldCheckAllowWithInfoLoggerStop", 6934 logEnabled: logEnabled, 6935 counterEnabled: counterEnabled, 6936 comment: cfg.Comment, 6937 action: ruleActionAllow, 6938 tag: tag, 6939 logLevel: logLevel, 6940 checkFields: checkFields, 6941 matchAll: true, 6942 conditions: condConfigs, 6943 fields: fields, 6944 }, 6945 condition: conditions[0], 6946 field: fields[0], 6947 checkFields: checkFields, 6948 tag: tag, 6949 logger: logger, 6950 } 6951 r = rule 6952 case "aclRuleFieldCheckAllowWithWarnLoggerStop": 6953 rule := &aclRuleFieldCheckAllowWithWarnLoggerStop{ 6954 config: &ruleConfig{ 6955 ruleType: "aclRuleFieldCheckAllowWithWarnLoggerStop", 6956 logEnabled: logEnabled, 6957 counterEnabled: counterEnabled, 6958 comment: cfg.Comment, 6959 action: ruleActionAllow, 6960 tag: tag, 6961 logLevel: logLevel, 6962 checkFields: checkFields, 6963 matchAll: true, 6964 conditions: condConfigs, 6965 fields: fields, 6966 }, 6967 condition: conditions[0], 6968 field: fields[0], 6969 checkFields: checkFields, 6970 tag: tag, 6971 logger: logger, 6972 } 6973 r = rule 6974 case "aclRuleFieldCheckAllowWithErrorLoggerStop": 6975 rule := &aclRuleFieldCheckAllowWithErrorLoggerStop{ 6976 config: &ruleConfig{ 6977 ruleType: "aclRuleFieldCheckAllowWithErrorLoggerStop", 6978 logEnabled: logEnabled, 6979 counterEnabled: counterEnabled, 6980 comment: cfg.Comment, 6981 action: ruleActionAllow, 6982 tag: tag, 6983 logLevel: logLevel, 6984 checkFields: checkFields, 6985 matchAll: true, 6986 conditions: condConfigs, 6987 fields: fields, 6988 }, 6989 condition: conditions[0], 6990 field: fields[0], 6991 checkFields: checkFields, 6992 tag: tag, 6993 logger: logger, 6994 } 6995 r = rule 6996 case "aclRuleFieldCheckAllowWithDebugLoggerMatchAny": 6997 rule := &aclRuleFieldCheckAllowWithDebugLoggerMatchAny{ 6998 config: &ruleConfig{ 6999 ruleType: "aclRuleFieldCheckAllowWithDebugLoggerMatchAny", 7000 logEnabled: logEnabled, 7001 counterEnabled: counterEnabled, 7002 comment: cfg.Comment, 7003 action: ruleActionAllow, 7004 tag: tag, 7005 logLevel: logLevel, 7006 checkFields: checkFields, 7007 conditions: condConfigs, 7008 fields: fields, 7009 }, 7010 conditions: conditions, 7011 fields: fields, 7012 checkFields: checkFields, 7013 tag: tag, 7014 logger: logger, 7015 } 7016 r = rule 7017 case "aclRuleFieldCheckAllowWithInfoLoggerMatchAny": 7018 rule := &aclRuleFieldCheckAllowWithInfoLoggerMatchAny{ 7019 config: &ruleConfig{ 7020 ruleType: "aclRuleFieldCheckAllowWithInfoLoggerMatchAny", 7021 logEnabled: logEnabled, 7022 counterEnabled: counterEnabled, 7023 comment: cfg.Comment, 7024 action: ruleActionAllow, 7025 tag: tag, 7026 logLevel: logLevel, 7027 checkFields: checkFields, 7028 conditions: condConfigs, 7029 fields: fields, 7030 }, 7031 conditions: conditions, 7032 fields: fields, 7033 checkFields: checkFields, 7034 tag: tag, 7035 logger: logger, 7036 } 7037 r = rule 7038 case "aclRuleFieldCheckAllowWithWarnLoggerMatchAny": 7039 rule := &aclRuleFieldCheckAllowWithWarnLoggerMatchAny{ 7040 config: &ruleConfig{ 7041 ruleType: "aclRuleFieldCheckAllowWithWarnLoggerMatchAny", 7042 logEnabled: logEnabled, 7043 counterEnabled: counterEnabled, 7044 comment: cfg.Comment, 7045 action: ruleActionAllow, 7046 tag: tag, 7047 logLevel: logLevel, 7048 checkFields: checkFields, 7049 conditions: condConfigs, 7050 fields: fields, 7051 }, 7052 conditions: conditions, 7053 fields: fields, 7054 checkFields: checkFields, 7055 tag: tag, 7056 logger: logger, 7057 } 7058 r = rule 7059 case "aclRuleFieldCheckAllowWithErrorLoggerMatchAny": 7060 rule := &aclRuleFieldCheckAllowWithErrorLoggerMatchAny{ 7061 config: &ruleConfig{ 7062 ruleType: "aclRuleFieldCheckAllowWithErrorLoggerMatchAny", 7063 logEnabled: logEnabled, 7064 counterEnabled: counterEnabled, 7065 comment: cfg.Comment, 7066 action: ruleActionAllow, 7067 tag: tag, 7068 logLevel: logLevel, 7069 checkFields: checkFields, 7070 conditions: condConfigs, 7071 fields: fields, 7072 }, 7073 conditions: conditions, 7074 fields: fields, 7075 checkFields: checkFields, 7076 tag: tag, 7077 logger: logger, 7078 } 7079 r = rule 7080 case "aclRuleFieldCheckAllowWithDebugLoggerMatchAll": 7081 rule := &aclRuleFieldCheckAllowWithDebugLoggerMatchAll{ 7082 config: &ruleConfig{ 7083 ruleType: "aclRuleFieldCheckAllowWithDebugLoggerMatchAll", 7084 logEnabled: logEnabled, 7085 counterEnabled: counterEnabled, 7086 comment: cfg.Comment, 7087 action: ruleActionAllow, 7088 tag: tag, 7089 logLevel: logLevel, 7090 checkFields: checkFields, 7091 matchAll: true, 7092 conditions: condConfigs, 7093 fields: fields, 7094 }, 7095 conditions: conditions, 7096 fields: fields, 7097 checkFields: checkFields, 7098 tag: tag, 7099 logger: logger, 7100 } 7101 r = rule 7102 case "aclRuleFieldCheckAllowWithInfoLoggerMatchAll": 7103 rule := &aclRuleFieldCheckAllowWithInfoLoggerMatchAll{ 7104 config: &ruleConfig{ 7105 ruleType: "aclRuleFieldCheckAllowWithInfoLoggerMatchAll", 7106 logEnabled: logEnabled, 7107 counterEnabled: counterEnabled, 7108 comment: cfg.Comment, 7109 action: ruleActionAllow, 7110 tag: tag, 7111 logLevel: logLevel, 7112 checkFields: checkFields, 7113 matchAll: true, 7114 conditions: condConfigs, 7115 fields: fields, 7116 }, 7117 conditions: conditions, 7118 fields: fields, 7119 checkFields: checkFields, 7120 tag: tag, 7121 logger: logger, 7122 } 7123 r = rule 7124 case "aclRuleFieldCheckAllowWithWarnLoggerMatchAll": 7125 rule := &aclRuleFieldCheckAllowWithWarnLoggerMatchAll{ 7126 config: &ruleConfig{ 7127 ruleType: "aclRuleFieldCheckAllowWithWarnLoggerMatchAll", 7128 logEnabled: logEnabled, 7129 counterEnabled: counterEnabled, 7130 comment: cfg.Comment, 7131 action: ruleActionAllow, 7132 tag: tag, 7133 logLevel: logLevel, 7134 checkFields: checkFields, 7135 matchAll: true, 7136 conditions: condConfigs, 7137 fields: fields, 7138 }, 7139 conditions: conditions, 7140 fields: fields, 7141 checkFields: checkFields, 7142 tag: tag, 7143 logger: logger, 7144 } 7145 r = rule 7146 case "aclRuleFieldCheckAllowWithErrorLoggerMatchAll": 7147 rule := &aclRuleFieldCheckAllowWithErrorLoggerMatchAll{ 7148 config: &ruleConfig{ 7149 ruleType: "aclRuleFieldCheckAllowWithErrorLoggerMatchAll", 7150 logEnabled: logEnabled, 7151 counterEnabled: counterEnabled, 7152 comment: cfg.Comment, 7153 action: ruleActionAllow, 7154 tag: tag, 7155 logLevel: logLevel, 7156 checkFields: checkFields, 7157 matchAll: true, 7158 conditions: condConfigs, 7159 fields: fields, 7160 }, 7161 conditions: conditions, 7162 fields: fields, 7163 checkFields: checkFields, 7164 tag: tag, 7165 logger: logger, 7166 } 7167 r = rule 7168 case "aclRuleFieldCheckAllowWithDebugLogger": 7169 rule := &aclRuleFieldCheckAllowWithDebugLogger{ 7170 config: &ruleConfig{ 7171 ruleType: "aclRuleFieldCheckAllowWithDebugLogger", 7172 logEnabled: logEnabled, 7173 counterEnabled: counterEnabled, 7174 comment: cfg.Comment, 7175 action: ruleActionAllow, 7176 tag: tag, 7177 logLevel: logLevel, 7178 checkFields: checkFields, 7179 matchAll: true, 7180 conditions: condConfigs, 7181 fields: fields, 7182 }, 7183 condition: conditions[0], 7184 field: fields[0], 7185 checkFields: checkFields, 7186 tag: tag, 7187 logger: logger, 7188 } 7189 r = rule 7190 case "aclRuleFieldCheckAllowWithInfoLogger": 7191 rule := &aclRuleFieldCheckAllowWithInfoLogger{ 7192 config: &ruleConfig{ 7193 ruleType: "aclRuleFieldCheckAllowWithInfoLogger", 7194 logEnabled: logEnabled, 7195 counterEnabled: counterEnabled, 7196 comment: cfg.Comment, 7197 action: ruleActionAllow, 7198 tag: tag, 7199 logLevel: logLevel, 7200 checkFields: checkFields, 7201 matchAll: true, 7202 conditions: condConfigs, 7203 fields: fields, 7204 }, 7205 condition: conditions[0], 7206 field: fields[0], 7207 checkFields: checkFields, 7208 tag: tag, 7209 logger: logger, 7210 } 7211 r = rule 7212 case "aclRuleFieldCheckAllowWithWarnLogger": 7213 rule := &aclRuleFieldCheckAllowWithWarnLogger{ 7214 config: &ruleConfig{ 7215 ruleType: "aclRuleFieldCheckAllowWithWarnLogger", 7216 logEnabled: logEnabled, 7217 counterEnabled: counterEnabled, 7218 comment: cfg.Comment, 7219 action: ruleActionAllow, 7220 tag: tag, 7221 logLevel: logLevel, 7222 checkFields: checkFields, 7223 matchAll: true, 7224 conditions: condConfigs, 7225 fields: fields, 7226 }, 7227 condition: conditions[0], 7228 field: fields[0], 7229 checkFields: checkFields, 7230 tag: tag, 7231 logger: logger, 7232 } 7233 r = rule 7234 case "aclRuleFieldCheckAllowWithErrorLogger": 7235 rule := &aclRuleFieldCheckAllowWithErrorLogger{ 7236 config: &ruleConfig{ 7237 ruleType: "aclRuleFieldCheckAllowWithErrorLogger", 7238 logEnabled: logEnabled, 7239 counterEnabled: counterEnabled, 7240 comment: cfg.Comment, 7241 action: ruleActionAllow, 7242 tag: tag, 7243 logLevel: logLevel, 7244 checkFields: checkFields, 7245 matchAll: true, 7246 conditions: condConfigs, 7247 fields: fields, 7248 }, 7249 condition: conditions[0], 7250 field: fields[0], 7251 checkFields: checkFields, 7252 tag: tag, 7253 logger: logger, 7254 } 7255 r = rule 7256 case "aclRuleFieldCheckAllowWithCounterMatchAnyStop": 7257 rule := &aclRuleFieldCheckAllowWithCounterMatchAnyStop{ 7258 config: &ruleConfig{ 7259 ruleType: "aclRuleFieldCheckAllowWithCounterMatchAnyStop", 7260 logEnabled: logEnabled, 7261 counterEnabled: counterEnabled, 7262 comment: cfg.Comment, 7263 action: ruleActionAllow, 7264 checkFields: checkFields, 7265 conditions: condConfigs, 7266 fields: fields, 7267 }, 7268 conditions: conditions, 7269 fields: fields, 7270 checkFields: checkFields, 7271 } 7272 r = rule 7273 case "aclRuleFieldCheckAllowWithCounterMatchAllStop": 7274 rule := &aclRuleFieldCheckAllowWithCounterMatchAllStop{ 7275 config: &ruleConfig{ 7276 ruleType: "aclRuleFieldCheckAllowWithCounterMatchAllStop", 7277 logEnabled: logEnabled, 7278 counterEnabled: counterEnabled, 7279 comment: cfg.Comment, 7280 action: ruleActionAllow, 7281 checkFields: checkFields, 7282 matchAll: true, 7283 conditions: condConfigs, 7284 fields: fields, 7285 }, 7286 conditions: conditions, 7287 fields: fields, 7288 checkFields: checkFields, 7289 } 7290 r = rule 7291 case "aclRuleFieldCheckAllowWithCounterStop": 7292 rule := &aclRuleFieldCheckAllowWithCounterStop{ 7293 config: &ruleConfig{ 7294 ruleType: "aclRuleFieldCheckAllowWithCounterStop", 7295 logEnabled: logEnabled, 7296 counterEnabled: counterEnabled, 7297 comment: cfg.Comment, 7298 action: ruleActionAllow, 7299 checkFields: checkFields, 7300 matchAll: true, 7301 conditions: condConfigs, 7302 fields: fields, 7303 }, 7304 condition: conditions[0], 7305 field: fields[0], 7306 checkFields: checkFields, 7307 } 7308 r = rule 7309 case "aclRuleFieldCheckAllowWithCounterMatchAny": 7310 rule := &aclRuleFieldCheckAllowWithCounterMatchAny{ 7311 config: &ruleConfig{ 7312 ruleType: "aclRuleFieldCheckAllowWithCounterMatchAny", 7313 logEnabled: logEnabled, 7314 counterEnabled: counterEnabled, 7315 comment: cfg.Comment, 7316 action: ruleActionAllow, 7317 checkFields: checkFields, 7318 conditions: condConfigs, 7319 fields: fields, 7320 }, 7321 conditions: conditions, 7322 fields: fields, 7323 checkFields: checkFields, 7324 } 7325 r = rule 7326 case "aclRuleFieldCheckAllowWithCounterMatchAll": 7327 rule := &aclRuleFieldCheckAllowWithCounterMatchAll{ 7328 config: &ruleConfig{ 7329 ruleType: "aclRuleFieldCheckAllowWithCounterMatchAll", 7330 logEnabled: logEnabled, 7331 counterEnabled: counterEnabled, 7332 comment: cfg.Comment, 7333 action: ruleActionAllow, 7334 checkFields: checkFields, 7335 matchAll: true, 7336 conditions: condConfigs, 7337 fields: fields, 7338 }, 7339 conditions: conditions, 7340 fields: fields, 7341 checkFields: checkFields, 7342 } 7343 r = rule 7344 case "aclRuleFieldCheckAllowWithCounter": 7345 rule := &aclRuleFieldCheckAllowWithCounter{ 7346 config: &ruleConfig{ 7347 ruleType: "aclRuleFieldCheckAllowWithCounter", 7348 logEnabled: logEnabled, 7349 counterEnabled: counterEnabled, 7350 comment: cfg.Comment, 7351 action: ruleActionAllow, 7352 checkFields: checkFields, 7353 matchAll: true, 7354 conditions: condConfigs, 7355 fields: fields, 7356 }, 7357 condition: conditions[0], 7358 field: fields[0], 7359 checkFields: checkFields, 7360 } 7361 r = rule 7362 case "aclRuleFieldCheckAllowWithDebugLoggerCounterMatchAnyStop": 7363 rule := &aclRuleFieldCheckAllowWithDebugLoggerCounterMatchAnyStop{ 7364 config: &ruleConfig{ 7365 ruleType: "aclRuleFieldCheckAllowWithDebugLoggerCounterMatchAnyStop", 7366 logEnabled: logEnabled, 7367 counterEnabled: counterEnabled, 7368 comment: cfg.Comment, 7369 action: ruleActionAllow, 7370 tag: tag, 7371 logLevel: logLevel, 7372 checkFields: checkFields, 7373 conditions: condConfigs, 7374 fields: fields, 7375 }, 7376 conditions: conditions, 7377 fields: fields, 7378 checkFields: checkFields, 7379 tag: tag, 7380 logger: logger, 7381 } 7382 r = rule 7383 case "aclRuleFieldCheckAllowWithInfoLoggerCounterMatchAnyStop": 7384 rule := &aclRuleFieldCheckAllowWithInfoLoggerCounterMatchAnyStop{ 7385 config: &ruleConfig{ 7386 ruleType: "aclRuleFieldCheckAllowWithInfoLoggerCounterMatchAnyStop", 7387 logEnabled: logEnabled, 7388 counterEnabled: counterEnabled, 7389 comment: cfg.Comment, 7390 action: ruleActionAllow, 7391 tag: tag, 7392 logLevel: logLevel, 7393 checkFields: checkFields, 7394 conditions: condConfigs, 7395 fields: fields, 7396 }, 7397 conditions: conditions, 7398 fields: fields, 7399 checkFields: checkFields, 7400 tag: tag, 7401 logger: logger, 7402 } 7403 r = rule 7404 case "aclRuleFieldCheckAllowWithWarnLoggerCounterMatchAnyStop": 7405 rule := &aclRuleFieldCheckAllowWithWarnLoggerCounterMatchAnyStop{ 7406 config: &ruleConfig{ 7407 ruleType: "aclRuleFieldCheckAllowWithWarnLoggerCounterMatchAnyStop", 7408 logEnabled: logEnabled, 7409 counterEnabled: counterEnabled, 7410 comment: cfg.Comment, 7411 action: ruleActionAllow, 7412 tag: tag, 7413 logLevel: logLevel, 7414 checkFields: checkFields, 7415 conditions: condConfigs, 7416 fields: fields, 7417 }, 7418 conditions: conditions, 7419 fields: fields, 7420 checkFields: checkFields, 7421 tag: tag, 7422 logger: logger, 7423 } 7424 r = rule 7425 case "aclRuleFieldCheckAllowWithErrorLoggerCounterMatchAnyStop": 7426 rule := &aclRuleFieldCheckAllowWithErrorLoggerCounterMatchAnyStop{ 7427 config: &ruleConfig{ 7428 ruleType: "aclRuleFieldCheckAllowWithErrorLoggerCounterMatchAnyStop", 7429 logEnabled: logEnabled, 7430 counterEnabled: counterEnabled, 7431 comment: cfg.Comment, 7432 action: ruleActionAllow, 7433 tag: tag, 7434 logLevel: logLevel, 7435 checkFields: checkFields, 7436 conditions: condConfigs, 7437 fields: fields, 7438 }, 7439 conditions: conditions, 7440 fields: fields, 7441 checkFields: checkFields, 7442 tag: tag, 7443 logger: logger, 7444 } 7445 r = rule 7446 case "aclRuleFieldCheckAllowWithDebugLoggerCounterMatchAllStop": 7447 rule := &aclRuleFieldCheckAllowWithDebugLoggerCounterMatchAllStop{ 7448 config: &ruleConfig{ 7449 ruleType: "aclRuleFieldCheckAllowWithDebugLoggerCounterMatchAllStop", 7450 logEnabled: logEnabled, 7451 counterEnabled: counterEnabled, 7452 comment: cfg.Comment, 7453 action: ruleActionAllow, 7454 tag: tag, 7455 logLevel: logLevel, 7456 checkFields: checkFields, 7457 matchAll: true, 7458 conditions: condConfigs, 7459 fields: fields, 7460 }, 7461 conditions: conditions, 7462 fields: fields, 7463 checkFields: checkFields, 7464 tag: tag, 7465 logger: logger, 7466 } 7467 r = rule 7468 case "aclRuleFieldCheckAllowWithInfoLoggerCounterMatchAllStop": 7469 rule := &aclRuleFieldCheckAllowWithInfoLoggerCounterMatchAllStop{ 7470 config: &ruleConfig{ 7471 ruleType: "aclRuleFieldCheckAllowWithInfoLoggerCounterMatchAllStop", 7472 logEnabled: logEnabled, 7473 counterEnabled: counterEnabled, 7474 comment: cfg.Comment, 7475 action: ruleActionAllow, 7476 tag: tag, 7477 logLevel: logLevel, 7478 checkFields: checkFields, 7479 matchAll: true, 7480 conditions: condConfigs, 7481 fields: fields, 7482 }, 7483 conditions: conditions, 7484 fields: fields, 7485 checkFields: checkFields, 7486 tag: tag, 7487 logger: logger, 7488 } 7489 r = rule 7490 case "aclRuleFieldCheckAllowWithWarnLoggerCounterMatchAllStop": 7491 rule := &aclRuleFieldCheckAllowWithWarnLoggerCounterMatchAllStop{ 7492 config: &ruleConfig{ 7493 ruleType: "aclRuleFieldCheckAllowWithWarnLoggerCounterMatchAllStop", 7494 logEnabled: logEnabled, 7495 counterEnabled: counterEnabled, 7496 comment: cfg.Comment, 7497 action: ruleActionAllow, 7498 tag: tag, 7499 logLevel: logLevel, 7500 checkFields: checkFields, 7501 matchAll: true, 7502 conditions: condConfigs, 7503 fields: fields, 7504 }, 7505 conditions: conditions, 7506 fields: fields, 7507 checkFields: checkFields, 7508 tag: tag, 7509 logger: logger, 7510 } 7511 r = rule 7512 case "aclRuleFieldCheckAllowWithErrorLoggerCounterMatchAllStop": 7513 rule := &aclRuleFieldCheckAllowWithErrorLoggerCounterMatchAllStop{ 7514 config: &ruleConfig{ 7515 ruleType: "aclRuleFieldCheckAllowWithErrorLoggerCounterMatchAllStop", 7516 logEnabled: logEnabled, 7517 counterEnabled: counterEnabled, 7518 comment: cfg.Comment, 7519 action: ruleActionAllow, 7520 tag: tag, 7521 logLevel: logLevel, 7522 checkFields: checkFields, 7523 matchAll: true, 7524 conditions: condConfigs, 7525 fields: fields, 7526 }, 7527 conditions: conditions, 7528 fields: fields, 7529 checkFields: checkFields, 7530 tag: tag, 7531 logger: logger, 7532 } 7533 r = rule 7534 case "aclRuleFieldCheckAllowWithDebugLoggerCounterStop": 7535 rule := &aclRuleFieldCheckAllowWithDebugLoggerCounterStop{ 7536 config: &ruleConfig{ 7537 ruleType: "aclRuleFieldCheckAllowWithDebugLoggerCounterStop", 7538 logEnabled: logEnabled, 7539 counterEnabled: counterEnabled, 7540 comment: cfg.Comment, 7541 action: ruleActionAllow, 7542 tag: tag, 7543 logLevel: logLevel, 7544 checkFields: checkFields, 7545 matchAll: true, 7546 conditions: condConfigs, 7547 fields: fields, 7548 }, 7549 condition: conditions[0], 7550 field: fields[0], 7551 checkFields: checkFields, 7552 tag: tag, 7553 logger: logger, 7554 } 7555 r = rule 7556 case "aclRuleFieldCheckAllowWithInfoLoggerCounterStop": 7557 rule := &aclRuleFieldCheckAllowWithInfoLoggerCounterStop{ 7558 config: &ruleConfig{ 7559 ruleType: "aclRuleFieldCheckAllowWithInfoLoggerCounterStop", 7560 logEnabled: logEnabled, 7561 counterEnabled: counterEnabled, 7562 comment: cfg.Comment, 7563 action: ruleActionAllow, 7564 tag: tag, 7565 logLevel: logLevel, 7566 checkFields: checkFields, 7567 matchAll: true, 7568 conditions: condConfigs, 7569 fields: fields, 7570 }, 7571 condition: conditions[0], 7572 field: fields[0], 7573 checkFields: checkFields, 7574 tag: tag, 7575 logger: logger, 7576 } 7577 r = rule 7578 case "aclRuleFieldCheckAllowWithWarnLoggerCounterStop": 7579 rule := &aclRuleFieldCheckAllowWithWarnLoggerCounterStop{ 7580 config: &ruleConfig{ 7581 ruleType: "aclRuleFieldCheckAllowWithWarnLoggerCounterStop", 7582 logEnabled: logEnabled, 7583 counterEnabled: counterEnabled, 7584 comment: cfg.Comment, 7585 action: ruleActionAllow, 7586 tag: tag, 7587 logLevel: logLevel, 7588 checkFields: checkFields, 7589 matchAll: true, 7590 conditions: condConfigs, 7591 fields: fields, 7592 }, 7593 condition: conditions[0], 7594 field: fields[0], 7595 checkFields: checkFields, 7596 tag: tag, 7597 logger: logger, 7598 } 7599 r = rule 7600 case "aclRuleFieldCheckAllowWithErrorLoggerCounterStop": 7601 rule := &aclRuleFieldCheckAllowWithErrorLoggerCounterStop{ 7602 config: &ruleConfig{ 7603 ruleType: "aclRuleFieldCheckAllowWithErrorLoggerCounterStop", 7604 logEnabled: logEnabled, 7605 counterEnabled: counterEnabled, 7606 comment: cfg.Comment, 7607 action: ruleActionAllow, 7608 tag: tag, 7609 logLevel: logLevel, 7610 checkFields: checkFields, 7611 matchAll: true, 7612 conditions: condConfigs, 7613 fields: fields, 7614 }, 7615 condition: conditions[0], 7616 field: fields[0], 7617 checkFields: checkFields, 7618 tag: tag, 7619 logger: logger, 7620 } 7621 r = rule 7622 case "aclRuleFieldCheckAllowWithDebugLoggerCounterMatchAny": 7623 rule := &aclRuleFieldCheckAllowWithDebugLoggerCounterMatchAny{ 7624 config: &ruleConfig{ 7625 ruleType: "aclRuleFieldCheckAllowWithDebugLoggerCounterMatchAny", 7626 logEnabled: logEnabled, 7627 counterEnabled: counterEnabled, 7628 comment: cfg.Comment, 7629 action: ruleActionAllow, 7630 tag: tag, 7631 logLevel: logLevel, 7632 checkFields: checkFields, 7633 conditions: condConfigs, 7634 fields: fields, 7635 }, 7636 conditions: conditions, 7637 fields: fields, 7638 checkFields: checkFields, 7639 tag: tag, 7640 logger: logger, 7641 } 7642 r = rule 7643 case "aclRuleFieldCheckAllowWithInfoLoggerCounterMatchAny": 7644 rule := &aclRuleFieldCheckAllowWithInfoLoggerCounterMatchAny{ 7645 config: &ruleConfig{ 7646 ruleType: "aclRuleFieldCheckAllowWithInfoLoggerCounterMatchAny", 7647 logEnabled: logEnabled, 7648 counterEnabled: counterEnabled, 7649 comment: cfg.Comment, 7650 action: ruleActionAllow, 7651 tag: tag, 7652 logLevel: logLevel, 7653 checkFields: checkFields, 7654 conditions: condConfigs, 7655 fields: fields, 7656 }, 7657 conditions: conditions, 7658 fields: fields, 7659 checkFields: checkFields, 7660 tag: tag, 7661 logger: logger, 7662 } 7663 r = rule 7664 case "aclRuleFieldCheckAllowWithWarnLoggerCounterMatchAny": 7665 rule := &aclRuleFieldCheckAllowWithWarnLoggerCounterMatchAny{ 7666 config: &ruleConfig{ 7667 ruleType: "aclRuleFieldCheckAllowWithWarnLoggerCounterMatchAny", 7668 logEnabled: logEnabled, 7669 counterEnabled: counterEnabled, 7670 comment: cfg.Comment, 7671 action: ruleActionAllow, 7672 tag: tag, 7673 logLevel: logLevel, 7674 checkFields: checkFields, 7675 conditions: condConfigs, 7676 fields: fields, 7677 }, 7678 conditions: conditions, 7679 fields: fields, 7680 checkFields: checkFields, 7681 tag: tag, 7682 logger: logger, 7683 } 7684 r = rule 7685 case "aclRuleFieldCheckAllowWithErrorLoggerCounterMatchAny": 7686 rule := &aclRuleFieldCheckAllowWithErrorLoggerCounterMatchAny{ 7687 config: &ruleConfig{ 7688 ruleType: "aclRuleFieldCheckAllowWithErrorLoggerCounterMatchAny", 7689 logEnabled: logEnabled, 7690 counterEnabled: counterEnabled, 7691 comment: cfg.Comment, 7692 action: ruleActionAllow, 7693 tag: tag, 7694 logLevel: logLevel, 7695 checkFields: checkFields, 7696 conditions: condConfigs, 7697 fields: fields, 7698 }, 7699 conditions: conditions, 7700 fields: fields, 7701 checkFields: checkFields, 7702 tag: tag, 7703 logger: logger, 7704 } 7705 r = rule 7706 case "aclRuleFieldCheckAllowWithDebugLoggerCounterMatchAll": 7707 rule := &aclRuleFieldCheckAllowWithDebugLoggerCounterMatchAll{ 7708 config: &ruleConfig{ 7709 ruleType: "aclRuleFieldCheckAllowWithDebugLoggerCounterMatchAll", 7710 logEnabled: logEnabled, 7711 counterEnabled: counterEnabled, 7712 comment: cfg.Comment, 7713 action: ruleActionAllow, 7714 tag: tag, 7715 logLevel: logLevel, 7716 checkFields: checkFields, 7717 matchAll: true, 7718 conditions: condConfigs, 7719 fields: fields, 7720 }, 7721 conditions: conditions, 7722 fields: fields, 7723 checkFields: checkFields, 7724 tag: tag, 7725 logger: logger, 7726 } 7727 r = rule 7728 case "aclRuleFieldCheckAllowWithInfoLoggerCounterMatchAll": 7729 rule := &aclRuleFieldCheckAllowWithInfoLoggerCounterMatchAll{ 7730 config: &ruleConfig{ 7731 ruleType: "aclRuleFieldCheckAllowWithInfoLoggerCounterMatchAll", 7732 logEnabled: logEnabled, 7733 counterEnabled: counterEnabled, 7734 comment: cfg.Comment, 7735 action: ruleActionAllow, 7736 tag: tag, 7737 logLevel: logLevel, 7738 checkFields: checkFields, 7739 matchAll: true, 7740 conditions: condConfigs, 7741 fields: fields, 7742 }, 7743 conditions: conditions, 7744 fields: fields, 7745 checkFields: checkFields, 7746 tag: tag, 7747 logger: logger, 7748 } 7749 r = rule 7750 case "aclRuleFieldCheckAllowWithWarnLoggerCounterMatchAll": 7751 rule := &aclRuleFieldCheckAllowWithWarnLoggerCounterMatchAll{ 7752 config: &ruleConfig{ 7753 ruleType: "aclRuleFieldCheckAllowWithWarnLoggerCounterMatchAll", 7754 logEnabled: logEnabled, 7755 counterEnabled: counterEnabled, 7756 comment: cfg.Comment, 7757 action: ruleActionAllow, 7758 tag: tag, 7759 logLevel: logLevel, 7760 checkFields: checkFields, 7761 matchAll: true, 7762 conditions: condConfigs, 7763 fields: fields, 7764 }, 7765 conditions: conditions, 7766 fields: fields, 7767 checkFields: checkFields, 7768 tag: tag, 7769 logger: logger, 7770 } 7771 r = rule 7772 case "aclRuleFieldCheckAllowWithErrorLoggerCounterMatchAll": 7773 rule := &aclRuleFieldCheckAllowWithErrorLoggerCounterMatchAll{ 7774 config: &ruleConfig{ 7775 ruleType: "aclRuleFieldCheckAllowWithErrorLoggerCounterMatchAll", 7776 logEnabled: logEnabled, 7777 counterEnabled: counterEnabled, 7778 comment: cfg.Comment, 7779 action: ruleActionAllow, 7780 tag: tag, 7781 logLevel: logLevel, 7782 checkFields: checkFields, 7783 matchAll: true, 7784 conditions: condConfigs, 7785 fields: fields, 7786 }, 7787 conditions: conditions, 7788 fields: fields, 7789 checkFields: checkFields, 7790 tag: tag, 7791 logger: logger, 7792 } 7793 r = rule 7794 case "aclRuleFieldCheckAllowWithDebugLoggerCounter": 7795 rule := &aclRuleFieldCheckAllowWithDebugLoggerCounter{ 7796 config: &ruleConfig{ 7797 ruleType: "aclRuleFieldCheckAllowWithDebugLoggerCounter", 7798 logEnabled: logEnabled, 7799 counterEnabled: counterEnabled, 7800 comment: cfg.Comment, 7801 action: ruleActionAllow, 7802 tag: tag, 7803 logLevel: logLevel, 7804 checkFields: checkFields, 7805 matchAll: true, 7806 conditions: condConfigs, 7807 fields: fields, 7808 }, 7809 condition: conditions[0], 7810 field: fields[0], 7811 checkFields: checkFields, 7812 tag: tag, 7813 logger: logger, 7814 } 7815 r = rule 7816 case "aclRuleFieldCheckAllowWithInfoLoggerCounter": 7817 rule := &aclRuleFieldCheckAllowWithInfoLoggerCounter{ 7818 config: &ruleConfig{ 7819 ruleType: "aclRuleFieldCheckAllowWithInfoLoggerCounter", 7820 logEnabled: logEnabled, 7821 counterEnabled: counterEnabled, 7822 comment: cfg.Comment, 7823 action: ruleActionAllow, 7824 tag: tag, 7825 logLevel: logLevel, 7826 checkFields: checkFields, 7827 matchAll: true, 7828 conditions: condConfigs, 7829 fields: fields, 7830 }, 7831 condition: conditions[0], 7832 field: fields[0], 7833 checkFields: checkFields, 7834 tag: tag, 7835 logger: logger, 7836 } 7837 r = rule 7838 case "aclRuleFieldCheckAllowWithWarnLoggerCounter": 7839 rule := &aclRuleFieldCheckAllowWithWarnLoggerCounter{ 7840 config: &ruleConfig{ 7841 ruleType: "aclRuleFieldCheckAllowWithWarnLoggerCounter", 7842 logEnabled: logEnabled, 7843 counterEnabled: counterEnabled, 7844 comment: cfg.Comment, 7845 action: ruleActionAllow, 7846 tag: tag, 7847 logLevel: logLevel, 7848 checkFields: checkFields, 7849 matchAll: true, 7850 conditions: condConfigs, 7851 fields: fields, 7852 }, 7853 condition: conditions[0], 7854 field: fields[0], 7855 checkFields: checkFields, 7856 tag: tag, 7857 logger: logger, 7858 } 7859 r = rule 7860 case "aclRuleFieldCheckAllowWithErrorLoggerCounter": 7861 rule := &aclRuleFieldCheckAllowWithErrorLoggerCounter{ 7862 config: &ruleConfig{ 7863 ruleType: "aclRuleFieldCheckAllowWithErrorLoggerCounter", 7864 logEnabled: logEnabled, 7865 counterEnabled: counterEnabled, 7866 comment: cfg.Comment, 7867 action: ruleActionAllow, 7868 tag: tag, 7869 logLevel: logLevel, 7870 checkFields: checkFields, 7871 matchAll: true, 7872 conditions: condConfigs, 7873 fields: fields, 7874 }, 7875 condition: conditions[0], 7876 field: fields[0], 7877 checkFields: checkFields, 7878 tag: tag, 7879 logger: logger, 7880 } 7881 r = rule 7882 case "aclRuleFieldCheckDenyMatchAnyStop": 7883 rule := &aclRuleFieldCheckDenyMatchAnyStop{ 7884 config: &ruleConfig{ 7885 ruleType: "aclRuleFieldCheckDenyMatchAnyStop", 7886 logEnabled: logEnabled, 7887 counterEnabled: counterEnabled, 7888 comment: cfg.Comment, 7889 action: ruleActionDeny, 7890 checkFields: checkFields, 7891 conditions: condConfigs, 7892 fields: fields, 7893 }, 7894 conditions: conditions, 7895 fields: fields, 7896 checkFields: checkFields, 7897 } 7898 r = rule 7899 case "aclRuleFieldCheckDenyMatchAllStop": 7900 rule := &aclRuleFieldCheckDenyMatchAllStop{ 7901 config: &ruleConfig{ 7902 ruleType: "aclRuleFieldCheckDenyMatchAllStop", 7903 logEnabled: logEnabled, 7904 counterEnabled: counterEnabled, 7905 comment: cfg.Comment, 7906 action: ruleActionDeny, 7907 checkFields: checkFields, 7908 matchAll: true, 7909 conditions: condConfigs, 7910 fields: fields, 7911 }, 7912 conditions: conditions, 7913 fields: fields, 7914 checkFields: checkFields, 7915 } 7916 r = rule 7917 case "aclRuleFieldCheckDenyStop": 7918 rule := &aclRuleFieldCheckDenyStop{ 7919 config: &ruleConfig{ 7920 ruleType: "aclRuleFieldCheckDenyStop", 7921 logEnabled: logEnabled, 7922 counterEnabled: counterEnabled, 7923 comment: cfg.Comment, 7924 action: ruleActionDeny, 7925 checkFields: checkFields, 7926 matchAll: true, 7927 conditions: condConfigs, 7928 fields: fields, 7929 }, 7930 condition: conditions[0], 7931 field: fields[0], 7932 checkFields: checkFields, 7933 } 7934 r = rule 7935 case "aclRuleFieldCheckDenyMatchAny": 7936 rule := &aclRuleFieldCheckDenyMatchAny{ 7937 config: &ruleConfig{ 7938 ruleType: "aclRuleFieldCheckDenyMatchAny", 7939 logEnabled: logEnabled, 7940 counterEnabled: counterEnabled, 7941 comment: cfg.Comment, 7942 action: ruleActionDeny, 7943 checkFields: checkFields, 7944 conditions: condConfigs, 7945 fields: fields, 7946 }, 7947 conditions: conditions, 7948 fields: fields, 7949 checkFields: checkFields, 7950 } 7951 r = rule 7952 case "aclRuleFieldCheckDenyMatchAll": 7953 rule := &aclRuleFieldCheckDenyMatchAll{ 7954 config: &ruleConfig{ 7955 ruleType: "aclRuleFieldCheckDenyMatchAll", 7956 logEnabled: logEnabled, 7957 counterEnabled: counterEnabled, 7958 comment: cfg.Comment, 7959 action: ruleActionDeny, 7960 checkFields: checkFields, 7961 matchAll: true, 7962 conditions: condConfigs, 7963 fields: fields, 7964 }, 7965 conditions: conditions, 7966 fields: fields, 7967 checkFields: checkFields, 7968 } 7969 r = rule 7970 case "aclRuleFieldCheckDeny": 7971 rule := &aclRuleFieldCheckDeny{ 7972 config: &ruleConfig{ 7973 ruleType: "aclRuleFieldCheckDeny", 7974 logEnabled: logEnabled, 7975 counterEnabled: counterEnabled, 7976 comment: cfg.Comment, 7977 action: ruleActionDeny, 7978 checkFields: checkFields, 7979 matchAll: true, 7980 conditions: condConfigs, 7981 fields: fields, 7982 }, 7983 condition: conditions[0], 7984 field: fields[0], 7985 checkFields: checkFields, 7986 } 7987 r = rule 7988 case "aclRuleFieldCheckDenyWithDebugLoggerMatchAnyStop": 7989 rule := &aclRuleFieldCheckDenyWithDebugLoggerMatchAnyStop{ 7990 config: &ruleConfig{ 7991 ruleType: "aclRuleFieldCheckDenyWithDebugLoggerMatchAnyStop", 7992 logEnabled: logEnabled, 7993 counterEnabled: counterEnabled, 7994 comment: cfg.Comment, 7995 action: ruleActionDeny, 7996 tag: tag, 7997 logLevel: logLevel, 7998 checkFields: checkFields, 7999 conditions: condConfigs, 8000 fields: fields, 8001 }, 8002 conditions: conditions, 8003 fields: fields, 8004 checkFields: checkFields, 8005 tag: tag, 8006 logger: logger, 8007 } 8008 r = rule 8009 case "aclRuleFieldCheckDenyWithInfoLoggerMatchAnyStop": 8010 rule := &aclRuleFieldCheckDenyWithInfoLoggerMatchAnyStop{ 8011 config: &ruleConfig{ 8012 ruleType: "aclRuleFieldCheckDenyWithInfoLoggerMatchAnyStop", 8013 logEnabled: logEnabled, 8014 counterEnabled: counterEnabled, 8015 comment: cfg.Comment, 8016 action: ruleActionDeny, 8017 tag: tag, 8018 logLevel: logLevel, 8019 checkFields: checkFields, 8020 conditions: condConfigs, 8021 fields: fields, 8022 }, 8023 conditions: conditions, 8024 fields: fields, 8025 checkFields: checkFields, 8026 tag: tag, 8027 logger: logger, 8028 } 8029 r = rule 8030 case "aclRuleFieldCheckDenyWithWarnLoggerMatchAnyStop": 8031 rule := &aclRuleFieldCheckDenyWithWarnLoggerMatchAnyStop{ 8032 config: &ruleConfig{ 8033 ruleType: "aclRuleFieldCheckDenyWithWarnLoggerMatchAnyStop", 8034 logEnabled: logEnabled, 8035 counterEnabled: counterEnabled, 8036 comment: cfg.Comment, 8037 action: ruleActionDeny, 8038 tag: tag, 8039 logLevel: logLevel, 8040 checkFields: checkFields, 8041 conditions: condConfigs, 8042 fields: fields, 8043 }, 8044 conditions: conditions, 8045 fields: fields, 8046 checkFields: checkFields, 8047 tag: tag, 8048 logger: logger, 8049 } 8050 r = rule 8051 case "aclRuleFieldCheckDenyWithErrorLoggerMatchAnyStop": 8052 rule := &aclRuleFieldCheckDenyWithErrorLoggerMatchAnyStop{ 8053 config: &ruleConfig{ 8054 ruleType: "aclRuleFieldCheckDenyWithErrorLoggerMatchAnyStop", 8055 logEnabled: logEnabled, 8056 counterEnabled: counterEnabled, 8057 comment: cfg.Comment, 8058 action: ruleActionDeny, 8059 tag: tag, 8060 logLevel: logLevel, 8061 checkFields: checkFields, 8062 conditions: condConfigs, 8063 fields: fields, 8064 }, 8065 conditions: conditions, 8066 fields: fields, 8067 checkFields: checkFields, 8068 tag: tag, 8069 logger: logger, 8070 } 8071 r = rule 8072 case "aclRuleFieldCheckDenyWithDebugLoggerMatchAllStop": 8073 rule := &aclRuleFieldCheckDenyWithDebugLoggerMatchAllStop{ 8074 config: &ruleConfig{ 8075 ruleType: "aclRuleFieldCheckDenyWithDebugLoggerMatchAllStop", 8076 logEnabled: logEnabled, 8077 counterEnabled: counterEnabled, 8078 comment: cfg.Comment, 8079 action: ruleActionDeny, 8080 tag: tag, 8081 logLevel: logLevel, 8082 checkFields: checkFields, 8083 matchAll: true, 8084 conditions: condConfigs, 8085 fields: fields, 8086 }, 8087 conditions: conditions, 8088 fields: fields, 8089 checkFields: checkFields, 8090 tag: tag, 8091 logger: logger, 8092 } 8093 r = rule 8094 case "aclRuleFieldCheckDenyWithInfoLoggerMatchAllStop": 8095 rule := &aclRuleFieldCheckDenyWithInfoLoggerMatchAllStop{ 8096 config: &ruleConfig{ 8097 ruleType: "aclRuleFieldCheckDenyWithInfoLoggerMatchAllStop", 8098 logEnabled: logEnabled, 8099 counterEnabled: counterEnabled, 8100 comment: cfg.Comment, 8101 action: ruleActionDeny, 8102 tag: tag, 8103 logLevel: logLevel, 8104 checkFields: checkFields, 8105 matchAll: true, 8106 conditions: condConfigs, 8107 fields: fields, 8108 }, 8109 conditions: conditions, 8110 fields: fields, 8111 checkFields: checkFields, 8112 tag: tag, 8113 logger: logger, 8114 } 8115 r = rule 8116 case "aclRuleFieldCheckDenyWithWarnLoggerMatchAllStop": 8117 rule := &aclRuleFieldCheckDenyWithWarnLoggerMatchAllStop{ 8118 config: &ruleConfig{ 8119 ruleType: "aclRuleFieldCheckDenyWithWarnLoggerMatchAllStop", 8120 logEnabled: logEnabled, 8121 counterEnabled: counterEnabled, 8122 comment: cfg.Comment, 8123 action: ruleActionDeny, 8124 tag: tag, 8125 logLevel: logLevel, 8126 checkFields: checkFields, 8127 matchAll: true, 8128 conditions: condConfigs, 8129 fields: fields, 8130 }, 8131 conditions: conditions, 8132 fields: fields, 8133 checkFields: checkFields, 8134 tag: tag, 8135 logger: logger, 8136 } 8137 r = rule 8138 case "aclRuleFieldCheckDenyWithErrorLoggerMatchAllStop": 8139 rule := &aclRuleFieldCheckDenyWithErrorLoggerMatchAllStop{ 8140 config: &ruleConfig{ 8141 ruleType: "aclRuleFieldCheckDenyWithErrorLoggerMatchAllStop", 8142 logEnabled: logEnabled, 8143 counterEnabled: counterEnabled, 8144 comment: cfg.Comment, 8145 action: ruleActionDeny, 8146 tag: tag, 8147 logLevel: logLevel, 8148 checkFields: checkFields, 8149 matchAll: true, 8150 conditions: condConfigs, 8151 fields: fields, 8152 }, 8153 conditions: conditions, 8154 fields: fields, 8155 checkFields: checkFields, 8156 tag: tag, 8157 logger: logger, 8158 } 8159 r = rule 8160 case "aclRuleFieldCheckDenyWithDebugLoggerStop": 8161 rule := &aclRuleFieldCheckDenyWithDebugLoggerStop{ 8162 config: &ruleConfig{ 8163 ruleType: "aclRuleFieldCheckDenyWithDebugLoggerStop", 8164 logEnabled: logEnabled, 8165 counterEnabled: counterEnabled, 8166 comment: cfg.Comment, 8167 action: ruleActionDeny, 8168 tag: tag, 8169 logLevel: logLevel, 8170 checkFields: checkFields, 8171 matchAll: true, 8172 conditions: condConfigs, 8173 fields: fields, 8174 }, 8175 condition: conditions[0], 8176 field: fields[0], 8177 checkFields: checkFields, 8178 tag: tag, 8179 logger: logger, 8180 } 8181 r = rule 8182 case "aclRuleFieldCheckDenyWithInfoLoggerStop": 8183 rule := &aclRuleFieldCheckDenyWithInfoLoggerStop{ 8184 config: &ruleConfig{ 8185 ruleType: "aclRuleFieldCheckDenyWithInfoLoggerStop", 8186 logEnabled: logEnabled, 8187 counterEnabled: counterEnabled, 8188 comment: cfg.Comment, 8189 action: ruleActionDeny, 8190 tag: tag, 8191 logLevel: logLevel, 8192 checkFields: checkFields, 8193 matchAll: true, 8194 conditions: condConfigs, 8195 fields: fields, 8196 }, 8197 condition: conditions[0], 8198 field: fields[0], 8199 checkFields: checkFields, 8200 tag: tag, 8201 logger: logger, 8202 } 8203 r = rule 8204 case "aclRuleFieldCheckDenyWithWarnLoggerStop": 8205 rule := &aclRuleFieldCheckDenyWithWarnLoggerStop{ 8206 config: &ruleConfig{ 8207 ruleType: "aclRuleFieldCheckDenyWithWarnLoggerStop", 8208 logEnabled: logEnabled, 8209 counterEnabled: counterEnabled, 8210 comment: cfg.Comment, 8211 action: ruleActionDeny, 8212 tag: tag, 8213 logLevel: logLevel, 8214 checkFields: checkFields, 8215 matchAll: true, 8216 conditions: condConfigs, 8217 fields: fields, 8218 }, 8219 condition: conditions[0], 8220 field: fields[0], 8221 checkFields: checkFields, 8222 tag: tag, 8223 logger: logger, 8224 } 8225 r = rule 8226 case "aclRuleFieldCheckDenyWithErrorLoggerStop": 8227 rule := &aclRuleFieldCheckDenyWithErrorLoggerStop{ 8228 config: &ruleConfig{ 8229 ruleType: "aclRuleFieldCheckDenyWithErrorLoggerStop", 8230 logEnabled: logEnabled, 8231 counterEnabled: counterEnabled, 8232 comment: cfg.Comment, 8233 action: ruleActionDeny, 8234 tag: tag, 8235 logLevel: logLevel, 8236 checkFields: checkFields, 8237 matchAll: true, 8238 conditions: condConfigs, 8239 fields: fields, 8240 }, 8241 condition: conditions[0], 8242 field: fields[0], 8243 checkFields: checkFields, 8244 tag: tag, 8245 logger: logger, 8246 } 8247 r = rule 8248 case "aclRuleFieldCheckDenyWithDebugLoggerMatchAny": 8249 rule := &aclRuleFieldCheckDenyWithDebugLoggerMatchAny{ 8250 config: &ruleConfig{ 8251 ruleType: "aclRuleFieldCheckDenyWithDebugLoggerMatchAny", 8252 logEnabled: logEnabled, 8253 counterEnabled: counterEnabled, 8254 comment: cfg.Comment, 8255 action: ruleActionDeny, 8256 tag: tag, 8257 logLevel: logLevel, 8258 checkFields: checkFields, 8259 conditions: condConfigs, 8260 fields: fields, 8261 }, 8262 conditions: conditions, 8263 fields: fields, 8264 checkFields: checkFields, 8265 tag: tag, 8266 logger: logger, 8267 } 8268 r = rule 8269 case "aclRuleFieldCheckDenyWithInfoLoggerMatchAny": 8270 rule := &aclRuleFieldCheckDenyWithInfoLoggerMatchAny{ 8271 config: &ruleConfig{ 8272 ruleType: "aclRuleFieldCheckDenyWithInfoLoggerMatchAny", 8273 logEnabled: logEnabled, 8274 counterEnabled: counterEnabled, 8275 comment: cfg.Comment, 8276 action: ruleActionDeny, 8277 tag: tag, 8278 logLevel: logLevel, 8279 checkFields: checkFields, 8280 conditions: condConfigs, 8281 fields: fields, 8282 }, 8283 conditions: conditions, 8284 fields: fields, 8285 checkFields: checkFields, 8286 tag: tag, 8287 logger: logger, 8288 } 8289 r = rule 8290 case "aclRuleFieldCheckDenyWithWarnLoggerMatchAny": 8291 rule := &aclRuleFieldCheckDenyWithWarnLoggerMatchAny{ 8292 config: &ruleConfig{ 8293 ruleType: "aclRuleFieldCheckDenyWithWarnLoggerMatchAny", 8294 logEnabled: logEnabled, 8295 counterEnabled: counterEnabled, 8296 comment: cfg.Comment, 8297 action: ruleActionDeny, 8298 tag: tag, 8299 logLevel: logLevel, 8300 checkFields: checkFields, 8301 conditions: condConfigs, 8302 fields: fields, 8303 }, 8304 conditions: conditions, 8305 fields: fields, 8306 checkFields: checkFields, 8307 tag: tag, 8308 logger: logger, 8309 } 8310 r = rule 8311 case "aclRuleFieldCheckDenyWithErrorLoggerMatchAny": 8312 rule := &aclRuleFieldCheckDenyWithErrorLoggerMatchAny{ 8313 config: &ruleConfig{ 8314 ruleType: "aclRuleFieldCheckDenyWithErrorLoggerMatchAny", 8315 logEnabled: logEnabled, 8316 counterEnabled: counterEnabled, 8317 comment: cfg.Comment, 8318 action: ruleActionDeny, 8319 tag: tag, 8320 logLevel: logLevel, 8321 checkFields: checkFields, 8322 conditions: condConfigs, 8323 fields: fields, 8324 }, 8325 conditions: conditions, 8326 fields: fields, 8327 checkFields: checkFields, 8328 tag: tag, 8329 logger: logger, 8330 } 8331 r = rule 8332 case "aclRuleFieldCheckDenyWithDebugLoggerMatchAll": 8333 rule := &aclRuleFieldCheckDenyWithDebugLoggerMatchAll{ 8334 config: &ruleConfig{ 8335 ruleType: "aclRuleFieldCheckDenyWithDebugLoggerMatchAll", 8336 logEnabled: logEnabled, 8337 counterEnabled: counterEnabled, 8338 comment: cfg.Comment, 8339 action: ruleActionDeny, 8340 tag: tag, 8341 logLevel: logLevel, 8342 checkFields: checkFields, 8343 matchAll: true, 8344 conditions: condConfigs, 8345 fields: fields, 8346 }, 8347 conditions: conditions, 8348 fields: fields, 8349 checkFields: checkFields, 8350 tag: tag, 8351 logger: logger, 8352 } 8353 r = rule 8354 case "aclRuleFieldCheckDenyWithInfoLoggerMatchAll": 8355 rule := &aclRuleFieldCheckDenyWithInfoLoggerMatchAll{ 8356 config: &ruleConfig{ 8357 ruleType: "aclRuleFieldCheckDenyWithInfoLoggerMatchAll", 8358 logEnabled: logEnabled, 8359 counterEnabled: counterEnabled, 8360 comment: cfg.Comment, 8361 action: ruleActionDeny, 8362 tag: tag, 8363 logLevel: logLevel, 8364 checkFields: checkFields, 8365 matchAll: true, 8366 conditions: condConfigs, 8367 fields: fields, 8368 }, 8369 conditions: conditions, 8370 fields: fields, 8371 checkFields: checkFields, 8372 tag: tag, 8373 logger: logger, 8374 } 8375 r = rule 8376 case "aclRuleFieldCheckDenyWithWarnLoggerMatchAll": 8377 rule := &aclRuleFieldCheckDenyWithWarnLoggerMatchAll{ 8378 config: &ruleConfig{ 8379 ruleType: "aclRuleFieldCheckDenyWithWarnLoggerMatchAll", 8380 logEnabled: logEnabled, 8381 counterEnabled: counterEnabled, 8382 comment: cfg.Comment, 8383 action: ruleActionDeny, 8384 tag: tag, 8385 logLevel: logLevel, 8386 checkFields: checkFields, 8387 matchAll: true, 8388 conditions: condConfigs, 8389 fields: fields, 8390 }, 8391 conditions: conditions, 8392 fields: fields, 8393 checkFields: checkFields, 8394 tag: tag, 8395 logger: logger, 8396 } 8397 r = rule 8398 case "aclRuleFieldCheckDenyWithErrorLoggerMatchAll": 8399 rule := &aclRuleFieldCheckDenyWithErrorLoggerMatchAll{ 8400 config: &ruleConfig{ 8401 ruleType: "aclRuleFieldCheckDenyWithErrorLoggerMatchAll", 8402 logEnabled: logEnabled, 8403 counterEnabled: counterEnabled, 8404 comment: cfg.Comment, 8405 action: ruleActionDeny, 8406 tag: tag, 8407 logLevel: logLevel, 8408 checkFields: checkFields, 8409 matchAll: true, 8410 conditions: condConfigs, 8411 fields: fields, 8412 }, 8413 conditions: conditions, 8414 fields: fields, 8415 checkFields: checkFields, 8416 tag: tag, 8417 logger: logger, 8418 } 8419 r = rule 8420 case "aclRuleFieldCheckDenyWithDebugLogger": 8421 rule := &aclRuleFieldCheckDenyWithDebugLogger{ 8422 config: &ruleConfig{ 8423 ruleType: "aclRuleFieldCheckDenyWithDebugLogger", 8424 logEnabled: logEnabled, 8425 counterEnabled: counterEnabled, 8426 comment: cfg.Comment, 8427 action: ruleActionDeny, 8428 tag: tag, 8429 logLevel: logLevel, 8430 checkFields: checkFields, 8431 matchAll: true, 8432 conditions: condConfigs, 8433 fields: fields, 8434 }, 8435 condition: conditions[0], 8436 field: fields[0], 8437 checkFields: checkFields, 8438 tag: tag, 8439 logger: logger, 8440 } 8441 r = rule 8442 case "aclRuleFieldCheckDenyWithInfoLogger": 8443 rule := &aclRuleFieldCheckDenyWithInfoLogger{ 8444 config: &ruleConfig{ 8445 ruleType: "aclRuleFieldCheckDenyWithInfoLogger", 8446 logEnabled: logEnabled, 8447 counterEnabled: counterEnabled, 8448 comment: cfg.Comment, 8449 action: ruleActionDeny, 8450 tag: tag, 8451 logLevel: logLevel, 8452 checkFields: checkFields, 8453 matchAll: true, 8454 conditions: condConfigs, 8455 fields: fields, 8456 }, 8457 condition: conditions[0], 8458 field: fields[0], 8459 checkFields: checkFields, 8460 tag: tag, 8461 logger: logger, 8462 } 8463 r = rule 8464 case "aclRuleFieldCheckDenyWithWarnLogger": 8465 rule := &aclRuleFieldCheckDenyWithWarnLogger{ 8466 config: &ruleConfig{ 8467 ruleType: "aclRuleFieldCheckDenyWithWarnLogger", 8468 logEnabled: logEnabled, 8469 counterEnabled: counterEnabled, 8470 comment: cfg.Comment, 8471 action: ruleActionDeny, 8472 tag: tag, 8473 logLevel: logLevel, 8474 checkFields: checkFields, 8475 matchAll: true, 8476 conditions: condConfigs, 8477 fields: fields, 8478 }, 8479 condition: conditions[0], 8480 field: fields[0], 8481 checkFields: checkFields, 8482 tag: tag, 8483 logger: logger, 8484 } 8485 r = rule 8486 case "aclRuleFieldCheckDenyWithErrorLogger": 8487 rule := &aclRuleFieldCheckDenyWithErrorLogger{ 8488 config: &ruleConfig{ 8489 ruleType: "aclRuleFieldCheckDenyWithErrorLogger", 8490 logEnabled: logEnabled, 8491 counterEnabled: counterEnabled, 8492 comment: cfg.Comment, 8493 action: ruleActionDeny, 8494 tag: tag, 8495 logLevel: logLevel, 8496 checkFields: checkFields, 8497 matchAll: true, 8498 conditions: condConfigs, 8499 fields: fields, 8500 }, 8501 condition: conditions[0], 8502 field: fields[0], 8503 checkFields: checkFields, 8504 tag: tag, 8505 logger: logger, 8506 } 8507 r = rule 8508 case "aclRuleFieldCheckDenyWithCounterMatchAnyStop": 8509 rule := &aclRuleFieldCheckDenyWithCounterMatchAnyStop{ 8510 config: &ruleConfig{ 8511 ruleType: "aclRuleFieldCheckDenyWithCounterMatchAnyStop", 8512 logEnabled: logEnabled, 8513 counterEnabled: counterEnabled, 8514 comment: cfg.Comment, 8515 action: ruleActionDeny, 8516 checkFields: checkFields, 8517 conditions: condConfigs, 8518 fields: fields, 8519 }, 8520 conditions: conditions, 8521 fields: fields, 8522 checkFields: checkFields, 8523 } 8524 r = rule 8525 case "aclRuleFieldCheckDenyWithCounterMatchAllStop": 8526 rule := &aclRuleFieldCheckDenyWithCounterMatchAllStop{ 8527 config: &ruleConfig{ 8528 ruleType: "aclRuleFieldCheckDenyWithCounterMatchAllStop", 8529 logEnabled: logEnabled, 8530 counterEnabled: counterEnabled, 8531 comment: cfg.Comment, 8532 action: ruleActionDeny, 8533 checkFields: checkFields, 8534 matchAll: true, 8535 conditions: condConfigs, 8536 fields: fields, 8537 }, 8538 conditions: conditions, 8539 fields: fields, 8540 checkFields: checkFields, 8541 } 8542 r = rule 8543 case "aclRuleFieldCheckDenyWithCounterStop": 8544 rule := &aclRuleFieldCheckDenyWithCounterStop{ 8545 config: &ruleConfig{ 8546 ruleType: "aclRuleFieldCheckDenyWithCounterStop", 8547 logEnabled: logEnabled, 8548 counterEnabled: counterEnabled, 8549 comment: cfg.Comment, 8550 action: ruleActionDeny, 8551 checkFields: checkFields, 8552 matchAll: true, 8553 conditions: condConfigs, 8554 fields: fields, 8555 }, 8556 condition: conditions[0], 8557 field: fields[0], 8558 checkFields: checkFields, 8559 } 8560 r = rule 8561 case "aclRuleFieldCheckDenyWithCounterMatchAny": 8562 rule := &aclRuleFieldCheckDenyWithCounterMatchAny{ 8563 config: &ruleConfig{ 8564 ruleType: "aclRuleFieldCheckDenyWithCounterMatchAny", 8565 logEnabled: logEnabled, 8566 counterEnabled: counterEnabled, 8567 comment: cfg.Comment, 8568 action: ruleActionDeny, 8569 checkFields: checkFields, 8570 conditions: condConfigs, 8571 fields: fields, 8572 }, 8573 conditions: conditions, 8574 fields: fields, 8575 checkFields: checkFields, 8576 } 8577 r = rule 8578 case "aclRuleFieldCheckDenyWithCounterMatchAll": 8579 rule := &aclRuleFieldCheckDenyWithCounterMatchAll{ 8580 config: &ruleConfig{ 8581 ruleType: "aclRuleFieldCheckDenyWithCounterMatchAll", 8582 logEnabled: logEnabled, 8583 counterEnabled: counterEnabled, 8584 comment: cfg.Comment, 8585 action: ruleActionDeny, 8586 checkFields: checkFields, 8587 matchAll: true, 8588 conditions: condConfigs, 8589 fields: fields, 8590 }, 8591 conditions: conditions, 8592 fields: fields, 8593 checkFields: checkFields, 8594 } 8595 r = rule 8596 case "aclRuleFieldCheckDenyWithCounter": 8597 rule := &aclRuleFieldCheckDenyWithCounter{ 8598 config: &ruleConfig{ 8599 ruleType: "aclRuleFieldCheckDenyWithCounter", 8600 logEnabled: logEnabled, 8601 counterEnabled: counterEnabled, 8602 comment: cfg.Comment, 8603 action: ruleActionDeny, 8604 checkFields: checkFields, 8605 matchAll: true, 8606 conditions: condConfigs, 8607 fields: fields, 8608 }, 8609 condition: conditions[0], 8610 field: fields[0], 8611 checkFields: checkFields, 8612 } 8613 r = rule 8614 case "aclRuleFieldCheckDenyWithDebugLoggerCounterMatchAnyStop": 8615 rule := &aclRuleFieldCheckDenyWithDebugLoggerCounterMatchAnyStop{ 8616 config: &ruleConfig{ 8617 ruleType: "aclRuleFieldCheckDenyWithDebugLoggerCounterMatchAnyStop", 8618 logEnabled: logEnabled, 8619 counterEnabled: counterEnabled, 8620 comment: cfg.Comment, 8621 action: ruleActionDeny, 8622 tag: tag, 8623 logLevel: logLevel, 8624 checkFields: checkFields, 8625 conditions: condConfigs, 8626 fields: fields, 8627 }, 8628 conditions: conditions, 8629 fields: fields, 8630 checkFields: checkFields, 8631 tag: tag, 8632 logger: logger, 8633 } 8634 r = rule 8635 case "aclRuleFieldCheckDenyWithInfoLoggerCounterMatchAnyStop": 8636 rule := &aclRuleFieldCheckDenyWithInfoLoggerCounterMatchAnyStop{ 8637 config: &ruleConfig{ 8638 ruleType: "aclRuleFieldCheckDenyWithInfoLoggerCounterMatchAnyStop", 8639 logEnabled: logEnabled, 8640 counterEnabled: counterEnabled, 8641 comment: cfg.Comment, 8642 action: ruleActionDeny, 8643 tag: tag, 8644 logLevel: logLevel, 8645 checkFields: checkFields, 8646 conditions: condConfigs, 8647 fields: fields, 8648 }, 8649 conditions: conditions, 8650 fields: fields, 8651 checkFields: checkFields, 8652 tag: tag, 8653 logger: logger, 8654 } 8655 r = rule 8656 case "aclRuleFieldCheckDenyWithWarnLoggerCounterMatchAnyStop": 8657 rule := &aclRuleFieldCheckDenyWithWarnLoggerCounterMatchAnyStop{ 8658 config: &ruleConfig{ 8659 ruleType: "aclRuleFieldCheckDenyWithWarnLoggerCounterMatchAnyStop", 8660 logEnabled: logEnabled, 8661 counterEnabled: counterEnabled, 8662 comment: cfg.Comment, 8663 action: ruleActionDeny, 8664 tag: tag, 8665 logLevel: logLevel, 8666 checkFields: checkFields, 8667 conditions: condConfigs, 8668 fields: fields, 8669 }, 8670 conditions: conditions, 8671 fields: fields, 8672 checkFields: checkFields, 8673 tag: tag, 8674 logger: logger, 8675 } 8676 r = rule 8677 case "aclRuleFieldCheckDenyWithErrorLoggerCounterMatchAnyStop": 8678 rule := &aclRuleFieldCheckDenyWithErrorLoggerCounterMatchAnyStop{ 8679 config: &ruleConfig{ 8680 ruleType: "aclRuleFieldCheckDenyWithErrorLoggerCounterMatchAnyStop", 8681 logEnabled: logEnabled, 8682 counterEnabled: counterEnabled, 8683 comment: cfg.Comment, 8684 action: ruleActionDeny, 8685 tag: tag, 8686 logLevel: logLevel, 8687 checkFields: checkFields, 8688 conditions: condConfigs, 8689 fields: fields, 8690 }, 8691 conditions: conditions, 8692 fields: fields, 8693 checkFields: checkFields, 8694 tag: tag, 8695 logger: logger, 8696 } 8697 r = rule 8698 case "aclRuleFieldCheckDenyWithDebugLoggerCounterMatchAllStop": 8699 rule := &aclRuleFieldCheckDenyWithDebugLoggerCounterMatchAllStop{ 8700 config: &ruleConfig{ 8701 ruleType: "aclRuleFieldCheckDenyWithDebugLoggerCounterMatchAllStop", 8702 logEnabled: logEnabled, 8703 counterEnabled: counterEnabled, 8704 comment: cfg.Comment, 8705 action: ruleActionDeny, 8706 tag: tag, 8707 logLevel: logLevel, 8708 checkFields: checkFields, 8709 matchAll: true, 8710 conditions: condConfigs, 8711 fields: fields, 8712 }, 8713 conditions: conditions, 8714 fields: fields, 8715 checkFields: checkFields, 8716 tag: tag, 8717 logger: logger, 8718 } 8719 r = rule 8720 case "aclRuleFieldCheckDenyWithInfoLoggerCounterMatchAllStop": 8721 rule := &aclRuleFieldCheckDenyWithInfoLoggerCounterMatchAllStop{ 8722 config: &ruleConfig{ 8723 ruleType: "aclRuleFieldCheckDenyWithInfoLoggerCounterMatchAllStop", 8724 logEnabled: logEnabled, 8725 counterEnabled: counterEnabled, 8726 comment: cfg.Comment, 8727 action: ruleActionDeny, 8728 tag: tag, 8729 logLevel: logLevel, 8730 checkFields: checkFields, 8731 matchAll: true, 8732 conditions: condConfigs, 8733 fields: fields, 8734 }, 8735 conditions: conditions, 8736 fields: fields, 8737 checkFields: checkFields, 8738 tag: tag, 8739 logger: logger, 8740 } 8741 r = rule 8742 case "aclRuleFieldCheckDenyWithWarnLoggerCounterMatchAllStop": 8743 rule := &aclRuleFieldCheckDenyWithWarnLoggerCounterMatchAllStop{ 8744 config: &ruleConfig{ 8745 ruleType: "aclRuleFieldCheckDenyWithWarnLoggerCounterMatchAllStop", 8746 logEnabled: logEnabled, 8747 counterEnabled: counterEnabled, 8748 comment: cfg.Comment, 8749 action: ruleActionDeny, 8750 tag: tag, 8751 logLevel: logLevel, 8752 checkFields: checkFields, 8753 matchAll: true, 8754 conditions: condConfigs, 8755 fields: fields, 8756 }, 8757 conditions: conditions, 8758 fields: fields, 8759 checkFields: checkFields, 8760 tag: tag, 8761 logger: logger, 8762 } 8763 r = rule 8764 case "aclRuleFieldCheckDenyWithErrorLoggerCounterMatchAllStop": 8765 rule := &aclRuleFieldCheckDenyWithErrorLoggerCounterMatchAllStop{ 8766 config: &ruleConfig{ 8767 ruleType: "aclRuleFieldCheckDenyWithErrorLoggerCounterMatchAllStop", 8768 logEnabled: logEnabled, 8769 counterEnabled: counterEnabled, 8770 comment: cfg.Comment, 8771 action: ruleActionDeny, 8772 tag: tag, 8773 logLevel: logLevel, 8774 checkFields: checkFields, 8775 matchAll: true, 8776 conditions: condConfigs, 8777 fields: fields, 8778 }, 8779 conditions: conditions, 8780 fields: fields, 8781 checkFields: checkFields, 8782 tag: tag, 8783 logger: logger, 8784 } 8785 r = rule 8786 case "aclRuleFieldCheckDenyWithDebugLoggerCounterStop": 8787 rule := &aclRuleFieldCheckDenyWithDebugLoggerCounterStop{ 8788 config: &ruleConfig{ 8789 ruleType: "aclRuleFieldCheckDenyWithDebugLoggerCounterStop", 8790 logEnabled: logEnabled, 8791 counterEnabled: counterEnabled, 8792 comment: cfg.Comment, 8793 action: ruleActionDeny, 8794 tag: tag, 8795 logLevel: logLevel, 8796 checkFields: checkFields, 8797 matchAll: true, 8798 conditions: condConfigs, 8799 fields: fields, 8800 }, 8801 condition: conditions[0], 8802 field: fields[0], 8803 checkFields: checkFields, 8804 tag: tag, 8805 logger: logger, 8806 } 8807 r = rule 8808 case "aclRuleFieldCheckDenyWithInfoLoggerCounterStop": 8809 rule := &aclRuleFieldCheckDenyWithInfoLoggerCounterStop{ 8810 config: &ruleConfig{ 8811 ruleType: "aclRuleFieldCheckDenyWithInfoLoggerCounterStop", 8812 logEnabled: logEnabled, 8813 counterEnabled: counterEnabled, 8814 comment: cfg.Comment, 8815 action: ruleActionDeny, 8816 tag: tag, 8817 logLevel: logLevel, 8818 checkFields: checkFields, 8819 matchAll: true, 8820 conditions: condConfigs, 8821 fields: fields, 8822 }, 8823 condition: conditions[0], 8824 field: fields[0], 8825 checkFields: checkFields, 8826 tag: tag, 8827 logger: logger, 8828 } 8829 r = rule 8830 case "aclRuleFieldCheckDenyWithWarnLoggerCounterStop": 8831 rule := &aclRuleFieldCheckDenyWithWarnLoggerCounterStop{ 8832 config: &ruleConfig{ 8833 ruleType: "aclRuleFieldCheckDenyWithWarnLoggerCounterStop", 8834 logEnabled: logEnabled, 8835 counterEnabled: counterEnabled, 8836 comment: cfg.Comment, 8837 action: ruleActionDeny, 8838 tag: tag, 8839 logLevel: logLevel, 8840 checkFields: checkFields, 8841 matchAll: true, 8842 conditions: condConfigs, 8843 fields: fields, 8844 }, 8845 condition: conditions[0], 8846 field: fields[0], 8847 checkFields: checkFields, 8848 tag: tag, 8849 logger: logger, 8850 } 8851 r = rule 8852 case "aclRuleFieldCheckDenyWithErrorLoggerCounterStop": 8853 rule := &aclRuleFieldCheckDenyWithErrorLoggerCounterStop{ 8854 config: &ruleConfig{ 8855 ruleType: "aclRuleFieldCheckDenyWithErrorLoggerCounterStop", 8856 logEnabled: logEnabled, 8857 counterEnabled: counterEnabled, 8858 comment: cfg.Comment, 8859 action: ruleActionDeny, 8860 tag: tag, 8861 logLevel: logLevel, 8862 checkFields: checkFields, 8863 matchAll: true, 8864 conditions: condConfigs, 8865 fields: fields, 8866 }, 8867 condition: conditions[0], 8868 field: fields[0], 8869 checkFields: checkFields, 8870 tag: tag, 8871 logger: logger, 8872 } 8873 r = rule 8874 case "aclRuleFieldCheckDenyWithDebugLoggerCounterMatchAny": 8875 rule := &aclRuleFieldCheckDenyWithDebugLoggerCounterMatchAny{ 8876 config: &ruleConfig{ 8877 ruleType: "aclRuleFieldCheckDenyWithDebugLoggerCounterMatchAny", 8878 logEnabled: logEnabled, 8879 counterEnabled: counterEnabled, 8880 comment: cfg.Comment, 8881 action: ruleActionDeny, 8882 tag: tag, 8883 logLevel: logLevel, 8884 checkFields: checkFields, 8885 conditions: condConfigs, 8886 fields: fields, 8887 }, 8888 conditions: conditions, 8889 fields: fields, 8890 checkFields: checkFields, 8891 tag: tag, 8892 logger: logger, 8893 } 8894 r = rule 8895 case "aclRuleFieldCheckDenyWithInfoLoggerCounterMatchAny": 8896 rule := &aclRuleFieldCheckDenyWithInfoLoggerCounterMatchAny{ 8897 config: &ruleConfig{ 8898 ruleType: "aclRuleFieldCheckDenyWithInfoLoggerCounterMatchAny", 8899 logEnabled: logEnabled, 8900 counterEnabled: counterEnabled, 8901 comment: cfg.Comment, 8902 action: ruleActionDeny, 8903 tag: tag, 8904 logLevel: logLevel, 8905 checkFields: checkFields, 8906 conditions: condConfigs, 8907 fields: fields, 8908 }, 8909 conditions: conditions, 8910 fields: fields, 8911 checkFields: checkFields, 8912 tag: tag, 8913 logger: logger, 8914 } 8915 r = rule 8916 case "aclRuleFieldCheckDenyWithWarnLoggerCounterMatchAny": 8917 rule := &aclRuleFieldCheckDenyWithWarnLoggerCounterMatchAny{ 