config: add sandbox client criteria

2025-05-02 17:48:44 +02:00 · 2025-05-02 17:48:44 +02:00 · 9bf79bf23c
commit 9bf79bf23c
parent fd2163d658
20 changed files with 465 additions and 46 deletions
--- a/src/criteria/clm/clm_matchers.rs
+++ b/src/criteria/clm/clm_matchers.rs
@ -1,4 +1,3 @@
-#[expect(unused_macros)]
 macro_rules! fixed_root_criterion {
    ($ty:ty, $field:ident) => {
        impl crate::criteria::crit_graph::CritFixedRootCriterionBase<Rc<crate::client::Client>>
@ -17,3 +16,6 @@ macro_rules! fixed_root_criterion {
        }
    };
 }
+
+pub mod clmm_sandboxed;
+pub mod clmm_string;
--- a/src/criteria/clm/clm_matchers/clmm_sandboxed.rs
+++ b/src/criteria/clm/clm_matchers/clmm_sandboxed.rs
@ -0,0 +1,14 @@
+use {
+    crate::{client::Client, criteria::crit_graph::CritFixedRootCriterion},
+    std::rc::Rc,
+};
+
+pub struct ClmMatchSandboxed(pub bool);
+
+fixed_root_criterion!(ClmMatchSandboxed, sandboxed);
+
+impl CritFixedRootCriterion<Rc<Client>> for ClmMatchSandboxed {
+    fn matches(&self, data: &Rc<Client>) -> bool {
+        data.acceptor.sandboxed
+    }
+}
--- a/src/criteria/clm/clm_matchers/clmm_string.rs
+++ b/src/criteria/clm/clm_matchers/clmm_string.rs
@ -0,0 +1,79 @@
+use {
+    crate::{
+        client::Client,
+        criteria::{
+            clm::{ClmRootMatcherMap, RootMatchers},
+            crit_matchers::critm_string::{CritMatchString, StringAccess},
+        },
+        security_context_acceptor::AcceptorMetadata,
+    },
+    std::{marker::PhantomData, rc::Rc},
+};
+
+pub type ClmMatchString<T> = CritMatchString<Rc<Client>, T>;
+
+pub type ClmMatchSandboxEngine = ClmMatchString<AcceptorMetadataAccess<SandboxEngineField>>;
+pub type ClmMatchSandboxAppId = ClmMatchString<AcceptorMetadataAccess<SandboxAppIdField>>;
+pub type ClmMatchSandboxInstanceId = ClmMatchString<AcceptorMetadataAccess<SandboxInstanceIdField>>;
+
+pub struct AcceptorMetadataAccess<T>(PhantomData<T>);
+
+trait SandboxField: Sized + 'static {
+    fn field(meta: &AcceptorMetadata) -> &Option<String>;
+    fn nodes(
+        roots: &RootMatchers,
+    ) -> &ClmRootMatcherMap<ClmMatchString<AcceptorMetadataAccess<Self>>>;
+}
+
+pub struct SandboxEngineField;
+pub struct SandboxAppIdField;
+pub struct SandboxInstanceIdField;
+
+impl<T> StringAccess<Rc<Client>> for AcceptorMetadataAccess<T>
+where
+    T: SandboxField,
+{
+    fn with_string(data: &Rc<Client>, f: impl FnOnce(&str) -> bool) -> bool {
+        f(T::field(&data.acceptor).as_deref().unwrap_or_default())
+    }
+
+    fn nodes(roots: &RootMatchers) -> &ClmRootMatcherMap<ClmMatchString<Self>> {
+        T::nodes(roots)
+    }
+}
+
+impl SandboxField for SandboxEngineField {
+    fn field(meta: &AcceptorMetadata) -> &Option<String> {
+        &meta.sandbox_engine
+    }
+
+    fn nodes(
+        roots: &RootMatchers,
+    ) -> &ClmRootMatcherMap<ClmMatchString<AcceptorMetadataAccess<Self>>> {
+        &roots.sandbox_engine
+    }
+}
+
+impl SandboxField for SandboxAppIdField {
+    fn field(meta: &AcceptorMetadata) -> &Option<String> {
+        &meta.app_id
+    }
+
+    fn nodes(
+        roots: &RootMatchers,
+    ) -> &ClmRootMatcherMap<ClmMatchString<AcceptorMetadataAccess<Self>>> {
+        &roots.sandbox_app_id
+    }
+}
+
+impl SandboxField for SandboxInstanceIdField {
+    fn field(meta: &AcceptorMetadata) -> &Option<String> {
+        &meta.instance_id
+    }
+
+    fn nodes(
+        roots: &RootMatchers,
+    ) -> &ClmRootMatcherMap<ClmMatchString<AcceptorMetadataAccess<Self>>> {
+        &roots.sandbox_instance_id
+    }
+}