Fixed policy creation when non-existant resource wildcard is specified

eko · Jul 22, 2023 · 5019178 · 5019178
1 parent f6898f3
commit 5019178
Show file tree

Hide file tree

Showing 5 changed files with 131 additions and 74 deletions.
diff --git a/backend/functional/features/policy.feature b/backend/functional/features/policy.feature
@@ -47,6 +47,27 @@ Feature: policy
       }
       """
 
+  Scenario: Create a new policy on wildcard value (when resource does not exists)
+    Given I authenticate with username "admin" and password "changeme"
+    When I send "POST" request to "/v1/policies" with payload:
+      """
+      {
+        "id": "my-post-123-policy",
+        "resources": [
+            "post.*"
+        ],
+        "actions": ["create"]
+      }
+      """
+    Then the response code should be 500
+    And the response should match json:
+      """
+      {
+        "error": true,
+        "message": "unable to retrieve any resource of kind \"post\""
+      }
+      """
+
   Scenario: Update a policy
     Given I authenticate with username "admin" and password "changeme"
     And I send "POST" request to "/v1/resources" with payload:

diff --git a/backend/internal/entity/manager/policy.go b/backend/internal/entity/manager/policy.go
@@ -154,6 +154,19 @@ func (m *policyManager) attachToPolicy(
 		kind, value := ResourceSplit(resource)
 
 		if errors.Is(err, gorm.ErrRecordNotFound) && value == WildcardValue {
+			resourcePrefix := resource + ResourceSeparator
+
+			resourcePrefixCounter, err := m.resourceManager.GetRepository().CountByFields(map[string]repository.FieldValue{
+				"kind": {Operator: "=", Value: kind},
+			})
+			if err != nil {
+				return fmt.Errorf("unable to count resource prefixed by %q: %v", resourcePrefix, err)
+			}
+
+			if resourcePrefixCounter == 0 {
+				return fmt.Errorf("unable to retrieve any resource of kind %q", kind)
+			}
+
 			resourceObject, err = m.resourceManager.Create(resource, kind, value, map[string]any{})
 			if err != nil {
 				return fmt.Errorf("unable to create wildcard resource %v: %v", resource, err)

diff --git a/backend/internal/entity/repository/base.go b/backend/internal/entity/repository/base.go
@@ -82,6 +82,7 @@ func WithSkipPagination() QueryOption {
 type Base[T model.Models] interface {
 	Create(object ...*T) error
 	DB() *gorm.DB
+	CountByFields(fieldValues map[string]FieldValue, options ...QueryOption) (int64, error)
 	Delete(object *T) error
 	DeleteByFields(fieldValues map[string]FieldValue) error
 	Find(options ...QueryOption) ([]*T, int64, error)
@@ -167,6 +168,28 @@ func (r *base[T]) Get(identifier string, options ...QueryOption) (*T, error) {
 	return result, nil
 }
 
+// Count allows to count values of the current type from the specified field and value.
+func (r *base[T]) CountByFields(fieldValues map[string]FieldValue, options ...QueryOption) (int64, error) {
+	var total int64
+	result := new(T)
+
+	db := r.applyOptions(options)
+
+	for field, value := range fieldValues {
+		if value.Raw != nil {
+			db = db.Where(value.Raw)
+		} else {
+			db = db.Where(fmt.Sprintf("%s %s ?", field, value.Operator), value.Value)
+		}
+	}
+
+	if err := db.Model(&result).Count(&total).Error; err != nil {
+		return 0, err
+	}
+
+	return total, nil
+}
+
 // GetByFields allows to retrieve a value of the current type from the database
 // filtered by the given field names and values.
 func (r *base[T]) GetByFields(fieldValues map[string]FieldValue, options ...QueryOption) (*T, error) {

diff --git a/frontend/package-lock.json b/frontend/package-lock.json
diff --git a/frontend/package.json b/frontend/package.json
@@ -11,8 +11,8 @@
     "@mui/lab": "^5.0.0-alpha.137",
     "@mui/material": "^5.14.1",
     "@mui/styled-engine-sc": "^5.12.0",
-    "@mui/x-data-grid": "^6.10.0",
-    "@mui/x-date-pickers": "^6.10.0",
+    "@mui/x-data-grid": "^6.10.1",
+    "@mui/x-date-pickers": "^6.10.1",
     "@nivo/bar": "^0.83.0",
     "@nivo/core": "^0.83.0",
     "@nivo/pie": "^0.83.0",