diff --git a/Makefile b/Makefile index 77e18c394..b1ed08ad6 100644 --- a/Makefile +++ b/Makefile @@ -43,6 +43,7 @@ build: build-dir build-pepcli build-papcli build-pdpserver build-plugin build-eg .PHONY: test test: cover-out test-pdp test-pdp-integration test-pdp-yast test-pdp-jast test-pdp-jcon test-local-selector test-pip-selector test-pep test-pip-server test-pip-client test-pip-genpkg test-plugin + go vet ./... .PHONY: bench bench: bench-pep bench-pip-server bench-pip-client bench-pdpserver-pkg bench-plugin diff --git a/contrib/coredns/policy/attrholder_test.go b/contrib/coredns/policy/attrholder_test.go index d94246d9c..ff3e5d331 100644 --- a/contrib/coredns/policy/attrholder_test.go +++ b/contrib/coredns/policy/attrholder_test.go @@ -359,8 +359,8 @@ func TestDnstapList(t *testing.T) { // empty/wrong log attribute testutil.AssertDnstapList(t, ah.dnstapList(), - &pb.DnstapAttribute{"d0", "D0val"}, - &pb.DnstapAttribute{"d", "Dval"}, + &pb.DnstapAttribute{Id: "d0", Value: "D0val"}, + &pb.DnstapAttribute{Id: "d", Value: "Dval"}, ) // log=1 - no attributes @@ -370,14 +370,14 @@ func TestDnstapList(t *testing.T) { // log=2 ah.addAttrList([]pdp.AttributeAssignment{pdp.MakeIntegerAssignment(attrNameLog, 2)}) testutil.AssertDnstapList(t, ah.dnstapList(), - &pb.DnstapAttribute{"d2", "D2val"}, - &pb.DnstapAttribute{"d", "Dval"}, + &pb.DnstapAttribute{Id: "d2", Value: "D2val"}, + &pb.DnstapAttribute{Id: "d", Value: "Dval"}, ) // log=3 (out of range) ah.addAttrList([]pdp.AttributeAssignment{pdp.MakeIntegerAssignment(attrNameLog, 3)}) testutil.AssertDnstapList(t, ah.dnstapList(), - &pb.DnstapAttribute{"d0", "D0val"}, - &pb.DnstapAttribute{"d", "Dval"}, + &pb.DnstapAttribute{Id: "d0", Value: "D0val"}, + &pb.DnstapAttribute{Id: "d", Value: "Dval"}, ) } diff --git a/pep/benchmark_test.go b/pep/benchmark_test.go index 4b2f2af77..2aa61ceb9 100644 --- a/pep/benchmark_test.go +++ b/pep/benchmark_test.go @@ -786,7 +786,7 @@ var ( } decisionRequests []decisionRequest - rawRequests []pb.Msg + rawRequests []*pb.Msg ) type testRequest3Keys struct { @@ -805,7 +805,7 @@ func init() { } } - rawRequests = make([]pb.Msg, len(decisionRequests)) + rawRequests = make([]*pb.Msg, len(decisionRequests)) for i := range rawRequests { b := make([]byte, 128) diff --git a/pep/marshal.go b/pep/marshal.go index f3d0bc4a4..17c585295 100644 --- a/pep/marshal.go +++ b/pep/marshal.go @@ -230,16 +230,16 @@ var ( typeCacheLock = sync.RWMutex{} ) -func makeRequest(v interface{}) (pb.Msg, error) { +func makeRequest(v interface{}) (*pb.Msg, error) { switch v := v.(type) { case []byte: - return pb.Msg{Body: v}, nil + return &pb.Msg{Body: v}, nil case pb.Msg: - return v, nil + return &v, nil case *pb.Msg: - return *v, nil + return v, nil } var ( @@ -254,22 +254,22 @@ func makeRequest(v interface{}) (pb.Msg, error) { } if err != nil { - return pb.Msg{}, err + return &pb.Msg{}, err } - return pb.Msg{Body: b}, nil + return &pb.Msg{Body: b}, nil } -func makeRequestWithBuffer(v interface{}, b []byte) (pb.Msg, error) { +func makeRequestWithBuffer(v interface{}, b []byte) (*pb.Msg, error) { switch v := v.