Merge pull request #6 from eko/compiled-api

Added /v1/compiled API allowing to retrieve compiled policies data
eko · Jan 19, 2023 · 009ca89 · 009ca89
2 parents fea1b05 + da25a0b
commit 009ca89
Show file tree

Hide file tree

Showing 9 changed files with 318 additions and 14 deletions.
diff --git a/backend/functional/features/compiled.feature b/backend/functional/features/compiled.feature
@@ -0,0 +1,75 @@
+@compiled
+Feature: compiled
+  Test compiled-policies APIs
+
+  Scenario: List compiled policies
+    Given I authenticate with username "admin" and password "changeme"
+    And I send "POST" request to "/v1/principals" with payload:
+      """
+      {
+        "id": "my-principal",
+        "attributes": [
+          {"key": "email", "value": "[email protected]"}
+        ]
+      }
+      """
+    And the response code should be 200
+    And I send "POST" request to "/v1/resources" with payload:
+      """
+      {
+        "id": "post.123",
+        "kind": "post",
+        "value": "123",
+        "attributes": [
+          {"key": "owner_email", "value": "[email protected]"}
+        ]
+      }
+      """
+    And the response code should be 200
+    And I send "POST" request to "/v1/policies" with payload:
+      """
+      {
+        "id": "my-post-policy",
+        "resources": [
+            "post.*"
+        ],
+        "actions": ["update", "delete"],
+        "attribute_rules": [
+            "principal.email == resource.owner_email"
+        ]
+      }
+      """
+    And the response code should be 200
+    And I wait "500ms"
+    When I send "GET" request to "/v1/compiled?filter=policy_id:contains:my-post-policy&sort=action_id:asc"
+    Then the response code should be 200
+    And the response should match json:
+      """
+      {
+        "data": [
+          {
+            "action_id": "delete",
+            "created_at": "2100-01-01T01:00:00Z",
+            "policy_id": "my-post-policy",
+            "principal_id": "my-principal",
+            "resource_kind": "post",
+            "resource_value": "123",
+            "updated_at": "2100-01-01T01:00:00Z",
+            "version": 4102448400
+          },
+          {
+            "action_id": "update",
+            "created_at": "2100-01-01T01:00:00Z",
+            "policy_id": "my-post-policy",
+            "principal_id": "my-principal",
+            "resource_kind": "post",
+            "resource_value": "123",
+            "updated_at": "2100-01-01T01:00:00Z",
+            "version": 4102448400
+          }
+        ],
+        "page": 0,
+        "size": 100,
+        "total": 2
+      }
+      """
diff --git a/backend/internal/entity/model/compiled.go b/backend/internal/entity/model/compiled.go
@@ -3,12 +3,12 @@ package model
 import "time"
 
 type CompiledPolicy struct {
-	PolicyID      string    `gorm:"index"`
-	PrincipalID   string    `gorm:"index"`
-	ResourceKind  string    `gorm:"index"`
-	ResourceValue string    `gorm:"index"`
-	ActionID      string    `gorm:"index"`
-	Version       int64     `gorm:"index"`
+	PolicyID      string    `json:"policy_id" gorm:"index"`
+	PrincipalID   string    `json:"principal_id" gorm:"index"`
+	ResourceKind  string    `json:"resource_kind" gorm:"index"`
+	ResourceValue string    `json:"resource_value" gorm:"index"`
+	ActionID      string    `json:"action_id" gorm:"index"`
+	Version       int64     `json:"version" gorm:"index"`
 	CreatedAt     time.Time `json:"created_at"`
 	UpdatedAt     time.Time `json:"updated_at"`
 }

diff --git a/backend/internal/fixtures/initializer.go b/backend/internal/fixtures/initializer.go
@@ -21,6 +21,7 @@ var (
 		"actions":    {"list", "get"},
 		"audits":     {"get"},
 		"clients":    {"list", "get", "create", "delete"},
+		"compiled":   {"list"},
 		"policies":   {"list", "get", "create", "update", "delete"},
 		"principals": {"list", "get", "create", "update", "delete"},
 		"resources":  {"list", "get", "create", "update", "delete"},

diff --git a/backend/internal/http/docs/docs.go b/backend/internal/http/docs/docs.go
@@ -762,6 +762,45 @@ const docTemplate = `{
                 }
             }
         },
+        "/v1/policies/{identifier}/matches": {
+            "get": {
+                "security": [
+                    {
+                        "Authentication": []
+                    }
+                ],
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "Policy"
+                ],
+                "summary": "Retrieve compiled policies",
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "type": "array",
+                            "items": {
+                                "$ref": "#/definitions/model.CompiledPolicy"
+                            }
+                        }
+                    },
+                    "404": {
+                        "description": "Not Found",
+                        "schema": {
+                            "$ref": "#/definitions/model.ErrorResponse"
+                        }
+                    },
+                    "500": {
+                        "description": "Internal Server Error",
+                        "schema": {
+                            "$ref": "#/definitions/model.ErrorResponse"
+                        }
+                    }
+                }
+            }
+        },
         "/v1/principals": {
             "get": {
                 "security": [
@@ -2161,6 +2200,35 @@ const docTemplate = `{
                 }
             }
         },
+        "model.CompiledPolicy": {
+            "type": "object",
+            "properties": {
+                "action_id": {
+                    "type": "string"
+                },
+                "created_at": {
+                    "type": "string"
+                },
+                "policy_id": {
+                    "type": "string"
+                },
+                "principal_id": {
+                    "type": "string"
+                },
+                "resource_kind": {
+                    "type": "string"
+                },
+                "resource_value": {
+                    "type": "string"
+                },
+                "updated_at": {
+                    "type": "string"
+                },
+                "version": {
+                    "type": "integer"
+                }
+            }
+        },
         "model.ErrorResponse": {
             "type": "object",
             "properties": {

