forked from raystack/guardian
-
Notifications
You must be signed in to change notification settings - Fork 2
/
policy.go
124 lines (103 loc) · 3.72 KB
/
policy.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
package v1beta1
import (
"context"
"errors"
guardianv1beta1 "github.com/goto/guardian/api/proto/gotocompany/guardian/v1beta1"
"github.com/goto/guardian/core/policy"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
)
func (s *GRPCServer) ListPolicies(ctx context.Context, req *guardianv1beta1.ListPoliciesRequest) (*guardianv1beta1.ListPoliciesResponse, error) {
policies, err := s.policyService.Find(ctx)
if err != nil {
return nil, s.internalError(ctx, "failed to get policy list: %v", err)
}
policyProtos := []*guardianv1beta1.Policy{}
for _, p := range policies {
p.RemoveSensitiveValues()
policyProto, err := s.adapter.ToPolicyProto(p)
if err != nil {
return nil, s.internalError(ctx, "failed to parse policy %v: %v", p.ID, err)
}
policyProtos = append(policyProtos, policyProto)
}
return &guardianv1beta1.ListPoliciesResponse{
Policies: policyProtos,
}, nil
}
func (s *GRPCServer) GetPolicy(ctx context.Context, req *guardianv1beta1.GetPolicyRequest) (*guardianv1beta1.GetPolicyResponse, error) {
p, err := s.policyService.GetOne(ctx, req.GetId(), uint(req.GetVersion()))
if err != nil {
switch err {
case policy.ErrPolicyNotFound:
return nil, status.Error(codes.NotFound, "policy not found")
default:
return nil, s.internalError(ctx, "failed to retrieve policy: %v", err)
}
}
p.RemoveSensitiveValues()
policyProto, err := s.adapter.ToPolicyProto(p)
if err != nil {
return nil, s.internalError(ctx, "failed to parse policy: %v", err)
}
return &guardianv1beta1.GetPolicyResponse{
Policy: policyProto,
}, nil
}
func (s *GRPCServer) CreatePolicy(ctx context.Context, req *guardianv1beta1.CreatePolicyRequest) (*guardianv1beta1.CreatePolicyResponse, error) {
if req.GetDryRun() {
ctx = policy.WithDryRun(ctx)
}
p := s.adapter.FromPolicyProto(req.GetPolicy())
if err := s.policyService.Create(ctx, p); err != nil {
return nil, s.internalError(ctx, "failed to create policy: %v", err)
}
policyProto, err := s.adapter.ToPolicyProto(p)
if err != nil {
return nil, s.internalError(ctx, "failed to parse policy: %v", err)
}
return &guardianv1beta1.CreatePolicyResponse{
Policy: policyProto,
}, nil
}
func (s *GRPCServer) UpdatePolicy(ctx context.Context, req *guardianv1beta1.UpdatePolicyRequest) (*guardianv1beta1.UpdatePolicyResponse, error) {
if req.GetDryRun() {
ctx = policy.WithDryRun(ctx)
}
p := s.adapter.FromPolicyProto(req.GetPolicy())
p.ID = req.GetId()
if err := s.policyService.Update(ctx, p); err != nil {
if errors.Is(err, policy.ErrPolicyNotFound) {
return nil, status.Error(codes.NotFound, "policy not found")
} else if errors.Is(err, policy.ErrEmptyIDParam) {
return nil, status.Error(codes.InvalidArgument, err.Error())
}
return nil, s.internalError(ctx, "failed to update policy: %v", err)
}
policyProto, err := s.adapter.ToPolicyProto(p)
if err != nil {
return nil, s.internalError(ctx, "failed to parse policy: %v", err)
}
return &guardianv1beta1.UpdatePolicyResponse{
Policy: policyProto,
}, nil
}
func (s *GRPCServer) GetPolicyPreferences(ctx context.Context, req *guardianv1beta1.GetPolicyPreferencesRequest) (*guardianv1beta1.GetPolicyPreferencesResponse, error) {
p, err := s.policyService.GetOne(ctx, req.GetId(), uint(req.GetVersion()))
if err != nil {
switch err {
case policy.ErrPolicyNotFound:
return nil, status.Error(codes.NotFound, "policy not found")
default:
return nil, s.internalError(ctx, "failed to retrieve policy: %v", err)
}
}
p.RemoveSensitiveValues()
appealConfigProto, err := s.adapter.ToPolicyAppealConfigProto(p)
if err != nil {
return nil, s.internalError(ctx, "failed to parse policy preferences: %v", err)
}
return &guardianv1beta1.GetPolicyPreferencesResponse{
Appeal: appealConfigProto,
}, nil
}