github.com/greenpau/go-authcrunch@v1.1.4/pkg/acl/rule_test.go (about) 1 // Copyright 2022 Paul Greenberg greenpau@outlook.com 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package acl 16 17 import ( 18 "context" 19 "github.com/greenpau/go-authcrunch/internal/tests" 20 "github.com/greenpau/go-authcrunch/pkg/errors" 21 logutil "github.com/greenpau/go-authcrunch/pkg/util/log" 22 "reflect" 23 "strings" 24 "testing" 25 ) 26 27 func TestNewAclRule(t *testing.T) { 28 var testcases = []struct { 29 name string 30 config *RuleConfiguration 31 loggerDisabled bool 32 want map[string]interface{} 33 shouldErr bool 34 err error 35 }{ 36 {name: "allow any and stop processing without counter and logging", 37 config: &RuleConfiguration{ 38 Comment: "foobar barfoo", 39 Conditions: []string{ 40 "exact match roles foobar", 41 "exact match org nyc", 42 }, 43 Action: `allow any stop`, 44 }, 45 want: map[string]interface{}{ 46 "rule_type": "*acl.aclRuleAllowMatchAnyStop", 47 "config_rule_type": "aclRuleAllowMatchAnyStop", 48 "comment": "foobar barfoo", 49 "action_name": "ruleActionAllow", 50 "default_verdict_name": "ruleVerdictUnknown", 51 "reserved_verdict_name": "ruleVerdictReserved", 52 "default_action_name": "ruleActionUnknown", 53 "reserved_action_name": "ruleActionReserved", 54 }, 55 }, {name: "failed allow any and stop processing without counter and logging", 56 config: &RuleConfiguration{ 57 Comment: "foobar barfoo", 58 Conditions: []string{ 59 "exact match roles foobar", 60 "foo org nyc", 61 }, 62 Action: `allow any stop`, 63 }, 64 shouldErr: true, 65 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 66 }, {name: "allow all and stop processing without counter and logging", 67 config: &RuleConfiguration{ 68 Comment: "foobar barfoo", 69 Conditions: []string{ 70 "exact match roles foobar", 71 "exact match org nyc", 72 }, 73 Action: `allow stop`, 74 }, 75 want: map[string]interface{}{ 76 "rule_type": "*acl.aclRuleAllowMatchAllStop", 77 "config_rule_type": "aclRuleAllowMatchAllStop", 78 "comment": "foobar barfoo", 79 "action_name": "ruleActionAllow", 80 "default_verdict_name": "ruleVerdictUnknown", 81 "reserved_verdict_name": "ruleVerdictReserved", 82 "default_action_name": "ruleActionUnknown", 83 "reserved_action_name": "ruleActionReserved", 84 }, 85 }, {name: "failed allow all and stop processing without counter and logging", 86 config: &RuleConfiguration{ 87 Comment: "foobar barfoo", 88 Conditions: []string{ 89 "exact match roles foobar", 90 "foo org nyc", 91 }, 92 Action: `allow stop`, 93 }, 94 shouldErr: true, 95 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 96 }, {name: "allow and stop processing without counter and logging", 97 config: &RuleConfiguration{ 98 Comment: "foobar barfoo", 99 Conditions: []string{"exact match roles foobar"}, 100 Action: `allow stop`, 101 }, 102 want: map[string]interface{}{ 103 "rule_type": "*acl.aclRuleAllowStop", 104 "config_rule_type": "aclRuleAllowStop", 105 "comment": "foobar barfoo", 106 "action_name": "ruleActionAllow", 107 "default_verdict_name": "ruleVerdictUnknown", 108 "reserved_verdict_name": "ruleVerdictReserved", 109 "default_action_name": "ruleActionUnknown", 110 "reserved_action_name": "ruleActionReserved", 111 }, 112 }, {name: "failed allow and stop processing without counter and logging", 113 config: &RuleConfiguration{ 114 Comment: "foobar barfoo", 115 Conditions: []string{"exact roles foobar"}, 116 Action: `allow stop`, 117 }, 118 shouldErr: true, 119 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("exact roles foobar")), 120 }, {name: "allow any without counter and logging", 121 config: &RuleConfiguration{ 122 Comment: "foobar barfoo", 123 Conditions: []string{ 124 "exact match roles foobar", 125 "exact match org nyc", 126 }, 127 Action: `allow any`, 128 }, 129 want: map[string]interface{}{ 130 "rule_type": "*acl.aclRuleAllowMatchAny", 131 "config_rule_type": "aclRuleAllowMatchAny", 132 "comment": "foobar barfoo", 133 "action_name": "ruleActionAllow", 134 "default_verdict_name": "ruleVerdictUnknown", 135 "reserved_verdict_name": "ruleVerdictReserved", 136 "default_action_name": "ruleActionUnknown", 137 "reserved_action_name": "ruleActionReserved", 138 }, 139 }, {name: "failed allow any without counter and logging", 140 config: &RuleConfiguration{ 141 Comment: "foobar barfoo", 142 Conditions: []string{ 143 "exact match roles foobar", 144 "foo org nyc", 145 }, 146 Action: `allow any`, 147 }, 148 shouldErr: true, 149 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 150 }, {name: "allow all without counter and logging", 151 config: &RuleConfiguration{ 152 Comment: "foobar barfoo", 153 Conditions: []string{ 154 "exact match roles foobar", 155 "exact match org nyc", 156 }, 157 Action: `allow`, 158 }, 159 want: map[string]interface{}{ 160 "rule_type": "*acl.aclRuleAllowMatchAll", 161 "config_rule_type": "aclRuleAllowMatchAll", 162 "comment": "foobar barfoo", 163 "action_name": "ruleActionAllow", 164 "default_verdict_name": "ruleVerdictUnknown", 165 "reserved_verdict_name": "ruleVerdictReserved", 166 "default_action_name": "ruleActionUnknown", 167 "reserved_action_name": "ruleActionReserved", 168 }, 169 }, {name: "failed allow all without counter and logging", 170 config: &RuleConfiguration{ 171 Comment: "foobar barfoo", 172 Conditions: []string{ 173 "exact match roles foobar", 174 "foo org nyc", 175 }, 176 Action: `allow`, 177 }, 178 shouldErr: true, 179 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 180 }, {name: "allow without counter and logging", 181 config: &RuleConfiguration{ 182 Comment: "foobar barfoo", 183 Conditions: []string{"exact match roles foobar"}, 184 Action: `allow`, 185 }, 186 want: map[string]interface{}{ 187 "rule_type": "*acl.aclRuleAllow", 188 "config_rule_type": "aclRuleAllow", 189 "comment": "foobar barfoo", 190 "action_name": "ruleActionAllow", 191 "default_verdict_name": "ruleVerdictUnknown", 192 "reserved_verdict_name": "ruleVerdictReserved", 193 "default_action_name": "ruleActionUnknown", 194 "reserved_action_name": "ruleActionReserved", 195 }, 196 }, {name: "failed allow without counter and logging", 197 config: &RuleConfiguration{ 198 Comment: "foobar barfoo", 199 Conditions: []string{"exact roles foobar"}, 200 Action: `allow`, 201 }, 202 shouldErr: true, 203 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("exact roles foobar")), 204 }, {name: "allow any and stop processing with debug logging and without counter", 205 config: &RuleConfiguration{ 206 Comment: "foobar barfoo", 207 Conditions: []string{ 208 "exact match roles foobar", 209 "exact match org nyc", 210 }, 211 Action: `allow any stop log debug`, 212 }, 213 want: map[string]interface{}{ 214 "rule_type": "*acl.aclRuleAllowWithDebugLoggerMatchAnyStop", 215 "config_rule_type": "aclRuleAllowWithDebugLoggerMatchAnyStop", 216 "comment": "foobar barfoo", 217 "action_name": "ruleActionAllow", 218 "default_verdict_name": "ruleVerdictUnknown", 219 "reserved_verdict_name": "ruleVerdictReserved", 220 "default_action_name": "ruleActionUnknown", 221 "reserved_action_name": "ruleActionReserved", 222 "log_level": "debug", 223 }, 224 }, {name: "failed allow any and stop processing with debug logging and without counter", 225 config: &RuleConfiguration{ 226 Comment: "foobar barfoo", 227 Conditions: []string{ 228 "exact match roles foobar", 229 "foo org nyc", 230 }, 231 Action: `allow any stop log debug`, 232 }, 233 shouldErr: true, 234 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 235 }, {name: "allow any and stop processing with info logging and without counter", 236 config: &RuleConfiguration{ 237 Comment: "foobar barfoo", 238 Conditions: []string{ 239 "exact match roles foobar", 240 "exact match org nyc", 241 }, 242 Action: `allow any stop log info`, 243 }, 244 want: map[string]interface{}{ 245 "rule_type": "*acl.aclRuleAllowWithInfoLoggerMatchAnyStop", 246 "config_rule_type": "aclRuleAllowWithInfoLoggerMatchAnyStop", 247 "comment": "foobar barfoo", 248 "action_name": "ruleActionAllow", 249 "default_verdict_name": "ruleVerdictUnknown", 250 "reserved_verdict_name": "ruleVerdictReserved", 251 "default_action_name": "ruleActionUnknown", 252 "reserved_action_name": "ruleActionReserved", 253 "log_level": "info", 254 }, 255 }, {name: "failed allow any and stop processing with info logging and without counter", 256 config: &RuleConfiguration{ 257 Comment: "foobar barfoo", 258 Conditions: []string{ 259 "exact match roles foobar", 260 "foo org nyc", 261 }, 262 Action: `allow any stop log info`, 263 }, 264 shouldErr: true, 265 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 266 }, {name: "allow any and stop processing with warn logging and without counter", 267 config: &RuleConfiguration{ 268 Comment: "foobar barfoo", 269 Conditions: []string{ 270 "exact match roles foobar", 271 "exact match org nyc", 272 }, 273 Action: `allow any stop log warn`, 274 }, 275 want: map[string]interface{}{ 276 "rule_type": "*acl.aclRuleAllowWithWarnLoggerMatchAnyStop", 277 "config_rule_type": "aclRuleAllowWithWarnLoggerMatchAnyStop", 278 "comment": "foobar barfoo", 279 "action_name": "ruleActionAllow", 280 "default_verdict_name": "ruleVerdictUnknown", 281 "reserved_verdict_name": "ruleVerdictReserved", 282 "default_action_name": "ruleActionUnknown", 283 "reserved_action_name": "ruleActionReserved", 284 "log_level": "warn", 285 }, 286 }, {name: "failed allow any and stop processing with warn logging and without counter", 287 config: &RuleConfiguration{ 288 Comment: "foobar barfoo", 289 Conditions: []string{ 290 "exact match roles foobar", 291 "foo org nyc", 292 }, 293 Action: `allow any stop log warn`, 294 }, 295 shouldErr: true, 296 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 297 }, {name: "allow any and stop processing with error logging and without counter", 298 config: &RuleConfiguration{ 299 Comment: "foobar barfoo", 300 Conditions: []string{ 301 "exact match roles foobar", 302 "exact match org nyc", 303 }, 304 Action: `allow any stop log error`, 305 }, 306 want: map[string]interface{}{ 307 "rule_type": "*acl.aclRuleAllowWithErrorLoggerMatchAnyStop", 308 "config_rule_type": "aclRuleAllowWithErrorLoggerMatchAnyStop", 309 "comment": "foobar barfoo", 310 "action_name": "ruleActionAllow", 311 "default_verdict_name": "ruleVerdictUnknown", 312 "reserved_verdict_name": "ruleVerdictReserved", 313 "default_action_name": "ruleActionUnknown", 314 "reserved_action_name": "ruleActionReserved", 315 "log_level": "error", 316 }, 317 }, {name: "failed allow any and stop processing with error logging and without counter", 318 config: &RuleConfiguration{ 319 Comment: "foobar barfoo", 320 Conditions: []string{ 321 "exact match roles foobar", 322 "foo org nyc", 323 }, 324 Action: `allow any stop log error`, 325 }, 326 shouldErr: true, 327 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 328 }, {name: "allow all and stop processing with debug logging and without counter", 329 config: &RuleConfiguration{ 330 Comment: "foobar barfoo", 331 Conditions: []string{ 332 "exact match roles foobar", 333 "exact match org nyc", 334 }, 335 Action: `allow stop log debug`, 336 }, 337 want: map[string]interface{}{ 338 "rule_type": "*acl.aclRuleAllowWithDebugLoggerMatchAllStop", 339 "config_rule_type": "aclRuleAllowWithDebugLoggerMatchAllStop", 340 "comment": "foobar barfoo", 341 "action_name": "ruleActionAllow", 342 "default_verdict_name": "ruleVerdictUnknown", 343 "reserved_verdict_name": "ruleVerdictReserved", 344 "default_action_name": "ruleActionUnknown", 345 "reserved_action_name": "ruleActionReserved", 346 "log_level": "debug", 347 }, 348 }, {name: "failed allow all and stop processing with debug logging and without counter", 349 config: &RuleConfiguration{ 350 Comment: "foobar barfoo", 351 Conditions: []string{ 352 "exact match roles foobar", 353 "foo org nyc", 354 }, 355 Action: `allow stop log debug`, 356 }, 357 shouldErr: true, 358 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 359 }, {name: "allow all and stop processing with info logging and without counter", 360 config: &RuleConfiguration{ 361 Comment: "foobar barfoo", 362 Conditions: []string{ 363 "exact match roles foobar", 364 "exact match org nyc", 365 }, 366 Action: `allow stop log info`, 367 }, 368 want: map[string]interface{}{ 369 "rule_type": "*acl.aclRuleAllowWithInfoLoggerMatchAllStop", 370 "config_rule_type": "aclRuleAllowWithInfoLoggerMatchAllStop", 371 "comment": "foobar barfoo", 372 "action_name": "ruleActionAllow", 373 "default_verdict_name": "ruleVerdictUnknown", 374 "reserved_verdict_name": "ruleVerdictReserved", 375 "default_action_name": "ruleActionUnknown", 376 "reserved_action_name": "ruleActionReserved", 377 "log_level": "info", 378 }, 379 }, {name: "failed allow all and stop processing with info logging and without counter", 380 config: &RuleConfiguration{ 381 Comment: "foobar barfoo", 382 Conditions: []string{ 383 "exact match roles foobar", 384 "foo org nyc", 385 }, 386 Action: `allow stop log info`, 387 }, 388 shouldErr: true, 389 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 390 }, {name: "allow all and stop processing with warn logging and without counter", 391 config: &RuleConfiguration{ 392 Comment: "foobar barfoo", 393 Conditions: []string{ 394 "exact match roles foobar", 395 "exact match org nyc", 396 }, 397 Action: `allow stop log warn`, 398 }, 399 want: map[string]interface{}{ 400 "rule_type": "*acl.aclRuleAllowWithWarnLoggerMatchAllStop", 401 "config_rule_type": "aclRuleAllowWithWarnLoggerMatchAllStop", 402 "comment": "foobar barfoo", 403 "action_name": "ruleActionAllow", 404 "default_verdict_name": "ruleVerdictUnknown", 405 "reserved_verdict_name": "ruleVerdictReserved", 406 "default_action_name": "ruleActionUnknown", 407 "reserved_action_name": "ruleActionReserved", 408 "log_level": "warn", 409 }, 410 }, {name: "failed allow all and stop processing with warn logging and without counter", 411 config: &RuleConfiguration{ 412 Comment: "foobar barfoo", 413 Conditions: []string{ 414 "exact match roles foobar", 415 "foo org nyc", 416 }, 417 Action: `allow stop log warn`, 418 }, 419 shouldErr: true, 420 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 421 }, {name: "allow all and stop processing with error logging and without counter", 422 config: &RuleConfiguration{ 423 Comment: "foobar barfoo", 424 Conditions: []string{ 425 "exact match roles foobar", 426 "exact match org nyc", 427 }, 428 Action: `allow stop log error`, 429 }, 430 want: map[string]interface{}{ 431 "rule_type": "*acl.aclRuleAllowWithErrorLoggerMatchAllStop", 432 "config_rule_type": "aclRuleAllowWithErrorLoggerMatchAllStop", 433 "comment": "foobar barfoo", 434 "action_name": "ruleActionAllow", 435 "default_verdict_name": "ruleVerdictUnknown", 436 "reserved_verdict_name": "ruleVerdictReserved", 437 "default_action_name": "ruleActionUnknown", 438 "reserved_action_name": "ruleActionReserved", 439 "log_level": "error", 440 }, 441 }, {name: "failed allow all and stop processing with error logging and without counter", 442 config: &RuleConfiguration{ 443 Comment: "foobar barfoo", 444 Conditions: []string{ 445 "exact match roles foobar", 446 "foo org nyc", 447 }, 448 Action: `allow stop log error`, 449 }, 450 shouldErr: true, 451 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 452 }, {name: "allow and stop processing with debug logging and without counter", 453 config: &RuleConfiguration{ 454 Comment: "foobar barfoo", 455 Conditions: []string{"exact match roles foobar"}, 456 Action: `allow stop log debug`, 457 }, 458 want: map[string]interface{}{ 459 "rule_type": "*acl.aclRuleAllowWithDebugLoggerStop", 460 "config_rule_type": "aclRuleAllowWithDebugLoggerStop", 461 "comment": "foobar barfoo", 462 "action_name": "ruleActionAllow", 463 "default_verdict_name": "ruleVerdictUnknown", 464 "reserved_verdict_name": "ruleVerdictReserved", 465 "default_action_name": "ruleActionUnknown", 466 "reserved_action_name": "ruleActionReserved", 467 "log_level": "debug", 468 }, 469 }, {name: "failed allow and stop processing with debug logging and without counter", 470 config: &RuleConfiguration{ 471 Comment: "foobar barfoo", 472 Conditions: []string{"exact roles foobar"}, 473 Action: `allow stop log debug`, 474 }, 475 shouldErr: true, 476 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("exact roles foobar")), 477 }, {name: "allow and stop processing with info logging and without counter", 478 config: &RuleConfiguration{ 479 Comment: "foobar barfoo", 480 Conditions: []string{"exact match roles foobar"}, 481 Action: `allow stop log info`, 482 }, 483 want: map[string]interface{}{ 484 "rule_type": "*acl.aclRuleAllowWithInfoLoggerStop", 485 "config_rule_type": "aclRuleAllowWithInfoLoggerStop", 486 "comment": "foobar barfoo", 487 "action_name": "ruleActionAllow", 488 "default_verdict_name": "ruleVerdictUnknown", 489 "reserved_verdict_name": "ruleVerdictReserved", 490 "default_action_name": "ruleActionUnknown", 491 "reserved_action_name": "ruleActionReserved", 492 "log_level": "info", 493 }, 494 }, {name: "failed allow and stop processing with info logging and without counter", 495 config: &RuleConfiguration{ 496 Comment: "foobar barfoo", 497 Conditions: []string{"exact roles foobar"}, 498 Action: `allow stop log info`, 499 }, 500 shouldErr: true, 501 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("exact roles foobar")), 502 }, {name: "allow and stop processing with warn logging and without counter", 503 config: &RuleConfiguration{ 504 Comment: "foobar barfoo", 505 Conditions: []string{"exact match roles foobar"}, 506 Action: `allow stop log warn`, 507 }, 508 want: map[string]interface{}{ 509 "rule_type": "*acl.aclRuleAllowWithWarnLoggerStop", 510 "config_rule_type": "aclRuleAllowWithWarnLoggerStop", 511 "comment": "foobar barfoo", 512 "action_name": "ruleActionAllow", 513 "default_verdict_name": "ruleVerdictUnknown", 514 "reserved_verdict_name": "ruleVerdictReserved", 515 "default_action_name": "ruleActionUnknown", 516 "reserved_action_name": "ruleActionReserved", 517 "log_level": "warn", 518 }, 519 }, {name: "failed allow and stop processing with warn logging and without counter", 520 config: &RuleConfiguration{ 521 Comment: "foobar barfoo", 522 Conditions: []string{"exact roles foobar"}, 523 Action: `allow stop log warn`, 524 }, 525 shouldErr: true, 526 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("exact roles foobar")), 527 }, {name: "allow and stop processing with error logging and without counter", 528 config: &RuleConfiguration{ 529 Comment: "foobar barfoo", 530 Conditions: []string{"exact match roles foobar"}, 531 Action: `allow stop log error`, 532 }, 533 want: map[string]interface{}{ 534 "rule_type": "*acl.aclRuleAllowWithErrorLoggerStop", 535 "config_rule_type": "aclRuleAllowWithErrorLoggerStop", 536 "comment": "foobar barfoo", 537 "action_name": "ruleActionAllow", 538 "default_verdict_name": "ruleVerdictUnknown", 539 "reserved_verdict_name": "ruleVerdictReserved", 540 "default_action_name": "ruleActionUnknown", 541 "reserved_action_name": "ruleActionReserved", 542 "log_level": "error", 543 }, 544 }, {name: "failed allow and stop processing with error logging and without counter", 545 config: &RuleConfiguration{ 546 Comment: "foobar barfoo", 547 Conditions: []string{"exact roles foobar"}, 548 Action: `allow stop log error`, 549 }, 550 shouldErr: true, 551 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("exact roles foobar")), 552 }, {name: "allow any with debug logging and without counter", 553 config: &RuleConfiguration{ 554 Comment: "foobar barfoo", 555 Conditions: []string{ 556 "exact match roles foobar", 557 "exact match org nyc", 558 }, 559 Action: `allow any log debug`, 560 }, 561 want: map[string]interface{}{ 562 "rule_type": "*acl.aclRuleAllowWithDebugLoggerMatchAny", 563 "config_rule_type": "aclRuleAllowWithDebugLoggerMatchAny", 564 "comment": "foobar barfoo", 565 "action_name": "ruleActionAllow", 566 "default_verdict_name": "ruleVerdictUnknown", 567 "reserved_verdict_name": "ruleVerdictReserved", 568 "default_action_name": "ruleActionUnknown", 569 "reserved_action_name": "ruleActionReserved", 570 "log_level": "debug", 571 }, 572 }, {name: "failed allow any with debug logging and without counter", 573 config: &RuleConfiguration{ 574 Comment: "foobar barfoo", 575 Conditions: []string{ 576 "exact match roles foobar", 577 "foo org nyc", 578 }, 579 Action: `allow any log debug`, 580 }, 581 shouldErr: true, 582 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 583 }, {name: "allow any with info logging and without counter", 584 config: &RuleConfiguration{ 585 Comment: "foobar barfoo", 586 Conditions: []string{ 587 "exact match roles foobar", 588 "exact match org nyc", 589 }, 590 Action: `allow any log info`, 591 }, 592 want: map[string]interface{}{ 593 "rule_type": "*acl.aclRuleAllowWithInfoLoggerMatchAny", 594 "config_rule_type": "aclRuleAllowWithInfoLoggerMatchAny", 595 "comment": "foobar barfoo", 596 "action_name": "ruleActionAllow", 597 "default_verdict_name": "ruleVerdictUnknown", 598 "reserved_verdict_name": "ruleVerdictReserved", 599 "default_action_name": "ruleActionUnknown", 600 "reserved_action_name": "ruleActionReserved", 601 "log_level": "info", 602 }, 603 }, {name: "failed allow any with info logging and without counter", 604 config: &RuleConfiguration{ 605 Comment: "foobar barfoo", 606 Conditions: []string{ 607 "exact match roles foobar", 608 "foo org nyc", 609 }, 610 Action: `allow any log info`, 611 }, 612 shouldErr: true, 613 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 614 }, {name: "allow any with warn logging and without counter", 615 config: &RuleConfiguration{ 616 Comment: "foobar barfoo", 617 Conditions: []string{ 618 "exact match roles foobar", 619 "exact match org nyc", 620 }, 621 Action: `allow any log warn`, 622 }, 623 want: map[string]interface{}{ 624 "rule_type": "*acl.aclRuleAllowWithWarnLoggerMatchAny", 625 "config_rule_type": "aclRuleAllowWithWarnLoggerMatchAny", 626 "comment": "foobar barfoo", 627 "action_name": "ruleActionAllow", 628 "default_verdict_name": "ruleVerdictUnknown", 629 "reserved_verdict_name": "ruleVerdictReserved", 630 "default_action_name": "ruleActionUnknown", 631 "reserved_action_name": "ruleActionReserved", 632 "log_level": "warn", 633 }, 634 }, {name: "failed allow any with warn logging and without counter", 635 config: &RuleConfiguration{ 636 Comment: "foobar barfoo", 637 Conditions: []string{ 638 "exact match roles foobar", 639 "foo org nyc", 640 }, 641 Action: `allow any log warn`, 642 }, 643 shouldErr: true, 644 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 645 }, {name: "allow any with error logging and without counter", 646 config: &RuleConfiguration{ 647 Comment: "foobar barfoo", 648 Conditions: []string{ 649 "exact match roles foobar", 650 "exact match org nyc", 651 }, 652 Action: `allow any log error`, 653 }, 654 want: map[string]interface{}{ 655 "rule_type": "*acl.aclRuleAllowWithErrorLoggerMatchAny", 656 "config_rule_type": "aclRuleAllowWithErrorLoggerMatchAny", 657 "comment": "foobar barfoo", 658 "action_name": "ruleActionAllow", 659 "default_verdict_name": "ruleVerdictUnknown", 660 "reserved_verdict_name": "ruleVerdictReserved", 661 "default_action_name": "ruleActionUnknown", 662 "reserved_action_name": "ruleActionReserved", 663 "log_level": "error", 664 }, 665 }, {name: "failed allow any with error logging and without counter", 666 config: &RuleConfiguration{ 667 Comment: "foobar barfoo", 668 Conditions: []string{ 669 "exact match roles foobar", 670 "foo org nyc", 671 }, 672 Action: `allow any log error`, 673 }, 674 shouldErr: true, 675 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 676 }, {name: "allow all with debug logging and without counter", 677 config: &RuleConfiguration{ 678 Comment: "foobar barfoo", 679 Conditions: []string{ 680 "exact match roles foobar", 681 "exact match org nyc", 682 }, 683 Action: `allow log debug`, 684 }, 685 want: map[string]interface{}{ 686 "rule_type": "*acl.aclRuleAllowWithDebugLoggerMatchAll", 687 "config_rule_type": "aclRuleAllowWithDebugLoggerMatchAll", 688 "comment": "foobar barfoo", 689 "action_name": "ruleActionAllow", 690 "default_verdict_name": "ruleVerdictUnknown", 691 "reserved_verdict_name": "ruleVerdictReserved", 692 "default_action_name": "ruleActionUnknown", 693 "reserved_action_name": "ruleActionReserved", 694 "log_level": "debug", 695 }, 696 }, {name: "failed allow all with debug logging and without counter", 697 config: &RuleConfiguration{ 698 Comment: "foobar barfoo", 699 Conditions: []string{ 700 "exact match roles foobar", 701 "foo org nyc", 702 }, 703 Action: `allow log debug`, 704 }, 705 shouldErr: true, 706 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 707 }, {name: "allow all with info logging and without counter", 708 config: &RuleConfiguration{ 709 Comment: "foobar barfoo", 710 Conditions: []string{ 711 "exact match roles foobar", 712 "exact match org nyc", 713 }, 714 Action: `allow log info`, 715 }, 716 want: map[string]interface{}{ 717 "rule_type": "*acl.aclRuleAllowWithInfoLoggerMatchAll", 718 "config_rule_type": "aclRuleAllowWithInfoLoggerMatchAll", 719 "comment": "foobar barfoo", 720 "action_name": "ruleActionAllow", 721 "default_verdict_name": "ruleVerdictUnknown", 722 "reserved_verdict_name": "ruleVerdictReserved", 723 "default_action_name": "ruleActionUnknown", 724 "reserved_action_name": "ruleActionReserved", 725 "log_level": "info", 726 }, 727 }, {name: "failed allow all with info logging and without counter", 728 config: &RuleConfiguration{ 729 Comment: "foobar barfoo", 730 Conditions: []string{ 731 "exact match roles foobar", 732 "foo org nyc", 733 }, 734 Action: `allow log info`, 735 }, 736 shouldErr: true, 737 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 738 }, {name: "allow all with warn logging and without counter", 739 config: &RuleConfiguration{ 740 Comment: "foobar barfoo", 741 Conditions: []string{ 742 "exact match roles foobar", 743 "exact match org nyc", 744 }, 745 Action: `allow log warn`, 746 }, 747 want: map[string]interface{}{ 748 "rule_type": "*acl.aclRuleAllowWithWarnLoggerMatchAll", 749 "config_rule_type": "aclRuleAllowWithWarnLoggerMatchAll", 750 "comment": "foobar barfoo", 751 "action_name": "ruleActionAllow", 752 "default_verdict_name": "ruleVerdictUnknown", 753 "reserved_verdict_name": "ruleVerdictReserved", 754 "default_action_name": "ruleActionUnknown", 755 "reserved_action_name": "ruleActionReserved", 756 "log_level": "warn", 757 }, 758 }, {name: "failed allow all with warn logging and without counter", 759 config: &RuleConfiguration{ 760 Comment: "foobar barfoo", 761 Conditions: []string{ 762 "exact match roles foobar", 763 "foo org nyc", 764 }, 765 Action: `allow log warn`, 766 }, 767 shouldErr: true, 768 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 769 }, {name: "allow all with error logging and without counter", 770 config: &RuleConfiguration{ 771 Comment: "foobar barfoo", 772 Conditions: []string{ 773 "exact match roles foobar", 774 "exact match org nyc", 775 }, 776 Action: `allow log error`, 777 }, 778 want: map[string]interface{}{ 779 "rule_type": "*acl.aclRuleAllowWithErrorLoggerMatchAll", 780 "config_rule_type": "aclRuleAllowWithErrorLoggerMatchAll", 781 "comment": "foobar barfoo", 782 "action_name": "ruleActionAllow", 783 "default_verdict_name": "ruleVerdictUnknown", 784 "reserved_verdict_name": "ruleVerdictReserved", 785 "default_action_name": "ruleActionUnknown", 786 "reserved_action_name": "ruleActionReserved", 787 "log_level": "error", 788 }, 789 }, {name: "failed allow all with error logging and without counter", 790 config: &RuleConfiguration{ 791 Comment: "foobar barfoo", 792 Conditions: []string{ 793 "exact match roles foobar", 794 "foo org nyc", 795 }, 796 Action: `allow log error`, 797 }, 798 shouldErr: true, 799 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 800 }, {name: "allow with debug logging and without counter", 801 config: &RuleConfiguration{ 802 Comment: "foobar barfoo", 803 Conditions: []string{"exact match roles foobar"}, 804 Action: `allow log debug`, 805 }, 806 want: map[string]interface{}{ 807 "rule_type": "*acl.aclRuleAllowWithDebugLogger", 808 "config_rule_type": "aclRuleAllowWithDebugLogger", 809 "comment": "foobar barfoo", 810 "action_name": "ruleActionAllow", 811 "default_verdict_name": "ruleVerdictUnknown", 812 "reserved_verdict_name": "ruleVerdictReserved", 813 "default_action_name": "ruleActionUnknown", 814 "reserved_action_name": "ruleActionReserved", 815 "log_level": "debug", 816 }, 817 }, {name: "failed allow with debug logging and without counter", 818 config: &RuleConfiguration{ 819 Comment: "foobar barfoo", 820 Conditions: []string{"exact roles foobar"}, 821 Action: `allow log debug`, 822 }, 823 shouldErr: true, 824 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("exact roles foobar")), 825 }, {name: "allow with info logging and without counter", 826 config: &RuleConfiguration{ 827 Comment: "foobar barfoo", 828 Conditions: []string{"exact match roles foobar"}, 829 Action: `allow log info`, 830 }, 831 want: map[string]interface{}{ 832 "rule_type": "*acl.aclRuleAllowWithInfoLogger", 833 "config_rule_type": "aclRuleAllowWithInfoLogger", 834 "comment": "foobar barfoo", 835 "action_name": "ruleActionAllow", 836 "default_verdict_name": "ruleVerdictUnknown", 837 "reserved_verdict_name": "ruleVerdictReserved", 838 "default_action_name": "ruleActionUnknown", 839 "reserved_action_name": "ruleActionReserved", 840 "log_level": "info", 841 }, 842 }, {name: "failed allow with info logging and without counter", 843 config: &RuleConfiguration{ 844 Comment: "foobar barfoo", 845 Conditions: []string{"exact roles foobar"}, 846 Action: `allow log info`, 847 }, 848 shouldErr: true, 849 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("exact roles foobar")), 850 }, {name: "allow with warn logging and without counter", 851 config: &RuleConfiguration{ 852 Comment: "foobar barfoo", 853 Conditions: []string{"exact match roles foobar"}, 854 Action: `allow log warn`, 855 }, 856 want: map[string]interface{}{ 857 "rule_type": "*acl.aclRuleAllowWithWarnLogger", 858 "config_rule_type": "aclRuleAllowWithWarnLogger", 859 "comment": "foobar barfoo", 860 "action_name": "ruleActionAllow", 861 "default_verdict_name": "ruleVerdictUnknown", 862 "reserved_verdict_name": "ruleVerdictReserved", 863 "default_action_name": "ruleActionUnknown", 864 "reserved_action_name": "ruleActionReserved", 865 "log_level": "warn", 866 }, 867 }, {name: "failed allow with warn logging and without counter", 868 config: &RuleConfiguration{ 869 Comment: "foobar barfoo", 870 Conditions: []string{"exact roles foobar"}, 871 Action: `allow log warn`, 872 }, 873 shouldErr: true, 874 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("exact roles foobar")), 875 }, {name: "allow with error logging and without counter", 876 config: &RuleConfiguration{ 877 Comment: "foobar barfoo", 878 Conditions: []string{"exact match roles foobar"}, 879 Action: `allow log error`, 880 }, 881 want: map[string]interface{}{ 882 "rule_type": "*acl.aclRuleAllowWithErrorLogger", 883 "config_rule_type": "aclRuleAllowWithErrorLogger", 884 "comment": "foobar barfoo", 885 "action_name": "ruleActionAllow", 886 "default_verdict_name": "ruleVerdictUnknown", 887 "reserved_verdict_name": "ruleVerdictReserved", 888 "default_action_name": "ruleActionUnknown", 889 "reserved_action_name": "ruleActionReserved", 890 "log_level": "error", 891 }, 892 }, {name: "failed allow with error logging and without counter", 893 config: &RuleConfiguration{ 894 Comment: "foobar barfoo", 895 Conditions: []string{"exact roles foobar"}, 896 Action: `allow log error`, 897 }, 898 shouldErr: true, 899 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("exact roles foobar")), 900 }, {name: "allow any and stop processing with counter and without logging", 901 config: &RuleConfiguration{ 902 Comment: "foobar barfoo", 903 Conditions: []string{ 904 "exact match roles foobar", 905 "exact match org nyc", 906 }, 907 Action: `allow any stop counter`, 908 }, 909 want: map[string]interface{}{ 910 "rule_type": "*acl.aclRuleAllowWithCounterMatchAnyStop", 911 "config_rule_type": "aclRuleAllowWithCounterMatchAnyStop", 912 "comment": "foobar barfoo", 913 "action_name": "ruleActionAllow", 914 "default_verdict_name": "ruleVerdictUnknown", 915 "reserved_verdict_name": "ruleVerdictReserved", 916 "default_action_name": "ruleActionUnknown", 917 "reserved_action_name": "ruleActionReserved", 918 }, 919 }, {name: "failed allow any and stop processing with counter and without logging", 920 config: &RuleConfiguration{ 921 Comment: "foobar barfoo", 922 Conditions: []string{ 923 "exact match roles foobar", 924 "foo org nyc", 925 }, 926 Action: `allow any stop counter`, 927 }, 928 shouldErr: true, 929 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 930 }, {name: "allow all and stop processing with counter and without logging", 931 config: &RuleConfiguration{ 932 Comment: "foobar barfoo", 933 Conditions: []string{ 934 "exact match roles foobar", 935 "exact match org nyc", 936 }, 937 Action: `allow stop counter`, 938 }, 939 want: map[string]interface{}{ 940 "rule_type": "*acl.aclRuleAllowWithCounterMatchAllStop", 941 "config_rule_type": "aclRuleAllowWithCounterMatchAllStop", 942 "comment": "foobar barfoo", 943 "action_name": "ruleActionAllow", 944 "default_verdict_name": "ruleVerdictUnknown", 945 "reserved_verdict_name": "ruleVerdictReserved", 946 "default_action_name": "ruleActionUnknown", 947 "reserved_action_name": "ruleActionReserved", 948 }, 949 }, {name: "failed allow all and stop processing with counter and without logging", 950 config: &RuleConfiguration{ 951 Comment: "foobar barfoo", 952 Conditions: []string{ 953 "exact match roles foobar", 954 "foo org nyc", 955 }, 956 Action: `allow stop counter`, 957 }, 958 shouldErr: true, 959 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 960 }, {name: "allow and stop processing with counter and without logging", 961 config: &RuleConfiguration{ 962 Comment: "foobar barfoo", 963 Conditions: []string{"exact match roles foobar"}, 964 Action: `allow stop counter`, 965 }, 966 want: map[string]interface{}{ 967 "rule_type": "*acl.aclRuleAllowWithCounterStop", 968 "config_rule_type": "aclRuleAllowWithCounterStop", 969 "comment": "foobar barfoo", 970 "action_name": "ruleActionAllow", 971 "default_verdict_name": "ruleVerdictUnknown", 972 "reserved_verdict_name": "ruleVerdictReserved", 973 "default_action_name": "ruleActionUnknown", 974 "reserved_action_name": "ruleActionReserved", 975 }, 976 }, {name: "failed allow and stop processing with counter and without logging", 977 config: &RuleConfiguration{ 978 Comment: "foobar barfoo", 979 Conditions: []string{"exact roles foobar"}, 980 Action: `allow stop counter`, 981 }, 982 shouldErr: true, 983 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("exact roles foobar")), 984 }, {name: "allow any with counter and without logging", 985 config: &RuleConfiguration{ 986 Comment: "foobar barfoo", 987 Conditions: []string{ 988 "exact match roles foobar", 989 "exact match org nyc", 990 }, 991 Action: `allow any counter`, 992 }, 993 want: map[string]interface{}{ 994 "rule_type": "*acl.aclRuleAllowWithCounterMatchAny", 995 "config_rule_type": "aclRuleAllowWithCounterMatchAny", 996 "comment": "foobar barfoo", 997 "action_name": "ruleActionAllow", 998 "default_verdict_name": "ruleVerdictUnknown", 999 "reserved_verdict_name": "ruleVerdictReserved", 1000 "default_action_name": "ruleActionUnknown", 1001 "reserved_action_name": "ruleActionReserved", 1002 }, 1003 }, {name: "failed allow any with counter and without logging", 1004 config: &RuleConfiguration{ 1005 Comment: "foobar barfoo", 1006 Conditions: []string{ 1007 "exact match roles foobar", 1008 "foo org nyc", 1009 }, 1010 Action: `allow any counter`, 1011 }, 1012 shouldErr: true, 1013 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 1014 }, {name: "allow all with counter and without logging", 1015 config: &RuleConfiguration{ 1016 Comment: "foobar barfoo", 1017 Conditions: []string{ 1018 "exact match roles foobar", 1019 "exact match org nyc", 1020 }, 1021 Action: `allow counter`, 1022 }, 1023 want: map[string]interface{}{ 1024 "rule_type": "*acl.aclRuleAllowWithCounterMatchAll", 1025 "config_rule_type": "aclRuleAllowWithCounterMatchAll", 1026 "comment": "foobar barfoo", 1027 "action_name": "ruleActionAllow", 1028 "default_verdict_name": "ruleVerdictUnknown", 1029 "reserved_verdict_name": "ruleVerdictReserved", 1030 "default_action_name": "ruleActionUnknown", 1031 "reserved_action_name": "ruleActionReserved", 1032 }, 1033 }, {name: "failed allow all with counter and without logging", 1034 config: &RuleConfiguration{ 1035 Comment: "foobar barfoo", 1036 Conditions: []string{ 1037 "exact match roles foobar", 1038 "foo org nyc", 1039 }, 1040 Action: `allow counter`, 1041 }, 1042 shouldErr: true, 1043 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 1044 }, {name: "allow with counter and without logging", 1045 config: &RuleConfiguration{ 1046 Comment: "foobar barfoo", 1047 Conditions: []string{"exact match roles foobar"}, 1048 Action: `allow counter`, 1049 }, 1050 want: map[string]interface{}{ 1051 "rule_type": "*acl.aclRuleAllowWithCounter", 1052 "config_rule_type": "aclRuleAllowWithCounter", 1053 "comment": "foobar barfoo", 1054 "action_name": "ruleActionAllow", 1055 "default_verdict_name": "ruleVerdictUnknown", 1056 "reserved_verdict_name": "ruleVerdictReserved", 1057 "default_action_name": "ruleActionUnknown", 1058 "reserved_action_name": "ruleActionReserved", 1059 }, 1060 }, {name: "failed allow with counter and without logging", 1061 config: &RuleConfiguration{ 1062 Comment: "foobar barfoo", 1063 Conditions: []string{"exact roles foobar"}, 1064 Action: `allow counter`, 1065 }, 1066 shouldErr: true, 1067 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("exact roles foobar")), 1068 }, {name: "allow any and stop processing with debug logging and with counter", 1069 config: &RuleConfiguration{ 1070 Comment: "foobar barfoo", 1071 Conditions: []string{ 1072 "exact match roles foobar", 1073 "exact match org nyc", 1074 }, 1075 Action: `allow any stop counter log debug`, 1076 }, 1077 want: map[string]interface{}{ 1078 "rule_type": "*acl.aclRuleAllowWithDebugLoggerCounterMatchAnyStop", 1079 "config_rule_type": "aclRuleAllowWithDebugLoggerCounterMatchAnyStop", 1080 "comment": "foobar barfoo", 1081 "action_name": "ruleActionAllow", 1082 "default_verdict_name": "ruleVerdictUnknown", 1083 "reserved_verdict_name": "ruleVerdictReserved", 1084 "default_action_name": "ruleActionUnknown", 1085 "reserved_action_name": "ruleActionReserved", 1086 "log_level": "debug", 1087 }, 1088 }, {name: "failed allow any and stop processing with debug logging and with counter", 1089 config: &RuleConfiguration{ 1090 Comment: "foobar barfoo", 1091 Conditions: []string{ 1092 "exact match roles foobar", 1093 "foo org nyc", 1094 }, 1095 Action: `allow any stop counter log debug`, 1096 }, 1097 shouldErr: true, 1098 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 1099 }, {name: "allow any and stop processing with info logging and with counter", 1100 config: &RuleConfiguration{ 1101 Comment: "foobar barfoo", 1102 Conditions: []string{ 1103 "exact match roles foobar", 1104 "exact match org nyc", 1105 }, 1106 Action: `allow any stop counter log info`, 1107 }, 1108 want: map[string]interface{}{ 1109 "rule_type": "*acl.aclRuleAllowWithInfoLoggerCounterMatchAnyStop", 1110 "config_rule_type": "aclRuleAllowWithInfoLoggerCounterMatchAnyStop", 1111 "comment": "foobar barfoo", 1112 "action_name": "ruleActionAllow", 1113 "default_verdict_name": "ruleVerdictUnknown", 1114 "reserved_verdict_name": "ruleVerdictReserved", 1115 "default_action_name": "ruleActionUnknown", 1116 "reserved_action_name": "ruleActionReserved", 1117 "log_level": "info", 1118 }, 1119 }, {name: "failed allow any and stop processing with info logging and with counter", 1120 config: &RuleConfiguration{ 1121 Comment: "foobar barfoo", 1122 Conditions: []string{ 1123 "exact match roles foobar", 1124 "foo org nyc", 1125 }, 1126 Action: `allow any stop counter log info`, 1127 }, 1128 shouldErr: true, 1129 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 1130 }, {name: "allow any and stop processing with warn logging and with counter", 1131 config: &RuleConfiguration{ 1132 Comment: "foobar barfoo", 1133 Conditions: []string{ 1134 "exact match roles foobar", 1135 "exact match org nyc", 1136 }, 1137 Action: `allow any stop counter log warn`, 1138 }, 1139 want: map[string]interface{}{ 1140 "rule_type": "*acl.aclRuleAllowWithWarnLoggerCounterMatchAnyStop", 1141 "config_rule_type": "aclRuleAllowWithWarnLoggerCounterMatchAnyStop", 1142 "comment": "foobar barfoo", 1143 "action_name": "ruleActionAllow", 1144 "default_verdict_name": "ruleVerdictUnknown", 1145 "reserved_verdict_name": "ruleVerdictReserved", 1146 "default_action_name": "ruleActionUnknown", 1147 "reserved_action_name": "ruleActionReserved", 1148 "log_level": "warn", 1149 }, 1150 }, {name: "failed allow any and stop processing with warn logging and with counter", 1151 config: &RuleConfiguration{ 1152 Comment: "foobar barfoo", 1153 Conditions: []string{ 1154 "exact match roles foobar", 1155 "foo org nyc", 1156 }, 1157 Action: `allow any stop counter log warn`, 1158 }, 1159 shouldErr: true, 1160 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 1161 }, {name: "allow any and stop processing with error logging and with counter", 1162 config: &RuleConfiguration{ 1163 Comment: "foobar barfoo", 1164 Conditions: []string{ 1165 "exact match roles foobar", 1166 "exact match org nyc", 1167 }, 1168 Action: `allow any stop counter log error`, 1169 }, 1170 want: map[string]interface{}{ 1171 "rule_type": "*acl.aclRuleAllowWithErrorLoggerCounterMatchAnyStop", 1172 "config_rule_type": "aclRuleAllowWithErrorLoggerCounterMatchAnyStop", 1173 "comment": "foobar barfoo", 1174 "action_name": "ruleActionAllow", 1175 "default_verdict_name": "ruleVerdictUnknown", 1176 "reserved_verdict_name": "ruleVerdictReserved", 1177 "default_action_name": "ruleActionUnknown", 1178 "reserved_action_name": "ruleActionReserved", 1179 "log_level": "error", 1180 }, 1181 }, {name: "failed allow any and stop processing with error logging and with counter", 1182 config: &RuleConfiguration{ 1183 Comment: "foobar barfoo", 1184 Conditions: []string{ 1185 "exact match roles foobar", 1186 "foo org nyc", 1187 }, 1188 Action: `allow any stop counter log error`, 1189 }, 1190 shouldErr: true, 1191 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 1192 }, {name: "allow all and stop processing with debug logging and with counter", 1193 config: &RuleConfiguration{ 1194 Comment: "foobar barfoo", 1195 Conditions: []string{ 1196 "exact match roles foobar", 1197 "exact match org nyc", 1198 }, 1199 Action: `allow stop counter log debug`, 1200 }, 1201 want: map[string]interface{}{ 1202 "rule_type": "*acl.aclRuleAllowWithDebugLoggerCounterMatchAllStop", 1203 "config_rule_type": "aclRuleAllowWithDebugLoggerCounterMatchAllStop", 1204 "comment": "foobar barfoo", 1205 "action_name": "ruleActionAllow", 1206 "default_verdict_name": "ruleVerdictUnknown", 1207 "reserved_verdict_name": "ruleVerdictReserved", 1208 "default_action_name": "ruleActionUnknown", 1209 "reserved_action_name": "ruleActionReserved", 1210 "log_level": "debug", 1211 }, 1212 }, {name: "failed allow all and stop processing with debug logging and with counter", 1213 config: &RuleConfiguration{ 1214 Comment: "foobar barfoo", 1215 Conditions: []string{ 1216 "exact match roles foobar", 1217 "foo org nyc", 1218 }, 1219 Action: `allow stop counter log debug`, 1220 }, 1221 shouldErr: true, 1222 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 1223 }, {name: "allow all and stop processing with info logging and with counter", 1224 config: &RuleConfiguration{ 1225 Comment: "foobar barfoo", 1226 Conditions: []string{ 1227 "exact match roles foobar", 1228 "exact match org nyc", 1229 }, 1230 Action: `allow stop counter log info`, 1231 }, 1232 want: map[string]interface{}{ 1233 "rule_type": "*acl.aclRuleAllowWithInfoLoggerCounterMatchAllStop", 1234 "config_rule_type": "aclRuleAllowWithInfoLoggerCounterMatchAllStop", 1235 "comment": "foobar barfoo", 1236 "action_name": "ruleActionAllow", 1237 "default_verdict_name": "ruleVerdictUnknown", 1238 "reserved_verdict_name": "ruleVerdictReserved", 1239 "default_action_name": "ruleActionUnknown", 1240 "reserved_action_name": "ruleActionReserved", 1241 "log_level": "info", 1242 }, 1243 }, {name: "failed allow all and stop processing with info logging and with counter", 1244 config: &RuleConfiguration{ 1245 Comment: "foobar barfoo", 1246 Conditions: []string{ 1247 "exact match roles foobar", 1248 "foo org nyc", 1249 }, 1250 Action: `allow stop counter log info`, 1251 }, 1252 shouldErr: true, 1253 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 1254 }, {name: "allow all and stop processing with warn logging and with counter", 1255 config: &RuleConfiguration{ 1256 Comment: "foobar barfoo", 1257 Conditions: []string{ 1258 "exact match roles foobar", 1259 "exact match org nyc", 1260 }, 1261 Action: `allow stop counter log warn`, 1262 }, 1263 want: map[string]interface{}{ 1264 "rule_type": "*acl.aclRuleAllowWithWarnLoggerCounterMatchAllStop", 1265 "config_rule_type": "aclRuleAllowWithWarnLoggerCounterMatchAllStop", 1266 "comment": "foobar barfoo", 1267 "action_name": "ruleActionAllow", 1268 "default_verdict_name": "ruleVerdictUnknown", 1269 "reserved_verdict_name": "ruleVerdictReserved", 1270 "default_action_name": "ruleActionUnknown", 1271 "reserved_action_name": "ruleActionReserved", 1272 "log_level": "warn", 1273 }, 1274 }, {name: "failed allow all and stop processing with warn logging and with counter", 1275 config: &RuleConfiguration{ 1276 Comment: "foobar barfoo", 1277 Conditions: []string{ 1278 "exact match roles foobar", 1279 "foo org nyc", 1280 }, 1281 Action: `allow stop counter log warn`, 1282 }, 1283 shouldErr: true, 1284 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 1285 }, {name: "allow all and stop processing with error logging and with counter", 1286 config: &RuleConfiguration{ 1287 Comment: "foobar barfoo", 1288 Conditions: []string{ 1289 "exact match roles foobar", 1290 "exact match org nyc", 1291 }, 1292 Action: `allow stop counter log error`, 1293 }, 1294 want: map[string]interface{}{ 1295 "rule_type": "*acl.aclRuleAllowWithErrorLoggerCounterMatchAllStop", 1296 "config_rule_type": "aclRuleAllowWithErrorLoggerCounterMatchAllStop", 1297 "comment": "foobar barfoo", 1298 "action_name": "ruleActionAllow", 1299 "default_verdict_name": "ruleVerdictUnknown", 1300 "reserved_verdict_name": "ruleVerdictReserved", 1301 "default_action_name": "ruleActionUnknown", 1302 "reserved_action_name": "ruleActionReserved", 1303 "log_level": "error", 1304 }, 1305 }, {name: "failed allow all and stop processing with error logging and with counter", 1306 config: &RuleConfiguration{ 1307 Comment: "foobar barfoo", 1308 Conditions: []string{ 1309 "exact match roles foobar", 1310 "foo org nyc", 1311 }, 1312 Action: `allow stop counter log error`, 1313 }, 1314 shouldErr: true, 1315 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 1316 }, {name: "allow and stop processing with debug logging and with counter", 1317 config: &RuleConfiguration{ 1318 Comment: "foobar barfoo", 1319 Conditions: []string{"exact match roles foobar"}, 1320 Action: `allow stop counter log debug`, 1321 }, 1322 want: map[string]interface{}{ 1323 "rule_type": "*acl.aclRuleAllowWithDebugLoggerCounterStop", 1324 "config_rule_type": "aclRuleAllowWithDebugLoggerCounterStop", 1325 "comment": "foobar barfoo", 1326 "action_name": "ruleActionAllow", 1327 "default_verdict_name": "ruleVerdictUnknown", 1328 "reserved_verdict_name": "ruleVerdictReserved", 1329 "default_action_name": "ruleActionUnknown", 1330 "reserved_action_name": "ruleActionReserved", 1331 "log_level": "debug", 1332 }, 1333 }, {name: "failed allow and stop processing with debug logging and with counter", 1334 config: &RuleConfiguration{ 1335 Comment: "foobar barfoo", 1336 Conditions: []string{"exact roles foobar"}, 1337 Action: `allow stop counter log debug`, 1338 }, 1339 shouldErr: true, 1340 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("exact roles foobar")), 1341 }, {name: "allow and stop processing with info logging and with counter", 1342 config: &RuleConfiguration{ 1343 Comment: "foobar barfoo", 1344 Conditions: []string{"exact match roles foobar"}, 1345 Action: `allow stop counter log info`, 1346 }, 1347 want: map[string]interface{}{ 1348 "rule_type": "*acl.aclRuleAllowWithInfoLoggerCounterStop", 1349 "config_rule_type": "aclRuleAllowWithInfoLoggerCounterStop", 1350 "comment": "foobar barfoo", 1351 "action_name": "ruleActionAllow", 1352 "default_verdict_name": "ruleVerdictUnknown", 1353 "reserved_verdict_name": "ruleVerdictReserved", 1354 "default_action_name": "ruleActionUnknown", 1355 "reserved_action_name": "ruleActionReserved", 1356 "log_level": "info", 1357 }, 1358 }, {name: "failed allow and stop processing with info logging and with counter", 1359 config: &RuleConfiguration{ 1360 Comment: "foobar barfoo", 1361 Conditions: []string{"exact roles foobar"}, 1362 Action: `allow stop counter log info`, 1363 }, 1364 shouldErr: true, 1365 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("exact roles foobar")), 1366 }, {name: "allow and stop processing with warn logging and with counter", 1367 config: &RuleConfiguration{ 1368 Comment: "foobar barfoo", 1369 Conditions: []string{"exact match roles foobar"}, 1370 Action: `allow stop counter log warn`, 1371 }, 1372 want: map[string]interface{}{ 1373 "rule_type": "*acl.aclRuleAllowWithWarnLoggerCounterStop", 1374 "config_rule_type": "aclRuleAllowWithWarnLoggerCounterStop", 1375 "comment": "foobar barfoo", 1376 "action_name": "ruleActionAllow", 1377 "default_verdict_name": "ruleVerdictUnknown", 1378 "reserved_verdict_name": "ruleVerdictReserved", 1379 "default_action_name": "ruleActionUnknown", 1380 "reserved_action_name": "ruleActionReserved", 1381 "log_level": "warn", 1382 }, 1383 }, {name: "failed allow and stop processing with warn logging and with counter", 1384 config: &RuleConfiguration{ 1385 Comment: "foobar barfoo", 1386 Conditions: []string{"exact roles foobar"}, 1387 Action: `allow stop counter log warn`, 1388 }, 1389 shouldErr: true, 1390 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("exact roles foobar")), 1391 }, {name: "allow and stop processing with error logging and with counter", 1392 config: &RuleConfiguration{ 1393 Comment: "foobar barfoo", 1394 Conditions: []string{"exact match roles foobar"}, 1395 Action: `allow stop counter log error`, 1396 }, 1397 want: map[string]interface{}{ 1398 "rule_type": "*acl.aclRuleAllowWithErrorLoggerCounterStop", 1399 "config_rule_type": "aclRuleAllowWithErrorLoggerCounterStop", 1400 "comment": "foobar barfoo", 1401 "action_name": "ruleActionAllow", 1402 "default_verdict_name": "ruleVerdictUnknown", 1403 "reserved_verdict_name": "ruleVerdictReserved", 1404 "default_action_name": "ruleActionUnknown", 1405 "reserved_action_name": "ruleActionReserved", 1406 "log_level": "error", 1407 }, 1408 }, {name: "failed allow and stop processing with error logging and with counter", 1409 config: &RuleConfiguration{ 1410 Comment: "foobar barfoo", 1411 Conditions: []string{"exact roles foobar"}, 1412 Action: `allow stop counter log error`, 1413 }, 1414 shouldErr: true, 1415 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("exact roles foobar")), 1416 }, {name: "allow any with debug logging and with counter", 1417 config: &RuleConfiguration{ 1418 Comment: "foobar barfoo", 1419 Conditions: []string{ 1420 "exact match roles foobar", 1421 "exact match org nyc", 1422 }, 1423 Action: `allow any counter log debug`, 1424 }, 1425 want: map[string]interface{}{ 1426 "rule_type": "*acl.aclRuleAllowWithDebugLoggerCounterMatchAny", 1427 "config_rule_type": "aclRuleAllowWithDebugLoggerCounterMatchAny", 1428 "comment": "foobar barfoo", 1429 "action_name": "ruleActionAllow", 1430 "default_verdict_name": "ruleVerdictUnknown", 1431 "reserved_verdict_name": "ruleVerdictReserved", 1432 "default_action_name": "ruleActionUnknown", 1433 "reserved_action_name": "ruleActionReserved", 1434 "log_level": "debug", 1435 }, 1436 }, {name: "failed allow any with debug logging and with counter", 1437 config: &RuleConfiguration{ 1438 Comment: "foobar barfoo", 1439 Conditions: []string{ 1440 "exact match roles foobar", 1441 "foo org nyc", 1442 }, 1443 Action: `allow any counter log debug`, 1444 }, 1445 shouldErr: true, 1446 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 1447 }, {name: "allow any with info logging and with counter", 1448 config: &RuleConfiguration{ 1449 Comment: "foobar barfoo", 1450 Conditions: []string{ 1451 "exact match roles foobar", 1452 "exact match org nyc", 1453 }, 1454 Action: `allow any counter log info`, 1455 }, 1456 want: map[string]interface{}{ 1457 "rule_type": "*acl.aclRuleAllowWithInfoLoggerCounterMatchAny", 1458 "config_rule_type": "aclRuleAllowWithInfoLoggerCounterMatchAny", 1459 "comment": "foobar barfoo", 1460 "action_name": "ruleActionAllow", 1461 "default_verdict_name": "ruleVerdictUnknown", 1462 "reserved_verdict_name": "ruleVerdictReserved", 1463 "default_action_name": "ruleActionUnknown", 1464 "reserved_action_name": "ruleActionReserved", 1465 "log_level": "info", 1466 }, 1467 }, {name: "failed allow any with info logging and with counter", 1468 config: &RuleConfiguration{ 1469 Comment: "foobar barfoo", 1470 Conditions: []string{ 1471 "exact match roles foobar", 1472 "foo org nyc", 1473 }, 1474 Action: `allow any counter log info`, 1475 }, 1476 shouldErr: true, 1477 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 1478 }, {name: "allow any with warn logging and with counter", 1479 config: &RuleConfiguration{ 1480 Comment: "foobar barfoo", 1481 Conditions: []string{ 1482 "exact match roles foobar", 1483 "exact match org nyc", 1484 }, 1485 Action: `allow any counter log warn`, 1486 }, 1487 want: map[string]interface{}{ 1488 "rule_type": "*acl.aclRuleAllowWithWarnLoggerCounterMatchAny", 1489 "config_rule_type": "aclRuleAllowWithWarnLoggerCounterMatchAny", 1490 "comment": "foobar barfoo", 1491 "action_name": "ruleActionAllow", 1492 "default_verdict_name": "ruleVerdictUnknown", 1493 "reserved_verdict_name": "ruleVerdictReserved", 1494 "default_action_name": "ruleActionUnknown", 1495 "reserved_action_name": "ruleActionReserved", 1496 "log_level": "warn", 1497 }, 1498 }, {name: "failed allow any with warn logging and with counter", 1499 config: &RuleConfiguration{ 1500 Comment: "foobar barfoo", 1501 Conditions: []string{ 1502 "exact match roles foobar", 1503 "foo org nyc", 1504 }, 1505 Action: `allow any counter log warn`, 1506 }, 1507 shouldErr: true, 1508 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 1509 }, {name: "allow any with error logging and with counter", 1510 config: &RuleConfiguration{ 1511 Comment: "foobar barfoo", 1512 Conditions: []string{ 1513 "exact match roles foobar", 1514 "exact match org nyc", 1515 }, 1516 Action: `allow any counter log error`, 1517 }, 1518 want: map[string]interface{}{ 1519 "rule_type": "*acl.aclRuleAllowWithErrorLoggerCounterMatchAny", 1520 "config_rule_type": "aclRuleAllowWithErrorLoggerCounterMatchAny", 1521 "comment": "foobar barfoo", 1522 "action_name": "ruleActionAllow", 1523 "default_verdict_name": "ruleVerdictUnknown", 1524 "reserved_verdict_name": "ruleVerdictReserved", 1525 "default_action_name": "ruleActionUnknown", 1526 "reserved_action_name": "ruleActionReserved", 1527 "log_level": "error", 1528 }, 1529 }, {name: "failed allow any with error logging and with counter", 1530 config: &RuleConfiguration{ 1531 Comment: "foobar barfoo", 1532 Conditions: []string{ 1533 "exact match roles foobar", 1534 "foo org nyc", 1535 }, 1536 Action: `allow any counter log error`, 1537 }, 1538 shouldErr: true, 1539 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 1540 }, {name: "allow all with debug logging and with counter", 1541 config: &RuleConfiguration{ 1542 Comment: "foobar barfoo", 1543 Conditions: []string{ 1544 "exact match roles foobar", 1545 "exact match org nyc", 1546 }, 1547 Action: `allow counter log debug`, 1548 }, 1549 want: map[string]interface{}{ 1550 "rule_type": "*acl.aclRuleAllowWithDebugLoggerCounterMatchAll", 1551 "config_rule_type": "aclRuleAllowWithDebugLoggerCounterMatchAll", 1552 "comment": "foobar barfoo", 1553 "action_name": "ruleActionAllow", 1554 "default_verdict_name": "ruleVerdictUnknown", 1555 "reserved_verdict_name": "ruleVerdictReserved", 1556 "default_action_name": "ruleActionUnknown", 1557 "reserved_action_name": "ruleActionReserved", 1558 "log_level": "debug", 1559 }, 1560 }, {name: "failed allow all with debug logging and with counter", 1561 config: &RuleConfiguration{ 1562 Comment: "foobar barfoo", 1563 Conditions: []string{ 1564 "exact match roles foobar", 1565 "foo org nyc", 1566 }, 1567 Action: `allow counter log debug`, 1568 }, 1569 shouldErr: true, 1570 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 1571 }, {name: "allow all with info logging and with counter", 1572 config: &RuleConfiguration{ 1573 Comment: "foobar barfoo", 1574 Conditions: []string{ 1575 "exact match roles foobar", 1576 "exact match org nyc", 1577 }, 1578 Action: `allow counter log info`, 1579 }, 1580 want: map[string]interface{}{ 1581 "rule_type": "*acl.aclRuleAllowWithInfoLoggerCounterMatchAll", 1582 "config_rule_type": "aclRuleAllowWithInfoLoggerCounterMatchAll", 1583 "comment": "foobar barfoo", 1584 "action_name": "ruleActionAllow", 1585 "default_verdict_name": "ruleVerdictUnknown", 1586 "reserved_verdict_name": "ruleVerdictReserved", 1587 "default_action_name": "ruleActionUnknown", 1588 "reserved_action_name": "ruleActionReserved", 1589 "log_level": "info", 1590 }, 1591 }, {name: "failed allow all with info logging and with counter", 1592 config: &RuleConfiguration{ 1593 Comment: "foobar barfoo", 1594 Conditions: []string{ 1595 "exact match roles foobar", 1596 "foo org nyc", 1597 }, 1598 Action: `allow counter log info`, 1599 }, 1600 shouldErr: true, 1601 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 1602 }, {name: "allow all with warn logging and with counter", 1603 config: &RuleConfiguration{ 1604 Comment: "foobar barfoo", 1605 Conditions: []string{ 1606 "exact match roles foobar", 1607 "exact match org nyc", 1608 }, 1609 Action: `allow counter log warn`, 1610 }, 1611 want: map[string]interface{}{ 1612 "rule_type": "*acl.aclRuleAllowWithWarnLoggerCounterMatchAll", 