17816287169

Committed 18 Sep 2025 02:37AM UTC coverage: 69.124% (-0.3%) from 69.44%

Build # 17816287169

Build Type

push

github

Committed by

web-flow

Commit Message

feat: introduce create resource API (#222)

* docs: add tips for generating proto from a local file

* feat: introduce create resource API

* chore: update proto

* chore: add more validations

* chore: wrap error with more message detail

* feat: validate resource conflict on creation

* chore: update proto

* chore: update proto

Run Details

0 of 84 new or added lines in 5 files covered. (0.0%)

191 existing lines in 8 files now uncovered.

11373 of 16453 relevant lines covered (69.12%)

4.64 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

71.8

/api/handler/v1beta1/adapter.go

package v1beta1

import (
        "fmt"

        "github.com/mitchellh/mapstructure"
        "google.golang.org/protobuf/types/known/structpb"
        "google.golang.org/protobuf/types/known/timestamppb"

        guardianv1beta1 "github.com/goto/guardian/api/proto/gotocompany/guardian/v1beta1"
        "github.com/goto/guardian/domain"
)

type adapter struct{}

func NewAdapter() *adapter {
        return &adapter{}
}

func (a *adapter) FromProviderProto(p *guardianv1beta1.Provider) (*domain.Provider, error) {
        provider := &domain.Provider{
                ID:   p.GetId(),
                Type: p.GetType(),
                URN:  p.GetUrn(),
        }

        if p.GetConfig() != nil {
                provider.Config = a.FromProviderConfigProto(p.GetConfig())
        }

        if p.GetCreatedAt() != nil {
                provider.CreatedAt = p.GetCreatedAt().AsTime()
        }
        if p.GetUpdatedAt() != nil {
                provider.UpdatedAt = p.GetUpdatedAt().AsTime()
        }

        return provider, nil
}

func (a *adapter) FromProviderConfigProto(pc *guardianv1beta1.ProviderConfig) *domain.ProviderConfig {
        providerConfig := &domain.ProviderConfig{
                Type:        pc.GetType(),
                URN:         pc.GetUrn(),
                Labels:      pc.GetLabels(),
                Credentials: pc.GetCredentials().AsInterface(),
        }

        if pc.GetAppeal() != nil {
                appealConfig := &domain.AppealConfig{}
                appealConfig.AllowPermanentAccess = pc.GetAppeal().GetAllowPermanentAccess()
                appealConfig.AllowActiveAccessExtensionIn = pc.GetAppeal().GetAllowActiveAccessExtensionIn()
                providerConfig.Appeal = appealConfig
        }

        if pc.GetResources() != nil {
                resources := []*domain.ResourceConfig{}
                for _, r := range pc.GetResources() {
                        roles := []*domain.Role{}
                        for _, roleProto := range r.GetRoles() {
                                role := &domain.Role{
                                        ID:          roleProto.GetId(),
                                        Name:        roleProto.GetName(),
                                        Description: roleProto.GetDescription(),
                                }

                                if roleProto.Permissions != nil {
                                        permissions := []interface{}{}
                                        for _, p := range roleProto.GetPermissions() {
                                                permissions = append(permissions, p.AsInterface())
                                        }
                                        role.Permissions = permissions
                                }

                                roles = append(roles, role)
                        }

                        resources = append(resources, &domain.ResourceConfig{
                                Type:   r.GetType(),
                                Filter: r.GetFilter(),
                                Policy: a.fromPolicyConfigProto(r.GetPolicy()),
                                Roles:  roles,
                        })
                }
                providerConfig.Resources = resources
        }

        if pc.GetParameters() != nil {
                parameters := []*domain.ProviderParameter{}
                for _, p := range pc.GetParameters() {
                        parameters = append(parameters, &domain.ProviderParameter{
                                Key:         p.GetKey(),
                                Label:       p.GetLabel(),
                                Required:    p.GetRequired(),
                                Description: p.GetDescription(),
                        })
                }
                providerConfig.Parameters = parameters
        }

        if pc.GetAllowedAccountTypes() != nil {
                providerConfig.AllowedAccountTypes = pc.GetAllowedAccountTypes()
        }

        if pc.GetPolicies() != nil {
                policies := []*domain.ProviderPolicy{}
                for _, p := range pc.GetPolicies() {
                        policies = append(policies, &domain.ProviderPolicy{
                                When:   p.GetWhen(),
                                Policy: p.GetPolicy(),
                        })
                }
                providerConfig.Policies = policies
        }