8918 config: &ruleConfig{ 8919 ruleType: "aclRuleFieldCheckDenyWithWarnLoggerCounterMatchAny", 8920 logEnabled: logEnabled, 8921 counterEnabled: counterEnabled, 8922 comment: cfg.Comment, 8923 action: ruleActionDeny, 8924 tag: tag, 8925 logLevel: logLevel, 8926 checkFields: checkFields, 8927 conditions: condConfigs, 8928 fields: fields, 8929 }, 8930 conditions: conditions, 8931 fields: fields, 8932 checkFields: checkFields, 8933 tag: tag, 8934 logger: logger, 8935 } 8936 r = rule 8937 case "aclRuleFieldCheckDenyWithErrorLoggerCounterMatchAny": 8938 rule := &aclRuleFieldCheckDenyWithErrorLoggerCounterMatchAny{ 8939 config: &ruleConfig{ 8940 ruleType: "aclRuleFieldCheckDenyWithErrorLoggerCounterMatchAny", 8941 logEnabled: logEnabled, 8942 counterEnabled: counterEnabled, 8943 comment: cfg.Comment, 8944 action: ruleActionDeny, 8945 tag: tag, 8946 logLevel: logLevel, 8947 checkFields: checkFields, 8948 conditions: condConfigs, 8949 fields: fields, 8950 }, 8951 conditions: conditions, 8952 fields: fields, 8953 checkFields: checkFields, 8954 tag: tag, 8955 logger: logger, 8956 } 8957 r = rule 8958 case "aclRuleFieldCheckDenyWithDebugLoggerCounterMatchAll": 8959 rule := &aclRuleFieldCheckDenyWithDebugLoggerCounterMatchAll{ 8960 config: &ruleConfig{ 8961 ruleType: "aclRuleFieldCheckDenyWithDebugLoggerCounterMatchAll", 8962 logEnabled: logEnabled, 8963 counterEnabled: counterEnabled, 8964 comment: cfg.Comment, 8965 action: ruleActionDeny, 8966 tag: tag, 8967 logLevel: logLevel, 8968 checkFields: checkFields, 8969 matchAll: true, 8970 conditions: condConfigs, 8971 fields: fields, 8972 }, 8973 conditions: conditions, 8974 fields: fields, 8975 checkFields: checkFields, 8976 tag: tag, 8977 logger: logger, 8978 } 8979 r = rule 8980 case "aclRuleFieldCheckDenyWithInfoLoggerCounterMatchAll": 8981 rule := &aclRuleFieldCheckDenyWithInfoLoggerCounterMatchAll{ 8982 config: &ruleConfig{ 8983 ruleType: "aclRuleFieldCheckDenyWithInfoLoggerCounterMatchAll", 8984 logEnabled: logEnabled, 8985 counterEnabled: counterEnabled, 8986 comment: cfg.Comment, 8987 action: ruleActionDeny, 8988 tag: tag, 8989 logLevel: logLevel, 8990 checkFields: checkFields, 8991 matchAll: true, 8992 conditions: condConfigs, 8993 fields: fields, 8994 }, 8995 conditions: conditions, 8996 fields: fields, 8997 checkFields: checkFields, 8998 tag: tag, 8999 logger: logger, 9000 } 9001 r = rule 9002 case "aclRuleFieldCheckDenyWithWarnLoggerCounterMatchAll": 9003 rule := &aclRuleFieldCheckDenyWithWarnLoggerCounterMatchAll{ 9004 config: &ruleConfig{ 9005 ruleType: "aclRuleFieldCheckDenyWithWarnLoggerCounterMatchAll", 9006 logEnabled: logEnabled, 9007 counterEnabled: counterEnabled, 9008 comment: cfg.Comment, 9009 action: ruleActionDeny, 9010 tag: tag, 9011 logLevel: logLevel, 9012 checkFields: checkFields, 9013 matchAll: true, 9014 conditions: condConfigs, 9015 fields: fields, 9016 }, 9017 conditions: conditions, 9018 fields: fields, 9019 checkFields: checkFields, 9020 tag: tag, 9021 logger: logger, 9022 } 9023 r = rule 9024 case "aclRuleFieldCheckDenyWithErrorLoggerCounterMatchAll": 9025 rule := &aclRuleFieldCheckDenyWithErrorLoggerCounterMatchAll{ 9026 config: &ruleConfig{ 9027 ruleType: "aclRuleFieldCheckDenyWithErrorLoggerCounterMatchAll", 9028 logEnabled: logEnabled, 9029 counterEnabled: counterEnabled, 9030 comment: cfg.Comment, 9031 action: ruleActionDeny, 9032 tag: tag, 9033 logLevel: logLevel, 9034 checkFields: checkFields, 9035 matchAll: true, 9036 conditions: condConfigs, 9037 fields: fields, 9038 }, 9039 conditions: conditions, 9040 fields: fields, 9041 checkFields: checkFields, 9042 tag: tag, 9043 logger: logger, 9044 } 9045 r = rule 9046 case "aclRuleFieldCheckDenyWithDebugLoggerCounter": 9047 rule := &aclRuleFieldCheckDenyWithDebugLoggerCounter{ 9048 config: &ruleConfig{ 9049 ruleType: "aclRuleFieldCheckDenyWithDebugLoggerCounter", 9050 logEnabled: logEnabled, 9051 counterEnabled: counterEnabled, 9052 comment: cfg.Comment, 9053 action: ruleActionDeny, 9054 tag: tag, 9055 logLevel: logLevel, 9056 checkFields: checkFields, 9057 matchAll: true, 9058 conditions: condConfigs, 9059 fields: fields, 9060 }, 9061 condition: conditions[0], 9062 field: fields[0], 9063 checkFields: checkFields, 9064 tag: tag, 9065 logger: logger, 9066 } 9067 r = rule 9068 case "aclRuleFieldCheckDenyWithInfoLoggerCounter": 9069 rule := &aclRuleFieldCheckDenyWithInfoLoggerCounter{ 9070 config: &ruleConfig{ 9071 ruleType: "aclRuleFieldCheckDenyWithInfoLoggerCounter", 9072 logEnabled: logEnabled, 9073 counterEnabled: counterEnabled, 9074 comment: cfg.Comment, 9075 action: ruleActionDeny, 9076 tag: tag, 9077 logLevel: logLevel, 9078 checkFields: checkFields, 9079 matchAll: true, 9080 conditions: condConfigs, 9081 fields: fields, 9082 }, 9083 condition: conditions[0], 9084 field: fields[0], 9085 checkFields: checkFields, 9086 tag: tag, 9087 logger: logger, 9088 } 9089 r = rule 9090 case "aclRuleFieldCheckDenyWithWarnLoggerCounter": 9091 rule := &aclRuleFieldCheckDenyWithWarnLoggerCounter{ 9092 config: &ruleConfig{ 9093 ruleType: "aclRuleFieldCheckDenyWithWarnLoggerCounter", 9094 logEnabled: logEnabled, 9095 counterEnabled: counterEnabled, 9096 comment: cfg.Comment, 9097 action: ruleActionDeny, 9098 tag: tag, 9099 logLevel: logLevel, 9100 checkFields: checkFields, 9101 matchAll: true, 9102 conditions: condConfigs, 9103 fields: fields, 9104 }, 9105 condition: conditions[0], 9106 field: fields[0], 9107 checkFields: checkFields, 9108 tag: tag, 9109 logger: logger, 9110 } 9111 r = rule 9112 case "aclRuleFieldCheckDenyWithErrorLoggerCounter": 9113 rule := &aclRuleFieldCheckDenyWithErrorLoggerCounter{ 9114 config: &ruleConfig{ 9115 ruleType: "aclRuleFieldCheckDenyWithErrorLoggerCounter", 9116 logEnabled: logEnabled, 9117 counterEnabled: counterEnabled, 9118 comment: cfg.Comment, 9119 action: ruleActionDeny, 9120 tag: tag, 9121 logLevel: logLevel, 9122 checkFields: checkFields, 9123 matchAll: true, 9124 conditions: condConfigs, 9125 fields: fields, 9126 }, 9127 condition: conditions[0], 9128 field: fields[0], 9129 checkFields: checkFields, 9130 tag: tag, 9131 logger: logger, 9132 } 9133 r = rule 9134 default: 9135 return nil, errors.ErrACLRuleSyntaxTypeUnsupported.WithArgs(ruleTypeName) 9136 } 9137 return r, nil 9138 } 9139 9140 func (rule *aclRuleAllowMatchAnyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9141 for i, field := range rule.fields { 9142 v, found := data[field] 9143 if !found { 9144 continue 9145 } 9146 if !rule.conditions[i].match(ctx, v) { 9147 continue 9148 } 9149 return ruleVerdictAllowStop 9150 } 9151 return ruleVerdictContinue 9152 } 9153 9154 func (rule *aclRuleAllowMatchAllStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9155 var matched bool 9156 for i, field := range rule.fields { 9157 v, found := data[field] 9158 if !found { 9159 return ruleVerdictContinue 9160 } 9161 if !rule.conditions[i].match(ctx, v) { 9162 return ruleVerdictContinue 9163 } 9164 matched = true 9165 } 9166 if matched { 9167 return ruleVerdictAllowStop 9168 } 9169 return ruleVerdictContinue 9170 } 9171 9172 func (rule *aclRuleAllowStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9173 v, found := data[rule.field] 9174 if !found { 9175 return ruleVerdictContinue 9176 } 9177 if !rule.condition.match(ctx, v) { 9178 return ruleVerdictContinue 9179 } 9180 return ruleVerdictAllowStop 9181 } 9182 9183 func (rule *aclRuleAllowMatchAny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9184 for i, field := range rule.fields { 9185 v, found := data[field] 9186 if !found { 9187 continue 9188 } 9189 if !rule.conditions[i].match(ctx, v) { 9190 continue 9191 } 9192 return ruleVerdictAllow 9193 } 9194 return ruleVerdictContinue 9195 } 9196 9197 func (rule *aclRuleAllowMatchAll) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9198 var matched bool 9199 for i, field := range rule.fields { 9200 v, found := data[field] 9201 if !found { 9202 return ruleVerdictContinue 9203 } 9204 if !rule.conditions[i].match(ctx, v) { 9205 return ruleVerdictContinue 9206 } 9207 matched = true 9208 } 9209 if matched { 9210 return ruleVerdictAllow 9211 } 9212 return ruleVerdictContinue 9213 } 9214 9215 func (rule *aclRuleAllow) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9216 v, found := data[rule.field] 9217 if !found { 9218 return ruleVerdictContinue 9219 } 9220 if !rule.condition.match(ctx, v) { 9221 return ruleVerdictContinue 9222 } 9223 return ruleVerdictAllow 9224 } 9225 9226 func (rule *aclRuleAllowWithDebugLoggerMatchAnyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9227 for i, field := range rule.fields { 9228 v, found := data[field] 9229 if !found { 9230 continue 9231 } 9232 if !rule.conditions[i].match(ctx, v) { 9233 continue 9234 } 9235 rule.logger.Debug("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9236 return ruleVerdictAllowStop 9237 } 9238 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9239 return ruleVerdictContinue 9240 } 9241 9242 func (rule *aclRuleAllowWithInfoLoggerMatchAnyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9243 for i, field := range rule.fields { 9244 v, found := data[field] 9245 if !found { 9246 continue 9247 } 9248 if !rule.conditions[i].match(ctx, v) { 9249 continue 9250 } 9251 rule.logger.Info("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9252 return ruleVerdictAllowStop 9253 } 9254 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9255 return ruleVerdictContinue 9256 } 9257 9258 func (rule *aclRuleAllowWithWarnLoggerMatchAnyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9259 for i, field := range rule.fields { 9260 v, found := data[field] 9261 if !found { 9262 continue 9263 } 9264 if !rule.conditions[i].match(ctx, v) { 9265 continue 9266 } 9267 rule.logger.Warn("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9268 return ruleVerdictAllowStop 9269 } 9270 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9271 return ruleVerdictContinue 9272 } 9273 9274 func (rule *aclRuleAllowWithErrorLoggerMatchAnyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9275 for i, field := range rule.fields { 9276 v, found := data[field] 9277 if !found { 9278 continue 9279 } 9280 if !rule.conditions[i].match(ctx, v) { 9281 continue 9282 } 9283 rule.logger.Error("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9284 return ruleVerdictAllowStop 9285 } 9286 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9287 return ruleVerdictContinue 9288 } 9289 9290 func (rule *aclRuleAllowWithDebugLoggerMatchAllStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9291 var matched bool 9292 for i, field := range rule.fields { 9293 v, found := data[field] 9294 if !found { 9295 return ruleVerdictContinue 9296 } 9297 if !rule.conditions[i].match(ctx, v) { 9298 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9299 return ruleVerdictContinue 9300 } 9301 matched = true 9302 } 9303 if matched { 9304 rule.logger.Debug("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9305 return ruleVerdictAllowStop 9306 } 9307 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9308 return ruleVerdictContinue 9309 } 9310 9311 func (rule *aclRuleAllowWithInfoLoggerMatchAllStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9312 var matched bool 9313 for i, field := range rule.fields { 9314 v, found := data[field] 9315 if !found { 9316 return ruleVerdictContinue 9317 } 9318 if !rule.conditions[i].match(ctx, v) { 9319 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9320 return ruleVerdictContinue 9321 } 9322 matched = true 9323 } 9324 if matched { 9325 rule.logger.Info("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9326 return ruleVerdictAllowStop 9327 } 9328 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9329 return ruleVerdictContinue 9330 } 9331 9332 func (rule *aclRuleAllowWithWarnLoggerMatchAllStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9333 var matched bool 9334 for i, field := range rule.fields { 9335 v, found := data[field] 9336 if !found { 9337 return ruleVerdictContinue 9338 } 9339 if !rule.conditions[i].match(ctx, v) { 9340 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9341 return ruleVerdictContinue 9342 } 9343 matched = true 9344 } 9345 if matched { 9346 rule.logger.Warn("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9347 return ruleVerdictAllowStop 9348 } 9349 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9350 return ruleVerdictContinue 9351 } 9352 9353 func (rule *aclRuleAllowWithErrorLoggerMatchAllStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9354 var matched bool 9355 for i, field := range rule.fields { 9356 v, found := data[field] 9357 if !found { 9358 return ruleVerdictContinue 9359 } 9360 if !rule.conditions[i].match(ctx, v) { 9361 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9362 return ruleVerdictContinue 9363 } 9364 matched = true 9365 } 9366 if matched { 9367 rule.logger.Error("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9368 return ruleVerdictAllowStop 9369 } 9370 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9371 return ruleVerdictContinue 9372 } 9373 9374 func (rule *aclRuleAllowWithDebugLoggerStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9375 v, found := data[rule.field] 9376 if !found { 9377 return ruleVerdictContinue 9378 } 9379 if !rule.condition.match(ctx, v) { 9380 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9381 return ruleVerdictContinue 9382 } 9383 rule.logger.Debug("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9384 return ruleVerdictAllowStop 9385 } 9386 9387 func (rule *aclRuleAllowWithInfoLoggerStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9388 v, found := data[rule.field] 9389 if !found { 9390 return ruleVerdictContinue 9391 } 9392 if !rule.condition.match(ctx, v) { 9393 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9394 return ruleVerdictContinue 9395 } 9396 rule.logger.Info("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9397 return ruleVerdictAllowStop 9398 } 9399 9400 func (rule *aclRuleAllowWithWarnLoggerStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9401 v, found := data[rule.field] 9402 if !found { 9403 return ruleVerdictContinue 9404 } 9405 if !rule.condition.match(ctx, v) { 9406 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9407 return ruleVerdictContinue 9408 } 9409 rule.logger.Warn("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9410 return ruleVerdictAllowStop 9411 } 9412 9413 func (rule *aclRuleAllowWithErrorLoggerStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9414 v, found := data[rule.field] 9415 if !found { 9416 return ruleVerdictContinue 9417 } 9418 if !rule.condition.match(ctx, v) { 9419 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9420 return ruleVerdictContinue 9421 } 9422 rule.logger.Error("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9423 return ruleVerdictAllowStop 9424 } 9425 9426 func (rule *aclRuleAllowWithDebugLoggerMatchAny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9427 for i, field := range rule.fields { 9428 v, found := data[field] 9429 if !found { 9430 continue 9431 } 9432 if !rule.conditions[i].match(ctx, v) { 9433 continue 9434 } 9435 rule.logger.Debug("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9436 return ruleVerdictAllow 9437 } 9438 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9439 return ruleVerdictContinue 9440 } 9441 9442 func (rule *aclRuleAllowWithInfoLoggerMatchAny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9443 for i, field := range rule.fields { 9444 v, found := data[field] 9445 if !found { 9446 continue 9447 } 9448 if !rule.conditions[i].match(ctx, v) { 9449 continue 9450 } 9451 rule.logger.Info("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9452 return ruleVerdictAllow 9453 } 9454 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9455 return ruleVerdictContinue 9456 } 9457 9458 func (rule *aclRuleAllowWithWarnLoggerMatchAny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9459 for i, field := range rule.fields { 9460 v, found := data[field] 9461 if !found { 9462 continue 9463 } 9464 if !rule.conditions[i].match(ctx, v) { 9465 continue 9466 } 9467 rule.logger.Warn("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9468 return ruleVerdictAllow 9469 } 9470 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9471 return ruleVerdictContinue 9472 } 9473 9474 func (rule *aclRuleAllowWithErrorLoggerMatchAny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9475 for i, field := range rule.fields { 9476 v, found := data[field] 9477 if !found { 9478 continue 9479 } 9480 if !rule.conditions[i].match(ctx, v) { 9481 continue 9482 } 9483 rule.logger.Error("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9484 return ruleVerdictAllow 9485 } 9486 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9487 return ruleVerdictContinue 9488 } 9489 9490 func (rule *aclRuleAllowWithDebugLoggerMatchAll) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9491 var matched bool 9492 for i, field := range rule.fields { 9493 v, found := data[field] 9494 if !found { 9495 return ruleVerdictContinue 9496 } 9497 if !rule.conditions[i].match(ctx, v) { 9498 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9499 return ruleVerdictContinue 9500 } 9501 matched = true 9502 } 9503 if matched { 9504 rule.logger.Debug("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9505 return ruleVerdictAllow 9506 } 9507 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9508 return ruleVerdictContinue 9509 } 9510 9511 func (rule *aclRuleAllowWithInfoLoggerMatchAll) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9512 var matched bool 9513 for i, field := range rule.fields { 9514 v, found := data[field] 9515 if !found { 9516 return ruleVerdictContinue 9517 } 9518 if !rule.conditions[i].match(ctx, v) { 9519 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9520 return ruleVerdictContinue 9521 } 9522 matched = true 9523 } 9524 if matched { 9525 rule.logger.Info("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9526 return ruleVerdictAllow 9527 } 9528 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9529 return ruleVerdictContinue 9530 } 9531 9532 func (rule *aclRuleAllowWithWarnLoggerMatchAll) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9533 var matched bool 9534 for i, field := range rule.fields { 9535 v, found := data[field] 9536 if !found { 9537 return ruleVerdictContinue 9538 } 9539 if !rule.conditions[i].match(ctx, v) { 9540 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9541 return ruleVerdictContinue 9542 } 9543 matched = true 9544 } 9545 if matched { 9546 rule.logger.Warn("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9547 return ruleVerdictAllow 9548 } 9549 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9550 return ruleVerdictContinue 9551 } 9552 9553 func (rule *aclRuleAllowWithErrorLoggerMatchAll) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9554 var matched bool 9555 for i, field := range rule.fields { 9556 v, found := data[field] 9557 if !found { 9558 return ruleVerdictContinue 9559 } 9560 if !rule.conditions[i].match(ctx, v) { 9561 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9562 return ruleVerdictContinue 9563 } 9564 matched = true 9565 } 9566 if matched { 9567 rule.logger.Error("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9568 return ruleVerdictAllow 9569 } 9570 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9571 return ruleVerdictContinue 9572 } 9573 9574 func (rule *aclRuleAllowWithDebugLogger) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9575 v, found := data[rule.field] 9576 if !found { 9577 return ruleVerdictContinue 9578 } 9579 if !rule.condition.match(ctx, v) { 9580 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9581 return ruleVerdictContinue 9582 } 9583 rule.logger.Debug("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9584 return ruleVerdictAllow 9585 } 9586 9587 func (rule *aclRuleAllowWithInfoLogger) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9588 v, found := data[rule.field] 9589 if !found { 9590 return ruleVerdictContinue 9591 } 9592 if !rule.condition.match(ctx, v) { 9593 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9594 return ruleVerdictContinue 9595 } 9596 rule.logger.Info("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9597 return ruleVerdictAllow 9598 } 9599 9600 func (rule *aclRuleAllowWithWarnLogger) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9601 v, found := data[rule.field] 9602 if !found { 9603 return ruleVerdictContinue 9604 } 9605 if !rule.condition.match(ctx, v) { 9606 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9607 return ruleVerdictContinue 9608 } 9609 rule.logger.Warn("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9610 return ruleVerdictAllow 9611 } 9612 9613 func (rule *aclRuleAllowWithErrorLogger) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9614 v, found := data[rule.field] 9615 if !found { 9616 return ruleVerdictContinue 9617 } 9618 if !rule.condition.match(ctx, v) { 9619 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9620 return ruleVerdictContinue 9621 } 9622 rule.logger.Error("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9623 return ruleVerdictAllow 9624 } 9625 9626 func (rule *aclRuleAllowWithCounterMatchAnyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9627 for i, field := range rule.fields { 9628 v, found := data[field] 9629 if !found { 9630 continue 9631 } 9632 if !rule.conditions[i].match(ctx, v) { 9633 continue 9634 } 9635 atomic.AddUint64(&rule.counterMatch, 1) 9636 return ruleVerdictAllowStop 9637 } 9638 atomic.AddUint64(&rule.counterMiss, 1) 9639 return ruleVerdictContinue 9640 } 9641 9642 func (rule *aclRuleAllowWithCounterMatchAllStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9643 var matched bool 9644 for i, field := range rule.fields { 9645 v, found := data[field] 9646 if !found { 9647 return ruleVerdictContinue 9648 } 9649 if !rule.conditions[i].match(ctx, v) { 9650 atomic.AddUint64(&rule.counterMiss, 1) 9651 return ruleVerdictContinue 9652 } 9653 matched = true 9654 } 9655 if matched { 9656 atomic.AddUint64(&rule.counterMatch, 1) 9657 return ruleVerdictAllowStop 9658 } 9659 atomic.AddUint64(&rule.counterMiss, 1) 9660 return ruleVerdictContinue 9661 } 9662 9663 func (rule *aclRuleAllowWithCounterStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9664 v, found := data[rule.field] 9665 if !found { 9666 return ruleVerdictContinue 9667 } 9668 if !rule.condition.match(ctx, v) { 9669 atomic.AddUint64(&rule.counterMiss, 1) 9670 return ruleVerdictContinue 9671 } 9672 atomic.AddUint64(&rule.counterMatch, 1) 9673 return ruleVerdictAllowStop 9674 } 9675 9676 func (rule *aclRuleAllowWithCounterMatchAny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9677 for i, field := range rule.fields { 9678 v, found := data[field] 9679 if !found { 9680 continue 9681 } 9682 if !rule.conditions[i].match(ctx, v) { 9683 continue 9684 } 9685 atomic.AddUint64(&rule.counterMatch, 1) 9686 return ruleVerdictAllow 9687 } 9688 atomic.AddUint64(&rule.counterMiss, 1) 9689 return ruleVerdictContinue 9690 } 9691 9692 func (rule *aclRuleAllowWithCounterMatchAll) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9693 var matched bool 9694 for i, field := range rule.fields { 9695 v, found := data[field] 9696 if !found { 9697 return ruleVerdictContinue 9698 } 9699 if !rule.conditions[i].match(ctx, v) { 9700 atomic.AddUint64(&rule.counterMiss, 1) 9701 return ruleVerdictContinue 9702 } 9703 matched = true 9704 } 9705 if matched { 9706 atomic.AddUint64(&rule.counterMatch, 1) 9707 return ruleVerdictAllow 9708 } 9709 atomic.AddUint64(&rule.counterMiss, 1) 9710 return ruleVerdictContinue 9711 } 9712 9713 func (rule *aclRuleAllowWithCounter) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9714 v, found := data[rule.field] 9715 if !found { 9716 return ruleVerdictContinue 9717 } 9718 if !rule.condition.match(ctx, v) { 9719 atomic.AddUint64(&rule.counterMiss, 1) 9720 return ruleVerdictContinue 9721 } 9722 atomic.AddUint64(&rule.counterMatch, 1) 9723 return ruleVerdictAllow 9724 } 9725 9726 func (rule *aclRuleAllowWithDebugLoggerCounterMatchAnyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9727 for i, field := range rule.fields { 9728 v, found := data[field] 9729 if !found { 9730 continue 9731 } 9732 if !rule.conditions[i].match(ctx, v) { 9733 continue 9734 } 9735 atomic.AddUint64(&rule.counterMatch, 1) 9736 rule.logger.Debug("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9737 return ruleVerdictAllowStop 9738 } 9739 atomic.AddUint64(&rule.counterMiss, 1) 9740 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9741 return ruleVerdictContinue 9742 } 9743 9744 func (rule *aclRuleAllowWithInfoLoggerCounterMatchAnyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9745 for i, field := range rule.fields { 9746 v, found := data[field] 9747 if !found { 9748 continue 9749 } 9750 if !rule.conditions[i].match(ctx, v) { 9751 continue 9752 } 9753 atomic.AddUint64(&rule.counterMatch, 1) 9754 rule.logger.Info("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9755 return ruleVerdictAllowStop 9756 } 9757 atomic.AddUint64(&rule.counterMiss, 1) 9758 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9759 return ruleVerdictContinue 9760 } 9761 9762 func (rule *aclRuleAllowWithWarnLoggerCounterMatchAnyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9763 for i, field := range rule.fields { 9764 v, found := data[field] 9765 if !found { 9766 continue 9767 } 9768 if !rule.conditions[i].match(ctx, v) { 9769 continue 9770 } 9771 atomic.AddUint64(&rule.counterMatch, 1) 9772 rule.logger.Warn("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9773 return ruleVerdictAllowStop 9774 } 9775 atomic.AddUint64(&rule.counterMiss, 1) 9776 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9777 return ruleVerdictContinue 9778 } 9779 9780 func (rule *aclRuleAllowWithErrorLoggerCounterMatchAnyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9781 for i, field := range rule.fields { 9782 v, found := data[field] 9783 if !found { 9784 continue 9785 } 9786 if !rule.conditions[i].match(ctx, v) { 9787 continue 9788 } 9789 atomic.AddUint64(&rule.counterMatch, 1) 9790 rule.logger.Error("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9791 return ruleVerdictAllowStop 9792 } 9793 atomic.AddUint64(&rule.counterMiss, 1) 9794 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9795 return ruleVerdictContinue 9796 } 9797 9798 func (rule *aclRuleAllowWithDebugLoggerCounterMatchAllStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9799 var matched bool 9800 for i, field := range rule.fields { 9801 v, found := data[field] 9802 if !found { 9803 return ruleVerdictContinue 9804 } 9805 if !rule.conditions[i].match(ctx, v) { 9806 atomic.AddUint64(&rule.counterMiss, 1) 9807 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9808 return ruleVerdictContinue 9809 } 9810 matched = true 9811 } 9812 if matched { 9813 atomic.AddUint64(&rule.counterMatch, 1) 9814 rule.logger.Debug("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9815 return ruleVerdictAllowStop 9816 } 9817 atomic.AddUint64(&rule.counterMiss, 1) 9818 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9819 return ruleVerdictContinue 9820 } 9821 9822 func (rule *aclRuleAllowWithInfoLoggerCounterMatchAllStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9823 var matched bool 9824 for i, field := range rule.fields { 9825 v, found := data[field] 9826 if !found { 9827 return ruleVerdictContinue 9828 } 9829 if !rule.conditions[i].match(ctx, v) { 9830 atomic.AddUint64(&rule.counterMiss, 1) 9831 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9832 return ruleVerdictContinue 9833 } 9834 matched = true 9835 } 9836 if matched { 9837 atomic.AddUint64(&rule.counterMatch, 1) 9838 rule.logger.Info("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9839 return ruleVerdictAllowStop 9840 } 9841 atomic.AddUint64(&rule.counterMiss, 1) 9842 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9843 return ruleVerdictContinue 9844 } 9845 9846 func (rule *aclRuleAllowWithWarnLoggerCounterMatchAllStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9847 var matched bool 9848 for i, field := range rule.fields { 9849 v, found := data[field] 9850 if !found { 9851 return ruleVerdictContinue 9852 } 9853 if !rule.conditions[i].match(ctx, v) { 9854 atomic.AddUint64(&rule.counterMiss, 1) 9855 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9856 return ruleVerdictContinue 9857 } 9858 