forked from raystack/guardian
-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- bug: if a policy only has auto approval steps, and the appeal gets auto-approved, then with the current logic the appeal is approved but the grant never gets created. Fix this by adding a check
- Loading branch information
Showing
2 changed files
with
33 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -1153,6 +1153,13 @@ func (s *ServiceTestSuite) TestCreateAppeal__WithExistingAppealAndWithAutoApprov | |
AllowFailed: false, | ||
ApproveIf: "1==1", | ||
}, | ||
{ | ||
Name: "step_2", | ||
Strategy: "manual", | ||
When: "1==0", | ||
AllowFailed: false, | ||
Approvers: []string{"[email protected]"}, | ||
}, | ||
}, | ||
IAM: &domain.IAMConfig{ | ||
Provider: "http", | ||
|
@@ -1188,6 +1195,13 @@ func (s *ServiceTestSuite) TestCreateAppeal__WithExistingAppealAndWithAutoApprov | |
Status: domain.ApprovalStatusApproved, | ||
PolicyID: "policy_1", | ||
PolicyVersion: 1, | ||
}, { | ||
Name: "step_2", | ||
Index: 1, | ||
Status: domain.ApprovalStatusSkipped, | ||
PolicyID: "policy_1", | ||
PolicyVersion: 1, | ||
Approvers: []string{"[email protected]"}, | ||
}, | ||
}, | ||
Grant: &domain.Grant{ | ||
|
@@ -1225,6 +1239,15 @@ func (s *ServiceTestSuite) TestCreateAppeal__WithExistingAppealAndWithAutoApprov | |
PolicyID: "policy_1", | ||
PolicyVersion: 1, | ||
}, | ||
{ | ||
ID: "2", | ||
Name: "step_2", | ||
Index: 1, | ||
Status: domain.ApprovalStatusSkipped, | ||
PolicyID: "policy_1", | ||
PolicyVersion: 1, | ||
Approvers: []string{"[email protected]"}, | ||
}, | ||
}, | ||
Grant: &domain.Grant{ | ||
ResourceID: "1", | ||
|
@@ -1271,6 +1294,15 @@ func (s *ServiceTestSuite) TestCreateAppeal__WithExistingAppealAndWithAutoApprov | |
OrderBy: []string{"updated_at:desc"}, | ||
}). | ||
Return(expectedExistingGrants, nil).Once() | ||
// duplicate call with slight change in filters but the code needs it in order to work. appeal create code needs to be refactored. | ||
s.mockGrantService.EXPECT(). | ||
List(mock.AnythingOfType("*context.emptyCtx"), domain.ListGrantsFilter{ | ||
Statuses: []string{string(domain.GrantStatusActive)}, | ||
AccountIDs: []string{appeals[0].AccountID}, | ||
ResourceIDs: []string{appeals[0].ResourceID}, | ||
Permissions: []string{"test-permission"}, | ||
}). | ||
Return(expectedExistingGrants, nil).Once() | ||
s.mockProviderService.On("ValidateAppeal", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(nil) | ||
s.mockProviderService.On("GetPermissions", mock.Anything, mock.Anything, mock.Anything, mock.Anything). | ||
Return([]interface{}{"test-permission"}, nil) | ||
|