        return providerConfig
}

func (a *adapter) ToProviderProto(p *domain.Provider) (*guardianv1beta1.Provider, error) {
        providerProto := &guardianv1beta1.Provider{
                Id:   p.ID,
                Type: p.Type,
                Urn:  p.URN,
        }

        if p.Config != nil {
                config, err := a.ToProviderConfigProto(p.Config)
                if err != nil {
                        return nil, err
                }
                providerProto.Config = config
        }

        if !p.CreatedAt.IsZero() {
                providerProto.CreatedAt = timestamppb.New(p.CreatedAt)
        }
        if !p.UpdatedAt.IsZero() {
                providerProto.UpdatedAt = timestamppb.New(p.UpdatedAt)
        }

        return providerProto, nil
}

func (a *adapter) ToProviderConfigProto(pc *domain.ProviderConfig) (*guardianv1beta1.ProviderConfig, error) {
        providerConfigProto := &guardianv1beta1.ProviderConfig{
                Type:   pc.Type,
                Urn:    pc.URN,
                Labels: pc.Labels,
        }

        if pc.Credentials != nil {
                credentials, err := structpb.NewValue(pc.Credentials)
                if err != nil {
                        return nil, err
                }
                providerConfigProto.Credentials = credentials
        }

        if pc.Appeal != nil {
                providerConfigProto.Appeal = &guardianv1beta1.ProviderConfig_AppealConfig{
                        AllowPermanentAccess:         pc.Appeal.AllowPermanentAccess,
                        AllowActiveAccessExtensionIn: pc.Appeal.AllowActiveAccessExtensionIn,
                }
        }

        if pc.Resources != nil {
                resources := []*guardianv1beta1.ProviderConfig_ResourceConfig{}
                for _, rc := range pc.Resources {
                        roles := []*guardianv1beta1.Role{}
                        for _, role := range rc.Roles {
                                roleProto, err := a.ToRole(role)
                                if err != nil {
                                        return nil, err
                                }
                                roles = append(roles, roleProto)
                        }

                        resources = append(resources, &guardianv1beta1.ProviderConfig_ResourceConfig{
                                Type:   rc.Type,
                                Policy: a.toPolicyConfigProto(rc.Policy),
                                Roles:  roles,
                        })
                }
                providerConfigProto.Resources = resources
        }

        if pc.Parameters != nil {
                parameters := []*guardianv1beta1.ProviderConfig_ProviderParameter{}
                for _, p := range pc.Parameters {
                        parameters = append(parameters, &guardianv1beta1.ProviderConfig_ProviderParameter{
                                Key:         p.Key,
                                Label:       p.Label,
                                Required:    p.Required,
                                Description: p.Description,
                        })
                }
                providerConfigProto.Parameters = parameters
        }

        if pc.AllowedAccountTypes != nil {
                providerConfigProto.AllowedAccountTypes = pc.AllowedAccountTypes
        }

        if pc.Policies != nil {
                policies := []*guardianv1beta1.ProviderPolicy{}
                for _, p := range pc.Policies {
                        policies = append(policies, &guardianv1beta1.ProviderPolicy{
                                Policy: p.Policy,
                                When:   p.When,
                        })
                }
                providerConfigProto.Policies = policies
        }

        return providerConfigProto, nil
}

func (a *adapter) ToProviderTypeProto(pt domain.ProviderType) *guardianv1beta1.ProviderType {
        return &guardianv1beta1.ProviderType{
                Name:          pt.Name,
                ResourceTypes: pt.ResourceTypes,
        }
}

func (a *adapter) ToRole(role *domain.Role) (*guardianv1beta1.Role, error) {
        roleProto := &guardianv1beta1.Role{
                Id:          role.ID,
                Name:        role.Name,
                Description: role.Description,
        }

        if role.Permissions != nil {
                permissions := []*structpb.Value{}
                for _, p := range role.Permissions {
                        permission, err := structpb.NewValue(p)
                        if err != nil {
                                return nil, err
                        }
                        permissions = append(permissions, permission)
                }
                roleProto.Permissions = permissions
        }

        return roleProto, nil
}

func (a *adapter) FromPolicyProto(p *guardianv1beta1.Policy) *domain.Policy {
        policy := &domain.Policy{
                ID:          p.GetId(),
                Version:     uint(p.GetVersion()),
                Description: p.GetDescription(),
                Labels:      p.GetLabels(),
        }