(type) { case []byte: - return pb.Msg{Body: v}, nil + return &pb.Msg{Body: v}, nil case pb.Msg: - return v, nil + return &v, nil case *pb.Msg: - return *v, nil + return v, nil } var ( @@ -283,10 +283,10 @@ func makeRequestWithBuffer(v interface{}, b []byte) (pb.Msg, error) { n, err = marshalValueToBuffer(reflect.ValueOf(v), b) } if err != nil { - return pb.Msg{}, err + return &pb.Msg{}, err } - return pb.Msg{Body: b[:n]}, nil + return &pb.Msg{Body: b[:n]}, nil } func marshalValue(v reflect.Value) ([]byte, error) { diff --git a/pep/stream.go b/pep/stream.go index 8088d3343..faeaa8e03 100644 --- a/pep/stream.go +++ b/pep/stream.go @@ -94,29 +94,29 @@ func (s *stream) drop() { s.stream.Store(ssNil) } -func (s *stream) validate(m *pb.Msg) (pb.Msg, error) { +func (s *stream) validate(m *pb.Msg) (*pb.Msg, error) { sp := s.stream.Load().(*pb.PDP_NewValidationStreamClient) if sp == nil { - return pb.Msg{}, errStreamWrongState + return &pb.Msg{}, errStreamWrongState } err := (*sp).Send(m) if err != nil { if err == balancer.ErrTransientFailure { - return pb.Msg{}, errConnFailure + return &pb.Msg{}, errConnFailure } - return pb.Msg{}, errStreamFailure + return &pb.Msg{}, errStreamFailure } res, err := (*sp).Recv() if err != nil { if err == balancer.ErrTransientFailure { - return pb.Msg{}, errConnFailure + return &pb.Msg{}, errConnFailure } - return pb.Msg{}, errStreamFailure + return &pb.Msg{}, errStreamFailure } - return *res, nil + return res, nil } diff --git a/pep/streaming_client.go b/pep/streaming_client.go index 53d3c5e24..3ffd8dae0 100644 --- a/pep/streaming_client.go +++ b/pep/streaming_client.go @@ -16,7 +16,7 @@ const ( scsClosed ) -type validator func(m *pb.Msg) (pb.Msg, error) +type validator func(m *pb.Msg) (*pb.Msg, error) type streamingClient struct { opts options @@ -112,7 +112,7 @@ func (c *streamingClient) Close() { func (c *streamingClient) Validate(in, out interface{}) error { var ( - m pb.Msg + m *pb.Msg err error ) @@ -137,7 +137,7 @@ func (c *streamingClient) Validate(in, out interface{}) error { if c.cache != nil { var b []byte if b, err = c.cache.Get(string(m.Body)); err == nil { - err = fillResponse(pb.Msg{Body: b}, out) + err = fillResponse(&pb.Msg{Body: b}, out) if c.opts.onCacheHitHandler != nil { if err != nil { c.opts.onCacheHitHandler.Handle(in, b, err) @@ -158,7 +158,7 @@ func (c *streamingClient) Validate(in, out interface{}) error { } for i := 0; i < len(c.conns); i++ { - r, err := c.validate(&m) + r, err := c.validate(m) if err == nil { if c.cache != nil { c.cache.Set(string(m.Body), r.Body) @@ -180,7 +180,7 @@ func (c *streamingClient) Validate(in, out interface{}) error { } func (c *streamingClient) makeSimpleValidator() validator { - return func(m *pb.Msg) (pb.Msg, error) { + return func(m *pb.Msg) (*pb.Msg, error) { conn := c.conns[0] r, err := conn.validate(m) if err == errConnFailure { @@ -192,7 +192,7 @@ func (c *streamingClient) makeSimpleValidator() validator { } func (c *streamingClient) makeRoundRobinValidator() validator { - return func(m *pb.Msg) (pb.Msg, error) { + return func(m *pb.Msg) (*pb.Msg, error) { i := int((atomic.AddUint64(c.counter, 1) - 1) % uint64(len(c.conns))) conn := c.conns[i] r, err := conn.validate(m) @@ -205,7 +205,7 @@ func (c *streamingClient) makeRoundRobinValidator() validator { } func (c *streamingClient) makeHotSpotValidator() validator { - return func(m *pb.Msg) (pb.Msg, error) { + return func(m *pb.Msg) (*pb.Msg, error) { total := uint64(len(c.conns)) start := atomic.LoadUint64(c.counter) i := int(start % total) diff --git a/pep/streaming_client_test.go b/pep/streaming_client_test.go index 7649865a7..71f2946b8 100644 --- a/pep/streaming_client_test.go +++ b/pep/streaming_client_test.go @@ -101,7 +101,7 @@ func