1613 "config_rule_type": "aclRuleAllowWithWarnLoggerCounterMatchAll", 1614 "comment": "foobar barfoo", 1615 "action_name": "ruleActionAllow", 1616 "default_verdict_name": "ruleVerdictUnknown", 1617 "reserved_verdict_name": "ruleVerdictReserved", 1618 "default_action_name": "ruleActionUnknown", 1619 "reserved_action_name": "ruleActionReserved", 1620 "log_level": "warn", 1621 }, 1622 }, {name: "failed allow all with warn logging and with counter", 1623 config: &RuleConfiguration{ 1624 Comment: "foobar barfoo", 1625 Conditions: []string{ 1626 "exact match roles foobar", 1627 "foo org nyc", 1628 }, 1629 Action: `allow counter log warn`, 1630 }, 1631 shouldErr: true, 1632 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 1633 }, {name: "allow all with error logging and with counter", 1634 config: &RuleConfiguration{ 1635 Comment: "foobar barfoo", 1636 Conditions: []string{ 1637 "exact match roles foobar", 1638 "exact match org nyc", 1639 }, 1640 Action: `allow counter log error`, 1641 }, 1642 want: map[string]interface{}{ 1643 "rule_type": "*acl.aclRuleAllowWithErrorLoggerCounterMatchAll", 1644 "config_rule_type": "aclRuleAllowWithErrorLoggerCounterMatchAll", 1645 "comment": "foobar barfoo", 1646 "action_name": "ruleActionAllow", 1647 "default_verdict_name": "ruleVerdictUnknown", 1648 "reserved_verdict_name": "ruleVerdictReserved", 1649 "default_action_name": "ruleActionUnknown", 1650 "reserved_action_name": "ruleActionReserved", 1651 "log_level": "error", 1652 }, 1653 }, {name: "failed allow all with error logging and with counter", 1654 config: &RuleConfiguration{ 1655 Comment: "foobar barfoo", 1656 Conditions: []string{ 1657 "exact match roles foobar", 1658 "foo org nyc", 1659 }, 1660 Action: `allow counter log error`, 1661 }, 1662 shouldErr: true, 1663 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 1664 }, {name: "allow with debug logging and with counter", 1665 config: &RuleConfiguration{ 1666 Comment: "foobar barfoo", 1667 Conditions: []string{"exact match roles foobar"}, 1668 Action: `allow counter log debug`, 1669 }, 1670 want: map[string]interface{}{ 1671 "rule_type": "*acl.aclRuleAllowWithDebugLoggerCounter", 1672 "config_rule_type": "aclRuleAllowWithDebugLoggerCounter", 1673 "comment": "foobar barfoo", 1674 "action_name": "ruleActionAllow", 1675 "default_verdict_name": "ruleVerdictUnknown", 1676 "reserved_verdict_name": "ruleVerdictReserved", 1677 "default_action_name": "ruleActionUnknown", 1678 "reserved_action_name": "ruleActionReserved", 1679 "log_level": "debug", 1680 }, 1681 }, {name: "failed allow with debug logging and with counter", 1682 config: &RuleConfiguration{ 1683 Comment: "foobar barfoo", 1684 Conditions: []string{"exact roles foobar"}, 1685 Action: `allow counter log debug`, 1686 }, 1687 shouldErr: true, 1688 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("exact roles foobar")), 1689 }, {name: "allow with info logging and with counter", 1690 config: &RuleConfiguration{ 1691 Comment: "foobar barfoo", 1692 Conditions: []string{"exact match roles foobar"}, 1693 Action: `allow counter log info`, 1694 }, 1695 want: map[string]interface{}{ 1696 "rule_type": "*acl.aclRuleAllowWithInfoLoggerCounter", 1697 "config_rule_type": "aclRuleAllowWithInfoLoggerCounter", 1698 "comment": "foobar barfoo", 1699 "action_name": "ruleActionAllow", 1700 "default_verdict_name": "ruleVerdictUnknown", 1701 "reserved_verdict_name": "ruleVerdictReserved", 1702 "default_action_name": "ruleActionUnknown", 1703 "reserved_action_name": "ruleActionReserved", 1704 "log_level": "info", 1705 }, 1706 }, {name: "failed allow with info logging and with counter", 1707 config: &RuleConfiguration{ 1708 Comment: "foobar barfoo", 1709 Conditions: []string{"exact roles foobar"}, 1710 Action: `allow counter log info`, 1711 }, 1712 shouldErr: true, 1713 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("exact roles foobar")), 1714 }, {name: "allow with warn logging and with counter", 1715 config: &RuleConfiguration{ 1716 Comment: "foobar barfoo", 1717 Conditions: []string{"exact match roles foobar"}, 1718 Action: `allow counter log warn`, 1719 }, 1720 want: map[string]interface{}{ 1721 "rule_type": "*acl.aclRuleAllowWithWarnLoggerCounter", 1722 "config_rule_type": "aclRuleAllowWithWarnLoggerCounter", 1723 "comment": "foobar barfoo", 1724 "action_name": "ruleActionAllow", 1725 "default_verdict_name": "ruleVerdictUnknown", 1726 "reserved_verdict_name": "ruleVerdictReserved", 1727 "default_action_name": "ruleActionUnknown", 1728 "reserved_action_name": "ruleActionReserved", 1729 "log_level": "warn", 1730 }, 1731 }, {name: "failed allow with warn logging and with counter", 1732 config: &RuleConfiguration{ 1733 Comment: "foobar barfoo", 1734 Conditions: []string{"exact roles foobar"}, 1735 Action: `allow counter log warn`, 1736 }, 1737 shouldErr: true, 1738 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("exact roles foobar")), 1739 }, {name: "allow with error logging and with counter", 1740 config: &RuleConfiguration{ 1741 Comment: "foobar barfoo", 1742 Conditions: []string{"exact match roles foobar"}, 1743 Action: `allow counter log error`, 1744 }, 1745 want: map[string]interface{}{ 1746 "rule_type": "*acl.aclRuleAllowWithErrorLoggerCounter", 1747 "config_rule_type": "aclRuleAllowWithErrorLoggerCounter", 1748 "comment": "foobar barfoo", 1749 "action_name": "ruleActionAllow", 1750 "default_verdict_name": "ruleVerdictUnknown", 1751 "reserved_verdict_name": "ruleVerdictReserved", 1752 "default_action_name": "ruleActionUnknown", 1753 "reserved_action_name": "ruleActionReserved", 1754 "log_level": "error", 1755 }, 1756 }, {name: "failed allow with error logging and with counter", 1757 config: &RuleConfiguration{ 1758 Comment: "foobar barfoo", 1759 Conditions: []string{"exact roles foobar"}, 1760 Action: `allow counter log error`, 1761 }, 1762 shouldErr: true, 1763 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("exact roles foobar")), 1764 }, {name: "deny any and stop processing without counter and logging", 1765 config: &RuleConfiguration{ 1766 Comment: "foobar barfoo", 1767 Conditions: []string{ 1768 "exact match roles foobar", 1769 "exact match org nyc", 1770 }, 1771 Action: `deny any stop`, 1772 }, 1773 want: map[string]interface{}{ 1774 "rule_type": "*acl.aclRuleDenyMatchAnyStop", 1775 "config_rule_type": "aclRuleDenyMatchAnyStop", 1776 "comment": "foobar barfoo", 1777 "action_name": "ruleActionDeny", 1778 "default_verdict_name": "ruleVerdictUnknown", 1779 "reserved_verdict_name": "ruleVerdictReserved", 1780 "default_action_name": "ruleActionUnknown", 1781 "reserved_action_name": "ruleActionReserved", 1782 }, 1783 }, {name: "failed deny any and stop processing without counter and logging", 1784 config: &RuleConfiguration{ 1785 Comment: "foobar barfoo", 1786 Conditions: []string{ 1787 "exact match roles foobar", 1788 "foo org nyc", 1789 }, 1790 Action: `deny any stop`, 1791 }, 1792 shouldErr: true, 1793 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 1794 }, {name: "deny all and stop processing without counter and logging", 1795 config: &RuleConfiguration{ 1796 Comment: "foobar barfoo", 1797 Conditions: []string{ 1798 "exact match roles foobar", 1799 "exact match org nyc", 1800 }, 1801 Action: `deny stop`, 1802 }, 1803 want: map[string]interface{}{ 1804 "rule_type": "*acl.aclRuleDenyMatchAllStop", 1805 "config_rule_type": "aclRuleDenyMatchAllStop", 1806 "comment": "foobar barfoo", 1807 "action_name": "ruleActionDeny", 1808 "default_verdict_name": "ruleVerdictUnknown", 1809 "reserved_verdict_name": "ruleVerdictReserved", 1810 "default_action_name": "ruleActionUnknown", 1811 "reserved_action_name": "ruleActionReserved", 1812 }, 1813 }, {name: "failed deny all and stop processing without counter and logging", 1814 config: &RuleConfiguration{ 1815 Comment: "foobar barfoo", 1816 Conditions: []string{ 1817 "exact match roles foobar", 1818 "foo org nyc", 1819 }, 1820 Action: `deny stop`, 1821 }, 1822 shouldErr: true, 1823 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 1824 }, {name: "deny and stop processing without counter and logging", 1825 config: &RuleConfiguration{ 1826 Comment: "foobar barfoo", 1827 Conditions: []string{"exact match roles foobar"}, 1828 Action: `deny stop`, 1829 }, 1830 want: map[string]interface{}{ 1831 "rule_type": "*acl.aclRuleDenyStop", 1832 "config_rule_type": "aclRuleDenyStop", 1833 "comment": "foobar barfoo", 1834 "action_name": "ruleActionDeny", 1835 "default_verdict_name": "ruleVerdictUnknown", 1836 "reserved_verdict_name": "ruleVerdictReserved", 1837 "default_action_name": "ruleActionUnknown", 1838 "reserved_action_name": "ruleActionReserved", 1839 }, 1840 }, {name: "failed deny and stop processing without counter and logging", 1841 config: &RuleConfiguration{ 1842 Comment: "foobar barfoo", 1843 Conditions: []string{"exact roles foobar"}, 1844 Action: `deny stop`, 1845 }, 1846 shouldErr: true, 1847 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("exact roles foobar")), 1848 }, {name: "deny any without counter and logging", 1849 config: &RuleConfiguration{ 1850 Comment: "foobar barfoo", 1851 Conditions: []string{ 1852 "exact match roles foobar", 1853 "exact match org nyc", 1854 }, 1855 Action: `deny any`, 1856 }, 1857 want: map[string]interface{}{ 1858 "rule_type": "*acl.aclRuleDenyMatchAny", 1859 "config_rule_type": "aclRuleDenyMatchAny", 1860 "comment": "foobar barfoo", 1861 "action_name": "ruleActionDeny", 1862 "default_verdict_name": "ruleVerdictUnknown", 1863 "reserved_verdict_name": "ruleVerdictReserved", 1864 "default_action_name": "ruleActionUnknown", 1865 "reserved_action_name": "ruleActionReserved", 1866 }, 1867 }, {name: "failed deny any without counter and logging", 1868 config: &RuleConfiguration{ 1869 Comment: "foobar barfoo", 1870 Conditions: []string{ 1871 "exact match roles foobar", 1872 "foo org nyc", 1873 }, 1874 Action: `deny any`, 1875 }, 1876 shouldErr: true, 1877 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 1878 }, {name: "deny all without counter and logging", 1879 config: &RuleConfiguration{ 1880 Comment: "foobar barfoo", 1881 Conditions: []string{ 1882 "exact match roles foobar", 1883 "exact match org nyc", 1884 }, 1885 Action: `deny`, 1886 }, 1887 want: map[string]interface{}{ 1888 "rule_type": "*acl.aclRuleDenyMatchAll", 1889 "config_rule_type": "aclRuleDenyMatchAll", 1890 "comment": "foobar barfoo", 1891 "action_name": "ruleActionDeny", 1892 "default_verdict_name": "ruleVerdictUnknown", 1893 "reserved_verdict_name": "ruleVerdictReserved", 1894 "default_action_name": "ruleActionUnknown", 1895 "reserved_action_name": "ruleActionReserved", 1896 }, 1897 }, {name: "failed deny all without counter and logging", 1898 config: &RuleConfiguration{ 1899 Comment: "foobar barfoo", 1900 Conditions: []string{ 1901 "exact match roles foobar", 1902 "foo org nyc", 1903 }, 1904 Action: `deny`, 1905 }, 1906 shouldErr: true, 1907 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 1908 }, {name: "deny without counter and logging", 1909 config: &RuleConfiguration{ 1910 Comment: "foobar barfoo", 1911 Conditions: []string{"exact match roles foobar"}, 1912 Action: `deny`, 1913 }, 1914 want: map[string]interface{}{ 1915 "rule_type": "*acl.aclRuleDeny", 1916 "config_rule_type": "aclRuleDeny", 1917 "comment": "foobar barfoo", 1918 "action_name": "ruleActionDeny", 1919 "default_verdict_name": "ruleVerdictUnknown", 1920 "reserved_verdict_name": "ruleVerdictReserved", 1921 "default_action_name": "ruleActionUnknown", 1922 "reserved_action_name": "ruleActionReserved", 1923 }, 1924 }, {name: "failed deny without counter and logging", 1925 config: &RuleConfiguration{ 1926 Comment: "foobar barfoo", 1927 Conditions: []string{"exact roles foobar"}, 1928 Action: `deny`, 1929 }, 1930 shouldErr: true, 1931 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("exact roles foobar")), 1932 }, {name: "deny any and stop processing with debug logging and without counter", 1933 config: &RuleConfiguration{ 1934 Comment: "foobar barfoo", 1935 Conditions: []string{ 1936 "exact match roles foobar", 1937 "exact match org nyc", 1938 }, 1939 Action: `deny any stop log debug`, 1940 }, 1941 want: map[string]interface{}{ 1942 "rule_type": "*acl.aclRuleDenyWithDebugLoggerMatchAnyStop", 1943 "config_rule_type": "aclRuleDenyWithDebugLoggerMatchAnyStop", 1944 "comment": "foobar barfoo", 1945 "action_name": "ruleActionDeny", 1946 "default_verdict_name": "ruleVerdictUnknown", 1947 "reserved_verdict_name": "ruleVerdictReserved", 1948 "default_action_name": "ruleActionUnknown", 1949 "reserved_action_name": "ruleActionReserved", 1950 "log_level": "debug", 1951 }, 1952 }, {name: "failed deny any and stop processing with debug logging and without counter", 1953 config: &RuleConfiguration{ 1954 Comment: "foobar barfoo", 1955 Conditions: []string{ 1956 "exact match roles foobar", 1957 "foo org nyc", 1958 }, 1959 Action: `deny any stop log debug`, 1960 }, 1961 shouldErr: true, 1962 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 1963 }, {name: "deny any and stop processing with info logging and without counter", 1964 config: &RuleConfiguration{ 1965 Comment: "foobar barfoo", 1966 Conditions: []string{ 1967 "exact match roles foobar", 1968 "exact match org nyc", 1969 }, 1970 Action: `deny any stop log info`, 1971 }, 1972 want: map[string]interface{}{ 1973 "rule_type": "*acl.aclRuleDenyWithInfoLoggerMatchAnyStop", 1974 "config_rule_type": "aclRuleDenyWithInfoLoggerMatchAnyStop", 1975 "comment": "foobar barfoo", 1976 "action_name": "ruleActionDeny", 1977 "default_verdict_name": "ruleVerdictUnknown", 1978 "reserved_verdict_name": "ruleVerdictReserved", 1979 "default_action_name": "ruleActionUnknown", 1980 "reserved_action_name": "ruleActionReserved", 1981 "log_level": "info", 1982 }, 1983 }, {name: "failed deny any and stop processing with info logging and without counter", 1984 config: &RuleConfiguration{ 1985 Comment: "foobar barfoo", 1986 Conditions: []string{ 1987 "exact match roles foobar", 1988 "foo org nyc", 1989 }, 1990 Action: `deny any stop log info`, 1991 }, 1992 shouldErr: true, 1993 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 1994 }, {name: "deny any and stop processing with warn logging and without counter", 1995 config: &RuleConfiguration{ 1996 Comment: "foobar barfoo", 1997 Conditions: []string{ 1998 "exact match roles foobar", 1999 "exact match org nyc", 2000 }, 2001 Action: `deny any stop log warn`, 2002 }, 2003 want: map[string]interface{}{ 2004 "rule_type": "*acl.aclRuleDenyWithWarnLoggerMatchAnyStop", 2005 "config_rule_type": "aclRuleDenyWithWarnLoggerMatchAnyStop", 2006 "comment": "foobar barfoo", 2007 "action_name": "ruleActionDeny", 2008 "default_verdict_name": "ruleVerdictUnknown", 2009 "reserved_verdict_name": "ruleVerdictReserved", 2010 "default_action_name": "ruleActionUnknown", 2011 "reserved_action_name": "ruleActionReserved", 2012 "log_level": "warn", 2013 }, 2014 }, {name: "failed deny any and stop processing with warn logging and without counter", 2015 config: &RuleConfiguration{ 2016 Comment: "foobar barfoo", 2017 Conditions: []string{ 2018 "exact match roles foobar", 2019 "foo org nyc", 2020 }, 2021 Action: `deny any stop log warn`, 2022 }, 2023 shouldErr: true, 2024 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 2025 }, {name: "deny any and stop processing with error logging and without counter", 2026 config: &RuleConfiguration{ 2027 Comment: "foobar barfoo", 2028 Conditions: []string{ 2029 "exact match roles foobar", 2030 "exact match org nyc", 2031 }, 2032 Action: `deny any stop log error`, 2033 }, 2034 want: map[string]interface{}{ 2035 "rule_type": "*acl.aclRuleDenyWithErrorLoggerMatchAnyStop", 2036 "config_rule_type": "aclRuleDenyWithErrorLoggerMatchAnyStop", 2037 "comment": "foobar barfoo", 2038 "action_name": "ruleActionDeny", 2039 "default_verdict_name": "ruleVerdictUnknown", 2040 "reserved_verdict_name": "ruleVerdictReserved", 2041 "default_action_name": "ruleActionUnknown", 2042 "reserved_action_name": "ruleActionReserved", 2043 "log_level": "error", 2044 }, 2045 }, {name: "failed deny any and stop processing with error logging and without counter", 2046 config: &RuleConfiguration{ 2047 Comment: "foobar barfoo", 2048 Conditions: []string{ 2049 "exact match roles foobar", 2050 "foo org nyc", 2051 }, 2052 Action: `deny any stop log error`, 2053 }, 2054 shouldErr: true, 2055 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 2056 }, {name: "deny all and stop processing with debug logging and without counter", 2057 config: &RuleConfiguration{ 2058 Comment: "foobar barfoo", 2059 Conditions: []string{ 2060 "exact match roles foobar", 2061 "exact match org nyc", 2062 }, 2063 Action: `deny stop log debug`, 2064 }, 2065 want: map[string]interface{}{ 2066 "rule_type": "*acl.aclRuleDenyWithDebugLoggerMatchAllStop", 2067 "config_rule_type": "aclRuleDenyWithDebugLoggerMatchAllStop", 2068 "comment": "foobar barfoo", 2069 "action_name": "ruleActionDeny", 2070 "default_verdict_name": "ruleVerdictUnknown", 2071 "reserved_verdict_name": "ruleVerdictReserved", 2072 "default_action_name": "ruleActionUnknown", 2073 "reserved_action_name": "ruleActionReserved", 2074 "log_level": "debug", 2075 }, 2076 }, {name: "failed deny all and stop processing with debug logging and without counter", 2077 config: &RuleConfiguration{ 2078 Comment: "foobar barfoo", 2079 Conditions: []string{ 2080 "exact match roles foobar", 2081 "foo org nyc", 2082 }, 2083 Action: `deny stop log debug`, 2084 }, 2085 shouldErr: true, 2086 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 2087 }, {name: "deny all and stop processing with info logging and without counter", 2088 config: &RuleConfiguration{ 2089 Comment: "foobar barfoo", 2090 Conditions: []string{ 2091 "exact match roles foobar", 2092 "exact match org nyc", 2093 }, 2094 Action: `deny stop log info`, 2095 }, 2096 want: map[string]interface{}{ 2097 "rule_type": "*acl.aclRuleDenyWithInfoLoggerMatchAllStop", 2098 "config_rule_type": "aclRuleDenyWithInfoLoggerMatchAllStop", 2099 "comment": "foobar barfoo", 2100 "action_name": "ruleActionDeny", 2101 "default_verdict_name": "ruleVerdictUnknown", 2102 "reserved_verdict_name": "ruleVerdictReserved", 2103 "default_action_name": "ruleActionUnknown", 2104 "reserved_action_name": "ruleActionReserved", 2105 "log_level": "info", 2106 }, 2107 }, {name: "failed deny all and stop processing with info logging and without counter", 2108 config: &RuleConfiguration{ 2109 Comment: "foobar barfoo", 2110 Conditions: []string{ 2111 "exact match roles foobar", 2112 "foo org nyc", 2113 }, 2114 Action: `deny stop log info`, 2115 }, 2116 shouldErr: true, 2117 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 2118 }, {name: "deny all and stop processing with warn logging and without counter", 2119 config: &RuleConfiguration{ 2120 Comment: "foobar barfoo", 2121 Conditions: []string{ 2122 "exact match roles foobar", 2123 "exact match org nyc", 2124 }, 2125 Action: `deny stop log warn`, 2126 }, 2127 want: map[string]interface{}{ 2128 "rule_type": "*acl.aclRuleDenyWithWarnLoggerMatchAllStop", 2129 "config_rule_type": "aclRuleDenyWithWarnLoggerMatchAllStop", 2130 "comment": "foobar barfoo", 2131 "action_name": "ruleActionDeny", 2132 "default_verdict_name": "ruleVerdictUnknown", 2133 "reserved_verdict_name": "ruleVerdictReserved", 2134 "default_action_name": "ruleActionUnknown", 2135 "reserved_action_name": "ruleActionReserved", 2136 "log_level": "warn", 2137 }, 2138 }, {name: "failed deny all and stop processing with warn logging and without counter", 2139 config: &RuleConfiguration{ 2140 Comment: "foobar barfoo", 2141 Conditions: []string{ 2142 "exact match roles foobar", 2143 "foo org nyc", 2144 }, 2145 Action: `deny stop log warn`, 2146 }, 2147 shouldErr: true, 2148 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 2149 }, {name: "deny all and stop processing with error logging and without counter", 2150 config: &RuleConfiguration{ 2151 Comment: "foobar barfoo", 2152 Conditions: []string{ 2153 "exact match roles foobar", 2154 "exact match org nyc", 2155 }, 2156 Action: `deny stop log error`, 2157 }, 2158 want: map[string]interface{}{ 2159 "rule_type": "*acl.aclRuleDenyWithErrorLoggerMatchAllStop", 2160 "config_rule_type": "aclRuleDenyWithErrorLoggerMatchAllStop", 2161 "comment": "foobar barfoo", 2162 "action_name": "ruleActionDeny", 2163 "default_verdict_name": "ruleVerdictUnknown", 2164 "reserved_verdict_name": "ruleVerdictReserved", 2165 "default_action_name": "ruleActionUnknown", 2166 "reserved_action_name": "ruleActionReserved", 2167 "log_level": "error", 2168 }, 2169 }, {name: "failed deny all and stop processing with error logging and without counter", 2170 config: &RuleConfiguration{ 2171 Comment: "foobar barfoo", 2172 Conditions: []string{ 2173 "exact match roles foobar", 2174 "foo org nyc", 2175 }, 2176 Action: `deny stop log error`, 2177 }, 2178 shouldErr: true, 2179 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 2180 }, {name: "deny and stop processing with debug logging and without counter", 2181 config: &RuleConfiguration{ 2182 Comment: "foobar barfoo", 2183 Conditions: []string{"exact match roles foobar"}, 2184 Action: `deny stop log debug`, 2185 }, 2186 want: map[string]interface{}{ 2187 "rule_type": "*acl.aclRuleDenyWithDebugLoggerStop", 2188 "config_rule_type": "aclRuleDenyWithDebugLoggerStop", 2189 "comment": "foobar barfoo", 2190 "action_name": "ruleActionDeny", 2191 "default_verdict_name": "ruleVerdictUnknown", 2192 "reserved_verdict_name": "ruleVerdictReserved", 2193 "default_action_name": "ruleActionUnknown", 2194 "reserved_action_name": "ruleActionReserved", 2195 "log_level": "debug", 2196 }, 2197 }, {name: "failed deny and stop processing with debug logging and without counter", 2198 config: &RuleConfiguration{ 2199 Comment: "foobar barfoo", 2200 Conditions: []string{"exact roles foobar"}, 2201 Action: `deny stop log debug`, 2202 }, 2203 shouldErr: true, 2204 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("exact roles foobar")), 2205 }, {name: "deny and stop processing with info logging and without counter", 2206 config: &RuleConfiguration{ 2207 Comment: "foobar barfoo", 2208 Conditions: []string{"exact match roles foobar"}, 2209 Action: `deny stop log tag foobar`, 2210 }, 2211 want: map[string]interface{}{ 2212 "rule_type": "*acl.aclRuleDenyWithInfoLoggerStop", 2213 "config_rule_type": "aclRuleDenyWithInfoLoggerStop", 2214 "comment": "foobar barfoo", 2215 "action_name": "ruleActionDeny", 2216 "default_verdict_name": "ruleVerdictUnknown", 2217 "reserved_verdict_name": "ruleVerdictReserved", 2218 "default_action_name": "ruleActionUnknown", 2219 "reserved_action_name": "ruleActionReserved", 2220 "tag": "foobar", 2221 "log_level": "info", 2222 }, 2223 }, {name: "failed deny and stop processing with info logging and without counter", 2224 config: &RuleConfiguration{ 2225 Comment: "foobar barfoo", 2226 Conditions: []string{"exact roles foobar"}, 2227 Action: `deny stop log tag foobar`, 2228 }, 2229 shouldErr: true, 2230 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("exact roles foobar")), 2231 }, {name: "deny and stop processing with warn logging and without counter", 2232 config: &RuleConfiguration{ 2233 Comment: "foobar barfoo", 2234 Conditions: []string{"exact match roles foobar"}, 2235 Action: `deny stop log warn`, 2236 }, 2237 want: map[string]interface{}{ 2238 "rule_type": "*acl.aclRuleDenyWithWarnLoggerStop", 2239 "config_rule_type": "aclRuleDenyWithWarnLoggerStop", 2240 "comment": "foobar barfoo", 2241 "action_name": "ruleActionDeny", 2242 "default_verdict_name": "ruleVerdictUnknown", 2243 "reserved_verdict_name": "ruleVerdictReserved", 2244 "default_action_name": "ruleActionUnknown", 2245 "reserved_action_name": "ruleActionReserved", 2246 "log_level": "warn", 2247 }, 2248 }, {name: "failed deny and stop processing with warn logging and without counter", 2249 config: &RuleConfiguration{ 2250 Comment: "foobar barfoo", 2251 Conditions: []string{"exact roles foobar"}, 2252 Action: `deny stop log warn`, 2253 }, 2254 shouldErr: true, 2255 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("exact roles foobar")), 2256 }, {name: "deny and stop processing with error logging and without counter", 2257 config: &RuleConfiguration{ 2258 Comment: "foobar barfoo", 2259 Conditions: []string{"exact match roles foobar"}, 2260 Action: `deny stop log error`, 2261 }, 2262 want: map[string]interface{}{ 2263 "rule_type": "*acl.aclRuleDenyWithErrorLoggerStop", 2264 "config_rule_type": "aclRuleDenyWithErrorLoggerStop", 2265 "comment": "foobar barfoo", 2266 "action_name": "ruleActionDeny", 2267 "default_verdict_name": "ruleVerdictUnknown", 2268 "reserved_verdict_name": "ruleVerdictReserved", 2269 "default_action_name": "ruleActionUnknown", 2270 "reserved_action_name": "ruleActionReserved", 2271 "log_level": "error", 2272 }, 2273 }, {name: "failed deny and stop processing with error logging and without counter", 2274 config: &RuleConfiguration{ 2275 Comment: "foobar barfoo", 2276 Conditions: []string{"exact roles foobar"}, 2277 Action: `deny stop log error`, 2278 }, 2279 shouldErr: true, 2280 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("exact roles foobar")), 2281 }, {name: "deny any with debug logging and without counter", 2282 config: &RuleConfiguration{ 2283 Comment: "foobar barfoo", 2284 Conditions: []string{ 2285 "exact match roles foobar", 2286 "exact match org nyc", 2287 }, 2288 Action: `deny any log debug`, 2289 }, 2290 want: map[string]interface{}{ 2291 "rule_type": "*acl.aclRuleDenyWithDebugLoggerMatchAny", 2292 "config_rule_type": "aclRuleDenyWithDebugLoggerMatchAny", 2293 "comment": "foobar barfoo", 2294 "action_name": "ruleActionDeny", 2295 "default_verdict_name": "ruleVerdictUnknown", 2296 "reserved_verdict_name": "ruleVerdictReserved", 2297 "default_action_name": "ruleActionUnknown", 2298 "reserved_action_name": "ruleActionReserved", 2299 "log_level": "debug", 2300 }, 2301 }, {name: "failed deny any with debug logging and without counter", 2302 config: &RuleConfiguration{ 2303 Comment: "foobar barfoo", 2304 Conditions: []string{ 2305 "exact match roles foobar", 2306 "foo org nyc", 2307 }, 2308 Action: `deny any log debug`, 2309 }, 2310 shouldErr: true, 2311 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 2312 }, {name: "deny any with info logging and without counter", 2313 config: &RuleConfiguration{ 2314 Comment: "foobar barfoo", 2315 Conditions: []string{ 2316 "exact match roles foobar", 2317 "exact match org nyc", 2318 }, 2319 Action: `deny any log info`, 2320 }, 2321 want: map[string]interface{}{ 2322 "rule_type": "*acl.aclRuleDenyWithInfoLoggerMatchAny", 2323 "config_rule_type": "aclRuleDenyWithInfoLoggerMatchAny", 2324 "comment": "foobar barfoo", 2325 "action_name": "ruleActionDeny", 2326 "default_verdict_name": "ruleVerdictUnknown", 2327 "reserved_verdict_name": "ruleVerdictReserved", 2328 "default_action_name": "ruleActionUnknown", 2329 "reserved_action_name": "ruleActionReserved", 2330 "log_level": "info", 2331 }, 2332 }, {name: "failed deny any with info logging and without counter", 2333 config: &RuleConfiguration{ 2334 Comment: "foobar barfoo", 2335 Conditions: []string{ 2336 "exact match roles foobar", 2337 "foo org nyc", 2338 }, 2339 Action: `deny any log info`, 2340 }, 2341 shouldErr: true, 2342 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 2343 }, {name: "deny any with warn logging and without counter", 2344 config: &RuleConfiguration{ 2345 Comment: "foobar barfoo", 2346 Conditions: []string{ 2347 "exact match roles foobar", 2348 "exact match org nyc", 2349 }, 2350 Action: `deny any log warn`, 2351 }, 2352 want: map[string]interface{}{ 2353 "rule_type": "*acl.aclRuleDenyWithWarnLoggerMatchAny", 2354 "config_rule_type": "aclRuleDenyWithWarnLoggerMatchAny", 2355 "comment": "foobar barfoo", 2356 "action_name": "ruleActionDeny", 2357 "default_verdict_name": "ruleVerdictUnknown", 2358 "reserved_verdict_name": "ruleVerdictReserved", 2359 "default_action_name": "ruleActionUnknown", 2360 "reserved_action_name": "ruleActionReserved", 2361 "log_level": "warn", 2362 }, 2363 }, {name: "failed deny any with warn logging and without counter", 2364 config: &RuleConfiguration{ 2365 Comment: "foobar barfoo", 2366 Conditions: []string{ 2367 "exact match roles foobar", 2368 "foo org nyc", 2369 }, 2370 Action: `deny any log warn`, 2371 }, 2372 shouldErr: true, 2373 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 2374 }, {name: "deny any with error logging and without counter", 2375 config: &RuleConfiguration{ 2376 Comment: "foobar barfoo", 2377 Conditions: []string{ 2378 "exact match roles foobar", 2379 "exact match org nyc", 2380 }, 2381 Action: `deny any log error`, 2382 }, 2383 want: map[string]interface{}{ 2384 "rule_type": "*acl.aclRuleDenyWithErrorLoggerMatchAny", 2385 "config_rule_type": "aclRuleDenyWithErrorLoggerMatchAny", 2386 "comment": "foobar barfoo", 2387 "action_name": "ruleActionDeny", 2388 "default_verdict_name": "ruleVerdictUnknown", 2389 "reserved_verdict_name": "ruleVerdictReserved", 2390 "default_action_name": "ruleActionUnknown", 2391 "reserved_action_name": "ruleActionReserved", 2392 "log_level": "error", 2393 }, 2394 }, {name: "failed deny any with error logging and without counter", 2395 config: &RuleConfiguration{ 2396 Comment: "foobar barfoo", 2397 Conditions: []string{ 2398 "exact match roles foobar", 2399 "foo org nyc", 2400 }, 2401 Action: `deny any log error`, 2402 }, 2403 shouldErr: true, 2404 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 2405 }, {name: "deny all with debug logging and without counter", 2406 config: &RuleConfiguration{ 2407 Comment: "foobar barfoo", 2408 Conditions: []string{ 2409 "exact match roles foobar", 2410 "exact match org nyc", 2411 }, 2412 Action: `deny log debug`, 2413 }, 2414 want: map[string]interface{}{ 2415 "rule_type": "*acl.aclRuleDenyWithDebugLoggerMatchAll", 2416 "config_rule_type": "aclRuleDenyWithDebugLoggerMatchAll", 2417 "comment": "foobar barfoo", 2418 "action_name": "ruleActionDeny", 2419 "default_verdict_name": "ruleVerdictUnknown", 2420 "reserved_verdict_name": "ruleVerdictReserved", 2421 "default_action_name": "ruleActionUnknown", 2422 "reserved_action_name": "ruleActionReserved", 2423 "log_level": "debug", 2424 }, 2425 }, {name: "failed deny all with debug logging and without counter", 2426 config: &RuleConfiguration{ 2427 Comment: "foobar barfoo", 2428 Conditions: []string{ 2429 "exact match roles foobar", 2430 "foo org nyc", 2431 }, 2432 Action: `deny log debug`, 2433 }, 2434 shouldErr: true, 2435 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 2436 }, {name: "deny all with info logging and without counter", 2437 config: &RuleConfiguration{ 2438 Comment: "foobar barfoo", 2439 Conditions: []string{ 2440 "exact match roles foobar", 2441 "exact match org nyc", 2442 }, 2443 Action: `deny log info`, 2444 }, 2445 want: map[string]interface{}{ 2446 "rule_type": "*acl.aclRuleDenyWithInfoLoggerMatchAll", 2447 "config_rule_type": "aclRuleDenyWithInfoLoggerMatchAll", 2448 "comment": "foobar barfoo", 2449 "action_name": "ruleActionDeny", 2450 "default_verdict_name": "ruleVerdictUnknown", 2451 "reserved_verdict_name": "ruleVerdictReserved", 2452 "default_action_name": "ruleActionUnknown", 2453 "reserved_action_name": "ruleActionReserved", 2454 "log_level": "info", 2455 }, 2456 }, {name: "failed deny all with info logging and without counter", 2457 config: &RuleConfiguration{ 2458 Comment: "foobar barfoo", 2459 Conditions: []string{ 2460 "exact match roles foobar", 2461 "foo org nyc", 2462 }, 2463 Action: `deny log info`, 2464 }, 2465 shouldErr: true, 2466 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 2467 }, {name: "deny all with warn logging and without counter", 2468 config: &RuleConfiguration{ 2469 Comment: "foobar barfoo", 2470 Conditions: []string{ 2471 "exact match roles foobar", 2472 "exact match org nyc", 2473 }, 2474 Action: `deny log warn`, 2475 }, 2476 want: map[string]interface{}{ 2477 "rule_type": "*acl.aclRuleDenyWithWarnLoggerMatchAll", 2478 "config_rule_type": "aclRuleDenyWithWarnLoggerMatchAll", 2479 "comment": "foobar barfoo", 2480 "action_name": "ruleActionDeny", 2481 "default_verdict_name": "ruleVerdictUnknown", 2482 "reserved_verdict_name": "ruleVerdictReserved", 2483 "default_action_name": "ruleActionUnknown", 2484 "reserved_action_name": "ruleActionReserved", 2485 "log_level": "warn", 2486 }, 2487 }, {name: "failed deny all with warn logging and without counter", 2488 config: &RuleConfiguration{ 2489 Comment: "foobar barfoo", 2490 Conditions: []string{ 2491 "exact match roles foobar", 2492 "foo org nyc", 2493 }, 2494 Action: `deny log warn`, 2495 }, 2496 shouldErr: true, 2497 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 2498 }, {name: "deny all with error logging and without counter", 2499 config: &RuleConfiguration{ 2500 Comment: "foobar barfoo", 2501 Conditions: []string{ 2502 "exact match roles foobar", 2503 "exact match org nyc", 2504 }, 2505 Action: `deny log error`, 2506 }, 2507 want: map[string]interface{}{ 2508 "rule_type": "*acl.aclRuleDenyWithErrorLoggerMatchAll", 2509 "config_rule_type": "aclRuleDenyWithErrorLoggerMatchAll", 2510 "comment": "foobar barfoo", 2511 "action_name": "ruleActionDeny", 2512 "default_verdict_name": "ruleVerdictUnknown", 2513 "reserved_verdict_name": "ruleVerdictReserved", 2514 "default_action_name": "ruleActionUnknown", 2515 "reserved_action_name": "ruleActionReserved", 2516 "log_level": "error", 2517 }, 2518 }, {name: "failed deny all with error logging and without counter", 2519 config: &RuleConfiguration{ 2520 Comment: "foobar barfoo", 2521 Conditions: []string{ 2522 "exact match roles foobar", 2523 "foo org nyc", 2524 }, 2525 Action: `deny log error`, 2526 }, 2527 shouldErr: true, 2528 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 2529 }, {name: "deny with debug logging and without counter", 2530 config: &RuleConfiguration{ 2531 Comment: "foobar barfoo", 2532 Conditions: []string{"exact match roles foobar"}, 2533 Action: `deny log debug`, 2534 }, 2535 want: map[string]interface{}{ 2536 "rule_type": "*acl.aclRuleDenyWithDebugLogger", 2537 "config_rule_type": "aclRuleDenyWithDebugLogger", 2538 "comment": "foobar barfoo", 2539 "action_name": "ruleActionDeny", 2540 "default_verdict_name": "ruleVerdictUnknown", 2541 "reserved_verdict_name": "ruleVerdictReserved", 2542 "default_action_name": "ruleActionUnknown", 2543 "reserved_action_name": "ruleActionReserved", 2544 "log_level": "debug", 2545 }, 2546 }, {name: "failed deny with debug logging and without counter", 2547 config: &RuleConfiguration{ 2548 Comment: "foobar barfoo", 2549 Conditions: []string{"exact roles foobar"}, 2550 Action: `deny log debug`, 2551 }, 2552 shouldErr: true, 2553 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("exact roles foobar")), 2554 }, {name: "deny with info logging and without counter", 2555 config: &RuleConfiguration{ 2556 Comment: "foobar barfoo", 2557 Conditions: []string{"exact match roles foobar"}, 2558 Action: `deny log info`, 2559 }, 2560 want: map[string]interface{}{ 2561 "rule_type": "*acl.aclRuleDenyWithInfoLogger", 2562 "config_rule_type": "aclRuleDenyWithInfoLogger", 2563 "comment": "foobar barfoo", 2564 "action_name": "ruleActionDeny", 2565 "default_verdict_name": "ruleVerdictUnknown", 2566 "reserved_verdict_name": "ruleVerdictReserved", 2567 "default_action_name": "ruleActionUnknown", 2568 "reserved_action_name": "ruleActionReserved", 2569 "log_level": "info", 2570 }, 2571 }, {name: "failed deny with info logging and without counter", 2572 config: &RuleConfiguration{ 2573 Comment: "foobar barfoo", 2574 Conditions: []string{"exact roles foobar"}, 2575 Action: `deny log info`, 2576 }, 2577 shouldErr: true, 2578 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("exact roles foobar")), 2579 }, {name: "deny with warn logging and without counter", 2580 config: &RuleConfiguration{ 2581 Comment: "foobar barfoo", 2582 Conditions: []string{"exact match roles foobar"}, 2583 Action: `deny log warn`, 2584 }, 2585 want: map[string]interface{}{ 2586 "rule_type": "*acl.aclRuleDenyWithWarnLogger", 2587 "config_rule_type": "aclRuleDenyWithWarnLogger", 2588 "comment": "foobar barfoo", 2589 "action_name": "ruleActionDeny", 2590 "default_verdict_name": "ruleVerdictUnknown", 2591 "reserved_verdict_name": "ruleVerdictReserved", 2592 "default_action_name": "ruleActionUnknown", 2593 "reserved_action_name": "ruleActionReserved", 2594 "log_level": "warn", 2595 }, 2596 }, {name: "failed deny with warn logging and without counter", 2597 config: &RuleConfiguration{ 2598 Comment: "foobar barfoo", 2599 Conditions: []string{"exact roles foobar"}, 2600 Action: `deny log warn`, 2601 }, 2602 shouldErr: true, 2603 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("exact roles foobar")), 2604 }, {name: "deny with error logging and without counter", 2605 config: &RuleConfiguration{ 2606 Comment: "foobar barfoo", 2607 Conditions: []string{"exact match roles foobar"}, 2608 Action: `deny log error`, 2609 }, 2610 want: map[string]interface{}{ 2611 "rule_type": "*acl.aclRuleDenyWithErrorLogger", 2612 "config_rule_type": "aclRuleDenyWithErrorLogger", 2613 "comment": "foobar barfoo", 2614 "action_name": "ruleActionDeny", 2615 "default_verdict_name": "ruleVerdictUnknown", 2616 "reserved_verdict_name": "ruleVerdictReserved", 2617 "default_action_name": "ruleActionUnknown", 2618 "reserved_action_name": "ruleActionReserved", 2619 "log_level": "error", 2620 }, 2621 }, {name: "failed deny with error logging and without counter", 2622 config: &RuleConfiguration{ 2623 Comment: "foobar barfoo", 2624 Conditions: []string{"exact roles foobar"}, 2625 Action: `deny log error`, 2626 }, 2627 shouldErr: true, 2628 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("exact roles foobar")), 2629 }, {name: "deny any and stop processing with counter and without logging", 2630 config: &RuleConfiguration{ 2631 Comment: "foobar barfoo", 2632 Conditions: []string{ 2633 "exact match roles foobar", 2634 "exact match org nyc", 2635 }, 2636 Action: `deny any stop counter`, 2637 }, 2638 want: map[string]interface{}{ 2639 "rule_type": "*acl.aclRuleDenyWithCounterMatchAnyStop", 2640 "config_rule_type": "aclRuleDenyWithCounterMatchAnyStop", 2641 "comment": "foobar barfoo", 2642 "action_name": "ruleActionDeny", 2643 "default_verdict_name": "ruleVerdictUnknown", 2644 "reserved_verdict_name": "ruleVerdictReserved", 2645 "default_action_name": "ruleActionUnknown", 2646 "reserved_action_name": "ruleActionReserved", 2647 }, 2648 }, {name: "failed deny any and stop processing with counter and without logging", 2649 config: &RuleConfiguration{ 2650 Comment: "foobar barfoo", 2651 Conditions: []string{ 2652 "exact match roles foobar", 2653 "foo org nyc", 2654 }, 2655 Action: `deny any stop counter`, 2656 }, 2657 shouldErr: true, 2658 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 2659 }, {name: "deny all and stop processing with counter and without logging", 2660 config: &RuleConfiguration{ 2661 Comment: "foobar barfoo", 2662 Conditions: []string{ 2663 "exact match roles foobar", 2664 "exact match org nyc", 2665 }, 2666 Action: `deny stop counter`, 2667 }, 2668 want: map[string]interface{}{ 2669 "rule_type": "*acl.aclRuleDenyWithCounterMatchAllStop", 2670 "config_rule_type": "aclRuleDenyWithCounterMatchAllStop", 2671 "comment": "foobar barfoo", 2672 "action_name": "ruleActionDeny", 2673 "default_verdict_name": "ruleVerdictUnknown", 2674 "reserved_verdict_name": "ruleVerdictReserved", 2675 "default_action_name": "ruleActionUnknown", 2676 "reserved_action_name": "ruleActionReserved", 2677 }, 2678 }, {name: "failed deny all and stop processing with counter and without logging", 2679 config: &RuleConfiguration{ 2680 Comment: "foobar barfoo", 2681 Conditions: []string{ 2682 "exact match roles foobar", 2683 "foo org nyc", 2684 }, 2685 Action: `deny stop counter`, 2686 }, 2687 shouldErr: true, 2688 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 2689 }, {name: "deny and stop processing with counter and without logging", 2690 config: &RuleConfiguration{ 2691 Comment: "foobar barfoo", 2692 Conditions: []string{"exact match roles foobar"}, 2693 Action: `deny stop counter`, 2694 }, 2695 want: map[string]interface{}{ 2696 "rule_type": "*acl.aclRuleDenyWithCounterStop", 2697 "config_rule_type": "aclRuleDenyWithCounterStop", 2698 "comment": "foobar barfoo", 2699 "action_name": "ruleActionDeny", 2700 "default_verdict_name": "ruleVerdictUnknown", 2701 "reserved_verdict_name": "ruleVerdictReserved", 2702 "default_action_name": "ruleActionUnknown", 2703 "reserved_action_name": "ruleActionReserved", 2704 }, 2705 }, {name: "failed deny and stop processing with counter and without logging", 2706 config: &RuleConfiguration{ 2707 Comment: "foobar barfoo", 2708 Conditions: []string{"exact roles foobar"}, 2709 Action: `deny stop counter`, 2710 }, 2711 shouldErr: true, 2712 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("exact roles foobar")), 2713 }, {name: "deny any with counter and without logging", 2714 config: &RuleConfiguration{ 2715 Comment: "foobar barfoo", 2716 Conditions: []string{ 2717 "exact match roles foobar", 2718 "exact match org nyc", 2719 }, 2720 Action: `deny any counter`, 2721 }, 2722 want: map[string]interface{}{ 2723 "rule_type": "*acl.aclRuleDenyWithCounterMatchAny", 2724 "config_rule_type": "aclRuleDenyWithCounterMatchAny", 2725 "comment": "foobar barfoo", 2726 "action_name": "ruleActionDeny", 2727 "default_verdict_name": "ruleVerdictUnknown", 2728 "reserved_verdict_name": "ruleVerdictReserved", 2729 "default_action_name": "ruleActionUnknown", 2730 "reserved_action_name": "ruleActionReserved", 2731 }, 2732 }, {name: "failed deny any with counter and without logging", 2733 config: &RuleConfiguration{ 2734 Comment: "foobar barfoo", 2735 Conditions: []string{ 2736 "exact match roles foobar", 2737 "foo org nyc", 2738 }, 2739 Action: `deny any counter`, 2740 }, 2741 shouldErr: true, 2742 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 2743 }, {name: "deny all with counter and without logging", 2744 config: &RuleConfiguration{ 2745 Comment: "foobar barfoo", 2746 Conditions: []string{ 2747 "exact match roles foobar", 2748 "exact match org nyc", 2749 }, 2750 Action: `deny counter`, 2751 }, 2752 want: map[string]interface{}{ 2753 "rule_type": "*acl.aclRuleDenyWithCounterMatchAll", 2754 "config_rule_type": "aclRuleDenyWithCounterMatchAll", 2755 "comment": "foobar barfoo", 2756 "action_name": "ruleActionDeny", 2757 "default_verdict_name": "ruleVerdictUnknown", 2758 "reserved_verdict_name": "ruleVerdictReserved", 2759 "default_action_name": "ruleActionUnknown", 2760 "reserved_action_name": "ruleActionReserved", 2761 }, 2762 }, {name: "failed deny all with counter and without logging", 2763 config: &RuleConfiguration{ 2764 Comment: "foobar barfoo", 2765 Conditions: []string{ 2766 "exact match roles foobar", 2767 "foo org nyc", 2768 }, 2769 Action: `deny counter`, 2770 }, 2771 shouldErr: true, 2772 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 2773 }, {name: "deny with counter and without logging", 2774 config: &RuleConfiguration{ 2775 Comment: "foobar barfoo", 2776 Conditions: []string{"exact match roles foobar"}, 2777 Action: `deny counter`, 2778 }, 2779 want: map[string]interface{}{ 2780 "rule_type": "*acl.aclRuleDenyWithCounter", 2781 "config_rule_type": "aclRuleDenyWithCounter", 2782 "comment": "foobar barfoo", 2783 "action_name": "ruleActionDeny", 2784 "default_verdict_name": "ruleVerdictUnknown", 2785 "reserved_verdict_name": "ruleVerdictReserved", 2786 "default_action_name": "ruleActionUnknown", 2787 "reserved_action_name": "ruleActionReserved", 2788 }, 2789 }, {name: "failed deny with counter and without logging", 2790 config: &RuleConfiguration{ 2791 Comment: "foobar barfoo", 2792 Conditions: []string{"exact roles foobar"}, 2793 Action: `deny counter`, 2794 }, 2795 shouldErr: true, 2796 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("exact roles foobar")), 2797 }, {name: "deny any and stop processing with debug logging and with counter", 2798 config: &RuleConfiguration{ 2799 Comment: "foobar barfoo", 2800 Conditions: []string{ 2801 "exact match roles foobar", 2802 "exact match org nyc", 2803 }, 2804 Action: `deny any stop counter log debug`, 2805 }, 2806 want: map[string]interface{}{ 2807 "rule_type": "*acl.aclRuleDenyWithDebugLoggerCounterMatchAnyStop", 2808 "config_rule_type": "aclRuleDenyWithDebugLoggerCounterMatchAnyStop", 2809 "comment": "foobar barfoo", 2810 "action_name": "ruleActionDeny", 2811 "default_verdict_name": "ruleVerdictUnknown", 2812 "reserved_verdict_name": "ruleVerdictReserved", 2813 "default_action_name": "ruleActionUnknown", 2814 "reserved_action_name": "ruleActionReserved", 2815 "log_level": "debug", 2816 }, 2817 }, {name: "failed deny any and stop processing with debug logging and with counter", 2818 config: &RuleConfiguration{ 2819 Comment: "foobar barfoo", 2820 Conditions: []string{ 2821 "exact match roles foobar", 2822 "foo org nyc", 2823 }, 2824 Action: `deny any stop counter log debug`, 2825 }, 2826 shouldErr: true, 2827 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 2828 }, {name: "deny any and stop processing with info logging and with counter", 2829 config: &RuleConfiguration{ 2830 Comment: "foobar barfoo", 2831 Conditions: []string{ 2832 "exact match roles foobar", 2833 "exact match org nyc", 2834 }, 2835 Action: `deny any stop counter log info`, 2836 }, 2837 want: map[string]interface{}{ 2838 "rule_type": "*acl.aclRuleDenyWithInfoLoggerCounterMatchAnyStop", 2839 "config_rule_type": "aclRuleDenyWithInfoLoggerCounterMatchAnyStop", 2840 "comment": "foobar barfoo", 2841 "action_name": "ruleActionDeny", 2842 "default_verdict_name": "ruleVerdictUnknown", 2843 "reserved_verdict_name": "ruleVerdictReserved", 2844 "default_action_name": "ruleActionUnknown", 2845 "reserved_action_name": "ruleActionReserved", 2846 "log_level": "info", 2847 }, 2848 }, {name: "failed deny any and stop processing with info logging and with counter", 2849 config: &RuleConfiguration{ 2850 Comment: "foobar barfoo", 2851 Conditions: []string{ 2852 "exact match roles foobar", 2853 "foo org nyc", 2854 }, 2855 Action: `deny any stop counter log info`, 2856 }, 2857 shouldErr: true, 2858 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 2859 }, {name: "deny any and stop processing with warn logging and with counter", 2860 config: &RuleConfiguration{ 2861 Comment: "foobar barfoo", 2862 Conditions: []string{ 2863 "exact match roles foobar", 2864 "exact match org nyc", 2865 }, 2866 Action: `deny any stop counter log warn`, 2867 }, 2868 want: map[string]interface{}{ 2869 "rule_type": "*acl.aclRuleDenyWithWarnLoggerCounterMatchAnyStop", 2870 "config_rule_type": "aclRuleDenyWithWarnLoggerCounterMatchAnyStop", 2871 "comment": "foobar barfoo", 2872 "action_name": "ruleActionDeny", 2873 "default_verdict_name": "ruleVerdictUnknown", 2874 "reserved_verdict_name": "ruleVerdictReserved", 2875 "default_action_name": "ruleActionUnknown", 2876 "reserved_action_name": "ruleActionReserved", 2877 "log_level": "warn", 2878 }, 2879 }, {name: "failed deny any and stop processing with warn logging and with counter", 2880 config: &RuleConfiguration{ 2881 Comment: "foobar barfoo", 2882 Conditions: []string{ 2883 "exact match roles foobar", 2884 "foo org nyc", 2885 }, 2886 Action: `deny any stop counter log warn`, 2887 }, 2888 shouldErr: true, 2889 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 2890 }, {name: "deny any and stop processing with error logging and with counter", 2891 config: &RuleConfiguration{ 2892 Comment: "foobar barfoo", 2893 Conditions: []string{ 2894 "exact match roles foobar", 2895 "exact match org nyc", 2896 }, 2897 Action: `deny any stop counter log error`, 2898 }, 2899 want: map[string]interface{}{ 2900 "rule_type": "*acl.aclRuleDenyWithErrorLoggerCounterMatchAnyStop", 2901 "config_rule_type": "aclRuleDenyWithErrorLoggerCounterMatchAnyStop", 2902 "comment": "foobar barfoo", 2903 "action_name": "ruleActionDeny", 2904 "default_verdict_name": "ruleVerdictUnknown", 2905 "reserved_verdict_name": "ruleVerdictReserved", 2906 "default_action_name": "ruleActionUnknown", 2907 "reserved_action_name": "ruleActionReserved", 2908 "log_level": "error", 2909 }, 2910 }, {name: "failed deny any and stop processing with error logging and with counter", 2911 config: &RuleConfiguration{ 2912 Comment: "foobar barfoo", 2913 Conditions: []string{ 2914 "exact match roles foobar", 2915 "foo org nyc", 2916 }, 2917 Action: `deny any stop counter log error`, 2918 }, 2919 shouldErr: true, 2920 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 2921 }, {name: "deny all and stop processing with debug logging and with counter", 2922 config: &RuleConfiguration{ 2923 Comment: "foobar barfoo", 2924 Conditions: []string{ 2925 "exact match roles foobar", 2926 "exact match org nyc", 2927 }, 2928 Action: `deny stop counter log debug`, 2929 }, 2930 want: map[string]interface{}{ 2931 "rule_type": "*acl.aclRuleDenyWithDebugLoggerCounterMatchAllStop", 2932 "config_rule_type": "aclRuleDenyWithDebugLoggerCounterMatchAllStop", 2933 "comment": "foobar barfoo", 2934 "action_name": "ruleActionDeny", 2935 "default_verdict_name": "ruleVerdictUnknown", 2936 "reserved_verdict_name": "ruleVerdictReserved", 2937 "default_action_name": "ruleActionUnknown", 2938 "reserved_action_name": "ruleActionReserved", 2939 "log_level": "debug", 2940 }, 2941 }, {name: "failed deny all and stop processing with debug logging and with counter", 2942 config: &RuleConfiguration{ 2943 Comment: "foobar barfoo", 2944 Conditions: []string{ 2945 "exact match roles foobar", 2946 "foo org nyc", 2947 }, 2948 Action: `deny stop counter log debug`, 2949 }, 2950 shouldErr: true, 2951 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 2952 }, {name: "deny all and stop processing with info logging and with counter", 2953 config: &RuleConfiguration{ 2954 Comment: "foobar barfoo", 2955 Conditions: []string{ 2956 "exact match roles foobar", 2957 "exact match org nyc", 2958 }, 2959 Action: `deny stop counter log info`, 2960 }, 2961 want: map[string]interface{}{ 2962 "rule_type": "*acl.aclRuleDenyWithInfoLoggerCounterMatchAllStop", 2963 "config_rule_type": "aclRuleDenyWithInfoLoggerCounterMatchAllStop", 2964 "comment": "foobar barfoo", 2965 "action_name": "ruleActionDeny", 2966 "default_verdict_name": "ruleVerdictUnknown", 2967 "reserved_verdict_name": "ruleVerdictReserved", 2968 "default_action_name": "ruleActionUnknown", 2969 "reserved_action_name": "ruleActionReserved", 2970 "log_level": "info", 2971 }, 2972 }, {name: "failed deny all and stop processing with info logging and with counter", 2973 config: &RuleConfiguration{ 2974 Comment: "foobar barfoo", 2975 Conditions: []string{ 2976 "exact match roles foobar", 2977 "foo org nyc", 2978 }, 2979 Action: `deny stop counter log info`, 2980 }, 2981 shouldErr: true, 2982 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 2983 }, {name: "deny all and stop processing with warn logging and with counter", 2984 config: &RuleConfiguration{ 2985 Comment: "foobar barfoo", 2986 Conditions: []string{ 2987 "exact match roles foobar", 2988 "exact match org nyc", 2989 }, 2990 Action: `deny stop counter log warn`, 2991 }, 2992 want: map[string]interface{}{ 2993 "rule_type": "*acl.aclRuleDenyWithWarnLoggerCounterMatchAllStop", 2994 "config_rule_type": "aclRuleDenyWithWarnLoggerCounterMatchAllStop", 2995 "comment": "foobar barfoo", 2996 "action_name": "ruleActionDeny", 2997 "default_verdict_name": "ruleVerdictUnknown", 2998 "reserved_verdict_name": "ruleVerdictReserved", 2999 "default_action_name": "ruleActionUnknown", 3000 "reserved_action_name": "ruleActionReserved", 3001 "log_level": "warn", 3002 }, 3003 }, {name: "failed deny all and stop processing with warn logging and with counter", 3004 config: &RuleConfiguration{ 3005 Comment: "foobar barfoo", 3006 Conditions: []string{ 3007 "exact match roles foobar", 3008 "foo org nyc", 3009 }, 3010 Action: `deny stop counter log warn`, 3011 }, 3012 shouldErr: true, 3013 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 3014 }, {name: "deny all and stop processing with error logging and with counter", 3015 config: &RuleConfiguration{ 3016 Comment: "foobar barfoo", 3017 Conditions: []string{ 3018 "exact match roles foobar", 3019 "exact match org nyc", 3020 }, 3021 Action: `deny stop counter log error`, 3022 }, 3023 want: map[string]interface{}{ 3024 "rule_type": "*acl.aclRuleDenyWithErrorLoggerCounterMatchAllStop", 3025 "config_rule_type": "aclRuleDenyWithErrorLoggerCounterMatchAllStop", 3026 "comment": "foobar barfoo", 3027 "action_name": "ruleActionDeny", 3028 "default_verdict_name": "ruleVerdictUnknown", 3029 "reserved_verdict_name": "ruleVerdictReserved", 3030 "default_action_name": "ruleActionUnknown", 3031 "reserved_action_name": "ruleActionReserved", 3032 "log_level": "error", 3033 }, 3034 }, {name: "failed deny all and stop processing with error logging and with counter", 3035 config: &RuleConfiguration{ 3036 Comment: "foobar barfoo", 3037 Conditions: []string{ 3038 "exact match roles foobar", 3039 "foo org nyc", 3040 }, 3041 Action: `deny stop counter log error`, 3042 }, 3043 shouldErr: true, 3044 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 3045 }, {name: "deny and stop processing with debug logging and with counter", 3046 config: &RuleConfiguration{ 3047 Comment: "foobar barfoo", 3048 Conditions: []string{"exact match roles foobar"}, 3049 Action: `deny stop counter log debug`, 3050 }, 3051 want: map[string]interface{}{ 3052 "rule_type": "*acl.aclRuleDenyWithDebugLoggerCounterStop", 3053 "config_rule_type": "aclRuleDenyWithDebugLoggerCounterStop", 3054 "comment": "foobar barfoo", 3055 "action_name": "ruleActionDeny", 3056 "default_verdict_name": "ruleVerdictUnknown", 3057 "reserved_verdict_name": "ruleVerdictReserved", 3058 "default_action_name": "ruleActionUnknown", 3059 "reserved_action_name": "ruleActionReserved", 3060 "log_level": "debug", 3061 }, 3062 }, {name: "failed deny and stop processing with debug logging and with counter", 3063 config: &RuleConfiguration{ 3064 Comment: "foobar barfoo", 3065 Conditions: []string{"exact roles foobar"}, 3066 Action: `deny stop counter log debug`, 3067 }, 3068 shouldErr: true, 3069 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("exact roles foobar")), 3070 }, {name: "deny and stop processing with info logging and with counter", 3071 config: &RuleConfiguration{ 3072 Comment: "foobar barfoo", 3073 Conditions: []string{"exact match roles foobar"}, 3074 Action: `deny stop counter log info`, 3075 }, 3076 want: map[string]interface{}{ 3077 "rule_type": "*acl.aclRuleDenyWithInfoLoggerCounterStop", 3078 "config_rule_type": "aclRuleDenyWithInfoLoggerCounterStop", 3079 "comment": "foobar barfoo", 3080 "action_name": "ruleActionDeny", 3081 "default_verdict_name": "ruleVerdictUnknown", 3082 "reserved_verdict_name": "ruleVerdictReserved", 3083 "default_action_name": "ruleActionUnknown", 3084 "reserved_action_name": "ruleActionReserved", 3085 "log_level": "info", 3086 }, 3087 }, {name: "failed deny and stop processing with info logging and with counter", 3088 config: &RuleConfiguration{ 3089 Comment: "foobar barfoo", 3090 Conditions: []string{"exact roles foobar"}, 3091 Action: `deny stop counter log info`, 3092 }, 3093 shouldErr: true, 3094 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("exact roles foobar")), 3095 }, {name: "deny and stop processing with warn logging and with counter", 3096 config: &RuleConfiguration{ 3097 Comment: "foobar barfoo", 3098 Conditions: []string{"exact match roles foobar"}, 3099 Action: `deny stop counter log warn`, 3100 }, 3101 want: map[string]interface{}{ 3102 "rule_type": "*acl.aclRuleDenyWithWarnLoggerCounterStop", 3103 "config_rule_type": "aclRuleDenyWithWarnLoggerCounterStop", 3104 "comment": "foobar barfoo", 3105 "action_name": "ruleActionDeny", 3106 "default_verdict_name": "ruleVerdictUnknown", 3107 "reserved_verdict_name": "ruleVerdictReserved", 3108 "default_action_name": "ruleActionUnknown", 3109 "reserved_action_name": "ruleActionReserved", 3110 "log_level": "warn", 3111 }, 3112 }, {name: "failed deny and stop processing with warn logging and with counter", 3113 config: &RuleConfiguration{ 3114 Comment: "foobar barfoo", 3115 Conditions: []string{"exact roles foobar"}, 3116 Action: `deny stop counter log warn`, 3117 }, 3118 shouldErr: true, 3119 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("exact roles foobar")), 3120 }, {name: "deny and stop processing with error logging and with counter", 3121 config: &RuleConfiguration{ 3122 Comment: "foobar barfoo", 3123 Conditions: []string{"exact match roles foobar"}, 3124 Action: `deny stop counter log error`, 3125 }, 3126 want: map[string]interface{}{ 3127 "rule_type": "*acl.aclRuleDenyWithErrorLoggerCounterStop", 3128 "config_rule_type": "aclRuleDenyWithErrorLoggerCounterStop", 3129 "comment": "foobar barfoo", 3130 "action_name": "ruleActionDeny", 3131 "default_verdict_name": "ruleVerdictUnknown", 3132 "reserved_verdict_name": "ruleVerdictReserved", 3133 "default_action_name": "ruleActionUnknown", 3134 "reserved_action_name": "ruleActionReserved", 3135 "log_level": "error", 3136 }, 3137 }, {name: "failed deny and stop processing with error logging and with counter", 3138 config: &RuleConfiguration{ 3139 Comment: "foobar barfoo", 3140 Conditions: []string{"exact roles foobar"}, 3141 Action: `deny stop counter log error`, 3142 }, 3143 shouldErr: true, 3144 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("exact roles foobar")), 3145 }, {name: "deny any with debug logging and with counter", 3146 config: &RuleConfiguration{ 3147 Comment: "foobar barfoo", 3148 Conditions: []string{ 3149 "exact match roles foobar", 3150 "exact match org nyc", 3151 }, 3152 Action: `deny any counter log debug`, 3153 }, 3154 want: map[string]interface{}{ 3155 "rule_type": "*acl.aclRuleDenyWithDebugLoggerCounterMatchAny", 3156 "config_rule_type": "aclRuleDenyWithDebugLoggerCounterMatchAny", 3157 "comment": "foobar barfoo", 3158 "action_name": "ruleActionDeny", 3159 "default_verdict_name": "ruleVerdictUnknown", 3160 "reserved_verdict_name": "ruleVerdictReserved", 3161 "default_action_name": "ruleActionUnknown", 3162 "reserved_action_name": "ruleActionReserved", 3163 "log_level": "debug", 3164 }, 3165 }, {name: "failed deny any with debug logging and with counter", 3166 config: &RuleConfiguration{ 3167 Comment: "foobar barfoo", 3168 Conditions: []string{ 3169 "exact match roles foobar", 3170 "foo