diff --git a/backend/internal/http/docs/swagger.json b/backend/internal/http/docs/swagger.json
@@ -753,6 +753,45 @@
                 }
             }
         },
+        "/v1/policies/{identifier}/matches": {
+            "get": {
+                "security": [
+                    {
+                        "Authentication": []
+                    }
+                ],
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "Policy"
+                ],
+                "summary": "Retrieve compiled policies",
+                "responses": {
+                    "200": {
+                        "description": "OK",
+                        "schema": {
+                            "type": "array",
+                            "items": {
+                                "$ref": "#/definitions/model.CompiledPolicy"
+                            }
+                        }
+                    },
+                    "404": {
+                        "description": "Not Found",
+                        "schema": {
+                            "$ref": "#/definitions/model.ErrorResponse"
+                        }
+                    },
+                    "500": {
+                        "description": "Internal Server Error",
+                        "schema": {
+                            "$ref": "#/definitions/model.ErrorResponse"
+                        }
+                    }
+                }
+            }
+        },
         "/v1/principals": {
             "get": {
                 "security": [
@@ -2152,6 +2191,35 @@
                 }
             }
         },
+        "model.CompiledPolicy": {
+            "type": "object",
+            "properties": {
+                "action_id": {
+                    "type": "string"
+                },
+                "created_at": {
+                    "type": "string"
+                },
+                "policy_id": {
+                    "type": "string"
+                },
+                "principal_id": {
+                    "type": "string"
+                },
+                "resource_kind": {
+                    "type": "string"
+                },
+                "resource_value": {
+                    "type": "string"
+                },
+                "updated_at": {
+                    "type": "string"
+                },
+                "version": {
+                    "type": "integer"
+                }
+            }
+        },
         "model.ErrorResponse": {
             "type": "object",
             "properties": {

diff --git a/backend/internal/http/docs/swagger.yaml b/backend/internal/http/docs/swagger.yaml
@@ -286,6 +286,25 @@ definitions:
       updated_at:
         type: string
     type: object
+  model.CompiledPolicy:
+    properties:
+      action_id:
+        type: string
+      created_at:
+        type: string
+      policy_id:
+        type: string
+      principal_id:
+        type: string
+      resource_kind:
+        type: string
+      resource_value:
+        type: string
+      updated_at:
+        type: string
+      version:
+        type: integer
+    type: object
   model.ErrorResponse:
     properties:
       error:
@@ -877,6 +896,30 @@ paths:
       summary: Updates a policy
       tags:
       - Policy
+  /v1/policies/{identifier}/matches:
+    get:
+      produces:
+      - application/json
+      responses:
+        "200":
+          description: OK
+          schema:
+            items:
+              $ref: '#/definitions/model.CompiledPolicy'
+            type: array
+        "404":
+          description: Not Found
+          schema:
+            $ref: '#/definitions/model.ErrorResponse'
+        "500":
+          description: Internal Server Error
+          schema:
+            $ref: '#/definitions/model.ErrorResponse'
+      security:
+      - Authentication: []
+      summary: Retrieve compiled policies
+      tags:
+      - Policy
   /v1/principals:
     get:
       parameters:

diff --git a/backend/internal/http/handler/compiled.go b/backend/internal/http/handler/compiled.go
@@ -0,0 +1,44 @@
+package handler
+
+import (
+	"net/http"
+
+	"github.com/eko/authz/backend/internal/entity/manager"
+	"github.com/eko/authz/backend/internal/entity/repository"
+	"github.com/eko/authz/backend/internal/http/handler/model"
+	"github.com/gofiber/fiber/v2"
+)
+
+// Retrieve compiled policies
+//
+//	@security	Authentication
+//	@Summary	Retrieve compiled policies
+//	@Tags		Policy
+//	@Produce	json
+//	@Success	200	{object}	[]model.CompiledPolicy
+//	@Failure	404	{object}	model.ErrorResponse
+//	@Failure	500	{object}	model.ErrorResponse
+//	@Router		/v1/policies/{identifier}/matches [Get]
+func CompiledList(
+	compiledManager manager.CompiledPolicy,
+) fiber.Handler {
+	return func(c *fiber.Ctx) error {
+		page, size, err := paginate(c)
+		if err != nil {
+			return returnError(c, http.StatusInternalServerError, err)
+		}
+
+		// List policies
+		compiledPolicies, total, err := compiledManager.GetRepository().Find(
+			repository.WithPage(page),
+			repository.WithSize(size),
+			repository.WithFilter(httpFilterToORM(c)),
+			repository.WithSort(httpSortToORM(c)),
+		)
+		if err != nil {
+			return returnError(c, http.StatusInternalServerError, err)
+		}
+
+		return c.JSON(model.NewPaginated(compiledPolicies, total, page, size))
+	}
+}