TestStreamingClientValidationWithCache(t *testing.T) { ei, err := it.Value() if err != nil { t.Errorf("can't get value from cache: %s", err) - } else if err := fillResponse(pb.Msg{Body: ei.Value()}, &out); err != nil { + } else if err := fillResponse(&pb.Msg{Body: ei.Value()}, &out); err != nil { t.Errorf("can't unmarshal response from cache: %s", err) } else if out.Effect != pdp.EffectPermit || out.Reason != nil || out.X != "AllPermitRule" { t.Errorf("got unexpected response from cache: %s", out) diff --git a/pep/streaming_connection.go b/pep/streaming_connection.go index 39659cd72..82e0476cc 100644 --- a/pep/streaming_connection.go +++ b/pep/streaming_connection.go @@ -479,10 +479,10 @@ func (c *streamConn) putStream(s boundStream) error { return nil } -func (c *streamConn) validate(m *pb.Msg) (pb.Msg, error) { +func (c *streamConn) validate(m *pb.Msg) (*pb.Msg, error) { s, err := c.getStream() if err != nil { - return pb.Msg{}, err + return &pb.Msg{}, err } r, err := s.s.validate(m) @@ -493,21 +493,21 @@ func (c *streamConn) validate(m *pb.Msg) (pb.Msg, error) { s.retry <- s } - return pb.Msg{}, err + return &pb.Msg{}, err } c.putStream(s) return r, nil } -func (c *streamConn) tryValidate(m *pb.Msg) (pb.Msg, bool, error) { +func (c *streamConn) tryValidate(m *pb.Msg) (*pb.Msg, bool, error) { s, ok, err := c.tryGetStream() if err != nil { - return pb.Msg{}, false, err + return &pb.Msg{}, false, err } if !ok { - return pb.Msg{}, false, nil + return &pb.Msg{}, false, nil } r, err := s.s.validate(m) diff --git a/pep/unary_client.go b/pep/unary_client.go index 4ce8e87d3..4be668b22 100644 --- a/pep/unary_client.go +++ b/pep/unary_client.go @@ -153,7 +153,7 @@ func (c *unaryClient) Validate(in, out interface{}) error { } var ( - req pb.Msg + req *pb.Msg err error ) @@ -178,7 +178,7 @@ func (c *unaryClient) Validate(in, out interface{}) error { if c.cache != nil { var b []byte if b, err = c.cache.Get(string(req.Body)); err == nil { - err = fillResponse(pb.Msg{Body: b}, out) + err = fillResponse(&pb.Msg{Body: b}, out) if c.opts.onCacheHitHandler != nil { if err != nil { c.opts.onCacheHitHandler.Handle(in, b, err) @@ -201,7 +201,7 @@ func (c *unaryClient) Validate(in, out interface{}) error { defer cancelFn() } - res, err := (*uc).Validate(ctx, &req, grpc.FailFast(false)) + res, err := (*uc).Validate(ctx, req, grpc.FailFast(false)) if err != nil { return err } @@ -210,5 +210,5 @@ func (c *unaryClient) Validate(in, out interface{}) error { c.cache.Set(string(req.Body), res.Body) } - return fillResponse(*res, out) + return fillResponse(res, out) } diff --git a/pep/unary_client_test.go b/pep/unary_client_test.go index 0496e9e73..c3c8f7878 100644 --- a/pep/unary_client_test.go +++ b/pep/unary_client_test.go @@ -117,7 +117,7 @@ func TestUnaryClientValidationWithCache(t *testing.T) { ei, err := it.Value() if err != nil { t.Errorf("can't get value from cache: %s", err) - } else if err := fillResponse(pb.Msg{Body: ei.Value()}, &out); err != nil { + } else if err := fillResponse(&pb.Msg{Body: ei.Value()}, &out); err != nil { t.Errorf("can't unmarshal response from cache: %s", err) } else if out.Effect != pdp.EffectPermit || out.Reason != nil || out.X != "AllPermitRule" { t.Errorf("got unexpected response from cache: %s", out) diff --git a/pep/unmarshal.go b/pep/unmarshal.go index c4748690f..41cbc3606 100644 --- a/pep/unmarshal.go +++ b/pep/unmarshal.go @@ -37,10 +37,12 @@ var ( } ) -func fillResponse(res pb.Msg, v interface{}) error { +func fillResponse(res *pb.Msg, v interface{}) error { switch v := v.