org nyc", 3171 }, 3172 Action: `deny any counter log debug`, 3173 }, 3174 shouldErr: true, 3175 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 3176 }, {name: "deny any with info logging and with counter", 3177 config: &RuleConfiguration{ 3178 Comment: "foobar barfoo", 3179 Conditions: []string{ 3180 "exact match roles foobar", 3181 "exact match org nyc", 3182 }, 3183 Action: `deny any counter log info`, 3184 }, 3185 want: map[string]interface{}{ 3186 "rule_type": "*acl.aclRuleDenyWithInfoLoggerCounterMatchAny", 3187 "config_rule_type": "aclRuleDenyWithInfoLoggerCounterMatchAny", 3188 "comment": "foobar barfoo", 3189 "action_name": "ruleActionDeny", 3190 "default_verdict_name": "ruleVerdictUnknown", 3191 "reserved_verdict_name": "ruleVerdictReserved", 3192 "default_action_name": "ruleActionUnknown", 3193 "reserved_action_name": "ruleActionReserved", 3194 "log_level": "info", 3195 }, 3196 }, {name: "failed deny any with info logging and with counter", 3197 config: &RuleConfiguration{ 3198 Comment: "foobar barfoo", 3199 Conditions: []string{ 3200 "exact match roles foobar", 3201 "foo org nyc", 3202 }, 3203 Action: `deny any counter log info`, 3204 }, 3205 shouldErr: true, 3206 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 3207 }, {name: "deny any with warn logging and with counter", 3208 config: &RuleConfiguration{ 3209 Comment: "foobar barfoo", 3210 Conditions: []string{ 3211 "exact match roles foobar", 3212 "exact match org nyc", 3213 }, 3214 Action: `deny any counter log warn`, 3215 }, 3216 want: map[string]interface{}{ 3217 "rule_type": "*acl.aclRuleDenyWithWarnLoggerCounterMatchAny", 3218 "config_rule_type": "aclRuleDenyWithWarnLoggerCounterMatchAny", 3219 "comment": "foobar barfoo", 3220 "action_name": "ruleActionDeny", 3221 "default_verdict_name": "ruleVerdictUnknown", 3222 "reserved_verdict_name": "ruleVerdictReserved", 3223 "default_action_name": "ruleActionUnknown", 3224 "reserved_action_name": "ruleActionReserved", 3225 "log_level": "warn", 3226 }, 3227 }, {name: "failed deny any with warn logging and with counter", 3228 config: &RuleConfiguration{ 3229 Comment: "foobar barfoo", 3230 Conditions: []string{ 3231 "exact match roles foobar", 3232 "foo org nyc", 3233 }, 3234 Action: `deny any counter log warn`, 3235 }, 3236 shouldErr: true, 3237 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 3238 }, {name: "deny any with error logging and with counter", 3239 config: &RuleConfiguration{ 3240 Comment: "foobar barfoo", 3241 Conditions: []string{ 3242 "exact match roles foobar", 3243 "exact match org nyc", 3244 }, 3245 Action: `deny any counter log error`, 3246 }, 3247 want: map[string]interface{}{ 3248 "rule_type": "*acl.aclRuleDenyWithErrorLoggerCounterMatchAny", 3249 "config_rule_type": "aclRuleDenyWithErrorLoggerCounterMatchAny", 3250 "comment": "foobar barfoo", 3251 "action_name": "ruleActionDeny", 3252 "default_verdict_name": "ruleVerdictUnknown", 3253 "reserved_verdict_name": "ruleVerdictReserved", 3254 "default_action_name": "ruleActionUnknown", 3255 "reserved_action_name": "ruleActionReserved", 3256 "log_level": "error", 3257 }, 3258 }, {name: "failed deny any with error logging and with counter", 3259 config: &RuleConfiguration{ 3260 Comment: "foobar barfoo", 3261 Conditions: []string{ 3262 "exact match roles foobar", 3263 "foo org nyc", 3264 }, 3265 Action: `deny any counter log error`, 3266 }, 3267 shouldErr: true, 3268 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 3269 }, {name: "deny all with debug logging and with counter", 3270 config: &RuleConfiguration{ 3271 Comment: "foobar barfoo", 3272 Conditions: []string{ 3273 "exact match roles foobar", 3274 "exact match org nyc", 3275 }, 3276 Action: `deny counter log debug`, 3277 }, 3278 want: map[string]interface{}{ 3279 "rule_type": "*acl.aclRuleDenyWithDebugLoggerCounterMatchAll", 3280 "config_rule_type": "aclRuleDenyWithDebugLoggerCounterMatchAll", 3281 "comment": "foobar barfoo", 3282 "action_name": "ruleActionDeny", 3283 "default_verdict_name": "ruleVerdictUnknown", 3284 "reserved_verdict_name": "ruleVerdictReserved", 3285 "default_action_name": "ruleActionUnknown", 3286 "reserved_action_name": "ruleActionReserved", 3287 "log_level": "debug", 3288 }, 3289 }, {name: "failed deny all with debug logging and with counter", 3290 config: &RuleConfiguration{ 3291 Comment: "foobar barfoo", 3292 Conditions: []string{ 3293 "exact match roles foobar", 3294 "foo org nyc", 3295 }, 3296 Action: `deny counter log debug`, 3297 }, 3298 shouldErr: true, 3299 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 3300 }, {name: "deny all with info logging and with counter", 3301 config: &RuleConfiguration{ 3302 Comment: "foobar barfoo", 3303 Conditions: []string{ 3304 "exact match roles foobar", 3305 "exact match org nyc", 3306 }, 3307 Action: `deny counter log info`, 3308 }, 3309 want: map[string]interface{}{ 3310 "rule_type": "*acl.aclRuleDenyWithInfoLoggerCounterMatchAll", 3311 "config_rule_type": "aclRuleDenyWithInfoLoggerCounterMatchAll", 3312 "comment": "foobar barfoo", 3313 "action_name": "ruleActionDeny", 3314 "default_verdict_name": "ruleVerdictUnknown", 3315 "reserved_verdict_name": "ruleVerdictReserved", 3316 "default_action_name": "ruleActionUnknown", 3317 "reserved_action_name": "ruleActionReserved", 3318 "log_level": "info", 3319 }, 3320 }, {name: "failed deny all with info logging and with counter", 3321 config: &RuleConfiguration{ 3322 Comment: "foobar barfoo", 3323 Conditions: []string{ 3324 "exact match roles foobar", 3325 "foo org nyc", 3326 }, 3327 Action: `deny counter log info`, 3328 }, 3329 shouldErr: true, 3330 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 3331 }, {name: "deny all with warn logging and with counter", 3332 config: &RuleConfiguration{ 3333 Comment: "foobar barfoo", 3334 Conditions: []string{ 3335 "exact match roles foobar", 3336 "exact match org nyc", 3337 }, 3338 Action: `deny counter log warn`, 3339 }, 3340 want: map[string]interface{}{ 3341 "rule_type": "*acl.aclRuleDenyWithWarnLoggerCounterMatchAll", 3342 "config_rule_type": "aclRuleDenyWithWarnLoggerCounterMatchAll", 3343 "comment": "foobar barfoo", 3344 "action_name": "ruleActionDeny", 3345 "default_verdict_name": "ruleVerdictUnknown", 3346 "reserved_verdict_name": "ruleVerdictReserved", 3347 "default_action_name": "ruleActionUnknown", 3348 "reserved_action_name": "ruleActionReserved", 3349 "log_level": "warn", 3350 }, 3351 }, {name: "failed deny all with warn logging and with counter", 3352 config: &RuleConfiguration{ 3353 Comment: "foobar barfoo", 3354 Conditions: []string{ 3355 "exact match roles foobar", 3356 "foo org nyc", 3357 }, 3358 Action: `deny counter log warn`, 3359 }, 3360 shouldErr: true, 3361 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 3362 }, {name: "deny all with error logging and with counter", 3363 config: &RuleConfiguration{ 3364 Comment: "foobar barfoo", 3365 Conditions: []string{ 3366 "exact match roles foobar", 3367 "exact match org nyc", 3368 }, 3369 Action: `deny counter log error`, 3370 }, 3371 want: map[string]interface{}{ 3372 "rule_type": "*acl.aclRuleDenyWithErrorLoggerCounterMatchAll", 3373 "config_rule_type": "aclRuleDenyWithErrorLoggerCounterMatchAll", 3374 "comment": "foobar barfoo", 3375 "action_name": "ruleActionDeny", 3376 "default_verdict_name": "ruleVerdictUnknown", 3377 "reserved_verdict_name": "ruleVerdictReserved", 3378 "default_action_name": "ruleActionUnknown", 3379 "reserved_action_name": "ruleActionReserved", 3380 "log_level": "error", 3381 }, 3382 }, {name: "failed deny all with error logging and with counter", 3383 config: &RuleConfiguration{ 3384 Comment: "foobar barfoo", 3385 Conditions: []string{ 3386 "exact match roles foobar", 3387 "foo org nyc", 3388 }, 3389 Action: `deny counter log error`, 3390 }, 3391 shouldErr: true, 3392 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("foo org nyc")), 3393 }, {name: "deny with debug logging and with counter", 3394 config: &RuleConfiguration{ 3395 Comment: "foobar barfoo", 3396 Conditions: []string{"exact match roles foobar"}, 3397 Action: `deny counter log debug`, 3398 }, 3399 want: map[string]interface{}{ 3400 "rule_type": "*acl.aclRuleDenyWithDebugLoggerCounter", 3401 "config_rule_type": "aclRuleDenyWithDebugLoggerCounter", 3402 "comment": "foobar barfoo", 3403 "action_name": "ruleActionDeny", 3404 "default_verdict_name": "ruleVerdictUnknown", 3405 "reserved_verdict_name": "ruleVerdictReserved", 3406 "default_action_name": "ruleActionUnknown", 3407 "reserved_action_name": "ruleActionReserved", 3408 "log_level": "debug", 3409 }, 3410 }, {name: "failed deny with debug logging and with counter", 3411 config: &RuleConfiguration{ 3412 Comment: "foobar barfoo", 3413 Conditions: []string{"exact roles foobar"}, 3414 Action: `deny counter log debug`, 3415 }, 3416 shouldErr: true, 3417 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("exact roles foobar")), 3418 }, {name: "deny with info logging and with counter", 3419 config: &RuleConfiguration{ 3420 Comment: "foobar barfoo", 3421 Conditions: []string{"exact match roles foobar"}, 3422 Action: `deny counter log info`, 3423 }, 3424 want: map[string]interface{}{ 3425 "rule_type": "*acl.aclRuleDenyWithInfoLoggerCounter", 3426 "config_rule_type": "aclRuleDenyWithInfoLoggerCounter", 3427 "comment": "foobar barfoo", 3428 "action_name": "ruleActionDeny", 3429 "default_verdict_name": "ruleVerdictUnknown", 3430 "reserved_verdict_name": "ruleVerdictReserved", 3431 "default_action_name": "ruleActionUnknown", 3432 "reserved_action_name": "ruleActionReserved", 3433 "log_level": "info", 3434 }, 3435 }, {name: "failed deny with info logging and with counter", 3436 config: &RuleConfiguration{ 3437 Comment: "foobar barfoo", 3438 Conditions: []string{"exact roles foobar"}, 3439 Action: `deny counter log info`, 3440 }, 3441 shouldErr: true, 3442 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("exact roles foobar")), 3443 }, {name: "deny with warn logging and with counter", 3444 config: &RuleConfiguration{ 3445 Comment: "foobar barfoo", 3446 Conditions: []string{"exact match roles foobar"}, 3447 Action: `deny counter log warn`, 3448 }, 3449 want: map[string]interface{}{ 3450 "rule_type": "*acl.aclRuleDenyWithWarnLoggerCounter", 3451 "config_rule_type": "aclRuleDenyWithWarnLoggerCounter", 3452 "comment": "foobar barfoo", 3453 "action_name": "ruleActionDeny", 3454 "default_verdict_name": "ruleVerdictUnknown", 3455 "reserved_verdict_name": "ruleVerdictReserved", 3456 "default_action_name": "ruleActionUnknown", 3457 "reserved_action_name": "ruleActionReserved", 3458 "log_level": "warn", 3459 }, 3460 }, {name: "failed deny with warn logging and with counter", 3461 config: &RuleConfiguration{ 3462 Comment: "foobar barfoo", 3463 Conditions: []string{"exact roles foobar"}, 3464 Action: `deny counter log warn`, 3465 }, 3466 shouldErr: true, 3467 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("exact roles foobar")), 3468 }, {name: "deny with error logging and with counter", 3469 config: &RuleConfiguration{ 3470 Comment: "foobar barfoo", 3471 Conditions: []string{"exact match roles foobar"}, 3472 Action: `deny counter log error`, 3473 }, 3474 want: map[string]interface{}{ 3475 "rule_type": "*acl.aclRuleDenyWithErrorLoggerCounter", 3476 "config_rule_type": "aclRuleDenyWithErrorLoggerCounter", 3477 "comment": "foobar barfoo", 3478 "action_name": "ruleActionDeny", 3479 "default_verdict_name": "ruleVerdictUnknown", 3480 "reserved_verdict_name": "ruleVerdictReserved", 3481 "default_action_name": "ruleActionUnknown", 3482 "reserved_action_name": "ruleActionReserved", 3483 "log_level": "error", 3484 }, 3485 }, {name: "failed deny with error logging and with counter", 3486 config: &RuleConfiguration{ 3487 Comment: "foobar barfoo", 3488 Conditions: []string{"exact roles foobar"}, 3489 Action: `deny counter log error`, 3490 }, 3491 shouldErr: true, 3492 err: errors.ErrACLRuleSyntax.WithArgs(errors.ErrACLRuleConditionSyntaxMatchNotFound.WithArgs("exact roles foobar")), 3493 }, { 3494 name: "invalid rule syntax failed to extract condition tokens", 3495 config: &RuleConfiguration{ 3496 Conditions: []string{ 3497 "", 3498 }, Action: "deny", 3499 }, 3500 loggerDisabled: false, 3501 shouldErr: true, 3502 err: errors.ErrACLRuleSyntaxExtractCondToken.WithArgs("EOF"), 3503 }, { 3504 name: "invalid rule syntax duplicate field in conditions", 3505 config: &RuleConfiguration{ 3506 Conditions: []string{ 3507 "match roles anonymous guest", 3508 "match roles anonymous guest", 3509 }, Action: "deny", 3510 }, 3511 loggerDisabled: false, 3512 shouldErr: true, 3513 err: errors.ErrACLRuleSyntaxDuplicateField.WithArgs("roles"), 3514 }, { 3515 name: "invalid rule syntax failed to extract action tokens", 3516 config: &RuleConfiguration{ 3517 Conditions: []string{ 3518 "match roles anonymous guest", 3519 }, Action: "", 3520 }, 3521 loggerDisabled: false, 3522 shouldErr: true, 3523 err: errors.ErrACLRuleSyntaxExtractActionToken.WithArgs("EOF"), 3524 }, { 3525 name: "invalid rule syntax, allow misplaced in action", 3526 config: &RuleConfiguration{ 3527 Conditions: []string{ 3528 "match roles anonymous guest", 3529 }, Action: "allow allow any", 3530 }, 3531 loggerDisabled: false, 3532 shouldErr: true, 3533 err: errors.ErrACLRuleSyntaxAllowPreceed.WithArgs("allow"), 3534 }, { 3535 name: "invalid rule syntax, tag without value", 3536 config: &RuleConfiguration{ 3537 Conditions: []string{ 3538 "match roles anonymous guest", 3539 }, Action: "allow any tag", 3540 }, 3541 loggerDisabled: false, 3542 shouldErr: true, 3543 err: errors.ErrACLRuleSyntaxTagFollowedByValue.WithArgs("tag"), 3544 }, { 3545 name: "invalid rule syntax, unsupported keyword", 3546 config: &RuleConfiguration{ 3547 Conditions: []string{ 3548 "match roles anonymous guest", 3549 }, Action: "allow any foobar", 3550 }, 3551 loggerDisabled: false, 3552 shouldErr: true, 3553 err: errors.ErrACLRuleSyntaxInvalidToken.WithArgs("foobar"), 3554 }, { 3555 name: "invalid rule syntax, log with no logger available", 3556 config: &RuleConfiguration{ 3557 Conditions: []string{ 3558 "match roles anonymous guest", 3559 }, Action: "allow any log", 3560 }, 3561 loggerDisabled: true, 3562 shouldErr: true, 3563 err: errors.ErrACLRuleSyntaxLoggerNotFound.WithArgs("aclRuleAllowWithInfoLogger"), 3564 }, { 3565 name: "invalid rule syntax, no conditions", 3566 config: &RuleConfiguration{ 3567 Action: "allow any log", 3568 }, 3569 loggerDisabled: false, 3570 shouldErr: true, 3571 err: errors.ErrACLRuleSyntaxCondNotFound, 3572 }, { 3573 name: "invalid rule syntax, reserved action", 3574 config: &RuleConfiguration{ 3575 Conditions: []string{ 3576 "match roles anonymous guest", 3577 }, Action: "reserved any log", 3578 }, 3579 loggerDisabled: false, 3580 shouldErr: true, 3581 err: errors.ErrACLRuleSyntaxTypeUnsupported.WithArgs("aclRuleReservedWithInfoLogger"), 3582 }, 3583 } 3584 for _, tc := range testcases { 3585 t.Run(tc.name, func(t *testing.T) { 3586 var rule aclRule 3587 ctx := context.Background() 3588 // t.Logf(tc.name) 3589 logger := logutil.NewLogger() 3590 if tc.loggerDisabled { 3591 logger = nil 3592 } 3593 parsedACLRule, err := newACLRule(ctx, 0, tc.config, logger) 3594 if tests.EvalErr(t, err, tc.config, tc.shouldErr, tc.err) { 3595 return 3596 } 3597 rule = parsedACLRule 3598 ruleConfig := rule.getConfig(ctx) 3599 got := make(map[string]interface{}) 3600 got["rule_type"] = reflect.TypeOf(rule).String() 3601 got["config_rule_type"] = ruleConfig.ruleType 3602 got["comment"] = ruleConfig.comment 3603 if ruleConfig.logLevel != "" { 3604 got["log_level"] = ruleConfig.logLevel 3605 } 3606 if ruleConfig.tag == "foobar" { 3607 got["tag"] = ruleConfig.tag 3608 } 3609 got["action_name"] = getRuleActionName(ruleConfig.action) 3610 got["default_action_name"] = getRuleActionName(ruleActionUnknown) 3611 got["reserved_action_name"] = getRuleActionName(ruleActionReserved) 3612 got["default_verdict_name"] = getRuleVerdictName(ruleVerdictUnknown) 3613 got["reserved_verdict_name"] = getRuleVerdictName(ruleVerdictReserved) 3614 tests.EvalObjects(t, "output", tc.want, got) 3615 }) 3616 } 3617 } 3618 3619 func TestEvalAclRule(t *testing.T) { 3620 var testcases = []struct { 3621 name string 3622 config *RuleConfiguration 3623 input map[string]interface{} 3624 want map[string]interface{} 3625 emptyFields bool 3626 shouldErr bool 3627 err error 3628 }{ 3629 {name: "allow any and stop processing without counter and logging with continue verdict", 3630 config: &RuleConfiguration{ 3631 Comment: "foobar barfoo", 3632 Conditions: []string{ 3633 "exact match roles foobar", 3634 "exact match org nyc", 3635 }, 3636 Action: `allow any stop`, 3637 }, input: map[string]interface{}{ 3638 "name": "John Smith", 3639 "roles": []string{"barfoo"}, 3640 }, 3641 want: map[string]interface{}{ 3642 "verdict": getRuleVerdictName(ruleVerdictContinue), 3643 "rule_type": "*acl.aclRuleAllowMatchAnyStop", 3644 }, 3645 }, {name: "allow any and stop processing without counter and logging with continue verdict 1", 3646 config: &RuleConfiguration{ 3647 Comment: "foobar barfoo", 3648 Conditions: []string{ 3649 "exact match roles foobar", 3650 "exact match org nyc", 3651 }, 3652 Action: `allow any stop`, 3653 }, input: map[string]interface{}{ 3654 "name": "John Smith", 3655 }, 3656 want: map[string]interface{}{ 3657 "verdict": getRuleVerdictName(ruleVerdictContinue), 3658 "rule_type": "*acl.aclRuleAllowMatchAnyStop", 3659 }, 3660 }, {name: "allow any and stop processing without counter and logging with continue verdict 2", 3661 config: &RuleConfiguration{ 3662 Comment: "foobar barfoo", 3663 Conditions: []string{ 3664 "exact match roles foobar", 3665 "exact match org nyc", 3666 }, 3667 Action: `allow any stop`, 3668 }, input: map[string]interface{}{ 3669 "name": "John Smith", 3670 "roles": []string{"barfoo"}, 3671 }, 3672 emptyFields: true, 3673 want: map[string]interface{}{ 3674 "verdict": getRuleVerdictName(ruleVerdictContinue), 3675 "empty_fields": true, 3676 "rule_type": "*acl.aclRuleAllowMatchAnyStop", 3677 }, 3678 }, {name: "allow any and stop processing without counter and logging with continue verdict 3", 3679 config: &RuleConfiguration{ 3680 Comment: "foobar barfoo", 3681 Conditions: []string{ 3682 "exact match roles foobar", 3683 "exact match org nyc", 3684 }, 3685 Action: `allow any stop`, 3686 }, input: map[string]interface{}{ 3687 "name": "John Smith", 3688 }, 3689 emptyFields: true, 3690 want: map[string]interface{}{ 3691 "verdict": getRuleVerdictName(ruleVerdictContinue), 3692 "empty_fields": true, 3693 "rule_type": "*acl.aclRuleAllowMatchAnyStop", 3694 }, 3695 }, {name: "allow any and stop processing without counter and logging with allow stop verdict", 3696 config: &RuleConfiguration{ 3697 Comment: "foobar barfoo", 3698 Conditions: []string{ 3699 "exact match roles foobar", 3700 "exact match org nyc", 3701 }, 3702 Action: `allow any stop`, 3703 }, input: map[string]interface{}{ 3704 "roles": []string{"foobar"}, 3705 "org": []string{"nyc"}, 3706 }, 3707 want: map[string]interface{}{ 3708 "verdict": getRuleVerdictName(ruleVerdictAllowStop), 3709 "rule_type": "*acl.aclRuleAllowMatchAnyStop", 3710 }, 3711 }, {name: "allow all and stop processing without counter and logging with continue verdict", 3712 config: &RuleConfiguration{ 3713 Comment: "foobar barfoo", 3714 Conditions: []string{ 3715 "exact match roles foobar", 3716 "exact match org nyc", 3717 }, 3718 Action: `allow stop`, 3719 }, input: map[string]interface{}{ 3720 "name": "John Smith", 3721 "roles": []string{"barfoo"}, 3722 }, 3723 want: map[string]interface{}{ 3724 "verdict": getRuleVerdictName(ruleVerdictContinue), 3725 "rule_type": "*acl.aclRuleAllowMatchAllStop", 3726 }, 3727 }, {name: "allow all and stop processing without counter and logging with continue verdict 1", 3728 config: &RuleConfiguration{ 3729 Comment: "foobar barfoo", 3730 Conditions: []string{ 3731 "exact match roles foobar", 3732 "exact match org nyc", 3733 }, 3734 Action: `allow stop`, 3735 }, input: map[string]interface{}{ 3736 "name": "John Smith", 3737 }, 3738 want: map[string]interface{}{ 3739 "verdict": getRuleVerdictName(ruleVerdictContinue), 3740 "rule_type": "*acl.aclRuleAllowMatchAllStop", 3741 }, 3742 }, {name: "allow all and stop processing without counter and logging with continue verdict 2", 3743 config: &RuleConfiguration{ 3744 Comment: "foobar barfoo", 3745 Conditions: []string{ 3746 "exact match roles foobar", 3747 "exact match org nyc", 3748 }, 3749 Action: `allow stop`, 3750 }, input: map[string]interface{}{ 3751 "name": "John Smith", 3752 "roles": []string{"barfoo"}, 3753 }, 3754 emptyFields: true, 3755 want: map[string]interface{}{ 3756 "verdict": getRuleVerdictName(ruleVerdictContinue), 3757 "empty_fields": true, 3758 "rule_type": "*acl.aclRuleAllowMatchAllStop", 3759 }, 3760 }, {name: "allow all and stop processing without counter and logging with continue verdict 3", 3761 config: &RuleConfiguration{ 3762 Comment: "foobar barfoo", 3763 Conditions: []string{ 3764 "exact match roles foobar", 3765 "exact match org nyc", 3766 }, 3767 Action: `allow stop`, 3768 }, input: map[string]interface{}{ 3769 "name": "John Smith", 3770 }, 3771 emptyFields: true, 3772 want: map[string]interface{}{ 3773 "verdict": getRuleVerdictName(ruleVerdictContinue), 3774 "empty_fields": true, 3775 "rule_type": "*acl.aclRuleAllowMatchAllStop", 3776 }, 3777 }, {name: "allow all and stop processing without counter and logging with allow stop verdict", 3778 config: &RuleConfiguration{ 3779 Comment: "foobar barfoo", 3780 Conditions: []string{ 3781 "exact match roles foobar", 3782 "exact match org nyc", 3783 }, 3784 Action: `allow stop`, 3785 }, input: map[string]interface{}{ 3786 "roles": []string{"foobar"}, 3787 "org": []string{"nyc"}, 3788 }, 3789 want: map[string]interface{}{ 3790 "verdict": getRuleVerdictName(ruleVerdictAllowStop), 3791 "rule_type": "*acl.aclRuleAllowMatchAllStop", 3792 }, 3793 }, {name: "allow and stop processing without counter and logging with continue verdict", 3794 config: &RuleConfiguration{ 3795 Comment: "foobar barfoo", 3796 Conditions: []string{"exact match roles foobar"}, 3797 Action: `allow stop`, 3798 }, input: map[string]interface{}{ 3799 "name": "John Smith", 3800 "roles": []string{"barfoo"}, 3801 }, 3802 want: map[string]interface{}{ 3803 "verdict": getRuleVerdictName(ruleVerdictContinue), 3804 "rule_type": "*acl.aclRuleAllowStop", 3805 }, 3806 }, {name: "allow and stop processing without counter and logging with continue verdict 1", 3807 config: &RuleConfiguration{ 3808 Comment: "foobar barfoo", 3809 Conditions: []string{"exact match roles foobar"}, 3810 Action: `allow stop`, 3811 }, input: map[string]interface{}{ 3812 "name": "John Smith", 3813 }, 3814 want: map[string]interface{}{ 3815 "verdict": getRuleVerdictName(ruleVerdictContinue), 3816 "rule_type": "*acl.aclRuleAllowStop", 3817 }, 3818 }, {name: "allow and stop processing without counter and logging with continue verdict 2", 3819 config: &RuleConfiguration{ 3820 Comment: "foobar barfoo", 3821 Conditions: []string{"exact match roles foobar"}, 3822 Action: `allow stop`, 3823 }, input: map[string]interface{}{ 3824 "name": "John Smith", 3825 "roles": []string{"barfoo"}, 3826 }, 3827 emptyFields: true, 3828 want: map[string]interface{}{ 3829 "verdict": getRuleVerdictName(ruleVerdictContinue), 3830 "empty_fields": true, 3831 "rule_type": "*acl.aclRuleAllowStop", 3832 }, 3833 }, {name: "allow and stop processing without counter and logging with continue verdict 3", 3834 config: &RuleConfiguration{ 3835 Comment: "foobar barfoo", 3836 Conditions: []string{"exact match roles foobar"}, 3837 Action: `allow stop`, 3838 }, input: map[string]interface{}{ 3839 "name": "John Smith", 3840 }, 3841 emptyFields: true, 3842 want: map[string]interface{}{ 3843 "verdict": getRuleVerdictName(ruleVerdictContinue), 3844 "empty_fields": true, 3845 "rule_type": "*acl.aclRuleAllowStop", 3846 }, 3847 }, {name: "allow and stop processing without counter and logging with allow stop verdict", 3848 config: &RuleConfiguration{ 3849 Comment: "foobar barfoo", 3850 Conditions: []string{"exact match roles foobar"}, 3851 Action: `allow stop`, 3852 }, input: map[string]interface{}{ 3853 "roles": []string{"foobar"}, 3854 "org": []string{"nyc"}, 3855 }, 3856 want: map[string]interface{}{ 3857 "verdict": getRuleVerdictName(ruleVerdictAllowStop), 3858 "rule_type": "*acl.aclRuleAllowStop", 3859 }, 3860 }, {name: "allow any without counter and logging with continue verdict", 3861 config: &RuleConfiguration{ 3862 Comment: "foobar barfoo", 3863 Conditions: []string{ 3864 "exact match roles foobar", 3865 "exact match org nyc", 3866 }, 3867 Action: `allow any`, 3868 }, input: map[string]interface{}{ 3869 "name": "John Smith", 3870 "roles": []string{"barfoo"}, 3871 }, 3872 want: map[string]interface{}{ 3873 "verdict": getRuleVerdictName(ruleVerdictContinue), 3874 "rule_type": "*acl.aclRuleAllowMatchAny", 3875 }, 3876 }, {name: "allow any without counter and logging with continue verdict 1", 3877 config: &RuleConfiguration{ 3878 Comment: "foobar barfoo", 3879 Conditions: []string{ 3880 "exact match roles foobar", 3881 "exact match org nyc", 3882 }, 3883 Action: `allow any`, 3884 }, input: map[string]interface{}{ 3885 "name": "John Smith", 3886 }, 3887 want: map[string]interface{}{ 3888 "verdict": getRuleVerdictName(ruleVerdictContinue), 3889 "rule_type": "*acl.aclRuleAllowMatchAny", 3890 }, 3891 }, {name: "allow any without counter and logging with continue verdict 2", 3892 config: &RuleConfiguration{ 3893 Comment: "foobar barfoo", 3894 Conditions: []string{ 3895 "exact match roles foobar", 3896 "exact match org nyc", 3897 }, 3898 Action: `allow any`, 3899 }, input: map[string]interface{}{ 3900 "name": "John Smith", 3901 "roles": []string{"barfoo"}, 3902 }, 3903 emptyFields: true, 3904 want: map[string]interface{}{ 3905 "verdict": getRuleVerdictName(ruleVerdictContinue), 3906 "empty_fields": true, 3907 "rule_type": "*acl.aclRuleAllowMatchAny", 3908 }, 3909 }, {name: "allow any without counter and logging with continue verdict 3", 3910 config: &RuleConfiguration{ 3911 Comment: "foobar barfoo", 3912 Conditions: []string{ 3913 "exact match roles foobar", 3914 "exact match org nyc", 3915 }, 3916 Action: `allow any`, 3917 }, input: map[string]interface{}{ 3918 "name": "John Smith", 3919 }, 3920 emptyFields: true, 3921 want: map[string]interface{}{ 3922 "verdict": getRuleVerdictName(ruleVerdictContinue), 3923 "empty_fields": true, 3924 "rule_type": "*acl.aclRuleAllowMatchAny", 3925 }, 3926 }, {name: "allow any without counter and logging with allow verdict", 3927 config: &RuleConfiguration{ 3928 Comment: "foobar barfoo", 3929 Conditions: []string{ 3930 "exact match roles foobar", 3931 "exact match org nyc", 3932 }, 3933 Action: `allow any`, 3934 }, input: map[string]interface{}{ 3935 "roles": []string{"foobar"}, 3936 "org": []string{"nyc"}, 3937 }, 3938 want: map[string]interface{}{ 3939 "verdict": getRuleVerdictName(ruleVerdictAllow), 3940 "rule_type": "*acl.aclRuleAllowMatchAny", 3941 }, 3942 }, {name: "allow all without counter and logging with continue verdict", 3943 config: &RuleConfiguration{ 3944 Comment: "foobar barfoo", 3945 Conditions: []string{ 3946 "exact match roles foobar", 3947 "exact match org nyc", 3948 }, 3949 Action: `allow`, 3950 }, input: map[string]interface{}{ 3951 "name": "John Smith", 3952 "roles": []string{"barfoo"}, 3953 }, 3954 want: map[string]interface{}{ 3955 "verdict": getRuleVerdictName(ruleVerdictContinue), 3956 "rule_type": "*acl.aclRuleAllowMatchAll", 3957 }, 3958 }, {name: "allow all without counter and logging with continue verdict 1", 3959 config: &RuleConfiguration{ 3960 Comment: "foobar barfoo", 3961 Conditions: []string{ 3962 "exact match roles foobar", 3963 "exact match org nyc", 3964 }, 3965 Action: `allow`, 3966 }, input: map[string]interface{}{ 3967 "name": "John Smith", 3968 }, 3969 want: map[string]interface{}{ 3970 "verdict": getRuleVerdictName(ruleVerdictContinue), 3971 "rule_type": "*acl.aclRuleAllowMatchAll", 3972 }, 3973 }, {name: "allow all without counter and logging with continue verdict 2", 3974 config: &RuleConfiguration{ 3975 Comment: "foobar barfoo", 3976 Conditions: []string{ 3977 "exact match roles foobar", 3978 "exact match org nyc", 3979 }, 3980 Action: `allow`, 3981 }, input: map[string]interface{}{ 3982 "name": "John Smith", 3983 "roles": []string{"barfoo"}, 3984 }, 3985 emptyFields: true, 3986 want: map[string]interface{}{ 3987 "verdict": getRuleVerdictName(ruleVerdictContinue), 3988 "empty_fields": true, 3989 "rule_type": "*acl.aclRuleAllowMatchAll", 3990 }, 3991 }, {name: "allow all without counter and logging with continue verdict 3", 3992 config: &RuleConfiguration{ 3993 Comment: "foobar barfoo", 3994 Conditions: []string{ 3995 "exact match roles foobar", 3996 "exact match org nyc", 3997 }, 3998 Action: `allow`, 3999 }, input: map[string]interface{}{ 4000 "name": "John Smith", 4001 }, 4002 emptyFields: true, 4003 want: map[string]interface{}{ 4004 "verdict": getRuleVerdictName(ruleVerdictContinue), 4005 "empty_fields": true, 4006 "rule_type": "*acl.aclRuleAllowMatchAll", 4007 }, 4008 }, {name: "allow all without counter and logging with allow verdict", 4009 config: &RuleConfiguration{ 4010 Comment: "foobar barfoo", 4011 Conditions: []string{ 4012 "exact match roles foobar", 4013 "exact match org nyc", 4014 }, 4015 Action: `allow`, 4016 }, input: map[string]interface{}{ 4017 "roles": []string{"foobar"}, 4018 "org": []string{"nyc"}, 4019 }, 4020 want: map[string]interface{}{ 4021 "verdict": getRuleVerdictName(ruleVerdictAllow), 4022 "rule_type": "*acl.aclRuleAllowMatchAll", 4023 }, 4024 }, {name: "allow without counter and logging with continue verdict", 4025 config: &RuleConfiguration{ 4026 Comment: "foobar barfoo", 4027 Conditions: []string{"exact match roles foobar"}, 4028 Action: `allow`, 4029 }, input: map[string]interface{}{ 4030 "name": "John Smith", 4031 "roles": []string{"barfoo"}, 4032 }, 4033 want: map[string]interface{}{ 4034 "verdict": getRuleVerdictName(ruleVerdictContinue), 4035 "rule_type": "*acl.aclRuleAllow", 4036 }, 4037 }, {name: "allow without counter and logging with continue verdict 1", 4038 config: &RuleConfiguration{ 4039 Comment: "foobar barfoo", 4040 Conditions: []string{"exact match roles foobar"}, 4041 Action: `allow`, 4042 }, input: map[string]interface{}{ 4043 "name": "John Smith", 4044 }, 4045 want: map[string]interface{}{ 4046 "verdict": getRuleVerdictName(ruleVerdictContinue), 4047 "rule_type": "*acl.aclRuleAllow", 4048 }, 4049 }, {name: "allow without counter and logging with continue verdict 2", 4050 config: &RuleConfiguration{ 4051 Comment: "foobar barfoo", 4052 Conditions: []string{"exact match roles foobar"}, 4053 Action: `allow`, 4054 }, input: map[string]interface{}{ 4055 "name": "John Smith", 4056 "roles": []string{"barfoo"}, 4057 }, 4058 emptyFields: true, 4059 want: map[string]interface{}{ 4060 "verdict": getRuleVerdictName(ruleVerdictContinue), 4061 "empty_fields": true, 4062 "rule_type": "*acl.aclRuleAllow", 4063 }, 4064 }, {name: "allow without counter and logging with continue verdict 3", 4065 config: &RuleConfiguration{ 4066 Comment: "foobar barfoo", 4067 Conditions: []string{"exact match roles foobar"}, 4068 Action: `allow`, 4069 }, input: map[string]interface{}{ 4070 "name": "John Smith", 4071 }, 4072 emptyFields: true, 4073 want: map[string]interface{}{ 4074 "verdict": getRuleVerdictName(ruleVerdictContinue), 4075 "empty_fields": true, 4076 "rule_type": "*acl.aclRuleAllow", 4077 }, 4078 }, {name: "allow without counter and logging with allow verdict", 4079 config: &RuleConfiguration{ 4080 Comment: "foobar barfoo", 4081 Conditions: []string{"exact match roles foobar"}, 4082 Action: `allow`, 4083 }, input: map[string]interface{}{ 4084 "roles": []string{"foobar"}, 4085 "org": []string{"nyc"}, 4086 }, 4087 want: map[string]interface{}{ 4088 "verdict": getRuleVerdictName(ruleVerdictAllow), 4089 "rule_type": "*acl.aclRuleAllow", 4090 }, 4091 }, {name: "allow any and stop processing with debug logging and without counter with continue verdict", 4092 config: &RuleConfiguration{ 4093 Comment: "foobar barfoo", 4094 Conditions: []string{ 4095 "exact match roles foobar", 4096 "exact match org nyc", 4097 }, 4098 Action: `allow any stop log debug`, 4099 }, input: map[string]interface{}{ 4100 "name": "John Smith", 4101 "roles": []string{"barfoo"}, 4102 }, 4103 want: map[string]interface{}{ 4104 "verdict": getRuleVerdictName(ruleVerdictContinue), 4105 "rule_type": "*acl.aclRuleAllowWithDebugLoggerMatchAnyStop", 4106 }, 4107 }, {name: "allow any and stop processing with debug logging and without counter with continue verdict 1", 4108 config: &RuleConfiguration{ 4109 Comment: "foobar barfoo", 4110 Conditions: []string{ 4111 "exact match roles foobar", 4112 "exact match org nyc", 4113 }, 4114 Action: `allow any stop log debug`, 4115 }, input: map[string]interface{}{ 4116 "name": "John Smith", 4117 }, 4118 want: map[string]interface{}{ 4119 "verdict": getRuleVerdictName(ruleVerdictContinue), 4120 "rule_type": "*acl.aclRuleAllowWithDebugLoggerMatchAnyStop", 4121 }, 4122 }, {name: "allow any and stop processing with debug logging and without counter with continue verdict 2", 4123 config: &RuleConfiguration{ 4124 Comment: "foobar barfoo", 4125 Conditions: []string{ 4126 "exact match roles foobar", 4127 "exact match org nyc", 4128 }, 4129 Action: `allow any stop log debug`, 4130 }, input: map[string]interface{}{ 4131 "name": "John Smith", 4132 "roles": []string{"barfoo"}, 4133 }, 4134 emptyFields: true, 4135 want: map[string]interface{}{ 4136 "verdict": getRuleVerdictName(ruleVerdictContinue), 4137 "empty_fields": true, 4138 "rule_type": "*acl.aclRuleAllowWithDebugLoggerMatchAnyStop", 4139 }, 4140 }, {name: "allow any and stop processing with debug logging and without counter with continue verdict 3", 4141 config: &RuleConfiguration{ 4142 Comment: "foobar barfoo", 4143 Conditions: []string{ 4144 "exact match roles foobar", 4145 "exact match org nyc", 4146 }, 4147 Action: `allow any stop log debug`, 4148 }, input: map[string]interface{}{ 4149 "name": "John Smith", 4150 }, 4151 emptyFields: true, 4152 want: map[string]interface{}{ 4153 "verdict": getRuleVerdictName(ruleVerdictContinue), 4154 "empty_fields": true, 4155 "rule_type": "*acl.aclRuleAllowWithDebugLoggerMatchAnyStop", 4156 }, 4157 }, {name: "allow any and stop processing with debug logging and without counter with allow stop verdict", 4158 config: &RuleConfiguration{ 4159 Comment: "foobar barfoo", 4160 Conditions: []string{ 4161 "exact match roles foobar", 4162 "exact match org nyc", 4163 }, 4164 Action: `allow any stop log debug`, 4165 }, input: map[string]interface{}{ 4166 "roles": []string{"foobar"}, 4167 "org": []string{"nyc"}, 4168 }, 4169 want: map[string]interface{}{ 4170 "verdict": getRuleVerdictName(ruleVerdictAllowStop), 4171 "rule_type": "*acl.aclRuleAllowWithDebugLoggerMatchAnyStop", 4172 }, 4173 }, {name: "allow any and stop processing with info logging and without counter with continue verdict", 4174 config: &RuleConfiguration{ 4175 Comment: "foobar barfoo", 4176 Conditions: []string{ 4177 "exact match roles foobar", 4178 "exact match org nyc", 4179 }, 4180 Action: `allow any stop log info`, 4181 }, input: map[string]interface{}{ 4182 "name": "John Smith", 4183 "roles": []string{"barfoo"}, 4184 }, 4185 want: map[string]interface{}{ 4186 "verdict": getRuleVerdictName(ruleVerdictContinue), 4187 "rule_type": "*acl.aclRuleAllowWithInfoLoggerMatchAnyStop", 4188 }, 4189 }, {name: "allow any and stop processing with info logging and without counter with continue verdict 1", 4190 config: &RuleConfiguration{ 4191 Comment: "foobar barfoo", 4192 Conditions: []string{ 4193 "exact match roles foobar", 4194 "exact match org nyc", 4195 }, 4196 Action: `allow any stop log info`, 4197 }, input: map[string]interface{}{ 4198 "name": "John Smith", 4199 }, 4200 want: map[string]interface{}{ 4201 "verdict": getRuleVerdictName(ruleVerdictContinue), 4202 "rule_type": "*acl.aclRuleAllowWithInfoLoggerMatchAnyStop", 4203 }, 4204 }, {name: "allow any and stop processing with info logging and without counter with continue verdict 2", 4205 config: &RuleConfiguration{ 4206 Comment: "foobar barfoo", 4207 Conditions: []string{ 4208 "exact match roles foobar", 4209 "exact match org nyc", 4210 }, 4211 Action: `allow any stop log info`, 4212 }, input: map[string]interface{}{ 4213 "name": "John Smith", 4214 "roles": []string{"barfoo"}, 4215 }, 4216 emptyFields: true, 4217 want: map[string]interface{}{ 4218 "verdict": getRuleVerdictName(ruleVerdictContinue), 4219 "empty_fields": true, 4220 "rule_type": "*acl.aclRuleAllowWithInfoLoggerMatchAnyStop", 4221 }, 4222 }, {name: "allow any and stop processing with info logging and without counter with continue verdict 3", 4223 config: &RuleConfiguration{ 4224 Comment: "foobar barfoo", 4225 Conditions: []string{ 4226 "exact match roles foobar", 4227 "exact match org nyc", 4228 }, 4229 Action: `allow any stop log info`, 4230 }, input: map[string]interface{}{ 4231 "name": "John Smith", 4232 }, 4233 emptyFields: true, 4234 want: map[string]interface{}{ 4235 "verdict": getRuleVerdictName(ruleVerdictContinue), 4236 "empty_fields": true, 4237 "rule_type": "*acl.aclRuleAllowWithInfoLoggerMatchAnyStop", 4238 }, 4239 }, {name: "allow any and stop processing with info logging and without counter with allow stop verdict", 4240 config: &RuleConfiguration{ 4241 Comment: "foobar barfoo", 4242 Conditions: []string{ 4243 "exact match roles foobar", 4244 "exact match org nyc", 4245 }, 4246 Action: `allow any stop log info`, 4247 }, input: map[string]interface{}{ 4248 "roles": []string{"foobar"}, 4249 "org": []string{"nyc"}, 4250 }, 4251 want: map[string]interface{}{ 4252 "verdict": getRuleVerdictName(ruleVerdictAllowStop), 4253 "rule_type": "*acl.aclRuleAllowWithInfoLoggerMatchAnyStop", 4254 }, 4255 }, {name: "allow any and stop processing with warn logging and without counter with continue verdict", 4256 config: &RuleConfiguration{ 4257 Comment: "foobar barfoo", 4258 Conditions: []string{ 4259 "exact match roles foobar", 4260 "exact match org nyc", 4261 }, 4262 Action: `allow any stop log warn`, 4263 }, input: map[string]interface{}{ 4264 "name": "John Smith", 4265 "roles": []string{"barfoo"}, 4266 }, 4267 want: map[string]interface{}{ 4268 "verdict": getRuleVerdictName(ruleVerdictContinue), 4269 "rule_type": "*acl.aclRuleAllowWithWarnLoggerMatchAnyStop", 4270 }, 4271 }, {name: "allow any and stop processing with warn logging and without counter with continue verdict 1", 4272 config: &RuleConfiguration{ 4273 Comment: "foobar barfoo", 4274 Conditions: []string{ 4275 "exact match roles foobar", 4276 "exact match org nyc", 4277 }, 4278 Action: `allow any stop log warn`, 4279 }, input: map[string]interface{}{ 4280 "name": "John Smith", 4281 }, 4282 want: map[string]interface{}{ 4283 "verdict": getRuleVerdictName(ruleVerdictContinue), 4284 "rule_type": "*acl.aclRuleAllowWithWarnLoggerMatchAnyStop", 4285 }, 4286 }, {name: "allow any and stop processing with warn logging and without counter with continue verdict 2", 4287 config: &RuleConfiguration{ 4288 Comment: "foobar barfoo", 4289 Conditions: []string{ 4290 "exact match roles foobar", 4291 "exact match org nyc", 4292 }, 4293 Action: `allow any stop log warn`, 4294 }, input: map[string]interface{}{ 4295 "name": "John Smith", 4296 "roles": []string{"barfoo"}, 4297 }, 4298 emptyFields: true, 4299 want: map[string]interface{}{ 4300 "verdict": getRuleVerdictName(ruleVerdictContinue), 4301 "empty_fields": true, 4302 "rule_type": "*acl.aclRuleAllowWithWarnLoggerMatchAnyStop", 4303 }, 4304 }, {name: "allow any and stop processing with warn logging and without counter with continue verdict 3", 4305 config: &RuleConfiguration{ 4306 Comment: "foobar barfoo", 4307 Conditions: []string{ 4308 "exact match roles foobar", 4309 "exact match org nyc", 4310 }, 4311 Action: `allow any stop log warn`, 4312 }, input: map[string]interface{}{ 4313 "name": "John Smith", 4314 }, 4315 emptyFields: true, 4316 want: map[string]interface{}{ 4317 "verdict": getRuleVerdictName(ruleVerdictContinue), 4318 "empty_fields": true, 4319 "rule_type": "*acl.aclRuleAllowWithWarnLoggerMatchAnyStop", 4320 }, 4321 }, {name: "allow any and stop processing with warn logging and without counter with allow stop verdict", 4322 config: &RuleConfiguration{ 4323 Comment: "foobar barfoo", 4324 Conditions: []string{ 4325 "exact match roles foobar", 4326 "exact match org nyc", 4327 }, 4328 Action: `allow any stop log warn`, 4329 }, input: map[string]interface{}{ 4330 "roles": []string{"foobar"}, 4331 "org": []string{"nyc"}, 4332 }, 4333 want: map[string]interface{}{ 4334 "verdict": getRuleVerdictName(ruleVerdictAllowStop), 4335 "rule_type": "*acl.aclRuleAllowWithWarnLoggerMatchAnyStop", 4336 }, 4337 }, {name: "allow any and stop processing with error logging and without counter with continue verdict", 4338 config: &RuleConfiguration{ 4339 Comment: "foobar barfoo", 4340 Conditions: []string{ 4341 "exact match roles foobar", 4342 "exact match org nyc", 4343 }, 4344 Action: `allow any stop log error`, 4345 }, input: map[string]interface{}{ 4346 "name": "John Smith", 4347 "roles": []string{"barfoo"}, 4348 }, 4349 want: map[string]interface{}{ 4350 "verdict": getRuleVerdictName(ruleVerdictContinue), 4351 "rule_type": "*acl.aclRuleAllowWithErrorLoggerMatchAnyStop", 4352 }, 4353 }, {name: "allow any and stop processing with error logging and without counter with continue verdict 1", 4354 config: &RuleConfiguration{ 4355 Comment: "foobar barfoo", 4356 Conditions: []string{ 4357 "exact match roles foobar", 4358 "exact match org nyc", 4359 }, 4360 Action: `allow any stop log error`, 4361 }, input: map[string]interface{}{ 4362 "name": "John Smith", 4363 }, 4364 want: map[string]interface{}{ 4365 "verdict": getRuleVerdictName(ruleVerdictContinue), 4366 "rule_type": "*acl.aclRuleAllowWithErrorLoggerMatchAnyStop", 4367 }, 4368 }, {name: "allow any and stop processing with error logging and without counter with continue verdict 2", 4369 config: &RuleConfiguration{ 4370 Comment: "foobar barfoo", 4371 Conditions: []string{ 4372 "exact match roles foobar", 4373 "exact match org nyc", 4374 }, 4375 Action: `allow any stop log error`, 4376 }, input: map[string]interface{}{ 4377 "name": "John Smith", 4378 "roles": []string{"barfoo"}, 4379 }, 4380 emptyFields: true, 4381 want: map[string]interface{}{ 4382 "verdict": getRuleVerdictName(ruleVerdictContinue), 4383 "empty_fields": true, 4384 "rule_type": "*acl.aclRuleAllowWithErrorLoggerMatchAnyStop", 4385 }, 4386 }, {name: "allow any and stop processing with error logging and without counter with continue verdict 3", 4387 config: &RuleConfiguration{ 4388 Comment: "foobar barfoo", 4389 Conditions: []string{ 4390 "exact match roles foobar", 4391 "exact match org nyc", 4392 }, 4393 Action: `allow any stop log error`, 4394 }, input: map[string]interface{}{ 4395 "name": "John Smith", 4396 }, 4397 emptyFields: true, 4398 want: map[string]interface{}{ 4399 "verdict": getRuleVerdictName(ruleVerdictContinue), 4400 "empty_fields": true, 4401 "rule_type": "*acl.aclRuleAllowWithErrorLoggerMatchAnyStop", 4402 }, 4403 }, {name: "allow any and stop processing with error logging and without counter with allow stop verdict", 4404 config: &RuleConfiguration{ 4405 Comment: "foobar barfoo", 4406 Conditions: []string{ 4407 "exact match roles foobar", 4408 "exact match org nyc", 4409 }, 4410 Action: `allow any stop log error`, 4411 }, input: map[string]interface{}{ 4412 "roles": []string{"foobar"}, 4413 "org": []string{"nyc"}, 4414 }, 4415 want: map[string]interface{}{ 4416 "verdict": getRuleVerdictName(ruleVerdictAllowStop), 4417 "rule_type": "*acl.aclRuleAllowWithErrorLoggerMatchAnyStop", 4418 }, 4419 }, {name: "allow all and stop processing with debug logging and without counter with continue verdict", 4420 config: &RuleConfiguration{ 4421 Comment: "foobar barfoo", 4422 Conditions: []string{ 4423 "exact match roles foobar", 4424 "exact match org nyc", 4425 }, 4426 Action: `allow stop log debug`, 4427 }, input: map[string]interface{}{ 4428 "name": "John Smith", 4429 "roles": []string{"barfoo"}, 4430 }, 4431 want: map[string]interface{}{ 4432 "verdict": getRuleVerdictName(ruleVerdictContinue), 4433 "rule_type": "*acl.aclRuleAllowWithDebugLoggerMatchAllStop", 4434 }, 4435 }, {name: "allow all and stop processing with debug logging and without counter with continue verdict 1", 4436 config: &RuleConfiguration{ 4437 Comment: "foobar barfoo", 4438 Conditions: []string{ 4439 "exact match roles foobar", 4440 "exact match org nyc", 4441 }, 4442 Action: `allow stop log debug`, 4443 }, input: map[string]interface{}{ 4444 "name": "John Smith", 4445 }, 4446 want: map[string]interface{}{ 4447 "verdict": getRuleVerdictName(ruleVerdictContinue), 4448 "rule_type": "*acl.aclRuleAllowWithDebugLoggerMatchAllStop", 4449 }, 4450 }, {name: "allow all and stop processing with debug logging and without counter with continue verdict 2", 4451 config: &RuleConfiguration{ 4452 Comment: "foobar barfoo", 4453 Conditions: []string{ 4454 "exact match roles foobar", 4455 "exact match org nyc", 4456 }, 4457 Action: `allow stop log debug`, 4458 }, input: map[string]interface{}{ 4459 "name": "John Smith", 4460 "roles": []string{"barfoo"}, 4461 }, 4462 emptyFields: true, 4463 want: map[string]interface{}{ 4464 "verdict": getRuleVerdictName(ruleVerdictContinue), 4465 "empty_fields": true, 4466 "rule_type": "*acl.aclRuleAllowWithDebugLoggerMatchAllStop", 4467 }, 4468 }, {name: "allow all and stop processing with debug logging and without counter with continue verdict 3", 4469 config: &RuleConfiguration{ 4470 Comment: "foobar barfoo", 4471 Conditions: []string{ 4472 "exact match roles foobar", 4473 "exact match org nyc", 4474 }, 4475 Action: `allow stop log debug`, 4476 }, input: map[string]interface{}{ 4477 "name": "John Smith", 4478 }, 4479 emptyFields: true, 4480 want: map[string]interface{}{ 4481 "verdict": getRuleVerdictName(ruleVerdictContinue), 4482 "empty_fields": true, 4483 "rule_type": "*acl.aclRuleAllowWithDebugLoggerMatchAllStop", 4484 }, 4485 }, {name: "allow all and stop processing with debug logging and without counter with allow stop verdict", 4486 config: &RuleConfiguration{ 4487 Comment: "foobar barfoo", 4488 Conditions: []string{ 4489 "exact match roles foobar", 4490 "exact match org nyc", 4491 }, 4492 Action: `allow stop log debug`, 4493 }, input: map[string]interface{}{ 4494 "roles": []string{"foobar"}, 4495 "org": []string{"nyc"}, 4496 }, 4497 want: map[string]interface{}{ 4498 "verdict": getRuleVerdictName(ruleVerdictAllowStop), 4499 "rule_type": "*acl.aclRuleAllowWithDebugLoggerMatchAllStop", 4500 }, 4501 }, {name: "allow all and stop processing with info logging and without counter with continue verdict", 4502 config: &RuleConfiguration{ 4503 Comment: "foobar barfoo", 4504 Conditions: []string{ 4505 "exact match roles foobar", 4506 "exact match org nyc", 4507 }, 4508 Action: `allow stop log info`, 4509 }, input: map[string]interface{}{ 4510 "name": "John Smith", 4511 "roles": []string{"barfoo"}, 4512 }, 4513 want: map[string]interface{}{ 4514 "verdict": getRuleVerdictName(ruleVerdictContinue), 4515 "rule_type": "*acl.aclRuleAllowWithInfoLoggerMatchAllStop", 4516 }, 4517 }, {name: "allow all and stop processing with info logging and without counter with continue verdict 1", 4518 config: &RuleConfiguration{ 4519 Comment: "foobar barfoo", 4520 Conditions: []string{ 4521 "exact match roles foobar", 4522 "exact match org nyc", 4523 }, 4524 Action: `allow stop log info`, 4525 }, input: map[string]interface{}{ 4526 "name": "John Smith", 4527 }, 4528 want: map[string]interface{}{ 4529 "verdict": getRuleVerdictName(ruleVerdictContinue), 4530 "rule_type": "*acl.aclRuleAllowWithInfoLoggerMatchAllStop", 4531 }, 4532 }, {name: "allow all and stop processing with info logging and without counter with continue verdict 2", 4533 config: &RuleConfiguration{ 4534 Comment: "foobar barfoo", 4535 Conditions: []string{ 4536 "exact match roles foobar", 4537 "exact match org nyc", 4538 }, 4539 Action: `allow stop log info`, 4540 }, input: map[string]interface{}{ 4541 "name": "John Smith", 4542 "roles": []string{"barfoo"}, 4543 }, 4544 emptyFields: true, 4545 want: map[string]interface{}{ 4546 "verdict": getRuleVerdictName(ruleVerdictContinue), 4547 "empty_fields": true, 4548 "rule_type": "*acl.aclRuleAllowWithInfoLoggerMatchAllStop", 4549 }, 4550 }, {name: "allow all and stop processing with info logging and without counter with continue verdict 3", 4551 config: &RuleConfiguration{ 4552 Comment: "foobar barfoo", 4553 Conditions: []string{ 4554 "exact match roles foobar", 4555 "exact match org nyc", 4556 }, 4557 Action: `allow stop log info`, 4558 }, input: map[string]interface{}{ 4559 "name": "John Smith", 4560 }, 4561 emptyFields: true, 4562 want: map[string]interface{}{ 4563 "verdict": getRuleVerdictName(ruleVerdictContinue), 4564 "empty_fields": true, 4565 "rule_type": "*acl.aclRuleAllowWithInfoLoggerMatchAllStop", 4566 }, 4567 }, {name: "allow all and stop processing with info logging and without counter with allow stop verdict", 4568 config: &RuleConfiguration{ 4569 Comment: "foobar barfoo", 4570 Conditions: []string{ 4571 "exact match roles foobar", 4572 "exact match org nyc", 4573 }, 4574 Action: `allow stop log info`, 4575 }, input: map[string]interface{}{ 4576 "roles": []string{"foobar"}, 4577 "org": []string{"nyc"}, 4578 }, 4579 want: map[string]interface{}{ 4580 "verdict": getRuleVerdictName(ruleVerdictAllowStop), 4581 "rule_type": "*acl.aclRuleAllowWithInfoLoggerMatchAllStop", 4582 }, 4583 }, {name: "allow all and stop processing with warn logging and without counter with continue verdict", 4584 config: &RuleConfiguration{ 4585 Comment: "foobar barfoo", 4586 Conditions: []string{ 4587 "exact match roles foobar", 4588 "exact match org nyc", 4589 }, 4590 Action: `allow stop log warn`, 4591 }, input: map[string]interface{}{ 4592 "name": "John Smith", 4593 "roles": []string{"barfoo"}, 4594 }, 4595 want: map[string]interface{}{ 4596 "verdict": getRuleVerdictName(ruleVerdictContinue), 4597 "rule_type": "*acl.aclRuleAllowWithWarnLoggerMatchAllStop", 4598 }, 4599 }, {name: "allow all and stop processing with warn logging and without counter with continue verdict 1", 4600 config: &RuleConfiguration{ 4601 Comment: "foobar barfoo", 4602 Conditions: []string{ 4603 "exact match roles foobar", 4604 "exact match org nyc", 4605 }, 4606 Action: `allow stop log warn`, 4607 }, input: map[string]interface{}{ 4608 "name": "John Smith", 4609 }, 4610 want: map[string]interface{}{ 4611 "verdict": getRuleVerdictName(ruleVerdictContinue), 4612 "rule_type": "*acl.aclRuleAllowWithWarnLoggerMatchAllStop", 4613 }, 4614 }, {name: "allow all and stop processing with warn logging and without counter with continue verdict 2", 4615 config: &RuleConfiguration{ 4616 Comment: "foobar barfoo", 4617 Conditions: []string{ 4618 "exact match roles foobar", 4619 "exact match org nyc", 4620 }, 4621 Action: `allow stop log warn`, 4622 }, input: map[string]interface{}{ 4623 "name": "John Smith", 4624 "roles": []string{"barfoo"}, 4625 }, 4626 emptyFields: true, 4627 want: map[string]interface{}{ 4628 "verdict": getRuleVerdictName(ruleVerdictContinue), 4629 "empty_fields": true, 4630 "rule_type": "*acl.aclRuleAllowWithWarnLoggerMatchAllStop", 4631 }, 4632 }, {name: "allow all and stop processing with warn logging and without counter with continue verdict 3", 4633 config: &RuleConfiguration{ 4634 Comment: "foobar barfoo", 4635 Conditions: []string{ 4636 "exact match roles foobar", 4637 "exact match org nyc", 4638 }, 4639 Action: `allow stop log warn`, 4640 }, input: map[string]interface{}{ 4641 "name": "John Smith", 4642 }, 4643 emptyFields: true, 4644 want: map[string]interface{}{ 4645 "verdict": getRuleVerdictName(ruleVerdictContinue), 4646 "empty_fields": true, 4647 "rule_type": "*acl.aclRuleAllowWithWarnLoggerMatchAllStop", 4648 }, 4649 }, {name: "allow all and stop processing with warn logging and without counter with allow stop verdict", 4650 config: &RuleConfiguration{ 4651 Comment: "foobar barfoo", 4652 Conditions: []string{ 4653 "exact match roles foobar", 4654 "exact match org nyc", 4655 }, 4656 Action: `allow stop log warn`, 4657 }, input: map[string]interface{}{ 4658 "roles": []string{"foobar"}, 4659 "org": []string{"nyc"}, 4660 }, 4661 want: map[string]interface{}{ 4662 "verdict": getRuleVerdictName(ruleVerdictAllowStop), 4663 "rule_type": "*acl.aclRuleAllowWithWarnLoggerMatchAllStop", 4664 }, 4665 }, {name: "allow all and stop processing with error logging and without counter with continue verdict", 4666 config: &RuleConfiguration{ 4667 Comment: "foobar barfoo", 4668 Conditions: []string{ 4669 "exact match roles foobar", 4670 "exact match org nyc", 4671 }, 4672 Action: `allow stop log error`, 4673 }, input: map[string]interface{}{ 4674 "name": "John Smith", 4675 "roles": []string{"barfoo"}, 4676 }, 4677 want: map[string]interface{}{ 4678 "verdict": getRuleVerdictName(ruleVerdictContinue), 4679 "rule_type": "*acl.aclRuleAllowWithErrorLoggerMatchAllStop", 4680 }, 4681 }, {name: "allow all and stop processing with error logging and without counter with continue verdict 1", 4682 config: &RuleConfiguration{ 4683 Comment: "foobar barfoo", 4684 Conditions: []string{ 4685 "exact match roles foobar", 4686 "exact match org nyc", 4687 }, 4688 Action: `allow stop log error`, 4689 }, input: map[string]interface{}{ 4690 "name": "John Smith", 4691 }, 4692 want: map[string]interface{}{ 4693 "verdict": getRuleVerdictName(ruleVerdictContinue), 4694 "rule_type": "*acl.aclRuleAllowWithErrorLoggerMatchAllStop", 4695 }, 4696 }, {name: "allow all and stop processing with error logging and without counter with continue verdict 2", 4697 config: &RuleConfiguration{ 4698 Comment: "foobar barfoo", 4699 Conditions: []string{ 4700 "exact match roles foobar", 4701 "exact match org nyc", 4702 }, 4703 Action: `allow stop log error`, 4704 }, input: map[string]interface{}{ 4705 "name": "John Smith", 4706 "roles": []string{"barfoo"}, 4707 }, 4708 emptyFields: true, 4709 want: map[string]interface{}{ 4710 "verdict": getRuleVerdictName(ruleVerdictContinue), 4711 "empty_fields": true, 4712 "rule_type": "*acl.aclRuleAllowWithErrorLoggerMatchAllStop", 4713 }, 4714 }, {name: "allow all and stop processing with error logging and without counter with continue verdict 3", 4715 config: &RuleConfiguration{ 4716 Comment: "foobar barfoo", 4717 Conditions: []string{ 4718 "exact match roles foobar", 4719 "exact match org nyc", 4720 }, 4721 Action: `allow stop log error`, 4722 }, input: map[string]interface{}{ 4723 "name": "John Smith", 4724 }, 4725 emptyFields: true, 4726 want: map[string]interface{}{ 4727 "verdict": getRuleVerdictName(ruleVerdictContinue), 4728 "empty_fields": true, 4729 "rule_type": "*acl.aclRuleAllowWithErrorLoggerMatchAllStop", 4730 }, 4731 }, {name: "allow all and stop processing with error logging and without counter with allow stop verdict", 4732 config: &RuleConfiguration{ 4733 Comment: "foobar barfoo", 4734 Conditions: []string{ 4735 "exact match roles foobar", 4736 "exact match org nyc", 4737 }, 4738 Action: `allow stop log error`, 4739 }, input: map[string]interface{}{ 4740 "roles": []string{"foobar"}, 4741 "org": []string{"nyc"}, 4742 }, 4743 want: map[string]interface{}{ 4744 "verdict": getRuleVerdictName(ruleVerdictAllowStop), 4745 "rule_type": "*acl.aclRuleAllowWithErrorLoggerMatchAllStop", 4746 }, 4747 }, {name: "allow and stop processing with debug logging and without counter with continue verdict", 4748 config: &RuleConfiguration{ 4749 Comment: "foobar barfoo", 4750 Conditions: []string{"exact match roles foobar"}, 4751 Action: `allow stop log debug`, 4752 }, input: map[string]interface{}{ 4753 "name": "John Smith", 4754 "roles": []string{"barfoo"}, 4755 }, 4756 want: map[string]interface{}{ 4757 "verdict": getRuleVerdictName(ruleVerdictContinue), 4758 "rule_type": "*acl.aclRuleAllowWithDebugLoggerStop", 4759 }, 4760 }, {name: "allow and stop processing with debug logging and without counter with continue verdict 1", 4761 config: &RuleConfiguration{ 4762 Comment: "foobar barfoo", 4763 Conditions: []string{"exact match roles foobar"}, 4764 Action: `allow stop log debug`, 4765 }, input: map[string]interface{}{ 4766 "name": "John Smith", 4767 }, 4768 want: map[string]interface{}{ 4769 "verdict": getRuleVerdictName(ruleVerdictContinue), 4770 "rule_type": "*acl.aclRuleAllowWithDebugLoggerStop", 4771 }, 4772 }, {name: "allow and stop processing with debug logging and without counter with continue verdict 2", 4773 config: &RuleConfiguration{ 4774 Comment: "foobar barfoo", 4775 Conditions: []string{"exact match roles foobar"}, 4776 Action: `allow stop log debug`, 4777 }, input: map[string]interface{}{ 4778 "name": "John Smith", 4779 "roles": []string{"barfoo"}, 4780 }, 4781 emptyFields: true, 4782 want: map[string]interface{}{ 4783 "verdict": getRuleVerdictName(ruleVerdictContinue), 4784 "empty_fields": true, 4785 "rule_type": "*acl.aclRuleAllowWithDebugLoggerStop", 4786 }, 4787 }, {name: "allow and stop processing with debug logging and without counter with continue verdict 3", 4788 config: &RuleConfiguration{ 4789 Comment: "foobar barfoo", 4790 Conditions: []string{"exact match roles foobar"}, 4791 Action: `allow stop log debug`, 4792 }, input: map[string]interface{}{ 4793 "name": "John Smith", 4794 }, 4795 emptyFields: true, 4796 want: map[string]interface{}{ 4797 "verdict": getRuleVerdictName(ruleVerdictContinue), 4798 "empty_fields": true, 4799 "rule_type": "*acl.aclRuleAllowWithDebugLoggerStop", 4800 }, 4801 }, {name: "allow and stop processing with debug logging and without counter with allow stop verdict", 4802 config: &RuleConfiguration{ 4803 Comment: "foobar barfoo", 4804 Conditions: []string{"exact match roles foobar"}, 4805 Action: `allow stop log debug`, 4806 }, input: map[string]interface{}{ 4807 "roles": []string{"foobar"}, 4808 "org": []string{"nyc"}, 4809 }, 4810 want: map[string]interface{}{ 4811 "verdict": getRuleVerdictName(ruleVerdictAllowStop), 4812 "rule_type": "*acl.aclRuleAllowWithDebugLoggerStop", 4813 }, 4814 }, {name: "allow and stop processing with info logging and without counter with continue verdict", 4815 config: &RuleConfiguration{ 4816 Comment: "foobar barfoo", 4817 Conditions: []string{"exact match roles foobar"}, 4818 Action: `allow stop log info`, 4819 }, input: map[string]interface{}{ 4820 "name": "John Smith", 4821 "roles": []string{"barfoo"}, 4822 }, 4823 want: map[string]interface{}{ 4824 "verdict": getRuleVerdictName(ruleVerdictContinue), 4825 "rule_type": "*acl.aclRuleAllowWithInfoLoggerStop", 4826 }, 4827 }, {name: "allow and stop processing with info logging and without counter with continue verdict 1", 4828 config: &RuleConfiguration{ 4829 Comment: "foobar barfoo", 4830 Conditions: []string{"exact match roles foobar"}, 4831 Action: `allow stop log info`, 4832 }, input: map[string]interface{}{ 4833 "name": "John Smith", 4834 }, 4835 want: map[string]interface{}{ 4836 "verdict": getRuleVerdictName(ruleVerdictContinue), 4837 "rule_type": "*acl.aclRuleAllowWithInfoLoggerStop", 4838 }, 4839 }, {name: "allow and stop processing with info logging and without counter with continue verdict 2", 4840 config: &RuleConfiguration{ 4841 Comment: "foobar barfoo", 4842 Conditions: []string{"exact match roles foobar"}, 4843 Action: `allow stop log info`, 4844 }, input: map[string]interface{}{ 4845 "name": "John Smith", 4846 "roles": []string{"barfoo"}, 4847 }, 4848 emptyFields: true, 4849 want: map[string]interface{}{ 4850 "verdict": getRuleVerdictName(ruleVerdictContinue), 4851 "empty_fields": true, 4852 "rule_type": "*acl.aclRuleAllowWithInfoLoggerStop", 4853 }, 4854 }, {name: "allow and stop processing with info logging and without counter with continue verdict 3", 4855 config: &RuleConfiguration{ 4856 Comment: "foobar barfoo", 4857 Conditions: []string{"exact match roles foobar"}, 4858 Action: `allow stop log info`, 4859 }, input: map[string]interface{}{ 4860 "name": "John Smith", 4861 }, 4862 emptyFields: true, 4863 want: map[string]interface{}{ 4864 "verdict": getRuleVerdictName(ruleVerdictContinue), 4865 "empty_fields": true, 4866 "rule_type": "*acl.aclRuleAllowWithInfoLoggerStop", 4867 }, 4868 }, {name: "allow and stop processing with info logging and without counter with allow stop verdict", 4869 config: &RuleConfiguration{ 4870 Comment: "foobar barfoo", 4871 Conditions: []string{"exact match roles foobar"}, 4872 Action: `allow stop log info`, 4873 }, input: map[string]interface{}{ 4874 "roles": []string{"foobar"}, 4875 "org": []string{"nyc"}, 4876 }, 4877 want: map[string]interface{}{ 4878 "verdict": getRuleVerdictName(ruleVerdictAllowStop), 4879 "rule_type": "*acl.aclRuleAllowWithInfoLoggerStop", 4880 }, 4881 }, {name: "allow and stop processing with warn logging and without counter with continue verdict", 4882 config: &RuleConfiguration{ 4883 Comment: "foobar barfoo", 4884 Conditions: []string{"exact match roles foobar"}, 4885 Action: `allow stop log warn`, 4886 }, input: map[string]interface{}{ 4887 "name": "John Smith", 4888 "roles": []string{"barfoo"}, 4889 }, 4890 want: map[string]interface{}{ 4891 "verdict": getRuleVerdictName(ruleVerdictContinue), 4892 "rule_type": "*acl.aclRuleAllowWithWarnLoggerStop", 4893 }, 4894 }, {name: "allow and stop processing with warn logging and without counter with continue verdict 1", 4895 config: &RuleConfiguration{ 4896 Comment: "foobar barfoo", 4897 Conditions: []string{"exact match roles foobar"}, 4898 Action: `allow stop log warn`, 4899 }, input: map[string]interface{}{ 4900 "name": "John Smith", 4901 }, 4902 want: map[string]interface{}{ 4903 "verdict": getRuleVerdictName(ruleVerdictContinue), 4904 "rule_type": "*acl.aclRuleAllowWithWarnLoggerStop", 4905 }, 4906 }, {name: "allow and stop processing with warn logging and without counter with continue verdict 2", 4907 config: &RuleConfiguration{ 4908 Comment: "foobar barfoo", 4909 Conditions: []string{"exact match roles foobar"}, 4910 Action: `allow stop log warn`, 4911 }, input: map[string]interface{}{ 4912 "name": "John Smith", 4913 "roles": []string{"barfoo"}, 4914 }, 4915 emptyFields: true, 4916 want: map[string]interface{}{ 4917 "verdict": getRuleVerdictName(ruleVerdictContinue), 4918 "empty_fields": true, 4919 "rule_type": "*acl.aclRuleAllowWithWarnLoggerStop", 4920 }, 4921 }, {name: "allow and stop processing with warn logging and without counter with continue verdict 3", 4922 config: &RuleConfiguration{ 4923 Comment: "foobar barfoo", 4924 Conditions: []string{"exact match roles foobar"}, 4925 Action: `allow stop log warn`, 4926 }, input: map[string]interface{}{ 4927 "name": "John Smith", 4928 }, 4929 emptyFields: true, 4930 want: map[string]interface{}{ 4931 "verdict": getRuleVerdictName(ruleVerdictContinue), 4932 "empty_fields": true, 4933 "rule_type": "*acl.aclRuleAllowWithWarnLoggerStop", 4934 }, 4935 }, {name: "allow and stop processing with warn logging and without counter with allow stop verdict", 4936 config: &RuleConfiguration{ 4937 Comment: "foobar barfoo", 4938 Conditions: []string{"exact match roles foobar"}, 4939 Action: `allow stop log warn`, 4940 }, input: map[string]interface{}{ 4941 "roles": []string{"foobar"}, 4942 "org": []string{"nyc"}, 4943 }, 4944 want: map[string]interface{}{ 4945 "verdict": getRuleVerdictName(ruleVerdictAllowStop), 4946 "rule_type": "*acl.aclRuleAllowWithWarnLoggerStop", 4947 }, 4948 }, {name: "allow and stop processing with error logging and without counter with continue verdict", 4949 config: &RuleConfiguration{ 4950 Comment: "foobar barfoo", 4951 Conditions: []string{"exact match roles foobar"}, 4952 Action: `allow stop log error`, 4953 }, input: map[string]interface{}{ 4954 "name": "John Smith", 4955 "roles": []string{"barfoo"}, 4956 }, 4957 want: map[string]interface{}{ 4958 "verdict": getRuleVerdictName(ruleVerdictContinue), 4959 "rule_type": "*acl.aclRuleAllowWithErrorLoggerStop", 4960 }, 4961 }, {name: "allow and stop processing with error logging and without counter with continue verdict 1", 4962 config: &RuleConfiguration{ 4963 Comment: "foobar barfoo", 4964 Conditions: []string{"exact match roles foobar"}, 4965 Action: `allow stop log error`, 4966 }, input: map[string]interface{}{ 4967 "name": "John Smith", 4968 }, 4969 want: map[string]interface{}{ 4970 "verdict": getRuleVerdictName(ruleVerdictContinue), 4971 "rule_type": "*acl.aclRuleAllowWithErrorLoggerStop", 4972 }, 4973 }, {name: "allow and stop processing with error logging and without counter with continue verdict 2", 4974 config: &RuleConfiguration{ 4975 Comment: "foobar barfoo", 4976 Conditions: []string{"exact match roles foobar"}, 4977 Action: `allow stop log error`, 4978 }, input: map[string]interface{}{ 4979 "name": "John Smith", 4980 "roles": []string{"barfoo"}, 4981 }, 4982 emptyFields: true, 4983 want: map[string]interface{}{ 4984 "verdict": getRuleVerdictName(ruleVerdictContinue), 4985 "empty_fields": true, 4986 "rule_type": "*acl.aclRuleAllowWithErrorLoggerStop", 4987 }, 4988 }, {name: "allow and stop processing with error logging and without counter with continue verdict 3", 4989 config: &RuleConfiguration{ 4990 Comment: "foobar barfoo", 4991 Conditions: []string{"exact match roles foobar"}, 4992 Action: `allow stop log error`, 4993 }, input: map[string]interface{}{ 4994 "name": "John Smith", 4995 }, 4996 emptyFields: true, 4997 want: map[string]interface{}{ 4998 "verdict": getRuleVerdictName(ruleVerdictContinue), 4999 "empty_fields": true, 5000 "rule_type": "*acl.aclRuleAllowWithErrorLoggerStop", 5001 }, 5002 }, {name: "allow and stop processing with error logging and without counter with allow stop verdict", 5003 config: &RuleConfiguration{ 5004 Comment: "foobar barfoo", 5005 Conditions: []string{"exact match roles foobar"}, 5006 Action: `allow stop log error`, 5007 }, input: map[string]interface{}{ 5008 "roles": []string{"foobar"}, 5009 "org": []string{"nyc"}, 5010 }, 5011 want: map[string]interface{}{ 5012 "verdict": getRuleVerdictName(ruleVerdictAllowStop), 5013 "rule_type": "*acl.aclRuleAllowWithErrorLoggerStop", 5014 }, 5015 }, {name: "allow any with debug logging and without counter with continue verdict", 5016 config: &RuleConfiguration{ 5017 Comment: "foobar barfoo", 5018 Conditions: []string{ 5019 "exact match roles foobar", 5020 "exact match org nyc", 5021 }, 5022 Action: `allow any log debug`, 5023 }, input: map[string]interface{}{ 5024 "name": "John Smith", 5025 "roles": []string{"barfoo"}, 5026 }, 5027 want: map[string]interface{}{ 5028 "verdict": getRuleVerdictName(ruleVerdictContinue), 5029 "rule_type": "*acl.aclRuleAllowWithDebugLoggerMatchAny", 5030 }, 5031 }, {name: "allow any with debug logging and without counter with continue verdict 1", 5032 config: &RuleConfiguration{ 5033 Comment: "foobar barfoo", 5034 Conditions: []string{ 5035 "exact match roles foobar", 5036 "exact match org nyc", 5037 }, 5038 Action: `allow any log debug`, 5039 }, input: map[string]interface{}{ 5040 "name": "John Smith", 5041 }, 5042 want: map[string]interface{}{ 5043 "verdict": getRuleVerdictName(ruleVerdictContinue), 5044 "rule_type": "*acl.aclRuleAllowWithDebugLoggerMatchAny", 5045 }, 5046 }, {name: "allow any with debug logging and without counter with continue verdict 2", 5047 config: &RuleConfiguration{ 5048 Comment: "foobar barfoo", 5049 Conditions: []string{ 5050 "exact match roles foobar", 5051 "exact match org nyc", 5052 }, 5053 Action: `allow any log debug`, 5054 }, input: map[string]interface{}{ 5055 "name": "John Smith", 5056 "roles": []string{"barfoo"}, 5057 }, 5058 emptyFields: true, 5059 want: map[string]interface{}{ 5060 "verdict": getRuleVerdictName(ruleVerdictContinue), 5061 "empty_fields": true, 5062 "rule_type": "*acl.aclRuleAllowWithDebugLoggerMatchAny", 5063 }, 5064 }, {name: "allow any with debug logging and without counter with continue verdict 3", 5065 config: &RuleConfiguration{ 5066 Comment: "foobar barfoo", 5067 Conditions: []string{ 5068 "exact match roles foobar", 5069 "exact match org nyc", 5070 }, 5071 Action: `allow any log debug`, 5072 }, input: map[string]interface{}{ 5073 "name": "John Smith", 5074 }, 5075 emptyFields: true, 5076 want: map[string]interface{}{ 5077 "verdict": getRuleVerdictName(ruleVerdictContinue), 5078 "empty_fields": true, 5079 "rule_type": "*acl.aclRuleAllowWithDebugLoggerMatchAny", 5080 }, 5081 }, {name: "allow any with debug logging and without counter with allow verdict", 5082 config: &RuleConfiguration{ 5083 Comment: "foobar barfoo", 5084 Conditions: []string{ 5085 "exact match roles foobar", 5086 "exact match org nyc", 5087 }, 5088 Action: `allow any log debug`, 5089 }, input: map[string]interface{}{ 5090 "roles": []string{"foobar"}, 5091 "org": []string{"nyc"}, 5092 }, 5093 want: map[string]interface{}{ 5094 "verdict": getRuleVerdictName(ruleVerdictAllow), 5095 "rule_type": "*acl.aclRuleAllowWithDebugLoggerMatchAny", 5096 }, 5097 }, {name: "allow any with info logging and without counter with continue verdict", 5098 config: &RuleConfiguration{ 5099 Comment: "foobar barfoo", 5100 Conditions: []string{ 5101 "exact match roles foobar", 5102 "exact match org nyc", 5103 }, 5104 Action: `allow any log info`, 5105 }, input: map[string]interface{}{ 5106 "name": "John Smith", 5107 "roles": []string{"barfoo"}, 5108 }, 5109 want: map[string]interface{}{ 5110 "verdict": getRuleVerdictName(ruleVerdictContinue), 5111 "rule_type": "*acl.aclRuleAllowWithInfoLoggerMatchAny", 5112 }, 5113 }, {name: "allow any with info logging and without counter with continue verdict 1", 5114 config: &RuleConfiguration{ 5115 Comment: "foobar barfoo", 5116 Conditions: []string{ 5117 "exact match roles foobar", 5118 "exact match org nyc", 5119 }, 5120 Action: `allow any log info`, 5121 }, input: map[string]interface{}{ 5122 "name": "John Smith", 5123 }, 5124 want: map[string]interface{}{ 5125 "verdict": getRuleVerdictName(ruleVerdictContinue), 5126 "rule_type": "*acl.aclRuleAllowWithInfoLoggerMatchAny", 5127 }, 5128 }, {name: "allow any with info logging and without counter with continue verdict 2", 5129 config: &RuleConfiguration{ 5130 Comment: "foobar barfoo", 5131 Conditions: []string{ 5132 "exact match roles foobar", 5133 "exact match org nyc", 5134 }, 5135 Action: `allow any log info`, 5136 }, input: map[string]interface{}{ 5137 "name": "John Smith", 5138 "roles": []string{"barfoo"}, 5139 }, 5140 emptyFields: true, 5141 want: map[string]interface{}{ 5142 "verdict": getRuleVerdictName(ruleVerdictContinue), 5143 "empty_fields": true, 5144 "rule_type": "*acl.aclRuleAllowWithInfoLoggerMatchAny", 5145 }, 5146 }, {name: "allow any with info logging and without counter with continue verdict 3", 5147 config: &RuleConfiguration{ 5148 Comment: "foobar barfoo", 5149 Conditions: []string{ 5150 "exact match roles foobar", 5151 "exact match org nyc", 5152 }, 5153 Action: `allow any log info`, 5154 }, input: map[string]interface{}{ 5155 "name": "John Smith", 5156 }, 5157 emptyFields: true, 5158 want: map[string]interface{}{ 5159 "verdict": getRuleVerdictName(ruleVerdictContinue), 5160 "empty_fields": true, 5161 "rule_type": "*acl.aclRuleAllowWithInfoLoggerMatchAny", 5162 }, 5163 }, {name: "allow any with info logging and without counter with allow verdict", 5164 config: &RuleConfiguration{ 5165 Comment: "foobar barfoo", 5166 Conditions: []string{ 5167 "exact match roles foobar", 5168 "exact match org nyc", 5169 }, 5170 Action: `allow any log info`, 5171 }, input: map[string]interface{}{ 5172 "roles": []string{"foobar"}, 5173 "org": []string{"nyc"}, 5174 }, 5175 want: map[string]interface{}{ 5176 "verdict": getRuleVerdictName(ruleVerdictAllow), 5177 "rule_type": "*acl.aclRuleAllowWithInfoLoggerMatchAny", 5178 }, 5179 }, {name: "allow any with warn logging and without counter with continue verdict", 5180 config: &RuleConfiguration{ 5181 Comment: "foobar barfoo", 5182 Conditions: []string{ 5183 "exact match roles foobar", 5184 "exact match org nyc", 5185 }, 5186 Action: `allow any log warn`, 5187 }, input: map[string]interface{}{ 5188 "name": "John Smith", 5189 "roles": []string{"barfoo"}, 5190 }, 5191 want: map[string]interface{}{ 5192 "verdict": getRuleVerdictName(ruleVerdictContinue), 5193 "rule_type": "*acl.aclRuleAllowWithWarnLoggerMatchAny", 5194 }, 5195 }, {name: "allow any with warn logging and without counter with continue verdict 1", 5196 config: &RuleConfiguration{ 5197 Comment: "foobar barfoo", 5198 Conditions: []string{ 5199 "exact match roles foobar", 5200 "exact match org nyc", 5201 }, 5202 Action: `allow any log warn`, 5203 }, input: map[string]interface{}{ 5204 "name": "John Smith", 5205 }, 5206 want: map[string]interface{}{ 5207 "verdict": getRuleVerdictName(ruleVerdictContinue), 5208 "rule_type": "*acl.aclRuleAllowWithWarnLoggerMatchAny", 5209 }, 5210 }, {name: "allow any with warn logging and without counter with continue verdict 2", 5211 config: &RuleConfiguration{ 5212 Comment: "foobar barfoo", 5213 Conditions: []string{ 5214 "exact match roles foobar", 5215 "exact match org nyc", 5216 }, 5217 Action: `allow any log warn`, 5218 }, input: map[string]interface{}{ 5219 "name": "John Smith", 5220 "roles": []string{"barfoo"}, 5221 }, 5222 emptyFields: true, 5223 want: map[string]interface{}{ 5224 "verdict": getRuleVerdictName(ruleVerdictContinue), 5225 "empty_fields": true, 5226 "rule_type": "*acl.aclRuleAllowWithWarnLoggerMatchAny", 5227 }, 5228 }, {name: "allow any with warn logging and without counter with continue verdict 3", 5229 config: &RuleConfiguration{ 5230 Comment: "foobar barfoo", 5231 Conditions: []string{ 5232 "exact match roles foobar", 5233 "exact match org nyc", 5234 }, 5235 Action: `allow any log warn`, 5236 }, input: map[string]interface{}{ 5237 "name": "John Smith", 5238 }, 5239 emptyFields: true, 5240 want: map[string]interface{}{ 5241 "verdict": getRuleVerdictName(ruleVerdictContinue), 5242 "empty_fields": true, 5243 "rule_type": "*acl.aclRuleAllowWithWarnLoggerMatchAny", 5244 }, 5245 }, {name: "allow any with warn logging and without counter with allow verdict", 5246 config: &RuleConfiguration{ 5247 Comment: "foobar barfoo", 5248 Conditions: []string{ 5249 "exact match roles foobar", 5250 "exact match org nyc", 5251 }, 5252 Action: `allow any log warn`, 5253 }, input: map[string]interface{}{ 5254 "roles": []string{"foobar"}, 5255 "org": []string{"nyc"}, 5256 }, 5257 want: map[string]interface{}{ 5258 "verdict": getRuleVerdictName(ruleVerdictAllow), 5259 "rule_type": "*acl.aclRuleAllowWithWarnLoggerMatchAny", 5260 }, 5261 }, {name: "allow any with error logging and without counter with continue verdict", 5262 config: &RuleConfiguration{ 5263 Comment: "foobar barfoo", 5264 Conditions: []string{ 5265 "exact match roles foobar", 5266 "exact match org nyc", 5267 }, 5268 Action: `allow any log error`, 5269 }, input: map[string]interface{}{ 5270 "name": "John Smith", 5271 "roles": []string{"barfoo"}, 5272 }, 5273 want: map[string]interface{}{ 5274 "verdict": getRuleVerdictName(ruleVerdictContinue), 5275 "rule_type": "*acl.aclRuleAllowWithErrorLoggerMatchAny", 5276 }, 5277 }, {name: "allow any with error logging and without counter with continue verdict 1", 5278 config: &RuleConfiguration{ 5279 Comment: "foobar barfoo", 5280 Conditions: []string{ 5281 "exact match roles foobar", 5282 "exact match org nyc", 5283 }, 5284 Action: `allow any log error`, 5285 }, input: map[string]interface{}{ 5286 "name": "John Smith", 5287 }, 5288 want: map[string]interface{}{ 5289 "verdict": getRuleVerdictName(ruleVerdictContinue), 5290 "rule_type": "*acl.aclRuleAllowWithErrorLoggerMatchAny", 5291 }, 5292 }, {name: "allow any with error logging and without counter with continue verdict 2", 5293 config: &RuleConfiguration{ 5294 Comment: "foobar barfoo", 5295 Conditions: []string{ 5296 "exact match roles foobar", 5297 "exact match org nyc", 5298 }, 5299 Action: `allow any log error`, 5300 }, input: map[string]interface{}{ 5301 "name": "John Smith", 5302 "roles": []string{"barfoo"}, 5303 }, 5304 emptyFields: true, 5305 want: map[string]interface{}{ 5306 "verdict": getRuleVerdictName(ruleVerdictContinue), 5307 "empty_fields": true, 5308 "rule_type": "*acl.aclRuleAllowWithErrorLoggerMatchAny", 5309 }, 5310 }, {name: "allow any with error logging and without counter with continue verdict 3", 5311 config: &RuleConfiguration{ 5312 Comment: "foobar barfoo", 5313 Conditions: []string{ 5314 "exact match roles foobar", 5315 "exact match org nyc", 5316 }, 5317 Action: `allow any log error`, 5318 }, input: map[string]interface{}{ 5319 "name": "John Smith", 5320 }, 5321 emptyFields: true, 5322 want: map[string]interface{}{ 5323 "verdict": getRuleVerdictName(ruleVerdictContinue), 5324 "empty_fields": true, 5325 "rule_type": "*acl.aclRuleAllowWithErrorLoggerMatchAny", 5326 }, 5327 }, {name: "allow any with error logging and without counter with allow verdict", 5328 config: &RuleConfiguration{ 5329 Comment: "foobar barfoo", 5330 Conditions: []string{ 5331 "exact match roles foobar", 5332 "exact match org nyc", 5333 }, 5334 Action: `allow any log error`, 5335 }, input: map[string]interface{}{ 5336 "roles": []string{"foobar"}, 5337 "org": []string{"nyc"}, 5338 }, 5339 want: map[string]interface{}{ 5340 "verdict": getRuleVerdictName(ruleVerdictAllow), 5341 "rule_type": "*acl.aclRuleAllowWithErrorLoggerMatchAny", 5342 }, 5343 }, {name: "allow all with debug logging and without counter with continue verdict", 5344 config: &RuleConfiguration{ 5345 Comment: "foobar barfoo", 5346 Conditions: []string{ 5347 "exact match roles foobar", 5348 "exact match org nyc", 5349 }, 5350 Action: `allow log debug`, 5351 }, input: map[string]interface{}{ 5352 "name": "John Smith", 5353 "roles": []string{"barfoo"}, 5354 }, 5355 want: map[string]interface{}{ 5356 "verdict": getRuleVerdictName(ruleVerdictContinue), 5357 "rule_type": "*acl.aclRuleAllowWithDebugLoggerMatchAll", 5358 }, 5359 }, {name: "allow all with debug logging and without counter with continue verdict 1", 5360 config: &RuleConfiguration{ 5361 Comment: "foobar barfoo", 5362 Conditions: []string{ 5363 "exact match roles foobar", 5364 "exact match org nyc", 5365 }, 5366 Action: `allow log debug`, 5367 }, input: map[string]interface{}{ 5368 "name": "John Smith", 5369 }, 5370 want: map[string]interface{}{ 5371 "verdict": getRuleVerdictName(ruleVerdictContinue), 5372 "rule_type": "*acl.aclRuleAllowWithDebugLoggerMatchAll", 5373 }, 5374 }, {name: "allow all with debug logging and without counter with continue verdict 2", 5375 config: &RuleConfiguration{ 5376 Comment: "foobar barfoo", 5377 Conditions: []string{ 5378 "exact match roles foobar", 5379 "exact match org nyc", 5380 }, 5381 Action: `allow log debug`, 5382 }, input: map[string]interface{}{ 5383 "name": "John Smith", 5384 "roles": []string{"barfoo"}, 5385 }, 5386 emptyFields: true, 5387 want: map[string]interface{}{ 5388 "verdict": getRuleVerdictName(ruleVerdictContinue), 5389 "empty_fields": true, 5390 "rule_type": "*acl.aclRuleAllowWithDebugLoggerMatchAll", 5391 }, 5392 }, {name: "allow all with debug logging and without counter with continue verdict 3", 5393 config: &RuleConfiguration{ 5394 Comment: "foobar barfoo", 5395 Conditions: []string{ 5396 "exact match roles foobar", 5397 "exact match org nyc", 5398 }, 5399 Action: `allow log debug`, 5400 }, input: map[string]interface{}{ 5401 "name": "John Smith", 5402 }, 5403 emptyFields: true, 5404 want: map[string]interface{}{ 5405 "verdict": getRuleVerdictName(ruleVerdictContinue), 5406 "empty_fields": true, 5407 "rule_type": "*acl.aclRuleAllowWithDebugLoggerMatchAll", 5408 }, 5409 }, {name: "allow all with debug logging and without counter with allow verdict", 5410 config: &RuleConfiguration{ 5411 Comment: "foobar barfoo", 5412 Conditions: []string{ 5413 "exact match roles foobar", 5414 "exact match org nyc", 5415 }, 5416 Action: `allow log debug`, 5417 }, input: map[string]interface{}{ 5418 "roles": []string{"foobar"}, 5419 "org": []string{"nyc"}, 5420 }, 5421 want: map[string]interface{}{ 5422 "verdict": getRuleVerdictName(ruleVerdictAllow), 5423 "rule_type": "*acl.aclRuleAllowWithDebugLoggerMatchAll", 5424 }, 5425 }, {name: "allow all with info logging and without counter with continue verdict", 5426 config: &RuleConfiguration{ 5427 Comment: "foobar barfoo", 5428 Conditions: []string{ 5429 "exact match roles foobar", 5430 "exact match org nyc", 5431 }, 5432 Action: `allow log info`, 5433 }, input: map[string]interface{}{ 5434 "name": "John Smith", 5435 "roles": []string{"barfoo"}, 5436 }, 5437 want: map[string]interface{}{ 5438 "verdict": getRuleVerdictName(ruleVerdictContinue), 5439 "rule_type": "*acl.aclRuleAllowWithInfoLoggerMatchAll", 5440 }, 5441 }, {name: "allow all with info logging and without counter with continue verdict 1", 5442 config: &RuleConfiguration{ 5443 Comment: "foobar barfoo", 5444 Conditions: []string{ 5445 "exact match roles foobar", 5446 "exact match org nyc", 5447 }, 5448 Action: `allow log info`, 5449 }, input: map[string]interface{}{ 5450 "name": "John Smith", 5451 }, 5452 want: map[string]interface{}{ 5453 "verdict": getRuleVerdictName(ruleVerdictContinue), 5454 "rule_type": "*acl.aclRuleAllowWithInfoLoggerMatchAll", 5455 }, 5456 }, {name: "allow all with info logging and without counter with continue verdict 2", 5457 config: &RuleConfiguration{ 5458 Comment: "foobar barfoo", 5459 Conditions: []string{ 5460 "exact match roles foobar", 5461 "exact match org nyc", 5462 }, 5463 Action: `allow log info`, 5464 }, input: map[string]interface{}{ 5465 "name": "John Smith", 5466 "roles": []string{"barfoo"}, 5467 }, 5468 emptyFields: true, 5469 want: map[string]interface{}{ 5470 "verdict": getRuleVerdictName(ruleVerdictContinue), 5471 "empty_fields": true, 5472 "rule_type": "*acl.aclRuleAllowWithInfoLoggerMatchAll", 5473 }, 5474 }, {name: "allow all with info logging and without counter with continue verdict 3", 5475 config: &RuleConfiguration{ 5476 Comment: "foobar barfoo", 5477 Conditions: []string{ 5478 "exact match roles foobar", 5479 "exact match org nyc", 5480 }, 5481 Action: `allow log info`, 5482 }, input: map[string]interface{}{ 5483 "name": "John Smith", 5484 }, 5485 emptyFields: true, 5486 want: map[string]interface{}{ 5487 "verdict": getRuleVerdictName(ruleVerdictContinue), 5488 "empty_fields": true, 5489 "rule_type": "*acl.aclRuleAllowWithInfoLoggerMatchAll", 5490 }, 5491 }, {name: "allow all with info logging and without counter with allow verdict", 5492 config: &RuleConfiguration{ 5493 Comment: "foobar barfoo", 5494 Conditions: []string{ 5495 "exact match roles foobar", 5496 "exact match org nyc", 5497 }, 5498 Action: `allow log info`, 5499 }, input: map[string]interface{}{ 5500 "roles": []string{"foobar"}, 5501 "org": []string{"nyc"}, 5502 }, 5503 want: map[string]interface{}{ 5504 "verdict": getRuleVerdictName(ruleVerdictAllow), 5505 "rule_type": "*acl.aclRuleAllowWithInfoLoggerMatchAll", 5506 }, 5507 }, {name: "allow all with warn logging and without counter with continue verdict", 5508 config: &RuleConfiguration{ 5509 Comment: "foobar barfoo", 5510 Conditions: []string{ 5511 "exact match roles foobar", 5512 "exact match org nyc", 5513 }, 5514 Action: `allow log warn`, 5515 }, input: map[string]interface{}{ 5516 "name": "John Smith", 5517 "roles": []string{"barfoo"}, 5518 }, 5519 want: map[string]interface{}{ 5520 "verdict": getRuleVerdictName(ruleVerdictContinue), 5521 "rule_type": "*acl.aclRuleAllowWithWarnLoggerMatchAll", 5522 }, 5523 }, {name: "allow all with warn logging and without counter with continue verdict 1", 5524 config: &RuleConfiguration{ 5525 Comment: "foobar barfoo", 5526 Conditions: []string{ 5527 "exact match roles foobar", 5528 "exact match org nyc", 5529 }, 5530 Action: `allow log warn`, 5531 }, input: map[string]interface{}{ 5532 "name": "John Smith", 5533 }, 5534 want: map[string]interface{}{ 5535 "verdict": getRuleVerdictName(ruleVerdictContinue), 5536 "rule_type": "*acl.aclRuleAllowWithWarnLoggerMatchAll", 5537 }, 5538 }, {name: "allow all with warn logging and without counter with continue verdict 2", 5539 config: &RuleConfiguration{ 5540 Comment: "foobar barfoo", 5541 Conditions: []string{ 5542 "exact match roles foobar", 5543 "exact match org nyc", 5544 }, 5545 Action: `allow log warn`, 5546 }, input: map[string]interface{}{ 5547 "name": "John Smith", 5548 "roles": []string{"barfoo"}, 5549 }, 5550 emptyFields: true, 5551 want: map[string]interface{}{ 5552 "verdict": getRuleVerdictName(ruleVerdictContinue), 5553 "empty_fields": true, 5554 "rule_type": "*acl.aclRuleAllowWithWarnLoggerMatchAll", 5555 }, 5556 }, {name: "allow all with warn logging and without counter with continue verdict 3", 5557 config: &RuleConfiguration{ 5558 Comment: "foobar barfoo", 5559 Conditions: []string{ 5560 "exact match roles foobar", 5561 "exact match org nyc", 5562 }, 5563 Action: `allow log warn`, 5564 }, input: map[string]interface{}{ 5565 "name": "John Smith", 5566 }, 5567 emptyFields: true, 5568 want: map[string]interface{}{ 5569 "verdict": getRuleVerdictName(ruleVerdictContinue), 5570 "empty_fields": true, 5571 "rule_type": "*acl.aclRuleAllowWithWarnLoggerMatchAll", 5572 }, 5573 }, {name: "allow all with warn logging and without counter with allow verdict", 5574 config: &RuleConfiguration{ 5575 Comment: "foobar barfoo", 5576 Conditions: []string{ 5577 "exact match roles foobar", 5578 "exact match org nyc", 5579 }, 5580 Action: `allow log warn`, 5581 }, input: map[string]interface{}{ 5582 "roles": []string{"foobar"}, 5583 "org": []string{"nyc"}, 5584 }, 5585 want: map[string]interface{}{ 5586 "verdict": getRuleVerdictName(ruleVerdictAllow), 5587 "rule_type": "*acl.aclRuleAllowWithWarnLoggerMatchAll", 5588 }, 5589 }, {name: "allow all with error logging and without counter with continue verdict", 5590 config: &RuleConfiguration{ 5591 Comment: "foobar barfoo", 5592 Conditions: []string{ 5593 "exact match roles foobar", 5594 "exact match org nyc", 5595 }, 5596 Action: `allow log error`, 5597 }, input: map[string]interface{}{ 5598 "name": "John Smith", 5599 "roles": []string{"barfoo"}, 5600 }, 5601 want: map[string]interface{}{ 5602 "verdict": getRuleVerdictName(ruleVerdictContinue), 5603 "rule_type": "*acl.aclRuleAllowWithErrorLoggerMatchAll", 5604 }, 5605 }, {name: "allow all with error logging and without counter with continue verdict 1", 5606 config: &RuleConfiguration{ 5607 Comment: "foobar barfoo", 5608 Conditions: []string{ 5609 "exact match roles foobar", 5610 "exact match org nyc", 5611 }, 5612 Action: `allow log error`, 5613 }, input: map[string]interface{}{ 5614 "name": "John Smith", 5615 }, 5616 want: map[string]interface{}{ 5617 "verdict": getRuleVerdictName(ruleVerdictContinue), 5618 "rule_type": "*acl.aclRuleAllowWithErrorLoggerMatchAll", 5619 }, 5620 }, {name: "allow all with error logging and without counter with continue verdict 2", 5621 config: &RuleConfiguration{ 5622 Comment: "foobar barfoo", 5623 Conditions: []string{ 5624 "exact match roles foobar", 5625 "exact match org nyc", 5626 }, 5627 Action: `allow log error`, 5628 }, input: map[string]interface{}{ 5629 "name": "John Smith", 5630 "roles": []string{"barfoo"}, 5631 }, 5632 emptyFields: true, 5633 want: map[string]interface{}{ 5634 "verdict": getRuleVerdictName(ruleVerdictContinue), 5635 "empty_fields": true, 5636 "rule_type": "*acl.aclRuleAllowWithErrorLoggerMatchAll", 5637 }, 5638 }, {name: "allow all with error logging and without counter with continue verdict 3", 5639 config: &RuleConfiguration{ 5640 Comment: "foobar barfoo", 5641 Conditions: []string{ 5642 "exact match roles foobar", 5643 "exact match org nyc", 5644 }, 5645 Action: `allow log error`, 5646 }, input: map[string]interface{}{ 5647 "name": "John Smith", 5648 }, 5649 emptyFields: true, 5650 want: map[string]interface{}{ 5651 "verdict": getRuleVerdictName(ruleVerdictContinue), 5652 "empty_fields": true, 5653 "rule_type": "*acl.aclRuleAllowWithErrorLoggerMatchAll", 5654 }, 5655 }, {name: "allow all with error logging and without counter with allow verdict", 5656 config: &RuleConfiguration{ 5657 Comment: "foobar barfoo", 5658 Conditions: []string{ 5659 "exact match roles foobar", 5660 "exact match org nyc", 5661 }, 5662 Action: `allow log error`, 5663 }, input: map[string]interface{}{ 5664 "roles": []string{"foobar"}, 5665 "org": []string{"nyc"}, 5666 }, 5667 want: map[string]interface{}{ 5668 "verdict": getRuleVerdictName(ruleVerdictAllow), 5669 "rule_type": "*acl.aclRuleAllowWithErrorLoggerMatchAll", 5670 }, 5671 }, {name: "allow with debug logging and without counter with continue verdict", 5672 config: &RuleConfiguration{ 5673 Comment: "foobar barfoo", 5674 Conditions: []string{"exact match roles foobar"}, 5675 Action: `allow log debug`, 5676 }, input: map[string]interface{}{ 5677 "name": "John Smith", 5678 "roles": []string{"barfoo"}, 5679 }, 5680 want: map[string]interface{}{ 5681 "verdict": getRuleVerdictName(ruleVerdictContinue), 5682 "rule_type": "*acl.aclRuleAllowWithDebugLogger", 5683 }, 5684 }, {name: "allow with debug logging and without counter with continue verdict 1", 5685 config: &RuleConfiguration{ 5686 Comment: "foobar barfoo", 5687 Conditions: []string{"exact match roles foobar"}, 5688 Action: `allow log debug`, 5689 }, input: map[string]interface{}{ 5690 "name": "John Smith", 5691 }, 5692 want: map[string]interface{}{ 5693 "verdict": getRuleVerdictName(ruleVerdictContinue), 5694 "rule_type": "*acl.aclRuleAllowWithDebugLogger", 5695 }, 5696 }, {name: "allow with debug logging and without counter with continue verdict 2", 5697 config: &RuleConfiguration{ 5698 Comment: "foobar barfoo", 5699 Conditions: []string{"exact match roles foobar"}, 5700 Action: `allow log debug`, 5701 }, input: map[string]interface{}{ 5702 "name": "John Smith", 5703 "roles": []string{"barfoo"}, 5704 }, 5705 emptyFields: true, 5706 want: map[string]interface{}{ 5707 "verdict": getRuleVerdictName(ruleVerdictContinue), 5708 "empty_fields": true, 5709 "rule_type": "*acl.aclRuleAllowWithDebugLogger", 5710 }, 5711 }, {name: "allow with debug logging and without counter with continue verdict 3", 5712 config: &RuleConfiguration{ 5713 Comment: "foobar barfoo", 5714 Conditions: []string{"exact match roles foobar"}, 5715 Action: `allow log debug`, 5716 }, input: map[string]interface{}{ 5717 "name": "John Smith", 5718 }, 5719 emptyFields: true, 5720 want: map[string]interface{}{ 5721 "verdict": getRuleVerdictName(ruleVerdictContinue), 5722 "empty_fields": true, 5723 "rule_type": "*acl.aclRuleAllowWithDebugLogger", 5724 }, 5725 }, {name: "allow with debug logging and without counter with allow verdict", 5726 config: &RuleConfiguration{ 5727 Comment: "foobar barfoo", 5728 Conditions: []string{"exact match roles foobar"}, 5729 Action: `allow log debug`, 5730 }, input: map[string]interface{}{ 5731 "roles": []string{"foobar"}, 5732 "org": []string{"nyc"}, 5733 }, 5734 want: map[string]interface{}{ 5735 "verdict": getRuleVerdictName(ruleVerdictAllow), 5736 "rule_type": "*acl.aclRuleAllowWithDebugLogger", 5737 }, 5738 }, {name: "allow with info logging and without counter with continue verdict", 5739 config: &RuleConfiguration{ 5740 Comment: "foobar barfoo", 5741 Conditions: []string{"exact match roles foobar"}, 5742 Action: `allow log info`, 5743 }, input: map[string]interface{}{ 5744 "name": "John Smith", 5745 "roles": []string{"barfoo"}, 5746 }, 5747 want: map[string]interface{}{ 5748 "verdict": getRuleVerdictName(ruleVerdictContinue), 5749 "rule_type": "*acl.aclRuleAllowWithInfoLogger", 5750 }, 5751 }, {name: "allow with info logging and without counter with continue verdict 1", 5752 config: &RuleConfiguration{ 5753 Comment: "foobar barfoo", 5754 Conditions: []string{"exact match roles foobar"}, 5755 Action: `allow log info`, 5756 }, input: map[string]interface{}{ 5757 "name": "John Smith", 5758 }, 5759 want: map[string]interface{}{ 5760 "verdict": getRuleVerdictName(ruleVerdictContinue), 5761 "rule_type": "*acl.aclRuleAllowWithInfoLogger", 5762 }, 5763 }, {name: "allow with info logging and without counter with continue verdict 2", 5764 config: &RuleConfiguration{ 5765 Comment: "foobar barfoo", 5766 Conditions: []string{"exact match roles foobar"}, 5767 Action: `allow log info`, 5768 }, input: map[string]interface{}{ 5769 "name": "John Smith", 5770 "roles": []string{"barfoo"}, 5771 }, 5772 emptyFields: true, 5773 want: map[string]interface{}{ 5774 "verdict": getRuleVerdictName(ruleVerdictContinue), 5775 "empty_fields": true, 5776 "rule_type": "*acl.aclRuleAllowWithInfoLogger", 5777 }, 5778 }, {name: "allow with info logging and without counter with continue verdict 3", 5779 config: &RuleConfiguration{ 5780 Comment: "foobar barfoo", 5781 Conditions: []string{"exact match roles foobar"}, 5782 Action: `allow log info`, 5783 }, input: map[string]interface{}{ 5784 "name": "John Smith", 5785 }, 5786 emptyFields: true, 5787 want: map[string]interface{}{ 5788 "verdict": getRuleVerdictName(ruleVerdictContinue), 5789 "empty_fields": true, 5790 "rule_type": "*acl.aclRuleAllowWithInfoLogger", 5791 }, 5792 }, {name: "allow with info logging and without counter with allow verdict", 5793 config: &RuleConfiguration{ 5794 Comment: "foobar barfoo", 5795 Conditions: []string{"exact match roles foobar"}, 5796 Action: `allow log info`, 5797 }, input: map[string]interface{}{ 5798 "roles": []string{"foobar"}, 5799 "org": []string{"nyc"}, 5800 }, 5801 want: map[string]interface{}{ 5802 "verdict": getRuleVerdictName(ruleVerdictAllow), 5803 "rule_type": "*acl.aclRuleAllowWithInfoLogger", 5804 }, 5805 }, {name: "allow with warn logging and without counter with continue verdict", 5806 config: &RuleConfiguration{ 5807 Comment: "foobar barfoo", 5808 Conditions: []string{"exact match roles foobar"}, 5809 Action: `allow log warn`, 5810 }, input: map[string]interface{}{ 5811 "name": "John Smith", 5812 "roles": []string{"barfoo"}, 5813 }, 5814 want: map[string]interface{}{ 5815 "verdict": getRuleVerdictName(ruleVerdictContinue), 5816 "rule_type": "*acl.aclRuleAllowWithWarnLogger", 5817 }, 5818 }, {name: "allow with warn logging and without counter with continue verdict 1", 5819 config: &RuleConfiguration{ 5820 Comment: "foobar barfoo", 5821 Conditions: []string{"exact match roles foobar"}, 5822 Action: `allow log warn`, 5823 }, input: map[string]interface{}{ 5824 "name": "John Smith", 5825 }, 5826 want: map[string]interface{}{ 5827 "verdict": getRuleVerdictName(ruleVerdictContinue), 5828 "rule_type": "*acl.aclRuleAllowWithWarnLogger", 5829 }, 5830 }, {name: "allow with warn logging and without counter with continue verdict 2", 5831 config: &RuleConfiguration{ 5832 Comment: "foobar barfoo", 5833 Conditions: []string{"exact match roles foobar"}, 5834 Action: `allow log warn`, 5835 }, input: map[string]interface{}{ 5836 "name": "John Smith", 5837 "roles": []string{"barfoo"}, 5838 }, 5839 emptyFields: true, 5840 want: map[string]interface{}{ 5841 "verdict": getRuleVerdictName(ruleVerdictContinue), 5842 "empty_fields": true, 5843 "rule_type": "*acl.aclRuleAllowWithWarnLogger", 5844 }, 5845 }, {name: "allow with warn logging and without counter with continue verdict 3", 5846 config: &RuleConfiguration{ 5847 Comment: "foobar barfoo", 5848 Conditions: []string{"exact match roles foobar"}, 5849 Action: `allow log warn`, 5850 }, input: map[string]interface{}{ 5851 "name": "John Smith", 5852 }, 5853 emptyFields: true, 5854 want: map[string]interface{}{ 5855 "verdict": getRuleVerdictName(ruleVerdictContinue), 5856 "empty_fields": true, 5857 "rule_type": "*acl.aclRuleAllowWithWarnLogger", 5858 }, 5859 }, {name: "allow with warn logging and without counter with allow verdict", 5860 config: &RuleConfiguration{ 5861 Comment: "foobar barfoo", 5862 Conditions: []string{"exact match roles foobar"}, 5863 Action: `allow log warn`, 5864 }, input: map[string]interface{}{ 5865 "roles": []string{"foobar"}, 5866 "org": []string{"nyc"}, 5867 }, 5868 want: map[string]interface{}{ 5869 "verdict": getRuleVerdictName(ruleVerdictAllow), 5870 "rule_type": "*acl.aclRuleAllowWithWarnLogger", 5871 }, 5872 }, {name: "allow with error logging and without counter with continue verdict", 5873 config: &RuleConfiguration{ 5874 Comment: "foobar barfoo", 5875 Conditions: []string{"exact match roles foobar"}, 5876 Action: `allow log error`, 5877 }, input: map[string]interface{}{ 5878 "name": "John Smith", 5879 "roles": []string{"barfoo"}, 5880 }, 5881 want: map[string]interface{}{ 5882 "verdict": getRuleVerdictName(ruleVerdictContinue), 5883 "rule_type": "*acl.aclRuleAllowWithErrorLogger", 5884 }, 5885 }, {name: "allow with error logging and without counter with continue verdict 1", 5886 config: &RuleConfiguration{ 5887 Comment: "foobar barfoo", 5888 Conditions: []string{"exact match roles foobar"}, 5889 Action: `allow log error`, 5890 }, input: map[string]interface{}{ 5891 "name": "John Smith", 5892 }, 5893 want: map[string]interface{}{ 5894 "verdict": getRuleVerdictName(ruleVerdictContinue), 5895 "rule_type": "*acl.aclRuleAllowWithErrorLogger", 5896 }, 5897 }, {name: "allow with error logging and without counter with continue verdict 2", 5898 config: &RuleConfiguration{ 5899 Comment: "foobar barfoo", 5900 Conditions: []string{"exact match roles foobar"}, 5901 Action: `allow log error`, 5902 }, input: map[string]interface{}{ 5903 "name": "John Smith", 5904 "roles": []string{"barfoo"}, 5905 }, 5906 emptyFields: true, 5907 want: map[string]interface{}{ 5908 "verdict": getRuleVerdictName(ruleVerdictContinue), 5909 "empty_fields": true, 5910 "rule_type": "*acl.aclRuleAllowWithErrorLogger", 5911 }, 5912 }, {name: "allow with error logging and without counter with continue verdict 3", 5913 config: &RuleConfiguration{ 5914 Comment: "foobar barfoo", 5915 Conditions: []string{"exact match roles foobar"}, 5916 Action: `allow log error`, 5917 }, input: map[string]interface{}{ 5918 "name": "John Smith", 5919 }, 5920 emptyFields: true, 5921 want: map[string]interface{}{ 5922 "verdict": getRuleVerdictName(ruleVerdictContinue), 5923 "empty_fields": true, 5924 "rule_type": "*acl.aclRuleAllowWithErrorLogger", 5925 }, 5926 }, {name: "allow with error logging and without counter with allow verdict", 5927 config: &RuleConfiguration{ 5928 Comment: "foobar barfoo", 5929 Conditions: []string{"exact match roles foobar"}, 5930 Action: `allow log error`, 5931 }, input: map[string]interface{}{ 5932 "roles": []string{"foobar"}, 5933 "org": []string{"nyc"}, 5934 }, 5935 want: map[string]interface{}{ 5936 "verdict": getRuleVerdictName(ruleVerdictAllow), 5937 "rule_type": "*acl.aclRuleAllowWithErrorLogger", 5938 }, 5939 }, {name: "allow any and stop processing with counter and without logging with continue verdict", 5940 config: &RuleConfiguration{ 5941 Comment: "foobar barfoo", 5942 Conditions: []string{ 5943 "exact match roles foobar", 5944 "exact match org nyc", 5945 }, 5946 Action: `allow any stop counter`, 5947 }, input: map[string]interface{}{ 5948 "name": "John Smith", 5949 "roles": []string{"barfoo"}, 5950 }, 5951 want: map[string]interface{}{ 5952 "verdict": getRuleVerdictName(ruleVerdictContinue), 5953 "rule_type": "*acl.aclRuleAllowWithCounterMatchAnyStop", 5954 }, 5955 }, {name: "allow any and stop processing with counter and without logging with continue verdict 1", 5956 config: &RuleConfiguration{ 5957 Comment: "foobar barfoo", 5958 Conditions: []string{ 5959 "exact match roles foobar", 5960 "exact match org nyc", 5961 }, 5962 Action: `allow any stop counter`, 5963 }, input: map[string]interface{}{ 5964 "name": "John Smith", 5965 }, 5966 want: map[string]interface{}{ 5967 "verdict": getRuleVerdictName(ruleVerdictContinue), 5968 "rule_type": "*acl.aclRuleAllowWithCounterMatchAnyStop", 5969 }, 5970 }, {name: "allow any and stop processing with counter and without logging with continue verdict 2", 5971 config: &RuleConfiguration{ 5972 Comment: "foobar barfoo", 5973 Conditions: []string{ 5974 "exact match roles foobar", 5975 "exact match org nyc", 5976 }, 5977 Action: `allow any stop counter`, 5978 }, input: map[string]interface{}{ 5979 "name": "John Smith", 5980 "roles": []string{"barfoo"}, 5981 }, 5982 emptyFields: true, 5983 want: map[string]interface{}{ 5984 "verdict": getRuleVerdictName(ruleVerdictContinue), 5985 "empty_fields": true, 5986 "rule_type": "*acl.aclRuleAllowWithCounterMatchAnyStop", 5987 }, 5988 }, {name: "allow any and stop processing with counter and without logging with continue verdict 3", 5989 config: &RuleConfiguration{ 5990 Comment: "foobar barfoo", 5991 Conditions: []string{ 5992 "exact match roles foobar", 5993 "exact match org nyc", 5994 }, 5995 Action: `allow any stop counter`, 5996 }, input: map[string]interface{}{ 5997 "name": "John Smith", 5998 }, 5999 emptyFields: true, 6000 want: map[string]interface{}{ 6001 "verdict": getRuleVerdictName(ruleVerdictContinue), 6002 "empty_fields": true, 6003 "rule_type": "*acl.aclRuleAllowWithCounterMatchAnyStop", 6004 }, 6005 }, {name: "allow any and stop processing with counter and without logging with allow stop verdict", 6006 config: &RuleConfiguration{ 6007 Comment: "foobar barfoo", 6008 Conditions: []string{ 6009 "exact match roles foobar", 6010 "exact match org nyc", 6011 }, 6012 Action: `allow any stop counter`, 6013 }, input: map[string]interface{}{ 6014 "roles": []string{"foobar"}, 6015 "org": []string{"nyc"}, 6016 }, 6017 want: map[string]interface{}{ 6018 "verdict": getRuleVerdictName(ruleVerdictAllowStop), 6019 "rule_type": "*acl.aclRuleAllowWithCounterMatchAnyStop", 6020 }, 6021 }, {name: "allow all and stop processing with counter and without logging with continue verdict", 6022 config: &RuleConfiguration{ 6023 Comment: "foobar barfoo", 6024 Conditions: []string{ 6025 "exact match roles foobar", 6026 "exact match org nyc", 6027 }, 6028 Action: `allow stop counter`, 6029 }, input: map[string]interface{}{ 6030 "name": "John Smith", 6031 "roles": []string{"barfoo"}, 6032 }, 6033 want: map[string]interface{}{ 6034 "verdict": getRuleVerdictName(ruleVerdictContinue), 6035 "rule_type": "*acl.aclRuleAllowWithCounterMatchAllStop", 6036 }, 6037 }, {name: "allow all and stop processing with counter and without logging with continue verdict 1", 6038 config: &RuleConfiguration{ 6039 Comment: "foobar barfoo", 6040 Conditions: []string{ 6041 "exact match roles foobar", 6042 "exact match org nyc", 6043 }, 6044 Action: `allow stop counter`, 6045 }, input: map[string]interface{}{ 6046 "name": "John Smith", 6047 }, 6048 want: map[string]interface{}{ 6049 "verdict": getRuleVerdictName(ruleVerdictContinue), 6050 "rule_type": "*acl.aclRuleAllowWithCounterMatchAllStop", 6051 }, 6052 }, {name: "allow all and stop processing with counter and without logging with continue verdict 2", 6053 config: &RuleConfiguration{ 6054 Comment: "foobar barfoo", 6055 Conditions: []string{ 6056 "exact match roles foobar", 6057 "exact match org nyc", 6058 }, 6059 Action: `allow stop counter`, 6060 }, input: map[string]interface{}{ 6061 "name": "John Smith", 6062 "roles": []string{"barfoo"}, 6063 }, 6064 emptyFields: true, 6065 want: map[string]interface{}{ 6066 "verdict": getRuleVerdictName(ruleVerdictContinue), 6067 "empty_fields": true, 6068 "rule_type": "*acl.aclRuleAllowWithCounterMatchAllStop", 6069 }, 6070 }, {name: "allow all and stop processing with counter and without logging with continue verdict 3", 6071 config: &RuleConfiguration{ 6072 Comment: "foobar barfoo", 6073 Conditions: []string{ 6074 "exact match roles foobar", 6075 "exact match org nyc", 6076 }, 6077 Action: `allow stop counter`, 6078 }, input: map[string]interface{}{ 6079 "name": "John Smith", 6080 }, 6081 emptyFields: true, 6082 want: map[string]interface{}{ 6083 "verdict": getRuleVerdictName(ruleVerdictContinue), 6084 "empty_fields": true, 6085 "rule_type": "*acl.aclRuleAllowWithCounterMatchAllStop", 6086 }, 6087 }, {name: "allow all and stop processing with counter and without logging with allow stop verdict", 6088 config: &RuleConfiguration{ 6089 Comment: "foobar barfoo", 6090 Conditions: []string{ 6091 "exact match roles foobar", 6092 "exact match org nyc", 6093 }, 6094 Action: `allow stop counter`, 6095 }, input: map[string]interface{}{ 6096 "roles": []string{"foobar"}, 6097 "org": []string{"nyc"}, 6098 }, 6099 want: map[string]interface{}{ 6100 "verdict": getRuleVerdictName(ruleVerdictAllowStop), 6101 "rule_type": "*acl.aclRuleAllowWithCounterMatchAllStop", 6102 }, 6103 }, {name: "allow and stop processing with counter and without logging with continue verdict", 6104 config: &RuleConfiguration{ 6105 Comment: "foobar barfoo", 6106 Conditions: []string{"exact match roles foobar"}, 6107 Action: `allow stop counter`, 6108 }, input: map[string]interface{}{ 6109 "name": "John Smith", 6110 "roles": []string{"barfoo"}, 6111 }, 6112 want: map[string]interface{}{ 6113 "verdict": getRuleVerdictName(ruleVerdictContinue), 6114 "rule_type": "*acl.aclRuleAllowWithCounterStop", 6115 }, 6116 }, {name: "allow and stop processing with counter and without logging with continue verdict 1", 6117 config: &RuleConfiguration{ 6118 Comment: "foobar barfoo", 6119 Conditions: []string{"exact match roles foobar"}, 6120 Action: `allow stop counter`, 6121 }, input: map[string]interface{}{ 6122 "name": "John Smith", 6123 }, 6124 want: map[string]interface{}{ 6125 "verdict": getRuleVerdictName(ruleVerdictContinue), 6126 "rule_type": "*acl.aclRuleAllowWithCounterStop", 6127 }, 6128 }, {name: "allow and stop processing with counter and without logging with continue verdict 2", 6129 config: &RuleConfiguration{ 6130 Comment: "foobar barfoo", 6131 Conditions: []string{"exact match roles foobar"}, 6132 Action: `allow stop counter`, 6133 }, input: map[string]interface{}{ 6134 "name": "John Smith", 6135 "roles": []string{"barfoo"}, 6136 }, 6137 emptyFields: true, 6138 want: map[string]interface{}{ 6139 "verdict": getRuleVerdictName(ruleVerdictContinue), 6140 "empty_fields": true, 6141 "rule_type": "*acl.aclRuleAllowWithCounterStop", 6142 }, 6143 }, {name: "allow and stop processing with counter and without logging with continue verdict 3", 6144 config: &RuleConfiguration{ 6145 Comment: "foobar barfoo", 6146 Conditions: []string{"exact match roles foobar"}, 6147 Action: `allow stop counter`, 6148 }, input: map[string]interface{}{ 6149 "name": "John Smith", 6150 }, 6151 emptyFields: true, 6152 want: map[string]interface{}{ 6153 "verdict": getRuleVerdictName(ruleVerdictContinue), 6154 "empty_fields": true, 6155 "rule_type": "*acl.aclRuleAllowWithCounterStop", 6156 }, 6157 }, {name: "allow and stop processing with counter and without logging with allow stop verdict", 6158 config: &RuleConfiguration{ 6159 Comment: "foobar barfoo", 6160 Conditions: []string{"exact match roles foobar"}, 6161 Action: `allow stop counter`, 6162 }, input: map[string]interface{}{ 6163 "roles": []string{"foobar"}, 6164 "org": []string{"nyc"}, 6165 }, 6166 want: map[string]interface{}{ 6167 "verdict": getRuleVerdictName(ruleVerdictAllowStop), 6168 "rule_type": "*acl.aclRuleAllowWithCounterStop", 6169 }, 6170 }, {name: "allow any with counter and without logging with continue verdict", 6171 config: &RuleConfiguration{ 6172 Comment: "foobar barfoo", 6173 Conditions: []string{ 6174 "exact match roles foobar", 6175 "exact match org nyc", 6176 }, 6177 Action: `allow any counter`, 6178 }, input: map[string]interface{}{ 6179 "name": "John Smith", 6180 "roles": []string{"barfoo"}, 6181 }, 6182 want: map[string]interface{}{ 6183 "verdict": getRuleVerdictName(ruleVerdictContinue), 6184 "rule_type": "*acl.aclRuleAllowWithCounterMatchAny", 6185 }, 6186 }, {name: "allow any with counter and without logging with continue verdict 1", 6187 config: &RuleConfiguration{ 6188 Comment: "foobar barfoo", 6189 Conditions: []string{ 6190 "exact match roles foobar", 6191 "exact match org nyc", 6192 }, 6193 Action: `allow any counter`, 6194 }, input: map[string]interface{}{ 6195 "name": "John Smith", 6196 }, 6197 want: map[string]interface{}{ 6198 "verdict": getRuleVerdictName(ruleVerdictContinue), 6199 "rule_type": "*acl.aclRuleAllowWithCounterMatchAny", 6200 }, 6201 }, {name: "allow any with counter and without logging with continue verdict 2", 6202 config: &RuleConfiguration{ 6203 Comment: "foobar barfoo", 6204 Conditions: []string{ 6205 "exact match roles foobar", 6206 "exact match org nyc", 6207 }, 6208 Action: `allow any counter`, 6209 }, input: map[string]interface{}{ 6210 "name": "John Smith", 6211 "roles": []string{"barfoo"}, 6212 }, 6213 emptyFields: true, 6214 want: map[string]interface{}{ 6215 "verdict": getRuleVerdictName(ruleVerdictContinue), 6216 "empty_fields": true, 6217 "rule_type": "*acl.aclRuleAllowWithCounterMatchAny", 6218 }, 6219 }, {name: "allow any with counter and without logging with continue verdict 3", 6220 config: &RuleConfiguration{ 6221 Comment: "foobar barfoo", 6222 Conditions: []string{ 6223 "exact match roles foobar", 6224 "exact match org nyc", 6225 }, 6226 Action: `allow any counter`, 6227 }, input: map[string]interface{}{ 6228 "name": "John Smith", 6229 }, 6230 emptyFields: true, 6231 want: map[string]interface{}{ 6232 "verdict": getRuleVerdictName(ruleVerdictContinue), 6233 "empty_fields": true, 6234 "rule_type": "*acl.aclRuleAllowWithCounterMatchAny", 6235 }, 6236 }, {name: "allow any with counter and without logging with allow verdict", 6237 config: &RuleConfiguration{ 6238 Comment: "foobar barfoo", 6239 Conditions: []string{ 6240 "exact match roles foobar", 6241 "exact match org nyc", 6242 }, 6243 Action: `allow any counter`, 6244 }, input: map[string]interface{}{ 6245 "roles": []string{"foobar"}, 6246 "org": []string{"nyc"}, 6247 }, 6248 want: map[string]interface{}{ 6249 "verdict": getRuleVerdictName(ruleVerdictAllow), 6250 "rule_type": "*acl.aclRuleAllowWithCounterMatchAny", 6251 }, 6252 }, {name: "allow all with counter and without logging with continue verdict", 6253 config: &RuleConfiguration{ 6254 Comment: "foobar barfoo", 6255 Conditions: []string{ 6256 "exact match roles foobar", 6257 "exact match org nyc", 6258 }, 6259 Action: `allow counter`, 6260 }, input: map[string]interface{}{ 6261 "name": "John Smith", 6262 "roles": []string{"barfoo"}, 6263 }, 6264 want: map[string]interface{}{ 6265 "verdict": getRuleVerdictName(ruleVerdictContinue), 6266 "rule_type": "*acl.aclRuleAllowWithCounterMatchAll", 6267 }, 6268 }, {name: "allow all with counter and without logging with continue verdict 1", 6269 config: &RuleConfiguration{ 6270 Comment: "foobar barfoo", 6271 Conditions: []string{ 6272 "exact match roles foobar", 6273 "exact match org nyc", 6274 }, 6275 Action: `allow counter`, 6276 }, input: map[string]interface{}{ 6277 "name": "John Smith", 6278 }, 6279 want: map[string]interface{}{ 6280 "verdict": getRuleVerdictName(ruleVerdictContinue), 6281 "rule_type": "*acl.aclRuleAllowWithCounterMatchAll", 6282 }, 6283 }, {name: "allow all with counter and without logging with continue verdict 2", 6284 config: &RuleConfiguration{ 6285 Comment: "foobar barfoo", 6286 Conditions: []string{ 6287 "exact match roles foobar", 6288 "exact match org nyc", 6289 }, 6290 Action: `allow counter`, 6291 }, input: map[string]interface{}{ 6292 "name": "John Smith", 6293 "roles": []string{"barfoo"}, 6294 }, 6295 emptyFields: true, 6296 want: map[string]interface{}{ 6297 "verdict": getRuleVerdictName(ruleVerdictContinue), 6298 "empty_fields": true, 6299 "rule_type": "*acl.aclRuleAllowWithCounterMatchAll", 6300 }, 6301 }, {name: "allow all with counter and without logging with continue verdict 3", 6302 config: &RuleConfiguration{ 6303 Comment: "foobar barfoo", 6304 Conditions: []string{ 6305 "exact match roles foobar", 6306 "exact match org nyc", 6307 }, 6308 Action: `allow counter`, 6309 }, input: map[string]interface{}{ 6310 "name": "John Smith", 6311 }, 6312 emptyFields: true, 6313 want: map[string]interface{}{ 6314 "verdict": getRuleVerdictName(ruleVerdictContinue), 6315 "empty_fields": true, 6316 "rule_type": "*acl.aclRuleAllowWithCounterMatchAll", 6317 }, 6318 }, {name: "allow all with counter and without logging with allow verdict", 6319 config: &RuleConfiguration{ 6320 Comment: "foobar barfoo", 6321 Conditions: []string{ 6322 "exact match roles foobar", 6323 "exact match org nyc", 6324 }, 6325 Action: `allow counter`, 6326 }, input: map[string]interface{}{ 6327 "roles": []string{"foobar"}, 6328 "org": []string{"nyc"}, 6329 }, 6330 want: map[string]interface{}{ 6331 "verdict": getRuleVerdictName(ruleVerdictAllow), 6332 "rule_type": "*acl.aclRuleAllowWithCounterMatchAll", 6333 }, 6334 }, {name: "allow with counter and without logging with continue verdict", 6335 config: &RuleConfiguration{ 6336 Comment: "foobar barfoo", 6337 Conditions: []string{"exact match roles foobar"}, 6338 Action: `allow counter`, 6339 }, input: map[string]interface{}{ 6340 "name": "John Smith", 6341 "roles": []string{"barfoo"}, 6342 }, 6343 want: map[string]interface{}{ 6344 "verdict": getRuleVerdictName(ruleVerdictContinue), 6345 "rule_type": "*acl.aclRuleAllowWithCounter", 6346 }, 6347 }, {name: "allow with counter and without logging with continue verdict 1", 6348 config: &RuleConfiguration{ 6349 Comment: "foobar barfoo", 6350 Conditions: []string{"exact match roles foobar"}, 6351 Action: `allow counter`, 6352 }, input: map[string]interface{}{ 6353 "name": "John Smith", 6354 }, 6355 want: map[string]interface{}{ 6356 "verdict": getRuleVerdictName(ruleVerdictContinue), 6357 "rule_type": "*acl.aclRuleAllowWithCounter", 6358 }, 6359 }, {name: "allow with counter and without logging with continue verdict 2", 6360 config: &RuleConfiguration{ 6361 Comment: "foobar barfoo", 6362 Conditions: []string{"exact match roles foobar"}, 6363 Action: `allow counter`, 6364 }, input: map[string]interface{}{ 6365 "name": "John Smith", 6366 "roles": []string{"barfoo"}, 6367 }, 6368 emptyFields: true, 6369 want: map[string]interface{}{ 6370 "verdict": getRuleVerdictName(ruleVerdictContinue), 6371 "empty_fields": true, 6372 "rule_type": "*acl.aclRuleAllowWithCounter", 6373 }, 6374 }, {name: "allow with counter and without logging with continue verdict 3", 6375 config: &RuleConfiguration{ 6376 Comment: "foobar barfoo", 6377 Conditions: []string{"exact match roles foobar"}, 6378 Action: `allow counter`, 6379 }, input: map[string]interface{}{ 6380 "name": "John Smith", 6381 }, 6382 emptyFields: true, 6383 want: map[string]interface{}{ 6384 "verdict": getRuleVerdictName(ruleVerdictContinue), 6385 "empty_fields": true, 6386 "rule_type": "*acl.aclRuleAllowWithCounter", 6387 }, 6388 }, {name: "allow with counter and without logging with allow verdict", 6389 config: &RuleConfiguration{ 6390 Comment: "foobar barfoo", 6391 Conditions: []string{"exact match roles foobar"}, 6392 Action: `allow counter`, 6393 }, input: map[string]interface{}{ 6394 "roles": []string{"foobar"}, 6395 "org": []string{"nyc"}, 6396 }, 6397 want: map[string]interface{}{ 6398 "verdict": getRuleVerdictName(ruleVerdictAllow), 6399 "rule_type": "*acl.aclRuleAllowWithCounter", 6400 }, 6401 }, {name: "allow any and stop processing with debug logging and with counter with continue verdict", 6402 config: &RuleConfiguration{ 6403 Comment: "foobar barfoo", 6404 Conditions: []string{ 6405 "exact match roles foobar", 6406 "exact match org nyc", 6407 }, 6408 Action: `allow any stop counter log debug`, 6409 }, input: map[string]interface{}{ 6410 "name": "John Smith", 6411 "roles": []string{"barfoo"}, 6412 }, 6413 want: map[string]interface{}{ 6414 "verdict": getRuleVerdictName(ruleVerdictContinue), 6415 "rule_type": "*acl.aclRuleAllowWithDebugLoggerCounterMatchAnyStop", 6416 }, 6417 }, {name: "allow any and stop processing with debug logging and with counter with continue verdict 1", 6418 config: &RuleConfiguration{ 6419 Comment: "foobar barfoo", 6420 Conditions: []string{ 6421 "exact match roles foobar", 6422 "exact match org nyc", 6423 }, 6424 Action: `allow any stop counter log debug`, 6425 }, input: map[string]interface{}{ 6426 "name": "John Smith", 6427 }, 6428 want: map[string]interface{}{ 6429 "verdict": getRuleVerdictName(ruleVerdictContinue), 6430 "rule_type": "*acl.aclRuleAllowWithDebugLoggerCounterMatchAnyStop", 6431 }, 6432 }, {name: "allow any and stop processing with debug logging and with counter with continue verdict 2", 6433 config: &RuleConfiguration{ 6434 Comment: "foobar barfoo", 6435 Conditions: []string{ 6436 "exact match roles foobar", 6437 "exact match org nyc", 6438 }, 6439 Action: `allow any stop counter log debug`, 6440 }, input: map[string]interface{}{ 6441 "name": "John Smith", 6442 "roles": []string{"barfoo"}, 6443 }, 6444 emptyFields: true, 6445 want: map[string]interface{}{ 6446 "verdict": getRuleVerdictName(ruleVerdictContinue), 6447 "empty_fields": true, 6448 "rule_type": "*acl.aclRuleAllowWithDebugLoggerCounterMatchAnyStop", 6449 }, 6450 }, {name: "allow any and stop processing with debug logging and with counter with continue verdict 3", 6451 config: &RuleConfiguration{ 6452 Comment: "foobar barfoo", 6453 Conditions: []string{ 6454 "exact match roles foobar", 6455 "exact match org nyc", 6456 }, 6457 Action: `allow any stop counter log debug`, 6458 }, input: map[string]interface{}{ 6459 "name": "John Smith", 6460 }, 6461 emptyFields: true, 6462 want: map[string]interface{}{ 6463 "verdict": getRuleVerdictName(ruleVerdictContinue), 6464 "empty_fields": true, 6465 "rule_type": "*acl.aclRuleAllowWithDebugLoggerCounterMatchAnyStop", 6466 }, 6467 }, {name: "allow any and stop processing with debug logging and with counter with allow stop verdict", 6468 config: &RuleConfiguration{ 6469 Comment: "foobar barfoo", 6470 Conditions: []string{ 6471 "exact match roles foobar", 6472 "exact match org nyc", 6473 }, 6474 Action: `allow any stop counter log debug`, 6475 }, input: map[string]interface{}{ 6476 "roles": []string{"foobar"}, 6477 "org": []string{"nyc"}, 6478 }, 6479 want: map[string]interface{}{ 6480 "verdict": getRuleVerdictName(ruleVerdictAllowStop), 6481 "rule_type": "*acl.aclRuleAllowWithDebugLoggerCounterMatchAnyStop", 6482 }, 6483 }, {name: "allow any and stop processing with info logging and with counter with continue verdict", 6484 config: &RuleConfiguration{ 6485 Comment: "foobar barfoo", 6486 Conditions: []string{ 6487 "exact match roles foobar", 6488 "exact match org nyc", 6489 }, 6490 Action: `allow any stop counter log info`, 6491 }, input: map[string]interface{}{ 6492 "name": "John Smith", 6493 "roles": []string{"barfoo"}, 6494 }, 6495 want: map[string]interface{}{ 6496 "verdict": getRuleVerdictName(ruleVerdictContinue), 6497 "rule_type": "*acl.aclRuleAllowWithInfoLoggerCounterMatchAnyStop", 6498 }, 6499 }, {name: "allow any and stop processing with info logging and with counter with continue verdict 1", 6500 config: &RuleConfiguration{ 6501 Comment: "foobar barfoo", 6502 Conditions: []string{ 6503 "exact match roles foobar", 6504 "exact match org nyc", 6505 }, 6506 Action: `allow any stop counter log info`, 6507 }, input: map[string]interface{}{ 6508 "name": "John Smith", 6509 }, 6510 want: map[string]interface{}{ 6511 "verdict": getRuleVerdictName(ruleVerdictContinue), 6512 "rule_type": "*acl.aclRuleAllowWithInfoLoggerCounterMatchAnyStop", 6513 }, 6514 }, {name: "allow any and stop processing with info logging and with counter with continue verdict 2", 6515 config: &RuleConfiguration{ 6516 Comment: "foobar barfoo", 6517 Conditions: []string{ 6518 "exact match roles foobar", 6519 "exact match org nyc", 6520 }, 6521 Action: `allow any stop counter log info`, 6522 }, input: map[string]interface{}{ 6523 "name": "John Smith", 6524 "roles": []string{"barfoo"}, 6525 }, 6526 emptyFields: true, 6527 want: map[string]interface{}{ 6528 "verdict": getRuleVerdictName(ruleVerdictContinue), 6529 "empty_fields": true, 6530 "rule_type": "*acl.aclRuleAllowWithInfoLoggerCounterMatchAnyStop", 6531 }, 6532 }, {name: "allow any and stop processing with info logging and with counter with continue verdict 3", 6533 config: &RuleConfiguration{ 6534 Comment: "foobar barfoo", 6535 Conditions: []string{ 6536 "exact match roles foobar", 6537 "exact match org nyc", 6538 }, 6539 Action: `allow any stop counter log info`, 6540 }, input: map[string]interface{}{ 6541 "name": "John Smith", 6542 }, 6543 emptyFields: true, 6544 want: map[string]interface{}{ 6545 "verdict": getRuleVerdictName(ruleVerdictContinue), 6546 "empty_fields": true, 6547 "rule_type": "*acl.aclRuleAllowWithInfoLoggerCounterMatchAnyStop", 6548 }, 6549 }, {name: "allow any and stop processing with info logging and with counter with allow stop verdict", 6550 config: &RuleConfiguration{ 6551 Comment: "foobar barfoo", 6552 Conditions: []string{ 6553 "exact match roles foobar", 6554 "exact match org nyc", 6555 }, 6556 Action: `allow any stop counter log info`, 6557 }, input: map[string]interface{}{ 6558 "roles": []string{"foobar"}, 6559 "org": []string{"nyc"}, 6560 }, 6561 want: map[string]interface{}{ 6562 "verdict": getRuleVerdictName(ruleVerdictAllowStop), 6563 "rule_type": "*acl.aclRuleAllowWithInfoLoggerCounterMatchAnyStop", 6564 }, 6565 }, {name: "allow any and stop processing with warn logging and with counter with continue verdict", 6566 config: &RuleConfiguration{ 6567 Comment: "foobar barfoo", 6568 Conditions: []string{ 6569 "exact match roles foobar", 6570 "exact match org nyc", 6571 }, 6572 Action: `allow any stop counter log warn`, 6573 }, input: map[string]interface{}{ 6574 "name": "John Smith", 6575 "roles": []string{"barfoo"}, 6576 }, 6577 want: map[string]interface{}{ 6578 "verdict": getRuleVerdictName(ruleVerdictContinue), 6579 "rule_type": "*acl.aclRuleAllowWithWarnLoggerCounterMatchAnyStop", 6580 }, 6581 }, {name: "allow any and stop processing with warn logging and with counter with continue verdict 1", 6582 config: &RuleConfiguration{ 6583 Comment: "foobar barfoo", 6584 Conditions: []string{ 6585 "exact match roles foobar", 6586 "exact match org nyc", 6587 }, 6588 Action: `allow any stop counter log warn`, 6589 }, input: map[string]interface{}{ 6590 "name": "John Smith", 6591 }, 6592 want: map[string]interface{}{ 6593 "verdict": getRuleVerdictName(ruleVerdictContinue), 6594 "rule_type": "*acl.aclRuleAllowWithWarnLoggerCounterMatchAnyStop", 6595 }, 6596 }, {name: "allow any and stop processing with warn logging and with counter with continue verdict 2", 6597 config: &RuleConfiguration{ 6598 Comment: "foobar barfoo", 6599 Conditions: []string{ 6600 "exact match roles foobar", 6601 "exact match org nyc", 6602 }, 6603 Action: `allow any stop counter log warn`, 6604 }, input: map[string]interface{}{ 6605 "name": "John Smith", 6606 "roles": []string{"barfoo"}, 6607 }, 6608 emptyFields: true, 6609 want: map[string]interface{}{ 6610 "verdict": getRuleVerdictName(ruleVerdictContinue), 6611 "empty_fields": true, 6612 "rule_type": "*acl.aclRuleAllowWithWarnLoggerCounterMatchAnyStop", 6613 }, 6614 }, {name: "allow any and stop processing with warn logging and with counter with continue verdict 3", 6615 config: &RuleConfiguration{ 6616 Comment: "foobar barfoo", 6617 Conditions: []string{ 6618 "exact match roles foobar", 6619 "exact match org nyc", 6620 }, 6621 Action: `allow any stop counter log warn`, 6622 }, input: map[string]interface{}{ 6623 "name": "John Smith", 6624 }, 6625 emptyFields: true, 6626 want: map[string]interface{}{ 6627 "verdict": getRuleVerdictName(ruleVerdictContinue), 6628 "empty_fields": true, 6629 "rule_type": "*acl.aclRuleAllowWithWarnLoggerCounterMatchAnyStop", 6630 }, 6631 }, {name: "allow any and stop processing with warn logging and with counter with allow stop verdict", 6632 config: &RuleConfiguration{ 6633 Comment: "foobar barfoo", 6634 Conditions: []string{ 6635 "exact match roles foobar", 6636 "exact match org nyc", 6637 }, 6638 Action: `allow any stop counter log warn`, 6639 }, input: map[string]interface{}{ 6640 "roles": []string{"foobar"}, 6641 "org": []string{"nyc"}, 6642 }, 6643 want: map[string]interface{}{ 6644 "verdict": getRuleVerdictName(ruleVerdictAllowStop), 6645 "rule_type": "*acl.aclRuleAllowWithWarnLoggerCounterMatchAnyStop", 6646 }, 6647 }, {name: "allow any and stop processing with error logging and with counter with continue verdict", 6648 config: &RuleConfiguration{ 6649 Comment: "foobar barfoo", 6650 Conditions: []string{ 6651 "exact match roles foobar", 6652 "exact match org nyc", 6653 }, 6654 Action: `allow any stop counter log error`, 6655 }, input: map[string]interface{}{ 6656 "name": "John Smith", 6657 "roles": []string{"barfoo"}, 6658 }, 6659 want: map[string]interface{}{ 6660 "verdict": getRuleVerdictName(ruleVerdictContinue), 6661 "rule_type": "*acl.aclRuleAllowWithErrorLoggerCounterMatchAnyStop", 6662 }, 6663 }, {name: "allow any and stop processing with error logging and with counter with continue verdict 1", 6664 config: &RuleConfiguration{ 6665 Comment: "foobar barfoo", 6666 Conditions: []string{ 6667 "exact match roles foobar", 6668 "exact match org nyc", 6669 }, 6670 Action: `allow any stop counter log error`, 6671 }, input: map[string]interface{}{ 6672 "name": "John Smith", 6673 }, 6674 want: map[string]interface{}{ 6675 "verdict": getRuleVerdictName(ruleVerdictContinue), 6676 "rule_type": "*acl.aclRuleAllowWithErrorLoggerCounterMatchAnyStop", 6677 }, 6678 }, {name: "allow any and stop processing with error logging and with counter with continue verdict 2", 6679 config: &RuleConfiguration{ 6680 Comment: "foobar barfoo", 6681 Conditions: []string{ 6682 "exact match roles foobar", 6683 "exact match org nyc", 6684 }, 6685 Action: `allow any stop counter log error`, 6686 }, input: map[string]interface{}{ 6687 "name": "John Smith", 6688 "roles": []string{"barfoo"}, 6689 }, 6690 emptyFields: true, 6691 want: map[string]interface{}{ 6692 "verdict": getRuleVerdictName(ruleVerdictContinue), 6693 "empty_fields": true, 6694 "rule_type": "*acl.aclRuleAllowWithErrorLoggerCounterMatchAnyStop", 6695 }, 6696 }, {name: "allow any and stop processing with error logging and with counter with continue verdict 3", 6697 config: &RuleConfiguration{ 6698 Comment: "foobar barfoo", 6699 Conditions: []string{ 6700 "exact match roles foobar", 6701 "exact match org nyc", 6702 }, 6703 Action: `allow any stop counter log error`, 6704 }, input: map[string]interface{}{ 6705 "name": "John Smith", 6706 }, 6707 emptyFields: true, 6708 want: map[string]interface{}{ 6709 "verdict": getRuleVerdictName(ruleVerdictContinue), 6710 "empty_fields": true, 6711 "rule_type": "*acl.aclRuleAllowWithErrorLoggerCounterMatchAnyStop", 6712 }, 6713 }, {name: "allow any and stop processing with error logging and with counter with allow stop verdict", 6714 config: &RuleConfiguration{ 6715 Comment: "foobar barfoo", 6716 Conditions: []string{ 6717 "exact match roles foobar", 6718 "exact match org nyc", 6719 }, 6720 Action: `allow any stop counter log error`, 6721 }, input: map[string]interface{}{ 6722 "roles": []string{"foobar"}, 6723 "org": []string{"nyc"}, 6724 }, 6725 want: map[string]interface{}{ 6726 "verdict": getRuleVerdictName(ruleVerdictAllowStop), 6727 "rule_type": "*acl.aclRuleAllowWithErrorLoggerCounterMatchAnyStop", 6728 }, 6729 }, {name: "allow all and stop processing with debug logging and with counter with continue verdict", 6730 config: &RuleConfiguration{ 6731 Comment: "foobar barfoo", 6732 Conditions: []string{ 6733 "exact match roles foobar", 6734 "exact match org nyc", 6735 }, 6736 Action: `allow stop counter log debug`, 6737 }, input: map[string]interface{}{ 6738 "name": "John Smith", 6739 "roles": []string{"barfoo"}, 6740 }, 6741 want: map[string]interface{}{ 6742 "verdict": getRuleVerdictName(ruleVerdictContinue), 6743 "rule_type": "*acl.aclRuleAllowWithDebugLoggerCounterMatchAllStop", 6744 }, 6745 }, {name: "allow all and stop processing with debug logging and with counter with continue verdict 1", 6746 config: &RuleConfiguration{ 6747 Comment: "foobar barfoo", 6748 Conditions: []string{ 6749 "exact match roles foobar", 6750 "exact match org nyc", 6751 }, 6752 Action: `allow stop counter log debug`, 6753 }, input: map[string]interface{}{ 6754 "name": "John Smith", 6755 }, 6756 want: map[string]interface{}{ 6757 "verdict": getRuleVerdictName(ruleVerdictContinue), 6758 "rule_type": "*acl.aclRuleAllowWithDebugLoggerCounterMatchAllStop", 6759 }, 6760 }, {name: "allow all and stop processing with debug logging and with counter with continue verdict 2", 6761 config: &RuleConfiguration{ 6762 Comment: "foobar barfoo", 6763 Conditions: []string{ 6764 "exact match roles foobar", 6765 "exact match org nyc", 6766 }, 6767 Action: `allow stop counter log debug`, 6768 }, input: map[string]interface{}{ 6769 "name": "John Smith", 6770 "roles": []string{"barfoo"}, 6771 }, 6772 emptyFields: true, 6773 want: map[string]interface{}{ 6774 "verdict": getRuleVerdictName(ruleVerdictContinue), 6775 "empty_fields": true, 6776 "rule_type": "*acl.aclRuleAllowWithDebugLoggerCounterMatchAllStop", 6777 }, 6778 }, {name: "allow all and stop processing with debug logging and with counter with continue verdict 3", 6779 config: &RuleConfiguration{ 6780 Comment: "foobar barfoo", 6781 Conditions: []string{ 6782 "exact match roles foobar", 6783 "exact match org nyc", 6784 }, 6785 Action: `allow stop counter log debug`, 6786 }, input: map[string]interface{}{ 6787 "name": "John Smith", 6788 }, 6789 emptyFields: true, 6790 want: map[string]interface{}{ 6791 "verdict": getRuleVerdictName(ruleVerdictContinue), 6792 "empty_fields": true, 6793 "rule_type": "*acl.aclRuleAllowWithDebugLoggerCounterMatchAllStop", 6794 }, 6795 }, {name: "allow all and stop processing with debug logging and with counter with allow stop verdict", 6796 config: &RuleConfiguration{ 6797 Comment: "foobar barfoo", 6798 Conditions: []string{ 6799 "exact match roles foobar", 6800 "exact match org nyc", 6801 }, 6802 Action: `allow stop counter log debug`, 6803 }, input: map[string]interface{}{ 6804 "roles": []string{"foobar"}, 6805 "org": []string{"nyc"}, 6806 }, 6807 want: map[string]interface{}{ 6808 "verdict": getRuleVerdictName(ruleVerdictAllowStop), 6809 "rule_type": "*acl.aclRuleAllowWithDebugLoggerCounterMatchAllStop", 6810 }, 6811 }, {name: "allow all and stop processing with info logging and with counter with continue verdict", 6812 config: &RuleConfiguration{ 6813 Comment: "foobar barfoo", 6814 Conditions: []string{ 6815 "exact match roles foobar", 6816 "exact match org nyc", 6817 }, 6818 Action: `allow stop counter log info`, 6819 }, input: map[string]interface{}{ 6820 "name": "John Smith", 6821 "roles": []string{"barfoo"}, 6822 }, 6823 want: map[string]interface{}{ 6824 "verdict": getRuleVerdictName(ruleVerdictContinue), 6825 "rule_type": "*acl.aclRuleAllowWithInfoLoggerCounterMatchAllStop", 6826 }, 6827 }, {name: "allow all and stop processing with info logging and with counter with continue verdict 1", 6828 config: &RuleConfiguration{ 6829 Comment: "foobar barfoo", 6830 Conditions: []string{ 6831 "exact match roles foobar", 6832 "exact match org nyc", 6833 }, 6834 Action: `allow stop counter log info`, 6835 }, input: map[string]interface{}{ 6836 "name": "John Smith", 6837 }, 6838 want: map[string]interface{}{ 6839 "verdict": getRuleVerdictName(ruleVerdictContinue), 6840 "rule_type": "*acl.aclRuleAllowWithInfoLoggerCounterMatchAllStop", 6841 }, 6842 }, {name: "allow all and stop processing with info logging and with counter with continue verdict 2", 6843 config: &RuleConfiguration{ 6844 Comment: "foobar barfoo", 6845 Conditions: []string{ 6846 "exact match roles foobar", 6847 "exact match org nyc", 6848 }, 6849 Action: `allow stop counter log info`, 6850 }, input: map[string]interface{}{ 6851 "name": "John Smith", 6852 "roles": []string{"barfoo"}, 6853 }, 6854 emptyFields: true, 6855 want: map[string]interface{}{ 6856 "verdict": getRuleVerdictName(ruleVerdictContinue), 6857 "empty_fields": true, 6858 "rule_type": "*acl.aclRuleAllowWithInfoLoggerCounterMatchAllStop", 6859 }, 6860 }, {name: "allow all and stop processing with info logging and with counter with continue verdict 3", 6861 config: &RuleConfiguration{ 6862 Comment: "foobar barfoo", 6863 Conditions: []string{ 6864 "exact match roles foobar", 6865 "exact match org nyc", 6866 }, 6867 Action: `allow stop counter log info`, 6868 }, input: map[string]interface{}{ 6869 "name": "John Smith", 6870 }, 6871 emptyFields: true, 6872 want: map[string]interface{}{ 6873 "verdict": getRuleVerdictName(ruleVerdictContinue), 6874 "empty_fields": true, 6875 "rule_type": "*acl.aclRuleAllowWithInfoLoggerCounterMatchAllStop", 6876 }, 6877 }, {name: "allow all and stop processing with info logging and with counter with allow stop verdict", 6878 config: &RuleConfiguration{ 6879 Comment: "foobar barfoo", 6880 Conditions: []string{ 6881 "exact match roles foobar", 6882 "exact match org nyc", 6883 }, 6884 Action: `allow stop counter log info`, 6885 }, input: map[string]interface{}{ 6886 "roles": []string{"foobar"}, 6887 "org": []string{"nyc"}, 6888 }, 6889 want: map[string]interface{}{ 6890 "verdict": getRuleVerdictName(ruleVerdictAllowStop), 6891 "rule_type": "*acl.aclRuleAllowWithInfoLoggerCounterMatchAllStop", 6892 }, 6893 }, {name: "allow all and stop processing with warn logging and with counter with continue verdict", 6894 config: &RuleConfiguration{ 6895 Comment: "foobar barfoo", 6896 Conditions: []string{ 6897 "exact match roles foobar", 6898 "exact match org nyc", 6899 }, 6900 Action: `allow stop counter log warn`, 6901 }, input: map[string]interface{}{ 6902 "name": "John Smith", 6903 "roles": []string{"barfoo"}, 6904 }, 6905 want: map[string]interface{}{ 6906 "verdict": getRuleVerdictName(ruleVerdictContinue), 6907 "rule_type": "*acl.aclRuleAllowWithWarnLoggerCounterMatchAllStop", 6908 }, 6909 }, {name: "allow all and stop processing with warn logging and with counter with continue verdict 1", 6910 config: &RuleConfiguration{ 6911 Comment: "foobar barfoo", 6912 Conditions: []string{ 6913 "exact match roles foobar", 6914 "exact match org nyc", 6915 }, 6916 Action: `allow stop counter log warn`, 6917 }, input: map[string]interface{}{ 6918 "name": "John Smith", 6919 }, 6920 want: map[string]interface{}{ 6921 "verdict": getRuleVerdictName(ruleVerdictContinue), 6922 "rule_type": "*acl.aclRuleAllowWithWarnLoggerCounterMatchAllStop", 6923 }, 6924 }, {name: "allow all and stop processing with warn logging and with counter with continue verdict 2", 6925 config: &RuleConfiguration{ 6926 Comment: "foobar barfoo", 6927 Conditions: []string{ 6928 "exact match roles foobar", 6929 "exact match org nyc", 6930 }, 6931 Action: `allow stop counter log warn`, 6932 }, input: map[string]interface{}{ 6933 "name": "John Smith", 6934 "roles": []string{"barfoo"}, 6935 }, 6936 emptyFields: true, 6937 want: map[string]interface{}{ 6938 "verdict": getRuleVerdictName(ruleVerdictContinue), 6939 "empty_fields": true, 6940 "rule_type": "*acl.aclRuleAllowWithWarnLoggerCounterMatchAllStop", 6941 }, 6942 }, {name: "allow all and stop processing with warn logging and with counter with continue verdict 3", 6943 config: &RuleConfiguration{ 6944 Comment: "foobar barfoo", 6945 Conditions: []string{ 6946 "exact match roles foobar", 6947 "exact match org nyc", 6948 }, 6949 Action: `allow stop counter log warn`, 6950 }, input: map[string]interface{}{ 6951 "name": "John Smith", 6952 }, 6953 emptyFields: true, 6954 want: map[string]interface{}{ 6955 "verdict": getRuleVerdictName(ruleVerdictContinue), 6956 "empty_fields": true, 6957 "rule_type": "*acl.aclRuleAllowWithWarnLoggerCounterMatchAllStop", 6958 }, 6959 }, {name: "allow all and stop processing with warn logging and with counter with allow stop verdict", 6960 config: &RuleConfiguration{ 6961 Comment: "foobar barfoo", 6962 Conditions: []string{ 6963 "exact match roles foobar", 6964 "exact match org nyc", 6965 }, 6966 Action: `allow stop counter log warn`, 6967 }, input: map[string]interface{}{ 6968 "roles": []string{"foobar"}, 6969 "org": []string{"nyc"}, 6970 }, 6971 want: map[string]interface{}{ 6972 "verdict": getRuleVerdictName(ruleVerdictAllowStop), 6973 "rule_type": "*acl.aclRuleAllowWithWarnLoggerCounterMatchAllStop", 6974 }, 6975 }, {name: "allow all and stop processing with error logging and with counter with continue verdict", 6976 config: &RuleConfiguration{ 6977 Comment: "foobar barfoo", 6978 Conditions: []string{ 6979 "exact match roles foobar", 6980 "exact match org nyc", 6981 }, 6982 Action: `allow stop counter log error`, 6983 }, input: map[string]interface{}{ 6984 "name": "John Smith", 6985 "roles": []string{"barfoo"}, 6986 }, 6987 want: map[string]interface{}{ 6988 "verdict": getRuleVerdictName(ruleVerdictContinue), 6989 "rule_type": "*acl.aclRuleAllowWithErrorLoggerCounterMatchAllStop", 6990 }, 6991 }, {name: "allow all and stop processing with error logging and with counter with continue verdict 1", 6992 config: &RuleConfiguration{ 6993 Comment: "foobar barfoo", 6994 Conditions: []string{ 6995 "exact match roles foobar", 6996 "exact match org nyc", 6997 }, 6998 Action: `allow stop counter log error`, 6999 }, input: map[string]interface{}{ 7000 "name": "John Smith", 7001 }, 7002 want: map[string]interface{}{ 7003 "verdict": getRuleVerdictName(ruleVerdictContinue), 7004 "rule_type": "*acl.aclRuleAllowWithErrorLoggerCounterMatchAllStop", 7005 }, 7006 }, {name: "allow all and stop processing with error logging and with counter with continue verdict 2", 7007 config: &RuleConfiguration{ 7008 Comment: "foobar barfoo", 7009 Conditions: []string{ 7010 "exact match roles foobar", 7011 "exact match org nyc", 7012 }, 7013 Action: `allow stop counter log error`, 7014 }, input: map[string]interface{}{ 7015 "name": "John Smith", 7016 "roles": []string{"barfoo"}, 7017 }, 7018 emptyFields: true, 7019 want: map[string]interface{}{ 7020 "verdict": getRuleVerdictName(ruleVerdictContinue), 7021 "empty_fields": true, 7022 "rule_type": "*acl.aclRuleAllowWithErrorLoggerCounterMatchAllStop", 7023 }, 7024 }, {name: "allow all and stop processing with error logging and with counter with continue verdict 3", 7025 config: &RuleConfiguration{ 7026 Comment: "foobar barfoo", 7027 Conditions: []string{ 7028 "exact match roles foobar", 7029 "exact match org nyc", 7030 }, 7031 Action: `allow stop counter log error`, 7032 }, input: map[string]interface{}{ 7033 "name": "John Smith", 7034 }, 7035 emptyFields: true, 7036 want: map[string]interface{}{ 7037 "verdict": getRuleVerdictName(ruleVerdictContinue), 7038 "empty_fields": true, 7039 "rule_type": "*acl.aclRuleAllowWithErrorLoggerCounterMatchAllStop", 7040 }, 7041 }, {name: "allow all and stop processing with error logging and with counter with allow stop verdict", 7042 config: &RuleConfiguration{ 7043 Comment: "foobar barfoo", 7044 Conditions: []string{ 7045 "exact match roles foobar", 7046 "exact match org nyc", 7047 }, 7048 Action: `allow stop counter log error`, 7049 }, input: map[string]interface{}{ 7050 "roles": []string{"foobar"}, 7051 "org": []string{"nyc"}, 7052 }, 7053 want: map[string]interface{}{ 7054 "verdict": getRuleVerdictName(ruleVerdictAllowStop), 7055 "rule_type": "*acl.aclRuleAllowWithErrorLoggerCounterMatchAllStop", 7056 }, 7057 }, {name: "allow and stop processing with debug logging and with counter with continue verdict", 7058 config: &RuleConfiguration{ 7059 Comment: "foobar barfoo", 7060 Conditions: []string{"exact match roles foobar"}, 7061 Action: `allow stop counter log debug`, 7062 }, input: map[string]interface{}{ 7063 "name": "John Smith", 7064 "roles": []string{"barfoo"}, 7065 }, 7066 want: map[string]interface{}{ 7067 "verdict": getRuleVerdictName(ruleVerdictContinue), 7068 "rule_type": "*acl.aclRuleAllowWithDebugLoggerCounterStop", 7069 }, 7070 }, {name: "allow and stop processing with debug logging and with counter with continue verdict 1", 7071 config: &RuleConfiguration{ 7072 Comment: "foobar barfoo", 7073 Conditions: []string{"exact match roles foobar"}, 7074 Action: `allow stop counter log debug`, 7075 }, input: map[string]interface{}{ 7076 "name": "John Smith", 7077 }, 7078 want: map[string]interface{}{ 7079 "verdict": getRuleVerdictName(ruleVerdictContinue), 7080 "rule_type": "*acl.aclRuleAllowWithDebugLoggerCounterStop", 7081 }, 7082 }, {name: "allow and stop processing with debug logging and with counter with continue verdict 2", 7083 config: &RuleConfiguration{ 7084 Comment: "foobar barfoo", 7085 Conditions: []string{"exact match roles foobar"}, 7086 Action: `allow stop counter log debug`, 7087 }, input: map[string]interface{}{ 7088 "name": "John Smith", 7089 "roles": []string{"barfoo"}, 7090 }, 7091 emptyFields: true, 7092 want: map[string]interface{}{ 7093 "verdict": getRuleVerdictName(ruleVerdictContinue), 7094 "empty_fields": true, 7095 "rule_type": "*acl.aclRuleAllowWithDebugLoggerCounterStop", 7096 }, 7097 }, {name: "allow and stop processing with debug logging and with counter with continue verdict 3", 7098 config: &RuleConfiguration{ 7099 Comment: "foobar barfoo", 7100 Conditions: []string{"exact match roles foobar"}, 7101 Action: `allow stop counter log debug`, 7102 }, input: map[string]interface{}{ 7103 "name": "John Smith", 7104 }, 7105 emptyFields: true, 7106 want: map[string]interface{}{ 7107 "verdict": getRuleVerdictName(ruleVerdictContinue), 7108 "empty_fields": true, 7109 "rule_type": "*acl.aclRuleAllowWithDebugLoggerCounterStop", 7110 }, 7111 }, {name: "allow and stop processing with debug logging and with counter with allow stop verdict", 7112 config: &RuleConfiguration{ 7113 Comment: "foobar barfoo", 7114 Conditions: []string{"exact match roles foobar"}, 7115 Action: `allow stop counter log debug`, 7116 }, input: map[string]interface{}{ 7117 "roles": []string{"foobar"}, 7118 "org": []string{"nyc"}, 7119 }, 7120 want: map[string]interface{}{ 7121 "verdict": getRuleVerdictName(ruleVerdictAllowStop), 7122 "rule_type": "*acl.aclRuleAllowWithDebugLoggerCounterStop", 7123 }, 7124 }, {name: "allow and stop processing with info logging and with counter with continue verdict", 7125 config: &RuleConfiguration{ 7126 Comment: "foobar barfoo", 7127 Conditions: []string{"exact match roles foobar"}, 7128 Action: `allow stop counter log info`, 7129 }, input: map[string]interface{}{ 7130 "name": "John Smith", 7131 "roles": []string{"barfoo"}, 7132 }, 7133 want: map[string]interface{}{ 7134 "verdict": getRuleVerdictName(ruleVerdictContinue), 7135 "rule_type": "*acl.aclRuleAllowWithInfoLoggerCounterStop", 7136 }, 7137 }, {name: "allow and stop processing with info logging and with counter with continue verdict 1", 7138 config: &RuleConfiguration{ 7139 Comment: "foobar barfoo", 7140 Conditions: []string{"exact match roles foobar"}, 7141 Action: `allow stop counter log info`, 7142 }, input: map[string]interface{}{ 7143 "name": "John Smith", 7144 }, 7145 want: map[string]interface{}{ 7146 "verdict": getRuleVerdictName(ruleVerdictContinue), 7147 "rule_type": "*acl.aclRuleAllowWithInfoLoggerCounterStop", 7148 }, 7149 }, {name: "allow and stop processing with info logging and with counter with continue verdict 2", 7150 config: &RuleConfiguration{ 7151 Comment: "foobar barfoo", 7152 Conditions: []string{"exact match roles foobar"}, 7153 Action: `allow stop counter log info`, 7154 }, input: map[string]interface{}{ 7155 "name": "John Smith", 7156 "roles": []string{"barfoo"}, 7157 }, 7158 emptyFields: true, 7159 want: map[string]interface{}{ 7160 "verdict": getRuleVerdictName(ruleVerdictContinue), 7161 "empty_fields": true, 7162 "rule_type": "*acl.aclRuleAllowWithInfoLoggerCounterStop", 7163 }, 7164 }, {name: "allow and stop processing with info logging and with counter with continue verdict 3", 7165 config: &RuleConfiguration{ 7166 Comment: "foobar barfoo", 7167 Conditions: []string{"exact match roles foobar"}, 7168 Action: `allow stop counter log info`, 7169 }, input: map[string]interface{}{ 7170 "name": "John Smith", 7171 }, 7172 emptyFields: true, 7173 want: map[string]interface{}{ 7174 "verdict": getRuleVerdictName(ruleVerdictContinue), 7175 "empty_fields": true, 7176 "rule_type": "*acl.aclRuleAllowWithInfoLoggerCounterStop", 7177 }, 7178 }, {name: "allow and stop processing with info logging and with counter with allow stop verdict", 7179 config: &RuleConfiguration{ 7180 Comment: "foobar barfoo", 7181 Conditions: []string{"exact match roles foobar"}, 7182 Action: `allow stop counter log info`, 7183 }, input: map[string]interface{}{ 7184 "roles": []string{"foobar"}, 7185 "org": []string{"nyc"}, 7186 }, 7187 want: map[string]interface{}{ 7188 "verdict": getRuleVerdictName(ruleVerdictAllowStop), 7189 "rule_type": "*acl.aclRuleAllowWithInfoLoggerCounterStop", 7190 }, 7191 }, {name: "allow and stop processing with warn logging and with counter with continue verdict", 7192 config: &RuleConfiguration{ 7193 Comment: "foobar barfoo", 7194 Conditions: []string{"exact match roles foobar"}, 7195 Action: `allow stop counter log warn`, 7196 }, input: map[string]interface{}{ 7197 "name": "John Smith", 7198 "roles": []string{"barfoo"}, 7199 }, 7200 want: map[string]interface{}{ 7201 "verdict": getRuleVerdictName(ruleVerdictContinue), 7202 "rule_type": "*acl.aclRuleAllowWithWarnLoggerCounterStop", 7203 }, 7204 }, {name: "allow and stop processing with warn logging and with counter with continue verdict 1", 7205 config: &RuleConfiguration{ 7206 Comment: "foobar barfoo", 7207 Conditions: []string{"exact match roles foobar"}, 7208 Action: `allow stop counter log warn`, 7209 }, input: map[string]interface{}{ 7210 "name": "John Smith", 7211 }, 7212 want: map[string]interface{}{ 7213 "verdict": getRuleVerdictName(ruleVerdictContinue), 7214 "rule_type": "*acl.aclRuleAllowWithWarnLoggerCounterStop", 7215 }, 7216 }, {name: "allow and stop processing with warn logging and with counter with continue verdict 2", 7217 config: &RuleConfiguration{ 7218 Comment: "foobar barfoo", 7219 Conditions: []string{"exact match roles foobar"}, 7220 Action: `allow stop counter log warn`, 7221 }, input: map[string]interface{}{ 7222 "name": "John Smith", 7223 "roles": []string{"barfoo"}, 7224 }, 7225 emptyFields: true, 7226 want: map[string]interface{}{ 7227 "verdict": getRuleVerdictName(ruleVerdictContinue), 7228 "empty_fields": true, 7229 "rule_type": "*acl.aclRuleAllowWithWarnLoggerCounterStop", 7230 }, 7231 }, {name: "allow and stop processing with warn logging and with counter with continue verdict 3", 7232 config: &RuleConfiguration{ 7233 Comment: "foobar barfoo", 7234 Conditions: []string{"exact match roles foobar"}, 7235 Action: `allow stop counter log warn`, 7236 }, input: map[string]interface{}{ 7237 "name": "John Smith", 7238 }, 7239 emptyFields: true, 7240 want: map[string]interface{}{ 7241 "verdict": getRuleVerdictName(ruleVerdictContinue), 7242 "empty_fields": true, 7243 "rule_type": "*acl.aclRuleAllowWithWarnLoggerCounterStop", 7244 }, 7245 }, {name: "allow and stop processing with warn logging and with counter with allow stop verdict", 7246 config: &RuleConfiguration{ 7247 Comment: "foobar barfoo", 7248 Conditions: []string{"exact match roles foobar"}, 7249 Action: `allow stop counter log warn`, 7250 }, input: map[string]interface{}{ 7251 "roles": []string{"foobar"}, 7252 "org": []string{"nyc"}, 7253 }, 7254 want: map[string]interface{}{ 7255 "verdict": getRuleVerdictName(ruleVerdictAllowStop), 7256 "rule_type": "*acl.aclRuleAllowWithWarnLoggerCounterStop", 7257 }, 7258 }, {name: "allow and stop processing with error logging and with counter with continue verdict", 7259 config: &RuleConfiguration{ 7260 Comment: "foobar barfoo", 7261 Conditions: []string{"exact match roles foobar"}, 7262 Action: `allow stop counter log error`, 7263 }, input: map[string]interface{}{ 7264 "name": "John Smith", 7265 "roles": []string{"barfoo"}, 7266 }, 7267 want: map[string]interface{}{ 7268 "verdict": getRuleVerdictName(ruleVerdictContinue), 7269 "rule_type": "*acl.aclRuleAllowWithErrorLoggerCounterStop", 7270 }, 7271 }, {name: "allow and stop processing with error logging and with counter with continue verdict 1", 7272 config: &RuleConfiguration{ 7273 Comment: "foobar barfoo", 7274 Conditions: []string{"exact match roles foobar"}, 7275 Action: `allow stop counter log error`, 7276 }, input: map[string]interface{}{ 7277 "name": "John Smith", 7278 }, 7279 want: map[string]interface{}{ 7280 "verdict": getRuleVerdictName(ruleVerdictContinue), 7281 "rule_type": "*acl.aclRuleAllowWithErrorLoggerCounterStop", 7282 }, 7283 }, {name: "allow and stop processing with error logging and with counter with continue verdict 2", 7284 config: &RuleConfiguration{ 7285 Comment: "foobar barfoo", 7286 Conditions: []string{"exact match roles foobar"}, 7287 Action: `allow stop counter log error`, 7288 }, input: map[string]interface{}{ 7289 "name": "John Smith", 7290 "roles": []string{"barfoo"}, 7291 }, 7292 emptyFields: true, 7293 want: map[string]interface{}{ 7294 "verdict": getRuleVerdictName(ruleVerdictContinue), 7295 "empty_fields": true, 7296 "rule_type": "*acl.aclRuleAllowWithErrorLoggerCounterStop", 7297 }, 7298 }, {name: "allow and stop processing with error logging and with counter with continue verdict 3", 7299 config: &RuleConfiguration{ 7300 Comment: "foobar barfoo", 7301 Conditions: []string{"exact match roles foobar"}, 7302 Action: `allow stop counter log error`, 7303 }, input: map[string]interface{}{ 7304 "name": "John Smith", 7305 }, 7306 emptyFields: true, 7307 want: map[string]interface{}{ 7308 "verdict": getRuleVerdictName(ruleVerdictContinue), 7309 "empty_fields": true, 7310 "rule_type": "*acl.aclRuleAllowWithErrorLoggerCounterStop", 7311 }, 7312 }, {name: "allow and stop processing with error logging and with counter with allow stop verdict", 7313 config: &RuleConfiguration{ 7314 Comment: "foobar barfoo", 7315 Conditions: []string{"exact match roles foobar"}, 7316 Action: `allow stop counter log error`, 7317 }, input: map[string]interface{}{ 7318 "roles": []string{"foobar"}, 7319 "org": []string{"nyc"}, 7320 }, 7321 want: map[string]interface{}{ 7322 "verdict": getRuleVerdictName(ruleVerdictAllowStop), 7323 "rule_type": "*acl.aclRuleAllowWithErrorLoggerCounterStop", 7324 }, 7325 }, {name: "allow any with debug logging and with counter with continue verdict", 7326 config: &RuleConfiguration{ 7327 Comment: "foobar barfoo", 7328 Conditions: []string{ 7329 "exact match roles foobar", 7330 "exact match org nyc", 7331 }, 7332 Action: `allow any counter log debug`, 7333 }, input: map[string]interface{}{ 7334 "name": "John Smith", 7335 "roles": []string{"barfoo"}, 7336 }, 7337 want: map[string]interface{}{ 7338 "verdict": getRuleVerdictName(ruleVerdictContinue), 7339 "rule_type": "*acl.aclRuleAllowWithDebugLoggerCounterMatchAny", 7340 }, 7341 }, {name: "allow any with debug logging and with counter with continue verdict 1", 7342 config: &RuleConfiguration{ 7343 Comment: "foobar barfoo", 7344 Conditions: []string{ 7345 "exact match roles foobar", 7346 "exact match org nyc", 7347 }, 7348 Action: `allow any counter log debug`, 7349 }, input: map[string]interface{}{ 7350 "name": "John Smith", 7351 }, 7352 want: map[string]interface{}{ 7353 "verdict": getRuleVerdictName(ruleVerdictContinue), 7354 "rule_type": "*acl.aclRuleAllowWithDebugLoggerCounterMatchAny", 7355 }, 7356 }, {name: "allow any with debug logging and with counter with continue verdict 2", 7357 config: &RuleConfiguration{ 7358 Comment: "foobar barfoo", 7359 Conditions: []string{ 7360 "exact match roles foobar", 7361 "exact match org nyc", 7362 }, 7363 Action: `allow any counter log debug`, 7364 }, input: map[string]interface{}{ 7365 "name": "John Smith", 7366 "roles": []string{"barfoo"}, 7367 }, 7368 emptyFields: true, 7369 want: map[string]interface{}{ 7370 "verdict": getRuleVerdictName(ruleVerdictContinue), 7371 "empty_fields": true, 7372 "rule_type": "*acl.aclRuleAllowWithDebugLoggerCounterMatchAny", 7373 }, 7374 }, {name: "allow any with debug logging and with counter with continue verdict 3", 7375 config: &RuleConfiguration{ 7376 Comment: "foobar barfoo", 7377 Conditions: []string{ 7378 "exact match roles foobar", 7379 "exact match org nyc", 7380 }, 7381 Action: `allow any counter log debug`, 7382 }, input: map[string]interface{}{ 7383 "name": "John Smith", 7384 }, 7385 emptyFields: true, 7386 want: map[string]interface{}{ 7387 "verdict": getRuleVerdictName(ruleVerdictContinue), 7388 "empty_fields": true, 7389 "rule_type": "*acl.aclRuleAllowWithDebugLoggerCounterMatchAny", 7390 }, 7391 }, {name: "allow any with debug logging and with counter with allow verdict", 7392 config: &RuleConfiguration{ 7393 Comment: "foobar barfoo", 7394 Conditions: []string{ 7395 "exact match roles foobar", 7396 "exact match org nyc", 7397 }, 7398 Action: `allow any counter log debug`, 7399 }, input: map[string]interface{}{ 7400 "roles": []string{"foobar"}, 7401 "org": []string{"nyc"}, 7402 }, 7403 want: map[string]interface{}{ 7404 "verdict": getRuleVerdictName(ruleVerdictAllow), 7405 "rule_type": "*acl.aclRuleAllowWithDebugLoggerCounterMatchAny", 7406 }, 7407 }, {name: "allow any with info logging and with counter with continue verdict", 7408 config: &RuleConfiguration{ 7409 Comment: "foobar barfoo", 7410 Conditions: []string{ 7411 "exact match roles foobar", 7412 "exact match org nyc", 7413 }, 7414 Action: `allow any counter log info`, 7415 }, input: map[string]interface{}{ 7416 "name": "John Smith", 7417 "roles": []string{"barfoo"}, 7418 }, 7419 want: map[string]interface{}{ 7420 "verdict": getRuleVerdictName(ruleVerdictContinue), 7421 "rule_type": "*acl.aclRuleAllowWithInfoLoggerCounterMatchAny", 7422 }, 7423 }, {name: "allow any with info logging and with counter with continue verdict 1", 7424 config: &RuleConfiguration{ 7425 Comment: "foobar barfoo", 7426 Conditions: []string{ 7427 "exact match roles foobar", 7428 "exact match org nyc", 7429 }, 7430 Action: `allow any counter log info`, 7431 }, input: map[string]interface{}{ 7432 "name": "John Smith", 7433 }, 7434 want: map[string]interface{}{ 7435 "verdict": getRuleVerdictName(ruleVerdictContinue), 7436 "rule_type": "*acl.aclRuleAllowWithInfoLoggerCounterMatchAny", 7437 }, 7438 }, {name: "allow any with info logging and with counter with continue verdict 2", 7439 config: &RuleConfiguration{ 7440 Comment: "foobar barfoo", 7441 Conditions: []string{ 7442 "exact match roles foobar", 7443 "exact match org nyc", 7444 }, 7445 Action: `allow any counter log info`, 7446 }, input: map[string]interface{}{ 7447 "name": "John Smith", 7448 "roles": []string{"barfoo"}, 7449 }, 7450 emptyFields: true, 7451 want: map[string]interface{}{ 7452 "verdict": getRuleVerdictName(ruleVerdictContinue), 7453 "empty_fields": true, 7454 "rule_type": "*acl.aclRuleAllowWithInfoLoggerCounterMatchAny", 7455 }, 7456 }, {name: "allow any with info logging and with counter with continue verdict 3", 7457 config: &RuleConfiguration{ 7458 Comment: "foobar barfoo", 7459 Conditions: []string{ 7460 "exact match roles foobar", 7461 "exact match org nyc", 7462 }, 7463 Action: `allow any counter log info`, 7464 }, input: map[string]interface{}{ 7465 "name": "John Smith", 7466 }, 7467 emptyFields: true, 7468 want: map[string]interface{}{ 7469 "verdict": getRuleVerdictName(ruleVerdictContinue), 7470 "empty_fields": true, 7471 "rule_type": "*acl.aclRuleAllowWithInfoLoggerCounterMatchAny", 7472 }, 7473 }, {name: "allow any with info logging and with counter with allow verdict", 7474 config: &RuleConfiguration{ 7475 Comment: "foobar barfoo", 7476 Conditions: []string{ 7477 "exact match roles foobar", 7478 "exact match org nyc", 7479 }, 7480 Action: `allow any counter log info`, 7481 }, input: map[string]interface{}{ 7482 "roles": []string{"foobar"}, 7483 "org": []string{"nyc"}, 7484 }, 7485 want: map[string]interface{}{ 7486 "verdict": getRuleVerdictName(ruleVerdictAllow), 7487 "rule_type": "*acl.aclRuleAllowWithInfoLoggerCounterMatchAny", 7488 }, 7489 }, {name: "allow any with warn logging and with counter with continue verdict", 7490 config: &RuleConfiguration{ 7491 Comment: "foobar barfoo", 7492 Conditions: []string{ 7493 "exact match roles foobar", 7494 "exact match org nyc", 7495 }, 7496 Action: `allow any counter log warn`, 7497 }, input: map[string]interface{}{ 7498 "name": "John Smith", 7499 "roles": []string{"barfoo"}, 7500 }, 7501 want: map[string]interface{}{ 7502 "verdict": getRuleVerdictName(ruleVerdictContinue), 7503 "rule_type": "*acl.aclRuleAllowWithWarnLoggerCounterMatchAny", 7504 }, 7505 }, {name: "allow any with warn logging and with counter with continue verdict 1", 7506 config: &RuleConfiguration{ 7507 Comment: "foobar barfoo", 7508 Conditions: []string{ 7509 "exact match roles foobar", 7510 "exact match org nyc", 7511 }, 7512 Action: `allow any counter log warn`, 7513 }, input: map[string]interface{}{ 7514 "name": "John Smith", 7515 }, 7516 want: map[string]interface{}{ 7517 "verdict": getRuleVerdictName(ruleVerdictContinue), 7518 "rule_type": "*acl.aclRuleAllowWithWarnLoggerCounterMatchAny", 7519 }, 7520 }, {name: "allow any with warn logging and with counter with continue verdict 2", 7521 config: &RuleConfiguration{ 7522 Comment: "foobar barfoo", 7523 Conditions: []string{ 7524 "exact match roles foobar", 7525 "exact match org nyc", 7526 }, 7527 Action: `allow any counter log warn`, 7528 }, input: map[string]interface{}{ 7529 "name": "John Smith", 7530 "roles": []string{"barfoo"}, 7531 }, 7532 emptyFields: true, 7533 want: map[string]interface{}{ 7534 "verdict": getRuleVerdictName(ruleVerdictContinue), 7535 "empty_fields": true, 7536 "rule_type": "*acl.aclRuleAllowWithWarnLoggerCounterMatchAny", 7537 }, 7538 }, {name: "allow any with warn logging and with counter with continue verdict 3", 7539 config: &RuleConfiguration{ 7540 Comment: "foobar barfoo", 7541 Conditions: []string{ 7542 "exact match roles foobar", 7543 "exact match org nyc", 7544 }, 7545 Action: `allow any counter log warn`, 7546 }, input: map[string]interface{}{ 7547 "name": "John Smith", 7548 }, 7549 emptyFields: true, 7550 want: map[string]interface{}{ 7551 "verdict": getRuleVerdictName(ruleVerdictContinue), 7552 "empty_fields": true, 7553 "rule_type": "*acl.aclRuleAllowWithWarnLoggerCounterMatchAny", 7554 }, 7555 }, {name: "allow any with warn logging and with counter with allow verdict", 7556 config: &RuleConfiguration{ 7557 Comment: "foobar barfoo", 7558 Conditions: []string{ 7559 "exact match roles foobar", 7560 "exact match org nyc", 7561 }, 7562 Action: `allow any counter log warn`, 7563 }, input: map[string]interface{}{ 7564 "roles": []string{"foobar"}, 7565 "org": []string{"nyc"}, 7566 }, 7567 want: map[string]interface{}{ 7568 "verdict": getRuleVerdictName(ruleVerdictAllow), 7569 "rule_type": "*acl.aclRuleAllowWithWarnLoggerCounterMatchAny", 7570 }, 7571 }, {name: "allow any with error logging and with counter with continue verdict", 7572 config: &RuleConfiguration{ 7573 Comment: "foobar barfoo", 7574 Conditions: []string{ 7575 "exact match roles foobar", 7576 "exact match org nyc", 7577 }, 7578 Action: `allow any counter log error`, 7579 }, input: map[string]interface{}{ 7580 "name": "John Smith", 7581 "roles": []string{"barfoo"}, 7582 }, 7583 want: map[string]interface{}{ 7584 "verdict": getRuleVerdictName(ruleVerdictContinue), 7585 "rule_type": "*acl.aclRuleAllowWithErrorLoggerCounterMatchAny", 7586 }, 7587 }, {name: "allow any with error logging and with counter with continue verdict 1", 7588 config: &RuleConfiguration{ 7589 Comment: "foobar barfoo", 7590 Conditions: []string{ 7591 "exact match roles foobar", 7592 "exact match org nyc", 7593 }, 7594 Action: `allow any counter log error`, 7595 }, input: map[string]interface{}{ 7596 "name": "John Smith", 7597 }, 7598 want: map[string]interface{}{ 7599 "verdict": getRuleVerdictName(ruleVerdictContinue), 7600 "rule_type": "*acl.aclRuleAllowWithErrorLoggerCounterMatchAny", 7601 }, 7602 }, {name: "allow any with error logging and with counter with continue verdict 2", 7603 config: &RuleConfiguration{ 7604 Comment: "foobar barfoo", 7605 Conditions: []string{ 7606 "exact match roles foobar", 7607 "exact match org nyc", 7608 }, 7609 Action: `allow any counter log error`, 7610 }, input: map[string]interface{}{ 7611 "name": "John Smith", 7612 "roles": []string{"barfoo"}, 7613 }, 7614 emptyFields: true, 7615 want: map[string]interface{}{ 7616 "verdict": getRuleVerdictName(ruleVerdictContinue), 7617 "empty_fields": true, 7618 "rule_type": "*acl.aclRuleAllowWithErrorLoggerCounterMatchAny", 7619 }, 7620 }, {name: "allow any with error logging and with counter with continue verdict 3", 7621 config: &RuleConfiguration{ 7622 Comment: "foobar barfoo", 7623 Conditions: []string{ 7624 "exact match roles foobar", 7625 "exact match org nyc", 7626 }, 7627 Action: `allow any counter log error`, 7628 }, input: map[string]interface{}{ 7629 "name": "John Smith", 7630 }, 7631 emptyFields: true, 7632 want: map[string]interface{}{ 7633 "verdict": getRuleVerdictName(ruleVerdictContinue), 7634 "empty_fields": true, 7635 "rule_type": "*acl.aclRuleAllowWithErrorLoggerCounterMatchAny", 7636 }, 7637 }, {name: "allow any with error logging and with counter with allow verdict", 7638 config: &RuleConfiguration{ 7639 Comment: "foobar barfoo", 7640 Conditions: []string{ 7641 "exact match roles foobar", 7642 "exact match org nyc", 7643 }, 7644 Action: `allow any counter log error`, 7645 }, input: map[string]interface{}{ 7646 "roles": []string{"foobar"}, 7647 "org": []string{"nyc"}, 7648 }, 7649 want: map[string]interface{}{ 7650 "verdict": getRuleVerdictName(ruleVerdictAllow), 7651 "rule_type": "*acl.aclRuleAllowWithErrorLoggerCounterMatchAny", 7652 }, 7653 }, {name: "allow all with debug logging and with counter with continue verdict", 7654 config: &RuleConfiguration{ 7655 Comment: "foobar barfoo", 7656 Conditions: []string{ 7657 "exact match roles foobar", 7658 "exact match org nyc", 7659 }, 7660 Action: `allow counter log debug`, 7661 }, input: map[string]interface{}{ 7662 "name": "John Smith", 7663 "roles": []string{"barfoo"}, 7664 }, 7665 want: map[string]interface{}{ 7666 "verdict": getRuleVerdictName(ruleVerdictContinue), 7667 "rule_type": "*acl.aclRuleAllowWithDebugLoggerCounterMatchAll", 7668 }, 7669 }, {name: "allow all with debug logging and with counter with continue verdict 1", 7670 config: &RuleConfiguration{ 7671 Comment: "foobar barfoo", 7672 Conditions: []string{ 7673 "exact match roles foobar", 7674 "exact match org nyc", 7675 }, 7676 Action: `allow counter log debug`, 7677 }, input: map[string]interface{}{ 7678 "name": "John Smith", 7679 }, 7680 want: map[string]interface{}{ 7681 "verdict": getRuleVerdictName(ruleVerdictContinue), 7682 "rule_type": "*acl.aclRuleAllowWithDebugLoggerCounterMatchAll", 7683 }, 7684 }, {name: "allow all with debug logging and with counter with continue verdict 2", 7685 config: &RuleConfiguration{ 7686 Comment: "foobar barfoo", 7687 Conditions: []string{ 7688 "exact match roles foobar", 7689 "exact match org nyc", 7690 }, 7691 Action: `allow counter log debug`, 7692 }, input: map[string]interface{}{ 7693 "name": "John Smith", 7694 "roles": []string{"barfoo"}, 7695 }, 7696 emptyFields: true, 7697 want: map[string]interface{}{ 7698 "verdict": getRuleVerdictName(ruleVerdictContinue), 7699 "empty_fields": true, 7700 "rule_type": "*acl.aclRuleAllowWithDebugLoggerCounterMatchAll", 7701 }, 7702 }, {name: "allow all with debug logging and with counter with continue verdict 3", 7703 config: &RuleConfiguration{ 7704 Comment: "foobar barfoo", 7705 Conditions: []string{ 7706 "exact match roles foobar", 7707 "exact match org nyc", 7708 }, 7709 Action: `allow counter log debug`, 7710 }, input: map[string]interface{}{ 7711 "name": "John Smith", 7712 }, 7713 emptyFields: true, 7714 want: map[string]interface{}{ 7715 "verdict": getRuleVerdictName(ruleVerdictContinue), 7716 "empty_fields": true, 7717 "rule_type": "*acl.aclRuleAllowWithDebugLoggerCounterMatchAll", 7718 }, 7719 }, {name: "allow all with debug logging and with counter with allow verdict", 7720 config: &RuleConfiguration{ 7721 Comment: "foobar barfoo", 7722 Conditions: []string{ 7723 "exact match roles foobar", 7724 "exact match org nyc", 7725 }, 7726 Action: `allow counter log debug`, 7727 }, input: map[string]interface{}{ 7728 "roles": []string{"foobar"}, 7729 "org": []string{"nyc"}, 7730 }, 7731 want: map[string]interface{}{ 7732 "verdict": getRuleVerdictName(ruleVerdictAllow), 7733 "rule_type": "*acl.aclRuleAllowWithDebugLoggerCounterMatchAll", 7734 }, 7735 }, {name: "allow all with info logging and with counter with continue verdict", 7736 config: &RuleConfiguration{ 7737 Comment: "foobar barfoo", 7738 Conditions: []string{ 7739 "exact match roles foobar", 7740 "exact match org nyc", 7741 }, 7742 Action: `allow counter log info`, 7743 }, input: map[string]interface{}{ 7744 "name": "John Smith", 7745 "roles": []string{"barfoo"}, 7746 }, 7747 want: map[string]interface{}{ 7748 "verdict": getRuleVerdictName(ruleVerdictContinue), 7749 "rule_type": "*acl.aclRuleAllowWithInfoLoggerCounterMatchAll", 7750 }, 7751 }, {name: "allow all with info logging and with counter with continue verdict 1", 7752 config: &RuleConfiguration{ 7753 Comment: "foobar barfoo", 7754 Conditions: []string{ 7755 "exact match roles foobar", 7756 "exact match org nyc", 7757 }, 7758 Action: `allow counter log info`, 7759 }, input: map[string]interface{}{ 7760 "name": "John Smith", 7761 }, 7762 want: map[string]interface{}{ 7763 "verdict": getRuleVerdictName(ruleVerdictContinue), 7764 "rule_type": "*acl.aclRuleAllowWithInfoLoggerCounterMatchAll", 7765 }, 7766 }, {name: "allow all with info logging and with counter with continue verdict 2", 7767 config: &RuleConfiguration{ 7768 Comment: "foobar barfoo", 7769 Conditions: []string{ 7770 "exact match roles foobar", 7771 "exact match org nyc", 7772 }, 7773 Action: `allow counter log info`, 7774 }, input: map[string]interface{}{ 7775 "name": "John Smith", 7776 "roles": []string{"barfoo"}, 7777 }, 7778 emptyFields: true, 7779 want: map[string]interface{}{ 7780 "verdict": getRuleVerdictName(ruleVerdictContinue), 7781 "empty_fields": true, 7782 "rule_type": "*acl.aclRuleAllowWithInfoLoggerCounterMatchAll", 7783 }, 7784 }, {name: "allow all with info logging and with counter with continue verdict 3", 7785 config: &RuleConfiguration{ 7786 Comment: "foobar barfoo", 7787 Conditions: []string{ 7788 "exact match roles foobar", 7789 "exact match org nyc", 7790 }, 7791 Action: `allow counter log info`, 7792 }, input: map[string]interface{}{ 7793 "name": "John Smith", 7794 }, 7795 emptyFields: true, 7796 want: map[string]interface{}{ 7797 "verdict": getRuleVerdictName(ruleVerdictContinue), 7798 "empty_fields": true, 7799 "rule_type": "*acl.aclRuleAllowWithInfoLoggerCounterMatchAll", 7800 }, 7801 }, {name: "allow all with info logging and with counter with allow verdict", 7802 config: &RuleConfiguration{ 7803 Comment: "foobar barfoo", 7804 Conditions: []string{ 7805 "exact match roles foobar", 7806 "exact match org nyc", 7807 }, 7808 Action: `allow counter log info`, 7809 }, input: map[string]interface{}{ 7810 "roles": []string{"foobar"}, 7811 "org": []string{"nyc"}, 7812 }, 7813 want: map[string]interface{}{ 7814 "verdict": getRuleVerdictName(ruleVerdictAllow), 7815 "rule_type": "*acl.aclRuleAllowWithInfoLoggerCounterMatchAll", 7816 }, 7817 }, {name: "allow all with warn logging and with counter with continue verdict", 7818 config: &RuleConfiguration{ 7819 Comment: "foobar barfoo", 7820 Conditions: []string{ 7821 "exact match roles foobar", 7822 "exact match org nyc", 7823 }, 7824 Action: `allow counter log warn`, 7825 }, input: map[string]interface{}{ 7826 "name": "John Smith", 7827 "roles": []string{"barfoo"}, 7828 }, 7829 want: map[string]interface{}{ 7830 "verdict": getRuleVerdictName(ruleVerdictContinue), 7831 "rule_type": "*acl.aclRuleAllowWithWarnLoggerCounterMatchAll", 7832 }, 7833 }, {name: "allow all with warn logging and with counter with continue verdict 1", 7834 config: &RuleConfiguration{ 7835 Comment: "foobar barfoo", 7836 Conditions: []string{ 7837 "exact match roles foobar", 7838 "exact match org nyc", 7839 }, 7840 Action: `allow counter log warn`, 7841 }, input: map[string]interface{}{ 7842 "name": "John Smith", 7843 }, 7844 want: map[string]interface{}{ 7845 "verdict": getRuleVerdictName(ruleVerdictContinue), 7846 "rule_type": "*acl.aclRuleAllowWithWarnLoggerCounterMatchAll", 7847 }, 7848 }, {name: "allow all with warn logging and with counter with continue verdict 2", 7849 config: &RuleConfiguration{ 7850 Comment: "foobar barfoo", 7851 Conditions: []string{ 7852 "exact match roles foobar", 7853 "exact match org nyc", 7854 }, 7855 Action: `allow counter log warn`, 7856 }, input: map[string]interface{}{ 7857 "name": "John Smith", 7858 "roles": []string{"barfoo"}, 7859 }, 7860 emptyFields: true, 7861 want: map[string]interface{}{ 7862 "verdict": getRuleVerdictName(ruleVerdictContinue), 7863 "empty_fields": true, 7864 "rule_type": "*acl.aclRuleAllowWithWarnLoggerCounterMatchAll", 7865 }, 7866 }, {name: "allow all with warn logging and with counter with continue verdict 3", 7867 config: &RuleConfiguration{ 7868 Comment: "foobar barfoo", 7869 Conditions: []string{ 7870 "exact match roles foobar", 7871 "exact match org nyc", 7872 }, 7873 Action: `allow counter log warn`, 7874 }, input: map[string]interface{}{ 7875 "name": "John Smith", 7876 }, 7877 emptyFields: true, 7878 want: map[string]interface{}{ 7879 "verdict": getRuleVerdictName(ruleVerdictContinue), 7880 "empty_fields": true, 7881 "rule_type": "*acl.aclRuleAllowWithWarnLoggerCounterMatchAll", 7882 }, 7883 }, {name: "allow all with warn logging and with counter with allow verdict", 7884 config: &RuleConfiguration{ 7885 Comment: "foobar barfoo", 7886 Conditions: []string{ 7887 "exact match roles foobar", 7888 "exact match org nyc", 7889 }, 7890 Action: `allow counter log warn`, 7891 }, input: map[string]interface{}{ 7892 "roles": []string{"foobar"}, 7893 "org": []string{"nyc"}, 7894 }, 7895 want: map[string]interface{}{ 7896 "verdict": getRuleVerdictName(ruleVerdictAllow), 7897 "rule_type": "*acl.aclRuleAllowWithWarnLoggerCounterMatchAll", 7898 }, 7899 }, {name: "allow all with error logging and with counter with continue verdict", 7900 config: &RuleConfiguration{ 7901 Comment: "foobar barfoo", 7902 Conditions: []string{ 7903 "exact match roles foobar", 7904 "exact match org nyc", 7905 }, 7906 Action: `allow counter log error`, 7907 }, input: map[string]interface{}{ 7908 "name": "John Smith", 7909 "roles": []string{"barfoo"}, 7910 }, 7911 want: map[string]interface{}{ 7912 "verdict": getRuleVerdictName(ruleVerdictContinue), 7913 "rule_type": "*acl.aclRuleAllowWithErrorLoggerCounterMatchAll", 7914 }, 7915 }, {name: "allow all with error logging and with counter with continue verdict 1", 7916 config: &RuleConfiguration{ 7917 Comment: "foobar barfoo", 7918 Conditions: []string{ 7919 "exact match roles foobar", 7920 "exact match org nyc", 7921 }, 7922 Action: `allow counter log error`, 7923 }, input: map[string]interface{}{ 7924 "name": "John Smith", 7925 }, 7926 want: map[string]interface{}{ 7927 "verdict": getRuleVerdictName(ruleVerdictContinue), 7928 "rule_type": "*acl.aclRuleAllowWithErrorLoggerCounterMatchAll", 7929 }, 7930 }, {name: "allow all with error logging and with counter with continue verdict 2", 7931 config: &RuleConfiguration{ 7932 Comment: "foobar barfoo", 7933 Conditions: []string{ 7934 "exact match roles foobar", 7935 "exact match org nyc", 7936 }, 7937 Action: `allow counter log error`, 7938 }, input: map[string]interface{}{ 7939 "name": "John Smith", 7940 "roles": []string{"barfoo"}, 7941 }, 7942 emptyFields: true, 7943 want: map[string]interface{}{ 7944 "verdict": getRuleVerdictName(ruleVerdictContinue), 7945 "empty_fields": true, 7946 "rule_type": "*acl.aclRuleAllowWithErrorLoggerCounterMatchAll", 7947 }, 7948 }, {name: "allow all with error logging and with counter with continue verdict 3", 7949 config: &RuleConfiguration{ 7950 Comment: "foobar barfoo", 7951 Conditions: []string{ 7952 "exact match roles foobar", 7953 "exact match org nyc", 7954 }, 7955 Action: `allow counter log error`, 7956 }, input: map[string]interface{}{ 7957 "name": "John Smith", 7958 }, 7959 emptyFields: true, 7960 want: map[string]interface{}{ 7961 "verdict": getRuleVerdictName(ruleVerdictContinue), 7962 "empty_fields": true, 7963 "rule_type": "*acl.aclRuleAllowWithErrorLoggerCounterMatchAll", 7964 }, 7965 }, {name: "allow all with error logging and with counter with allow verdict", 7966 config: &RuleConfiguration{ 7967 Comment: "foobar barfoo", 7968 Conditions: []string{ 7969 "exact match roles foobar", 7970 "exact match org nyc", 7971 }, 7972 Action: `allow counter log error`, 7973 }, input: map[string]interface{}{ 7974 "roles": []string{"foobar"}, 7975 "org": []string{"nyc"}, 7976 }, 7977 want: map[string]interface{}{ 7978 "verdict": getRuleVerdictName(ruleVerdictAllow), 7979 "rule_type": "*acl.aclRuleAllowWithErrorLoggerCounterMatchAll", 7980 }, 7981 }, {name: "allow with debug logging and with counter with continue verdict", 7982 config: &RuleConfiguration{ 7983 Comment: "foobar barfoo", 7984 Conditions: []string{"exact match roles foobar"}, 7985 Action: `allow counter log debug`, 7986 }, input: map[string]interface{}{ 7987 "name": "John Smith", 7988 "roles": []string{"barfoo"}, 7989 }, 7990 want: map[string]interface{}{ 7991 "verdict": getRuleVerdictName(ruleVerdictContinue), 7992 "rule_type": "*acl.aclRuleAllowWithDebugLoggerCounter", 7993 }, 7994 }, {name: "allow with debug logging and with counter with continue verdict 1", 7995 config: &RuleConfiguration{ 7996 Comment: "foobar barfoo", 7997 Conditions: []string{"exact match roles foobar"}, 7998 Action: `allow counter log debug`, 7999 }, input: map[string]interface{}{ 8000 "name": "John Smith", 8001 }, 8002 want: map[string]interface{}{ 8003 "verdict": getRuleVerdictName(ruleVerdictContinue), 8004 "rule_type": "*acl.aclRuleAllowWithDebugLoggerCounter", 8005 }, 8006 }, {name: "allow with debug logging and with counter with continue verdict 2", 8007 config: &RuleConfiguration{ 8008 Comment: "foobar barfoo", 8009 Conditions: []string{"exact match roles foobar"}, 8010 Action: `allow counter log debug`, 8011 }, input: map[string]interface{}{ 8012 "name": "John Smith", 8013 "roles": []string{"barfoo"}, 8014 }, 8015 emptyFields: true, 8016 want: map[string]interface{}{ 8017 "verdict": getRuleVerdictName(ruleVerdictContinue), 8018 "empty_fields": true, 8019 "rule_type": "*acl.aclRuleAllowWithDebugLoggerCounter", 8020 }, 8021 }, {name: "allow with debug logging and with counter with continue verdict 3", 8022 config: &RuleConfiguration{ 8023 Comment: "foobar barfoo", 8024 Conditions: []string{"exact match roles foobar"}, 8025 Action: `allow counter log debug`, 8026 }, input: map[string]interface{}{ 8027 "name": "John Smith", 8028 }, 8029 emptyFields: true, 8030 want: map[string]interface{}{ 8031 "verdict": getRuleVerdictName(ruleVerdictContinue), 8032 "empty_fields": true, 8033 "rule_type": "*acl.aclRuleAllowWithDebugLoggerCounter", 8034 }, 8035 }, {name: "allow with debug logging and with counter with allow verdict", 8036 config: &RuleConfiguration{ 8037 Comment: "foobar barfoo", 8038 Conditions: []string{"exact match roles foobar"}, 8039 Action: `allow counter log debug`, 8040 }, input: map[string]interface{}{ 8041 "roles": []string{"foobar"}, 8042 "org": []string{"nyc"}, 8043 }, 8044 want: map[string]interface{}{ 8045 "verdict": getRuleVerdictName(ruleVerdictAllow), 8046 "rule_type": "*acl.aclRuleAllowWithDebugLoggerCounter", 8047 }, 8048 }, {name: "allow with info logging and with counter with continue verdict", 8049 config: &RuleConfiguration{ 8050 Comment: "foobar barfoo", 8051 Conditions: []string{"exact match roles foobar"}, 8052 Action: `allow counter log info`, 8053 }, input: map[string]interface{}{ 8054 "name": "John Smith", 8055 "roles": []string{"barfoo"}, 8056 }, 8057 want: map[string]interface{}{ 8058 "verdict": getRuleVerdictName(ruleVerdictContinue), 8059 "rule_type": "*acl.aclRuleAllowWithInfoLoggerCounter", 8060 }, 8061 }, {name: "allow with info logging and with counter with continue verdict 1", 8062 config: &RuleConfiguration{ 8063 Comment: "foobar barfoo", 8064 Conditions: []string{"exact match roles foobar"}, 8065 Action: `allow counter log info`, 8066 }, input: map[string]interface{}{ 8067 "name": "John Smith", 8068 }, 8069 want: map[string]interface{}{ 8070 "verdict": getRuleVerdictName(ruleVerdictContinue), 8071 "rule_type": "*acl.aclRuleAllowWithInfoLoggerCounter", 8072 }, 8073 }, {name: "allow with info logging and with counter with continue verdict 2", 8074 config: &RuleConfiguration{ 8075 Comment: "foobar barfoo", 8076 Conditions: []string{"exact match roles foobar"}, 8077 Action: `allow counter log info`, 8078 }, input: map[string]interface{}{ 8079 "name": "John Smith", 8080 "roles": []string{"barfoo"}, 8081 }, 8082 emptyFields: true, 8083 want: map[string]interface{}{ 8084 "verdict": getRuleVerdictName(ruleVerdictContinue), 8085 "empty_fields": true, 8086 "rule_type": "*acl.aclRuleAllowWithInfoLoggerCounter", 8087 }, 8088 }, {name: "allow with info logging and with counter with continue verdict 3", 8089 config: &RuleConfiguration{ 8090 Comment: "foobar barfoo", 8091 Conditions: []string{"exact match roles foobar"}, 8092 Action: `allow counter log info`, 8093 }, input: map[string]interface{}{ 8094 "name": "John Smith", 8095 }, 8096 emptyFields: true, 8097 want: map[string]interface{}{ 8098 "verdict": getRuleVerdictName(ruleVerdictContinue), 8099 "empty_fields": true, 8100 "rule_type": "*acl.aclRuleAllowWithInfoLoggerCounter", 8101 }, 8102 }, {name: "allow with info logging and with counter with allow verdict", 8103 config: &RuleConfiguration{ 8104 Comment: "foobar barfoo", 8105 Conditions: []string{"exact match roles foobar"}, 8106 Action: `allow counter log info`, 8107 }, input: map[string]interface{}{ 8108 "roles": []string{"foobar"}, 8109 "org": []string{"nyc"}, 8110 }, 8111 want: map[string]interface{}{ 8112 "verdict": getRuleVerdictName(ruleVerdictAllow), 8113 "rule_type": "*acl.aclRuleAllowWithInfoLoggerCounter", 8114 }, 8115 }, {name: "allow with warn logging and with counter with continue verdict", 8116 config: &RuleConfiguration{ 8117 Comment: "foobar barfoo", 8118 Conditions: []string{"exact match roles foobar"}, 8119 Action: `allow counter log warn`, 8120 }, input: map[string]interface{}{ 8121 "name": "John Smith", 8122 "roles": []string{"barfoo"}, 8123 }, 8124 want: map[string]interface{}{ 8125 "verdict": getRuleVerdictName(ruleVerdictContinue), 8126 "rule_type": "*acl.aclRuleAllowWithWarnLoggerCounter", 8127 }, 8128 }, {name: "allow with warn logging and with counter with continue verdict 1", 8129 config: &RuleConfiguration{ 8130 Comment: "foobar barfoo", 8131 Conditions: []string{"exact match roles foobar"}, 8132 Action: `allow counter log warn`, 8133 }, input: map[string]interface{}{ 8134 "name": "John Smith", 8135 }, 8136 want: map[string]interface{}{ 8137 "verdict": getRuleVerdictName(ruleVerdictContinue), 8138 "rule_type": "*acl.aclRuleAllowWithWarnLoggerCounter", 8139 }, 8140 }, {name: "allow with warn logging and with counter with continue verdict 2", 8141 config: &RuleConfiguration{ 8142 Comment: "foobar barfoo", 8143 Conditions: []string{"exact match roles foobar"}, 8144 Action: `allow counter log warn`, 8145 }, input: map[string]interface{}{ 8146 "name": "John Smith", 8147 "roles": []string{"barfoo"}, 8148 }, 8149 emptyFields: true, 8150 want: map[string]interface{}{ 8151 "verdict": getRuleVerdictName(ruleVerdictContinue), 8152 "empty_fields": true, 8153 "rule_type": "*acl.aclRuleAllowWithWarnLoggerCounter", 8154 }, 8155 }, {name: "allow with warn logging and with counter with continue verdict 3", 8156 config: &RuleConfiguration{ 8157 Comment: "foobar barfoo", 8158 Conditions: []string{"exact match roles foobar"}, 8159 Action: `allow counter log warn`, 8160 }, input: map[string]interface{}{ 8161 "name": "John Smith", 8162 }, 8163 emptyFields: true, 8164 want: map[string]interface{}{ 8165 "verdict": getRuleVerdictName(ruleVerdictContinue), 8166 "empty_fields": true, 8167 "rule_type": "*acl.aclRuleAllowWithWarnLoggerCounter", 8168 }, 8169 }, {name: "allow with warn logging and with counter with allow verdict", 8170 config: &RuleConfiguration{ 8171 Comment: "foobar barfoo", 8172 Conditions: []string{"exact match roles foobar"}, 8173 Action: `allow counter log warn`, 8174 }, input: map[string]interface{}{ 8175 "roles": []string{"foobar"}, 8176 "org": []string{"nyc"}, 8177 }, 8178 want: map[string]interface{}{ 8179 "verdict": getRuleVerdictName(ruleVerdictAllow), 8180 "rule_type": "*acl.aclRuleAllowWithWarnLoggerCounter", 8181 }, 8182 }, {name: "allow with error logging and with counter with continue verdict", 8183 config: &RuleConfiguration{ 8184 Comment: "foobar barfoo", 8185 Conditions: []string{"exact match roles foobar"}, 8186 Action: `allow counter log error`, 8187 }, input: map[string]interface{}{ 8188 "name": "John Smith", 8189 "roles": []string{"barfoo"}, 8190 }, 8191 want: map[string]interface{}{ 8192 "verdict": getRuleVerdictName(ruleVerdictContinue), 8193 "rule_type": "*acl.aclRuleAllowWithErrorLoggerCounter", 8194 }, 8195 }, {name: "allow with error logging and with counter with continue verdict 1", 8196 config: &RuleConfiguration{ 8197 Comment: "foobar barfoo", 8198 Conditions: []string{"exact match roles foobar"}, 8199 Action: `allow counter log error`, 8200 }, input: map[string]interface{}{ 8201 "name": "John Smith", 8202 }, 8203 want: map[string]interface{}{ 8204 "verdict": getRuleVerdictName(ruleVerdictContinue), 8205 "rule_type": "*acl.aclRuleAllowWithErrorLoggerCounter", 8206 }, 8207 }, {name: "allow with error logging and with counter with continue verdict 2", 8208 config: &RuleConfiguration{ 8209 Comment: "foobar barfoo", 8210 Conditions: []string{"exact match roles foobar"}, 8211 Action: `allow counter log error`, 8212 }, input: map[string]interface{}{ 8213 "name": "John Smith", 8214 "roles": []string{"barfoo"}, 8215 }, 8216 emptyFields: true, 8217 want: map[string]interface{}{ 8218 "verdict": getRuleVerdictName(ruleVerdictContinue), 8219 "empty_fields": true, 8220 "rule_type": "*acl.aclRuleAllowWithErrorLoggerCounter", 8221 }, 8222 }, {name: "allow with error logging and with counter with continue verdict 3", 8223 config: &RuleConfiguration{ 8224 Comment: "foobar barfoo", 8225 Conditions: []string{"exact match roles foobar"}, 8226 Action: `allow counter log error`, 8227 }, input: map[string]interface{}{ 8228 "name": "John Smith", 8229 }, 8230 emptyFields: true, 8231 want: map[string]interface{}{ 8232 "verdict": getRuleVerdictName(ruleVerdictContinue), 8233 "empty_fields": true, 8234 "rule_type": "*acl.aclRuleAllowWithErrorLoggerCounter", 8235 }, 8236 }, {name: "allow with error logging and with counter with allow verdict", 8237 config: &RuleConfiguration{ 8238 Comment: "foobar barfoo", 8239 Conditions: []string{"exact match roles foobar"}, 8240 Action: `allow counter log error`, 8241 }, input: map[string]interface{}{ 8242 "roles": []string{"foobar"}, 8243 "org": []string{"nyc"}, 8244 }, 8245 want: map[string]interface{}{ 8246 "verdict": getRuleVerdictName(ruleVerdictAllow), 8247 "rule_type": "*acl.aclRuleAllowWithErrorLoggerCounter", 8248 }, 8249 }, {name: "deny any and stop processing without counter and logging with deny stop verdict", 8250 config: &RuleConfiguration{ 8251 Comment: "foobar barfoo", 8252 Conditions: []string{ 8253 "exact match roles foobar", 8254 "exact match org nyc", 8255 }, 8256 Action: `deny any stop`, 8257 }, input: map[string]interface{}{ 8258 "roles": []string{"foobar"}, 8259 }, 8260 want: map[string]interface{}{ 8261 "verdict": getRuleVerdictName(ruleVerdictDenyStop), 8262 "rule_type": "*acl.aclRuleDenyMatchAnyStop", 8263 }, 8264 }, {name: "deny any and stop processing without counter and logging with continue verdict", 8265 config: &RuleConfiguration{ 8266 Comment: "foobar barfoo", 8267 Conditions: []string{ 8268 "exact match roles foobar", 8269 "exact match org nyc", 8270 }, 8271 Action: `deny any stop`, 8272 }, input: map[string]interface{}{ 8273 "name": "John Smith", 8274 "roles": []string{"barfoo"}, 8275 }, 8276 want: map[string]interface{}{ 8277 "verdict": getRuleVerdictName(ruleVerdictContinue), 8278 "rule_type": "*acl.aclRuleDenyMatchAnyStop", 8279 }, 8280 }, {name: "deny any and stop processing without counter and logging with continue verdict 1", 8281 config: &RuleConfiguration{ 8282 Comment: "foobar barfoo", 8283 Conditions: []string{ 8284 "exact match roles foobar", 8285 "exact match org nyc", 8286 }, 8287 Action: `deny any stop`, 8288 }, input: map[string]interface{}{ 8289 "name": "John Smith", 8290 }, 8291 want: map[string]interface{}{ 8292 "verdict": getRuleVerdictName(ruleVerdictContinue), 8293 "rule_type": "*acl.aclRuleDenyMatchAnyStop", 8294 }, 8295 }, {name: "deny any and stop processing without counter and logging with continue verdict 2", 8296 config: &RuleConfiguration{ 8297 Comment: "foobar barfoo", 8298 Conditions: []string{ 8299 "exact match roles foobar", 8300 "exact match org nyc", 8301 }, 8302 Action: `deny any stop`, 8303 }, input: map[string]interface{}{ 8304 "name": "John Smith", 8305 "roles": []string{"barfoo"}, 8306 }, 8307 emptyFields: true, 8308 want: map[string]interface{}{ 8309 "verdict": getRuleVerdictName(ruleVerdictContinue), 8310 "empty_fields": true, 8311 "rule_type": "*acl.aclRuleDenyMatchAnyStop", 8312 }, 8313 }, {name: "deny any and stop processing without counter and logging with continue verdict 3", 8314 config: &RuleConfiguration{ 8315 Comment: "foobar barfoo", 8316 Conditions: []string{ 8317 "exact match roles foobar", 8318 "exact match org nyc", 8319 }, 8320 Action: `deny any stop`, 8321 }, input: map[string]interface{}{ 8322 "name": "John Smith", 8323 }, 8324 emptyFields: true, 8325 want: map[string]interface{}{ 8326 "verdict": getRuleVerdictName(ruleVerdictContinue), 8327 "empty_fields": true, 8328 "rule_type": "*acl.aclRuleDenyMatchAnyStop", 8329 }, 8330 }, {name: "deny all and stop processing without counter and logging with deny stop verdict", 8331 config: &RuleConfiguration{ 8332 Comment: "foobar barfoo", 8333 Conditions: []string{ 8334 "exact match roles foobar", 8335 "exact match org nyc", 8336 }, 8337 Action: `deny stop`, 8338 }, input: map[string]interface{}{ 8339 "roles": []string{"foobar"}, 8340 "org": []string{"nyc"}, 8341 }, 8342 want: map[string]interface{}{ 8343 "verdict": getRuleVerdictName(ruleVerdictDenyStop), 8344 "rule_type": "*acl.aclRuleDenyMatchAllStop", 8345 }, 8346 }, {name: "deny all and stop processing without counter and logging with continue verdict", 8347 config: &RuleConfiguration{ 8348 Comment: "foobar barfoo", 8349 Conditions: []string{ 8350 "exact match roles foobar", 8351 "exact match org nyc", 8352 }, 8353 Action: `deny stop`, 8354 }, input: map[string]interface{}{ 8355 "name": "John Smith", 8356 "roles": []string{"barfoo"}, 8357 }, 8358 want: map[string]interface{}{ 8359 "verdict": getRuleVerdictName(ruleVerdictContinue), 8360 "rule_type": "*acl.aclRuleDenyMatchAllStop", 8361 }, 8362 }, {name: "deny all and stop processing without counter and logging with continue verdict 1", 8363 config: &RuleConfiguration{ 8364 Comment: "foobar barfoo", 8365 Conditions: []string{ 8366 "exact match roles foobar", 8367 "exact match org nyc", 8368 }, 8369 Action: `deny stop`, 8370 }, input: map[string]interface{}{ 8371 "name": "John Smith", 8372 }, 8373 want: map[string]interface{}{ 8374 "verdict": getRuleVerdictName(ruleVerdictContinue), 8375 "rule_type": "*acl.aclRuleDenyMatchAllStop", 8376 }, 8377 }, {name: "deny all and stop processing without counter and logging with continue verdict 2", 8378 config: &RuleConfiguration{ 8379 Comment: "foobar barfoo", 8380 Conditions: []string{ 8381 "exact match roles foobar", 8382 "exact match org nyc", 8383 }, 8384 Action: `deny stop`, 8385 }, input: map[string]interface{}{ 8386 "name": "John Smith", 8387 "roles": []string{"barfoo"}, 8388 }, 8389 emptyFields: true, 8390 want: map[string]interface{}{ 8391 "verdict": getRuleVerdictName(ruleVerdictContinue), 8392 "empty_fields": true, 8393 "rule_type": "*acl.aclRuleDenyMatchAllStop", 8394 }, 8395 }, {name: "deny all and stop processing without counter and logging with continue verdict 3", 8396 config: &RuleConfiguration{ 8397 Comment: "foobar barfoo", 8398 Conditions: []string{ 8399 "exact match roles foobar", 8400 "exact match org nyc", 8401 }, 8402 Action: `deny stop`, 8403 }, input: map[string]interface{}{ 8404 "name": "John Smith", 8405 }, 8406 emptyFields: true, 8407 want: map[string]interface{}{ 8408 "verdict": getRuleVerdictName(ruleVerdictContinue), 8409 "empty_fields": true, 8410 "rule_type": "*acl.aclRuleDenyMatchAllStop", 8411 }, 8412 }, {name: "deny and stop processing without counter and logging with deny stop verdict", 8413 config: &RuleConfiguration{ 8414 Comment: "foobar barfoo", 8415 Conditions: []string{"exact match roles foobar"}, 8416 Action: `deny stop`, 8417 }, input: map[string]interface{}{ 8418 "roles": []string{"foobar"}, 8419 }, 8420 want: map[string]interface{}{ 8421 "verdict": getRuleVerdictName(ruleVerdictDenyStop), 8422 "rule_type": "*acl.aclRuleDenyStop", 8423 }, 8424 }, {name: "deny and stop processing without counter and logging with continue verdict", 8425 config: &RuleConfiguration{ 8426 Comment: "foobar barfoo", 8427 Conditions: []string{"exact match roles foobar"}, 8428 Action: `deny stop`, 8429 }, input: map[string]interface{}{ 8430 "name": "John Smith", 8431 "roles": []string{"barfoo"}, 8432 }, 8433 want: map[string]interface{}{ 8434 "verdict": getRuleVerdictName(ruleVerdictContinue), 8435 "rule_type": "*acl.aclRuleDenyStop", 8436 }, 8437 }, {name: "deny and stop processing without counter and logging with continue verdict 1", 8438 config: &RuleConfiguration{ 8439 Comment: "foobar barfoo", 8440 Conditions: []string{"exact match roles foobar"}, 8441 Action: `deny stop`, 8442 }, input: map[string]interface{}{ 8443 "name": "John Smith", 8444 }, 8445 want: map[string]interface{}{ 8446 "verdict": getRuleVerdictName(ruleVerdictContinue), 8447 "rule_type": "*acl.aclRuleDenyStop", 8448 }, 8449 }, {name: "deny and stop processing without counter and logging with continue verdict 2", 8450 config: &RuleConfiguration{ 8451 Comment: "foobar barfoo", 8452 Conditions: []string{"exact match roles foobar"}, 8453 Action: `deny stop`, 8454 }, input: map[string]interface{}{ 8455 "name": "John Smith", 8456 "roles": []string{"barfoo"}, 8457 }, 8458 emptyFields: true, 8459 want: map[string]interface{}{ 8460 "verdict": getRuleVerdictName(ruleVerdictContinue), 8461 "empty_fields": true, 8462 "rule_type": "*acl.aclRuleDenyStop", 8463 }, 8464 }, {name: "deny and stop processing without counter and logging with continue verdict 3", 8465 config: &RuleConfiguration{ 8466 Comment: "foobar barfoo", 8467 Conditions: []string{"exact match roles foobar"}, 8468 Action: `deny stop`, 8469 }, input: map[string]interface{}{ 8470 "name": "John Smith", 8471 }, 8472 emptyFields: true, 8473 want: map[string]interface{}{ 8474 "verdict": getRuleVerdictName(ruleVerdictContinue), 8475 "empty_fields": true, 8476 "rule_type": "*acl.aclRuleDenyStop", 8477 }, 8478 }, {name: "deny any without counter and logging with deny verdict", 8479 config: &RuleConfiguration{ 8480 Comment: "foobar barfoo", 8481 Conditions: []string{ 8482 "exact match roles foobar", 8483 "exact match org nyc", 8484 }, 8485 Action: `deny any`, 8486 }, input: map[string]interface{}{ 8487 "roles": []string{"foobar"}, 8488 }, 8489 want: map[string]interface{}{ 8490 "verdict": getRuleVerdictName(ruleVerdictDeny), 8491 "rule_type": "*acl.aclRuleDenyMatchAny", 8492 }, 8493 }, {name: "deny any without counter and logging with continue verdict", 8494 config: &RuleConfiguration{ 8495 Comment: "foobar barfoo", 8496 Conditions: []string{ 8497 "exact match roles foobar", 8498 "exact match org nyc", 8499 }, 8500 Action: `deny any`, 8501 }, input: map[string]interface{}{ 8502 "name": "John Smith", 8503 "roles": []string{"barfoo"}, 8504 }, 8505 want: map[string]interface{}{ 8506 "verdict": getRuleVerdictName(ruleVerdictContinue), 8507 "rule_type": "*acl.aclRuleDenyMatchAny", 8508 }, 8509 }, {name: "deny any without counter and logging with continue verdict 1", 8510 config: &RuleConfiguration{ 8511 Comment: "foobar barfoo", 8512 Conditions: []string{ 8513 "exact match roles foobar", 8514 "exact match org nyc", 8515 }, 8516 Action: `deny any`, 8517 }, input: map[string]interface{}{ 8518 "name": "John Smith", 8519 }, 8520 want: map[string]interface{}{ 8521 "verdict": getRuleVerdictName(ruleVerdictContinue), 8522 "rule_type": "*acl.aclRuleDenyMatchAny", 8523 }, 8524 }, {name: "deny any without counter and logging with continue verdict 2", 8525 config: &RuleConfiguration{ 8526 Comment: "foobar barfoo", 8527 Conditions: []string{ 8528 "exact match roles foobar", 8529 "exact match org nyc", 8530 }, 8531 Action: `deny any`, 8532 }, input: map[string]interface{}{ 8533 "name": "John Smith", 8534 "roles": []string{"barfoo"}, 8535 }, 8536 emptyFields: true, 8537 want: map[string]interface{}{ 8538 "verdict": getRuleVerdictName(ruleVerdictContinue), 8539 "empty_fields": true, 8540 "rule_type": "*acl.aclRuleDenyMatchAny", 8541 }, 8542 }, {name: "deny any without counter and logging with continue verdict 3", 8543 config: &RuleConfiguration{ 8544 Comment: "foobar barfoo", 8545 Conditions: []string{ 8546 "exact match roles foobar", 8547 "exact match org nyc", 8548 }, 8549 Action: `deny any`, 8550 }, input: map[string]interface{}{ 8551 "name": "John Smith", 8552 }, 8553 emptyFields: true, 8554 want: map[string]interface{}{ 8555 "verdict": getRuleVerdictName(ruleVerdictContinue), 8556 "empty_fields": true, 8557 "rule_type": "*acl.aclRuleDenyMatchAny", 8558 }, 8559 }, {name: "deny all without counter and logging with deny verdict", 8560 config: &RuleConfiguration{ 8561 Comment: "foobar barfoo", 8562 Conditions: []string{ 8563 "exact match roles foobar", 8564 "exact match org nyc", 8565 }, 8566 Action: `deny`, 8567 }, input: map[string]interface{}{ 8568 "roles": []string{"foobar"}, 8569 "org": []string{"nyc"}, 8570 }, 8571 want: map[string]interface{}{ 8572 "verdict": getRuleVerdictName(ruleVerdictDeny), 8573 "rule_type": "*acl.aclRuleDenyMatchAll", 8574 }, 8575 }, {name: "deny all without counter and logging with continue verdict", 8576 config: &RuleConfiguration{ 8577 Comment: "foobar barfoo", 8578 Conditions: []string{ 8579 "exact match roles foobar", 8580 "exact match org nyc", 8581 }, 8582 Action: `deny`, 8583 }, input: map[string]interface{}{ 8584 "name": "John Smith", 8585 "roles": []string{"barfoo"}, 8586 }, 8587 want: map[string]interface{}{ 8588 "verdict": getRuleVerdictName(ruleVerdictContinue), 8589 "rule_type": "*acl.aclRuleDenyMatchAll", 8590 }, 8591 }, {name: "deny all without counter and logging with continue verdict 1", 8592 config: &RuleConfiguration{ 8593 Comment: "foobar barfoo", 8594 Conditions: []string{ 8595 "exact match roles foobar", 8596 "exact match org nyc", 8597 }, 8598 Action: `deny`, 8599 }, input: map[string]interface{}{ 8600 "name": "John Smith", 8601 }, 8602 want: map[string]interface{}{ 8603 "verdict": getRuleVerdictName(ruleVerdictContinue), 8604 "rule_type": "*acl.aclRuleDenyMatchAll", 8605 }, 8606 }, {name: "deny all without counter and logging with continue verdict 2", 8607 config: &RuleConfiguration{ 8608 Comment: "foobar barfoo", 8609 Conditions: []string{ 8610 "exact match roles foobar", 8611 "exact match org nyc", 8612 }, 8613 Action: `deny`, 8614 }, input: map[string]interface{}{ 8615 "name": "John Smith", 8616 "roles": []string{"barfoo"}, 8617 }, 8618 emptyFields: true, 8619 want: map[string]interface{}{ 8620 "verdict": getRuleVerdictName(ruleVerdictContinue), 8621 "empty_fields": true, 8622 "rule_type": "*acl.aclRuleDenyMatchAll", 8623 }, 8624 }, {name: "deny all without counter and logging with continue verdict 3", 8625 config: &RuleConfiguration{ 8626 Comment: "foobar barfoo", 8627 Conditions: []string{ 8628 "exact match roles foobar", 8629 "exact match org nyc", 8630 }, 8631 Action: `deny`, 8632 }, input: map[string]interface{}{ 8633 "name": "John Smith", 8634 }, 8635 emptyFields: true, 8636 want: map[string]interface{}{ 8637 "verdict": getRuleVerdictName(ruleVerdictContinue), 8638 "empty_fields": true, 8639 "rule_type": "*acl.aclRuleDenyMatchAll", 8640 }, 8641 }, {name: "deny without counter and logging with deny verdict", 8642 config: &RuleConfiguration{ 8643 Comment: "foobar barfoo", 8644 Conditions: []string{"exact match roles foobar"}, 8645 Action: `deny`, 8646 }, input: map[string]interface{}{ 8647 "roles": []string{"foobar"}, 8648 }, 8649 want: map[string]interface{}{ 8650 "verdict": getRuleVerdictName(ruleVerdictDeny), 8651 "rule_type": "*acl.aclRuleDeny", 8652 }, 8653 }, {name: "deny without counter and logging with continue verdict", 8654 config: &RuleConfiguration{ 8655 Comment: "foobar barfoo", 8656 Conditions: []string{"exact match roles foobar"}, 8657 Action: `deny`, 8658 }, input: map[string]interface{}{ 8659 "name": "John Smith", 8660 "roles": []string{"barfoo"}, 8661 }, 8662 want: map[string]interface{}{ 8663 "verdict": getRuleVerdictName(ruleVerdictContinue), 8664 "rule_type": "*acl.aclRuleDeny", 8665 }, 8666 }, {name: "deny without counter and logging with continue verdict 1", 8667 config: &RuleConfiguration{ 8668 Comment: "foobar barfoo", 8669 Conditions: []string{"exact match roles foobar"}, 8670 Action: `deny`, 8671 }, input: map[string]interface{}{ 8672 "name": "John Smith", 8673 }, 8674 want: map[string]interface{}{ 8675 "verdict": getRuleVerdictName(ruleVerdictContinue), 8676 "rule_type": "*acl.aclRuleDeny", 8677 }, 8678 }, {name: "deny without counter and logging with continue verdict 2", 8679 config: &RuleConfiguration{ 8680 Comment: "foobar barfoo", 8681 Conditions: []string{"exact match roles foobar"}, 8682 Action: `deny`, 8683 }, input: map[string]interface{}{ 8684 "name": "John Smith", 8685 "roles": []string{"barfoo"}, 8686 }, 8687 emptyFields: true, 8688 want: map[string]interface{}{ 8689 "verdict": getRuleVerdictName(ruleVerdictContinue), 8690 "empty_fields": true, 8691 "rule_type": "*acl.aclRuleDeny", 8692 }, 8693 }, {name: "deny without counter and logging with continue verdict 3", 8694 config: &RuleConfiguration{ 8695 Comment: "foobar barfoo", 8696 Conditions: []string{"exact match roles foobar"}, 8697 Action: `deny`, 8698 }, input: map[string]interface{}{ 8699 "name": "John Smith", 8700 }, 8701 emptyFields: true, 8702 want: map[string]interface{}{ 8703 "verdict": getRuleVerdictName(ruleVerdictContinue), 8704 "empty_fields": true, 8705 "rule_type": "*acl.aclRuleDeny", 8706 }, 8707 }, {name: "deny any and stop processing with debug logging and without counter with deny stop verdict", 8708 config: &RuleConfiguration{ 8709 Comment: "foobar barfoo", 8710 Conditions: []string{ 8711 "exact match roles foobar", 8712 "exact match org nyc", 8713 }, 8714 Action: `deny any stop log debug`, 8715 }, input: map[string]interface{}{ 8716 "roles": []string{"foobar"}, 8717 }, 8718 want: map[string]interface{}{ 8719 "verdict": getRuleVerdictName(ruleVerdictDenyStop), 8720 "rule_type": "*acl.aclRuleDenyWithDebugLoggerMatchAnyStop", 8721 }, 8722 }, {name: "deny any and stop processing with debug logging and without counter with continue verdict", 8723 config: &RuleConfiguration{ 8724 Comment: "foobar barfoo", 8725 Conditions: []string{ 8726 "exact match roles foobar", 8727 "exact match org nyc", 8728 }, 8729 Action: `deny any stop log debug`, 8730 }, input: map[string]interface{}{ 8731 "name": "John Smith", 8732 "roles": []string{"barfoo"}, 8733 }, 8734 want: map[string]interface{}{ 8735 "verdict": getRuleVerdictName(ruleVerdictContinue), 8736 "rule_type": "*acl.aclRuleDenyWithDebugLoggerMatchAnyStop", 8737 }, 8738 }, {name: "deny any and stop processing with debug logging and without counter with continue verdict 1", 8739 config: &RuleConfiguration{ 8740 Comment: "foobar barfoo", 8741 Conditions: []string{ 8742 "exact match roles foobar", 8743 "exact match org nyc", 8744 }, 8745 Action: `deny any stop log debug`, 8746 }, input: map[string]interface{}{ 8747 "name": "John Smith", 8748 }, 8749 want: map[string]interface{}{ 8750 "verdict": getRuleVerdictName(ruleVerdictContinue), 8751 "rule_type": "*acl.aclRuleDenyWithDebugLoggerMatchAnyStop", 8752 }, 8753 }, {name: "deny any and stop processing with debug logging and without counter with continue verdict 2", 8754 config: &RuleConfiguration{ 8755 Comment: "foobar barfoo", 8756 Conditions: []string{ 8757 "exact match roles foobar", 8758 "exact match org nyc", 8759 }, 8760 Action: `deny any stop log debug`, 8761 }, input: map[string]interface{}{ 8762 "name": "John Smith", 8763 "roles": []string{"barfoo"}, 8764 }, 8765 emptyFields: true, 8766 want: map[string]interface{}{ 8767 "verdict": getRuleVerdictName(ruleVerdictContinue), 8768 "empty_fields": true, 8769 "rule_type": "*acl.aclRuleDenyWithDebugLoggerMatchAnyStop", 8770 }, 8771 }, {name: "deny any and stop processing with debug logging and without counter with continue verdict 3", 8772 config: &RuleConfiguration{ 8773 Comment: "foobar barfoo", 8774 Conditions: []string{ 8775 "exact match roles foobar", 8776 "exact match org nyc", 8777 }, 8778 Action: `deny any stop log debug`, 8779 }, input: map[string]interface{}{ 8780 "name": "John Smith", 8781 }, 8782 emptyFields: true, 8783 want: map[string]interface{}{ 8784 "verdict": getRuleVerdictName(ruleVerdictContinue), 8785 "empty_fields": true, 8786 "rule_type": "*acl.aclRuleDenyWithDebugLoggerMatchAnyStop", 8787 }, 8788 }, {name: "deny any and stop processing with info logging and without counter with deny stop verdict", 8789 config: &RuleConfiguration{ 8790 Comment: "foobar barfoo", 8791 Conditions: []string{ 8792 "exact match roles foobar", 8793 "exact match org nyc", 8794 }, 8795 Action: `deny any stop log info`, 8796 }, input: map[string]interface{}{ 8797 "roles": []string{"foobar"}, 8798 }, 8799 want: map[string]interface{}{ 8800 "verdict": getRuleVerdictName(ruleVerdictDenyStop), 8801 "rule_type": "*acl.aclRuleDenyWithInfoLoggerMatchAnyStop", 8802 }, 8803 }, {name: "deny any and stop processing with info logging and without counter with continue verdict", 8804 config: &RuleConfiguration{ 8805 Comment: "foobar barfoo", 8806 Conditions: []string{ 8807 "exact match roles foobar", 8808 "exact match org nyc", 8809 }, 8810 Action: `deny any stop log info`, 8811 }, input: map[string]interface{}{ 8812 "name": "John Smith", 8813 "roles": []string{"barfoo"}, 8814 }, 8815 want: map[string]interface{}{ 8816 "verdict": getRuleVerdictName(ruleVerdictContinue), 8817 "rule_type": "*acl.aclRuleDenyWithInfoLoggerMatchAnyStop", 8818 }, 8819 }, {name: "deny any and stop processing with info logging and without counter with continue verdict 1", 8820 config: &RuleConfiguration{ 8821 Comment: "foobar barfoo", 8822 Conditions: []string{ 8823 "exact match roles foobar", 8824 "exact match org nyc", 8825 }, 8826 Action: `deny any stop log info`, 8827 }, input: map[string]interface{}{ 8828 "name": "John Smith", 8829 }, 8830 want: map[string]interface{}{ 8831 "verdict": getRuleVerdictName(ruleVerdictContinue), 8832 "rule_type": "*acl.aclRuleDenyWithInfoLoggerMatchAnyStop", 8833 }, 8834 }, {name: "deny any and stop processing with info logging and without counter with continue verdict 2", 8835 config: &RuleConfiguration{ 8836 Comment: "foobar barfoo", 8837 Conditions: []string{ 8838 "exact match roles foobar", 8839 "exact match org nyc", 8840 }, 8841 Action: `deny any stop log info`, 8842 }, input: map[string]interface{}{ 8843 "name": "John Smith", 8844 "roles": []string{"barfoo"}, 8845 }, 8846 emptyFields: true, 8847 want: map[string]interface{}{ 8848 "verdict": getRuleVerdictName(ruleVerdictContinue), 8849 "empty_fields": true, 8850 "rule_type": "*acl.aclRuleDenyWithInfoLoggerMatchAnyStop", 8851 }, 8852 }, {name: "deny any and stop processing with info logging and without counter with continue verdict 3", 8853 config: &RuleConfiguration{ 8854 Comment: "foobar barfoo", 8855 Conditions: []string{ 8856 "exact match roles foobar", 8857 "exact match org nyc", 8858 }, 8859 Action: `deny any stop log info`, 8860 }, input: map[string]interface{}{ 8861 "name": "John Smith", 8862 }, 8863 emptyFields: true, 8864 want: map[string]interface{}{ 8865 "verdict": getRuleVerdictName(ruleVerdictContinue), 8866 "empty_fields": true, 8867 "rule_type": "*acl.aclRuleDenyWithInfoLoggerMatchAnyStop", 8868 }, 8869 }, {name: "deny any and stop processing with warn logging and without counter with deny stop verdict", 8870 config: &RuleConfiguration{ 8871 Comment: "foobar barfoo", 8872 Conditions: []string{ 8873 "exact match roles foobar", 8874 "exact match org nyc", 8875 }, 8876 Action: `deny any stop log warn`, 8877 }, input: map[string]interface{}{ 8878 "roles": []string{"foobar"}, 8879 }, 8880 want: map[string]interface{}{ 8881 "verdict": getRuleVerdictName(ruleVerdictDenyStop), 8882 "rule_type": "*acl.aclRuleDenyWithWarnLoggerMatchAnyStop", 8883 }, 8884 }, {name: "deny any and stop processing with warn logging and without counter with continue verdict", 8885 config: &RuleConfiguration{ 8886 Comment: "foobar barfoo", 8887 Conditions: []string{ 8888 "exact match roles foobar", 8889 "exact match org nyc", 8890 }, 8891 Action: `deny any stop log warn`, 8892 }, input: map[string]interface{}{ 8893 "name": "John Smith", 8894 "roles": []string{"barfoo"}, 8895 }, 8896 want: map[string]interface{}{ 8897 "verdict": getRuleVerdictName(ruleVerdictContinue), 8898 "rule_type": "*acl.aclRuleDenyWithWarnLoggerMatchAnyStop", 8899 }, 8900 }, {name: "deny any and stop processing with warn logging and without counter with continue verdict 1", 8901 config: &RuleConfiguration{ 8902 Comment: "foobar barfoo", 8903 Conditions: []string{ 8904 "exact match roles foobar", 8905 "exact match org nyc", 8906 }, 8907 Action: `deny any stop log warn`, 8908 }, input: map[string]interface{}{ 8909 "name": "John Smith", 8910 }, 8911 want: map[string]interface{}{ 8912 "verdict": getRuleVerdictName(ruleVerdictContinue), 8913 "rule_type": "*acl.aclRuleDenyWithWarnLoggerMatchAnyStop", 8914 }, 8915 }, {name: "deny any and stop processing with warn logging and without counter with continue verdict 2", 8916 config: &RuleConfiguration{ 8917 Comment: "foobar barfoo", 8918 Conditions: []string{ 8919 "exact match roles foobar", 8920 "exact match org nyc", 8921 }, 8922 Action: `deny any stop log warn`, 8923 }, input: map[string]interface{}{ 8924 "name": "John Smith", 8925 "roles": []string{"barfoo"}, 8926 }, 8927 emptyFields: true, 8928 want: map[string]interface{}{ 8929 "verdict": getRuleVerdictName(ruleVerdictContinue), 8930 "empty_fields": true, 8931 "rule_type": "*acl.aclRuleDenyWithWarnLoggerMatchAnyStop", 8932 }, 8933 }, {name: "deny any and stop processing with warn logging and without counter with continue verdict 3", 8934 config: &RuleConfiguration{ 8935 Comment: "foobar barfoo", 8936 Conditions: []string{ 8937 "exact match roles foobar", 8938 "exact match org nyc", 8939 }, 8940 Action: `deny any stop log warn`, 8941 }, input: map[string]interface{}{ 8942 "name": "John Smith", 8943 }, 8944 emptyFields: true, 8945 want: map[string]interface{}{ 8946 "verdict": getRuleVerdictName(ruleVerdictContinue), 8947 "empty_fields": true, 8948 "rule_type": "*acl.aclRuleDenyWithWarnLoggerMatchAnyStop", 8949 }, 8950 }, {name: "deny any and stop processing with error logging and without counter with deny stop verdict", 8951 config: &RuleConfiguration{ 8952 Comment: "foobar barfoo", 8953 Conditions: []string{ 8954 "exact match roles foobar", 8955 "exact match org nyc", 8956 }, 8957 Action: `deny any stop log error`, 8958 }, input: map[string]interface{}{ 8959 "roles": []string{"foobar"}, 8960 }, 8961 want: map[string]interface{}{ 8962 "verdict": getRuleVerdictName(ruleVerdictDenyStop), 8963 "rule_type": "*acl.aclRuleDenyWithErrorLoggerMatchAnyStop", 8964 }, 8965 }, {name: "deny any and stop processing with error logging and without counter with continue verdict", 8966 config: &RuleConfiguration{ 8967 Comment: "foobar barfoo", 8968 Conditions: []string{ 8969 "exact match roles foobar", 8970 "exact match org nyc", 8971 }, 8972 Action: `deny any stop log error`, 8973 }, input: map[string]interface{}{ 8974 "name": "John Smith", 8975 "roles": []string{"barfoo"}, 8976 }, 8977 want: map[string]interface{}{ 8978 "verdict": getRuleVerdictName(ruleVerdictContinue), 8979 "rule_type": "*acl.aclRuleDenyWithErrorLoggerMatchAnyStop", 8980 }, 8981 }, {name: "deny any and stop processing with error logging and without counter with continue verdict 1", 8982 config: &RuleConfiguration{ 8983 Comment: "foobar barfoo", 8984 Conditions: []string{ 8985 "exact match roles foobar", 8986 "exact match org nyc", 8987 }, 8988 Action: `deny any stop log error`, 8989 }, input: map[string]interface{}{ 8990 "name": "John Smith", 8991 }, 8992 want: map[string]interface{}{ 8993 "verdict": getRuleVerdictName(ruleVerdictContinue), 8994 "rule_type": "*acl.aclRuleDenyWithErrorLoggerMatchAnyStop", 8995 }, 8996 }, {name: "deny any and stop processing with error logging and without counter with continue verdict 2", 8997 config: &RuleConfiguration{ 8998 Comment: "foobar barfoo", 8999 Conditions: []string{ 9000 "exact match roles foobar", 9001 "exact match org nyc", 9002 }, 9003 Action: `deny any stop log error`, 9004 }, input: map[string]interface{}{ 9005 "name": "John Smith", 9006 "roles": []string{"barfoo"}, 9007 }, 9008 emptyFields: true, 9009 want: map[string]interface{}{ 9010 "verdict": getRuleVerdictName(ruleVerdictContinue), 9011 "empty_fields": true, 9012 "rule_type": "*acl.aclRuleDenyWithErrorLoggerMatchAnyStop", 9013 }, 9014 }, {name: "deny any and stop processing with error logging and without counter with continue verdict 3", 9015 config: &RuleConfiguration{ 9016 Comment: "foobar barfoo", 9017 Conditions: []string{ 9018 "exact match roles foobar", 9019 "exact match org nyc", 9020 }, 9021 Action: `deny any stop log error`, 9022 }, input: map[string]interface{}{ 9023 "name": "John Smith", 9024 }, 9025 emptyFields: true, 9026 want: map[string]interface{}{ 9027 "verdict": getRuleVerdictName(ruleVerdictContinue), 9028 "empty_fields": true, 9029 "rule_type": "*acl.aclRuleDenyWithErrorLoggerMatchAnyStop", 9030 }, 9031 }, {name: "deny all and stop processing with debug logging and without counter with deny stop verdict", 9032 config: &RuleConfiguration{ 9033 Comment: "foobar barfoo", 9034 Conditions: []string{ 9035 "exact match roles foobar", 9036 "exact match org nyc", 9037 }, 9038 Action: `deny stop log debug`, 9039 }, input: map[string]interface{}{ 9040 "roles": []string{"foobar"}, 9041 "org": []string{"nyc"}, 9042 }, 9043 want: map[string]interface{}{ 9044 "verdict": getRuleVerdictName(ruleVerdictDenyStop), 9045 "rule_type": "*acl.aclRuleDenyWithDebugLoggerMatchAllStop", 9046 }, 9047 }, {name: "deny all and stop processing with debug logging and without counter with continue verdict", 9048 config: &RuleConfiguration{ 9049 Comment: "foobar barfoo", 9050 Conditions: []string{ 9051 "exact match roles foobar", 9052 "exact match org nyc", 9053 }, 9054 Action: `deny stop log debug`, 9055 }, input: map[string]interface{}{ 9056 "name": "John Smith", 9057 "roles": []string{"barfoo"}, 9058 }, 9059 want: map[string]interface{}{ 9060 "verdict": getRuleVerdictName(ruleVerdictContinue), 9061 "rule_type": "*acl.aclRuleDenyWithDebugLoggerMatchAllStop", 9062 }, 9063 }, {name: "deny all and stop processing with debug logging and without counter with continue verdict 1", 9064 config: &RuleConfiguration{ 9065 Comment: "foobar barfoo", 9066 Conditions: []string{ 9067 "exact match roles foobar", 9068 "exact match org nyc", 9069 }, 9070 Action: `deny stop log debug`, 9071 }, input: map[string]interface{}{ 9072 "name": "John Smith", 9073 }, 9074 want: map[string]interface{}{ 9075 "verdict": getRuleVerdictName(ruleVerdictContinue), 9076 "rule_type": "*acl.aclRuleDenyWithDebugLoggerMatchAllStop", 9077 }, 9078 }, {name: "deny all and stop processing with debug logging and without counter with continue verdict 2", 9079 config: &RuleConfiguration{ 9080 Comment: "foobar barfoo", 9081 Conditions: []string{ 9082 "exact match roles foobar", 9083 "exact match org nyc", 9084 }, 9085 Action: `deny stop log debug`, 9086 }, input: map[string]interface{}{ 9087 "name": "John Smith", 9088 "roles": []string{"barfoo"}, 9089 }, 9090 emptyFields: true, 9091 want: map[string]interface{}{ 9092 "verdict": getRuleVerdictName(ruleVerdictContinue), 9093 "empty_fields": true, 9094 "rule_type": "*acl.aclRuleDenyWithDebugLoggerMatchAllStop", 9095 }, 9096 }, {name: "deny all and stop processing with debug logging and without counter with continue verdict 3", 9097 config: &RuleConfiguration{ 9098 Comment: "foobar barfoo", 9099 Conditions: []string{ 9100 "exact match roles foobar", 9101 "exact match org nyc", 9102 }, 9103 Action: `deny stop log debug`, 9104 }, input: map[string]interface{}{ 9105 "name": "John Smith", 9106 }, 9107 emptyFields: true, 9108 want: map[string]interface{}{ 9109 "verdict": getRuleVerdictName(ruleVerdictContinue), 9110 "empty_fields": true, 9111 "rule_type": "*acl.aclRuleDenyWithDebugLoggerMatchAllStop", 9112 }, 9113 }, {name: "deny all and stop processing with info logging and without counter with deny stop verdict", 9114 config: &RuleConfiguration{ 9115 Comment: "foobar barfoo", 9116 Conditions: []string{ 9117 "exact match roles foobar", 9118 "exact match org nyc", 9119 }, 9120 Action: `deny stop log info`, 9121 }, input: map[string]interface{}{ 9122 "roles": []string{"foobar"}, 9123 "org": []string{"nyc"}, 9124 }, 9125 want: map[string]interface{}{ 9126 "verdict": getRuleVerdictName(ruleVerdictDenyStop), 9127 "rule_type": "*acl.aclRuleDenyWithInfoLoggerMatchAllStop", 9128 }, 9129 }, {name: "deny all and stop processing with info logging and without counter with continue verdict", 9130 config: &RuleConfiguration{ 9131 Comment: "foobar barfoo", 9132 Conditions: []string{ 9133 "exact match roles foobar", 9134 "exact match org nyc", 9135 }, 9136 Action: `deny stop log info`, 9137 }, input: map[string]interface{}{ 9138 "name": "John Smith", 9139 "roles": []string{"barfoo"}, 9140 }, 9141 want: map[string]interface{}{ 9142 "verdict": getRuleVerdictName(ruleVerdictContinue), 9143 "rule_type": "*acl.aclRuleDenyWithInfoLoggerMatchAllStop", 9144 }, 9145 }, {name: "deny all and stop processing with info logging and without counter with continue verdict 1", 9146 config: &RuleConfiguration{ 9147 Comment: "foobar barfoo", 9148 Conditions: []string{ 9149 "exact match roles foobar", 9150 "exact match org nyc", 9151 }, 9152 Action: `deny stop log info`, 9153 }, input: map[string]interface{}{ 9154 "name": "John Smith", 9155 }, 9156 want: map[string]interface{}{ 9157 "verdict": getRuleVerdictName(ruleVerdictContinue), 9158 "rule_type": "*acl.aclRuleDenyWithInfoLoggerMatchAllStop", 9159 }, 9160 }, {name: "deny all and stop processing with info logging and without counter with continue verdict 2", 9161 config: &RuleConfiguration{ 9162 Comment: "foobar barfoo", 9163 Conditions: []string{ 9164 "exact match roles foobar", 9165 "exact match org nyc", 9166 }, 9167 Action: `deny stop log info`, 9168 }, input: map[string]interface{}{ 9169 "name": "John Smith", 9170 "roles": []string{"barfoo"}, 9171 }, 9172 emptyFields: true, 9173 want: map[string]interface{}{ 9174 "verdict": getRuleVerdictName(ruleVerdictContinue), 9175 "empty_fields": true, 9176 "rule_type": "*acl.aclRuleDenyWithInfoLoggerMatchAllStop", 9177 }, 9178 }, {name: "deny all and stop processing with info logging and without counter with continue verdict 3", 9179 config: &RuleConfiguration{ 9180 Comment: "foobar barfoo", 9181 Conditions: []string{ 9182 "exact match roles foobar", 9183 "exact match org nyc", 9184 }, 9185 Action: `deny stop log info`, 9186 }, input: map[string]interface{}{ 9187 "name": "John Smith", 9188 }, 9189 emptyFields: true, 9190 want: map[string]interface{}{ 9191 "verdict": getRuleVerdictName(ruleVerdictContinue), 9192 "empty_fields": true, 9193 "rule_type": "*acl.aclRuleDenyWithInfoLoggerMatchAllStop", 9194 }, 9195 }, {name: "deny all and stop processing with warn logging and without counter with deny stop verdict", 9196 config: &RuleConfiguration{ 9197 Comment: "foobar barfoo", 9198 Conditions: []string{ 9199 "exact match roles foobar", 9200 "exact match org nyc", 9201 }, 9202 Action: `deny stop log warn`, 9203 }, input: map[string]interface{}{ 9204 "roles": []string{"foobar"}, 9205 "org": []string{"nyc"}, 9206 }, 9207 want: map[string]interface{}{ 9208 "verdict": getRuleVerdictName(ruleVerdictDenyStop), 9209 "rule_type": "*acl.aclRuleDenyWithWarnLoggerMatchAllStop", 9210 }, 9211 }, {name: "deny all and stop processing with warn logging and without counter with continue verdict", 9212 config: &RuleConfiguration{ 9213 Comment: "foobar barfoo", 9214 Conditions: []string{ 9215 "exact match roles foobar", 9216 "exact match org nyc", 9217 }, 9218 Action: `deny stop log warn`, 9219 }, input: map[string]interface{}{ 9220 "name": "John Smith", 9221 "roles": []string{"barfoo"}, 9222 }, 9223 want: map[string]interface{}{ 9224 "verdict": getRuleVerdictName(ruleVerdictContinue), 9225 "rule_type": "*acl.aclRuleDenyWithWarnLoggerMatchAllStop", 9226 }, 9227 }, {name: "deny all and stop processing with warn logging and without counter with continue verdict 1", 9228 config: &RuleConfiguration{ 9229 Comment: "foobar barfoo", 9230 Conditions: []string{ 9231 "exact match roles foobar", 9232 "exact match org nyc", 9233 }, 9234 Action: `deny stop log warn`, 9235 }, input: map[string]interface{}{ 9236 "name": "John Smith", 9237 }, 9238 want: map[string]interface{}{ 9239 "verdict": getRuleVerdictName(ruleVerdictContinue), 9240 "rule_type": "*acl.aclRuleDenyWithWarnLoggerMatchAllStop", 9241 }, 9242 }, {name: "deny all and stop processing with warn logging and without counter with continue verdict 2", 9243 config: &RuleConfiguration{ 9244 Comment: "foobar barfoo", 9245 Conditions: []string{ 9246 "exact match roles foobar", 9247 "exact match org nyc", 9248 }, 9249 Action: `deny stop log warn`, 9250 }, input: map[string]interface{}{ 9251 "name": "John Smith", 9252 "roles": []string{"barfoo"}, 9253 }, 9254 emptyFields: true, 9255 want: map[string]interface{}{ 9256 "verdict": getRuleVerdictName(ruleVerdictContinue), 9257 "empty_fields": true, 9258 "rule_type": "*acl.aclRuleDenyWithWarnLoggerMatchAllStop", 9259 }, 9260 }, {name: "deny all and stop processing with warn logging and without counter with continue verdict 3", 9261 config: &RuleConfiguration{ 9262 Comment: "foobar barfoo", 9263 Conditions: []string{ 9264 "exact match roles foobar", 9265 "exact match org nyc", 9266 }, 9267 Action: `deny stop log warn`, 9268 }, input: map[string]interface{}{ 9269 "name": "John Smith", 9270 }, 9271 emptyFields: true, 9272 want: map[string]interface{}{ 9273 "verdict": getRuleVerdictName(ruleVerdictContinue), 9274 "empty_fields": true, 9275 "rule_type": "*acl.aclRuleDenyWithWarnLoggerMatchAllStop", 9276 }, 9277 }, {name: "deny all and stop processing with error logging and without counter with deny stop verdict", 9278 config: &RuleConfiguration{ 9279 Comment: "foobar barfoo", 9280 Conditions: []string{ 9281 "exact match roles foobar", 9282 "exact match org nyc", 9283 }, 9284 Action: `deny stop log error`, 9285 }, input: map[string]interface{}{ 9286 "roles": []string{"foobar"}, 9287 "org": []string{"nyc"}, 9288 }, 9289 want: map[string]interface{}{ 9290 "verdict": getRuleVerdictName(ruleVerdictDenyStop), 9291 "rule_type": "*acl.aclRuleDenyWithErrorLoggerMatchAllStop", 9292 }, 9293 }, {name: "deny all and stop processing with error logging and without counter with continue verdict", 9294 config: &RuleConfiguration{ 9295 Comment: "foobar barfoo", 9296 Conditions: []string{ 9297 "exact match roles foobar", 9298 "exact match org nyc", 9299 }, 9300 Action: `deny stop log error`, 9301 }, input: map[string]interface{}{ 9302 "name": "John Smith", 9303 "roles": []string{"barfoo"}, 9304 }, 9305 want: map[string]interface{}{ 9306 "verdict": getRuleVerdictName(ruleVerdictContinue), 9307 "rule_type": "*acl.aclRuleDenyWithErrorLoggerMatchAllStop", 9308 }, 9309 }, {name: "deny all and stop processing with error logging and without counter with continue verdict 1", 9310 config: &RuleConfiguration{ 9311 Comment: "foobar barfoo", 9312 Conditions: []string{ 9313 "exact match roles foobar", 9314 "exact match org nyc", 9315 }, 9316 Action: `deny stop log error`, 9317 }, input: map[string]interface{}{ 9318 "name": "John Smith", 9319 }, 9320 want: map[string]interface{}{ 9321 "verdict": getRuleVerdictName(ruleVerdictContinue), 9322 "rule_type": "*acl.aclRuleDenyWithErrorLoggerMatchAllStop", 9323 }, 9324 }, {name: "deny all and stop processing with error logging and without counter with continue verdict 2", 9325 config: &RuleConfiguration{ 9326 Comment: "foobar barfoo", 9327 Conditions: []string{ 9328 "exact match roles foobar", 9329 "exact match org nyc", 9330 }, 9331 Action: `deny stop log error`, 9332 }, input: map[string]interface{}{ 9333 "name": "John Smith", 9334 "roles": []string{"barfoo"}, 9335 }, 9336 emptyFields: true, 9337 want: map[string]interface{}{ 9338 "verdict": getRuleVerdictName(ruleVerdictContinue), 9339 "empty_fields": true, 9340 "rule_type": "*acl.aclRuleDenyWithErrorLoggerMatchAllStop", 9341 }, 9342 }, {name: "deny all and stop processing with error logging and without counter with continue verdict 3", 9343 config: &RuleConfiguration{ 9344 Comment: "foobar barfoo", 9345 Conditions: []string{ 9346 "exact match roles foobar", 9347 "exact match org nyc", 9348 }, 9349 Action: `deny stop log error`, 9350 }, input: map[string]interface{}{ 9351 "name": "John Smith", 9352 }, 9353 emptyFields: true, 9354 want: map[string]interface{}{ 9355 "verdict": getRuleVerdictName(ruleVerdictContinue), 9356 "empty_fields": true, 9357 "rule_type": "*acl.aclRuleDenyWithErrorLoggerMatchAllStop", 9358 }, 9359 }, {name: "deny and stop processing with debug logging and without counter with deny stop verdict", 9360 config: &RuleConfiguration{ 9361 Comment: "foobar barfoo", 9362 Conditions: []string{"exact match roles foobar"}, 9363 Action: `deny stop log debug`, 9364 }, input: map[string]interface{}{ 9365 "roles": []string{"foobar"}, 9366 }, 9367 want: map[string]interface{}{ 9368 "verdict": getRuleVerdictName(ruleVerdictDenyStop), 9369 "rule_type": "*acl.aclRuleDenyWithDebugLoggerStop", 9370 }, 9371 }, {name: "deny and stop processing with debug logging and without counter with continue verdict", 9372 config: &RuleConfiguration{ 9373 Comment: "foobar barfoo", 9374 Conditions: []string{"exact match roles foobar"}, 9375 Action: `deny stop log debug`, 9376 }, input: map[string]interface{}{ 9377 "name": "John Smith", 9378 "roles": []string{"barfoo"}, 9379 }, 9380 want: map[string]interface{}{ 9381 "verdict": getRuleVerdictName(ruleVerdictContinue), 9382 "rule_type": "*acl.aclRuleDenyWithDebugLoggerStop", 9383 }, 9384 }, {name: "deny and stop processing with debug logging and without counter with continue verdict 1", 9385 config: &RuleConfiguration{ 9386 Comment: "foobar barfoo", 9387 Conditions: []string{"exact match roles foobar"}, 9388 Action: `deny stop log debug`, 9389 }, input: map[string]interface{}{ 9390 "name": "John Smith", 9391 }, 9392 want: map[string]interface{}{ 9393 "verdict": getRuleVerdictName(ruleVerdictContinue), 9394 "rule_type": "*acl.aclRuleDenyWithDebugLoggerStop", 9395 }, 9396 }, {name: "deny and stop processing with debug logging and without counter with continue verdict 2", 9397 config: &RuleConfiguration{ 9398 Comment: "foobar barfoo", 9399 Conditions: []string{"exact match roles foobar"}, 9400 Action: `deny stop log debug`, 9401 }, input: map[string]interface{}{ 9402 "name": "John Smith", 9403 "roles": []string{"barfoo"}, 9404 }, 9405 emptyFields: true, 9406 want: map[string]interface{}{ 9407 "verdict": getRuleVerdictName(ruleVerdictContinue), 9408 "empty_fields": true, 9409 "rule_type": "*acl.aclRuleDenyWithDebugLoggerStop", 9410 }, 9411 }, {name: "deny and stop processing with debug logging and without counter with continue verdict 3", 9412 config: &RuleConfiguration{ 9413 Comment: "foobar barfoo", 9414 Conditions: []string{"exact match roles foobar"}, 9415 Action: `deny stop log debug`, 9416 }, input: map[string]interface{}{ 9417 "name": "John Smith", 9418 }, 9419 emptyFields: true, 9420 want: map[string]interface{}{ 9421 "verdict": getRuleVerdictName(ruleVerdictContinue), 9422 "empty_fields": true, 9423 "rule_type": "*acl.aclRuleDenyWithDebugLoggerStop", 9424 }, 9425 }, {name: "deny and stop processing with info logging and without counter with deny stop verdict", 9426 config: &RuleConfiguration{ 9427 Comment: "foobar barfoo", 9428 Conditions: []string{"exact match roles foobar"}, 9429 Action: `deny stop log tag foobar`, 9430 }, input: map[string]interface{}{ 9431 "roles": []string{"foobar"}, 9432 }, 9433 want: map[string]interface{}{ 9434 "verdict": getRuleVerdictName(ruleVerdictDenyStop), 9435 "rule_type": "*acl.aclRuleDenyWithInfoLoggerStop", 9436 }, 9437 }, {name: "deny and stop processing with info logging and without counter with continue verdict", 9438 config: &RuleConfiguration{ 9439 Comment: "foobar barfoo", 9440 Conditions: []string{"exact match roles foobar"}, 9441 Action: `deny stop log tag foobar`, 9442 }, input: map[string]interface{}{ 9443 "name": "John Smith", 9444 "roles": []string{"barfoo"}, 9445 }, 9446 want: map[string]interface{}{ 9447 "verdict": getRuleVerdictName(ruleVerdictContinue), 9448 "rule_type": "*acl.aclRuleDenyWithInfoLoggerStop", 9449 }, 9450 }, {name: "deny and stop processing with info logging and without counter with continue verdict 1", 9451 config: &RuleConfiguration{ 9452 Comment: "foobar barfoo", 9453 Conditions: []string{"exact match roles foobar"}, 9454 Action: `deny stop log tag foobar`, 9455 }, input: map[string]interface{}{ 9456 "name": "John Smith", 9457 }, 9458 want: map[string]interface{}{ 9459 "verdict": getRuleVerdictName(ruleVerdictContinue), 9460 "rule_type": "*acl.aclRuleDenyWithInfoLoggerStop", 9461 }, 9462 }, {name: "deny and stop processing with info logging and without counter with continue verdict 2", 9463 config: &RuleConfiguration{ 9464 Comment: "foobar barfoo", 9465 Conditions: []string{"exact match roles foobar"}, 9466 Action: `deny stop log tag foobar`, 9467 }, input: map[string]interface{}{ 9468 "name": "John Smith", 9469 "roles": []string{"barfoo"}, 9470 }, 9471 emptyFields: true, 9472 want: map[string]interface{}{ 9473 "verdict": getRuleVerdictName(ruleVerdictContinue), 9474 "empty_fields": true, 9475 "rule_type": "*acl.aclRuleDenyWithInfoLoggerStop", 9476 }, 9477 }, {name: "deny and stop processing with info logging and without counter with continue verdict 3", 9478 config: &RuleConfiguration{ 9479 Comment: "foobar barfoo", 9480 Conditions: []string{"exact match roles foobar"}, 9481 Action: `deny stop log tag foobar`, 9482 }, input: map[string]interface{}{ 9483 "name": "John Smith", 9484 }, 9485 emptyFields: true, 9486 want: map[string]interface{}{ 9487 "verdict": getRuleVerdictName(ruleVerdictContinue), 9488 "empty_fields": true, 9489 "rule_type": "*acl.aclRuleDenyWithInfoLoggerStop", 9490 }, 9491 }, {name: "deny and stop processing with warn logging and without counter with deny stop verdict", 9492 config: &RuleConfiguration{ 9493 Comment: "foobar barfoo", 9494 Conditions: []string{"exact match roles foobar"}, 9495 Action: `deny stop log warn`, 9496 }, input: map[string]interface{}{ 9497 "roles": []string{"foobar"}, 9498 }, 9499 want: map[string]interface{}{ 9500 "verdict": getRuleVerdictName(ruleVerdictDenyStop), 9501 "rule_type": "*acl.aclRuleDenyWithWarnLoggerStop", 9502 }, 9503 }, {name: "deny and stop processing with warn logging and without counter with continue verdict", 9504 config: &RuleConfiguration{ 9505 Comment: "foobar barfoo", 9506 Conditions: []string{"exact match roles foobar"}, 9507 Action: `deny stop log warn`, 9508 }, input: map[string]interface{}{ 9509 "name": "John Smith", 9510 "roles": []string{"barfoo"}, 9511 }, 9512 want: map[string]interface{}{ 9513 "verdict": getRuleVerdictName(ruleVerdictContinue), 9514 "rule_type": "*acl.aclRuleDenyWithWarnLoggerStop", 9515 }, 9516 }, {name: "deny and stop processing with warn logging and without counter with continue verdict 1", 9517 config: &RuleConfiguration{ 9518 Comment: "foobar barfoo", 9519 Conditions: []string{"exact match roles foobar"}, 9520 Action: `deny stop log warn`, 9521 }, input: map[string]interface{}{ 9522 "name": "John Smith", 9523 }, 9524 want: map[string]interface{}{ 9525 "verdict": getRuleVerdictName(ruleVerdictContinue), 9526 "rule_type": "*acl.aclRuleDenyWithWarnLoggerStop", 9527 }, 9528 }, {name: "deny and stop processing with warn logging and without counter with continue verdict 2", 9529 config: &RuleConfiguration{ 9530 Comment: "foobar barfoo", 9531 Conditions: []string{"exact match roles foobar"}, 9532 Action: `deny stop log warn`, 9533 }, input: map[string]interface{}{ 9534 "name": "John Smith", 9535 "roles": []string{"barfoo"}, 9536 }, 9537 emptyFields: true, 9538 want: map[string]interface{}{ 9539 "verdict": getRuleVerdictName(ruleVerdictContinue), 9540 "empty_fields": true, 9541 "rule_type": "*acl.aclRuleDenyWithWarnLoggerStop", 9542 }, 9543 }, {name: "deny and stop processing with warn logging and without counter with continue verdict 3", 9544 config: &RuleConfiguration{ 9545 Comment: "foobar barfoo", 9546 Conditions: []string{"exact match roles foobar"}, 9547 Action: `deny stop log warn`, 9548 }, input: map[string]interface{}{ 9549 "name": "John Smith", 9550 }, 9551 emptyFields: true, 9552 want: map[string]interface{}{ 9553 "verdict": getRuleVerdictName(ruleVerdictContinue), 9554 "empty_fields": true, 9555 "rule_type": "*acl.aclRuleDenyWithWarnLoggerStop", 9556 }, 9557 }, {name: "deny and stop processing with error logging and without counter with deny stop verdict", 9558 config: &RuleConfiguration{ 9559 Comment: "foobar barfoo", 9560 Conditions: []string{"exact match roles foobar"}, 9561 Action: `deny stop log error`, 9562 }, input: map[string]interface{}{ 9563 "roles": []string{"foobar"}, 9564 }, 9565 want: map[string]interface{}{ 9566 "verdict": getRuleVerdictName(ruleVerdictDenyStop), 9567 "rule_type": "*acl.aclRuleDenyWithErrorLoggerStop", 9568 }, 9569 }, {name: "deny and stop processing with error logging and without counter with continue verdict", 9570 config: &RuleConfiguration{ 9571 Comment: "foobar barfoo", 9572 Conditions: []string{"exact match roles foobar"}, 9573 Action: `deny stop log error`, 9574 }, input: map[string]interface{}{ 9575 "name": "John Smith", 9576 "roles": []string{"barfoo"}, 9577 }, 9578 want: map[string]interface{}{ 9579 "verdict": getRuleVerdictName(ruleVerdictContinue), 9580 "rule_type": "*acl.aclRuleDenyWithErrorLoggerStop", 9581 }, 9582 }, {name: "deny and stop processing with error logging and without counter with continue verdict 1", 9583 config: &RuleConfiguration{ 9584 Comment: "foobar barfoo", 9585 Conditions: []string{"exact match roles foobar"}, 9586 Action: `deny stop log error`, 9587 }, input: map[string]interface{}{ 9588 "name": "John Smith", 9589 }, 9590 want: map[string]interface{}{ 9591 "verdict": getRuleVerdictName(ruleVerdictContinue), 9592 "rule_type": "*acl.aclRuleDenyWithErrorLoggerStop", 9593 }, 9594 }, {name: "deny and stop processing with error logging and without counter with continue verdict 2", 9595 config: &RuleConfiguration{ 9596 Comment: "foobar barfoo", 9597 Conditions: []string{"exact match roles foobar"}, 9598 Action: `deny stop log error`, 9599 }, input: map[string]interface{}{ 9600 "name": "John Smith", 9601 "roles": []string{"barfoo"}, 9602 }, 9603 emptyFields: true, 9604 want: map[string]interface{}{ 9605 "verdict": getRuleVerdictName(ruleVerdictContinue), 9606 "empty_fields": true, 9607 "rule_type": "*acl.aclRuleDenyWithErrorLoggerStop", 9608 }, 9609 }, {name: "deny and stop processing with error logging and without counter with continue verdict 3", 9610 config: &RuleConfiguration{ 9611 Comment: "foobar barfoo", 9612 Conditions: []string{"exact match roles foobar"}, 9613 Action: `deny stop log error`, 9614 }, input: map[string]interface{}{ 9615 "name": "John Smith", 9616 }, 9617 emptyFields: true, 9618 want: map[string]interface{}{ 9619 "verdict": getRuleVerdictName(ruleVerdictContinue), 9620 "empty_fields": true, 9621 "rule_type": "*acl.aclRuleDenyWithErrorLoggerStop", 9622 }, 9623 }, {name: "deny any with debug logging and without counter with deny verdict", 9624 config: &RuleConfiguration{ 9625 Comment: "foobar barfoo", 9626 Conditions: []string{ 9627 "exact match roles foobar", 9628 "exact match org nyc", 9629 }, 9630 Action: `deny any log debug`, 9631 }, input: map[string]interface{}{ 9632 "roles": []string{"foobar"}, 9633 }, 9634 want: map[string]interface{}{ 9635 "verdict": getRuleVerdictName(ruleVerdictDeny), 9636 "rule_type": "*acl.aclRuleDenyWithDebugLoggerMatchAny", 9637 }, 9638 }, {name: "deny any with debug logging and without counter with continue verdict", 9639 config: &RuleConfiguration{ 9640 Comment: "foobar barfoo", 9641 Conditions: []string{ 9642 "exact match roles foobar", 9643 "exact match org nyc", 9644 }, 9645 Action: `deny any log debug`, 9646 }, input: map[string]interface{}{ 9647 "name": "John Smith", 9648 "roles": []string{"barfoo"}, 9649 }, 9650 want: map[string]interface{}{ 9651 "verdict": getRuleVerdictName(ruleVerdictContinue), 9652 "rule_type": "*acl.aclRuleDenyWithDebugLoggerMatchAny", 9653 }, 9654 }, {name: "deny any with debug logging and without counter with continue verdict 1", 9655 config: &RuleConfiguration{ 9656 Comment: "foobar barfoo", 9657 Conditions: []string{ 9658 "exact match roles foobar", 9659 "exact match org nyc", 9660 }, 9661 Action: `deny any log debug`, 9662 }, input: map[string]interface{}{ 9663 "name": "John Smith", 9664 }, 9665 want: map[string]interface{}{ 9666 "verdict": getRuleVerdictName(ruleVerdictContinue), 9667 "rule_type": "*acl.aclRuleDenyWithDebugLoggerMatchAny", 9668 }, 9669 }, {name: "deny any with debug logging and without counter with continue verdict 2", 9670 config: &RuleConfiguration{ 9671 Comment: "foobar barfoo", 9672 Conditions: []string{ 9673 "exact match roles foobar", 9674 "exact match org nyc", 9675 }, 9676 Action: `deny any log debug`, 9677 }, input: map[string]interface{}{ 9678 "name": "John Smith", 