matched = true 9859 } 9860 if matched { 9861 atomic.AddUint64(&rule.counterMatch, 1) 9862 rule.logger.Warn("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9863 return ruleVerdictAllowStop 9864 } 9865 atomic.AddUint64(&rule.counterMiss, 1) 9866 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9867 return ruleVerdictContinue 9868 } 9869 9870 func (rule *aclRuleAllowWithErrorLoggerCounterMatchAllStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9871 var matched bool 9872 for i, field := range rule.fields { 9873 v, found := data[field] 9874 if !found { 9875 return ruleVerdictContinue 9876 } 9877 if !rule.conditions[i].match(ctx, v) { 9878 atomic.AddUint64(&rule.counterMiss, 1) 9879 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9880 return ruleVerdictContinue 9881 } 9882 matched = true 9883 } 9884 if matched { 9885 atomic.AddUint64(&rule.counterMatch, 1) 9886 rule.logger.Error("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9887 return ruleVerdictAllowStop 9888 } 9889 atomic.AddUint64(&rule.counterMiss, 1) 9890 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9891 return ruleVerdictContinue 9892 } 9893 9894 func (rule *aclRuleAllowWithDebugLoggerCounterStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9895 v, found := data[rule.field] 9896 if !found { 9897 return ruleVerdictContinue 9898 } 9899 if !rule.condition.match(ctx, v) { 9900 atomic.AddUint64(&rule.counterMiss, 1) 9901 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9902 return ruleVerdictContinue 9903 } 9904 atomic.AddUint64(&rule.counterMatch, 1) 9905 rule.logger.Debug("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9906 return ruleVerdictAllowStop 9907 } 9908 9909 func (rule *aclRuleAllowWithInfoLoggerCounterStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9910 v, found := data[rule.field] 9911 if !found { 9912 return ruleVerdictContinue 9913 } 9914 if !rule.condition.match(ctx, v) { 9915 atomic.AddUint64(&rule.counterMiss, 1) 9916 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9917 return ruleVerdictContinue 9918 } 9919 atomic.AddUint64(&rule.counterMatch, 1) 9920 rule.logger.Info("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9921 return ruleVerdictAllowStop 9922 } 9923 9924 func (rule *aclRuleAllowWithWarnLoggerCounterStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9925 v, found := data[rule.field] 9926 if !found { 9927 return ruleVerdictContinue 9928 } 9929 if !rule.condition.match(ctx, v) { 9930 atomic.AddUint64(&rule.counterMiss, 1) 9931 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9932 return ruleVerdictContinue 9933 } 9934 atomic.AddUint64(&rule.counterMatch, 1) 9935 rule.logger.Warn("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9936 return ruleVerdictAllowStop 9937 } 9938 9939 func (rule *aclRuleAllowWithErrorLoggerCounterStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9940 v, found := data[rule.field] 9941 if !found { 9942 return ruleVerdictContinue 9943 } 9944 if !rule.condition.match(ctx, v) { 9945 atomic.AddUint64(&rule.counterMiss, 1) 9946 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9947 return ruleVerdictContinue 9948 } 9949 atomic.AddUint64(&rule.counterMatch, 1) 9950 rule.logger.Error("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9951 return ruleVerdictAllowStop 9952 } 9953 9954 func (rule *aclRuleAllowWithDebugLoggerCounterMatchAny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9955 for i, field := range rule.fields { 9956 v, found := data[field] 9957 if !found { 9958 continue 9959 } 9960 if !rule.conditions[i].match(ctx, v) { 9961 continue 9962 } 9963 atomic.AddUint64(&rule.counterMatch, 1) 9964 rule.logger.Debug("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9965 return ruleVerdictAllow 9966 } 9967 atomic.AddUint64(&rule.counterMiss, 1) 9968 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9969 return ruleVerdictContinue 9970 } 9971 9972 func (rule *aclRuleAllowWithInfoLoggerCounterMatchAny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9973 for i, field := range rule.fields { 9974 v, found := data[field] 9975 if !found { 9976 continue 9977 } 9978 if !rule.conditions[i].match(ctx, v) { 9979 continue 9980 } 9981 atomic.AddUint64(&rule.counterMatch, 1) 9982 rule.logger.Info("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9983 return ruleVerdictAllow 9984 } 9985 atomic.AddUint64(&rule.counterMiss, 1) 9986 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 9987 return ruleVerdictContinue 9988 } 9989 9990 func (rule *aclRuleAllowWithWarnLoggerCounterMatchAny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 9991 for i, field := range rule.fields { 9992 v, found := data[field] 9993 if !found { 9994 continue 9995 } 9996 if !rule.conditions[i].match(ctx, v) { 9997 continue 9998 } 9999 atomic.AddUint64(&rule.counterMatch, 1) 10000 rule.logger.Warn("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10001 return ruleVerdictAllow 10002 } 10003 atomic.AddUint64(&rule.counterMiss, 1) 10004 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10005 return ruleVerdictContinue 10006 } 10007 10008 func (rule *aclRuleAllowWithErrorLoggerCounterMatchAny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10009 for i, field := range rule.fields { 10010 v, found := data[field] 10011 if !found { 10012 continue 10013 } 10014 if !rule.conditions[i].match(ctx, v) { 10015 continue 10016 } 10017 atomic.AddUint64(&rule.counterMatch, 1) 10018 rule.logger.Error("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10019 return ruleVerdictAllow 10020 } 10021 atomic.AddUint64(&rule.counterMiss, 1) 10022 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10023 return ruleVerdictContinue 10024 } 10025 10026 func (rule *aclRuleAllowWithDebugLoggerCounterMatchAll) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10027 var matched bool 10028 for i, field := range rule.fields { 10029 v, found := data[field] 10030 if !found { 10031 return ruleVerdictContinue 10032 } 10033 if !rule.conditions[i].match(ctx, v) { 10034 atomic.AddUint64(&rule.counterMiss, 1) 10035 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10036 return ruleVerdictContinue 10037 } 10038 matched = true 10039 } 10040 if matched { 10041 atomic.AddUint64(&rule.counterMatch, 1) 10042 rule.logger.Debug("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10043 return ruleVerdictAllow 10044 } 10045 atomic.AddUint64(&rule.counterMiss, 1) 10046 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10047 return ruleVerdictContinue 10048 } 10049 10050 func (rule *aclRuleAllowWithInfoLoggerCounterMatchAll) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10051 var matched bool 10052 for i, field := range rule.fields { 10053 v, found := data[field] 10054 if !found { 10055 return ruleVerdictContinue 10056 } 10057 if !rule.conditions[i].match(ctx, v) { 10058 atomic.AddUint64(&rule.counterMiss, 1) 10059 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10060 return ruleVerdictContinue 10061 } 10062 matched = true 10063 } 10064 if matched { 10065 atomic.AddUint64(&rule.counterMatch, 1) 10066 rule.logger.Info("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10067 return ruleVerdictAllow 10068 } 10069 atomic.AddUint64(&rule.counterMiss, 1) 10070 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10071 return ruleVerdictContinue 10072 } 10073 10074 func (rule *aclRuleAllowWithWarnLoggerCounterMatchAll) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10075 var matched bool 10076 for i, field := range rule.fields { 10077 v, found := data[field] 10078 if !found { 10079 return ruleVerdictContinue 10080 } 10081 if !rule.conditions[i].match(ctx, v) { 10082 atomic.AddUint64(&rule.counterMiss, 1) 10083 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10084 return ruleVerdictContinue 10085 } 10086 matched = true 10087 } 10088 if matched { 10089 atomic.AddUint64(&rule.counterMatch, 1) 10090 rule.logger.Warn("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10091 return ruleVerdictAllow 10092 } 10093 atomic.AddUint64(&rule.counterMiss, 1) 10094 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10095 return ruleVerdictContinue 10096 } 10097 10098 func (rule *aclRuleAllowWithErrorLoggerCounterMatchAll) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10099 var matched bool 10100 for i, field := range rule.fields { 10101 v, found := data[field] 10102 if !found { 10103 return ruleVerdictContinue 10104 } 10105 if !rule.conditions[i].match(ctx, v) { 10106 atomic.AddUint64(&rule.counterMiss, 1) 10107 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10108 return ruleVerdictContinue 10109 } 10110 matched = true 10111 } 10112 if matched { 10113 atomic.AddUint64(&rule.counterMatch, 1) 10114 rule.logger.Error("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10115 return ruleVerdictAllow 10116 } 10117 atomic.AddUint64(&rule.counterMiss, 1) 10118 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10119 return ruleVerdictContinue 10120 } 10121 10122 func (rule *aclRuleAllowWithDebugLoggerCounter) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10123 v, found := data[rule.field] 10124 if !found { 10125 return ruleVerdictContinue 10126 } 10127 if !rule.condition.match(ctx, v) { 10128 atomic.AddUint64(&rule.counterMiss, 1) 10129 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10130 return ruleVerdictContinue 10131 } 10132 atomic.AddUint64(&rule.counterMatch, 1) 10133 rule.logger.Debug("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10134 return ruleVerdictAllow 10135 } 10136 10137 func (rule *aclRuleAllowWithInfoLoggerCounter) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10138 v, found := data[rule.field] 10139 if !found { 10140 return ruleVerdictContinue 10141 } 10142 if !rule.condition.match(ctx, v) { 10143 atomic.AddUint64(&rule.counterMiss, 1) 10144 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10145 return ruleVerdictContinue 10146 } 10147 atomic.AddUint64(&rule.counterMatch, 1) 10148 rule.logger.Info("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10149 return ruleVerdictAllow 10150 } 10151 10152 func (rule *aclRuleAllowWithWarnLoggerCounter) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10153 v, found := data[rule.field] 10154 if !found { 10155 return ruleVerdictContinue 10156 } 10157 if !rule.condition.match(ctx, v) { 10158 atomic.AddUint64(&rule.counterMiss, 1) 10159 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10160 return ruleVerdictContinue 10161 } 10162 atomic.AddUint64(&rule.counterMatch, 1) 10163 rule.logger.Warn("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10164 return ruleVerdictAllow 10165 } 10166 10167 func (rule *aclRuleAllowWithErrorLoggerCounter) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10168 v, found := data[rule.field] 10169 if !found { 10170 return ruleVerdictContinue 10171 } 10172 if !rule.condition.match(ctx, v) { 10173 atomic.AddUint64(&rule.counterMiss, 1) 10174 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10175 return ruleVerdictContinue 10176 } 10177 atomic.AddUint64(&rule.counterMatch, 1) 10178 rule.logger.Error("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10179 return ruleVerdictAllow 10180 } 10181 10182 func (rule *aclRuleDenyMatchAnyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10183 for i, field := range rule.fields { 10184 v, found := data[field] 10185 if !found { 10186 continue 10187 } 10188 if !rule.conditions[i].match(ctx, v) { 10189 continue 10190 } 10191 return ruleVerdictDenyStop 10192 } 10193 return ruleVerdictContinue 10194 } 10195 10196 func (rule *aclRuleDenyMatchAllStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10197 var matched bool 10198 for i, field := range rule.fields { 10199 v, found := data[field] 10200 if !found { 10201 return ruleVerdictContinue 10202 } 10203 if !rule.conditions[i].match(ctx, v) { 10204 return ruleVerdictContinue 10205 } 10206 matched = true 10207 } 10208 if matched { 10209 return ruleVerdictDenyStop 10210 } 10211 return ruleVerdictContinue 10212 } 10213 10214 func (rule *aclRuleDenyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10215 v, found := data[rule.field] 10216 if !found { 10217 return ruleVerdictContinue 10218 } 10219 if !rule.condition.match(ctx, v) { 10220 return ruleVerdictContinue 10221 } 10222 return ruleVerdictDenyStop 10223 } 10224 10225 func (rule *aclRuleDenyMatchAny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10226 for i, field := range rule.fields { 10227 v, found := data[field] 10228 if !found { 10229 continue 10230 } 10231 if !rule.conditions[i].match(ctx, v) { 10232 continue 10233 } 10234 return ruleVerdictDeny 10235 } 10236 return ruleVerdictContinue 10237 } 10238 10239 func (rule *aclRuleDenyMatchAll) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10240 var matched bool 10241 for i, field := range rule.fields { 10242 v, found := data[field] 10243 if !found { 10244 return ruleVerdictContinue 10245 } 10246 if !rule.conditions[i].match(ctx, v) { 10247 return ruleVerdictContinue 10248 } 10249 matched = true 10250 } 10251 if matched { 10252 return ruleVerdictDeny 10253 } 10254 return ruleVerdictContinue 10255 } 10256 10257 func (rule *aclRuleDeny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10258 v, found := data[rule.field] 10259 if !found { 10260 return ruleVerdictContinue 10261 } 10262 if !rule.condition.match(ctx, v) { 10263 return ruleVerdictContinue 10264 } 10265 return ruleVerdictDeny 10266 } 10267 10268 func (rule *aclRuleDenyWithDebugLoggerMatchAnyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10269 for i, field := range rule.fields { 10270 v, found := data[field] 10271 if !found { 10272 continue 10273 } 10274 if !rule.conditions[i].match(ctx, v) { 10275 continue 10276 } 10277 rule.logger.Debug("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10278 return ruleVerdictDenyStop 10279 } 10280 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10281 return ruleVerdictContinue 10282 } 10283 10284 func (rule *aclRuleDenyWithInfoLoggerMatchAnyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10285 for i, field := range rule.fields { 10286 v, found := data[field] 10287 if !found { 10288 continue 10289 } 10290 if !rule.conditions[i].match(ctx, v) { 10291 continue 10292 } 10293 rule.logger.Info("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10294 return ruleVerdictDenyStop 10295 } 10296 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10297 return ruleVerdictContinue 10298 } 10299 10300 func (rule *aclRuleDenyWithWarnLoggerMatchAnyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10301 for i, field := range rule.fields { 10302 v, found := data[field] 10303 if !found { 10304 continue 10305 } 10306 if !rule.conditions[i].match(ctx, v) { 10307 continue 10308 } 10309 rule.logger.Warn("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10310 return ruleVerdictDenyStop 10311 } 10312 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10313 return ruleVerdictContinue 10314 } 10315 10316 func (rule *aclRuleDenyWithErrorLoggerMatchAnyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10317 for i, field := range rule.fields { 10318 v, found := data[field] 10319 if !found { 10320 continue 10321 } 10322 if !rule.conditions[i].match(ctx, v) { 10323 continue 10324 } 10325 rule.logger.Error("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10326 return ruleVerdictDenyStop 10327 } 10328 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10329 return ruleVerdictContinue 10330 } 10331 10332 func (rule *aclRuleDenyWithDebugLoggerMatchAllStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10333 var matched bool 10334 for i, field := range rule.fields { 10335 v, found := data[field] 10336 if !found { 10337 return ruleVerdictContinue 10338 } 10339 if !rule.conditions[i].match(ctx, v) { 10340 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10341 return ruleVerdictContinue 10342 } 10343 matched = true 10344 } 10345 if matched { 10346 rule.logger.Debug("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10347 return ruleVerdictDenyStop 10348 } 10349 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10350 return ruleVerdictContinue 10351 } 10352 10353 func (rule *aclRuleDenyWithInfoLoggerMatchAllStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10354 var matched bool 10355 for i, field := range rule.fields { 10356 v, found := data[field] 10357 if !found { 10358 return ruleVerdictContinue 10359 } 10360 if !rule.conditions[i].match(ctx, v) { 10361 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10362 return ruleVerdictContinue 10363 } 10364 matched = true 10365 } 10366 if matched { 10367 rule.logger.Info("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10368 return ruleVerdictDenyStop 10369 } 10370 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10371 return ruleVerdictContinue 10372 } 10373 10374 func (rule *aclRuleDenyWithWarnLoggerMatchAllStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10375 var matched bool 10376 for i, field := range rule.fields { 10377 v, found := data[field] 10378 if !found { 10379 return ruleVerdictContinue 10380 } 10381 if !rule.conditions[i].match(ctx, v) { 10382 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10383 return ruleVerdictContinue 10384 } 10385 matched = true 10386 } 10387 if matched { 10388 rule.logger.Warn("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10389 return ruleVerdictDenyStop 10390 } 10391 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10392 return ruleVerdictContinue 10393 } 10394 10395 func (rule *aclRuleDenyWithErrorLoggerMatchAllStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10396 var matched bool 10397 for i, field := range rule.fields { 10398 v, found := data[field] 10399 if !found { 10400 return ruleVerdictContinue 10401 } 10402 if !rule.conditions[i].match(ctx, v) { 10403 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10404 return ruleVerdictContinue 10405 } 10406 matched = true 10407 } 10408 if matched { 10409 rule.logger.Error("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10410 return ruleVerdictDenyStop 10411 } 10412 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10413 return ruleVerdictContinue 10414 } 10415 10416 func (rule *aclRuleDenyWithDebugLoggerStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10417 v, found := data[rule.field] 10418 if !found { 10419 return ruleVerdictContinue 10420 } 10421 if !rule.condition.match(ctx, v) { 10422 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10423 return ruleVerdictContinue 10424 } 10425 rule.logger.Debug("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10426 return ruleVerdictDenyStop 10427 } 10428 10429 func (rule *aclRuleDenyWithInfoLoggerStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10430 v, found := data[rule.field] 10431 if !found { 10432 return ruleVerdictContinue 10433 } 10434 if !rule.condition.match(ctx, v) { 10435 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10436 return ruleVerdictContinue 10437 } 10438 rule.logger.Info("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10439 return ruleVerdictDenyStop 10440 } 10441 10442 func (rule *aclRuleDenyWithWarnLoggerStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10443 v, found := data[rule.field] 10444 if !found { 10445 return ruleVerdictContinue 10446 } 10447 if !rule.condition.match(ctx, v) { 10448 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10449 return ruleVerdictContinue 10450 } 10451 rule.logger.Warn("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10452 return ruleVerdictDenyStop 10453 } 10454 10455 func (rule *aclRuleDenyWithErrorLoggerStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10456 v, found := data[rule.field] 10457 if !found { 10458 return ruleVerdictContinue 10459 } 10460 if !rule.condition.match(ctx, v) { 10461 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10462 return ruleVerdictContinue 10463 } 10464 rule.logger.Error("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10465 return ruleVerdictDenyStop 10466 } 10467 10468 func (rule *aclRuleDenyWithDebugLoggerMatchAny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10469 for i, field := range rule.fields { 10470 v, found := data[field] 10471 if !found { 10472 continue 10473 } 10474 if !rule.conditions[i].match(ctx, v) { 10475 continue 10476 } 10477 rule.logger.Debug("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10478 return ruleVerdictDeny 10479 } 10480 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10481 return ruleVerdictContinue 10482 } 10483 10484 func (rule *aclRuleDenyWithInfoLoggerMatchAny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10485 for i, field := range rule.fields { 10486 v, found := data[field] 10487 if !found { 10488 continue 10489 } 10490 if !rule.conditions[i].match(ctx, v) { 10491 continue 10492 } 10493 rule.logger.Info("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10494 return ruleVerdictDeny 10495 } 10496 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10497 return ruleVerdictContinue 10498 } 10499 10500 func (rule *aclRuleDenyWithWarnLoggerMatchAny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10501 for i, field := range rule.fields { 10502 v, found := data[field] 10503 if !found { 10504 continue 10505 } 10506 if !rule.conditions[i].match(ctx, v) { 10507 continue 10508 } 10509 rule.logger.Warn("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10510 return ruleVerdictDeny 10511 } 10512 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10513 return ruleVerdictContinue 10514 } 10515 10516 func (rule *aclRuleDenyWithErrorLoggerMatchAny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10517 for i, field := range rule.fields { 10518 v, found := data[field] 10519 if !found { 10520 continue 10521 } 10522 if !rule.conditions[i].match(ctx, v) { 10523 continue 10524 } 10525 rule.logger.Error("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10526 return ruleVerdictDeny 10527 } 10528 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10529 return ruleVerdictContinue 10530 } 10531 10532 func (rule *aclRuleDenyWithDebugLoggerMatchAll) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10533 var matched bool 10534 for i, field := range rule.fields { 10535 v, found := data[field] 10536 if !found { 10537 return ruleVerdictContinue 10538 } 10539 if !rule.conditions[i].match(ctx, v) { 10540 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10541 return ruleVerdictContinue 10542 } 10543 matched = true 10544 } 10545 if matched { 10546 rule.logger.Debug("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10547 return ruleVerdictDeny 10548 } 10549 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10550 return ruleVerdictContinue 10551 } 10552 10553 func (rule *aclRuleDenyWithInfoLoggerMatchAll) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10554 var matched bool 10555 for i, field := range rule.fields { 10556 v, found := data[field] 10557 if !found { 10558 return ruleVerdictContinue 10559 } 10560 if !rule.conditions[i].match(ctx, v) { 10561 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10562 return ruleVerdictContinue 10563 } 10564 matched = true 10565 } 10566 if matched { 10567 rule.logger.Info("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10568 return ruleVerdictDeny 10569 } 10570 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10571 return ruleVerdictContinue 10572 } 10573 10574 func (rule *aclRuleDenyWithWarnLoggerMatchAll) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10575 var matched bool 10576 for i, field := range rule.fields { 10577 v, found := data[field] 10578 if !found { 10579 return ruleVerdictContinue 10580 } 10581 if !rule.conditions[i].match(ctx, v) { 10582 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10583 return ruleVerdictContinue 10584 } 10585 matched = true 10586 } 10587 if matched { 10588 rule.logger.Warn("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10589 return ruleVerdictDeny 10590 } 10591 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10592 return ruleVerdictContinue 10593 } 10594 10595 func (rule *aclRuleDenyWithErrorLoggerMatchAll) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10596 var matched bool 10597 for i, field := range rule.fields { 10598 v, found := data[field] 10599 if !found { 10600 return ruleVerdictContinue 10601 } 10602 if !rule.conditions[i].match(ctx, v) { 10603 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10604 return ruleVerdictContinue 10605 } 10606 matched = true 10607 } 10608 if matched { 10609 rule.logger.Error("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10610 return ruleVerdictDeny 10611 } 10612 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10613 return ruleVerdictContinue 10614 } 10615 10616 func (rule *aclRuleDenyWithDebugLogger) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10617 v, found := data[rule.field] 10618 if !found { 10619 return ruleVerdictContinue 10620 } 10621 if !rule.condition.match(ctx, v) { 10622 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10623 return ruleVerdictContinue 10624 } 10625 rule.logger.Debug("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10626 return ruleVerdictDeny 10627 } 10628 10629 func (rule *aclRuleDenyWithInfoLogger) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10630 v, found := data[rule.field] 10631 if !found { 10632 return ruleVerdictContinue 10633 } 10634 if !rule.condition.match(ctx, v) { 10635 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10636 return ruleVerdictContinue 10637 } 10638 rule.logger.Info("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10639 return ruleVerdictDeny 10640 } 10641 10642 func (rule *aclRuleDenyWithWarnLogger) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10643 v, found := data[rule.field] 10644 if !found { 10645 return ruleVerdictContinue 10646 } 10647 if !rule.condition.match(ctx, v) { 10648 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10649 return ruleVerdictContinue 10650 } 10651 rule.logger.Warn("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10652 return ruleVerdictDeny 10653 } 10654 10655 func (rule *aclRuleDenyWithErrorLogger) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10656 v, found := data[rule.field] 10657 if !found { 10658 return ruleVerdictContinue 10659 } 10660 if !rule.condition.match(ctx, v) { 10661 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10662 return ruleVerdictContinue 10663 } 10664 rule.logger.Error("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10665 return ruleVerdictDeny 10666 } 10667 10668 func (rule *aclRuleDenyWithCounterMatchAnyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10669 for i, field := range rule.fields { 10670 v, found := data[field] 10671 if !found { 10672 continue 10673 } 10674 if !rule.conditions[i].match(ctx, v) { 10675 continue 10676 } 10677 atomic.AddUint64(&rule.counterMatch, 1) 10678 return ruleVerdictDenyStop 10679 } 10680 atomic.AddUint64(&rule.counterMiss, 1) 10681 return ruleVerdictContinue 10682 } 10683 10684 func (rule *aclRuleDenyWithCounterMatchAllStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10685 var matched bool 10686 for i, field := range rule.fields { 10687 v, found := data[field] 10688 if !found { 10689 return ruleVerdictContinue 10690 } 10691 if !rule.conditions[i].match(ctx, v) { 10692 atomic.AddUint64(&rule.counterMiss, 1) 10693 return ruleVerdictContinue 10694 } 10695 matched = true 10696 } 10697 if matched { 10698 atomic.AddUint64(&rule.counterMatch, 1) 10699 return ruleVerdictDenyStop 10700 } 10701 atomic.AddUint64(&rule.counterMiss, 1) 10702 return ruleVerdictContinue 10703 } 10704 10705 func (rule *aclRuleDenyWithCounterStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10706 v, found := data[rule.field] 10707 if !found { 10708 return ruleVerdictContinue 10709 } 10710 if !rule.condition.match(ctx, v) { 10711 atomic.AddUint64(&rule.counterMiss, 1) 10712 return ruleVerdictContinue 10713 } 10714 atomic.AddUint64(&rule.counterMatch, 1) 10715 return ruleVerdictDenyStop 10716 } 10717 10718 func (rule *aclRuleDenyWithCounterMatchAny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10719 for i, field := range rule.fields { 10720 v, found := data[field] 10721 if !found { 10722 continue 10723 } 10724 if !rule.conditions[i].match(ctx, v) { 10725 continue 10726 } 10727 atomic.AddUint64(&rule.counterMatch, 1) 10728 return ruleVerdictDeny 10729 } 10730 atomic.AddUint64(&rule.counterMiss, 1) 10731 return ruleVerdictContinue 10732 } 10733 10734 func (rule *aclRuleDenyWithCounterMatchAll) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10735 var matched bool 10736 for i, field := range rule.fields { 10737 v, found := data[field] 10738 if !found { 10739 return ruleVerdictContinue 10740 } 10741 if !rule.conditions[i].match(ctx, v) { 10742 atomic.AddUint64(&rule.counterMiss, 1) 10743 return ruleVerdictContinue 10744 } 10745 matched = true 10746 } 10747 if matched { 10748 atomic.AddUint64(&rule.counterMatch, 1) 10749 return ruleVerdictDeny 10750 } 10751 atomic.AddUint64(&rule.counterMiss, 1) 10752 return ruleVerdictContinue 10753 } 10754 10755 func (rule *aclRuleDenyWithCounter) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10756 v, found := data[rule.field] 10757 if !found { 10758 return ruleVerdictContinue 10759 } 10760 if !rule.condition.match(ctx, v) { 10761 atomic.AddUint64(&rule.counterMiss, 1) 10762 return ruleVerdictContinue 10763 } 10764 atomic.AddUint64(&rule.counterMatch, 1) 10765 return ruleVerdictDeny 10766 } 10767 10768 func (rule *aclRuleDenyWithDebugLoggerCounterMatchAnyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10769 for i, field := range rule.fields { 10770 v, found := data[field] 10771 if !found { 10772 continue 10773 } 10774 if !rule.conditions[i].match(ctx, v) { 10775 continue 10776 } 10777 atomic.AddUint64(&rule.counterMatch, 1) 10778 rule.logger.Debug("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10779 return ruleVerdictDenyStop 10780 } 10781 atomic.AddUint64(&rule.counterMiss, 1) 10782 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10783 return ruleVerdictContinue 10784 } 10785 10786 func (rule *aclRuleDenyWithInfoLoggerCounterMatchAnyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10787 for i, field := range rule.fields { 10788 v, found := data[field] 10789 if !found { 10790 continue 10791 } 10792 if !rule.conditions[i].match(ctx, v) { 10793 continue 10794 } 10795 atomic.AddUint64(&rule.counterMatch, 1) 10796 rule.logger.Info("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10797 return ruleVerdictDenyStop 10798 } 10799 atomic.AddUint64(&rule.counterMiss, 1) 10800 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10801 return ruleVerdictContinue 10802 } 10803 10804 func (rule *aclRuleDenyWithWarnLoggerCounterMatchAnyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10805 for i, field := range rule.fields { 10806 v, found := data[field] 10807 if !found { 10808 continue 10809 } 10810 if !rule.conditions[i].match(ctx, v) { 10811 continue 10812 } 10813 atomic.AddUint64(&rule.counterMatch, 1) 10814 rule.logger.Warn("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10815 return ruleVerdictDenyStop 10816 } 10817 atomic.AddUint64(&rule.counterMiss, 1) 10818 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10819 return ruleVerdictContinue 10820 } 10821 10822 func (rule *aclRuleDenyWithErrorLoggerCounterMatchAnyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10823 for i, field := range rule.fields { 10824 v, found := data[field] 10825 if !found { 10826 continue 10827 } 10828 if !rule.conditions[i].match(ctx, v) { 10829 continue 10830 } 10831 atomic.AddUint64(&rule.counterMatch, 1) 10832 rule.logger.Error("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10833 return ruleVerdictDenyStop 10834 } 10835 atomic.AddUint64(&rule.counterMiss, 1) 10836 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10837 return ruleVerdictContinue 10838 } 10839 10840 func (rule *aclRuleDenyWithDebugLoggerCounterMatchAllStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10841 var matched bool 10842 for i, field := range rule.fields { 10843 v, found := data[field] 10844 if !found { 10845 return ruleVerdictContinue 10846 } 10847 if !rule.conditions[i].match(ctx, v) { 10848 atomic.AddUint64(&rule.counterMiss, 1) 10849 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10850 return ruleVerdictContinue 10851 } 10852 matched = true 10853 } 10854 if matched { 10855 atomic.AddUint64(&rule.counterMatch, 1) 10856 rule.logger.Debug("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10857 return ruleVerdictDenyStop 10858 } 10859 atomic.AddUint64(&rule.counterMiss, 1) 10860 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10861 return ruleVerdictContinue 10862 } 10863 10864 func (rule *aclRuleDenyWithInfoLoggerCounterMatchAllStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10865 var matched bool 10866 for i, field := range rule.fields { 10867 v, found := data[field] 10868 if !found { 10869 return ruleVerdictContinue 10870 } 10871 if !rule.conditions[i].match(ctx, v) { 10872 atomic.AddUint64(&rule.counterMiss, 1) 10873 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10874 return ruleVerdictContinue 10875 } 10876 matched = true 10877 } 10878 if matched { 10879 atomic.AddUint64(&rule.counterMatch, 1) 10880 rule.logger.Info("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10881 return ruleVerdictDenyStop 10882 } 10883 atomic.AddUint64(&rule.counterMiss, 1) 10884 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10885 return ruleVerdictContinue 10886 } 10887 10888 func (rule *aclRuleDenyWithWarnLoggerCounterMatchAllStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10889 var matched bool 10890 for i, field := range rule.fields { 10891 v, found := data[field] 10892 if !found { 10893 return ruleVerdictContinue 10894 } 10895 if !rule.conditions[i].match(ctx, v) { 10896 atomic.AddUint64(&rule.counterMiss, 1) 10897 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10898 return ruleVerdictContinue 10899 } 10900 matched = true 10901 } 10902 if matched { 10903 atomic.AddUint64(&rule.counterMatch, 1) 10904 rule.logger.Warn("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10905 return ruleVerdictDenyStop 10906 } 10907 atomic.AddUint64(&rule.counterMiss, 1) 10908 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10909 return ruleVerdictContinue 10910 } 10911 10912 func (rule *aclRuleDenyWithErrorLoggerCounterMatchAllStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10913 var matched bool 10914 for i, field := range rule.fields { 10915 v, found := data[field] 10916 if !found { 10917 return ruleVerdictContinue 10918 } 10919 if !rule.conditions[i].match(ctx, v) { 10920 atomic.AddUint64(&rule.counterMiss, 1) 10921 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10922 return ruleVerdictContinue 10923 } 10924 matched = true 10925 } 10926 if matched { 10927 atomic.AddUint64(&rule.counterMatch, 1) 10928 rule.logger.Error("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10929 return ruleVerdictDenyStop 10930 } 10931 atomic.AddUint64(&rule.counterMiss, 1) 10932 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10933 return ruleVerdictContinue 10934 } 10935 10936 func (rule *aclRuleDenyWithDebugLoggerCounterStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10937 v, found := data[rule.field] 10938 if !found { 10939 return ruleVerdictContinue 10940 } 10941 if !rule.condition.match(ctx, v) { 10942 atomic.AddUint64(&rule.counterMiss, 1) 10943 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10944 return ruleVerdictContinue 10945 } 10946 atomic.AddUint64(&rule.counterMatch, 1) 10947 rule.logger.Debug("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10948 return ruleVerdictDenyStop 10949 } 10950 10951 func (rule *aclRuleDenyWithInfoLoggerCounterStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10952 v, found := data[rule.field] 10953 if !found { 10954 return ruleVerdictContinue 10955 } 10956 if !rule.condition.match(ctx, v) { 10957 atomic.AddUint64(&rule.counterMiss, 1) 10958 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10959 return ruleVerdictContinue 10960 } 10961 atomic.AddUint64(&rule.counterMatch, 1) 10962 rule.logger.Info("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10963 return ruleVerdictDenyStop 10964 } 10965 10966 func (rule *aclRuleDenyWithWarnLoggerCounterStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10967 v, found := data[rule.field] 10968 if !found { 10969 return ruleVerdictContinue 10970 } 10971 if !rule.condition.match(ctx, v) { 10972 atomic.AddUint64(&rule.counterMiss, 1) 10973 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10974 return ruleVerdictContinue 10975 } 10976 atomic.AddUint64(&rule.counterMatch, 1) 10977 rule.logger.Warn("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10978 return ruleVerdictDenyStop 10979 } 10980 10981 func (rule *aclRuleDenyWithErrorLoggerCounterStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10982 v, found := data[rule.field] 10983 if !found { 10984 return ruleVerdictContinue 10985 } 10986 if !rule.condition.match(ctx, v) { 10987 atomic.AddUint64(&rule.counterMiss, 1) 10988 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10989 return ruleVerdictContinue 10990 } 10991 atomic.AddUint64(&rule.counterMatch, 1) 10992 rule.logger.Error("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 10993 return ruleVerdictDenyStop 10994 } 10995 10996 func (rule *aclRuleDenyWithDebugLoggerCounterMatchAny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 10997 for i, field := range rule.fields { 10998 v, found := data[field] 10999 if !found { 11000 continue 11001 } 11002 if !rule.conditions[i].match(ctx, v) { 11003 continue 11004 } 11005 atomic.AddUint64(&rule.counterMatch, 1) 11006 rule.logger.Debug("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11007 return ruleVerdictDeny 11008 } 11009 atomic.AddUint64(&rule.counterMiss, 1) 11010 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11011 return ruleVerdictContinue 11012 } 11013 11014 func (rule *aclRuleDenyWithInfoLoggerCounterMatchAny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11015 for i, field := range rule.fields { 11016 v, found := data[field] 11017 if !found { 11018 continue 11019 } 11020 if !rule.conditions[i].match(ctx, v) { 11021 continue 11022 } 11023 atomic.AddUint64(&rule.counterMatch, 1) 11024 rule.logger.Info("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11025 return ruleVerdictDeny 11026 } 11027 atomic.AddUint64(&rule.counterMiss, 1) 11028 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11029 return ruleVerdictContinue 11030 } 11031 11032 func (rule *aclRuleDenyWithWarnLoggerCounterMatchAny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11033 for i, field := range rule.fields { 11034 v, found := data[field] 11035 if !found { 11036 continue 11037 } 11038 if !rule.conditions[i].match(ctx, v) { 11039 continue 11040 } 11041 atomic.AddUint64(&rule.counterMatch, 1) 11042 rule.logger.Warn("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11043 return ruleVerdictDeny 11044 } 11045 atomic.AddUint64(&rule.counterMiss, 1) 11046 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11047 return ruleVerdictContinue 11048 } 11049 11050 func (rule *aclRuleDenyWithErrorLoggerCounterMatchAny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11051 for i, field := range rule.fields { 11052 v, found := data[field] 11053 if !found { 11054 continue 11055 } 11056 if !rule.conditions[i].match(ctx, v) { 11057 continue 11058 } 11059 atomic.AddUint64(&rule.counterMatch, 1) 11060 rule.logger.Error("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11061 return ruleVerdictDeny 11062 } 11063 atomic.AddUint64(&rule.counterMiss, 1) 11064 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11065 return ruleVerdictContinue 11066 } 11067 11068 func (rule *aclRuleDenyWithDebugLoggerCounterMatchAll) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11069 var matched bool 11070 for i, field := range rule.fields { 11071 v, found := data[field] 11072 if !found { 11073 return ruleVerdictContinue 11074 } 11075 if !rule.conditions[i].match(ctx, v) { 11076 atomic.AddUint64(&rule.counterMiss, 1) 11077 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11078 return ruleVerdictContinue 11079 } 11080 matched = true 11081 } 11082 if matched { 11083 atomic.AddUint64(&rule.counterMatch, 1) 11084 rule.logger.Debug("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11085 return ruleVerdictDeny 11086 } 11087 atomic.AddUint64(&rule.counterMiss, 1) 11088 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11089 return ruleVerdictContinue 11090 } 11091 11092 func (rule *aclRuleDenyWithInfoLoggerCounterMatchAll) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11093 var matched bool 11094 for i, field := range rule.fields { 11095 v, found := data[field] 11096 if !found { 11097 return ruleVerdictContinue 11098 } 11099 if !rule.conditions[i].match(ctx, v) { 11100 atomic.AddUint64(&rule.counterMiss, 1) 11101 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11102 return ruleVerdictContinue 11103 } 11104 matched = true 11105 } 11106 if matched { 11107 atomic.AddUint64(&rule.counterMatch, 1) 11108 rule.logger.Info("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11109 return ruleVerdictDeny 11110 } 11111 atomic.AddUint64(&rule.counterMiss, 1) 11112 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11113 return ruleVerdictContinue 11114 } 11115 11116 func (rule *aclRuleDenyWithWarnLoggerCounterMatchAll) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11117 var matched bool 11118 for i, field := range rule.fields { 11119 v, found := data[field] 11120 if !found { 11121 return ruleVerdictContinue 11122 } 11123 if !rule.conditions[i].match(ctx, v) { 11124 atomic.AddUint64(&rule.counterMiss, 1) 11125 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11126 return ruleVerdictContinue 11127 } 11128 matched = true 11129 } 11130 if matched { 11131 atomic.AddUint64(&rule.counterMatch, 1) 11132 rule.logger.Warn("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11133 return ruleVerdictDeny 11134 } 11135 atomic.AddUint64(&rule.counterMiss, 1) 11136 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11137 return ruleVerdictContinue 11138 } 11139 11140 func (rule *aclRuleDenyWithErrorLoggerCounterMatchAll) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11141 var matched bool 11142 for i, field := range rule.fields { 11143 v, found := data[field] 11144 if !found { 11145 return ruleVerdictContinue 11146 } 11147 if !rule.conditions[i].match(ctx, v) { 11148 atomic.AddUint64(&rule.counterMiss, 1) 11149 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11150 return ruleVerdictContinue 11151 } 11152 matched = true 11153 } 11154 if matched { 11155 atomic.AddUint64(&rule.counterMatch, 1) 11156 rule.logger.Error("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11157 return ruleVerdictDeny 11158 } 11159 atomic.AddUint64(&rule.counterMiss, 1) 11160 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11161 return ruleVerdictContinue 11162 } 11163 11164 func (rule *aclRuleDenyWithDebugLoggerCounter) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11165 v, found := data[rule.field] 11166 if !found { 11167 return ruleVerdictContinue 11168 } 11169 if !rule.condition.match(ctx, v) { 11170 atomic.AddUint64(&rule.counterMiss, 1) 11171 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11172 return ruleVerdictContinue 11173 } 11174 atomic.AddUint64(&rule.counterMatch, 1) 11175 rule.logger.Debug("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11176 return ruleVerdictDeny 11177 } 11178 11179 func (rule *aclRuleDenyWithInfoLoggerCounter) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11180 v, found := data[rule.field] 11181 if !found { 11182 return ruleVerdictContinue 11183 } 11184 if !rule.condition.match(ctx, v) { 11185 atomic.AddUint64(&rule.counterMiss, 1) 11186 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11187 return ruleVerdictContinue 11188 } 11189 atomic.AddUint64(&rule.counterMatch, 1) 11190 rule.logger.Info("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11191 return ruleVerdictDeny 11192 } 11193 11194 func (rule *aclRuleDenyWithWarnLoggerCounter) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11195 v, found := data[rule.field] 11196 if !found { 11197 return ruleVerdictContinue 11198 } 11199 if !rule.condition.match(ctx, v) { 11200 atomic.AddUint64(&rule.counterMiss, 1) 11201 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11202 return ruleVerdictContinue 11203 } 11204 atomic.AddUint64(&rule.counterMatch, 1) 11205 rule.logger.Warn("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11206 return ruleVerdictDeny 11207 } 11208 11209 func (rule *aclRuleDenyWithErrorLoggerCounter) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11210 v, found := data[rule.field] 11211 if !found { 11212 return ruleVerdictContinue 11213 } 11214 if !rule.condition.match(ctx, v) { 11215 atomic.AddUint64(&rule.counterMiss, 1) 11216 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11217 return ruleVerdictContinue 11218 } 11219 atomic.AddUint64(&rule.counterMatch, 1) 11220 rule.logger.Error("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11221 return ruleVerdictDeny 11222 } 11223 11224 func (rule *aclRuleFieldCheckAllowMatchAnyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11225 11226 for fieldName, shouldExist := range rule.checkFields { 11227 _, dataFound := data[fieldName] 11228 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 11229 return ruleVerdictContinue 11230 } 11231 } 11232 for i, field := range rule.fields { 11233 v, found := data[field] 11234 if !found { 11235 continue 11236 } 11237 if !rule.conditions[i].match(ctx, v) { 11238 continue 11239 } 11240 return ruleVerdictAllowStop 11241 } 11242 return ruleVerdictContinue 11243 } 11244 11245 func (rule *aclRuleFieldCheckAllowMatchAllStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11246 11247 for fieldName, shouldExist := range rule.checkFields { 11248 _, dataFound := data[fieldName] 11249 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 11250 return ruleVerdictContinue 11251 } 11252 } 11253 var matched bool 11254 for i, field := range rule.fields { 11255 v, found := data[field] 11256 if !found { 11257 return ruleVerdictContinue 11258 } 11259 if !rule.conditions[i].match(ctx, v) { 11260 return ruleVerdictContinue 11261 } 11262 matched = true 11263 } 11264 if matched { 11265 return ruleVerdictAllowStop 11266 } 11267 return ruleVerdictContinue 11268 } 11269 11270 func (rule *aclRuleFieldCheckAllowStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11271 11272 for fieldName, shouldExist := range rule.checkFields { 11273 _, dataFound := data[fieldName] 11274 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 11275 return ruleVerdictContinue 11276 } 11277 } 11278 return ruleVerdictAllowStop 11279 } 11280 11281 func (rule *aclRuleFieldCheckAllowMatchAny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11282 11283 for fieldName, shouldExist := range rule.checkFields { 11284 _, dataFound := data[fieldName] 11285 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 11286 return ruleVerdictContinue 11287 } 11288 } 11289 for i, field := range rule.fields { 11290 v, found := data[field] 11291 if !found { 11292 continue 11293 } 11294 if !rule.conditions[i].match(ctx, v) { 11295 continue 11296 } 11297 return ruleVerdictAllow 11298 } 11299 return ruleVerdictContinue 11300 } 11301 11302 func (rule *aclRuleFieldCheckAllowMatchAll) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11303 11304 for fieldName, shouldExist := range rule.checkFields { 11305 _, dataFound := data[fieldName] 11306 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 11307 return ruleVerdictContinue 11308 } 11309 } 11310 var matched bool 11311 for i, field := range rule.fields { 11312 v, found := data[field] 11313 if !found { 11314 return ruleVerdictContinue 11315 } 11316 if !rule.conditions[i].match(ctx, v) { 11317 return ruleVerdictContinue 11318 } 11319 matched = true 11320 } 11321 if matched { 11322 return ruleVerdictAllow 11323 } 11324 return ruleVerdictContinue 11325 } 11326 11327 func (rule *aclRuleFieldCheckAllow) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11328 11329 for fieldName, shouldExist := range rule.checkFields { 11330 _, dataFound := data[fieldName] 11331 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 11332 return ruleVerdictContinue 11333 } 11334 } 11335 return ruleVerdictAllow 11336 } 11337 11338 func (rule *aclRuleFieldCheckAllowWithDebugLoggerMatchAnyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11339 11340 for fieldName, shouldExist := range rule.checkFields { 11341 _, dataFound := data[fieldName] 11342 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 11343 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11344 return ruleVerdictContinue 11345 } 11346 } 11347 for i, field := range rule.fields { 11348 v, found := data[field] 11349 if !found { 11350 continue 11351 } 11352 if !rule.conditions[i].match(ctx, v) { 11353 continue 11354 } 11355 rule.logger.Debug("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11356 return ruleVerdictAllowStop 11357 } 11358 rule.logger.Debug("acl rule hit", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11359 return ruleVerdictContinue 11360 } 11361 11362 func (rule *aclRuleFieldCheckAllowWithInfoLoggerMatchAnyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11363 11364 for fieldName, shouldExist := range rule.checkFields { 11365 _, dataFound := data[fieldName] 11366 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 11367 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11368 return ruleVerdictContinue 11369 } 11370 } 11371 for i, field := range rule.fields { 11372 v, found := data[field] 11373 if !found { 11374 continue 11375 } 11376 if !rule.conditions[i].match(ctx, v) { 11377 continue 11378 } 11379 rule.logger.Info("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11380 return ruleVerdictAllowStop 11381 } 11382 rule.logger.Info("acl rule hit", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11383 return ruleVerdictContinue 11384 } 11385 11386 func (rule *aclRuleFieldCheckAllowWithWarnLoggerMatchAnyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11387 11388 for fieldName, shouldExist := range rule.checkFields { 11389 _, dataFound := data[fieldName] 11390 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 11391 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11392 return ruleVerdictContinue 11393 } 11394 } 11395 for i, field := range rule.fields { 11396 v, found := data[field] 11397 if !found { 11398 continue 11399 } 11400 if !rule.conditions[i].match(ctx, v) { 11401 continue 11402 } 11403 rule.logger.Warn("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11404 return ruleVerdictAllowStop 11405 } 11406 rule.logger.Warn("acl rule hit", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11407 return ruleVerdictContinue 11408 } 11409 11410 func (rule *aclRuleFieldCheckAllowWithErrorLoggerMatchAnyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11411 11412 for fieldName, shouldExist := range rule.checkFields { 11413 _, dataFound := data[fieldName] 11414 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 11415 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11416 return ruleVerdictContinue 11417 } 11418 } 11419 for i, field := range rule.fields { 11420 v, found := data[field] 11421 if !found { 11422 continue 11423 } 11424 if !rule.conditions[i].match(ctx, v) { 11425 continue 11426 } 11427 rule.logger.Error("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11428 return ruleVerdictAllowStop 11429 } 11430 rule.logger.Error("acl rule hit", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11431 return ruleVerdictContinue 11432 } 11433 11434 func (rule *aclRuleFieldCheckAllowWithDebugLoggerMatchAllStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11435 11436 for fieldName, shouldExist := range rule.checkFields { 11437 _, dataFound := data[fieldName] 11438 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 11439 rule.logger.Debug("acl rule hit", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11440 return ruleVerdictContinue 11441 } 11442 } 11443 var matched bool 11444 for i, field := range rule.fields { 11445 v, found := data[field] 11446 if !found { 11447 return ruleVerdictContinue 11448 } 11449 if !rule.conditions[i].match(ctx, v) { 11450 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11451 return ruleVerdictContinue 11452 } 11453 matched = true 11454 } 11455 if matched { 11456 rule.logger.Debug("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11457 return ruleVerdictAllowStop 11458 } 11459 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11460 return ruleVerdictContinue 11461 } 11462 11463 func (rule *aclRuleFieldCheckAllowWithInfoLoggerMatchAllStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11464 11465 for fieldName, shouldExist := range rule.checkFields { 11466 _, dataFound := data[fieldName] 11467 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 11468 rule.logger.Info("acl rule hit", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11469 return ruleVerdictContinue 11470 } 11471 } 11472 var matched bool 11473 for i, field := range rule.fields { 11474 v, found := data[field] 11475 if !found { 11476 return ruleVerdictContinue 11477 } 11478 if !rule.conditions[i].match(ctx, v) { 11479 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11480 return ruleVerdictContinue 11481 } 11482 matched = true 11483 } 11484 if matched { 11485 rule.logger.Info("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11486 return ruleVerdictAllowStop 11487 } 11488 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11489 return ruleVerdictContinue 11490 } 11491 11492 func (rule *aclRuleFieldCheckAllowWithWarnLoggerMatchAllStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11493 11494 for fieldName, shouldExist := range rule.checkFields { 11495 _, dataFound := data[fieldName] 11496 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 11497 rule.logger.Warn("acl rule hit", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11498 return ruleVerdictContinue 11499 } 11500 } 11501 var matched bool 11502 for i, field := range rule.fields { 11503 v, found := data[field] 11504 if !found { 11505 return ruleVerdictContinue 11506 } 11507 if !rule.conditions[i].match(ctx, v) { 11508 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11509 return ruleVerdictContinue 11510 } 11511 matched = true 11512 } 11513 if matched { 11514 rule.logger.Warn("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11515 return ruleVerdictAllowStop 11516 } 11517 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11518 return ruleVerdictContinue 11519 } 11520 11521 func (rule *aclRuleFieldCheckAllowWithErrorLoggerMatchAllStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11522 11523 for fieldName, shouldExist := range rule.checkFields { 11524 _, dataFound := data[fieldName] 11525 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 11526 rule.logger.Error("acl rule hit", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11527 return ruleVerdictContinue 11528 } 11529 } 11530 var matched bool 11531 for i, field := range rule.fields { 11532 v, found := data[field] 11533 if !found { 11534 return ruleVerdictContinue 11535 } 11536 if !rule.conditions[i].match(ctx, v) { 11537 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11538 return ruleVerdictContinue 11539 } 11540 matched = true 11541 } 11542 if matched { 11543 rule.logger.Error("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11544 return ruleVerdictAllowStop 11545 } 11546 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11547 return ruleVerdictContinue 11548 } 11549 11550 func (rule *aclRuleFieldCheckAllowWithDebugLoggerStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11551 11552 for fieldName, shouldExist := range rule.checkFields { 11553 _, dataFound := data[fieldName] 11554 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 11555 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11556 return ruleVerdictContinue 11557 } 11558 } 11559 rule.logger.Debug("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11560 return ruleVerdictAllowStop 11561 } 11562 11563 func (rule *aclRuleFieldCheckAllowWithInfoLoggerStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11564 11565 for fieldName, shouldExist := range rule.checkFields { 11566 _, dataFound := data[fieldName] 11567 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 11568 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11569 return ruleVerdictContinue 11570 } 11571 } 11572 rule.logger.Info("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11573 return ruleVerdictAllowStop 11574 } 11575 11576 func (rule *aclRuleFieldCheckAllowWithWarnLoggerStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11577 