(type) { case *pb.Msg: - *v = res + // pb.Msg can't be copied + v = new(pb.Msg) + v.Body = res.Body return nil case *pdp.Response: diff --git a/pep/unmarshal_test.go b/pep/unmarshal_test.go index a06f15949..336a0295f 100644 --- a/pep/unmarshal_test.go +++ b/pep/unmarshal_test.go @@ -359,7 +359,7 @@ func TestUnmarshalInvalidStructures(t *testing.T) { } func TestFillResponse(t *testing.T) { - r := pb.Msg{ + r := &pb.Msg{ Body: TestResponse, } diff --git a/pepcli/perf/measurements.go b/pepcli/perf/measurements.go index 2dfee1300..db4c42d11 100644 --- a/pepcli/perf/measurements.go +++ b/pepcli/perf/measurements.go @@ -10,7 +10,7 @@ import ( "github.com/infobloxopen/themis/pep" ) -func measurement(c pep.Client, n, routineLimit int, rateLimit int64, noDump bool, reqs []pb.Msg, maxResponseObligations uint32) ([]timing, error) { +func measurement(c pep.Client, n, routineLimit int, rateLimit int64, noDump bool, reqs []*pb.Msg, maxResponseObligations uint32) ([]timing, error) { var pause time.Duration if rateLimit > 0 { pause = time.Second / time.Duration(rateLimit) @@ -45,7 +45,7 @@ func measurement(c pep.Client, n, routineLimit int, rateLimit int64, noDump bool return sequential(c, n, reqs, maxResponseObligations) } -func sequential(c pep.Client, n int, reqs []pb.Msg, maxResponseObligations uint32) ([]timing, error) { +func sequential(c pep.Client, n int, reqs []*pb.Msg, maxResponseObligations uint32) ([]timing, error) { out := make([]timing, n) var res pdp.Response @@ -67,7 +67,7 @@ func sequential(c pep.Client, n int, reqs []pb.Msg, maxResponseObligations uint3 return out, nil } -func sequentialWithPause(c pep.Client, n int, p time.Duration, reqs []pb.Msg, maxResponseObligations uint32) ([]timing, error) { +func sequentialWithPause(c pep.Client, n int, p time.Duration, reqs []*pb.Msg, maxResponseObligations uint32) ([]timing, error) { out := make([]timing, n) var res pdp.Response @@ -91,7 +91,7 @@ func sequentialWithPause(c pep.Client, n int, p time.Duration, reqs []pb.Msg, ma return out, nil } -func parallel(c pep.Client, n int, reqs []pb.Msg, maxResponseObligations uint32) ([]timing, error) { +func parallel(c pep.Client, n int, reqs []*pb.Msg, maxResponseObligations uint32) ([]timing, error) { out := make([]timing, n) pool := makeObligationsPool(maxResponseObligations) @@ -99,7 +99,7 @@ func parallel(c pep.Client, n int, reqs []pb.Msg, maxResponseObligations uint32) var wg sync.WaitGroup for i := 0; i < n; i++ { wg.Add(1) - go func(i int, req pb.Msg) { + go func(i int, req *pb.Msg) { obligation := pool.get() defer func() { @@ -125,7 +125,7 @@ func parallel(c pep.Client, n int, reqs []pb.Msg, maxResponseObligations uint32) return out, nil } -func parallelWithPause(c pep.Client, n int, p time.Duration, reqs []pb.Msg, maxResponseObligations uint32) ([]timing, error) { +func parallelWithPause(c pep.Client, n int, p time.Duration, reqs []*pb.Msg, maxResponseObligations uint32) ([]timing, error) { out := make([]timing, n) pool := makeObligationsPool(maxResponseObligations) @@ -133,7 +133,7 @@ func parallelWithPause(c pep.Client, n int, p time.Duration, reqs []pb.Msg, maxR var wg sync.WaitGroup for i := 0; i < n; i++ { wg.Add(1) - go func(i int, req pb.Msg) { + go func(i int, req *pb.Msg) { obligation := pool.get() defer func() { @@ -161,7 +161,7 @@ func parallelWithPause(c pep.Client, n int, p time.Duration, reqs []pb.Msg, maxR return out, nil } -func parallelWithLimit(c pep.Client, n, l int, reqs []pb.Msg, maxResponseObligations uint32) ([]timing, error) { +func parallelWithLimit(c pep.Client, n, l int, reqs []*pb.Msg, maxResponseObligations uint32) ([]timing, error) { out := make([]timing, n) obligations := make(chan []pdp.AttributeAssignment, l) @@ -176,7 +176,7 @@ func parallelWithLimit(c pep.Client, n, l int, reqs []pb.Msg, maxResponseObligat ch <- 0 wg.Add(1) - go func(i int, req pb.Msg) { + go func(i int, req *pb.Msg) { obligation := <-obligations defer func() { @@ -203,7 +203,7 @@ func parallelWithLimit(c pep.Client, n, l int, reqs []pb.Msg, maxResponseObligat return out, nil } -func parallelWithLimitNoDump(c pep.Client, n, l int, reqs []pb.Msg, maxResponseObligations uint32) ([]timing, error) { +func parallelWithLimitNoDump(c pep.Client, n, l int, reqs []*pb.Msg, maxResponseObligations uint32) ([]timing, error) { obligations := make(chan []pdp.AttributeAssignment, l) for i := 0; i < cap(obligations); i++ { obligations <- make([]pdp.AttributeAssignment, maxResponseObligations) @@ -220,7 +220,7 @@ func parallelWithLimitNoDump(c pep.Client, n, l int, reqs []pb.Msg, maxResponseO ch <- 0 wg.Add(1) - go func(i int, req pb.Msg) { + go func(i int, req *pb.Msg) { obligation := <-obligations defer func() { @@ -260,7 +260,7 @@ func parallelWithLimitNoDump(c pep.Client, n, l int, reqs []pb.Msg, maxResponseO return nil, nil } -func parallelWithLimitAndPause(c pep.Client, n, l int, p time.Duration, reqs []pb.Msg, maxResponseObligations uint32) ([]timing, error) { +func parallelWithLimitAndPause(c pep.Client, n, l int, p time.Duration, reqs []*pb.Msg, maxResponseObligations uint32) ([]timing, error) { out := make([]timing, n) obligations := make(chan []pdp.AttributeAssignment, l) @@ -275,7 +275,7 @@ func parallelWithLimitAndPause(c pep.Client, n, l int, p time.Duration, reqs []p ch <- 0 wg.Add(1) - go func(i int, req pb.Msg) { + go func(i int, req *pb.Msg) { obligation := <-obligations defer func() { diff --git a/pepcli/requests/requests.go b/pepcli/requests/requests.go index 364d7de2d..bbb450ca9 100644 --- a/pepcli/requests/requests.go +++ b/pepcli/requests/requests.go @@ -6,7 +6,6 @@ package requests import ( "encoding/json" "fmt" - "gopkg.in/yaml.v2" "io/ioutil" "math" "net" @@ -14,6 +13,8 @@ import ( "strconv" "strings" + "gopkg.in/yaml.v2" + "github.com/infobloxopen/go-trees/domain" "github.com/infobloxopen/themis/pdp" pb "github.com/infobloxopen/themis/pdp-service" @@ -32,7 +33,7 @@ type requests struct { // Load reads given data--if it is a filepath that ends in a yaml or json extension and can be read, // the respective unmarshaler will be used; otherwise, the input is processed as raw JSON. -func Load(data string, size uint32) ([]pb.Msg, error) { +func Load(data string, size uint32) ([]*pb.Msg, error) { in := &requests{} switch strings.TrimLeft(strings.ToLower(filepath.Ext(data)), ".") { @@ -74,7 +75,7 @@ func Load(data string, size uint32) ([]pb.Msg, error) { symbols[k] = t } - out := make([]pb.Msg, len(in.Requests)) + out := make([]*pb.Msg, len(in.Requests)) for i, r := range in.Requests { attrs := make([]pdp.AttributeAssignment, len(r)) j := 0 @@ -94,7 +95,7 @@ func Load(data string, size uint32) ([]pb.Msg, error) { return nil, fmt.Errorf("can't create request: %s", err) } - out[i] = pb.Msg{Body: b[:n]} + out[i] = &pb.Msg{Body: b[:n]} } return out, nil