        if p.GetSteps() != nil {
                var steps []*domain.Step
                for _, s := range p.GetSteps() {
                        steps = append(steps, &domain.Step{
                                Name:                  s.GetName(),
                                Description:           s.GetDescription(),
                                When:                  s.GetWhen(),
                                Strategy:              domain.ApprovalStepStrategy(s.GetStrategy()),
                                RejectionReason:       s.GetRejectionReason(),
                                ApproveIf:             s.GetApproveIf(),
                                AllowFailed:           s.GetAllowFailed(),
                                Approvers:             s.GetApprovers(),
                                DontAllowSelfApproval: s.GetDontAllowSelfApproval(),
                        })
                }
                policy.Steps = steps
        }

        if p.GetRequirements() != nil {
                var requirements []*domain.Requirement
                for _, r := range p.GetRequirements() {
                        var on *domain.RequirementTrigger
                        if r.GetOn() != nil {
                                var conditions []*domain.Condition
                                if r.GetOn().GetConditions() != nil {
                                        for _, c := range r.GetOn().GetConditions() {
                                                conditions = append(conditions, a.fromConditionProto(c))
                                        }
                                }

                                on = &domain.RequirementTrigger{
                                        ProviderType: r.GetOn().GetProviderType(),
                                        ProviderURN:  r.GetOn().GetProviderUrn(),
                                        ResourceType: r.GetOn().GetResourceType(),
                                        ResourceURN:  r.GetOn().GetResourceUrn(),
                                        Role:         r.GetOn().GetRole(),
                                        Conditions:   conditions,
                                        Expression:   r.GetOn().GetExpression(),
                                }
                        }

                        var additionalAppeals []*domain.AdditionalAppeal
                        if r.GetAppeals() != nil {
                                for _, aa := range r.GetAppeals() {
                                        var resource *domain.ResourceIdentifier
                                        if aa.GetResource() != nil {
                                                resource = &domain.ResourceIdentifier{
                                                        ProviderType: aa.GetResource().GetProviderType(),
                                                        ProviderURN:  aa.GetResource().GetProviderUrn(),
                                                        Type:         aa.GetResource().GetType(),
                                                        URN:          aa.GetResource().GetUrn(),
                                                        ID:           aa.GetResource().GetId(),
                                                }
                                        }

                                        additionalAppeals = append(additionalAppeals, &domain.AdditionalAppeal{
                                                Resource:    resource,
                                                Role:        aa.GetRole(),
                                                Options:     a.fromAppealOptionsProto(aa.GetOptions()),
                                                Policy:      a.fromPolicyConfigProto(aa.GetPolicy()),
                                                AccountType: aa.GetAccountType(),
                                        })
                                }
                        }

                        requirements = append(requirements, &domain.Requirement{
                                On:      on,
                                Appeals: additionalAppeals,
                        })
                        policy.Requirements = requirements
                }
        }

        if p.GetIam() != nil {
                policy.IAM = &domain.IAMConfig{
                        Provider: domain.IAMProviderType(p.GetIam().GetProvider()),
                        Config:   p.GetIam().GetConfig().AsInterface(),
                        Schema:   p.GetIam().GetSchema(),
                }
        }

        if p.GetAppeal() != nil {
                var durationOptions []domain.AppealDurationOption
                var questions []domain.Question
                var metadataSources map[string]*domain.AppealMetadataSource
                for _, d := range p.GetAppeal().GetDurationOptions() {
                        option := domain.AppealDurationOption{
                                Name:  d.GetName(),
                                Value: d.GetValue(),
                        }
                        durationOptions = append(durationOptions, option)
                }
                for _, q := range p.GetAppeal().GetQuestions() {
                        question := domain.Question{
                                Key:         q.GetKey(),
                                Question:    q.GetQuestion(),
                                Required:    q.GetRequired(),
                                Description: q.GetDescription(),
                        }
                        questions = append(questions, question)
                }

                if mds := p.GetAppeal().GetMetadataSources(); mds != nil {
                        metadataSources = make(map[string]*domain.AppealMetadataSource)
                        for key, metadataCfg := range mds {
                                metadataSources[key] = &domain.AppealMetadataSource{
                                        Name:        metadataCfg.GetName(),
                                        Description: metadataCfg.GetDescription(),
                                        Type:        metadataCfg.GetType(),
                                        Config:      metadataCfg.GetConfig().AsInterface(),
                                        Value:       metadataCfg.GetValue().AsInterface(),
                                }
                        }
                }