9679 "roles": []string{"barfoo"}, 9680 }, 9681 emptyFields: true, 9682 want: map[string]interface{}{ 9683 "verdict": getRuleVerdictName(ruleVerdictContinue), 9684 "empty_fields": true, 9685 "rule_type": "*acl.aclRuleDenyWithDebugLoggerMatchAny", 9686 }, 9687 }, {name: "deny any with debug logging and without counter with continue verdict 3", 9688 config: &RuleConfiguration{ 9689 Comment: "foobar barfoo", 9690 Conditions: []string{ 9691 "exact match roles foobar", 9692 "exact match org nyc", 9693 }, 9694 Action: `deny any log debug`, 9695 }, input: map[string]interface{}{ 9696 "name": "John Smith", 9697 }, 9698 emptyFields: true, 9699 want: map[string]interface{}{ 9700 "verdict": getRuleVerdictName(ruleVerdictContinue), 9701 "empty_fields": true, 9702 "rule_type": "*acl.aclRuleDenyWithDebugLoggerMatchAny", 9703 }, 9704 }, {name: "deny any with info logging and without counter with deny verdict", 9705 config: &RuleConfiguration{ 9706 Comment: "foobar barfoo", 9707 Conditions: []string{ 9708 "exact match roles foobar", 9709 "exact match org nyc", 9710 }, 9711 Action: `deny any log info`, 9712 }, input: map[string]interface{}{ 9713 "roles": []string{"foobar"}, 9714 }, 9715 want: map[string]interface{}{ 9716 "verdict": getRuleVerdictName(ruleVerdictDeny), 9717 "rule_type": "*acl.aclRuleDenyWithInfoLoggerMatchAny", 9718 }, 9719 }, {name: "deny any with info logging and without counter with continue verdict", 9720 config: &RuleConfiguration{ 9721 Comment: "foobar barfoo", 9722 Conditions: []string{ 9723 "exact match roles foobar", 9724 "exact match org nyc", 9725 }, 9726 Action: `deny any log info`, 9727 }, input: map[string]interface{}{ 9728 "name": "John Smith", 9729 "roles": []string{"barfoo"}, 9730 }, 9731 want: map[string]interface{}{ 9732 "verdict": getRuleVerdictName(ruleVerdictContinue), 9733 "rule_type": "*acl.aclRuleDenyWithInfoLoggerMatchAny", 9734 }, 9735 }, {name: "deny any with info logging and without counter with continue verdict 1", 9736 config: &RuleConfiguration{ 9737 Comment: "foobar barfoo", 9738 Conditions: []string{ 9739 "exact match roles foobar", 9740 "exact match org nyc", 9741 }, 9742 Action: `deny any log info`, 9743 }, input: map[string]interface{}{ 9744 "name": "John Smith", 9745 }, 9746 want: map[string]interface{}{ 9747 "verdict": getRuleVerdictName(ruleVerdictContinue), 9748 "rule_type": "*acl.aclRuleDenyWithInfoLoggerMatchAny", 9749 }, 9750 }, {name: "deny any with info logging and without counter with continue verdict 2", 9751 config: &RuleConfiguration{ 9752 Comment: "foobar barfoo", 9753 Conditions: []string{ 9754 "exact match roles foobar", 9755 "exact match org nyc", 9756 }, 9757 Action: `deny any log info`, 9758 }, input: map[string]interface{}{ 9759 "name": "John Smith", 9760 "roles": []string{"barfoo"}, 9761 }, 9762 emptyFields: true, 9763 want: map[string]interface{}{ 9764 "verdict": getRuleVerdictName(ruleVerdictContinue), 9765 "empty_fields": true, 9766 "rule_type": "*acl.aclRuleDenyWithInfoLoggerMatchAny", 9767 }, 9768 }, {name: "deny any with info logging and without counter with continue verdict 3", 9769 config: &RuleConfiguration{ 9770 Comment: "foobar barfoo", 9771 Conditions: []string{ 9772 "exact match roles foobar", 9773 "exact match org nyc", 9774 }, 9775 Action: `deny any log info`, 9776 }, input: map[string]interface{}{ 9777 "name": "John Smith", 9778 }, 9779 emptyFields: true, 9780 want: map[string]interface{}{ 9781 "verdict": getRuleVerdictName(ruleVerdictContinue), 9782 "empty_fields": true, 9783 "rule_type": "*acl.aclRuleDenyWithInfoLoggerMatchAny", 9784 }, 9785 }, {name: "deny any with warn logging and without counter with deny verdict", 9786 config: &RuleConfiguration{ 9787 Comment: "foobar barfoo", 9788 Conditions: []string{ 9789 "exact match roles foobar", 9790 "exact match org nyc", 9791 }, 9792 Action: `deny any log warn`, 9793 }, input: map[string]interface{}{ 9794 "roles": []string{"foobar"}, 9795 }, 9796 want: map[string]interface{}{ 9797 "verdict": getRuleVerdictName(ruleVerdictDeny), 9798 "rule_type": "*acl.aclRuleDenyWithWarnLoggerMatchAny", 9799 }, 9800 }, {name: "deny any with warn logging and without counter with continue verdict", 9801 config: &RuleConfiguration{ 9802 Comment: "foobar barfoo", 9803 Conditions: []string{ 9804 "exact match roles foobar", 9805 "exact match org nyc", 9806 }, 9807 Action: `deny any log warn`, 9808 }, input: map[string]interface{}{ 9809 "name": "John Smith", 9810 "roles": []string{"barfoo"}, 9811 }, 9812 want: map[string]interface{}{ 9813 "verdict": getRuleVerdictName(ruleVerdictContinue), 9814 "rule_type": "*acl.aclRuleDenyWithWarnLoggerMatchAny", 9815 }, 9816 }, {name: "deny any with warn logging and without counter with continue verdict 1", 9817 config: &RuleConfiguration{ 9818 Comment: "foobar barfoo", 9819 Conditions: []string{ 9820 "exact match roles foobar", 9821 "exact match org nyc", 9822 }, 9823 Action: `deny any log warn`, 9824 }, input: map[string]interface{}{ 9825 "name": "John Smith", 9826 }, 9827 want: map[string]interface{}{ 9828 "verdict": getRuleVerdictName(ruleVerdictContinue), 9829 "rule_type": "*acl.aclRuleDenyWithWarnLoggerMatchAny", 9830 }, 9831 }, {name: "deny any with warn logging and without counter with continue verdict 2", 9832 config: &RuleConfiguration{ 9833 Comment: "foobar barfoo", 9834 Conditions: []string{ 9835 "exact match roles foobar", 9836 "exact match org nyc", 9837 }, 9838 Action: `deny any log warn`, 9839 }, input: map[string]interface{}{ 9840 "name": "John Smith", 9841 "roles": []string{"barfoo"}, 9842 }, 9843 emptyFields: true, 9844 want: map[string]interface{}{ 9845 "verdict": getRuleVerdictName(ruleVerdictContinue), 9846 "empty_fields": true, 9847 "rule_type": "*acl.aclRuleDenyWithWarnLoggerMatchAny", 9848 }, 9849 }, {name: "deny any with warn logging and without counter with continue verdict 3", 9850 config: &RuleConfiguration{ 9851 Comment: "foobar barfoo", 9852 Conditions: []string{ 9853 "exact match roles foobar", 9854 "exact match org nyc", 9855 }, 9856 Action: `deny any log warn`, 9857 }, input: map[string]interface{}{ 9858 "name": "John Smith", 9859 }, 9860 emptyFields: true, 9861 want: map[string]interface{}{ 9862 "verdict": getRuleVerdictName(ruleVerdictContinue), 9863 "empty_fields": true, 9864 "rule_type": "*acl.aclRuleDenyWithWarnLoggerMatchAny", 9865 }, 9866 }, {name: "deny any with error logging and without counter with deny verdict", 9867 config: &RuleConfiguration{ 9868 Comment: "foobar barfoo", 9869 Conditions: []string{ 9870 "exact match roles foobar", 9871 "exact match org nyc", 9872 }, 9873 Action: `deny any log error`, 9874 }, input: map[string]interface{}{ 9875 "roles": []string{"foobar"}, 9876 }, 9877 want: map[string]interface{}{ 9878 "verdict": getRuleVerdictName(ruleVerdictDeny), 9879 "rule_type": "*acl.aclRuleDenyWithErrorLoggerMatchAny", 9880 }, 9881 }, {name: "deny any with error logging and without counter with continue verdict", 9882 config: &RuleConfiguration{ 9883 Comment: "foobar barfoo", 9884 Conditions: []string{ 9885 "exact match roles foobar", 9886 "exact match org nyc", 9887 }, 9888 Action: `deny any log error`, 9889 }, input: map[string]interface{}{ 9890 "name": "John Smith", 9891 "roles": []string{"barfoo"}, 9892 }, 9893 want: map[string]interface{}{ 9894 "verdict": getRuleVerdictName(ruleVerdictContinue), 9895 "rule_type": "*acl.aclRuleDenyWithErrorLoggerMatchAny", 9896 }, 9897 }, {name: "deny any with error logging and without counter with continue verdict 1", 9898 config: &RuleConfiguration{ 9899 Comment: "foobar barfoo", 9900 Conditions: []string{ 9901 "exact match roles foobar", 9902 "exact match org nyc", 9903 }, 9904 Action: `deny any log error`, 9905 }, input: map[string]interface{}{ 9906 "name": "John Smith", 9907 }, 9908 want: map[string]interface{}{ 9909 "verdict": getRuleVerdictName(ruleVerdictContinue), 9910 "rule_type": "*acl.aclRuleDenyWithErrorLoggerMatchAny", 9911 }, 9912 }, {name: "deny any with error logging and without counter with continue verdict 2", 9913 config: &RuleConfiguration{ 9914 Comment: "foobar barfoo", 9915 Conditions: []string{ 9916 "exact match roles foobar", 9917 "exact match org nyc", 9918 }, 9919 Action: `deny any log error`, 9920 }, input: map[string]interface{}{ 9921 "name": "John Smith", 9922 "roles": []string{"barfoo"}, 9923 }, 9924 emptyFields: true, 9925 want: map[string]interface{}{ 9926 "verdict": getRuleVerdictName(ruleVerdictContinue), 9927 "empty_fields": true, 9928 "rule_type": "*acl.aclRuleDenyWithErrorLoggerMatchAny", 9929 }, 9930 }, {name: "deny any with error logging and without counter with continue verdict 3", 9931 config: &RuleConfiguration{ 9932 Comment: "foobar barfoo", 9933 Conditions: []string{ 9934 "exact match roles foobar", 9935 "exact match org nyc", 9936 }, 9937 Action: `deny any log error`, 9938 }, input: map[string]interface{}{ 9939 "name": "John Smith", 9940 }, 9941 emptyFields: true, 9942 want: map[string]interface{}{ 9943 "verdict": getRuleVerdictName(ruleVerdictContinue), 9944 "empty_fields": true, 9945 "rule_type": "*acl.aclRuleDenyWithErrorLoggerMatchAny", 9946 }, 9947 }, {name: "deny all with debug logging and without counter with deny verdict", 9948 config: &RuleConfiguration{ 9949 Comment: "foobar barfoo", 9950 Conditions: []string{ 9951 "exact match roles foobar", 9952 "exact match org nyc", 9953 }, 9954 Action: `deny log debug`, 9955 }, input: map[string]interface{}{ 9956 "roles": []string{"foobar"}, 9957 "org": []string{"nyc"}, 9958 }, 9959 want: map[string]interface{}{ 9960 "verdict": getRuleVerdictName(ruleVerdictDeny), 9961 "rule_type": "*acl.aclRuleDenyWithDebugLoggerMatchAll", 9962 }, 9963 }, {name: "deny all with debug logging and without counter with continue verdict", 9964 config: &RuleConfiguration{ 9965 Comment: "foobar barfoo", 9966 Conditions: []string{ 9967 "exact match roles foobar", 9968 "exact match org nyc", 9969 }, 9970 Action: `deny log debug`, 9971 }, input: map[string]interface{}{ 9972 "name": "John Smith", 9973 "roles": []string{"barfoo"}, 9974 }, 9975 want: map[string]interface{}{ 9976 "verdict": getRuleVerdictName(ruleVerdictContinue), 9977 "rule_type": "*acl.aclRuleDenyWithDebugLoggerMatchAll", 9978 }, 9979 }, {name: "deny all with debug logging and without counter with continue verdict 1", 9980 config: &RuleConfiguration{ 9981 Comment: "foobar barfoo", 9982 Conditions: []string{ 9983 "exact match roles foobar", 9984 "exact match org nyc", 9985 }, 9986 Action: `deny log debug`, 9987 }, input: map[string]interface{}{ 9988 "name": "John Smith", 9989 }, 9990 want: map[string]interface{}{ 9991 "verdict": getRuleVerdictName(ruleVerdictContinue), 9992 "rule_type": "*acl.aclRuleDenyWithDebugLoggerMatchAll", 9993 }, 9994 }, {name: "deny all with debug logging and without counter with continue verdict 2", 9995 config: &RuleConfiguration{ 9996 Comment: "foobar barfoo", 9997 Conditions: []string{ 9998 "exact match roles foobar", 9999 "exact match org nyc", 10000 }, 10001 Action: `deny log debug`, 10002 }, input: map[string]interface{}{ 10003 "name": "John Smith", 10004 "roles": []string{"barfoo"}, 10005 }, 10006 emptyFields: true, 10007 want: map[string]interface{}{ 10008 "verdict": getRuleVerdictName(ruleVerdictContinue), 10009 "empty_fields": true, 10010 "rule_type": "*acl.aclRuleDenyWithDebugLoggerMatchAll", 10011 }, 10012 }, {name: "deny all with debug logging and without counter with continue verdict 3", 10013 config: &RuleConfiguration{ 10014 Comment: "foobar barfoo", 10015 Conditions: []string{ 10016 "exact match roles foobar", 10017 "exact match org nyc", 10018 }, 10019 Action: `deny log debug`, 10020 }, input: map[string]interface{}{ 10021 "name": "John Smith", 10022 }, 10023 emptyFields: true, 10024 want: map[string]interface{}{ 10025 "verdict": getRuleVerdictName(ruleVerdictContinue), 10026 "empty_fields": true, 10027 "rule_type": "*acl.aclRuleDenyWithDebugLoggerMatchAll", 10028 }, 10029 }, {name: "deny all with info logging and without counter with deny verdict", 10030 config: &RuleConfiguration{ 10031 Comment: "foobar barfoo", 10032 Conditions: []string{ 10033 "exact match roles foobar", 10034 "exact match org nyc", 10035 }, 10036 Action: `deny log info`, 10037 }, input: map[string]interface{}{ 10038 "roles": []string{"foobar"}, 10039 "org": []string{"nyc"}, 10040 }, 10041 want: map[string]interface{}{ 10042 "verdict": getRuleVerdictName(ruleVerdictDeny), 10043 "rule_type": "*acl.aclRuleDenyWithInfoLoggerMatchAll", 10044 }, 10045 }, {name: "deny all with info logging and without counter with continue verdict", 10046 config: &RuleConfiguration{ 10047 Comment: "foobar barfoo", 10048 Conditions: []string{ 10049 "exact match roles foobar", 10050 "exact match org nyc", 10051 }, 10052 Action: `deny log info`, 10053 }, input: map[string]interface{}{ 10054 "name": "John Smith", 10055 "roles": []string{"barfoo"}, 10056 }, 10057 want: map[string]interface{}{ 10058 "verdict": getRuleVerdictName(ruleVerdictContinue), 10059 "rule_type": "*acl.aclRuleDenyWithInfoLoggerMatchAll", 10060 }, 10061 }, {name: "deny all with info logging and without counter with continue verdict 1", 10062 config: &RuleConfiguration{ 10063 Comment: "foobar barfoo", 10064 Conditions: []string{ 10065 "exact match roles foobar", 10066 "exact match org nyc", 10067 }, 10068 Action: `deny log info`, 10069 }, input: map[string]interface{}{ 10070 "name": "John Smith", 10071 }, 10072 want: map[string]interface{}{ 10073 "verdict": getRuleVerdictName(ruleVerdictContinue), 10074 "rule_type": "*acl.aclRuleDenyWithInfoLoggerMatchAll", 10075 }, 10076 }, {name: "deny all with info logging and without counter with continue verdict 2", 10077 config: &RuleConfiguration{ 10078 Comment: "foobar barfoo", 10079 Conditions: []string{ 10080 "exact match roles foobar", 10081 "exact match org nyc", 10082 }, 10083 Action: `deny log info`, 10084 }, input: map[string]interface{}{ 10085 "name": "John Smith", 10086 "roles": []string{"barfoo"}, 10087 }, 10088 emptyFields: true, 10089 want: map[string]interface{}{ 10090 "verdict": getRuleVerdictName(ruleVerdictContinue), 10091 "empty_fields": true, 10092 "rule_type": "*acl.aclRuleDenyWithInfoLoggerMatchAll", 10093 }, 10094 }, {name: "deny all with info logging and without counter with continue verdict 3", 10095 config: &RuleConfiguration{ 10096 Comment: "foobar barfoo", 10097 Conditions: []string{ 10098 "exact match roles foobar", 10099 "exact match org nyc", 10100 }, 10101 Action: `deny log info`, 10102 }, input: map[string]interface{}{ 10103 "name": "John Smith", 10104 }, 10105 emptyFields: true, 10106 want: map[string]interface{}{ 10107 "verdict": getRuleVerdictName(ruleVerdictContinue), 10108 "empty_fields": true, 10109 "rule_type": "*acl.aclRuleDenyWithInfoLoggerMatchAll", 10110 }, 10111 }, {name: "deny all with warn logging and without counter with deny verdict", 10112 config: &RuleConfiguration{ 10113 Comment: "foobar barfoo", 10114 Conditions: []string{ 10115 "exact match roles foobar", 10116 "exact match org nyc", 10117 }, 10118 Action: `deny log warn`, 10119 }, input: map[string]interface{}{ 10120 "roles": []string{"foobar"}, 10121 "org": []string{"nyc"}, 10122 }, 10123 want: map[string]interface{}{ 10124 "verdict": getRuleVerdictName(ruleVerdictDeny), 10125 "rule_type": "*acl.aclRuleDenyWithWarnLoggerMatchAll", 10126 }, 10127 }, {name: "deny all with warn logging and without counter with continue verdict", 10128 config: &RuleConfiguration{ 10129 Comment: "foobar barfoo", 10130 Conditions: []string{ 10131 "exact match roles foobar", 10132 "exact match org nyc", 10133 }, 10134 Action: `deny log warn`, 10135 }, input: map[string]interface{}{ 10136 "name": "John Smith", 10137 "roles": []string{"barfoo"}, 10138 }, 10139 want: map[string]interface{}{ 10140 "verdict": getRuleVerdictName(ruleVerdictContinue), 10141 "rule_type": "*acl.aclRuleDenyWithWarnLoggerMatchAll", 10142 }, 10143 }, {name: "deny all with warn logging and without counter with continue verdict 1", 10144 config: &RuleConfiguration{ 10145 Comment: "foobar barfoo", 10146 Conditions: []string{ 10147 "exact match roles foobar", 10148 "exact match org nyc", 10149 }, 10150 Action: `deny log warn`, 10151 }, input: map[string]interface{}{ 10152 "name": "John Smith", 10153 }, 10154 want: map[string]interface{}{ 10155 "verdict": getRuleVerdictName(ruleVerdictContinue), 10156 "rule_type": "*acl.aclRuleDenyWithWarnLoggerMatchAll", 10157 }, 10158 }, {name: "deny all with warn logging and without counter with continue verdict 2", 10159 config: &RuleConfiguration{ 10160 Comment: "foobar barfoo", 10161 Conditions: []string{ 10162 "exact match roles foobar", 10163 "exact match org nyc", 10164 }, 10165 Action: `deny log warn`, 10166 }, input: map[string]interface{}{ 10167 "name": "John Smith", 10168 "roles": []string{"barfoo"}, 10169 }, 10170 emptyFields: true, 10171 want: map[string]interface{}{ 10172 "verdict": getRuleVerdictName(ruleVerdictContinue), 10173 "empty_fields": true, 10174 "rule_type": "*acl.aclRuleDenyWithWarnLoggerMatchAll", 10175 }, 10176 }, {name: "deny all with warn logging and without counter with continue verdict 3", 10177 config: &RuleConfiguration{ 10178 Comment: "foobar barfoo", 10179 Conditions: []string{ 10180 "exact match roles foobar", 10181 "exact match org nyc", 10182 }, 10183 Action: `deny log warn`, 10184 }, input: map[string]interface{}{ 10185 "name": "John Smith", 10186 }, 10187 emptyFields: true, 10188 want: map[string]interface{}{ 10189 "verdict": getRuleVerdictName(ruleVerdictContinue), 10190 "empty_fields": true, 10191 "rule_type": "*acl.aclRuleDenyWithWarnLoggerMatchAll", 10192 }, 10193 }, {name: "deny all with error logging and without counter with deny verdict", 10194 config: &RuleConfiguration{ 10195 Comment: "foobar barfoo", 10196 Conditions: []string{ 10197 "exact match roles foobar", 10198 "exact match org nyc", 10199 }, 10200 Action: `deny log error`, 10201 }, input: map[string]interface{}{ 10202 "roles": []string{"foobar"}, 10203 "org": []string{"nyc"}, 10204 }, 10205 want: map[string]interface{}{ 10206 "verdict": getRuleVerdictName(ruleVerdictDeny), 10207 "rule_type": "*acl.aclRuleDenyWithErrorLoggerMatchAll", 10208 }, 10209 }, {name: "deny all with error logging and without counter with continue verdict", 10210 config: &RuleConfiguration{ 10211 Comment: "foobar barfoo", 10212 Conditions: []string{ 10213 "exact match roles foobar", 10214 "exact match org nyc", 10215 }, 10216 Action: `deny log error`, 10217 }, input: map[string]interface{}{ 10218 "name": "John Smith", 10219 "roles": []string{"barfoo"}, 10220 }, 10221 want: map[string]interface{}{ 10222 "verdict": getRuleVerdictName(ruleVerdictContinue), 10223 "rule_type": "*acl.aclRuleDenyWithErrorLoggerMatchAll", 10224 }, 10225 }, {name: "deny all with error logging and without counter with continue verdict 1", 10226 config: &RuleConfiguration{ 10227 Comment: "foobar barfoo", 10228 Conditions: []string{ 10229 "exact match roles foobar", 10230 "exact match org nyc", 10231 }, 10232 Action: `deny log error`, 10233 }, input: map[string]interface{}{ 10234 "name": "John Smith", 10235 }, 10236 want: map[string]interface{}{ 10237 "verdict": getRuleVerdictName(ruleVerdictContinue), 10238 "rule_type": "*acl.aclRuleDenyWithErrorLoggerMatchAll", 10239 }, 10240 }, {name: "deny all with error logging and without counter with continue verdict 2", 10241 config: &RuleConfiguration{ 10242 Comment: "foobar barfoo", 10243 Conditions: []string{ 10244 "exact match roles foobar", 10245 "exact match org nyc", 10246 }, 10247 Action: `deny log error`, 10248 }, input: map[string]interface{}{ 10249 "name": "John Smith", 10250 "roles": []string{"barfoo"}, 10251 }, 10252 emptyFields: true, 10253 want: map[string]interface{}{ 10254 "verdict": getRuleVerdictName(ruleVerdictContinue), 10255 "empty_fields": true, 10256 "rule_type": "*acl.aclRuleDenyWithErrorLoggerMatchAll", 10257 }, 10258 }, {name: "deny all with error logging and without counter with continue verdict 3", 10259 config: &RuleConfiguration{ 10260 Comment: "foobar barfoo", 10261 Conditions: []string{ 10262 "exact match roles foobar", 10263 "exact match org nyc", 10264 }, 10265 Action: `deny log error`, 10266 }, input: map[string]interface{}{ 10267 "name": "John Smith", 10268 }, 10269 emptyFields: true, 10270 want: map[string]interface{}{ 10271 "verdict": getRuleVerdictName(ruleVerdictContinue), 10272 "empty_fields": true, 10273 "rule_type": "*acl.aclRuleDenyWithErrorLoggerMatchAll", 10274 }, 10275 }, {name: "deny with debug logging and without counter with deny verdict", 10276 config: &RuleConfiguration{ 10277 Comment: "foobar barfoo", 10278 Conditions: []string{"exact match roles foobar"}, 10279 Action: `deny log debug`, 10280 }, input: map[string]interface{}{ 10281 "roles": []string{"foobar"}, 10282 }, 10283 want: map[string]interface{}{ 10284 "verdict": getRuleVerdictName(ruleVerdictDeny), 10285 "rule_type": "*acl.aclRuleDenyWithDebugLogger", 10286 }, 10287 }, {name: "deny with debug logging and without counter with continue verdict", 10288 config: &RuleConfiguration{ 10289 Comment: "foobar barfoo", 10290 Conditions: []string{"exact match roles foobar"}, 10291 Action: `deny log debug`, 10292 }, input: map[string]interface{}{ 10293 "name": "John Smith", 10294 "roles": []string{"barfoo"}, 10295 }, 10296 want: map[string]interface{}{ 10297 "verdict": getRuleVerdictName(ruleVerdictContinue), 10298 "rule_type": "*acl.aclRuleDenyWithDebugLogger", 10299 }, 10300 }, {name: "deny with debug logging and without counter with continue verdict 1", 10301 config: &RuleConfiguration{ 10302 Comment: "foobar barfoo", 10303 Conditions: []string{"exact match roles foobar"}, 10304 Action: `deny log debug`, 10305 }, input: map[string]interface{}{ 10306 "name": "John Smith", 10307 }, 10308 want: map[string]interface{}{ 10309 "verdict": getRuleVerdictName(ruleVerdictContinue), 10310 "rule_type": "*acl.aclRuleDenyWithDebugLogger", 10311 }, 10312 }, {name: "deny with debug logging and without counter with continue verdict 2", 10313 config: &RuleConfiguration{ 10314 Comment: "foobar barfoo", 10315 Conditions: []string{"exact match roles foobar"}, 10316 Action: `deny log debug`, 10317 }, input: map[string]interface{}{ 10318 "name": "John Smith", 10319 "roles": []string{"barfoo"}, 10320 }, 10321 emptyFields: true, 10322 want: map[string]interface{}{ 10323 "verdict": getRuleVerdictName(ruleVerdictContinue), 10324 "empty_fields": true, 10325 "rule_type": "*acl.aclRuleDenyWithDebugLogger", 10326 }, 10327 }, {name: "deny with debug logging and without counter with continue verdict 3", 10328 config: &RuleConfiguration{ 10329 Comment: "foobar barfoo", 10330 Conditions: []string{"exact match roles foobar"}, 10331 Action: `deny log debug`, 10332 }, input: map[string]interface{}{ 10333 "name": "John Smith", 10334 }, 10335 emptyFields: true, 10336 want: map[string]interface{}{ 10337 "verdict": getRuleVerdictName(ruleVerdictContinue), 10338 "empty_fields": true, 10339 "rule_type": "*acl.aclRuleDenyWithDebugLogger", 10340 }, 10341 }, {name: "deny with info logging and without counter with deny verdict", 10342 config: &RuleConfiguration{ 10343 Comment: "foobar barfoo", 10344 Conditions: []string{"exact match roles foobar"}, 10345 Action: `deny log info`, 10346 }, input: map[string]interface{}{ 10347 "roles": []string{"foobar"}, 10348 }, 10349 want: map[string]interface{}{ 10350 "verdict": getRuleVerdictName(ruleVerdictDeny), 10351 "rule_type": "*acl.aclRuleDenyWithInfoLogger", 10352 }, 10353 }, {name: "deny with info logging and without counter with continue verdict", 10354 config: &RuleConfiguration{ 10355 Comment: "foobar barfoo", 10356 Conditions: []string{"exact match roles foobar"}, 10357 Action: `deny log info`, 10358 }, input: map[string]interface{}{ 10359 "name": "John Smith", 10360 "roles": []string{"barfoo"}, 10361 }, 10362 want: map[string]interface{}{ 10363 "verdict": getRuleVerdictName(ruleVerdictContinue), 10364 "rule_type": "*acl.aclRuleDenyWithInfoLogger", 10365 }, 10366 }, {name: "deny with info logging and without counter with continue verdict 1", 10367 config: &RuleConfiguration{ 10368 Comment: "foobar barfoo", 10369 Conditions: []string{"exact match roles foobar"}, 10370 Action: `deny log info`, 10371 }, input: map[string]interface{}{ 10372 "name": "John Smith", 10373 }, 10374 want: map[string]interface{}{ 10375 "verdict": getRuleVerdictName(ruleVerdictContinue), 10376 "rule_type": "*acl.aclRuleDenyWithInfoLogger", 10377 }, 10378 }, {name: "deny with info logging and without counter with continue verdict 2", 10379 config: &RuleConfiguration{ 10380 Comment: "foobar barfoo", 10381 Conditions: []string{"exact match roles foobar"}, 10382 Action: `deny log info`, 10383 }, input: map[string]interface{}{ 10384 "name": "John Smith", 10385 "roles": []string{"barfoo"}, 10386 }, 10387 emptyFields: true, 10388 want: map[string]interface{}{ 10389 "verdict": getRuleVerdictName(ruleVerdictContinue), 10390 "empty_fields": true, 10391 "rule_type": "*acl.aclRuleDenyWithInfoLogger", 10392 }, 10393 }, {name: "deny with info logging and without counter with continue verdict 3", 10394 config: &RuleConfiguration{ 10395 Comment: "foobar barfoo", 10396 Conditions: []string{"exact match roles foobar"}, 10397 Action: `deny log info`, 10398 }, input: map[string]interface{}{ 10399 "name": "John Smith", 10400 }, 10401 emptyFields: true, 10402 want: map[string]interface{}{ 10403 "verdict": getRuleVerdictName(ruleVerdictContinue), 10404 "empty_fields": true, 10405 "rule_type": "*acl.aclRuleDenyWithInfoLogger", 10406 }, 10407 }, {name: "deny with warn logging and without counter with deny verdict", 10408 config: &RuleConfiguration{ 10409 Comment: "foobar barfoo", 10410 Conditions: []string{"exact match roles foobar"}, 10411 Action: `deny log warn`, 10412 }, input: map[string]interface{}{ 10413 "roles": []string{"foobar"}, 10414 }, 10415 want: map[string]interface{}{ 10416 "verdict": getRuleVerdictName(ruleVerdictDeny), 10417 "rule_type": "*acl.aclRuleDenyWithWarnLogger", 10418 }, 10419 }, {name: "deny with warn logging and without counter with continue verdict", 10420 config: &RuleConfiguration{ 10421 Comment: "foobar barfoo", 10422 Conditions: []string{"exact match roles foobar"}, 10423 Action: `deny log warn`, 10424 }, input: map[string]interface{}{ 10425 "name": "John Smith", 10426 "roles": []string{"barfoo"}, 10427 }, 10428 want: map[string]interface{}{ 10429 "verdict": getRuleVerdictName(ruleVerdictContinue), 10430 "rule_type": "*acl.aclRuleDenyWithWarnLogger", 10431 }, 10432 }, {name: "deny with warn logging and without counter with continue verdict 1", 10433 config: &RuleConfiguration{ 10434 Comment: "foobar barfoo", 10435 Conditions: []string{"exact match roles foobar"}, 10436 Action: `deny log warn`, 10437 }, input: map[string]interface{}{ 10438 "name": "John Smith", 10439 }, 10440 want: map[string]interface{}{ 10441 "verdict": getRuleVerdictName(ruleVerdictContinue), 10442 "rule_type": "*acl.aclRuleDenyWithWarnLogger", 10443 }, 10444 }, {name: "deny with warn logging and without counter with continue verdict 2", 10445 config: &RuleConfiguration{ 10446 Comment: "foobar barfoo", 10447 Conditions: []string{"exact match roles foobar"}, 10448 Action: `deny log warn`, 10449 }, input: map[string]interface{}{ 10450 "name": "John Smith", 10451 "roles": []string{"barfoo"}, 10452 }, 10453 emptyFields: true, 10454 want: map[string]interface{}{ 10455 "verdict": getRuleVerdictName(ruleVerdictContinue), 10456 "empty_fields": true, 10457 "rule_type": "*acl.aclRuleDenyWithWarnLogger", 10458 }, 10459 }, {name: "deny with warn logging and without counter with continue verdict 3", 10460 config: &RuleConfiguration{ 10461 Comment: "foobar barfoo", 10462 Conditions: []string{"exact match roles foobar"}, 10463 Action: `deny log warn`, 10464 }, input: map[string]interface{}{ 10465 "name": "John Smith", 10466 }, 10467 emptyFields: true, 10468 want: map[string]interface{}{ 10469 "verdict": getRuleVerdictName(ruleVerdictContinue), 10470 "empty_fields": true, 10471 "rule_type": "*acl.aclRuleDenyWithWarnLogger", 10472 }, 10473 }, {name: "deny with error logging and without counter with deny verdict", 10474 config: &RuleConfiguration{ 10475 Comment: "foobar barfoo", 10476 Conditions: []string{"exact match roles foobar"}, 10477 Action: `deny log error`, 10478 }, input: map[string]interface{}{ 10479 "roles": []string{"foobar"}, 10480 }, 10481 want: map[string]interface{}{ 10482 "verdict": getRuleVerdictName(ruleVerdictDeny), 10483 "rule_type": "*acl.aclRuleDenyWithErrorLogger", 10484 }, 10485 }, {name: "deny with error logging and without counter with continue verdict", 10486 config: &RuleConfiguration{ 10487 Comment: "foobar barfoo", 10488 Conditions: []string{"exact match roles foobar"}, 10489 Action: `deny log error`, 10490 }, input: map[string]interface{}{ 10491 "name": "John Smith", 10492 "roles": []string{"barfoo"}, 10493 }, 10494 want: map[string]interface{}{ 10495 "verdict": getRuleVerdictName(ruleVerdictContinue), 10496 "rule_type": "*acl.aclRuleDenyWithErrorLogger", 10497 }, 10498 }, {name: "deny with error logging and without counter with continue verdict 1", 10499 config: &RuleConfiguration{ 10500 Comment: "foobar barfoo", 10501 Conditions: []string{"exact match roles foobar"}, 10502 Action: `deny log error`, 10503 }, input: map[string]interface{}{ 10504 "name": "John Smith", 10505 }, 10506 want: map[string]interface{}{ 10507 "verdict": getRuleVerdictName(ruleVerdictContinue), 10508 "rule_type": "*acl.aclRuleDenyWithErrorLogger", 10509 }, 10510 }, {name: "deny with error logging and without counter with continue verdict 2", 10511 config: &RuleConfiguration{ 10512 Comment: "foobar barfoo", 10513 Conditions: []string{"exact match roles foobar"}, 10514 Action: `deny log error`, 10515 }, input: map[string]interface{}{ 10516 "name": "John Smith", 10517 "roles": []string{"barfoo"}, 10518 }, 10519 emptyFields: true, 10520 want: map[string]interface{}{ 10521 "verdict": getRuleVerdictName(ruleVerdictContinue), 10522 "empty_fields": true, 10523 "rule_type": "*acl.aclRuleDenyWithErrorLogger", 10524 }, 10525 }, {name: "deny with error logging and without counter with continue verdict 3", 10526 config: &RuleConfiguration{ 10527 Comment: "foobar barfoo", 10528 Conditions: []string{"exact match roles foobar"}, 10529 Action: `deny log error`, 10530 }, input: map[string]interface{}{ 10531 "name": "John Smith", 10532 }, 10533 emptyFields: true, 10534 want: map[string]interface{}{ 10535 "verdict": getRuleVerdictName(ruleVerdictContinue), 10536 "empty_fields": true, 10537 "rule_type": "*acl.aclRuleDenyWithErrorLogger", 10538 }, 10539 }, {name: "deny any and stop processing with counter and without logging with deny stop verdict", 10540 config: &RuleConfiguration{ 10541 Comment: "foobar barfoo", 10542 Conditions: []string{ 10543 "exact match roles foobar", 10544 "exact match org nyc", 10545 }, 10546 Action: `deny any stop counter`, 10547 }, input: map[string]interface{}{ 10548 "roles": []string{"foobar"}, 10549 }, 10550 want: map[string]interface{}{ 10551 "verdict": getRuleVerdictName(ruleVerdictDenyStop), 10552 "rule_type": "*acl.aclRuleDenyWithCounterMatchAnyStop", 10553 }, 10554 }, {name: "deny any and stop processing with counter and without logging with continue verdict", 10555 config: &RuleConfiguration{ 10556 Comment: "foobar barfoo", 10557 Conditions: []string{ 10558 "exact match roles foobar", 10559 "exact match org nyc", 10560 }, 10561 Action: `deny any stop counter`, 10562 }, input: map[string]interface{}{ 10563 "name": "John Smith", 10564 "roles": []string{"barfoo"}, 10565 }, 10566 want: map[string]interface{}{ 10567 "verdict": getRuleVerdictName(ruleVerdictContinue), 10568 "rule_type": "*acl.aclRuleDenyWithCounterMatchAnyStop", 10569 }, 10570 }, {name: "deny any and stop processing with counter and without logging with continue verdict 1", 10571 config: &RuleConfiguration{ 10572 Comment: "foobar barfoo", 10573 Conditions: []string{ 10574 "exact match roles foobar", 10575 "exact match org nyc", 10576 }, 10577 Action: `deny any stop counter`, 10578 }, input: map[string]interface{}{ 10579 "name": "John Smith", 10580 }, 10581 want: map[string]interface{}{ 10582 "verdict": getRuleVerdictName(ruleVerdictContinue), 10583 "rule_type": "*acl.aclRuleDenyWithCounterMatchAnyStop", 10584 }, 10585 }, {name: "deny any and stop processing with counter and without logging with continue verdict 2", 10586 config: &RuleConfiguration{ 10587 Comment: "foobar barfoo", 10588 Conditions: []string{ 10589 "exact match roles foobar", 10590 "exact match org nyc", 10591 }, 10592 Action: `deny any stop counter`, 10593 }, input: map[string]interface{}{ 10594 "name": "John Smith", 10595 "roles": []string{"barfoo"}, 10596 }, 10597 emptyFields: true, 10598 want: map[string]interface{}{ 10599 "verdict": getRuleVerdictName(ruleVerdictContinue), 10600 "empty_fields": true, 10601 "rule_type": "*acl.aclRuleDenyWithCounterMatchAnyStop", 10602 }, 10603 }, {name: "deny any and stop processing with counter and without logging with continue verdict 3", 10604 config: &RuleConfiguration{ 10605 Comment: "foobar barfoo", 10606 Conditions: []string{ 10607 "exact match roles foobar", 10608 "exact match org nyc", 10609 }, 10610 Action: `deny any stop counter`, 10611 }, input: map[string]interface{}{ 10612 "name": "John Smith", 10613 }, 10614 emptyFields: true, 10615 want: map[string]interface{}{ 10616 "verdict": getRuleVerdictName(ruleVerdictContinue), 10617 "empty_fields": true, 10618 "rule_type": "*acl.aclRuleDenyWithCounterMatchAnyStop", 10619 }, 10620 }, {name: "deny all and stop processing with counter and without logging with deny stop verdict", 10621 config: &RuleConfiguration{ 10622 Comment: "foobar barfoo", 10623 Conditions: []string{ 10624 "exact match roles foobar", 10625 "exact match org nyc", 10626 }, 10627 Action: `deny stop counter`, 10628 }, input: map[string]interface{}{ 10629 "roles": []string{"foobar"}, 10630 "org": []string{"nyc"}, 10631 }, 10632 want: map[string]interface{}{ 10633 "verdict": getRuleVerdictName(ruleVerdictDenyStop), 10634 "rule_type": "*acl.aclRuleDenyWithCounterMatchAllStop", 10635 }, 10636 }, {name: "deny all and stop processing with counter and without logging with continue verdict", 10637 config: &RuleConfiguration{ 10638 Comment: "foobar barfoo", 10639 Conditions: []string{ 10640 "exact match roles foobar", 10641 "exact match org nyc", 10642 }, 10643 Action: `deny stop counter`, 10644 }, input: map[string]interface{}{ 10645 "name": "John Smith", 10646 "roles": []string{"barfoo"}, 10647 }, 10648 want: map[string]interface{}{ 10649 "verdict": getRuleVerdictName(ruleVerdictContinue), 10650 "rule_type": "*acl.aclRuleDenyWithCounterMatchAllStop", 10651 }, 10652 }, {name: "deny all and stop processing with counter and without logging with continue verdict 1", 10653 config: &RuleConfiguration{ 10654 Comment: "foobar barfoo", 10655 Conditions: []string{ 10656 "exact match roles foobar", 10657 "exact match org nyc", 10658 }, 10659 Action: `deny stop counter`, 10660 }, input: map[string]interface{}{ 10661 "name": "John Smith", 10662 }, 10663 want: map[string]interface{}{ 10664 "verdict": getRuleVerdictName(ruleVerdictContinue), 10665 "rule_type": "*acl.aclRuleDenyWithCounterMatchAllStop", 10666 }, 10667 }, {name: "deny all and stop processing with counter and without logging with continue verdict 2", 10668 config: &RuleConfiguration{ 10669 Comment: "foobar barfoo", 10670 Conditions: []string{ 10671 "exact match roles foobar", 10672 "exact match org nyc", 10673 }, 10674 Action: `deny stop counter`, 10675 }, input: map[string]interface{}{ 10676 "name": "John Smith", 10677 "roles": []string{"barfoo"}, 10678 }, 10679 emptyFields: true, 10680 want: map[string]interface{}{ 10681 "verdict": getRuleVerdictName(ruleVerdictContinue), 10682 "empty_fields": true, 10683 "rule_type": "*acl.aclRuleDenyWithCounterMatchAllStop", 10684 }, 10685 }, {name: "deny all and stop processing with counter and without logging with continue verdict 3", 10686 config: &RuleConfiguration{ 10687 Comment: "foobar barfoo", 10688 Conditions: []string{ 10689 "exact match roles foobar", 10690 "exact match org nyc", 10691 }, 10692 Action: `deny stop counter`, 10693 }, input: map[string]interface{}{ 10694 "name": "John Smith", 10695 }, 10696 emptyFields: true, 10697 want: map[string]interface{}{ 10698 "verdict": getRuleVerdictName(ruleVerdictContinue), 10699 "empty_fields": true, 10700 "rule_type": "*acl.aclRuleDenyWithCounterMatchAllStop", 10701 }, 10702 }, {name: "deny and stop processing with counter and without logging with deny stop verdict", 10703 config: &RuleConfiguration{ 10704 Comment: "foobar barfoo", 10705 Conditions: []string{"exact match roles foobar"}, 10706 Action: `deny stop counter`, 10707 }, input: map[string]interface{}{ 10708 "roles": []string{"foobar"}, 10709 }, 10710 want: map[string]interface{}{ 10711 "verdict": getRuleVerdictName(ruleVerdictDenyStop), 10712 "rule_type": "*acl.aclRuleDenyWithCounterStop", 10713 }, 10714 }, {name: "deny and stop processing with counter and without logging with continue verdict", 10715 config: &RuleConfiguration{ 10716 Comment: "foobar barfoo", 10717 Conditions: []string{"exact match roles foobar"}, 10718 Action: `deny stop counter`, 10719 }, input: map[string]interface{}{ 10720 "name": "John Smith", 10721 "roles": []string{"barfoo"}, 10722 }, 10723 want: map[string]interface{}{ 10724 "verdict": getRuleVerdictName(ruleVerdictContinue), 10725 "rule_type": "*acl.aclRuleDenyWithCounterStop", 10726 }, 10727 }, {name: "deny and stop processing with counter and without logging with continue verdict 1", 10728 config: &RuleConfiguration{ 10729 Comment: "foobar barfoo", 10730 Conditions: []string{"exact match roles foobar"}, 10731 Action: `deny stop counter`, 10732 }, input: map[string]interface{}{ 10733 "name": "John Smith", 10734 }, 10735 want: map[string]interface{}{ 10736 "verdict": getRuleVerdictName(ruleVerdictContinue), 10737 "rule_type": "*acl.aclRuleDenyWithCounterStop", 10738 }, 10739 }, {name: "deny and stop processing with counter and without logging with continue verdict 2", 10740 config: &RuleConfiguration{ 10741 Comment: "foobar barfoo", 10742 Conditions: []string{"exact match roles foobar"}, 10743 Action: `deny stop counter`, 10744 }, input: map[string]interface{}{ 10745 "name": "John Smith", 10746 "roles": []string{"barfoo"}, 10747 }, 10748 emptyFields: true, 10749 want: map[string]interface{}{ 10750 "verdict": getRuleVerdictName(ruleVerdictContinue), 10751 "empty_fields": true, 10752 "rule_type": "*acl.aclRuleDenyWithCounterStop", 10753 }, 10754 }, {name: "deny and stop processing with counter and without logging with continue verdict 3", 10755 config: &RuleConfiguration{ 10756 Comment: "foobar barfoo", 10757 Conditions: []string{"exact match roles foobar"}, 10758 Action: `deny stop counter`, 10759 }, input: map[string]interface{}{ 10760 "name": "John Smith", 10761 }, 10762 emptyFields: true, 10763 want: map[string]interface{}{ 10764 "verdict": getRuleVerdictName(ruleVerdictContinue), 10765 "empty_fields": true, 10766 "rule_type": "*acl.aclRuleDenyWithCounterStop", 10767 }, 10768 }, {name: "deny any with counter and without logging with deny verdict", 10769 config: &RuleConfiguration{ 10770 Comment: "foobar barfoo", 10771 Conditions: []string{ 10772 "exact match roles foobar", 10773 "exact match org nyc", 10774 }, 10775 Action: `deny any counter`, 10776 }, input: map[string]interface{}{ 10777 "roles": []string{"foobar"}, 10778 }, 10779 want: map[string]interface{}{ 10780 "verdict": getRuleVerdictName(ruleVerdictDeny), 10781 "rule_type": "*acl.aclRuleDenyWithCounterMatchAny", 10782 }, 10783 }, {name: "deny any with counter and without logging with continue verdict", 10784 config: &RuleConfiguration{ 10785 Comment: "foobar barfoo", 10786 Conditions: []string{ 10787 "exact match roles foobar", 10788 "exact match org nyc", 10789 }, 10790 Action: `deny any counter`, 10791 }, input: map[string]interface{}{ 10792 "name": "John Smith", 10793 "roles": []string{"barfoo"}, 10794 }, 10795 want: map[string]interface{}{ 10796 "verdict": getRuleVerdictName(ruleVerdictContinue), 10797 "rule_type": "*acl.aclRuleDenyWithCounterMatchAny", 10798 }, 10799 }, {name: "deny any with counter and without logging with continue verdict 1", 10800 config: &RuleConfiguration{ 10801 Comment: "foobar barfoo", 10802 Conditions: []string{ 10803 "exact match roles foobar", 10804 "exact match org nyc", 10805 }, 10806 Action: `deny any counter`, 10807 }, input: map[string]interface{}{ 10808 "name": "John Smith", 10809 }, 10810 want: map[string]interface{}{ 10811 "verdict": getRuleVerdictName(ruleVerdictContinue), 10812 "rule_type": "*acl.aclRuleDenyWithCounterMatchAny", 10813 }, 10814 }, {name: "deny any with counter and without logging with continue verdict 2", 10815 config: &RuleConfiguration{ 10816 Comment: "foobar barfoo", 10817 Conditions: []string{ 10818 "exact match roles foobar", 10819 "exact match org nyc", 10820 }, 10821 Action: `deny any counter`, 10822 }, input: map[string]interface{}{ 10823 "name": "John Smith", 10824 "roles": []string{"barfoo"}, 10825 }, 10826 emptyFields: true, 10827 want: map[string]interface{}{ 10828 "verdict": getRuleVerdictName(ruleVerdictContinue), 10829 "empty_fields": true, 10830 "rule_type": "*acl.aclRuleDenyWithCounterMatchAny", 10831 }, 10832 }, {name: "deny any with counter and without logging with continue verdict 3", 10833 config: &RuleConfiguration{ 10834 Comment: "foobar barfoo", 10835 Conditions: []string{ 10836 "exact match roles foobar", 10837 "exact match org nyc", 10838 }, 10839 Action: `deny any counter`, 10840 }, input: map[string]interface{}{ 10841 "name": "John Smith", 10842 }, 10843 emptyFields: true, 10844 want: map[string]interface{}{ 10845 "verdict": getRuleVerdictName(ruleVerdictContinue), 10846 "empty_fields": true, 10847 "rule_type": "*acl.aclRuleDenyWithCounterMatchAny", 10848 }, 10849 }, {name: "deny all with counter and without logging with deny verdict", 10850 config: &RuleConfiguration{ 10851 Comment: "foobar barfoo", 10852 Conditions: []string{ 10853 "exact match roles foobar", 10854 "exact match org nyc", 10855 }, 10856 Action: `deny counter`, 10857 }, input: map[string]interface{}{ 10858 "roles": []string{"foobar"}, 10859 "org": []string{"nyc"}, 10860 }, 10861 want: map[string]interface{}{ 10862 "verdict": getRuleVerdictName(ruleVerdictDeny), 10863 "rule_type": "*acl.aclRuleDenyWithCounterMatchAll", 10864 }, 10865 }, {name: "deny all with counter and without logging with continue verdict", 10866 config: &RuleConfiguration{ 10867 Comment: "foobar barfoo", 10868 Conditions: []string{ 10869 "exact match roles foobar", 10870 "exact match org nyc", 10871 }, 10872 Action: `deny counter`, 10873 }, input: map[string]interface{}{ 10874 "name": "John Smith", 10875 "roles": []string{"barfoo"}, 10876 }, 10877 want: map[string]interface{}{ 10878 "verdict": getRuleVerdictName(ruleVerdictContinue), 10879 "rule_type": "*acl.aclRuleDenyWithCounterMatchAll", 10880 }, 10881 }, {name: "deny all with counter and without logging with continue verdict 1", 10882 config: &RuleConfiguration{ 10883 Comment: "foobar barfoo", 10884 Conditions: []string{ 10885 "exact match roles foobar", 10886 "exact match org nyc", 10887 }, 10888 Action: `deny counter`, 10889 }, input: map[string]interface{}{ 10890 "name": "John Smith", 10891 }, 10892 want: map[string]interface{}{ 10893 "verdict": getRuleVerdictName(ruleVerdictContinue), 10894 "rule_type": "*acl.aclRuleDenyWithCounterMatchAll", 10895 }, 10896 }, {name: "deny all with counter and without logging with continue verdict 2", 10897 config: &RuleConfiguration{ 10898 Comment: "foobar barfoo", 10899 Conditions: []string{ 10900 "exact match roles foobar", 10901 "exact match org nyc", 10902 }, 10903 Action: `deny counter`, 10904 }, input: map[string]interface{}{ 10905 "name": "John Smith", 10906 "roles": []string{"barfoo"}, 10907 }, 10908 emptyFields: true, 10909 want: map[string]interface{}{ 10910 "verdict": getRuleVerdictName(ruleVerdictContinue), 10911 "empty_fields": true, 10912 "rule_type": "*acl.aclRuleDenyWithCounterMatchAll", 10913 }, 10914 }, {name: "deny all with counter and without logging with continue verdict 3", 10915 config: &RuleConfiguration{ 10916 Comment: "foobar barfoo", 10917 Conditions: []string{ 10918 "exact match roles foobar", 10919 "exact match org nyc", 10920 }, 10921 Action: `deny counter`, 10922 }, input: map[string]interface{}{ 10923 "name": "John Smith", 10924 }, 10925 emptyFields: true, 10926 want: map[string]interface{}{ 10927 "verdict": getRuleVerdictName(ruleVerdictContinue), 10928 "empty_fields": true, 10929 "rule_type": "*acl.aclRuleDenyWithCounterMatchAll", 10930 }, 10931 }, {name: "deny with counter and without logging with deny verdict", 10932 config: &RuleConfiguration{ 10933 Comment: "foobar barfoo", 10934 Conditions: []string{"exact match roles foobar"}, 10935 Action: `deny counter`, 10936 }, input: map[string]interface{}{ 10937 "roles": []string{"foobar"}, 10938 }, 10939 want: map[string]interface{}{ 10940 "verdict": getRuleVerdictName(ruleVerdictDeny), 10941 "rule_type": "*acl.aclRuleDenyWithCounter", 10942 }, 10943 }, {name: "deny with counter and without logging with continue verdict", 10944 config: &RuleConfiguration{ 10945 Comment: "foobar barfoo", 10946 Conditions: []string{"exact match roles foobar"}, 10947 Action: `deny counter`, 10948 }, input: map[string]interface{}{ 10949 "name": "John Smith", 10950 "roles": []string{"barfoo"}, 10951 }, 10952 want: map[string]interface{}{ 10953 "verdict": getRuleVerdictName(ruleVerdictContinue), 10954 "rule_type": "*acl.aclRuleDenyWithCounter", 10955 }, 10956 }, {name: "deny with counter and without logging with continue verdict 1", 10957 config: &RuleConfiguration{ 10958 Comment: "foobar barfoo", 10959 Conditions: []string{"exact match roles foobar"}, 10960 Action: `deny counter`, 10961 }, input: map[string]interface{}{ 10962 "name": "John Smith", 10963 }, 10964 want: map[string]interface{}{ 10965 "verdict": getRuleVerdictName(ruleVerdictContinue), 10966 "rule_type": "*acl.aclRuleDenyWithCounter", 10967 }, 10968 }, {name: "deny with counter and without logging with continue verdict 2", 10969 config: &RuleConfiguration{ 10970 Comment: "foobar barfoo", 10971 Conditions: []string{"exact match roles foobar"}, 10972 Action: `deny counter`, 10973 }, input: map[string]interface{}{ 10974 "name": "John Smith", 10975 "roles": []string{"barfoo"}, 10976 }, 10977 emptyFields: true, 10978 want: map[string]interface{}{ 10979 "verdict": getRuleVerdictName(ruleVerdictContinue), 10980 "empty_fields": true, 10981 "rule_type": "*acl.aclRuleDenyWithCounter", 10982 }, 10983 }, {name: "deny with counter and without logging with continue verdict 3", 10984 config: &RuleConfiguration{ 10985 Comment: "foobar barfoo", 10986 Conditions: []string{"exact match roles foobar"}, 10987 Action: `deny counter`, 10988 }, input: map[string]interface{}{ 10989 "name": "John Smith", 10990 }, 10991 emptyFields: true, 10992 want: map[string]interface{}{ 10993 "verdict": getRuleVerdictName(ruleVerdictContinue), 10994 "empty_fields": true, 10995 "rule_type": "*acl.aclRuleDenyWithCounter", 10996 }, 10997 }, {name: "deny any and stop processing with debug logging and with counter with deny stop verdict", 10998 config: &RuleConfiguration{ 10999 Comment: "foobar barfoo", 11000 Conditions: []string{ 11001 "exact match roles foobar", 11002 "exact match org nyc", 11003 }, 11004 Action: `deny any stop counter log debug`, 11005 }, input: map[string]interface{}{ 11006 "roles": []string{"foobar"}, 11007 }, 11008 want: map[string]interface{}{ 11009 "verdict": getRuleVerdictName(ruleVerdictDenyStop), 11010 "rule_type": "*acl.aclRuleDenyWithDebugLoggerCounterMatchAnyStop", 11011 }, 11012 }, {name: "deny any and stop processing with debug logging and with counter with continue verdict", 11013 config: &RuleConfiguration{ 11014 Comment: "foobar barfoo", 11015 Conditions: []string{ 11016 "exact match roles foobar", 11017 "exact match org nyc", 11018 }, 11019 Action: `deny any stop counter log debug`, 11020 }, input: map[string]interface{}{ 11021 "name": "John Smith", 11022 "roles": []string{"barfoo"}, 11023 }, 11024 want: map[string]interface{}{ 11025 "verdict": getRuleVerdictName(ruleVerdictContinue), 11026 "rule_type": "*acl.aclRuleDenyWithDebugLoggerCounterMatchAnyStop", 11027 }, 11028 }, {name: "deny any and stop processing with debug logging and with counter with continue verdict 1", 11029 config: &RuleConfiguration{ 11030 Comment: "foobar barfoo", 11031 Conditions: []string{ 11032 "exact match roles foobar", 11033 "exact match org nyc", 11034 }, 11035 Action: `deny any stop counter log debug`, 11036 }, input: map[string]interface{}{ 11037 "name": "John Smith", 11038 }, 11039 want: map[string]interface{}{ 11040 "verdict": getRuleVerdictName(ruleVerdictContinue), 11041 "rule_type": "*acl.aclRuleDenyWithDebugLoggerCounterMatchAnyStop", 11042 }, 11043 }, {name: "deny any and stop processing with debug logging and with counter with continue verdict 2", 11044 config: &RuleConfiguration{ 11045 Comment: "foobar barfoo", 11046 Conditions: []string{ 11047 "exact match roles foobar", 11048 "exact match org nyc", 11049 }, 11050 Action: `deny any stop counter log debug`, 11051 }, input: map[string]interface{}{ 11052 "name": "John Smith", 11053 "roles": []string{"barfoo"}, 11054 }, 11055 emptyFields: true, 11056 want: map[string]interface{}{ 11057 "verdict": getRuleVerdictName(ruleVerdictContinue), 11058 "empty_fields": true, 11059 "rule_type": "*acl.aclRuleDenyWithDebugLoggerCounterMatchAnyStop", 11060 }, 11061 }, {name: "deny any and stop processing with debug logging and with counter with continue verdict 3", 11062 config: &RuleConfiguration{ 11063 Comment: "foobar barfoo", 11064 Conditions: []string{ 11065 "exact match roles foobar", 11066 "exact match org nyc", 11067 }, 11068 Action: `deny any stop counter log debug`, 11069 }, input: map[string]interface{}{ 11070 "name": "John Smith", 11071 }, 11072 emptyFields: true, 11073 want: map[string]interface{}{ 11074 "verdict": getRuleVerdictName(ruleVerdictContinue), 11075 "empty_fields": true, 11076 "rule_type": "*acl.aclRuleDenyWithDebugLoggerCounterMatchAnyStop", 11077 }, 11078 }, {name: "deny any and stop processing with info logging and with counter with deny stop verdict", 11079 config: &RuleConfiguration{ 11080 Comment: "foobar barfoo", 11081 Conditions: []string{ 11082 "exact match roles foobar", 11083 "exact match org nyc", 11084 }, 11085 Action: `deny any stop counter log info`, 11086 }, input: map[string]interface{}{ 11087 "roles": []string{"foobar"}, 11088 }, 11089 want: map[string]interface{}{ 11090 "verdict": getRuleVerdictName(ruleVerdictDenyStop), 11091 "rule_type": "*acl.aclRuleDenyWithInfoLoggerCounterMatchAnyStop", 11092 }, 11093 }, {name: "deny any and stop processing with info logging and with counter with continue verdict", 11094 config: &RuleConfiguration{ 11095 Comment: "foobar barfoo", 11096 Conditions: []string{ 11097 "exact match roles foobar", 11098 "exact match org nyc", 11099 }, 11100 Action: `deny any stop counter log info`, 11101 }, input: map[string]interface{}{ 11102 "name": "John Smith", 11103 "roles": []string{"barfoo"}, 11104 }, 11105 want: map[string]interface{}{ 11106 "verdict": getRuleVerdictName(ruleVerdictContinue), 11107 "rule_type": "*acl.aclRuleDenyWithInfoLoggerCounterMatchAnyStop", 11108 }, 11109 }, {name: "deny any and stop processing with info logging and with counter with continue verdict 1", 11110 config: &RuleConfiguration{ 11111 Comment: "foobar barfoo", 11112 Conditions: []string{ 11113 "exact match roles foobar", 11114 "exact match org nyc", 11115 }, 11116 Action: `deny any stop counter log info`, 11117 }, input: map[string]interface{}{ 11118 "name": "John Smith", 11119 }, 11120 want: map[string]interface{}{ 11121 "verdict": getRuleVerdictName(ruleVerdictContinue), 11122 "rule_type": "*acl.aclRuleDenyWithInfoLoggerCounterMatchAnyStop", 11123 }, 11124 }, {name: "deny any and stop processing with info logging and with counter with continue verdict 2", 11125 config: &RuleConfiguration{ 11126 Comment: "foobar barfoo", 11127 Conditions: []string{ 11128 "exact match roles foobar", 11129 "exact match org nyc", 11130 }, 11131 Action: `deny any stop counter log info`, 11132 }, input: map[string]interface{}{ 11133 "name": "John Smith", 11134 "roles": []string{"barfoo"}, 11135 }, 11136 emptyFields: true, 11137 want: map[string]interface{}{ 11138 "verdict": getRuleVerdictName(ruleVerdictContinue), 11139 "empty_fields": true, 11140 "rule_type": "*acl.aclRuleDenyWithInfoLoggerCounterMatchAnyStop", 11141 }, 11142 }, {name: "deny any and stop processing with info logging and with counter with continue verdict 3", 11143 config: &RuleConfiguration{ 11144 Comment: "foobar barfoo", 11145 Conditions: []string{ 11146 "exact match roles foobar", 11147 "exact match org nyc", 11148 }, 11149 Action: `deny any stop counter log info`, 11150 }, input: map[string]interface{}{ 11151 "name": "John Smith", 11152 }, 11153 emptyFields: true, 11154 want: map[string]interface{}{ 11155 "verdict": getRuleVerdictName(ruleVerdictContinue), 11156 "empty_fields": true, 11157 "rule_type": "*acl.aclRuleDenyWithInfoLoggerCounterMatchAnyStop", 11158 }, 11159 }, {name: "deny any and stop processing with warn logging and with counter with deny stop verdict", 11160 config: &RuleConfiguration{ 11161 Comment: "foobar barfoo", 11162 Conditions: []string{ 11163 "exact match roles foobar", 11164 "exact match org nyc", 11165 }, 11166 Action: `deny any stop counter log warn`, 11167 }, input: map[string]interface{}{ 11168 "roles": []string{"foobar"}, 11169 }, 11170 want: map[string]interface{}{ 11171 "verdict": getRuleVerdictName(ruleVerdictDenyStop), 11172 "rule_type": "*acl.aclRuleDenyWithWarnLoggerCounterMatchAnyStop", 11173 }, 11174 }, {name: "deny any and stop processing with warn logging and with counter with continue verdict", 11175 config: &RuleConfiguration{ 11176 Comment: "foobar barfoo", 11177 Conditions: []string{ 11178 "exact match roles foobar", 11179 "exact match org nyc", 11180 }, 11181 Action: `deny any stop counter log warn`, 11182 }, input: map[string]interface{}{ 11183 "name": "John Smith", 11184 "roles": []string{"barfoo"}, 11185 }, 11186 want: map[string]interface{}{ 11187 "verdict": getRuleVerdictName(ruleVerdictContinue), 11188 "rule_type": "*acl.aclRuleDenyWithWarnLoggerCounterMatchAnyStop", 11189 }, 11190 }, {name: "deny any and stop processing with warn logging and with counter with continue verdict 1", 11191 config: &RuleConfiguration{ 11192 Comment: "foobar barfoo", 11193 Conditions: []string{ 11194 "exact match roles foobar", 11195 "exact match org nyc", 11196 }, 11197 Action: `deny any stop counter log warn`, 11198 }, input: map[string]interface{}{ 11199 "name": "John Smith", 11200 }, 11201 want: map[string]interface{}{ 11202 "verdict": getRuleVerdictName(ruleVerdictContinue), 11203 "rule_type": "*acl.aclRuleDenyWithWarnLoggerCounterMatchAnyStop", 11204 }, 11205 }, {name: "deny any and stop processing with warn logging and with counter with continue verdict 2", 11206 config: &RuleConfiguration{ 11207 Comment: "foobar barfoo", 11208 Conditions: []string{ 11209 "exact match roles foobar", 11210 "exact match org nyc", 11211 }, 11212 Action: `deny any stop counter log warn`, 11213 }, input: map[string]interface{}{ 11214 "name": "John Smith", 11215 "roles": []string{"barfoo"}, 11216 }, 11217 emptyFields: true, 11218 want: map[string]interface{}{ 11219 "verdict": getRuleVerdictName(ruleVerdictContinue), 11220 "empty_fields": true, 11221 "rule_type": "*acl.aclRuleDenyWithWarnLoggerCounterMatchAnyStop", 11222 }, 11223 }, {name: "deny any and stop processing with warn logging and with counter with continue verdict 3", 11224 config: &RuleConfiguration{ 11225 Comment: "foobar barfoo", 11226 Conditions: []string{ 11227 "exact match roles foobar", 11228 "exact match org nyc", 11229 }, 11230 Action: `deny any stop counter log warn`, 11231 }, input: map[string]interface{}{ 11232 "name": "John Smith", 11233 }, 11234 emptyFields: true, 11235 want: map[string]interface{}{ 11236 "verdict": getRuleVerdictName(ruleVerdictContinue), 11237 "empty_fields": true, 11238 "rule_type": "*acl.aclRuleDenyWithWarnLoggerCounterMatchAnyStop", 11239 }, 11240 }, {name: "deny any and stop processing with error logging and with counter with deny stop verdict", 11241 config: &RuleConfiguration{ 11242 Comment: "foobar barfoo", 11243 Conditions: []string{ 11244 "exact match roles foobar", 11245 "exact match org nyc", 11246 }, 11247 Action: `deny any stop counter log error`, 11248 }, input: map[string]interface{}{ 11249 "roles": []string{"foobar"}, 11250 }, 11251 want: map[string]interface{}{ 11252 "verdict": getRuleVerdictName(ruleVerdictDenyStop), 11253 "rule_type": "*acl.aclRuleDenyWithErrorLoggerCounterMatchAnyStop", 11254 }, 11255 }, {name: "deny any and stop processing with error logging and with counter with continue verdict", 11256 config: &RuleConfiguration{ 11257 Comment: "foobar barfoo", 11258 Conditions: []string{ 11259 "exact match roles foobar", 11260 "exact match org nyc", 11261 }, 11262 Action: `deny any stop counter log error`, 11263 }, input: map[string]interface{}{ 11264 "name": "John Smith", 11265 "roles": []string{"barfoo"}, 11266 }, 11267 want: map[string]interface{}{ 11268 "verdict": getRuleVerdictName(ruleVerdictContinue), 11269 "rule_type": "*acl.aclRuleDenyWithErrorLoggerCounterMatchAnyStop", 11270 }, 11271 }, {name: "deny any and stop processing with error logging and with counter with continue verdict 1", 11272 config: &RuleConfiguration{ 11273 Comment: "foobar barfoo", 11274 Conditions: []string{ 11275 "exact match roles foobar", 11276 "exact match org nyc", 11277 }, 11278 Action: `deny any stop counter log error`, 11279 }, input: map[string]interface{}{ 11280 "name": "John Smith", 11281 }, 11282 want: map[string]interface{}{ 11283 "verdict": getRuleVerdictName(ruleVerdictContinue), 11284 "rule_type": "*acl.aclRuleDenyWithErrorLoggerCounterMatchAnyStop", 11285 }, 11286 }, {name: "deny any and stop processing with error logging and with counter with continue verdict 2", 11287 config: &RuleConfiguration{ 11288 Comment: "foobar barfoo", 11289 Conditions: []string{ 11290 "exact match roles foobar", 11291 "exact match org nyc", 11292 }, 11293 Action: `deny any stop counter log error`, 11294 }, input: map[string]interface{}{ 11295 "name": "John Smith", 11296 "roles": []string{"barfoo"}, 11297 }, 11298 emptyFields: true, 11299 want: map[string]interface{}{ 11300 "verdict": getRuleVerdictName(ruleVerdictContinue), 11301 "empty_fields": true, 11302 "rule_type": "*acl.aclRuleDenyWithErrorLoggerCounterMatchAnyStop", 11303 }, 11304 }, {name: "deny any and stop processing with error logging and with counter with continue verdict 3", 11305 config: &RuleConfiguration{ 11306 Comment: "foobar barfoo", 11307 Conditions: []string{ 11308 "exact match roles foobar", 11309 "exact match org nyc", 11310 }, 11311 Action: `deny any stop counter log error`, 11312 }, input: map[string]interface{}{ 11313 "name": "John Smith", 11314 }, 11315 emptyFields: true, 11316 want: map[string]interface{}{ 11317 "verdict": getRuleVerdictName(ruleVerdictContinue), 11318 "empty_fields": true, 11319 "rule_type": "*acl.aclRuleDenyWithErrorLoggerCounterMatchAnyStop", 11320 }, 11321 }, {name: "deny all and stop processing with debug logging and with counter with deny stop verdict", 11322 config: &RuleConfiguration{ 11323 Comment: "foobar barfoo", 11324 Conditions: []string{ 11325 "exact match roles foobar", 11326 "exact match org nyc", 11327 }, 11328 Action: `deny stop counter log debug`, 11329 }, input: map[string]interface{}{ 11330 "roles": []string{"foobar"}, 11331 "org": []string{"nyc"}, 11332 }, 11333 want: map[string]interface{}{ 11334 "verdict": getRuleVerdictName(ruleVerdictDenyStop), 11335 "rule_type": "*acl.aclRuleDenyWithDebugLoggerCounterMatchAllStop", 11336 }, 11337 }, {name: "deny all and stop processing with debug logging and with counter with continue verdict", 11338 config: &RuleConfiguration{ 11339 Comment: "foobar barfoo", 11340 Conditions: []string{ 11341 "exact match roles foobar", 11342 "exact match org nyc", 11343 }, 11344 Action: `deny stop counter log debug`, 11345 }, input: map[string]interface{}{ 11346 "name": "John Smith", 11347 "roles": []string{"barfoo"}, 11348 }, 11349 want: map[string]interface{}{ 11350 "verdict": getRuleVerdictName(ruleVerdictContinue), 11351 "rule_type": "*acl.aclRuleDenyWithDebugLoggerCounterMatchAllStop", 11352 }, 11353 }, {name: "deny all and stop processing with debug logging and with counter with continue verdict 1", 11354 config: &RuleConfiguration{ 11355 Comment: "foobar barfoo", 11356 Conditions: []string{ 11357 "exact match roles foobar", 11358 "exact match org nyc", 11359 }, 11360 Action: `deny stop counter log debug`, 11361 }, input: map[string]interface{}{ 11362 "name": "John Smith", 11363 }, 11364 want: map[string]interface{}{ 11365 "verdict": getRuleVerdictName(ruleVerdictContinue), 11366 "rule_type": "*acl.aclRuleDenyWithDebugLoggerCounterMatchAllStop", 11367 }, 11368 }, {name: "deny all and stop processing with debug logging and with counter with continue verdict 2", 11369 config: &RuleConfiguration{ 11370 Comment: "foobar barfoo", 11371 Conditions: []string{ 11372 "exact match roles foobar", 11373 "exact match org nyc", 11374 }, 11375 Action: `deny stop counter log debug`, 11376 }, input: map[string]interface{}{ 11377 "name": "John Smith", 11378 "roles": []string{"barfoo"}, 11379 }, 11380 emptyFields: true, 11381 want: map[string]interface{}{ 11382 "verdict": getRuleVerdictName(ruleVerdictContinue), 11383 "empty_fields": true, 11384 "rule_type": "*acl.aclRuleDenyWithDebugLoggerCounterMatchAllStop", 11385 }, 11386 }, {name: "deny all and stop processing with debug logging and with counter with continue verdict 3", 11387 config: &RuleConfiguration{ 11388 Comment: "foobar barfoo", 11389 Conditions: []string{ 11390 "exact match roles foobar", 11391 "exact match org nyc", 11392 }, 11393 Action: `deny stop counter log debug`, 11394 }, input: map[string]interface{}{ 11395 "name": "John Smith", 11396 }, 11397 emptyFields: true, 11398 want: map[string]interface{}{ 11399 "verdict": getRuleVerdictName(ruleVerdictContinue), 11400 "empty_fields": true, 11401 "rule_type": "*acl.aclRuleDenyWithDebugLoggerCounterMatchAllStop", 11402 }, 11403 }, {name: "deny all and stop processing with info logging and with counter with deny stop verdict", 11404 config: &RuleConfiguration{ 11405 Comment: "foobar barfoo", 11406 Conditions: []string{ 11407 "exact match roles foobar", 11408 "exact match org nyc", 11409 }, 11410 Action: `deny stop counter log info`, 11411 }, input: map[string]interface{}{ 11412 "roles": []string{"foobar"}, 11413 "org": []string{"nyc"}, 11414 }, 11415 want: map[string]interface{}{ 11416 "verdict": getRuleVerdictName(ruleVerdictDenyStop), 11417 "rule_type": "*acl.aclRuleDenyWithInfoLoggerCounterMatchAllStop", 11418 }, 11419 }, {name: "deny all and stop processing with info logging and with counter with continue verdict", 11420 config: &RuleConfiguration{ 11421 Comment: "foobar barfoo", 11422 Conditions: []string{ 11423 "exact match roles foobar", 11424 "exact match org nyc", 11425 }, 11426 Action: `deny stop counter log info`, 11427 }, input: map[string]interface{}{ 11428 "name": "John Smith", 11429 "roles": []string{"barfoo"}, 11430 }, 11431 want: map[string]interface{}{ 11432 "verdict": getRuleVerdictName(ruleVerdictContinue), 11433 "rule_type": "*acl.aclRuleDenyWithInfoLoggerCounterMatchAllStop", 11434 }, 11435 }, {name: "deny all and stop processing with info logging and with counter with continue verdict 1", 11436 config: &RuleConfiguration{ 11437 Comment: "foobar barfoo", 11438 Conditions: []string{ 11439 "exact match roles foobar", 11440 "exact match org nyc", 11441 }, 11442 Action: `deny stop counter log info`, 11443 }, input: map[string]interface{}{ 11444 "name": "John Smith", 11445 }, 11446 want: map[string]interface{}{ 11447 "verdict": getRuleVerdictName(ruleVerdictContinue), 11448 "rule_type": "*acl.aclRuleDenyWithInfoLoggerCounterMatchAllStop", 11449 }, 11450 }, {name: "deny all and stop processing with info logging and with counter with continue verdict 2", 11451 config: &RuleConfiguration{ 11452 Comment: "foobar barfoo", 11453 Conditions: []string{ 11454 "exact match roles foobar", 11455 "exact match org nyc", 11456 }, 11457 Action: `deny stop counter log info`, 11458 }, input: map[string]interface{}{ 11459 "name": "John Smith", 11460 "roles": []string{"barfoo"}, 11461 }, 11462 emptyFields: true, 11463 want: map[string]interface{}{ 11464 "verdict": getRuleVerdictName(ruleVerdictContinue), 11465 "empty_fields": true, 11466 "rule_type": "*acl.aclRuleDenyWithInfoLoggerCounterMatchAllStop", 11467 }, 11468 }, {name: "deny all and stop processing with info logging and with counter with continue verdict 3", 11469 config: &RuleConfiguration{ 11470 Comment: "foobar barfoo", 11471 Conditions: []string{ 11472 "exact match roles foobar", 11473 "exact match org nyc", 11474 }, 11475 Action: `deny stop counter log info`, 11476 }, input: map[string]interface{}{ 11477 "name": "John Smith", 11478 }, 11479 emptyFields: true, 11480 want: map[string]interface{}{ 11481 "verdict": getRuleVerdictName(ruleVerdictContinue), 11482 "empty_fields": true, 11483 "rule_type": "*acl.aclRuleDenyWithInfoLoggerCounterMatchAllStop", 11484 }, 11485 }, {name: "deny all and stop processing with warn logging and with counter with deny stop verdict", 11486 config: &RuleConfiguration{ 11487 Comment: "foobar barfoo", 11488 Conditions: []string{ 11489 "exact match roles foobar", 11490 "exact match org nyc", 11491 }, 11492 Action: `deny stop counter log warn`, 11493 }, input: map[string]interface{}{ 11494 "roles": []string{"foobar"}, 11495 "org": []string{"nyc"}, 11496 }, 11497 want: map[string]interface{}{ 11498 "verdict": getRuleVerdictName(ruleVerdictDenyStop), 11499 "rule_type": "*acl.aclRuleDenyWithWarnLoggerCounterMatchAllStop", 11500 }, 11501 }, {name: "deny all and stop processing with warn logging and with counter with continue verdict", 11502 config: &RuleConfiguration{ 11503 Comment: "foobar barfoo", 11504 Conditions: []string{ 11505 "exact match roles foobar", 11506 "exact match org nyc", 11507 }, 11508 Action: `deny stop counter log warn`, 11509 }, input: map[string]interface{}{ 11510 "name": "John Smith", 11511 "roles": []string{"barfoo"}, 11512 }, 11513 want: map[string]interface{}{ 11514 "verdict": getRuleVerdictName(ruleVerdictContinue), 11515 "rule_type": "*acl.aclRuleDenyWithWarnLoggerCounterMatchAllStop", 11516 }, 11517 }, {name: "deny all and stop processing with warn logging and with counter with continue verdict 1", 11518 config: &RuleConfiguration{ 11519 Comment: "foobar barfoo", 11520 Conditions: []string{ 11521 "exact match roles foobar", 11522 "exact match org nyc", 11523 }, 11524 Action: `deny stop counter log warn`, 11525 }, input: map[string]interface{}{ 11526 "name": "John Smith", 11527 }, 11528 want: map[string]interface{}{ 11529 "verdict": getRuleVerdictName(ruleVerdictContinue), 11530 "rule_type": "*acl.aclRuleDenyWithWarnLoggerCounterMatchAllStop", 11531 }, 11532 }, {name: "deny all and stop processing with warn logging and with counter with continue verdict 2", 11533 config: &RuleConfiguration{ 11534 Comment: "foobar barfoo", 11535 Conditions: []string{ 11536 "exact match roles foobar", 11537 "exact match org nyc", 11538 }, 11539 Action: `deny stop counter log warn`, 11540 }, input: map[string]interface{}{ 11541 "name": "John Smith", 11542 "roles": []string{"barfoo"}, 11543 }, 11544 emptyFields: true, 11545 want: map[string]interface{}{ 11546 "verdict": getRuleVerdictName(ruleVerdictContinue), 11547 "empty_fields": true, 11548 "rule_type": "*acl.aclRuleDenyWithWarnLoggerCounterMatchAllStop", 11549 }, 11550 }, {name: "deny all and stop processing with warn logging and with counter with continue verdict 3", 11551 config: &RuleConfiguration{ 11552 Comment: "foobar barfoo", 11553 Conditions: []string{ 11554 "exact match roles foobar", 11555 "exact match org nyc", 11556 }, 11557 Action: `deny stop counter log warn`, 11558 }, input: map[string]interface{}{ 11559 "name": "John Smith", 11560 }, 11561 emptyFields: true, 11562 want: map[string]interface{}{ 11563 "verdict": getRuleVerdictName(ruleVerdictContinue), 11564 "empty_fields": true, 11565 "rule_type": "*acl.aclRuleDenyWithWarnLoggerCounterMatchAllStop", 11566 }, 11567 }, {name: "deny all and stop processing with error logging and with counter with deny stop verdict", 11568 config: &RuleConfiguration{ 11569 Comment: "foobar barfoo", 11570 Conditions: []string{ 11571 "exact match roles foobar", 11572 "exact match org nyc", 11573 }, 11574 Action: `deny stop counter log error`, 11575 }, input: map[string]interface{}{ 11576 "roles": []string{"foobar"}, 11577 "org": []string{"nyc"}, 11578 }, 11579 want: map[string]interface{}{ 11580 "verdict": getRuleVerdictName(ruleVerdictDenyStop), 11581 "rule_type": "*acl.aclRuleDenyWithErrorLoggerCounterMatchAllStop", 11582 }, 11583 }, {name: "deny all and stop processing with error logging and with counter with continue verdict", 11584 config: &RuleConfiguration{ 11585 Comment: "foobar barfoo", 11586 Conditions: []string{ 11587 "exact match roles foobar", 11588 "exact match org nyc", 11589 }, 11590 Action: `deny stop counter log error`, 11591 }, input: map[string]interface{}{ 11592 "name": "John Smith", 11593 "roles": []string{"barfoo"}, 11594 }, 11595 want: map[string]interface{}{ 11596 "verdict": getRuleVerdictName(ruleVerdictContinue), 11597 "rule_type": "*acl.aclRuleDenyWithErrorLoggerCounterMatchAllStop", 11598 }, 11599 }, {name: "deny all and stop processing with error logging and with counter with continue verdict 1", 11600 config: &RuleConfiguration{ 11601 Comment: "foobar barfoo", 11602 Conditions: []string{ 11603 "exact match roles foobar", 11604 "exact match org nyc", 11605 }, 11606 Action: `deny stop counter log error`, 11607 }, input: map[string]interface{}{ 11608 "name": "John Smith", 11609 }, 11610 want: map[string]interface{}{ 11611 "verdict": getRuleVerdictName(ruleVerdictContinue), 11612 "rule_type": "*acl.aclRuleDenyWithErrorLoggerCounterMatchAllStop", 11613 }, 11614 }, {name: "deny all and stop processing with error logging and with counter with continue verdict 2", 11615 config: &RuleConfiguration{ 11616 Comment: "foobar barfoo", 11617 Conditions: []string{ 11618 "exact match roles foobar", 11619 "exact match org nyc", 11620 }, 11621 Action: `deny stop counter log error`, 11622 }, input: map[string]interface{}{ 11623 "name": "John Smith", 11624 "roles": []string{"barfoo"}, 11625 }, 11626 emptyFields: true, 11627 want: map[string]interface{}{ 11628 "verdict": getRuleVerdictName(ruleVerdictContinue), 11629 "empty_fields": true, 11630 "rule_type": "*acl.aclRuleDenyWithErrorLoggerCounterMatchAllStop", 11631 }, 11632 }, {name: "deny all and stop processing with error logging and with counter with continue verdict 3", 11633 config: &RuleConfiguration{ 11634 Comment: "foobar barfoo", 11635 Conditions: []string{ 11636 "exact match roles foobar", 11637 "exact match org nyc", 11638 }, 11639 Action: `deny stop counter log error`, 11640 }, input: map[string]interface{}{ 11641 "name": "John Smith", 11642 }, 11643 emptyFields: true, 11644 want: map[string]interface{}{ 11645 "verdict": getRuleVerdictName(ruleVerdictContinue), 11646 "empty_fields": true, 11647 "rule_type": "*acl.aclRuleDenyWithErrorLoggerCounterMatchAllStop", 11648 }, 11649 }, {name: "deny and stop processing with debug logging and with counter with deny stop verdict", 11650 config: &RuleConfiguration{ 11651 Comment: "foobar barfoo", 11652 Conditions: []string{"exact match roles foobar"}, 11653 Action: `deny stop counter log debug`, 11654 }, input: map[string]interface{}{ 11655 "roles": []string{"foobar"}, 11656 }, 11657 want: map[string]interface{}{ 11658 "verdict": getRuleVerdictName(ruleVerdictDenyStop), 11659 "rule_type": "*acl.aclRuleDenyWithDebugLoggerCounterStop", 11660 }, 11661 }, {name: "deny and stop processing with debug logging and with counter with continue verdict", 11662 config: &RuleConfiguration{ 11663 Comment: "foobar barfoo", 11664 Conditions: []string{"exact match roles foobar"}, 11665 Action: `deny stop counter log debug`, 11666 }, input: map[string]interface{}{ 11667 "name": "John Smith", 11668 "roles": []string{"barfoo"}, 11669 }, 11670 want: map[string]interface{}{ 11671 "verdict": getRuleVerdictName(ruleVerdictContinue), 11672 "rule_type": "*acl.aclRuleDenyWithDebugLoggerCounterStop", 11673 }, 11674 }, {name: "deny and stop processing with debug logging and with counter with continue verdict 1", 11675 config: &RuleConfiguration{ 11676 Comment: "foobar barfoo", 11677 Conditions: []string{"exact match roles foobar"}, 11678 Action: `deny stop counter log debug`, 11679 }, input: map[string]interface{}{ 11680 "name": "John Smith", 11681 }, 11682 want: map[string]interface{}{ 11683 "verdict": getRuleVerdictName(ruleVerdictContinue), 11684 "rule_type": "*acl.aclRuleDenyWithDebugLoggerCounterStop", 11685 }, 11686 }, {name: "deny and stop processing with debug logging and with counter with continue verdict 2", 11687 config: &RuleConfiguration{ 11688 Comment: "foobar barfoo", 11689 Conditions: []string{"exact match roles foobar"}, 11690 Action: `deny stop counter log debug`, 11691 }, input: map[string]interface{}{ 11692 "name": "John Smith", 11693 "roles": []string{"barfoo"}, 11694 }, 11695 emptyFields: true, 11696 want: map[string]interface{}{ 11697 "verdict": getRuleVerdictName(ruleVerdictContinue), 11698 "empty_fields": true, 11699 "rule_type": "*acl.aclRuleDenyWithDebugLoggerCounterStop", 11700 }, 11701 }, {name: "deny and stop processing with debug logging and with counter with continue verdict 3", 11702 config: &RuleConfiguration{ 11703 Comment: "foobar barfoo", 11704 Conditions: []string{"exact match roles foobar"}, 11705 Action: `deny stop counter log debug`, 11706 }, input: map[string]interface{}{ 11707 "name": "John Smith", 11708 }, 11709 emptyFields: true, 11710 want: map[string]interface{}{ 11711 "verdict": getRuleVerdictName(ruleVerdictContinue), 11712 "empty_fields": true, 11713 "rule_type": "*acl.aclRuleDenyWithDebugLoggerCounterStop", 11714 }, 11715 }, {name: "deny and stop processing with info logging and with counter with deny stop verdict", 11716 config: &RuleConfiguration{ 11717 Comment: "foobar barfoo", 11718 Conditions: []string{"exact match roles foobar"}, 11719 Action: `deny stop counter log info`, 11720 }, input: map[string]interface{}{ 11721 "roles": []string{"foobar"}, 11722 }, 11723 want: map[string]interface{}{ 11724 "verdict": getRuleVerdictName(ruleVerdictDenyStop), 11725 "rule_type": "*acl.aclRuleDenyWithInfoLoggerCounterStop", 11726 }, 11727 }, {name: "deny and stop processing with info logging and with counter with continue verdict", 11728 config: &RuleConfiguration{ 11729 Comment: "foobar barfoo", 11730 Conditions: []string{"exact match roles foobar"}, 11731 Action: `deny stop counter log info`, 11732 }, input: map[string]interface{}{ 11733 "name": "John Smith", 11734 "roles": []string{"barfoo"}, 11735 }, 11736 want: map[string]interface{}{ 11737 "verdict": getRuleVerdictName(ruleVerdictContinue), 11738 "rule_type": "*acl.aclRuleDenyWithInfoLoggerCounterStop", 11739 }, 11740 }, {name: "deny and stop processing with info logging and with counter with continue verdict 1", 11741 config: &RuleConfiguration{ 11742 Comment: "foobar barfoo", 11743 Conditions: []string{"exact match roles foobar"}, 11744 Action: `deny stop counter log info`, 11745 }, input: map[string]interface{}{ 11746 "name": "John Smith", 11747 }, 11748 want: map[string]interface{}{ 11749 "verdict": getRuleVerdictName(ruleVerdictContinue), 11750 "rule_type": "*acl.aclRuleDenyWithInfoLoggerCounterStop", 11751 }, 11752 }, {name: "deny and stop processing with info logging and with counter with continue verdict 2", 11753 config: &RuleConfiguration{ 11754 Comment: "foobar barfoo", 11755 Conditions: []string{"exact match roles foobar"}, 11756 Action: `deny stop counter log info`, 11757 }, input: map[string]interface{}{ 11758 "name": "John Smith", 11759 "roles": []string{"barfoo"}, 11760 }, 11761 emptyFields: true, 11762 want: map[string]interface{}{ 11763 "verdict": getRuleVerdictName(ruleVerdictContinue), 11764 "empty_fields": true, 11765 "rule_type": "*acl.aclRuleDenyWithInfoLoggerCounterStop", 11766 }, 11767 }, {name: "deny and stop processing with info logging and with counter with continue verdict 3", 11768 config: &RuleConfiguration{ 11769 Comment: "foobar barfoo", 11770 Conditions: []string{"exact match roles foobar"}, 11771 Action: `deny stop counter log info`, 11772 }, input: map[string]interface{}{ 11773 "name": "John Smith", 11774 }, 11775 emptyFields: true, 11776 want: map[string]interface{}{ 11777 "verdict": getRuleVerdictName(ruleVerdictContinue), 11778 "empty_fields": true, 11779 "rule_type": "*acl.aclRuleDenyWithInfoLoggerCounterStop", 11780 }, 11781 }, {name: "deny and stop processing with warn logging and with counter with deny stop verdict", 11782 config: &RuleConfiguration{ 11783 Comment: "foobar barfoo", 11784 Conditions: []string{"exact match roles foobar"}, 11785 Action: `deny stop counter log warn`, 11786 }, input: map[string]interface{}{ 11787 "roles": []string{"foobar"}, 11788 }, 11789 want: map[string]interface{}{ 11790 "verdict": getRuleVerdictName(ruleVerdictDenyStop), 11791 "rule_type": "*acl.aclRuleDenyWithWarnLoggerCounterStop", 11792 }, 11793 }, {name: "deny and stop processing with warn logging and with counter with continue verdict", 11794 config: &RuleConfiguration{ 11795 Comment: "foobar barfoo", 11796 Conditions: []string{"exact match roles foobar"}, 11797 Action: `deny stop counter log warn`, 11798 }, input: map[string]interface{}{ 11799 "name": "John Smith", 11800 "roles": []string{"barfoo"}, 11801 }, 11802 want: map[string]interface{}{ 11803 "verdict": getRuleVerdictName(ruleVerdictContinue), 11804 "rule_type": "*acl.aclRuleDenyWithWarnLoggerCounterStop", 11805 }, 11806 }, {name: "deny and stop processing with warn logging and with counter with continue verdict 1", 11807 config: &RuleConfiguration{ 11808 Comment: "foobar barfoo", 11809 Conditions: []string{"exact match roles foobar"}, 11810 Action: `deny stop counter log warn`, 11811 }, input: map[string]interface{}{ 11812 "name": "John Smith", 11813 }, 11814 want: map[string]interface{}{ 11815 "verdict": getRuleVerdictName(ruleVerdictContinue), 11816 "rule_type": "*acl.aclRuleDenyWithWarnLoggerCounterStop", 11817 }, 11818 }, {name: "deny and stop processing with warn logging and with counter with continue verdict 2", 11819 config: &RuleConfiguration{ 11820 Comment: "foobar barfoo", 11821 Conditions: []string{"exact match roles foobar"}, 11822 Action: `deny stop counter log warn`, 11823 }, input: map[string]interface{}{ 11824 "name": "John Smith", 11825 "roles": []string{"barfoo"}, 11826 }, 11827 emptyFields: true, 11828 want: map[string]interface{}{ 11829 "verdict": getRuleVerdictName(ruleVerdictContinue), 11830 "empty_fields": true, 11831 "rule_type": "*acl.aclRuleDenyWithWarnLoggerCounterStop", 11832 }, 11833 }, {name: "deny and stop processing with warn logging and with counter with continue verdict 3", 11834 config: &RuleConfiguration{ 11835 Comment: "foobar barfoo", 11836 Conditions: []string{"exact match roles foobar"}, 11837 Action: `deny stop counter log warn`, 11838 }, input: map[string]interface{}{ 11839 "name": "John Smith", 11840 }, 11841 emptyFields: true, 11842 want: map[string]interface{}{ 11843 "verdict": getRuleVerdictName(ruleVerdictContinue), 11844 "empty_fields": true, 11845 "rule_type": "*acl.aclRuleDenyWithWarnLoggerCounterStop", 11846 }, 11847 }, {name: "deny and stop processing with error logging and with counter with deny stop verdict", 11848 config: &RuleConfiguration{ 11849 Comment: "foobar barfoo", 11850 Conditions: []string{"exact match roles foobar"}, 11851 Action: `deny stop counter log error`, 11852 }, input: map[string]interface{}{ 11853 "roles": []string{"foobar"}, 11854 }, 11855 want: map[string]interface{}{ 11856 "verdict": getRuleVerdictName(ruleVerdictDenyStop), 11857 "rule_type": "*acl.aclRuleDenyWithErrorLoggerCounterStop", 11858 }, 11859 }, {name: "deny and stop processing with error logging and with counter with continue verdict", 11860 config: &RuleConfiguration{ 11861 Comment: "foobar barfoo", 11862 Conditions: []string{"exact match roles foobar"}, 11863 Action: `deny stop counter log error`, 11864 }, input: map[string]interface{}{ 11865 "name": "John Smith", 11866 "roles": []string{"barfoo"}, 11867 }, 11868 want: map[string]interface{}{ 11869 "verdict": getRuleVerdictName(ruleVerdictContinue), 11870 "rule_type": "*acl.aclRuleDenyWithErrorLoggerCounterStop", 11871 }, 11872 }, {name: "deny and stop processing with error logging and with counter with continue verdict 1", 11873 config: &RuleConfiguration{ 11874 Comment: "foobar barfoo", 11875 Conditions: []string{"exact match roles foobar"}, 11876 Action: `deny stop counter log error`, 11877 }, input: map[string]interface{}{ 11878 "name": "John Smith", 11879 }, 11880 want: map[string]interface{}{ 11881 "verdict": getRuleVerdictName(ruleVerdictContinue), 11882 "rule_type": "*acl.aclRuleDenyWithErrorLoggerCounterStop", 11883 }, 11884 }, {name: "deny and stop processing with error logging and with counter with continue verdict 2", 11885 config: &RuleConfiguration{ 11886 Comment: "foobar barfoo", 11887 Conditions: []string{"exact match roles foobar"}, 11888 Action: `deny stop counter log error`, 11889 }, input: map[string]interface{}{ 11890 "name": "John Smith", 11891 "roles": []string{"barfoo"}, 11892 }, 11893 emptyFields: true, 11894 want: map[string]interface{}{ 11895 "verdict": getRuleVerdictName(ruleVerdictContinue), 11896 "empty_fields": true, 11897 "rule_type": "*acl.aclRuleDenyWithErrorLoggerCounterStop", 11898 }, 11899 }, {name: "deny and stop processing with error logging and with counter with continue verdict 3", 11900 config: &RuleConfiguration{ 11901 Comment: "foobar barfoo", 11902 Conditions: []string{"exact match roles foobar"}, 11903 Action: `deny stop counter log error`, 11904 }, input: map[string]interface{}{ 11905 "name": "John Smith", 11906 }, 11907 emptyFields: true, 11908 want: map[string]interface{}{ 11909 "verdict": getRuleVerdictName(ruleVerdictContinue), 11910 "empty_fields": true, 11911 "rule_type": "*acl.aclRuleDenyWithErrorLoggerCounterStop", 11912 }, 11913 }, {name: "deny any with debug logging and with counter with deny verdict", 11914 config: &RuleConfiguration{ 11915 Comment: "foobar barfoo", 11916 Conditions: []string{ 11917 "exact match roles foobar", 11918 "exact match org nyc", 11919 }, 11920 Action: `deny any counter log debug`, 11921 }, input: map[string]interface{}{ 11922 "roles": []string{"foobar"}, 11923 }, 11924 want: map[string]interface{}{ 11925 "verdict": getRuleVerdictName(ruleVerdictDeny), 11926 "rule_type": "*acl.aclRuleDenyWithDebugLoggerCounterMatchAny", 11927 }, 11928 }, {name: "deny any with debug logging and with counter with continue verdict", 11929 config: &RuleConfiguration{ 11930 Comment: "foobar barfoo", 11931 Conditions: []string{ 11932 "exact match roles foobar", 11933 "exact match org nyc", 11934 }, 11935 Action: `deny any counter log debug`, 11936 }, input: map[string]interface{}{ 11937 "name": "John Smith", 11938 "roles": []string{"barfoo"}, 11939 }, 11940 want: map[string]interface{}{ 11941 "verdict": getRuleVerdictName(ruleVerdictContinue), 11942 "rule_type": "*acl.aclRuleDenyWithDebugLoggerCounterMatchAny", 11943 }, 11944 }, {name: "deny any with debug logging and with counter with continue verdict 1", 11945 config: &RuleConfiguration{ 11946 Comment: "foobar barfoo", 11947 Conditions: []string{ 11948 "exact match roles foobar", 11949 "exact match org nyc", 11950 }, 11951 Action: `deny any counter log debug`, 11952 }, input: map[string]interface{}{ 11953 "name": "John Smith", 11954 }, 11955 want: map[string]interface{}{ 11956 "verdict": getRuleVerdictName(ruleVerdictContinue), 11957 "rule_type": "*acl.aclRuleDenyWithDebugLoggerCounterMatchAny", 11958 }, 11959 }, {name: "deny any with debug logging and with counter with continue verdict 2", 11960 config: &RuleConfiguration{ 11961 Comment: "foobar barfoo", 11962 Conditions: []string{ 11963 "exact match roles foobar", 11964 "exact match org nyc", 11965 }, 11966 Action: `deny any counter log debug`, 11967 }, input: map[string]interface{}{ 11968 "name": "John Smith", 11969 "roles": []string{"barfoo"}, 11970 }, 11971 emptyFields: true, 11972 want: map[string]interface{}{ 11973 "verdict": getRuleVerdictName(ruleVerdictContinue), 11974 "empty_fields": true, 11975 "rule_type": "*acl.aclRuleDenyWithDebugLoggerCounterMatchAny", 11976 }, 11977 }, {name: "deny any with debug logging and with counter with continue verdict 3", 11978 config: &RuleConfiguration{ 11979 Comment: "foobar barfoo", 11980 Conditions: []string{ 11981 "exact match roles foobar", 11982 "exact match org nyc", 11983 }, 11984 Action: `deny any counter log debug`, 11985 }, input: map[string]interface{}{ 11986 "name": "John Smith", 11987 }, 11988 emptyFields: true, 11989 want: map[string]interface{}{ 11990 "verdict": getRuleVerdictName(ruleVerdictContinue), 11991 "empty_fields": true, 11992 "rule_type": "*acl.aclRuleDenyWithDebugLoggerCounterMatchAny", 11993 }, 11994 }, {name: "deny any with info logging and with counter with deny verdict", 11995 config: &RuleConfiguration{ 11996 Comment: "foobar barfoo", 11997 Conditions: []string{ 11998 "exact match roles foobar", 11999 "exact match org nyc", 12000 }, 12001 Action: `deny any counter log info`, 12002 }, input: map[string]interface{}{ 12003 "roles": []string{"foobar"}, 12004 }, 12005 want: map[string]interface{}{ 12006 "verdict": getRuleVerdictName(ruleVerdictDeny), 12007 "rule_type": "*acl.aclRuleDenyWithInfoLoggerCounterMatchAny", 12008 }, 12009 }, {name: "deny any with info logging and with counter with continue verdict", 12010 config: &RuleConfiguration{ 12011 Comment: "foobar barfoo", 12012 Conditions: []string{ 12013 "exact match roles foobar", 12014 "exact match org nyc", 12015 }, 12016 Action: `deny any counter log info`, 12017 }, input: map[string]interface{}{ 12018 "name": "John Smith", 12019 "roles": []string{"barfoo"}, 12020 }, 12021 want: map[string]interface{}{ 12022 "verdict": getRuleVerdictName(ruleVerdictContinue), 12023 "rule_type": "*acl.aclRuleDenyWithInfoLoggerCounterMatchAny", 12024 }, 12025 }, {name: "deny any with info logging and with counter with continue verdict 1", 12026 config: &RuleConfiguration{ 12027 Comment: "foobar barfoo", 12028 Conditions: []string{ 12029 "exact match roles foobar", 12030 "exact match org nyc", 12031 }, 12032 Action: `deny any counter log info`, 12033 }, input: map[string]interface{}{ 12034 "name": "John Smith", 12035 }, 12036 want: map[string]interface{}{ 12037 "verdict": getRuleVerdictName(ruleVerdictContinue), 12038 "rule_type": "*acl.aclRuleDenyWithInfoLoggerCounterMatchAny", 12039 }, 12040 }, {name: "deny any with info logging and with counter with continue verdict 2", 12041 config: &RuleConfiguration{ 12042 Comment: "foobar barfoo", 12043 Conditions: []string{ 12044 "exact match roles foobar", 12045 "exact match org nyc", 12046 }, 12047 Action: `deny any counter log info`, 12048 }, input: map[string]interface{}{ 12049 "name": "John Smith", 12050 "roles": []string{"barfoo"}, 12051 }, 12052 emptyFields: true, 12053 want: map[string]interface{}{ 12054 "verdict": getRuleVerdictName(ruleVerdictContinue), 12055 "empty_fields": true, 12056 "rule_type": "*acl.aclRuleDenyWithInfoLoggerCounterMatchAny", 12057 }, 12058 }, {name: "deny any with info logging and with counter with continue verdict 3", 12059 config: &RuleConfiguration{ 12060 Comment: "foobar barfoo", 12061 Conditions: []string{ 12062 "exact match roles foobar", 12063 "exact match org nyc", 12064 }, 12065 Action: `deny any counter log info`, 12066 }, input: map[string]interface{}{ 12067 "name": "John Smith", 12068 }, 12069 emptyFields: true, 12070 want: map[string]interface{}{ 12071 "verdict": getRuleVerdictName(ruleVerdictContinue), 12072 "empty_fields": true, 12073 "rule_type": "*acl.aclRuleDenyWithInfoLoggerCounterMatchAny", 12074 }, 12075 }, {name: "deny any with warn logging and with counter with deny verdict", 12076 config: &RuleConfiguration{ 12077 Comment: "foobar barfoo", 12078 Conditions: []string{ 12079 "exact match roles foobar", 12080 "exact match org nyc", 12081 }, 12082 Action: `deny any counter log warn`, 12083 }, input: map[string]interface{}{ 12084 "roles": []string{"foobar"}, 12085 }, 12086 want: map[string]interface{}{ 12087 "verdict": getRuleVerdictName(ruleVerdictDeny), 12088 "rule_type": "*acl.aclRuleDenyWithWarnLoggerCounterMatchAny", 12089 }, 12090 }, {name: "deny any with warn logging and with counter with continue verdict", 12091 config: &RuleConfiguration{ 12092 Comment: "foobar barfoo", 12093 Conditions: []string{ 12094 "exact match roles foobar", 12095 "exact match org nyc", 12096 }, 12097 Action: `deny any counter log warn`, 12098 }, input: map[string]interface{}{ 12099 "name": "John Smith", 12100 "roles": []string{"barfoo"}, 12101 }, 12102 want: map[string]interface{}{ 12103 "verdict": getRuleVerdictName(ruleVerdictContinue), 12104 "rule_type": "*acl.aclRuleDenyWithWarnLoggerCounterMatchAny", 12105 }, 12106 }, {name: "deny any with warn logging and with counter with continue verdict 1", 12107 config: &RuleConfiguration{ 12108 Comment: "foobar barfoo", 12109 Conditions: []string{ 12110 "exact match roles foobar", 12111 "exact match org nyc", 12112 }, 12113 Action: `deny any counter log warn`, 12114 }, input: map[string]interface{}{ 12115 "name": "John Smith", 12116 }, 12117 want: map[string]interface{}{ 12118 "verdict": getRuleVerdictName(ruleVerdictContinue), 12119 "rule_type": "*acl.aclRuleDenyWithWarnLoggerCounterMatchAny", 12120 }, 12121 }, {name: "deny any with warn logging and with counter with continue verdict 2", 12122 config: &RuleConfiguration{ 12123 Comment: "foobar barfoo", 12124 Conditions: []string{ 12125 "exact match roles foobar", 12126 "exact match org nyc", 12127 }, 12128 Action: `deny any counter log warn`, 12129 }, input: map[string]interface{}{ 12130 "name": "John Smith", 12131 "roles": []string{"barfoo"}, 12132 }, 12133 emptyFields: true, 12134 want: map[string]interface{}{ 12135 "verdict": getRuleVerdictName(ruleVerdictContinue), 12136 "empty_fields": true, 12137 "rule_type": "*acl.aclRuleDenyWithWarnLoggerCounterMatchAny", 12138 }, 12139 }, {name: "deny any with warn logging and with counter with continue verdict 3", 12140 config: &RuleConfiguration{ 12141 Comment: "foobar barfoo", 12142 Conditions: []string{ 12143 "exact match roles foobar", 12144 "exact match org nyc", 12145 }, 12146 Action: `deny any counter log warn`, 12147 }, input: map[string]interface{}{ 12148 "name": "John Smith", 12149 }, 12150 emptyFields: true, 12151 want: map[string]interface{}{ 12152 "verdict": getRuleVerdictName(ruleVerdictContinue), 12153 "empty_fields": true, 12154 "rule_type": "*acl.aclRuleDenyWithWarnLoggerCounterMatchAny", 12155 }, 12156 }, {name: "deny any with error logging and with counter with deny verdict", 12157 config: &RuleConfiguration{ 12158 Comment: "foobar barfoo", 12159 Conditions: []string{ 12160 "exact match roles foobar", 12161 "exact match org nyc", 12162 }, 12163 Action: `deny any counter log error`, 12164 }, input: map[string]interface{}{ 12165 "roles": []string{"foobar"}, 12166 }, 12167 want: map[string]interface{}{ 12168 "verdict": getRuleVerdictName(ruleVerdictDeny), 12169 "rule_type": "*acl.aclRuleDenyWithErrorLoggerCounterMatchAny", 12170 }, 12171 }, {name: "deny any with error logging and with counter with continue verdict", 12172 config: &RuleConfiguration{ 12173 Comment: "foobar barfoo", 12174 Conditions: []string{ 12175 "exact match roles foobar", 12176 "exact match org nyc", 12177 }, 12178 Action: `deny any counter log error`, 12179 }, input: map[string]interface{}{ 12180 "name": "John Smith", 12181 "roles": []string{"barfoo"}, 12182 }, 12183 want: map[string]interface{}{ 12184 "verdict": getRuleVerdictName(ruleVerdictContinue), 12185 "rule_type": "*acl.aclRuleDenyWithErrorLoggerCounterMatchAny", 12186 }, 12187 }, {name: "deny any with error logging and with counter with continue verdict 1", 12188 config: &RuleConfiguration{ 12189 Comment: "foobar barfoo", 12190 Conditions: []string{ 12191 "exact match roles foobar", 12192 "exact match org nyc", 12193 }, 12194 Action: `deny any counter log error`, 12195 }, input: map[string]interface{}{ 12196 "name": "John Smith", 12197 }, 12198 want: map[string]interface{}{ 12199 "verdict": getRuleVerdictName(ruleVerdictContinue), 12200 "rule_type": "*acl.aclRuleDenyWithErrorLoggerCounterMatchAny", 12201 }, 12202 }, {name: "deny any with error logging and with counter with continue verdict 2", 12203 config: &RuleConfiguration{ 12204 Comment: "foobar barfoo", 12205 Conditions: []string{ 12206 "exact match roles foobar", 12207 "exact match org nyc", 12208 }, 12209 Action: `deny any counter log error`, 12210 }, input: map[string]interface{}{ 12211 "name": "John Smith", 12212 "roles": []string{"barfoo"}, 12213 }, 12214 emptyFields: true, 12215 want: map[string]interface{}{ 12216 "verdict": getRuleVerdictName(ruleVerdictContinue), 12217 "empty_fields": true, 12218 "rule_type": "*acl.aclRuleDenyWithErrorLoggerCounterMatchAny", 12219 }, 12220 }, {name: "deny any with error logging and with counter with continue verdict 3", 12221 config: &RuleConfiguration{ 12222 Comment: "foobar barfoo", 12223 Conditions: []string{ 12224 "exact match roles foobar", 12225 "exact match org nyc", 12226 }, 12227 Action: `deny any counter log error`, 12228 }, input: map[string]interface{}{ 12229 "name": "John Smith", 12230 }, 12231 emptyFields: true, 12232 want: map[string]interface{}{ 12233 "verdict": getRuleVerdictName(ruleVerdictContinue), 12234 "empty_fields": true, 12235 "rule_type": "*acl.aclRuleDenyWithErrorLoggerCounterMatchAny", 12236 }, 12237 }, {name: "deny all with debug logging and with counter with deny verdict", 12238 config: &RuleConfiguration{ 12239 Comment: "foobar barfoo", 12240 Conditions: []string{ 12241 "exact match roles foobar", 12242 "exact match org nyc", 12243 }, 12244 Action: `deny counter log debug`, 12245 }, input: map[string]interface{}{ 12246 "roles": []string{"foobar"}, 12247 "org": []string{"nyc"}, 12248 }, 12249 want: map[string]interface{}{ 12250 "verdict": getRuleVerdictName(ruleVerdictDeny), 12251 "rule_type": "*acl.aclRuleDenyWithDebugLoggerCounterMatchAll", 12252 }, 12253 }, {name: "deny all with debug logging and with counter with continue verdict", 12254 config: &RuleConfiguration{ 12255 Comment: "foobar barfoo", 12256 Conditions: []string{ 12257 "exact match roles foobar", 12258 "exact match org nyc", 12259 }, 12260 Action: `deny counter log debug`, 12261 }, input: map[string]interface{}{ 12262 "name": "John Smith", 12263 "roles": []string{"barfoo"}, 12264 }, 12265 want: map[string]interface{}{ 12266 "verdict": getRuleVerdictName(ruleVerdictContinue), 12267 "rule_type": "*acl.aclRuleDenyWithDebugLoggerCounterMatchAll", 12268 }, 12269 }, {name: "deny all with debug logging and with counter with continue verdict 1", 12270 config: &RuleConfiguration{ 12271 Comment: "foobar barfoo", 12272 Conditions: []string{ 12273 "exact match roles foobar", 12274 "exact match org nyc", 12275 }, 12276 Action: `deny counter log debug`, 12277 }, input: map[string]interface{}{ 12278 "name": "John Smith", 12279 }, 12280 want: map[string]interface{}{ 12281 "verdict": getRuleVerdictName(ruleVerdictContinue), 12282 "rule_type": "*acl.aclRuleDenyWithDebugLoggerCounterMatchAll", 12283 }, 12284 }, {name: "deny all with debug logging and with counter with continue verdict 2", 12285 config: &RuleConfiguration{ 12286 Comment: "foobar barfoo", 12287 Conditions: []string{ 12288 "exact match roles foobar", 12289 "exact match org nyc", 12290 }, 12291 Action: `deny counter log debug`, 12292 }, input: map[string]interface{}{ 12293 "name": "John Smith", 12294 "roles": []string{"barfoo"}, 12295 }, 12296 emptyFields: true, 12297 want: map[string]interface{}{ 12298 "verdict": getRuleVerdictName(ruleVerdictContinue), 12299 "empty_fields": true, 12300 "rule_type": "*acl.aclRuleDenyWithDebugLoggerCounterMatchAll", 12301 }, 12302 }, {name: "deny all with debug logging and with counter with continue verdict 3", 12303 config: &RuleConfiguration{ 12304 Comment: "foobar barfoo", 12305 Conditions: []string{ 12306 "exact match roles foobar", 12307 "exact match org nyc", 12308 }, 12309 Action: `deny counter log debug`, 12310 }, input: map[string]interface{}{ 12311 "name": "John Smith", 12312 }, 12313 emptyFields: true, 12314 want: map[string]interface{}{ 12315 "verdict": getRuleVerdictName(ruleVerdictContinue), 12316 "empty_fields": true, 12317 "rule_type": "*acl.aclRuleDenyWithDebugLoggerCounterMatchAll", 12318 }, 12319 }, {name: "deny all with info logging and with counter with deny verdict", 12320 config: &RuleConfiguration{ 12321 Comment: "foobar barfoo", 12322 Conditions: []string{ 12323 "exact match roles foobar", 12324 "exact match org nyc", 12325 }, 12326 Action: `deny counter log info`, 12327 }, input: map[string]interface{}{ 12328 "roles": []string{"foobar"}, 12329 "org": []string{"nyc"}, 12330 }, 12331 want: map[string]interface{}{ 12332 "verdict": getRuleVerdictName(ruleVerdictDeny), 12333 "rule_type": "*acl.aclRuleDenyWithInfoLoggerCounterMatchAll", 12334 }, 12335 }, {name: "deny all with info logging and with counter with continue verdict", 12336 config: &RuleConfiguration{ 12337 Comment: "foobar barfoo", 12338 Conditions: []string{ 12339 "exact match roles foobar", 12340 "exact match org nyc", 12341 }, 12342 Action: `deny counter log info`, 12343 }, input: map[string]interface{}{ 12344 "name": "John Smith", 12345 "roles": []string{"barfoo"}, 12346 }, 12347 want: map[string]interface{}{ 12348 "verdict": getRuleVerdictName(ruleVerdictContinue), 12349 "rule_type": "*acl.aclRuleDenyWithInfoLoggerCounterMatchAll", 12350 }, 12351 }, {name: "deny all with info logging and with counter with continue verdict 1", 12352 config: &RuleConfiguration{ 12353 Comment: "foobar barfoo", 12354 Conditions: []string{ 12355 "exact match roles foobar", 12356 "exact match org nyc", 12357 }, 12358 Action: `deny counter log info`, 12359 }, input: map[string]interface{}{ 12360 "name": "John Smith", 12361 }, 12362 want: map[string]interface{}{ 12363 "verdict": getRuleVerdictName(ruleVerdictContinue), 12364 "rule_type": "*acl.aclRuleDenyWithInfoLoggerCounterMatchAll", 12365 }, 12366 }, {name: "deny all with info logging and with counter with continue verdict 2", 12367 config: &RuleConfiguration{ 12368 Comment: "foobar barfoo", 12369 Conditions: []string{ 12370 "exact match roles foobar", 12371 "exact match org nyc", 12372 }, 12373 Action: `deny counter log info`, 12374 }, input: map[string]interface{}{ 12375 "name": "John Smith", 12376 "roles": []string{"barfoo"}, 12377 }, 12378 emptyFields: true, 12379 want: map[string]interface{}{ 12380 "verdict": getRuleVerdictName(ruleVerdictContinue), 12381 "empty_fields": true, 12382 "rule_type": "*acl.aclRuleDenyWithInfoLoggerCounterMatchAll", 12383 }, 12384 }, {name: "deny all with info logging and with counter with continue verdict 3", 12385 config: &RuleConfiguration{ 12386 Comment: "foobar barfoo", 12387 Conditions: []string{ 12388 "exact match roles foobar", 12389 "exact match org nyc", 12390 }, 12391 Action: `deny counter log info`, 12392 }, input: map[string]interface{}{ 12393 "name": "John Smith", 12394 }, 12395 emptyFields: true, 12396 want: map[string]interface{}{ 12397 "verdict": getRuleVerdictName(ruleVerdictContinue), 12398 "empty_fields": true, 12399 "rule_type": "*acl.aclRuleDenyWithInfoLoggerCounterMatchAll", 12400 }, 12401 }, {name: "deny all with warn logging and with counter with deny verdict", 12402 config: &RuleConfiguration{ 12403 Comment: "foobar barfoo", 12404 Conditions: []string{ 12405 "exact match roles foobar", 12406 "exact match org nyc", 12407 }, 12408 Action: `deny counter log warn`, 12409 }, input: map[string]interface{}{ 12410 "roles": []string{"foobar"}, 12411 "org": []string{"nyc"}, 12412 }, 12413 want: map[string]interface{}{ 12414 "verdict": getRuleVerdictName(ruleVerdictDeny), 12415 "rule_type": "*acl.aclRuleDenyWithWarnLoggerCounterMatchAll", 12416 }, 12417 }, {name: "deny all with warn logging and with counter with continue verdict", 12418 config: &RuleConfiguration{ 12419 Comment: "foobar barfoo", 12420 Conditions: []string{ 12421 "exact match roles foobar", 12422 "exact match org nyc", 12423 }, 12424 Action: `deny counter log warn`, 12425 }, input: map[string]interface{}{ 12426 "name": "John Smith", 12427 "roles": []string{"barfoo"}, 12428 }, 12429 want: map[string]interface{}{ 12430 "verdict": getRuleVerdictName(ruleVerdictContinue), 12431 "rule_type": "*acl.aclRuleDenyWithWarnLoggerCounterMatchAll", 12432 }, 12433 }, {name: "deny all with warn logging and with counter with continue verdict 1", 12434 config: &RuleConfiguration{ 12435 Comment: "foobar barfoo", 12436 Conditions: []string{ 12437 "exact match roles foobar", 12438 "exact match org nyc", 12439 }, 12440 Action: `deny counter log warn`, 12441 }, input: map[string]interface{}{ 12442 "name": "John Smith", 12443 }, 12444 want: map[string]interface{}{ 12445 "verdict": getRuleVerdictName(ruleVerdictContinue), 12446 "rule_type": "*acl.aclRuleDenyWithWarnLoggerCounterMatchAll", 12447 }, 12448 }, {name: "deny all with warn logging and with counter with continue verdict 2", 12449 config: &RuleConfiguration{ 12450 Comment: "foobar barfoo", 12451 Conditions: []string{ 12452 "exact match roles foobar", 12453 "exact match org nyc", 12454 }, 12455 Action: `deny counter log warn`, 12456 }, input: map[string]interface{}{ 12457 "name": "John Smith", 12458 "roles": []string{"barfoo"}, 12459 }, 12460 emptyFields: true, 12461 want: map[string]interface{}{ 12462 "verdict": getRuleVerdictName(ruleVerdictContinue), 12463 "empty_fields": true, 12464 "rule_type": "*acl.aclRuleDenyWithWarnLoggerCounterMatchAll", 12465 }, 12466 }, {name: "deny all with warn logging and with counter with continue verdict 3", 12467 config: &RuleConfiguration{ 12468 Comment: "foobar barfoo", 12469 Conditions: []string{ 12470 "exact match roles foobar", 12471 "exact match org nyc", 12472 }, 12473 Action: `deny counter log warn`, 12474 }, input: map[string]interface{}{ 12475 "name": "John Smith", 12476 }, 12477 emptyFields: true, 12478 want: map[string]interface{}{ 12479 "verdict": getRuleVerdictName(ruleVerdictContinue), 12480 "empty_fields": true, 12481 "rule_type": "*acl.aclRuleDenyWithWarnLoggerCounterMatchAll", 12482 }, 12483 }, {name: "deny all with error logging and with counter with deny verdict", 12484 config: &RuleConfiguration{ 12485 Comment: "foobar barfoo", 12486 Conditions: []string{ 12487 "exact match roles foobar", 12488 "exact match org nyc", 12489 }, 12490 Action: `deny counter log error`, 12491 }, input: map[string]interface{}{ 12492 "roles": []string{"foobar"}, 12493 "org": []string{"nyc"}, 12494 }, 12495 want: map[string]interface{}{ 12496 "verdict": getRuleVerdictName(ruleVerdictDeny), 12497 "rule_type": "*acl.aclRuleDenyWithErrorLoggerCounterMatchAll", 12498 }, 12499 }, {name: "deny all with error logging and with counter with continue verdict", 12500 config: &RuleConfiguration{ 12501 Comment: "foobar barfoo", 12502 Conditions: []string{ 12503 "exact match roles foobar", 12504 "exact match org nyc", 12505 }, 12506 Action: `deny counter log error`, 12507 }, input: map[string]interface{}{ 12508 "name": "John Smith", 12509 "roles": []string{"barfoo"}, 12510 }, 12511 want: map[string]interface{}{ 12512 "verdict": getRuleVerdictName(ruleVerdictContinue), 12513 "rule_type": "*acl.aclRuleDenyWithErrorLoggerCounterMatchAll", 12514 }, 12515 }, {name: "deny all with error logging and with counter with continue verdict 1", 12516 config: &RuleConfiguration{ 12517 Comment: "foobar barfoo", 12518 Conditions: []string{ 12519 "exact match roles foobar", 12520 "exact match org nyc", 12521 }, 12522 Action: `deny counter log error`, 12523 }, input: map[string]interface{}{ 12524 "name": "John Smith", 12525 }, 12526 want: map[string]interface{}{ 12527 "verdict": getRuleVerdictName(ruleVerdictContinue), 12528 "rule_type": "*acl.aclRuleDenyWithErrorLoggerCounterMatchAll", 12529 }, 12530 }, {name: "deny all with error logging and with counter with continue verdict 2", 12531 config: &RuleConfiguration{ 12532 Comment: "foobar barfoo", 12533 Conditions: []string{ 12534 "exact match roles foobar", 12535 "exact match org nyc", 12536 }, 12537 Action: `deny counter log error`, 12538 }, input: map[string]interface{}{ 12539 "name": "John Smith", 12540 "roles": []string{"barfoo"}, 12541 }, 12542 emptyFields: true, 12543 want: map[string]interface{}{ 12544 "verdict": getRuleVerdictName(ruleVerdictContinue), 12545 "empty_fields": true, 12546 "rule_type": "*acl.aclRuleDenyWithErrorLoggerCounterMatchAll", 12547 }, 12548 }, {name: "deny all with error logging and with counter with continue verdict 3", 12549 config: &RuleConfiguration{ 12550 Comment: "foobar barfoo", 12551 Conditions: []string{ 12552 "exact match roles foobar", 12553 "exact match org nyc", 12554 }, 12555 Action: `deny counter log error`, 12556 }, input: map[string]interface{}{ 12557 "name": "John Smith", 12558 }, 12559 emptyFields: true, 12560 want: map[string]interface{}{ 12561 "verdict": getRuleVerdictName(ruleVerdictContinue), 12562 "empty_fields": true, 12563 "rule_type": "*acl.aclRuleDenyWithErrorLoggerCounterMatchAll", 12564 }, 12565 }, {name: "deny with debug logging and with counter with deny verdict", 12566 config: &RuleConfiguration{ 12567 Comment: "foobar barfoo", 12568 Conditions: []string{"exact match roles foobar"}, 12569 Action: `deny counter log debug`, 12570 }, input: map[string]interface{}{ 12571 "roles": []string{"foobar"}, 12572 }, 12573 want: map[string]interface{}{ 12574 "verdict": getRuleVerdictName(ruleVerdictDeny), 12575 "rule_type": "*acl.aclRuleDenyWithDebugLoggerCounter", 12576 }, 12577 }, {name: "deny with debug logging and with counter with continue verdict", 12578 config: &RuleConfiguration{ 12579 Comment: "foobar barfoo", 12580 Conditions: []string{"exact match roles foobar"}, 12581 Action: `deny counter log debug`, 12582 }, input: map[string]interface{}{ 12583 "name": "John Smith", 12584 "roles": []string{"barfoo"}, 12585 }, 12586 want: map[string]interface{}{ 12587 "verdict": getRuleVerdictName(ruleVerdictContinue), 12588 "rule_type": "*acl.aclRuleDenyWithDebugLoggerCounter", 12589 }, 12590 }, {name: "deny with debug logging and with counter with continue verdict 1", 12591 config: &RuleConfiguration{ 12592 Comment: "foobar barfoo", 12593 Conditions: []string{"exact match roles foobar"}, 12594 Action: `deny counter log debug`, 12595 }, input: map[string]interface{}{ 12596 "name": "John Smith", 12597 }, 12598 want: map[string]interface{}{ 12599 "verdict": getRuleVerdictName(ruleVerdictContinue), 12600 "rule_type": "*acl.aclRuleDenyWithDebugLoggerCounter", 12601 }, 12602 }, {name: "deny with debug logging and with counter with continue verdict 2", 12603 config: &RuleConfiguration{ 12604 Comment: "foobar barfoo", 12605 Conditions: []string{"exact match roles foobar"}, 12606 Action: `deny counter log debug`, 12607 }, input: map[string]interface{}{ 12608 "name": "John Smith", 12609 "roles": []string{"barfoo"}, 12610 }, 12611 emptyFields: true, 12612 want: map[string]interface{}{ 12613 "verdict": getRuleVerdictName(ruleVerdictContinue), 12614 "empty_fields": true, 12615 "rule_type": "*acl.aclRuleDenyWithDebugLoggerCounter", 12616 }, 12617 }, {name: "deny with debug logging and with counter with continue verdict 3", 12618 config: &RuleConfiguration{ 12619 Comment: "foobar barfoo", 12620 Conditions: []string{"exact match roles foobar"}, 12621 Action: `deny counter log debug`, 12622 }, input: map[string]interface{}{ 12623 "name": "John Smith", 12624 }, 12625 emptyFields: true, 12626 want: map[string]interface{}{ 12627 "verdict": getRuleVerdictName(ruleVerdictContinue), 12628 "empty_fields": true, 12629 "rule_type": "*acl.aclRuleDenyWithDebugLoggerCounter", 12630 }, 12631 }, {name: "deny with info logging and with counter with deny verdict", 12632 config: &RuleConfiguration{ 12633 Comment: "foobar barfoo", 12634 Conditions: []string{"exact match roles foobar"}, 12635 Action: `deny counter log info`, 12636 }, input: map[string]interface{}{ 12637 "roles": []string{"foobar"}, 12638 }, 12639 want: map[string]interface{}{ 12640 "verdict": getRuleVerdictName(ruleVerdictDeny), 12641 "rule_type": "*acl.aclRuleDenyWithInfoLoggerCounter", 12642 }, 12643 }, {name: "deny with info logging and with counter with continue verdict", 12644 config: &RuleConfiguration{ 12645 Comment: "foobar barfoo", 12646 Conditions: []string{"exact match roles foobar"}, 12647 Action: `deny counter log info`, 12648 }, input: map[string]interface{}{ 12649 "name": "John Smith", 12650 "roles": []string{"barfoo"}, 12651 }, 12652 want: map[string]interface{}{ 12653 "verdict": getRuleVerdictName(ruleVerdictContinue), 12654 "rule_type": "*acl.aclRuleDenyWithInfoLoggerCounter", 12655 }, 12656 }, {name: "deny with info logging and with counter with continue verdict 1", 12657 config: &RuleConfiguration{ 12658 Comment: "foobar barfoo", 12659 Conditions: []string{"exact match roles foobar"}, 12660 Action: `deny counter log info`, 12661 }, input: map[string]interface{}{ 12662 "name": "John Smith", 12663 }, 12664 want: map[string]interface{}{ 12665 "verdict": getRuleVerdictName(ruleVerdictContinue), 12666 "rule_type": "*acl.aclRuleDenyWithInfoLoggerCounter", 12667 }, 12668 }, {name: "deny with info logging and with counter with continue verdict 2", 12669 config: &RuleConfiguration{ 12670 Comment: "foobar barfoo", 12671 Conditions: []string{"exact match roles foobar"}, 12672 Action: `deny counter log info`, 12673 }, input: map[string]interface{}{ 12674 "name": "John Smith", 12675 "roles": []string{"barfoo"}, 12676 }, 12677 emptyFields: true, 12678 want: map[string]interface{}{ 12679 "verdict": getRuleVerdictName(ruleVerdictContinue), 12680 "empty_fields": true, 12681 "rule_type": "*acl.aclRuleDenyWithInfoLoggerCounter", 12682 }, 12683 }, {name: "deny with info logging and with counter with continue verdict 3", 12684 config: &RuleConfiguration{ 12685 Comment: "foobar barfoo", 12686 Conditions: []string{"exact match roles foobar"}, 12687 Action: `deny counter log info`, 12688 }, input: map[string]interface{}{ 12689 "name": "John Smith", 12690 }, 12691 emptyFields: true, 12692 want: map[string]interface{}{ 12693 "verdict": getRuleVerdictName(ruleVerdictContinue), 12694 "empty_fields": true, 12695 "rule_type": "*acl.aclRuleDenyWithInfoLoggerCounter", 12696 }, 12697 }, {name: "deny with warn logging and with counter with deny verdict", 12698 config: &RuleConfiguration{ 12699 Comment: "foobar barfoo", 12700 Conditions: []string{"exact match roles foobar"}, 12701 Action: `deny counter log warn`, 12702 }, input: map[string]interface{}{ 12703 "roles": []string{"foobar"}, 12704 }, 12705 want: map[string]interface{}{ 12706 "verdict": getRuleVerdictName(ruleVerdictDeny), 12707 "rule_type": "*acl.aclRuleDenyWithWarnLoggerCounter", 12708 }, 12709 }, {name: "deny with warn logging and with counter with continue verdict", 12710 config: &RuleConfiguration{ 12711 Comment: "foobar barfoo", 12712 Conditions: []string{"exact match roles foobar"}, 12713 Action: `deny counter log warn`, 12714 }, input: map[string]interface{}{ 12715 "name": "John Smith", 12716 "roles": []string{"barfoo"}, 12717 }, 12718 want: map[string]interface{}{ 12719 "verdict": getRuleVerdictName(ruleVerdictContinue), 12720 "rule_type": "*acl.aclRuleDenyWithWarnLoggerCounter", 12721 }, 12722 }, {name: "deny with warn logging and with counter with continue verdict 1", 12723 config: &RuleConfiguration{ 12724 Comment: "foobar barfoo", 12725 Conditions: []string{"exact match roles foobar"}, 12726 Action: `deny counter log warn`, 12727 }, input: map[string]interface{}{ 12728 "name": "John Smith", 12729 }, 12730 want: map[string]interface{}{ 12731 "verdict": getRuleVerdictName(ruleVerdictContinue), 12732 "rule_type": "*acl.aclRuleDenyWithWarnLoggerCounter", 12733 }, 12734 }, {name: "deny with warn logging and with counter with continue verdict 2", 12735 config: &RuleConfiguration{ 12736 Comment: "foobar barfoo", 12737 Conditions: []string{"exact match roles foobar"}, 12738 Action: `deny counter log warn`, 12739 }, input: map[string]interface{}{ 12740 "name": "John Smith", 12741 "roles": []string{"barfoo"}, 12742 }, 12743 emptyFields: true, 12744 want: map[string]interface{}{ 12745 "verdict": getRuleVerdictName(ruleVerdictContinue), 12746 "empty_fields": true, 12747 "rule_type": "*acl.aclRuleDenyWithWarnLoggerCounter", 12748 }, 12749 }, {name: "deny with warn logging and with counter with continue verdict 3", 12750 config: &RuleConfiguration{ 12751 Comment: "foobar barfoo", 12752 Conditions: []string{"exact match roles foobar"}, 12753 Action: `deny counter log warn`, 12754 }, input: map[string]interface{}{ 12755 "name": "John Smith", 12756 }, 12757 emptyFields: true, 12758 want: map[string]interface{}{ 12759 "verdict": getRuleVerdictName(ruleVerdictContinue), 12760 "empty_fields": true, 12761 "rule_type": "*acl.aclRuleDenyWithWarnLoggerCounter", 12762 }, 12763 }, {name: "deny with error logging and with counter with deny verdict", 12764 config: &RuleConfiguration{ 12765 Comment: "foobar barfoo", 12766 Conditions: []string{"exact match roles foobar"}, 12767 Action: `deny counter log error`, 12768 }, input: map[string]interface{}{ 12769 "roles": []string{"foobar"}, 12770 }, 12771 want: map[string]interface{}{ 12772 "verdict": getRuleVerdictName(ruleVerdictDeny), 12773 "rule_type": "*acl.aclRuleDenyWithErrorLoggerCounter", 12774 }, 12775 }, {name: "deny with error logging and with counter with continue verdict", 12776 config: &RuleConfiguration{ 12777 Comment: "foobar barfoo", 12778 Conditions: []string{"exact match roles foobar"}, 12779 Action: `deny counter log error`, 12780 }, input: map[string]interface{}{ 12781 "name": "John Smith", 12782 "roles": []string{"barfoo"}, 12783 }, 12784 want: map[string]interface{}{ 12785 "verdict": getRuleVerdictName(ruleVerdictContinue), 12786 "rule_type": "*acl.aclRuleDenyWithErrorLoggerCounter", 12787 }, 12788 }, {name: "deny with error logging and with counter with continue verdict 1", 12789 config: &RuleConfiguration{ 12790 Comment: "foobar barfoo", 12791 Conditions: []string{"exact match roles foobar"}, 12792 Action: `deny counter log error`, 12793 }, input: map[string]interface{}{ 12794 "name": "John Smith", 12795 }, 12796 want: map[string]interface{}{ 12797 "verdict": getRuleVerdictName(ruleVerdictContinue), 12798 "rule_type": "*acl.aclRuleDenyWithErrorLoggerCounter", 12799 }, 12800 }, {name: "deny with error logging and with counter with continue verdict 2", 12801 config: &RuleConfiguration{ 12802 Comment: "foobar barfoo", 12803 Conditions: []string{"exact match roles foobar"}, 12804 Action: `deny counter log error`, 12805 }, input: map[string]interface{}{ 12806 "name": "John Smith", 12807 "roles": []string{"barfoo"}, 12808 }, 12809 emptyFields: true, 12810 want: map[string]interface{}{ 12811 "verdict": getRuleVerdictName(ruleVerdictContinue), 12812 "empty_fields": true, 12813 "rule_type": "*acl.aclRuleDenyWithErrorLoggerCounter", 12814 }, 12815 }, {name: "deny with error logging and with counter with continue verdict 3", 12816 config: &RuleConfiguration{ 12817 Comment: "foobar barfoo", 12818 Conditions: []string{"exact match roles foobar"}, 12819 Action: `deny counter log error`, 12820 }, input: map[string]interface{}{ 12821 "name": "John Smith", 12822 }, 12823 emptyFields: true, 12824 want: map[string]interface{}{ 12825 "verdict": getRuleVerdictName(ruleVerdictContinue), 12826 "empty_fields": true, 12827 "rule_type": "*acl.aclRuleDenyWithErrorLoggerCounter", 12828 }, 12829 }, 12830 } 12831 for _, tc := range testcases { 12832 t.Run(tc.name, func(t *testing.T) { 12833 t.Logf(tc.name) 12834 var rule aclRule 12835 ctx := context.Background() 12836 logger := logutil.NewLogger() 12837 parsedACLRule, err := newACLRule(ctx, 0, tc.config, logger) 12838 if tests.EvalErr(t, err, tc.config, tc.shouldErr, tc.err) { 12839 return 12840 } 12841 rule = parsedACLRule 12842 ruleType := reflect.TypeOf(rule).String() 12843 got := make(map[string]interface{}) 12844 got["rule_type"] = ruleType 12845 if tc.emptyFields { 12846 got["empty_fields"] = tc.emptyFields 12847 if strings.Contains(ruleType, "Match") { 12848 rule.emptyFields(ctx) 12849 } 12850 } 12851 got["verdict"] = getRuleVerdictName(rule.eval(ctx, tc.input)) 12852 rule.emptyFields(ctx) 12853 // t.Logf("config: %v", tc.config) 12854 // t.Logf("input: %v", tc.input) 12855 tests.EvalObjects(t, "match result", tc.want, got) 12856 }) 12857 } 12858 }