From e7e28cfc86ec79d4964a5647d826edce5c391d49 Mon Sep 17 00:00:00 2001 From: Samuel Date: Fri, 22 Mar 2024 17:53:35 +0100 Subject: [PATCH] Fix principal id in rego files (#177) --- apps/policy-engine/src/engine/app.controller.ts | 7 ++++++- .../rego/__test__/criteria/principal_test.rego | 2 +- .../rego/__test__/main_test.rego | 10 +++++----- .../rego/__test__/policies/e2e_test.rego | 8 ++++---- .../rego/criteria/approval.rego | 16 ++++++++-------- .../rego/criteria/principal.rego | 4 ++-- 6 files changed, 26 insertions(+), 21 deletions(-) diff --git a/apps/policy-engine/src/engine/app.controller.ts b/apps/policy-engine/src/engine/app.controller.ts index 449a55923..a338cb530 100644 --- a/apps/policy-engine/src/engine/app.controller.ts +++ b/apps/policy-engine/src/engine/app.controller.ts @@ -30,7 +30,12 @@ export class AppController { body }) - return this.evaluationService.evaluate(FIXTURE.ORGANIZATION.id, body) + const result = await this.evaluationService.evaluate(FIXTURE.ORGANIZATION.id, body) + + this.logger.log({ + message: 'Evaluation result', + body: result + }) } @Post('/evaluation-demo') diff --git a/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/criteria/principal_test.rego b/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/criteria/principal_test.rego index d25bc974d..816adda3b 100644 --- a/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/criteria/principal_test.rego +++ b/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/criteria/principal_test.rego @@ -4,7 +4,7 @@ test_principal { user = principal with input as request with data.entities as entities - user == {"uid": "test-bob-uid", "role": "root"} + user == {"id": "test-bob-uid", "role": "root"} groups = principalGroups with input as request with data.entities as entities diff --git a/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/main_test.rego b/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/main_test.rego index 8b5240749..8d6760677 100644 --- a/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/main_test.rego +++ b/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/main_test.rego @@ -115,23 +115,23 @@ request = { entities = { "users": { "test-bob-uid": { - "uid": "test-bob-uid", + "id": "test-bob-uid", "role": "root", }, "test-alice-uid": { - "uid": "test-alice-uid", + "id": "test-alice-uid", "role": "member", }, "test-bar-uid": { - "uid": "test-bar-uid", + "id": "test-bar-uid", "role": "admin", }, "test-foo-uid": { - "uid": "test-foo-uid", + "id": "test-foo-uid", "role": "admin", }, "0xaaa8ee1cbaa1856f4550c6fc24abb16c5c9b2a43": { - "uid": "0xaaa8ee1cbaa1856f4550c6fc24abb16c5c9b2a43", + "id": "0xaaa8ee1cbaa1856f4550c6fc24abb16c5c9b2a43", "role": "admin", }, }, diff --git a/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/policies/e2e_test.rego b/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/policies/e2e_test.rego index 28d2e315b..771c15485 100644 --- a/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/policies/e2e_test.rego +++ b/apps/policy-engine/src/resource/open-policy-agent/rego/__test__/policies/e2e_test.rego @@ -120,10 +120,10 @@ e2e_req = { e2e_entities = { "users": { - "u:root_user": {"uid": "u:root_user", "role": "root"}, - "matt@narval.xyz": {"uid": "matt@narval.xyz", "role": "admin"}, - "aa@narval.xyz": {"uid": "aa@narval.xyz", "role": "admin"}, - "bb@narval.xyz": {"uid": "bb@narval.xyz", "role": "admin"}, + "u:root_user": {"id": "u:root_user", "role": "root"}, + "matt@narval.xyz": {"id": "matt@narval.xyz", "role": "admin"}, + "aa@narval.xyz": {"id": "aa@narval.xyz", "role": "admin"}, + "bb@narval.xyz": {"id": "bb@narval.xyz", "role": "admin"}, }, "userGroups": { "ug:dev-group": {"uid": "ug:dev-group", "name": "Dev", "users": ["matt@narval.xyz"]}, diff --git a/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/approval.rego b/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/approval.rego index 110e1a5a7..edf9fe031 100644 --- a/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/approval.rego +++ b/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/approval.rego @@ -30,7 +30,7 @@ getApprovalsCount(possibleApprovers) = result { checkApproval(approval) = result { approval.countPrincipal == true approval.approvalEntityType == "Narval::User" - possibleApprovers = {entity | entity = approval.entityIds[_]} | {principal.uid} + possibleApprovers = {entity | entity = approval.entityIds[_]} | {principal.id} result = getApprovalsCount(possibleApprovers) } @@ -39,7 +39,7 @@ checkApproval(approval) = result { approval.approvalEntityType == "Narval::User" possibleApprovers = {entity | entity = approval.entityIds[_] - entity != principal.uid + entity != principal.id } result = getApprovalsCount(possibleApprovers) } @@ -53,7 +53,7 @@ checkApproval(approval) = result { entity = approval.entityIds[_] users = userGroupsEntities[entity].users user = users[_] - } | {principal.uid} + } | {principal.id} result = getApprovalsCount(possibleApprovers) } @@ -65,7 +65,7 @@ checkApproval(approval) = result { entity = approval.entityIds[_] users = userGroupsEntities[entity].users user = users[_] - user != principal.uid + user != principal.id } result = getApprovalsCount(possibleApprovers) @@ -76,10 +76,10 @@ checkApproval(approval) = result { checkApproval(approval) = result { approval.countPrincipal == true approval.approvalEntityType == "Narval::UserRole" - possibleApprovers = {user.uid | + possibleApprovers = {user.id | user = usersEntities[_] user.role in approval.entityIds - } | {principal.uid} + } | {principal.id} result = getApprovalsCount(possibleApprovers) } @@ -87,10 +87,10 @@ checkApproval(approval) = result { checkApproval(approval) = result { approval.countPrincipal == false approval.approvalEntityType == "Narval::UserRole" - possibleApprovers = {user.uid | + possibleApprovers = {user.id | user = usersEntities[_] user.role in approval.entityIds - user.uid != principal.uid + user.id != principal.id } result = getApprovalsCount(possibleApprovers) diff --git a/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/principal.rego b/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/principal.rego index 8deba84d2..401d463c2 100644 --- a/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/principal.rego +++ b/apps/policy-engine/src/resource/open-policy-agent/rego/criteria/principal.rego @@ -11,14 +11,14 @@ principalGroups = {group.uid | isPrincipalRootUser = principal.role == "root" -isPrincipalAssignedToWallet = principal.uid in resource.assignees +isPrincipalAssignedToWallet = principal.id in resource.assignees checkPrincipal { not isPrincipalRootUser isPrincipalAssignedToWallet } -checkPrincipalId(values) = principal.uid in values +checkPrincipalId(values) = principal.id in values checkPrincipalRole(values) = principal.role in values