                policy.AppealConfig = &domain.PolicyAppealConfig{
                        DurationOptions:              durationOptions,
                        AllowOnBehalf:                p.GetAppeal().GetAllowOnBehalf(),
                        Questions:                    questions,
                        AllowPermanentAccess:         p.GetAppeal().GetAllowPermanentAccess(),
                        AllowActiveAccessExtensionIn: p.GetAppeal().GetAllowActiveAccessExtensionIn(),
                        AllowCreatorDetailsFailure:   p.GetAppeal().GetAllowCreatorDetailsFailure(),
                        MetadataSources:              metadataSources,
                }
        }

        if p.GetCreatedAt() != nil {
                policy.CreatedAt = p.GetCreatedAt().AsTime()
        }
        if p.GetUpdatedAt() != nil {
                policy.UpdatedAt = p.GetUpdatedAt().AsTime()
        }

        return policy
}

func (a *adapter) ToPolicyProto(p *domain.Policy) (*guardianv1beta1.Policy, error) {
        policyProto := &guardianv1beta1.Policy{
                Id:          p.ID,
                Version:     uint32(p.Version),
                Description: p.Description,
                Labels:      p.Labels,
        }

        if p.Steps != nil {
                var steps []*guardianv1beta1.Policy_ApprovalStep
                for _, s := range p.Steps {
                        steps = append(steps, &guardianv1beta1.Policy_ApprovalStep{
                                Name:                  s.Name,
                                Description:           s.Description,
                                When:                  s.When,
                                Strategy:              string(s.Strategy),
                                RejectionReason:       s.RejectionReason,
                                ApproveIf:             s.ApproveIf,
                                AllowFailed:           s.AllowFailed,
                                Approvers:             s.Approvers,
                                DontAllowSelfApproval: s.DontAllowSelfApproval,
                        })
                }
                policyProto.Steps = steps
        }

        if p.Requirements != nil {
                var requirements []*guardianv1beta1.Policy_Requirement
                for _, r := range p.Requirements {
                        var on *guardianv1beta1.Policy_Requirement_RequirementTrigger
                        if r.On != nil {
                                var conditions []*guardianv1beta1.Condition
                                if r.On.Conditions != nil {
                                        for _, c := range r.On.Conditions {
                                                condition, err := a.toConditionProto(c)
                                                if err != nil {
                                                        return nil, err
                                                }
                                                conditions = append(conditions, condition)
                                        }
                                }

                                on = &guardianv1beta1.Policy_Requirement_RequirementTrigger{
                                        ProviderType: r.On.ProviderType,
                                        ProviderUrn:  r.On.ProviderURN,
                                        ResourceType: r.On.ResourceType,
                                        ResourceUrn:  r.On.ResourceURN,
                                        Role:         r.On.Role,
                                        Conditions:   conditions,
                                        Expression:   r.On.Expression,
                                }
                        }

                        var additionalAppeals []*guardianv1beta1.Policy_Requirement_AdditionalAppeal
                        if r.Appeals != nil {
                                for _, aa := range r.Appeals {
                                        var resource *guardianv1beta1.Policy_Requirement_AdditionalAppeal_ResourceIdentifier
                                        if aa.Resource != nil {
                                                resource = &guardianv1beta1.Policy_Requirement_AdditionalAppeal_ResourceIdentifier{
                                                        ProviderType: aa.Resource.ProviderType,
                                                        ProviderUrn:  aa.Resource.ProviderURN,
                                                        Type:         aa.Resource.Type,
                                                        Urn:          aa.Resource.URN,
                                                        Id:           aa.Resource.ID,
                                                }
                                        }

                                        additionalAppeals = append(additionalAppeals, &guardianv1beta1.Policy_Requirement_AdditionalAppeal{
                                                Resource: resource,
                                                Role:     aa.Role,
                                                Options:  a.toAppealOptionsProto(aa.Options),
                                                Policy:   a.toPolicyConfigProto(aa.Policy),
                                        })
                                }
                        }

