feat: add initial rules engine interface (#5)

liam-mackie · web-flow · commit 5585176c6d2c · 2025-09-01T12:38:31.000+10:00
diff --git a/internal/rules/engine.go b/internal/rules/engine.go
@@ -0,0 +1,47 @@
+package rules
+
+import (
+	"github.com/octopusdeploy/octopus-permissions-controller/api/v1beta1"
+)
+
+type AgentName string
+
+type Namespace string
+
+type ServiceAccountName string
+
+type Scope struct {
+	Project     string `json:"project"`
+	Environment string `json:"environment"`
+	Tenant      string `json:"tenant"`
+	Step        string `json:"step"`
+}
+
+type Rule struct {
+	Permissions v1beta1.WorkloadServiceAccountPermissions `json:"permissions"`
+}
+
+type Engine interface {
+	GetServiceAccountForScope(scope Scope, agentName AgentName) (ServiceAccountName, error)
+	AddScopeRuleset(scope Scope, rule Rule, targetNamespace Namespace) error
+	RemoveScopeRuleset(scope Scope, rule Rule, targetNamespace Namespace) error
+}
+
+type InMemoryEngine struct {
+	rules map[AgentName]map[Scope]ServiceAccountName
+	// client kubernetes.Interface
+}
+
+func (i InMemoryEngine) GetServiceAccountForScope(scope Scope, agentName AgentName) (ServiceAccountName, error) {
+	if agentRules, ok := i.rules[agentName]; ok {
+		if sa, ok := agentRules[scope]; ok {
+			return sa, nil
+		}
+	}
+	return "", nil
+}
+
+func (i InMemoryEngine) AddScopeRuleset(scope Scope, rule Rule, targetNamespace Namespace) error {
+	// TODO: Implement me
+	return nil
+}
