From 56a104646d6f92d8d2f52b6808b00425aa297d13 Mon Sep 17 00:00:00 2001 From: Wayne Zhang Date: Tue, 22 Oct 2019 17:54:50 -0700 Subject: [PATCH] Update googleapis with latest CheckError codes --- repositories.bzl | 8 ++-- .../service_control/check_response_test.cc | 38 +++++++++++++++++-- src/api_manager/service_control/proto.cc | 22 +++++++++++ 3 files changed, 59 insertions(+), 9 deletions(-) diff --git a/repositories.bzl b/repositories.bzl index 4b430c744..5ff2c4d88 100644 --- a/repositories.bzl +++ b/repositories.bzl @@ -511,8 +511,6 @@ cc_proto_library( "google/api/log.proto", "google/api/logging.proto", "google/api/metric.proto", - "google/api/experimental/experimental.proto", - "google/api/experimental/authorization_config.proto", "google/api/monitored_resource.proto", "google/api/monitoring.proto", "google/api/resource.proto", @@ -551,9 +549,9 @@ cc_proto_library( name = "googleapis_git", build_file_content = BUILD, patch_cmds = ["find . -type f -name '*BUILD*' | xargs rm"], - strip_prefix = "googleapis-32a10f69e2c9ce15bba13ab1ff928bacebb25160", # May 20, 2019 - url = "https://github.com/googleapis/googleapis/archive/32a10f69e2c9ce15bba13ab1ff928bacebb25160.tar.gz", - sha256 = "6861efa8619579e06e70dd4765cdf6cef1ecad6a1a2026ad750541e99552bf71", + strip_prefix = "googleapis-ae7a4cc69cc1e206b16f1b9db803907d7a3d97c8", # Oct 22, 2019 + url = "https://github.com/googleapis/googleapis/archive/ae7a4cc69cc1e206b16f1b9db803907d7a3d97c8.tar.gz", + sha256 = "f96e11515c302045e8ab6708ba68d7cea8a02e2a96add92033315ff894076980", ) if bind: diff --git a/src/api_manager/service_control/check_response_test.cc b/src/api_manager/service_control/check_response_test.cc index 3028efc21..05b952935 100644 --- a/src/api_manager/service_control/check_response_test.cc +++ b/src/api_manager/service_control/check_response_test.cc @@ -123,19 +123,49 @@ TEST(CheckResponseTest, EXPECT_EQ(Code::PERMISSION_DENIED, result.code()); } +TEST(CheckResponseTest, WhenResponseIsBlockedWithSecurityPolicyViolated) { + Status result = + ConvertCheckErrorToStatus(CheckError::SECURITY_POLICY_VIOLATED); + EXPECT_EQ(Code::PERMISSION_DENIED, result.code()); +} + +TEST(CheckResponseTest, WhenResponseIsBlockedWithInvalidCredentail) { + Status result = ConvertCheckErrorToStatus(CheckError::INVALID_CREDENTIAL); + EXPECT_EQ(Code::PERMISSION_DENIED, result.code()); +} + +TEST(CheckResponseTest, WhenResponseIsBlockedWithLocationPolicyViolated) { + Status result = + ConvertCheckErrorToStatus(CheckError::LOCATION_POLICY_VIOLATED); + EXPECT_EQ(Code::PERMISSION_DENIED, result.code()); +} + +TEST(CheckResponseTest, WhenResponseIsBlockedWithConsumerInvalid) { + Status result = ConvertCheckErrorToStatus(CheckError::CONSUMER_INVALID); + EXPECT_EQ(Code::PERMISSION_DENIED, result.code()); +} + TEST(CheckResponseTest, FailOpenWhenResponseIsUnknownNamespaceLookup) { EXPECT_TRUE( ConvertCheckErrorToStatus(CheckError::NAMESPACE_LOOKUP_UNAVAILABLE).ok()); } -TEST(CheckResponseTest, FailOpenWhenResponseIsUnknownBillingStatus) { +TEST(CheckResponseTest, UnavailableCheckErrorStatus) { EXPECT_TRUE( ConvertCheckErrorToStatus(CheckError::BILLING_STATUS_UNAVAILABLE).ok()); -} - -TEST(CheckResponseTest, FailOpenWhenResponseIsUnknownServiceStatus) { EXPECT_TRUE( ConvertCheckErrorToStatus(CheckError::SERVICE_STATUS_UNAVAILABLE).ok()); + EXPECT_TRUE( + ConvertCheckErrorToStatus(CheckError::QUOTA_CHECK_UNAVAILABLE).ok()); + EXPECT_TRUE(ConvertCheckErrorToStatus( + CheckError::CLOUD_RESOURCE_MANAGER_BACKEND_UNAVAILABLE) + .ok()); + EXPECT_TRUE( + ConvertCheckErrorToStatus(CheckError::SECURITY_POLICY_BACKEND_UNAVAILABLE) + .ok()); + EXPECT_TRUE( + ConvertCheckErrorToStatus(CheckError::LOCATION_POLICY_BACKEND_UNAVAILABLE) + .ok()); } } // namespace service_control diff --git a/src/api_manager/service_control/proto.cc b/src/api_manager/service_control/proto.cc index 1f1c9d757..ae1325ba9 100644 --- a/src/api_manager/service_control/proto.cc +++ b/src/api_manager/service_control/proto.cc @@ -1470,9 +1470,31 @@ Status Proto::ConvertCheckResponse(const CheckResponse& check_response, std::string("API ") + service_name + " has billing disabled. Please enable it.", Status::SERVICE_CONTROL); + case CheckError::SECURITY_POLICY_VIOLATED: + return Status(Code::PERMISSION_DENIED, + "Request is not allowed as per security policies.", + Status::SERVICE_CONTROL); + case CheckError::INVALID_CREDENTIAL: + return Status(Code::PERMISSION_DENIED, + "The credential in the request can not be verified", + Status::SERVICE_CONTROL); + case CheckError::LOCATION_POLICY_VIOLATED: + return Status(Code::PERMISSION_DENIED, + "Request is not allowed as per location policies.", + Status::SERVICE_CONTROL); + case CheckError::CONSUMER_INVALID: + return Status(Code::PERMISSION_DENIED, + "The consumer from the API key does not represent" + " a valid consumer folder or organization", + Status::SERVICE_CONTROL); + case CheckError::NAMESPACE_LOOKUP_UNAVAILABLE: case CheckError::SERVICE_STATUS_UNAVAILABLE: case CheckError::BILLING_STATUS_UNAVAILABLE: + case CheckError::QUOTA_CHECK_UNAVAILABLE: + case CheckError::CLOUD_RESOURCE_MANAGER_BACKEND_UNAVAILABLE: + case CheckError::SECURITY_POLICY_BACKEND_UNAVAILABLE: + case CheckError::LOCATION_POLICY_BACKEND_UNAVAILABLE: // Fail open for internal server errors per recommendation return Status::OK; default: