Skip to content

Commit

Permalink
fix(policies): fix empty IAM config case (#142)
Browse files Browse the repository at this point in the history
Co-authored-by: Muhammad Idil Haq Amir <[email protected]>
  • Loading branch information
idilhaq and Muhammad Idil Haq Amir authored Mar 25, 2024
1 parent 526673b commit f33ab8a
Show file tree
Hide file tree
Showing 2 changed files with 144 additions and 4 deletions.
8 changes: 6 additions & 2 deletions api/handler/v1beta1/policy.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,9 @@ func (s *GRPCServer) ListPolicies(ctx context.Context, req *guardianv1beta1.List

policyProtos := []*guardianv1beta1.Policy{}
for _, p := range policies {
p.IAM.Config = nil
if p.IAM != nil {
p.IAM.Config = nil
}
policyProto, err := s.adapter.ToPolicyProto(p)
if err != nil {
return nil, s.internalError(ctx, "failed to parse policy %v: %v", p.ID, err)
Expand All @@ -42,7 +44,9 @@ func (s *GRPCServer) GetPolicy(ctx context.Context, req *guardianv1beta1.GetPoli
}
}

p.IAM.Config = nil
if p.IAM != nil {
p.IAM.Config = nil
}
policyProto, err := s.adapter.ToPolicyProto(p)
if err != nil {
return nil, s.internalError(ctx, "failed to parse policy: %v", err)
Expand Down
140 changes: 138 additions & 2 deletions api/handler/v1beta1/policy_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,8 @@ func (s *GrpcHandlersSuite) TestListPolicies() {
{
Id: "test-policy",
Iam: &guardianv1beta1.Policy_IAM{
Config: expectedIAMConfig,
Config: expectedIAMConfig,
Provider: "provider",
},
},
},
Expand All @@ -34,7 +35,8 @@ func (s *GrpcHandlersSuite) TestListPolicies() {
{
ID: "test-policy",
IAM: &domain.IAMConfig{
Config: map[string]interface{}{"foo": "bar"},
Config: map[string]interface{}{"foo": "bar"},
Provider: "provider",
},
},
}
Expand All @@ -48,6 +50,27 @@ func (s *GrpcHandlersSuite) TestListPolicies() {
s.policyService.AssertExpectations(s.T())
})

s.Run("should return list of policies on success with IAM nil", func() {
s.setup()

expectedResponse := &guardianv1beta1.ListPoliciesResponse{
Policies: []*guardianv1beta1.Policy{
{Id: "test-policy"},
},
}
dummyPolicies := []*domain.Policy{
{ID: "test-policy"}, // iam is nil
}
s.policyService.EXPECT().Find(mock.MatchedBy(func(ctx context.Context) bool { return true })).Return(dummyPolicies, nil).Once()

req := &guardianv1beta1.ListPoliciesRequest{}
res, err := s.grpcServer.ListPolicies(context.Background(), req)

s.NoError(err)
s.Equal(expectedResponse, res)
s.policyService.AssertExpectations(s.T())
})

s.Run("should return internal error if policy service returns error", func() {
s.setup()

Expand Down Expand Up @@ -178,6 +201,119 @@ func (s *GrpcHandlersSuite) TestGetPolicy() {
s.policyService.AssertExpectations(s.T())
})

s.Run("should return policy details on success with IAM nil", func() {
s.setup()
timeNow := time.Now()

dummyPolicy := &domain.Policy{
ID: "test-policy",
Version: 1,
Description: "test-description",
Steps: []*domain.Step{
{
Name: "test-approval-step",
Description: "test-description",
Strategy: "auto",
ApproveIf: "true",
RejectionReason: "test-rejection-message",
},
},
Requirements: []*domain.Requirement{
{
On: &domain.RequirementTrigger{
ProviderType: "test-provider-type",
},
Appeals: []*domain.AdditionalAppeal{
{
Resource: &domain.ResourceIdentifier{
ID: "test-resource-id",
},
Role: "test-role",
Policy: &domain.PolicyConfig{
ID: "test-policy",
Version: 1,
},
},
},
},
},
IAM: &domain.IAMConfig{
Provider: "slack",
Schema: map[string]string{"foo": "bar"},
},
AppealConfig: &domain.PolicyAppealConfig{
DurationOptions: []domain.AppealDurationOption{
{Name: "1 Day", Value: "24h"},
{Name: "3 Days", Value: "72h"},
},
},
CreatedAt: timeNow,
UpdatedAt: timeNow,
}
expectedIAMConfig, err := structpb.NewValue(nil)
s.Require().NoError(err)
expectedResponse := &guardianv1beta1.GetPolicyResponse{
Policy: &guardianv1beta1.Policy{
Id: dummyPolicy.ID,
Version: uint32(dummyPolicy.Version),
Description: dummyPolicy.Description,
Steps: []*guardianv1beta1.Policy_ApprovalStep{
{
Name: "test-approval-step",
Description: "test-description",
Strategy: "auto",
ApproveIf: "true",
RejectionReason: "test-rejection-message",
},
},
Requirements: []*guardianv1beta1.Policy_Requirement{
{
On: &guardianv1beta1.Policy_Requirement_RequirementTrigger{
ProviderType: "test-provider-type",
},
Appeals: []*guardianv1beta1.Policy_Requirement_AdditionalAppeal{
{
Resource: &guardianv1beta1.Policy_Requirement_AdditionalAppeal_ResourceIdentifier{
Id: "test-resource-id",
},
Role: "test-role",
Policy: &guardianv1beta1.PolicyConfig{
Id: "test-policy",
Version: 1,
},
},
},
},
},
Iam: &guardianv1beta1.Policy_IAM{
Provider: "slack",
Config: expectedIAMConfig,
Schema: dummyPolicy.IAM.Schema,
},
Appeal: &guardianv1beta1.PolicyAppealConfig{
DurationOptions: []*guardianv1beta1.PolicyAppealConfig_DurationOptions{
{Name: "1 Day", Value: "24h"},
{Name: "3 Days", Value: "72h"},
},
},
CreatedAt: timestamppb.New(timeNow),
UpdatedAt: timestamppb.New(timeNow),
},
}
s.policyService.EXPECT().GetOne(mock.MatchedBy(func(ctx context.Context) bool { return true }), "test-policy", uint(1)).
Return(dummyPolicy, nil).Once()

req := &guardianv1beta1.GetPolicyRequest{
Id: "test-policy",
Version: 1,
}
res, err := s.grpcServer.GetPolicy(context.Background(), req)

s.NoError(err)
s.Equal(expectedResponse, res)
s.policyService.AssertExpectations(s.T())
})

s.Run("should return not found error if policy not found", func() {
s.setup()

Expand Down

0 comments on commit f33ab8a

Please sign in to comment.