                        requirements = append(requirements, &guardianv1beta1.Policy_Requirement{
                                On:      on,
                                Appeals: additionalAppeals,
                        })
                        policyProto.Requirements = requirements
                }
        }

        if p.HasIAMConfig() {
                config, err := structpb.NewValue(p.IAM.Config)
                if err != nil {
                        return nil, err
                }

                policyProto.Iam = &guardianv1beta1.Policy_IAM{
                        Provider: string(p.IAM.Provider),
                        Config:   config,
                        Schema:   p.IAM.Schema,
                }
        }

        appealConfig, err := a.ToPolicyAppealConfigProto(p)
        if err != nil {
                return nil, fmt.Errorf("failed to convert appeal config to proto: %w", err)
        }
        policyProto.Appeal = appealConfig

        if !p.CreatedAt.IsZero() {
                policyProto.CreatedAt = timestamppb.New(p.CreatedAt)
        }
        if !p.UpdatedAt.IsZero() {
                policyProto.UpdatedAt = timestamppb.New(p.UpdatedAt)
        }

        return policyProto, nil
}

func (a *adapter) ToPolicyAppealConfigProto(p *domain.Policy) (*guardianv1beta1.PolicyAppealConfig, error) {
        if p.AppealConfig == nil {
                return nil, nil
        }

        policyAppealConfigProto := &guardianv1beta1.PolicyAppealConfig{}
        var durationOptions []*guardianv1beta1.PolicyAppealConfig_DurationOptions
        if p.AppealConfig.DurationOptions != nil {
                for _, d := range p.AppealConfig.DurationOptions {
                        durationOptions = append(durationOptions, &guardianv1beta1.PolicyAppealConfig_DurationOptions{
                                Name:  d.Name,
                                Value: d.Value,
                        })
                }
        }
        policyAppealConfigProto.DurationOptions = durationOptions
        policyAppealConfigProto.AllowOnBehalf = p.AppealConfig.AllowOnBehalf
        policyAppealConfigProto.AllowPermanentAccess = p.AppealConfig.AllowPermanentAccess
        policyAppealConfigProto.AllowActiveAccessExtensionIn = p.AppealConfig.AllowActiveAccessExtensionIn
        policyAppealConfigProto.AllowCreatorDetailsFailure = p.AppealConfig.AllowCreatorDetailsFailure

        for _, q := range p.AppealConfig.Questions {
                policyAppealConfigProto.Questions = append(policyAppealConfigProto.Questions, &guardianv1beta1.PolicyAppealConfig_Question{
                        Key:         q.Key,
                        Question:    q.Question,
                        Required:    q.Required,
                        Description: q.Description,
                })
        }

        for key, metadataSource := range p.AppealConfig.MetadataSources {
                if policyAppealConfigProto.MetadataSources == nil {
                        policyAppealConfigProto.MetadataSources = make(map[string]*guardianv1beta1.PolicyAppealConfig_MetadataSource)
                }
                policyAppealConfigProto.MetadataSources[key] = &guardianv1beta1.PolicyAppealConfig_MetadataSource{
                        Name:        metadataSource.Name,
                        Description: metadataSource.Description,
                        Type:        metadataSource.Type,
                }

                if metadataSource.Config != nil {
                        cfg, err := structpb.NewValue(metadataSource.Config)
                        if err != nil {
                                return nil, err
                        }
                        policyAppealConfigProto.MetadataSources[key].Config = cfg
                }
                if metadataSource.Value != nil {
                        value, err := structpb.NewValue(metadataSource.Value)
                        if err != nil {
                                return nil, err
                        }
                        policyAppealConfigProto.MetadataSources[key].Value = value
                }
        }

        return policyAppealConfigProto, nil
}

func (a *adapter) FromResourceProto(r *guardianv1beta1.Resource) *domain.Resource {
        resource := &domain.Resource{
                ID:           r.GetId(),
                ProviderType: r.GetProviderType(),
                ProviderURN:  r.GetProviderUrn(),
                Type:         r.GetType(),
                URN:          r.GetUrn(),
                Name:         r.GetName(),
                Labels:       r.GetLabels(),
                IsDeleted:    r.GetIsDeleted(),
        }

        if r.GetParentId() != "" {
                id := r.GetParentId()
                resource.ParentID = &id
        }

        if r.GetChildren() != nil {
                for _, c := range r.GetChildren() {
                        resource.Children = append(resource.Children, a.FromResourceProto(c))
                }
        }