11578 for fieldName, shouldExist := range rule.checkFields { 11579 _, dataFound := data[fieldName] 11580 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 11581 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11582 return ruleVerdictContinue 11583 } 11584 } 11585 rule.logger.Warn("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11586 return ruleVerdictAllowStop 11587 } 11588 11589 func (rule *aclRuleFieldCheckAllowWithErrorLoggerStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11590 11591 for fieldName, shouldExist := range rule.checkFields { 11592 _, dataFound := data[fieldName] 11593 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 11594 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11595 return ruleVerdictContinue 11596 } 11597 } 11598 rule.logger.Error("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11599 return ruleVerdictAllowStop 11600 } 11601 11602 func (rule *aclRuleFieldCheckAllowWithDebugLoggerMatchAny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11603 11604 for fieldName, shouldExist := range rule.checkFields { 11605 _, dataFound := data[fieldName] 11606 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 11607 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11608 return ruleVerdictContinue 11609 } 11610 } 11611 for i, field := range rule.fields { 11612 v, found := data[field] 11613 if !found { 11614 continue 11615 } 11616 if !rule.conditions[i].match(ctx, v) { 11617 continue 11618 } 11619 rule.logger.Debug("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11620 return ruleVerdictAllow 11621 } 11622 rule.logger.Debug("acl rule hit", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11623 return ruleVerdictContinue 11624 } 11625 11626 func (rule *aclRuleFieldCheckAllowWithInfoLoggerMatchAny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11627 11628 for fieldName, shouldExist := range rule.checkFields { 11629 _, dataFound := data[fieldName] 11630 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 11631 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11632 return ruleVerdictContinue 11633 } 11634 } 11635 for i, field := range rule.fields { 11636 v, found := data[field] 11637 if !found { 11638 continue 11639 } 11640 if !rule.conditions[i].match(ctx, v) { 11641 continue 11642 } 11643 rule.logger.Info("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11644 return ruleVerdictAllow 11645 } 11646 rule.logger.Info("acl rule hit", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11647 return ruleVerdictContinue 11648 } 11649 11650 func (rule *aclRuleFieldCheckAllowWithWarnLoggerMatchAny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11651 11652 for fieldName, shouldExist := range rule.checkFields { 11653 _, dataFound := data[fieldName] 11654 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 11655 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11656 return ruleVerdictContinue 11657 } 11658 } 11659 for i, field := range rule.fields { 11660 v, found := data[field] 11661 if !found { 11662 continue 11663 } 11664 if !rule.conditions[i].match(ctx, v) { 11665 continue 11666 } 11667 rule.logger.Warn("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11668 return ruleVerdictAllow 11669 } 11670 rule.logger.Warn("acl rule hit", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11671 return ruleVerdictContinue 11672 } 11673 11674 func (rule *aclRuleFieldCheckAllowWithErrorLoggerMatchAny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11675 11676 for fieldName, shouldExist := range rule.checkFields { 11677 _, dataFound := data[fieldName] 11678 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 11679 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11680 return ruleVerdictContinue 11681 } 11682 } 11683 for i, field := range rule.fields { 11684 v, found := data[field] 11685 if !found { 11686 continue 11687 } 11688 if !rule.conditions[i].match(ctx, v) { 11689 continue 11690 } 11691 rule.logger.Error("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11692 return ruleVerdictAllow 11693 } 11694 rule.logger.Error("acl rule hit", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11695 return ruleVerdictContinue 11696 } 11697 11698 func (rule *aclRuleFieldCheckAllowWithDebugLoggerMatchAll) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11699 11700 for fieldName, shouldExist := range rule.checkFields { 11701 _, dataFound := data[fieldName] 11702 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 11703 rule.logger.Debug("acl rule hit", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11704 return ruleVerdictContinue 11705 } 11706 } 11707 var matched bool 11708 for i, field := range rule.fields { 11709 v, found := data[field] 11710 if !found { 11711 return ruleVerdictContinue 11712 } 11713 if !rule.conditions[i].match(ctx, v) { 11714 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11715 return ruleVerdictContinue 11716 } 11717 matched = true 11718 } 11719 if matched { 11720 rule.logger.Debug("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11721 return ruleVerdictAllow 11722 } 11723 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11724 return ruleVerdictContinue 11725 } 11726 11727 func (rule *aclRuleFieldCheckAllowWithInfoLoggerMatchAll) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11728 11729 for fieldName, shouldExist := range rule.checkFields { 11730 _, dataFound := data[fieldName] 11731 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 11732 rule.logger.Info("acl rule hit", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11733 return ruleVerdictContinue 11734 } 11735 } 11736 var matched bool 11737 for i, field := range rule.fields { 11738 v, found := data[field] 11739 if !found { 11740 return ruleVerdictContinue 11741 } 11742 if !rule.conditions[i].match(ctx, v) { 11743 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11744 return ruleVerdictContinue 11745 } 11746 matched = true 11747 } 11748 if matched { 11749 rule.logger.Info("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11750 return ruleVerdictAllow 11751 } 11752 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11753 return ruleVerdictContinue 11754 } 11755 11756 func (rule *aclRuleFieldCheckAllowWithWarnLoggerMatchAll) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11757 11758 for fieldName, shouldExist := range rule.checkFields { 11759 _, dataFound := data[fieldName] 11760 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 11761 rule.logger.Warn("acl rule hit", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11762 return ruleVerdictContinue 11763 } 11764 } 11765 var matched bool 11766 for i, field := range rule.fields { 11767 v, found := data[field] 11768 if !found { 11769 return ruleVerdictContinue 11770 } 11771 if !rule.conditions[i].match(ctx, v) { 11772 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11773 return ruleVerdictContinue 11774 } 11775 matched = true 11776 } 11777 if matched { 11778 rule.logger.Warn("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11779 return ruleVerdictAllow 11780 } 11781 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11782 return ruleVerdictContinue 11783 } 11784 11785 func (rule *aclRuleFieldCheckAllowWithErrorLoggerMatchAll) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11786 11787 for fieldName, shouldExist := range rule.checkFields { 11788 _, dataFound := data[fieldName] 11789 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 11790 rule.logger.Error("acl rule hit", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11791 return ruleVerdictContinue 11792 } 11793 } 11794 var matched bool 11795 for i, field := range rule.fields { 11796 v, found := data[field] 11797 if !found { 11798 return ruleVerdictContinue 11799 } 11800 if !rule.conditions[i].match(ctx, v) { 11801 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11802 return ruleVerdictContinue 11803 } 11804 matched = true 11805 } 11806 if matched { 11807 rule.logger.Error("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11808 return ruleVerdictAllow 11809 } 11810 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11811 return ruleVerdictContinue 11812 } 11813 11814 func (rule *aclRuleFieldCheckAllowWithDebugLogger) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11815 11816 for fieldName, shouldExist := range rule.checkFields { 11817 _, dataFound := data[fieldName] 11818 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 11819 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11820 return ruleVerdictContinue 11821 } 11822 } 11823 rule.logger.Debug("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11824 return ruleVerdictAllow 11825 } 11826 11827 func (rule *aclRuleFieldCheckAllowWithInfoLogger) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11828 11829 for fieldName, shouldExist := range rule.checkFields { 11830 _, dataFound := data[fieldName] 11831 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 11832 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11833 return ruleVerdictContinue 11834 } 11835 } 11836 rule.logger.Info("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11837 return ruleVerdictAllow 11838 } 11839 11840 func (rule *aclRuleFieldCheckAllowWithWarnLogger) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11841 11842 for fieldName, shouldExist := range rule.checkFields { 11843 _, dataFound := data[fieldName] 11844 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 11845 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11846 return ruleVerdictContinue 11847 } 11848 } 11849 rule.logger.Warn("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11850 return ruleVerdictAllow 11851 } 11852 11853 func (rule *aclRuleFieldCheckAllowWithErrorLogger) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11854 11855 for fieldName, shouldExist := range rule.checkFields { 11856 _, dataFound := data[fieldName] 11857 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 11858 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11859 return ruleVerdictContinue 11860 } 11861 } 11862 rule.logger.Error("acl rule hit", zap.String("action", "allow"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 11863 return ruleVerdictAllow 11864 } 11865 11866 func (rule *aclRuleFieldCheckAllowWithCounterMatchAnyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11867 11868 for fieldName, shouldExist := range rule.checkFields { 11869 _, dataFound := data[fieldName] 11870 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 11871 atomic.AddUint64(&rule.counterMiss, 1) 11872 return ruleVerdictContinue 11873 } 11874 } 11875 for i, field := range rule.fields { 11876 v, found := data[field] 11877 if !found { 11878 continue 11879 } 11880 if !rule.conditions[i].match(ctx, v) { 11881 continue 11882 } 11883 atomic.AddUint64(&rule.counterMatch, 1) 11884 return ruleVerdictAllowStop 11885 } 11886 atomic.AddUint64(&rule.counterMiss, 1) 11887 return ruleVerdictContinue 11888 } 11889 11890 func (rule *aclRuleFieldCheckAllowWithCounterMatchAllStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11891 11892 for fieldName, shouldExist := range rule.checkFields { 11893 _, dataFound := data[fieldName] 11894 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 11895 atomic.AddUint64(&rule.counterMiss, 1) 11896 return ruleVerdictContinue 11897 } 11898 } 11899 var matched bool 11900 for i, field := range rule.fields { 11901 v, found := data[field] 11902 if !found { 11903 return ruleVerdictContinue 11904 } 11905 if !rule.conditions[i].match(ctx, v) { 11906 atomic.AddUint64(&rule.counterMiss, 1) 11907 return ruleVerdictContinue 11908 } 11909 matched = true 11910 } 11911 if matched { 11912 atomic.AddUint64(&rule.counterMatch, 1) 11913 return ruleVerdictAllowStop 11914 } 11915 atomic.AddUint64(&rule.counterMiss, 1) 11916 return ruleVerdictContinue 11917 } 11918 11919 func (rule *aclRuleFieldCheckAllowWithCounterStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11920 11921 for fieldName, shouldExist := range rule.checkFields { 11922 _, dataFound := data[fieldName] 11923 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 11924 atomic.AddUint64(&rule.counterMiss, 1) 11925 return ruleVerdictContinue 11926 } 11927 } 11928 atomic.AddUint64(&rule.counterMatch, 1) 11929 return ruleVerdictAllowStop 11930 } 11931 11932 func (rule *aclRuleFieldCheckAllowWithCounterMatchAny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11933 11934 for fieldName, shouldExist := range rule.checkFields { 11935 _, dataFound := data[fieldName] 11936 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 11937 atomic.AddUint64(&rule.counterMiss, 1) 11938 return ruleVerdictContinue 11939 } 11940 } 11941 for i, field := range rule.fields { 11942 v, found := data[field] 11943 if !found { 11944 continue 11945 } 11946 if !rule.conditions[i].match(ctx, v) { 11947 continue 11948 } 11949 atomic.AddUint64(&rule.counterMatch, 1) 11950 return ruleVerdictAllow 11951 } 11952 atomic.AddUint64(&rule.counterMiss, 1) 11953 return ruleVerdictContinue 11954 } 11955 11956 func (rule *aclRuleFieldCheckAllowWithCounterMatchAll) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11957 11958 for fieldName, shouldExist := range rule.checkFields { 11959 _, dataFound := data[fieldName] 11960 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 11961 atomic.AddUint64(&rule.counterMiss, 1) 11962 return ruleVerdictContinue 11963 } 11964 } 11965 var matched bool 11966 for i, field := range rule.fields { 11967 v, found := data[field] 11968 if !found { 11969 return ruleVerdictContinue 11970 } 11971 if !rule.conditions[i].match(ctx, v) { 11972 atomic.AddUint64(&rule.counterMiss, 1) 11973 return ruleVerdictContinue 11974 } 11975 matched = true 11976 } 11977 if matched { 11978 atomic.AddUint64(&rule.counterMatch, 1) 11979 return ruleVerdictAllow 11980 } 11981 atomic.AddUint64(&rule.counterMiss, 1) 11982 return ruleVerdictContinue 11983 } 11984 11985 func (rule *aclRuleFieldCheckAllowWithCounter) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11986 11987 for fieldName, shouldExist := range rule.checkFields { 11988 _, dataFound := data[fieldName] 11989 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 11990 atomic.AddUint64(&rule.counterMiss, 1) 11991 return ruleVerdictContinue 11992 } 11993 } 11994 atomic.AddUint64(&rule.counterMatch, 1) 11995 return ruleVerdictAllow 11996 } 11997 11998 func (rule *aclRuleFieldCheckAllowWithDebugLoggerCounterMatchAnyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 11999 12000 for fieldName, shouldExist := range rule.checkFields { 12001 _, dataFound := data[fieldName] 12002 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12003 atomic.AddUint64(&rule.counterMiss, 1) 12004 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12005 return ruleVerdictContinue 12006 } 12007 } 12008 for i, field := range rule.fields { 12009 v, found := data[field] 12010 if !found { 12011 continue 12012 } 12013 if !rule.conditions[i].match(ctx, v) { 12014 continue 12015 } 12016 atomic.AddUint64(&rule.counterMatch, 1) 12017 rule.logger.Debug("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12018 return ruleVerdictAllowStop 12019 } 12020 atomic.AddUint64(&rule.counterMiss, 1) 12021 rule.logger.Debug("acl rule hit", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12022 return ruleVerdictContinue 12023 } 12024 12025 func (rule *aclRuleFieldCheckAllowWithInfoLoggerCounterMatchAnyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12026 12027 for fieldName, shouldExist := range rule.checkFields { 12028 _, dataFound := data[fieldName] 12029 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12030 atomic.AddUint64(&rule.counterMiss, 1) 12031 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12032 return ruleVerdictContinue 12033 } 12034 } 12035 for i, field := range rule.fields { 12036 v, found := data[field] 12037 if !found { 12038 continue 12039 } 12040 if !rule.conditions[i].match(ctx, v) { 12041 continue 12042 } 12043 atomic.AddUint64(&rule.counterMatch, 1) 12044 rule.logger.Info("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12045 return ruleVerdictAllowStop 12046 } 12047 atomic.AddUint64(&rule.counterMiss, 1) 12048 rule.logger.Info("acl rule hit", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12049 return ruleVerdictContinue 12050 } 12051 12052 func (rule *aclRuleFieldCheckAllowWithWarnLoggerCounterMatchAnyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12053 12054 for fieldName, shouldExist := range rule.checkFields { 12055 _, dataFound := data[fieldName] 12056 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12057 atomic.AddUint64(&rule.counterMiss, 1) 12058 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12059 return ruleVerdictContinue 12060 } 12061 } 12062 for i, field := range rule.fields { 12063 v, found := data[field] 12064 if !found { 12065 continue 12066 } 12067 if !rule.conditions[i].match(ctx, v) { 12068 continue 12069 } 12070 atomic.AddUint64(&rule.counterMatch, 1) 12071 rule.logger.Warn("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12072 return ruleVerdictAllowStop 12073 } 12074 atomic.AddUint64(&rule.counterMiss, 1) 12075 rule.logger.Warn("acl rule hit", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12076 return ruleVerdictContinue 12077 } 12078 12079 func (rule *aclRuleFieldCheckAllowWithErrorLoggerCounterMatchAnyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12080 12081 for fieldName, shouldExist := range rule.checkFields { 12082 _, dataFound := data[fieldName] 12083 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12084 atomic.AddUint64(&rule.counterMiss, 1) 12085 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12086 return ruleVerdictContinue 12087 } 12088 } 12089 for i, field := range rule.fields { 12090 v, found := data[field] 12091 if !found { 12092 continue 12093 } 12094 if !rule.conditions[i].match(ctx, v) { 12095 continue 12096 } 12097 atomic.AddUint64(&rule.counterMatch, 1) 12098 rule.logger.Error("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12099 return ruleVerdictAllowStop 12100 } 12101 atomic.AddUint64(&rule.counterMiss, 1) 12102 rule.logger.Error("acl rule hit", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12103 return ruleVerdictContinue 12104 } 12105 12106 func (rule *aclRuleFieldCheckAllowWithDebugLoggerCounterMatchAllStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12107 12108 for fieldName, shouldExist := range rule.checkFields { 12109 _, dataFound := data[fieldName] 12110 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12111 atomic.AddUint64(&rule.counterMiss, 1) 12112 rule.logger.Debug("acl rule hit", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12113 return ruleVerdictContinue 12114 } 12115 } 12116 var matched bool 12117 for i, field := range rule.fields { 12118 v, found := data[field] 12119 if !found { 12120 return ruleVerdictContinue 12121 } 12122 if !rule.conditions[i].match(ctx, v) { 12123 atomic.AddUint64(&rule.counterMiss, 1) 12124 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12125 return ruleVerdictContinue 12126 } 12127 matched = true 12128 } 12129 if matched { 12130 atomic.AddUint64(&rule.counterMatch, 1) 12131 rule.logger.Debug("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12132 return ruleVerdictAllowStop 12133 } 12134 atomic.AddUint64(&rule.counterMiss, 1) 12135 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12136 return ruleVerdictContinue 12137 } 12138 12139 func (rule *aclRuleFieldCheckAllowWithInfoLoggerCounterMatchAllStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12140 12141 for fieldName, shouldExist := range rule.checkFields { 12142 _, dataFound := data[fieldName] 12143 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12144 atomic.AddUint64(&rule.counterMiss, 1) 12145 rule.logger.Info("acl rule hit", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12146 return ruleVerdictContinue 12147 } 12148 } 12149 var matched bool 12150 for i, field := range rule.fields { 12151 v, found := data[field] 12152 if !found { 12153 return ruleVerdictContinue 12154 } 12155 if !rule.conditions[i].match(ctx, v) { 12156 atomic.AddUint64(&rule.counterMiss, 1) 12157 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12158 return ruleVerdictContinue 12159 } 12160 matched = true 12161 } 12162 if matched { 12163 atomic.AddUint64(&rule.counterMatch, 1) 12164 rule.logger.Info("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12165 return ruleVerdictAllowStop 12166 } 12167 atomic.AddUint64(&rule.counterMiss, 1) 12168 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12169 return ruleVerdictContinue 12170 } 12171 12172 func (rule *aclRuleFieldCheckAllowWithWarnLoggerCounterMatchAllStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12173 12174 for fieldName, shouldExist := range rule.checkFields { 12175 _, dataFound := data[fieldName] 12176 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12177 atomic.AddUint64(&rule.counterMiss, 1) 12178 rule.logger.Warn("acl rule hit", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12179 return ruleVerdictContinue 12180 } 12181 } 12182 var matched bool 12183 for i, field := range rule.fields { 12184 v, found := data[field] 12185 if !found { 12186 return ruleVerdictContinue 12187 } 12188 if !rule.conditions[i].match(ctx, v) { 12189 atomic.AddUint64(&rule.counterMiss, 1) 12190 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12191 return ruleVerdictContinue 12192 } 12193 matched = true 12194 } 12195 if matched { 12196 atomic.AddUint64(&rule.counterMatch, 1) 12197 rule.logger.Warn("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12198 return ruleVerdictAllowStop 12199 } 12200 atomic.AddUint64(&rule.counterMiss, 1) 12201 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12202 return ruleVerdictContinue 12203 } 12204 12205 func (rule *aclRuleFieldCheckAllowWithErrorLoggerCounterMatchAllStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12206 12207 for fieldName, shouldExist := range rule.checkFields { 12208 _, dataFound := data[fieldName] 12209 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12210 atomic.AddUint64(&rule.counterMiss, 1) 12211 rule.logger.Error("acl rule hit", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12212 return ruleVerdictContinue 12213 } 12214 } 12215 var matched bool 12216 for i, field := range rule.fields { 12217 v, found := data[field] 12218 if !found { 12219 return ruleVerdictContinue 12220 } 12221 if !rule.conditions[i].match(ctx, v) { 12222 atomic.AddUint64(&rule.counterMiss, 1) 12223 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12224 return ruleVerdictContinue 12225 } 12226 matched = true 12227 } 12228 if matched { 12229 atomic.AddUint64(&rule.counterMatch, 1) 12230 rule.logger.Error("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12231 return ruleVerdictAllowStop 12232 } 12233 atomic.AddUint64(&rule.counterMiss, 1) 12234 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12235 return ruleVerdictContinue 12236 } 12237 12238 func (rule *aclRuleFieldCheckAllowWithDebugLoggerCounterStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12239 12240 for fieldName, shouldExist := range rule.checkFields { 12241 _, dataFound := data[fieldName] 12242 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12243 atomic.AddUint64(&rule.counterMiss, 1) 12244 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12245 return ruleVerdictContinue 12246 } 12247 } 12248 atomic.AddUint64(&rule.counterMatch, 1) 12249 rule.logger.Debug("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12250 return ruleVerdictAllowStop 12251 } 12252 12253 func (rule *aclRuleFieldCheckAllowWithInfoLoggerCounterStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12254 12255 for fieldName, shouldExist := range rule.checkFields { 12256 _, dataFound := data[fieldName] 12257 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12258 atomic.AddUint64(&rule.counterMiss, 1) 12259 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12260 return ruleVerdictContinue 12261 } 12262 } 12263 atomic.AddUint64(&rule.counterMatch, 1) 12264 rule.logger.Info("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12265 return ruleVerdictAllowStop 12266 } 12267 12268 func (rule *aclRuleFieldCheckAllowWithWarnLoggerCounterStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12269 12270 for fieldName, shouldExist := range rule.checkFields { 12271 _, dataFound := data[fieldName] 12272 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12273 atomic.AddUint64(&rule.counterMiss, 1) 12274 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12275 return ruleVerdictContinue 12276 } 12277 } 12278 atomic.AddUint64(&rule.counterMatch, 1) 12279 rule.logger.Warn("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12280 return ruleVerdictAllowStop 12281 } 12282 12283 func (rule *aclRuleFieldCheckAllowWithErrorLoggerCounterStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12284 12285 for fieldName, shouldExist := range rule.checkFields { 12286 _, dataFound := data[fieldName] 12287 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12288 atomic.AddUint64(&rule.counterMiss, 1) 12289 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12290 return ruleVerdictContinue 12291 } 12292 } 12293 atomic.AddUint64(&rule.counterMatch, 1) 12294 rule.logger.Error("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12295 return ruleVerdictAllowStop 12296 } 12297 12298 func (rule *aclRuleFieldCheckAllowWithDebugLoggerCounterMatchAny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12299 12300 for fieldName, shouldExist := range rule.checkFields { 12301 _, dataFound := data[fieldName] 12302 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12303 atomic.AddUint64(&rule.counterMiss, 1) 12304 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12305 return ruleVerdictContinue 12306 } 12307 } 12308 for i, field := range rule.fields { 12309 v, found := data[field] 12310 if !found { 12311 continue 12312 } 12313 if !rule.conditions[i].match(ctx, v) { 12314 continue 12315 } 12316 atomic.AddUint64(&rule.counterMatch, 1) 12317 rule.logger.Debug("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12318 return ruleVerdictAllow 12319 } 12320 atomic.AddUint64(&rule.counterMiss, 1) 12321 rule.logger.Debug("acl rule hit", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12322 return ruleVerdictContinue 12323 } 12324 12325 func (rule *aclRuleFieldCheckAllowWithInfoLoggerCounterMatchAny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12326 12327 for fieldName, shouldExist := range rule.checkFields { 12328 _, dataFound := data[fieldName] 12329 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12330 atomic.AddUint64(&rule.counterMiss, 1) 12331 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12332 return ruleVerdictContinue 12333 } 12334 } 12335 for i, field := range rule.fields { 12336 v, found := data[field] 12337 if !found { 12338 continue 12339 } 12340 if !rule.conditions[i].match(ctx, v) { 12341 continue 12342 } 12343 atomic.AddUint64(&rule.counterMatch, 1) 12344 rule.logger.Info("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12345 return ruleVerdictAllow 12346 } 12347 atomic.AddUint64(&rule.counterMiss, 1) 12348 rule.logger.Info("acl rule hit", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12349 return ruleVerdictContinue 12350 } 12351 12352 func (rule *aclRuleFieldCheckAllowWithWarnLoggerCounterMatchAny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12353 12354 for fieldName, shouldExist := range rule.checkFields { 12355 _, dataFound := data[fieldName] 12356 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12357 atomic.AddUint64(&rule.counterMiss, 1) 12358 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12359 return ruleVerdictContinue 12360 } 12361 } 12362 for i, field := range rule.fields { 12363 v, found := data[field] 12364 if !found { 12365 continue 12366 } 12367 if !rule.conditions[i].match(ctx, v) { 12368 continue 12369 } 12370 atomic.AddUint64(&rule.counterMatch, 1) 12371 rule.logger.Warn("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12372 return ruleVerdictAllow 12373 } 12374 atomic.AddUint64(&rule.counterMiss, 1) 12375 rule.logger.Warn("acl rule hit", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12376 return ruleVerdictContinue 12377 } 12378 12379 func (rule *aclRuleFieldCheckAllowWithErrorLoggerCounterMatchAny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12380 12381 for fieldName, shouldExist := range rule.checkFields { 12382 _, dataFound := data[fieldName] 12383 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12384 atomic.AddUint64(&rule.counterMiss, 1) 12385 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12386 return ruleVerdictContinue 12387 } 12388 } 12389 for i, field := range rule.fields { 12390 v, found := data[field] 12391 if !found { 12392 continue 12393 } 12394 if !rule.conditions[i].match(ctx, v) { 12395 continue 12396 } 12397 atomic.AddUint64(&rule.counterMatch, 1) 12398 rule.logger.Error("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12399 return ruleVerdictAllow 12400 } 12401 atomic.AddUint64(&rule.counterMiss, 1) 12402 rule.logger.Error("acl rule hit", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12403 return ruleVerdictContinue 12404 } 12405 12406 func (rule *aclRuleFieldCheckAllowWithDebugLoggerCounterMatchAll) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12407 12408 for fieldName, shouldExist := range rule.checkFields { 12409 _, dataFound := data[fieldName] 12410 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12411 atomic.AddUint64(&rule.counterMiss, 1) 12412 rule.logger.Debug("acl rule hit", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12413 return ruleVerdictContinue 12414 } 12415 } 12416 var matched bool 12417 for i, field := range rule.fields { 12418 v, found := data[field] 12419 if !found { 12420 return ruleVerdictContinue 12421 } 12422 if !rule.conditions[i].match(ctx, v) { 12423 atomic.AddUint64(&rule.counterMiss, 1) 12424 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12425 return ruleVerdictContinue 12426 } 12427 matched = true 12428 } 12429 if matched { 12430 atomic.AddUint64(&rule.counterMatch, 1) 12431 rule.logger.Debug("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12432 return ruleVerdictAllow 12433 } 12434 atomic.AddUint64(&rule.counterMiss, 1) 12435 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12436 return ruleVerdictContinue 12437 } 12438 12439 func (rule *aclRuleFieldCheckAllowWithInfoLoggerCounterMatchAll) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12440 12441 for fieldName, shouldExist := range rule.checkFields { 12442 _, dataFound := data[fieldName] 12443 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12444 atomic.AddUint64(&rule.counterMiss, 1) 12445 rule.logger.Info("acl rule hit", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12446 return ruleVerdictContinue 12447 } 12448 } 12449 var matched bool 12450 for i, field := range rule.fields { 12451 v, found := data[field] 12452 if !found { 12453 return ruleVerdictContinue 12454 } 12455 if !rule.conditions[i].match(ctx, v) { 12456 atomic.AddUint64(&rule.counterMiss, 1) 12457 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12458 return ruleVerdictContinue 12459 } 12460 matched = true 12461 } 12462 if matched { 12463 atomic.AddUint64(&rule.counterMatch, 1) 12464 rule.logger.Info("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12465 return ruleVerdictAllow 12466 } 12467 atomic.AddUint64(&rule.counterMiss, 1) 12468 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12469 return ruleVerdictContinue 12470 } 12471 12472 func (rule *aclRuleFieldCheckAllowWithWarnLoggerCounterMatchAll) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12473 12474 for fieldName, shouldExist := range rule.checkFields { 12475 _, dataFound := data[fieldName] 12476 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12477 atomic.AddUint64(&rule.counterMiss, 1) 12478 rule.logger.Warn("acl rule hit", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12479 return ruleVerdictContinue 12480 } 12481 } 12482 var matched bool 12483 for i, field := range rule.fields { 12484 v, found := data[field] 12485 if !found { 12486 return ruleVerdictContinue 12487 } 12488 if !rule.conditions[i].match(ctx, v) { 12489 atomic.AddUint64(&rule.counterMiss, 1) 12490 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12491 return ruleVerdictContinue 12492 } 12493 matched = true 12494 } 12495 if matched { 12496 atomic.AddUint64(&rule.counterMatch, 1) 12497 rule.logger.Warn("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12498 return ruleVerdictAllow 12499 } 12500 atomic.AddUint64(&rule.counterMiss, 1) 12501 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12502 return ruleVerdictContinue 12503 } 12504 12505 func (rule *aclRuleFieldCheckAllowWithErrorLoggerCounterMatchAll) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12506 12507 for fieldName, shouldExist := range rule.checkFields { 12508 _, dataFound := data[fieldName] 12509 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12510 atomic.AddUint64(&rule.counterMiss, 1) 12511 rule.logger.Error("acl rule hit", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12512 return ruleVerdictContinue 12513 } 12514 } 12515 var matched bool 12516 for i, field := range rule.fields { 12517 v, found := data[field] 12518 if !found { 12519 return ruleVerdictContinue 12520 } 12521 if !rule.conditions[i].match(ctx, v) { 12522 atomic.AddUint64(&rule.counterMiss, 1) 12523 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12524 return ruleVerdictContinue 12525 } 12526 matched = true 12527 } 12528 if matched { 12529 atomic.AddUint64(&rule.counterMatch, 1) 12530 rule.logger.Error("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12531 return ruleVerdictAllow 12532 } 12533 atomic.AddUint64(&rule.counterMiss, 1) 12534 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12535 return ruleVerdictContinue 12536 } 12537 12538 func (rule *aclRuleFieldCheckAllowWithDebugLoggerCounter) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12539 12540 for fieldName, shouldExist := range rule.checkFields { 12541 _, dataFound := data[fieldName] 12542 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12543 atomic.AddUint64(&rule.counterMiss, 1) 12544 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12545 return ruleVerdictContinue 12546 } 12547 } 12548 atomic.AddUint64(&rule.counterMatch, 1) 12549 rule.logger.Debug("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12550 return ruleVerdictAllow 12551 } 12552 12553 func (rule *aclRuleFieldCheckAllowWithInfoLoggerCounter) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12554 12555 for fieldName, shouldExist := range rule.checkFields { 12556 _, dataFound := data[fieldName] 12557 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12558 atomic.AddUint64(&rule.counterMiss, 1) 12559 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12560 return ruleVerdictContinue 12561 } 12562 } 12563 atomic.AddUint64(&rule.counterMatch, 1) 12564 rule.logger.Info("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12565 return ruleVerdictAllow 12566 } 12567 12568 func (rule *aclRuleFieldCheckAllowWithWarnLoggerCounter) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12569 12570 for fieldName, shouldExist := range rule.checkFields { 12571 _, dataFound := data[fieldName] 12572 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12573 atomic.AddUint64(&rule.counterMiss, 1) 12574 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12575 return ruleVerdictContinue 12576 } 12577 } 12578 atomic.AddUint64(&rule.counterMatch, 1) 12579 rule.logger.Warn("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12580 return ruleVerdictAllow 12581 } 12582 12583 func (rule *aclRuleFieldCheckAllowWithErrorLoggerCounter) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12584 12585 for fieldName, shouldExist := range rule.checkFields { 12586 _, dataFound := data[fieldName] 12587 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12588 atomic.AddUint64(&rule.counterMiss, 1) 12589 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12590 return ruleVerdictContinue 12591 } 12592 } 12593 atomic.AddUint64(&rule.counterMatch, 1) 12594 rule.logger.Error("acl rule hit", zap.String("action", "allow"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12595 return ruleVerdictAllow 12596 } 12597 12598 func (rule *aclRuleFieldCheckDenyMatchAnyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12599 12600 for fieldName, shouldExist := range rule.checkFields { 12601 _, dataFound := data[fieldName] 12602 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12603 return ruleVerdictContinue 12604 } 12605 } 12606 for i, field := range rule.fields { 12607 v, found := data[field] 12608 if !found { 12609 continue 12610 } 12611 if !rule.conditions[i].match(ctx, v) { 12612 continue 12613 } 12614 return ruleVerdictDenyStop 12615 } 12616 return ruleVerdictContinue 12617 } 12618 12619 func (rule *aclRuleFieldCheckDenyMatchAllStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12620 12621 for fieldName, shouldExist := range rule.checkFields { 12622 _, dataFound := data[fieldName] 12623 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12624 return ruleVerdictContinue 12625 } 12626 } 12627 var matched bool 12628 for i, field := range rule.fields { 12629 v, found := data[field] 12630 if !found { 12631 return ruleVerdictContinue 12632 } 12633 if !rule.conditions[i].match(ctx, v) { 12634 return ruleVerdictContinue 12635 } 12636 matched = true 12637 } 12638 if matched { 12639 return ruleVerdictDenyStop 12640 } 12641 return ruleVerdictContinue 12642 } 12643 12644 func (rule *aclRuleFieldCheckDenyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12645 12646 for fieldName, shouldExist := range rule.checkFields { 12647 _, dataFound := data[fieldName] 12648 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12649 return ruleVerdictContinue 12650 } 12651 } 12652 return ruleVerdictDenyStop 12653 } 12654 12655 func (rule *aclRuleFieldCheckDenyMatchAny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12656 12657 for fieldName, shouldExist := range rule.checkFields { 12658 _, dataFound := data[fieldName] 12659 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12660 return ruleVerdictContinue 12661 } 12662 } 12663 for i, field := range rule.fields { 12664 v, found := data[field] 12665 if !found { 12666 continue 12667 } 12668 if !rule.conditions[i].match(ctx, v) { 12669 continue 12670 } 12671 return ruleVerdictDeny 12672 } 12673 return ruleVerdictContinue 12674 } 12675 12676 func (rule *aclRuleFieldCheckDenyMatchAll) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12677 12678 for fieldName, shouldExist := range rule.checkFields { 12679 _, dataFound := data[fieldName] 12680 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12681 return ruleVerdictContinue 12682 } 12683 } 12684 var matched bool 12685 for i, field := range rule.fields { 12686 v, found := data[field] 12687 if !found { 12688 return ruleVerdictContinue 12689 } 12690 if !rule.conditions[i].match(ctx, v) { 12691 return ruleVerdictContinue 12692 } 12693 matched = true 12694 } 12695 if matched { 12696 return ruleVerdictDeny 12697 } 12698 return ruleVerdictContinue 12699 } 12700 12701 func (rule *aclRuleFieldCheckDeny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12702 12703 for fieldName, shouldExist := range rule.checkFields { 12704 _, dataFound := data[fieldName] 12705 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12706 return ruleVerdictContinue 12707 } 12708 } 12709 return ruleVerdictDeny 12710 } 12711 12712 func (rule *aclRuleFieldCheckDenyWithDebugLoggerMatchAnyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12713 12714 for fieldName, shouldExist := range rule.checkFields { 12715 _, dataFound := data[fieldName] 12716 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12717 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12718 return ruleVerdictContinue 12719 } 12720 } 12721 for i, field := range rule.fields { 12722 v, found := data[field] 12723 if !found { 12724 continue 12725 } 12726 if !rule.conditions[i].match(ctx, v) { 12727 continue 12728 } 12729 rule.logger.Debug("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12730 return ruleVerdictDenyStop 12731 } 12732 rule.logger.Debug("acl rule hit", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12733 return ruleVerdictContinue 12734 } 12735 12736 func (rule *aclRuleFieldCheckDenyWithInfoLoggerMatchAnyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12737 12738 for fieldName, shouldExist := range rule.checkFields { 12739 _, dataFound := data[fieldName] 12740 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12741 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12742 return ruleVerdictContinue 12743 } 12744 } 12745 for i, field := range rule.fields { 12746 v, found := data[field] 12747 if !found { 12748 continue 12749 } 12750 if !rule.conditions[i].match(ctx, v) { 12751 continue 12752 } 12753 rule.logger.Info("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12754 return ruleVerdictDenyStop 12755 } 12756 rule.logger.Info("acl rule hit", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12757 return ruleVerdictContinue 12758 } 12759 12760 func (rule *aclRuleFieldCheckDenyWithWarnLoggerMatchAnyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12761 12762 for fieldName, shouldExist := range rule.checkFields { 12763 _, dataFound := data[fieldName] 12764 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12765 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12766 return ruleVerdictContinue 12767 } 12768 } 12769 for i, field := range rule.fields { 12770 v, found := data[field] 12771 if !found { 12772 continue 12773 } 12774 if !rule.conditions[i].match(ctx, v) { 12775 continue 12776 } 12777 rule.logger.Warn("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12778 return ruleVerdictDenyStop 12779 } 12780 rule.logger.Warn("acl rule hit", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12781 return ruleVerdictContinue 12782 } 12783 12784 func (rule *aclRuleFieldCheckDenyWithErrorLoggerMatchAnyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12785 12786 for fieldName, shouldExist := range rule.checkFields { 12787 _, dataFound := data[fieldName] 12788 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12789 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12790 return ruleVerdictContinue 12791 } 12792 } 12793 for i, field := range rule.fields { 12794 v, found := data[field] 12795 if !found { 12796 continue 12797 } 12798 if !rule.conditions[i].match(ctx, v) { 12799 continue 12800 } 12801 rule.logger.Error("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12802 return ruleVerdictDenyStop 12803 } 12804 rule.logger.Error("acl rule hit", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12805 return ruleVerdictContinue 12806 } 12807 12808 func (rule *aclRuleFieldCheckDenyWithDebugLoggerMatchAllStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12809 12810 for fieldName, shouldExist := range rule.checkFields { 12811 _, dataFound := data[fieldName] 12812 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12813 rule.logger.Debug("acl rule hit", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12814 return ruleVerdictContinue 12815 } 12816 } 12817 var matched bool 12818 for i, field := range rule.fields { 12819 v, found := data[field] 12820 if !found { 12821 return ruleVerdictContinue 12822 } 12823 if !rule.conditions[i].match(ctx, v) { 12824 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12825 return ruleVerdictContinue 12826 } 12827 matched = true 12828 } 12829 if matched { 12830 rule.logger.Debug("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12831 return ruleVerdictDenyStop 12832 } 12833 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12834 return ruleVerdictContinue 12835 } 12836 12837 func (rule *aclRuleFieldCheckDenyWithInfoLoggerMatchAllStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12838 12839 for fieldName, shouldExist := range rule.checkFields { 12840 _, dataFound := data[fieldName] 12841 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12842 rule.logger.Info("acl rule hit", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12843 return ruleVerdictContinue 12844 } 12845 } 12846 var matched bool 12847 for i, field := range rule.fields { 12848 v, found := data[field] 12849 if !found { 12850 return ruleVerdictContinue 12851 } 12852 if !rule.conditions[i].match(ctx, v) { 12853 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12854 return ruleVerdictContinue 12855 } 12856 matched = true 12857 } 12858 if matched { 12859 rule.logger.Info("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12860 return ruleVerdictDenyStop 12861 } 12862 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12863 return ruleVerdictContinue 12864 } 12865 12866 func (rule *aclRuleFieldCheckDenyWithWarnLoggerMatchAllStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12867 12868 for fieldName, shouldExist := range rule.checkFields { 12869 _, dataFound := data[fieldName] 12870 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12871 rule.logger.Warn("acl rule hit", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12872 return ruleVerdictContinue 12873 } 12874 } 12875 var matched bool 12876 for i, field := range rule.fields { 12877 v, found := data[field] 12878 if !found { 12879 return ruleVerdictContinue 12880 } 12881 if !rule.conditions[i].match(ctx, v) { 12882 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12883 return ruleVerdictContinue 12884 } 12885 matched = true 12886 } 12887 if matched { 12888 rule.logger.Warn("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12889 return ruleVerdictDenyStop 12890 } 12891 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12892 return ruleVerdictContinue 12893 } 12894 12895 func (rule *aclRuleFieldCheckDenyWithErrorLoggerMatchAllStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12896 12897 for fieldName, shouldExist := range rule.checkFields { 12898 _, dataFound := data[fieldName] 12899 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12900 rule.logger.Error("acl rule hit", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12901 return ruleVerdictContinue 12902 } 12903 } 12904 var matched bool 12905 for i, field := range rule.fields { 12906 v, found := data[field] 12907 if !found { 12908 return ruleVerdictContinue 12909 } 12910 if !rule.conditions[i].match(ctx, v) { 12911 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12912 return ruleVerdictContinue 12913 } 12914 matched = true 12915 } 12916 if matched { 12917 rule.logger.Error("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12918 return ruleVerdictDenyStop 12919 } 12920 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12921 return ruleVerdictContinue 12922 } 12923 12924 func (rule *aclRuleFieldCheckDenyWithDebugLoggerStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12925 12926 for fieldName, shouldExist := range rule.checkFields { 12927 _, dataFound := data[fieldName] 12928 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12929 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12930 return ruleVerdictContinue 12931 } 12932 } 12933 rule.logger.Debug("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12934 return ruleVerdictDenyStop 12935 } 12936 12937 func (rule *aclRuleFieldCheckDenyWithInfoLoggerStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12938 12939 for fieldName, shouldExist := range rule.checkFields { 12940 _, dataFound := data[fieldName] 12941 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12942 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12943 return ruleVerdictContinue 12944 } 12945 } 12946 rule.logger.Info("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12947 return ruleVerdictDenyStop 12948 } 12949 12950 func (rule *aclRuleFieldCheckDenyWithWarnLoggerStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12951 12952 for fieldName, shouldExist := range rule.checkFields { 12953 _, dataFound := data[fieldName] 12954 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12955 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12956 return ruleVerdictContinue 12957 } 12958 } 12959 rule.logger.Warn("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12960 return ruleVerdictDenyStop 12961 } 12962 12963 func (rule *aclRuleFieldCheckDenyWithErrorLoggerStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12964 12965 for fieldName, shouldExist := range rule.checkFields { 12966 _, dataFound := data[fieldName] 12967 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12968 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12969 return ruleVerdictContinue 12970 } 12971 } 12972 rule.logger.Error("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12973 return ruleVerdictDenyStop 12974 } 12975 12976 func (rule *aclRuleFieldCheckDenyWithDebugLoggerMatchAny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 12977 12978 for fieldName, shouldExist := range rule.checkFields { 12979 _, dataFound := data[fieldName] 12980 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 12981 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12982 return ruleVerdictContinue 12983 } 12984 } 12985 for i, field := range rule.fields { 12986 v, found := data[field] 12987 if !found { 12988 continue 12989 } 12990 if !rule.conditions[i].match(ctx, v) { 12991 continue 12992 } 12993 rule.logger.Debug("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12994 return ruleVerdictDeny 12995 } 12996 rule.logger.Debug("acl rule hit", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 12997 return ruleVerdictContinue 12998 } 12999 13000 func (rule *aclRuleFieldCheckDenyWithInfoLoggerMatchAny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 13001 13002 for fieldName, shouldExist := range rule.checkFields { 13003 _, dataFound := data[fieldName] 13004 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 13005 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13006 return ruleVerdictContinue 13007 } 13008 } 13009 for i, field := range rule.fields { 13010 v, found := data[field] 13011 if !found { 13012 continue 13013 } 13014 if !rule.conditions[i].match(ctx, v) { 13015 continue 13016 } 13017 rule.logger.Info("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13018 return ruleVerdictDeny 13019 } 13020 rule.logger.Info("acl rule hit", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13021 return ruleVerdictContinue 13022 } 13023 13024 func (rule *aclRuleFieldCheckDenyWithWarnLoggerMatchAny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 13025 13026 for fieldName, shouldExist := range rule.checkFields { 13027 _, dataFound := data[fieldName] 13028 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 13029 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13030 return ruleVerdictContinue 13031 } 13032 } 13033 for i, field := range rule.fields { 13034 v, found := data[field] 13035 if !found { 13036 continue 13037 } 13038 if !rule.conditions[i].match(ctx, v) { 13039 continue 13040 } 13041 rule.logger.Warn("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13042 return ruleVerdictDeny 13043 } 13044 rule.logger.Warn("acl rule hit", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13045 return ruleVerdictContinue 13046 } 13047 13048 func (rule *aclRuleFieldCheckDenyWithErrorLoggerMatchAny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 13049 13050 for fieldName, shouldExist := range rule.checkFields { 13051 _, dataFound := data[fieldName] 13052 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 13053 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13054 return ruleVerdictContinue 13055 } 13056 } 13057 for i, field := range rule.fields { 13058 v, found := data[field] 13059 if !found { 13060 continue 13061 } 13062 if !rule.conditions[i].match(ctx, v) { 13063 continue 13064 } 13065 rule.logger.Error("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13066 return ruleVerdictDeny 13067 } 13068 rule.logger.Error("acl rule hit", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13069 return ruleVerdictContinue 13070 } 13071 13072 func (rule *aclRuleFieldCheckDenyWithDebugLoggerMatchAll) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 13073 13074 for fieldName, shouldExist := range rule.checkFields { 13075 _, dataFound := data[fieldName] 13076 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 13077 rule.logger.Debug("acl rule hit", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13078 return ruleVerdictContinue 13079 } 13080 } 13081 var matched bool 13082 for i, field := range rule.fields { 13083 v, found := data[field] 13084 if !found { 13085 return ruleVerdictContinue 13086 } 13087 if !rule.conditions[i].match(ctx, v) { 13088 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13089 return ruleVerdictContinue 13090 } 13091 matched = true 13092 } 13093 if matched { 13094 rule.logger.Debug("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13095 return ruleVerdictDeny 13096 } 13097 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13098 return ruleVerdictContinue 13099 } 13100 13101 func (rule *aclRuleFieldCheckDenyWithInfoLoggerMatchAll) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 13102 13103 for fieldName, shouldExist := range rule.checkFields { 13104 _, dataFound := data[fieldName] 13105 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 13106 rule.logger.Info("acl rule hit", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13107 return ruleVerdictContinue 13108 } 13109 } 13110 var matched bool 13111 for i, field := range rule.fields { 13112 v, found := data[field] 13113 if !found { 13114 return ruleVerdictContinue 13115 } 13116 if !rule.conditions[i].match(ctx, v) { 13117 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13118 return ruleVerdictContinue 13119 } 13120 matched = true 13121 } 13122 if matched { 13123 rule.logger.Info("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13124 return ruleVerdictDeny 13125 } 13126 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13127 return ruleVerdictContinue 13128 } 13129 13130 func (rule *aclRuleFieldCheckDenyWithWarnLoggerMatchAll) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 13131 13132 for fieldName, shouldExist := range rule.checkFields { 13133 _, dataFound := data[fieldName] 13134 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 13135 rule.logger.Warn("acl rule hit", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13136 return ruleVerdictContinue 13137 } 13138 } 13139 var matched bool 13140 for i, field := range rule.fields { 13141 v, found := data[field] 13142 if !found { 13143 return ruleVerdictContinue 13144 } 13145 if !rule.conditions[i].match(ctx, v) { 13146 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13147 return ruleVerdictContinue 13148 } 13149 matched = true 13150 } 13151 if matched { 13152 rule.logger.Warn("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13153 return ruleVerdictDeny 13154 } 13155 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13156 return ruleVerdictContinue 13157 } 13158 13159 func (rule *aclRuleFieldCheckDenyWithErrorLoggerMatchAll) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 13160 13161 for fieldName, shouldExist := range rule.checkFields { 13162 _, dataFound := data[fieldName] 13163 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 13164 rule.logger.Error("acl rule hit", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13165 return ruleVerdictContinue 13166 } 13167 } 13168 var matched bool 13169 for i, field := range rule.fields { 13170 v, found := data[field] 13171 if !found { 13172 return ruleVerdictContinue 13173 } 13174 if !rule.conditions[i].match(ctx, v) { 13175 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13176 return ruleVerdictContinue 13177 } 13178 matched = true 13179 } 13180 if matched { 13181 rule.logger.Error("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13182 return ruleVerdictDeny 13183 } 13184 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13185 return ruleVerdictContinue 13186 } 13187 13188 func (rule *aclRuleFieldCheckDenyWithDebugLogger) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 13189 13190 for fieldName, shouldExist := range rule.checkFields { 13191 _, dataFound := data[fieldName] 13192 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 13193 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13194 return ruleVerdictContinue 13195 } 13196 } 13197 rule.logger.Debug("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13198 return ruleVerdictDeny 13199 } 13200 13201 func (rule *aclRuleFieldCheckDenyWithInfoLogger) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 13202 13203 for fieldName, shouldExist := range rule.checkFields { 13204 _, dataFound := data[fieldName] 13205 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 13206 