diff --git a/apps/policy-engine/src/open-policy-agent/core/__test__/unit/open-policy-agent.engine.spec.ts b/apps/policy-engine/src/open-policy-agent/core/__test__/unit/open-policy-agent.engine.spec.ts index 326e9914f..7ce3bf964 100644 --- a/apps/policy-engine/src/open-policy-agent/core/__test__/unit/open-policy-agent.engine.spec.ts +++ b/apps/policy-engine/src/open-policy-agent/core/__test__/unit/open-policy-agent.engine.spec.ts @@ -73,8 +73,7 @@ describe('OpenPolicyAgentEngine', () => { credentials: [], tokens: [], userGroupMembers: [], - accountGroups: [], - userGroups: [], + groups: [], userAccounts: [], users: [], accountGroupMembers: [], diff --git a/packages/armory-e2e-testing/src/__test__/e2e/criterion/check-rate-limit.spec.ts b/packages/armory-e2e-testing/src/__test__/e2e/criterion/check-rate-limit.spec.ts index 344dd3589..98e8bea3e 100644 --- a/packages/armory-e2e-testing/src/__test__/e2e/criterion/check-rate-limit.spec.ts +++ b/packages/armory-e2e-testing/src/__test__/e2e/criterion/check-rate-limit.spec.ts @@ -17,6 +17,13 @@ const systemManagerHexPk = FIXTURE.UNSAFE_PRIVATE_KEY.Root const ericPrivateKey = FIXTURE.UNSAFE_PRIVATE_KEY.Eric const alicePrivateKey = FIXTURE.UNSAFE_PRIVATE_KEY.Alice +// !! This criteria is not meant to be used alone in a policy. +// !! This criteria matches ALL incoming requests. +// !! Filters of the criteria are used to filter historical data, not incoming request +// !! If you have one policy that permits based on a group spendings +// !! It will allow anyone even if they are not in the group to spend until the aggregated limit is reached +// !! Spendings of people not in the group will not be counted against the group limit + describe('checkRateLimit', () => { describe('rate limiting by principal', () => { const request: Request = { diff --git a/packages/armory-e2e-testing/src/__test__/e2e/criterion/check-spending-limit-legacy-overlapping-groups.spec.ts b/packages/armory-e2e-testing/src/__test__/e2e/criterion/check-spending-limit-legacy-overlapping-groups.spec.ts index 41546d318..bb7f9f159 100644 --- a/packages/armory-e2e-testing/src/__test__/e2e/criterion/check-spending-limit-legacy-overlapping-groups.spec.ts +++ b/packages/armory-e2e-testing/src/__test__/e2e/criterion/check-spending-limit-legacy-overlapping-groups.spec.ts @@ -19,6 +19,13 @@ const ericPrivateKey = FIXTURE.UNSAFE_PRIVATE_KEY.Eric const alicePrivateKey = FIXTURE.UNSAFE_PRIVATE_KEY.Alice const davePrivateKey = FIXTURE.UNSAFE_PRIVATE_KEY.Dave +// !! This criteria is not meant to be used alone in a policy. +// !! This criteria matches ALL incoming requests. +// !! Filters of the criteria are used to filter historical data, not incoming request +// !! If you have one policy that permits based on a group spendings +// !! It will allow anyone even if they are not in the group to spend until the aggregated limit is reached +// !! Spendings of people not in the group will not be counted against the group limit + describe('checkSpendingLimit with overlapping legacy group entities', () => { describe('by groupId', () => { const request: Request = { diff --git a/packages/armory-e2e-testing/src/__test__/e2e/criterion/check-spending-limit.spec.ts b/packages/armory-e2e-testing/src/__test__/e2e/criterion/check-spending-limit.spec.ts index bebcf5fbf..17d13b85a 100644 --- a/packages/armory-e2e-testing/src/__test__/e2e/criterion/check-spending-limit.spec.ts +++ b/packages/armory-e2e-testing/src/__test__/e2e/criterion/check-spending-limit.spec.ts @@ -19,6 +19,12 @@ const ericPrivateKey = FIXTURE.UNSAFE_PRIVATE_KEY.Eric const alicePrivateKey = FIXTURE.UNSAFE_PRIVATE_KEY.Alice const davePrivateKey = FIXTURE.UNSAFE_PRIVATE_KEY.Dave +// !! This criteria is not meant to be used alone in a policy. +// !! This criteria matches ALL incoming requests. +// !! Filters of the criteria are used to filter historical data, not incoming request +// !! If you