Merge pull request #16 from smallstep/herman/policy

Policy
smallstep · Apr 11, 2022 · c478deb · c478deb
2 parents 0b29d9f + 810e61a
commit c478deb
Show file tree

Hide file tree

Showing 11 changed files with 1,422 additions and 593 deletions.
diff --git a/Makefile b/Makefile
@@ -1,6 +1,6 @@
 all: generate
 
 generate:
-	protoc --proto_path=. --go_out=. --go-grpc_out=. --go_opt=paths=source_relative --go-grpc_opt=paths=source_relative provisioners.proto admin.proto config.proto eab.proto majordomo.proto
+	protoc --proto_path=. --go_out=. --go-grpc_out=. --go_opt=paths=source_relative --go-grpc_opt=paths=source_relative provisioners.proto admin.proto config.proto eab.proto majordomo.proto policy.proto
 
 .PHONY: all generate
diff --git a/config.pb.go b/config.pb.go
diff --git a/config.proto b/config.proto
@@ -6,6 +6,7 @@ option go_package = "go.step.sm/linkedca";
 
 import "admin.proto";
 import "provisioners.proto";
+import "policy.proto";
 import "google/protobuf/struct.proto";
 
 // Configuration is the proto representation of a ca.json. Root keys and SSH
@@ -69,6 +70,7 @@ message Authority {
     bool disable_issued_at_check = 12;
     string backdate = 13;
     string deployment_type = 14;
+    linkedca.Policy policy = 15;
 }
 
 message DistinguishedName {

diff --git a/context.go b/context.go
@@ -8,6 +8,7 @@ const (
 	_ contextKeyType = iota
 	adminContextKey
 	provisionerContextKey
+	externalAccountKeyContextKey
 )
 
 // NewContextWithAdmin returns a copy of ctx which carries an Admin.
@@ -33,3 +34,15 @@ func NewContextWithProvisioner(ctx context.Context, provisioner *Provisioner) co
 func ProvisionerFromContext(ctx context.Context) *Provisioner {
 	return ctx.Value(provisionerContextKey).(*Provisioner)
 }
+
+// NewContextWithExternalAccountKey returns a copy of ctx which carries an EABKey.
+func NewContextWithExternalAccountKey(ctx context.Context, k *EABKey) context.Context {
+	return context.WithValue(ctx, externalAccountKeyContextKey, k)
+}
+
+// ExternalAccountKeyFromContext returns the EABKey ctx carries.
+//
+// ExternalAccountKeyFromContext panics in case ctx carries no EABKey.
+func ExternalAccountKeyFromContext(ctx context.Context) *EABKey {
+	return ctx.Value(externalAccountKeyContextKey).(*EABKey)
+}
diff --git a/context_test.go b/context_test.go
@@ -36,3 +36,18 @@ func TestProvisionerFromContextPanics(t *testing.T) {
 
 	assert.Panics(t, func() { ProvisionerFromContext(context.Background()) })
 }
+
+func TestExternalAccountKeyFromContext(t *testing.T) {
+	t.Parallel()
+
+	exp := new(EABKey)
+
+	got := ExternalAccountKeyFromContext(NewContextWithExternalAccountKey(context.Background(), exp))
+	assert.Same(t, exp, got)
+}
+
+func TestExternalAccountKeyFromContextPanics(t *testing.T) {
+	t.Parallel()
+
+	assert.Panics(t, func() { ExternalAccountKeyFromContext(context.Background()) })
+}
diff --git a/eab.pb.go b/eab.pb.go
diff --git a/eab.proto b/eab.proto
@@ -5,6 +5,7 @@ package eab;
 option go_package = "go.step.sm/linkedca";
 
 import "google/protobuf/timestamp.proto";
+import "policy.proto";
 
 message EABKey {
     string id = 1;                              // the KeyID
@@ -14,4 +15,5 @@ message EABKey {
     string account = 5;                         // account the key is bound to
     google.protobuf.Timestamp created_at = 6;   // time the key was created_at
     google.protobuf.Timestamp bound_at = 7;     // time the key was bound to an account
+    linkedca.Policy policy = 8;
 }