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13207 return ruleVerdictContinue 13208 } 13209 } 13210 rule.logger.Info("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13211 return ruleVerdictDeny 13212 } 13213 13214 func (rule *aclRuleFieldCheckDenyWithWarnLogger) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 13215 13216 for fieldName, shouldExist := range rule.checkFields { 13217 _, dataFound := data[fieldName] 13218 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 13219 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13220 return ruleVerdictContinue 13221 } 13222 } 13223 rule.logger.Warn("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13224 return ruleVerdictDeny 13225 } 13226 13227 func (rule *aclRuleFieldCheckDenyWithErrorLogger) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 13228 13229 for fieldName, shouldExist := range rule.checkFields { 13230 _, dataFound := data[fieldName] 13231 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 13232 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13233 return ruleVerdictContinue 13234 } 13235 } 13236 rule.logger.Error("acl rule hit", zap.String("action", "deny"), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13237 return ruleVerdictDeny 13238 } 13239 13240 func (rule *aclRuleFieldCheckDenyWithCounterMatchAnyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 13241 13242 for fieldName, shouldExist := range rule.checkFields { 13243 _, dataFound := data[fieldName] 13244 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 13245 atomic.AddUint64(&rule.counterMiss, 1) 13246 return ruleVerdictContinue 13247 } 13248 } 13249 for i, field := range rule.fields { 13250 v, found := data[field] 13251 if !found { 13252 continue 13253 } 13254 if !rule.conditions[i].match(ctx, v) { 13255 continue 13256 } 13257 atomic.AddUint64(&rule.counterMatch, 1) 13258 return ruleVerdictDenyStop 13259 } 13260 atomic.AddUint64(&rule.counterMiss, 1) 13261 return ruleVerdictContinue 13262 } 13263 13264 func (rule *aclRuleFieldCheckDenyWithCounterMatchAllStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 13265 13266 for fieldName, shouldExist := range rule.checkFields { 13267 _, dataFound := data[fieldName] 13268 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 13269 atomic.AddUint64(&rule.counterMiss, 1) 13270 return ruleVerdictContinue 13271 } 13272 } 13273 var matched bool 13274 for i, field := range rule.fields { 13275 v, found := data[field] 13276 if !found { 13277 return ruleVerdictContinue 13278 } 13279 if !rule.conditions[i].match(ctx, v) { 13280 atomic.AddUint64(&rule.counterMiss, 1) 13281 return ruleVerdictContinue 13282 } 13283 matched = true 13284 } 13285 if matched { 13286 atomic.AddUint64(&rule.counterMatch, 1) 13287 return ruleVerdictDenyStop 13288 } 13289 atomic.AddUint64(&rule.counterMiss, 1) 13290 return ruleVerdictContinue 13291 } 13292 13293 func (rule *aclRuleFieldCheckDenyWithCounterStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 13294 13295 for fieldName, shouldExist := range rule.checkFields { 13296 _, dataFound := data[fieldName] 13297 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 13298 atomic.AddUint64(&rule.counterMiss, 1) 13299 return ruleVerdictContinue 13300 } 13301 } 13302 atomic.AddUint64(&rule.counterMatch, 1) 13303 return ruleVerdictDenyStop 13304 } 13305 13306 func (rule *aclRuleFieldCheckDenyWithCounterMatchAny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 13307 13308 for fieldName, shouldExist := range rule.checkFields { 13309 _, dataFound := data[fieldName] 13310 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 13311 atomic.AddUint64(&rule.counterMiss, 1) 13312 return ruleVerdictContinue 13313 } 13314 } 13315 for i, field := range rule.fields { 13316 v, found := data[field] 13317 if !found { 13318 continue 13319 } 13320 if !rule.conditions[i].match(ctx, v) { 13321 continue 13322 } 13323 atomic.AddUint64(&rule.counterMatch, 1) 13324 return ruleVerdictDeny 13325 } 13326 atomic.AddUint64(&rule.counterMiss, 1) 13327 return ruleVerdictContinue 13328 } 13329 13330 func (rule *aclRuleFieldCheckDenyWithCounterMatchAll) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 13331 13332 for fieldName, shouldExist := range rule.checkFields { 13333 _, dataFound := data[fieldName] 13334 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 13335 atomic.AddUint64(&rule.counterMiss, 1) 13336 return ruleVerdictContinue 13337 } 13338 } 13339 var matched bool 13340 for i, field := range rule.fields { 13341 v, found := data[field] 13342 if !found { 13343 return ruleVerdictContinue 13344 } 13345 if !rule.conditions[i].match(ctx, v) { 13346 atomic.AddUint64(&rule.counterMiss, 1) 13347 return ruleVerdictContinue 13348 } 13349 matched = true 13350 } 13351 if matched { 13352 atomic.AddUint64(&rule.counterMatch, 1) 13353 return ruleVerdictDeny 13354 } 13355 atomic.AddUint64(&rule.counterMiss, 1) 13356 return ruleVerdictContinue 13357 } 13358 13359 func (rule *aclRuleFieldCheckDenyWithCounter) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 13360 13361 for fieldName, shouldExist := range rule.checkFields { 13362 _, dataFound := data[fieldName] 13363 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 13364 atomic.AddUint64(&rule.counterMiss, 1) 13365 return ruleVerdictContinue 13366 } 13367 } 13368 atomic.AddUint64(&rule.counterMatch, 1) 13369 return ruleVerdictDeny 13370 } 13371 13372 func (rule *aclRuleFieldCheckDenyWithDebugLoggerCounterMatchAnyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 13373 13374 for fieldName, shouldExist := range rule.checkFields { 13375 _, dataFound := data[fieldName] 13376 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 13377 atomic.AddUint64(&rule.counterMiss, 1) 13378 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13379 return ruleVerdictContinue 13380 } 13381 } 13382 for i, field := range rule.fields { 13383 v, found := data[field] 13384 if !found { 13385 continue 13386 } 13387 if !rule.conditions[i].match(ctx, v) { 13388 continue 13389 } 13390 atomic.AddUint64(&rule.counterMatch, 1) 13391 rule.logger.Debug("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13392 return ruleVerdictDenyStop 13393 } 13394 atomic.AddUint64(&rule.counterMiss, 1) 13395 rule.logger.Debug("acl rule hit", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13396 return ruleVerdictContinue 13397 } 13398 13399 func (rule *aclRuleFieldCheckDenyWithInfoLoggerCounterMatchAnyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 13400 13401 for fieldName, shouldExist := range rule.checkFields { 13402 _, dataFound := data[fieldName] 13403 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 13404 atomic.AddUint64(&rule.counterMiss, 1) 13405 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13406 return ruleVerdictContinue 13407 } 13408 } 13409 for i, field := range rule.fields { 13410 v, found := data[field] 13411 if !found { 13412 continue 13413 } 13414 if !rule.conditions[i].match(ctx, v) { 13415 continue 13416 } 13417 atomic.AddUint64(&rule.counterMatch, 1) 13418 rule.logger.Info("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13419 return ruleVerdictDenyStop 13420 } 13421 atomic.AddUint64(&rule.counterMiss, 1) 13422 rule.logger.Info("acl rule hit", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13423 return ruleVerdictContinue 13424 } 13425 13426 func (rule *aclRuleFieldCheckDenyWithWarnLoggerCounterMatchAnyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 13427 13428 for fieldName, shouldExist := range rule.checkFields { 13429 _, dataFound := data[fieldName] 13430 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 13431 atomic.AddUint64(&rule.counterMiss, 1) 13432 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13433 return ruleVerdictContinue 13434 } 13435 } 13436 for i, field := range rule.fields { 13437 v, found := data[field] 13438 if !found { 13439 continue 13440 } 13441 if !rule.conditions[i].match(ctx, v) { 13442 continue 13443 } 13444 atomic.AddUint64(&rule.counterMatch, 1) 13445 rule.logger.Warn("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13446 return ruleVerdictDenyStop 13447 } 13448 atomic.AddUint64(&rule.counterMiss, 1) 13449 rule.logger.Warn("acl rule hit", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13450 return ruleVerdictContinue 13451 } 13452 13453 func (rule *aclRuleFieldCheckDenyWithErrorLoggerCounterMatchAnyStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 13454 13455 for fieldName, shouldExist := range rule.checkFields { 13456 _, dataFound := data[fieldName] 13457 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 13458 atomic.AddUint64(&rule.counterMiss, 1) 13459 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13460 return ruleVerdictContinue 13461 } 13462 } 13463 for i, field := range rule.fields { 13464 v, found := data[field] 13465 if !found { 13466 continue 13467 } 13468 if !rule.conditions[i].match(ctx, v) { 13469 continue 13470 } 13471 atomic.AddUint64(&rule.counterMatch, 1) 13472 rule.logger.Error("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13473 return ruleVerdictDenyStop 13474 } 13475 atomic.AddUint64(&rule.counterMiss, 1) 13476 rule.logger.Error("acl rule hit", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13477 return ruleVerdictContinue 13478 } 13479 13480 func (rule *aclRuleFieldCheckDenyWithDebugLoggerCounterMatchAllStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 13481 13482 for fieldName, shouldExist := range rule.checkFields { 13483 _, dataFound := data[fieldName] 13484 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 13485 atomic.AddUint64(&rule.counterMiss, 1) 13486 rule.logger.Debug("acl rule hit", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13487 return ruleVerdictContinue 13488 } 13489 } 13490 var matched bool 13491 for i, field := range rule.fields { 13492 v, found := data[field] 13493 if !found { 13494 return ruleVerdictContinue 13495 } 13496 if !rule.conditions[i].match(ctx, v) { 13497 atomic.AddUint64(&rule.counterMiss, 1) 13498 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13499 return ruleVerdictContinue 13500 } 13501 matched = true 13502 } 13503 if matched { 13504 atomic.AddUint64(&rule.counterMatch, 1) 13505 rule.logger.Debug("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13506 return ruleVerdictDenyStop 13507 } 13508 atomic.AddUint64(&rule.counterMiss, 1) 13509 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13510 return ruleVerdictContinue 13511 } 13512 13513 func (rule *aclRuleFieldCheckDenyWithInfoLoggerCounterMatchAllStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 13514 13515 for fieldName, shouldExist := range rule.checkFields { 13516 _, dataFound := data[fieldName] 13517 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 13518 atomic.AddUint64(&rule.counterMiss, 1) 13519 rule.logger.Info("acl rule hit", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13520 return ruleVerdictContinue 13521 } 13522 } 13523 var matched bool 13524 for i, field := range rule.fields { 13525 v, found := data[field] 13526 if !found { 13527 return ruleVerdictContinue 13528 } 13529 if !rule.conditions[i].match(ctx, v) { 13530 atomic.AddUint64(&rule.counterMiss, 1) 13531 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13532 return ruleVerdictContinue 13533 } 13534 matched = true 13535 } 13536 if matched { 13537 atomic.AddUint64(&rule.counterMatch, 1) 13538 rule.logger.Info("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13539 return ruleVerdictDenyStop 13540 } 13541 atomic.AddUint64(&rule.counterMiss, 1) 13542 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13543 return ruleVerdictContinue 13544 } 13545 13546 func (rule *aclRuleFieldCheckDenyWithWarnLoggerCounterMatchAllStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 13547 13548 for fieldName, shouldExist := range rule.checkFields { 13549 _, dataFound := data[fieldName] 13550 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 13551 atomic.AddUint64(&rule.counterMiss, 1) 13552 rule.logger.Warn("acl rule hit", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13553 return ruleVerdictContinue 13554 } 13555 } 13556 var matched bool 13557 for i, field := range rule.fields { 13558 v, found := data[field] 13559 if !found { 13560 return ruleVerdictContinue 13561 } 13562 if !rule.conditions[i].match(ctx, v) { 13563 atomic.AddUint64(&rule.counterMiss, 1) 13564 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13565 return ruleVerdictContinue 13566 } 13567 matched = true 13568 } 13569 if matched { 13570 atomic.AddUint64(&rule.counterMatch, 1) 13571 rule.logger.Warn("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13572 return ruleVerdictDenyStop 13573 } 13574 atomic.AddUint64(&rule.counterMiss, 1) 13575 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13576 return ruleVerdictContinue 13577 } 13578 13579 func (rule *aclRuleFieldCheckDenyWithErrorLoggerCounterMatchAllStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 13580 13581 for fieldName, shouldExist := range rule.checkFields { 13582 _, dataFound := data[fieldName] 13583 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 13584 atomic.AddUint64(&rule.counterMiss, 1) 13585 rule.logger.Error("acl rule hit", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13586 return ruleVerdictContinue 13587 } 13588 } 13589 var matched bool 13590 for i, field := range rule.fields { 13591 v, found := data[field] 13592 if !found { 13593 return ruleVerdictContinue 13594 } 13595 if !rule.conditions[i].match(ctx, v) { 13596 atomic.AddUint64(&rule.counterMiss, 1) 13597 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13598 return ruleVerdictContinue 13599 } 13600 matched = true 13601 } 13602 if matched { 13603 atomic.AddUint64(&rule.counterMatch, 1) 13604 rule.logger.Error("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13605 return ruleVerdictDenyStop 13606 } 13607 atomic.AddUint64(&rule.counterMiss, 1) 13608 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13609 return ruleVerdictContinue 13610 } 13611 13612 func (rule *aclRuleFieldCheckDenyWithDebugLoggerCounterStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 13613 13614 for fieldName, shouldExist := range rule.checkFields { 13615 _, dataFound := data[fieldName] 13616 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 13617 atomic.AddUint64(&rule.counterMiss, 1) 13618 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13619 return ruleVerdictContinue 13620 } 13621 } 13622 atomic.AddUint64(&rule.counterMatch, 1) 13623 rule.logger.Debug("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13624 return ruleVerdictDenyStop 13625 } 13626 13627 func (rule *aclRuleFieldCheckDenyWithInfoLoggerCounterStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 13628 13629 for fieldName, shouldExist := range rule.checkFields { 13630 _, dataFound := data[fieldName] 13631 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 13632 atomic.AddUint64(&rule.counterMiss, 1) 13633 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13634 return ruleVerdictContinue 13635 } 13636 } 13637 atomic.AddUint64(&rule.counterMatch, 1) 13638 rule.logger.Info("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13639 return ruleVerdictDenyStop 13640 } 13641 13642 func (rule *aclRuleFieldCheckDenyWithWarnLoggerCounterStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 13643 13644 for fieldName, shouldExist := range rule.checkFields { 13645 _, dataFound := data[fieldName] 13646 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 13647 atomic.AddUint64(&rule.counterMiss, 1) 13648 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13649 return ruleVerdictContinue 13650 } 13651 } 13652 atomic.AddUint64(&rule.counterMatch, 1) 13653 rule.logger.Warn("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13654 return ruleVerdictDenyStop 13655 } 13656 13657 func (rule *aclRuleFieldCheckDenyWithErrorLoggerCounterStop) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 13658 13659 for fieldName, shouldExist := range rule.checkFields { 13660 _, dataFound := data[fieldName] 13661 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 13662 atomic.AddUint64(&rule.counterMiss, 1) 13663 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13664 return ruleVerdictContinue 13665 } 13666 } 13667 atomic.AddUint64(&rule.counterMatch, 1) 13668 rule.logger.Error("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13669 return ruleVerdictDenyStop 13670 } 13671 13672 func (rule *aclRuleFieldCheckDenyWithDebugLoggerCounterMatchAny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 13673 13674 for fieldName, shouldExist := range rule.checkFields { 13675 _, dataFound := data[fieldName] 13676 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 13677 atomic.AddUint64(&rule.counterMiss, 1) 13678 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13679 return ruleVerdictContinue 13680 } 13681 } 13682 for i, field := range rule.fields { 13683 v, found := data[field] 13684 if !found { 13685 continue 13686 } 13687 if !rule.conditions[i].match(ctx, v) { 13688 continue 13689 } 13690 atomic.AddUint64(&rule.counterMatch, 1) 13691 rule.logger.Debug("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13692 return ruleVerdictDeny 13693 } 13694 atomic.AddUint64(&rule.counterMiss, 1) 13695 rule.logger.Debug("acl rule hit", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13696 return ruleVerdictContinue 13697 } 13698 13699 func (rule *aclRuleFieldCheckDenyWithInfoLoggerCounterMatchAny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 13700 13701 for fieldName, shouldExist := range rule.checkFields { 13702 _, dataFound := data[fieldName] 13703 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 13704 atomic.AddUint64(&rule.counterMiss, 1) 13705 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13706 return ruleVerdictContinue 13707 } 13708 } 13709 for i, field := range rule.fields { 13710 v, found := data[field] 13711 if !found { 13712 continue 13713 } 13714 if !rule.conditions[i].match(ctx, v) { 13715 continue 13716 } 13717 atomic.AddUint64(&rule.counterMatch, 1) 13718 rule.logger.Info("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13719 return ruleVerdictDeny 13720 } 13721 atomic.AddUint64(&rule.counterMiss, 1) 13722 rule.logger.Info("acl rule hit", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13723 return ruleVerdictContinue 13724 } 13725 13726 func (rule *aclRuleFieldCheckDenyWithWarnLoggerCounterMatchAny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 13727 13728 for fieldName, shouldExist := range rule.checkFields { 13729 _, dataFound := data[fieldName] 13730 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 13731 atomic.AddUint64(&rule.counterMiss, 1) 13732 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13733 return ruleVerdictContinue 13734 } 13735 } 13736 for i, field := range rule.fields { 13737 v, found := data[field] 13738 if !found { 13739 continue 13740 } 13741 if !rule.conditions[i].match(ctx, v) { 13742 continue 13743 } 13744 atomic.AddUint64(&rule.counterMatch, 1) 13745 rule.logger.Warn("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13746 return ruleVerdictDeny 13747 } 13748 atomic.AddUint64(&rule.counterMiss, 1) 13749 rule.logger.Warn("acl rule hit", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13750 return ruleVerdictContinue 13751 } 13752 13753 func (rule *aclRuleFieldCheckDenyWithErrorLoggerCounterMatchAny) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 13754 13755 for fieldName, shouldExist := range rule.checkFields { 13756 _, dataFound := data[fieldName] 13757 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 13758 atomic.AddUint64(&rule.counterMiss, 1) 13759 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13760 return ruleVerdictContinue 13761 } 13762 } 13763 for i, field := range rule.fields { 13764 v, found := data[field] 13765 if !found { 13766 continue 13767 } 13768 if !rule.conditions[i].match(ctx, v) { 13769 continue 13770 } 13771 atomic.AddUint64(&rule.counterMatch, 1) 13772 rule.logger.Error("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13773 return ruleVerdictDeny 13774 } 13775 atomic.AddUint64(&rule.counterMiss, 1) 13776 rule.logger.Error("acl rule hit", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13777 return ruleVerdictContinue 13778 } 13779 13780 func (rule *aclRuleFieldCheckDenyWithDebugLoggerCounterMatchAll) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 13781 13782 for fieldName, shouldExist := range rule.checkFields { 13783 _, dataFound := data[fieldName] 13784 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 13785 atomic.AddUint64(&rule.counterMiss, 1) 13786 rule.logger.Debug("acl rule hit", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13787 return ruleVerdictContinue 13788 } 13789 } 13790 var matched bool 13791 for i, field := range rule.fields { 13792 v, found := data[field] 13793 if !found { 13794 return ruleVerdictContinue 13795 } 13796 if !rule.conditions[i].match(ctx, v) { 13797 atomic.AddUint64(&rule.counterMiss, 1) 13798 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13799 return ruleVerdictContinue 13800 } 13801 matched = true 13802 } 13803 if matched { 13804 atomic.AddUint64(&rule.counterMatch, 1) 13805 rule.logger.Debug("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13806 return ruleVerdictDeny 13807 } 13808 atomic.AddUint64(&rule.counterMiss, 1) 13809 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13810 return ruleVerdictContinue 13811 } 13812 13813 func (rule *aclRuleFieldCheckDenyWithInfoLoggerCounterMatchAll) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 13814 13815 for fieldName, shouldExist := range rule.checkFields { 13816 _, dataFound := data[fieldName] 13817 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 13818 atomic.AddUint64(&rule.counterMiss, 1) 13819 rule.logger.Info("acl rule hit", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13820 return ruleVerdictContinue 13821 } 13822 } 13823 var matched bool 13824 for i, field := range rule.fields { 13825 v, found := data[field] 13826 if !found { 13827 return ruleVerdictContinue 13828 } 13829 if !rule.conditions[i].match(ctx, v) { 13830 atomic.AddUint64(&rule.counterMiss, 1) 13831 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13832 return ruleVerdictContinue 13833 } 13834 matched = true 13835 } 13836 if matched { 13837 atomic.AddUint64(&rule.counterMatch, 1) 13838 rule.logger.Info("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13839 return ruleVerdictDeny 13840 } 13841 atomic.AddUint64(&rule.counterMiss, 1) 13842 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13843 return ruleVerdictContinue 13844 } 13845 13846 func (rule *aclRuleFieldCheckDenyWithWarnLoggerCounterMatchAll) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 13847 13848 for fieldName, shouldExist := range rule.checkFields { 13849 _, dataFound := data[fieldName] 13850 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 13851 atomic.AddUint64(&rule.counterMiss, 1) 13852 rule.logger.Warn("acl rule hit", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13853 return ruleVerdictContinue 13854 } 13855 } 13856 var matched bool 13857 for i, field := range rule.fields { 13858 v, found := data[field] 13859 if !found { 13860 return ruleVerdictContinue 13861 } 13862 if !rule.conditions[i].match(ctx, v) { 13863 atomic.AddUint64(&rule.counterMiss, 1) 13864 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13865 return ruleVerdictContinue 13866 } 13867 matched = true 13868 } 13869 if matched { 13870 atomic.AddUint64(&rule.counterMatch, 1) 13871 rule.logger.Warn("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13872 return ruleVerdictDeny 13873 } 13874 atomic.AddUint64(&rule.counterMiss, 1) 13875 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13876 return ruleVerdictContinue 13877 } 13878 13879 func (rule *aclRuleFieldCheckDenyWithErrorLoggerCounterMatchAll) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 13880 13881 for fieldName, shouldExist := range rule.checkFields { 13882 _, dataFound := data[fieldName] 13883 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 13884 atomic.AddUint64(&rule.counterMiss, 1) 13885 rule.logger.Error("acl rule hit", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13886 return ruleVerdictContinue 13887 } 13888 } 13889 var matched bool 13890 for i, field := range rule.fields { 13891 v, found := data[field] 13892 if !found { 13893 return ruleVerdictContinue 13894 } 13895 if !rule.conditions[i].match(ctx, v) { 13896 atomic.AddUint64(&rule.counterMiss, 1) 13897 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13898 return ruleVerdictContinue 13899 } 13900 matched = true 13901 } 13902 if matched { 13903 atomic.AddUint64(&rule.counterMatch, 1) 13904 rule.logger.Error("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13905 return ruleVerdictDeny 13906 } 13907 atomic.AddUint64(&rule.counterMiss, 1) 13908 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13909 return ruleVerdictContinue 13910 } 13911 13912 func (rule *aclRuleFieldCheckDenyWithDebugLoggerCounter) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 13913 13914 for fieldName, shouldExist := range rule.checkFields { 13915 _, dataFound := data[fieldName] 13916 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 13917 atomic.AddUint64(&rule.counterMiss, 1) 13918 rule.logger.Debug("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13919 return ruleVerdictContinue 13920 } 13921 } 13922 atomic.AddUint64(&rule.counterMatch, 1) 13923 rule.logger.Debug("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13924 return ruleVerdictDeny 13925 } 13926 13927 func (rule *aclRuleFieldCheckDenyWithInfoLoggerCounter) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 13928 13929 for fieldName, shouldExist := range rule.checkFields { 13930 _, dataFound := data[fieldName] 13931 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 13932 atomic.AddUint64(&rule.counterMiss, 1) 13933 rule.logger.Info("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13934 return ruleVerdictContinue 13935 } 13936 } 13937 atomic.AddUint64(&rule.counterMatch, 1) 13938 rule.logger.Info("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13939 return ruleVerdictDeny 13940 } 13941 13942 func (rule *aclRuleFieldCheckDenyWithWarnLoggerCounter) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 13943 13944 for fieldName, shouldExist := range rule.checkFields { 13945 _, dataFound := data[fieldName] 13946 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 13947 atomic.AddUint64(&rule.counterMiss, 1) 13948 rule.logger.Warn("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13949 return ruleVerdictContinue 13950 } 13951 } 13952 atomic.AddUint64(&rule.counterMatch, 1) 13953 rule.logger.Warn("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13954 return ruleVerdictDeny 13955 } 13956 13957 func (rule *aclRuleFieldCheckDenyWithErrorLoggerCounter) eval(ctx context.Context, data map[string]interface{}) ruleVerdict { 13958 13959 for fieldName, shouldExist := range rule.checkFields { 13960 _, dataFound := data[fieldName] 13961 if (dataFound && !shouldExist) || (!dataFound && shouldExist) { 13962 atomic.AddUint64(&rule.counterMiss, 1) 13963 rule.logger.Error("acl rule miss", zap.String("action", "continue"), zap.Uint64("counter", rule.counterMiss), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13964 return ruleVerdictContinue 13965 } 13966 } 13967 atomic.AddUint64(&rule.counterMatch, 1) 13968 rule.logger.Error("acl rule hit", zap.String("action", "deny"), zap.Uint64("counter", rule.counterMatch), zap.String("tag", rule.tag), zap.Any("user", sanitize(data))) 13969 return ruleVerdictDeny 13970 } 13971 13972 func getRuleVerdictName(s ruleVerdict) string { 13973 switch s { 13974 case ruleVerdictDeny: 13975 return "ruleVerdictDeny" 13976 case ruleVerdictDenyStop: 13977 return "ruleVerdictDenyStop" 13978 case ruleVerdictContinue: 13979 return "ruleVerdictContinue" 13980 case ruleVerdictAllow: 13981 return "ruleVerdictAllow" 13982 case ruleVerdictAllowStop: 13983 return "ruleVerdictAllowStop" 13984 case ruleVerdictReserved: 13985 return "ruleVerdictReserved" 13986 } 13987 return "ruleVerdictUnknown" 13988 } 13989 13990 func getRuleActionName(s ruleAction) string { 13991 switch s { 13992 case ruleActionDeny: 13993 return "ruleActionDeny" 13994 case ruleActionAllow: 13995 return "ruleActionAllow" 13996 case ruleActionReserved: 13997 return "ruleActionReserved" 13998 } 13999 return "ruleActionUnknown" 14000 }