have one policy that permits based on a group spendings +// !! It will allow anyone even if they are not in the group to spend until the aggregated limit is reached +// !! Spendings of people not in the group will not be counted against the group limit describe('checkSpendingLimit', () => { describe('by groupId', () => { const request: Request = { diff --git a/packages/armory-sdk/src/lib/data-store/client.ts b/packages/armory-sdk/src/lib/data-store/client.ts index 6116e00c3..a4c1f51b2 100644 --- a/packages/armory-sdk/src/lib/data-store/client.ts +++ b/packages/armory-sdk/src/lib/data-store/client.ts @@ -68,7 +68,7 @@ export class EntityStoreClient { */ async push(store: { data: Partial; signature: string }): Promise { const { data } = await this.dataStoreHttp.setEntities(this.config.clientId, { - data: this.populate(store.data) as any, + data: this.populate(store.data), signature: store.signature }) diff --git a/packages/armory-sdk/src/lib/http/client/auth/api.ts b/packages/armory-sdk/src/lib/http/client/auth/api.ts index 05d2ff336..39f3ce60d 100644 --- a/packages/armory-sdk/src/lib/http/client/auth/api.ts +++ b/packages/armory-sdk/src/lib/http/client/auth/api.ts @@ -1692,10 +1692,22 @@ export interface EntityDataStoreDtoEntityData { 'accountGroupMembers': Array; /** * - * @type {Array} + * @type {Array} * @memberof EntityDataStoreDtoEntityData */ - 'groups': Array; + 'accountGroups'?: Array; + /** + * + * @type {Array} + * @memberof EntityDataStoreDtoEntityData + */ + 'groups'?: Array; + /** + * + * @type {Array} + * @memberof EntityDataStoreDtoEntityData + */ + 'userGroups'?: Array; /** * * @type {Array} @@ -1722,6 +1734,19 @@ export interface EntityDataStoreDtoEntityDataAccountGroupMembersInner { */ 'groupId': string; } +/** + * + * @export + * @interface EntityDataStoreDtoEntityDataAccountGroupsInner + */ +export interface EntityDataStoreDtoEntityDataAccountGroupsInner { + /** + * + * @type {string} + * @memberof EntityDataStoreDtoEntityDataAccountGroupsInner + */ + 'id': string; +} /** * * @export @@ -1827,19 +1852,6 @@ export interface EntityDataStoreDtoEntityDataCredentialsInner { */ 'key': CreateClientResponseDtoPolicyEngineNodesInnerPublicKey; } -/** - * - * @export - * @interface EntityDataStoreDtoEntityDataGroupsInner - */ -export interface EntityDataStoreDtoEntityDataGroupsInner { - /** - * - * @type {string} - * @memberof EntityDataStoreDtoEntityDataGroupsInner - */ - 'id': string; -} /** * * @export diff --git a/packages/policy-engine-shared/src/lib/schema/entity.schema.ts b/packages/policy-engine-shared/src/lib/schema/entity.schema.ts index f46ec2ca9..4b81be336 100644 --- a/packages/policy-engine-shared/src/lib/schema/entity.schema.ts +++ b/packages/policy-engine-shared/src/lib/schema/entity.schema.ts @@ -101,8 +101,14 @@ export const entitiesSchema = z.object({ userAccounts: z.array(userAccountEntitySchema), users: z.array(userEntitySchema), accountGroupMembers: z.array(accountGroupMemberEntitySchema), + /** + * @deprecated use groups instead + */ accountGroups: z.array(accountGroupEntitySchema).optional(), - groups: z.array(groupEntitySchema).optional(), + /** + * @deprecated use groups instead + */ userGroups: z.array(userGroupEntitySchema).optional(), - accounts: z.array(accountEntitySchema) + accounts: z.array(accountEntitySchema), + groups: z.array(groupEntitySchema).optional() }) diff --git a/packages/policy-engine-shared/src/lib/util/entity.util.ts b/packages/policy-engine-shared/src/lib/util/entity.util.ts index adbfa2f98..2ebcc7abf 100644 --- a/packages/policy-engine-shared/src/lib/util/entity.util.ts +++ b/packages/policy-engine-shared/src/lib/util/entity.util.ts @@ -194,8 +194,7 @@ export const empty = (): Entities => ({ users: [], accountGroupMembers: [], accounts: [], - userGroups: [], - accountGroups: [] + groups: [] }) export const removeUserById = (entities: Entities, userId: string): Entities => {