        if r.GetDetails() != nil {
                resource.Details = r.GetDetails().AsMap()
        }

        if r.GetCreatedAt() != nil {
                resource.CreatedAt = r.GetCreatedAt().AsTime()
        }
        if r.GetUpdatedAt() != nil {
                resource.UpdatedAt = r.GetUpdatedAt().AsTime()
        }

        return resource
}

func (a *adapter) ToResourceProto(r *domain.Resource) (*guardianv1beta1.Resource, error) {
        resourceProto := &guardianv1beta1.Resource{
                Id:           r.ID,
                ProviderType: r.ProviderType,
                ProviderUrn:  r.ProviderURN,
                Type:         r.Type,
                Urn:          r.URN,
                Name:         r.Name,
                Labels:       r.Labels,
                IsDeleted:    r.IsDeleted,
        }

        if r.ParentID != nil {
                resourceProto.ParentId = *r.ParentID
        }

        if r.GlobalURN != "" {
                resourceProto.GlobalUrn = r.GlobalURN
        }

        if r.Children != nil {
                for _, c := range r.Children {
                        childProto, err := a.ToResourceProto(c)
                        if err != nil {
                                return nil, fmt.Errorf("failed to convert child resource to proto %q: %w", c.ID, err)
                        }
                        resourceProto.Children = append(resourceProto.Children, childProto)
                }
        }

        if r.Details != nil {
                details, err := structpb.NewStruct(r.Details)
                if err != nil {
                        return nil, err
                }
                resourceProto.Details = details
        }

        if !r.CreatedAt.IsZero() {
                resourceProto.CreatedAt = timestamppb.New(r.CreatedAt)
        }
        if !r.UpdatedAt.IsZero() {
                resourceProto.UpdatedAt = timestamppb.New(r.UpdatedAt)
        }

        return resourceProto, nil
}

func (a *adapter) ToAppealProto(appeal *domain.Appeal) (*guardianv1beta1.Appeal, error) {
        appealProto := &guardianv1beta1.Appeal{
                Id:            appeal.ID,
                ResourceId:    appeal.ResourceID,
                PolicyId:      appeal.PolicyID,
                PolicyVersion: uint32(appeal.PolicyVersion),
                Status:        appeal.Status,
                AccountId:     appeal.AccountID,
                AccountType:   appeal.AccountType,
                GroupId:       appeal.GroupID,
                GroupType:     appeal.GroupType,
                CreatedBy:     appeal.CreatedBy,
                Role:          appeal.Role,
                Permissions:   appeal.Permissions,
                Options:       a.toAppealOptionsProto(appeal.Options),
                Labels:        appeal.Labels,
                Description:   appeal.Description,
                Revision:      uint32(appeal.Revision),
        }

        if appeal.Resource != nil {
                r, err := a.ToResourceProto(appeal.Resource)
                if err != nil {
                        return nil, err
                }
                appealProto.Resource = r
        }

        if appeal.Creator != nil {
                creator, err := structpb.NewValue(appeal.Creator)
                if err != nil {
                        return nil, err
                }
                appealProto.Creator = creator
        }

        if appeal.Approvals != nil {
                approvals := []*guardianv1beta1.Approval{}
                for _, approval := range appeal.Approvals {
                        approvalProto, err := a.ToApprovalProto(approval)
                        if err != nil {
                                return nil, err
                        }

                        approvals = append(approvals, approvalProto)
                }
                appealProto.Approvals = approvals
        }

        if appeal.Details != nil {
                details, err := structpb.NewStruct(appeal.Details)
                if err != nil {
                        return nil, err
                }
                appealProto.Details = details
        }

        if !appeal.CreatedAt.IsZero() {
                appealProto.CreatedAt = timestamppb.New(appeal.CreatedAt)
        }
        if !appeal.UpdatedAt.IsZero() {
                appealProto.UpdatedAt = timestamppb.New(appeal.UpdatedAt)
        }

        grantProto, err := a.ToGrantProto(appeal.Grant)
        if err != nil {
                return nil, fmt.Errorf("parsing grant: %w", err)
        }
        appealProto.Grant = grantProto

        return appealProto, nil
}

func (a *adapter) FromCreateAppealProto(ca *guardianv1beta1.CreateAppealRequest, authenticatedUser string) ([]*domain.Appeal, error) {
        var appeals []*domain.Appeal

        for _, r := range ca.GetResources() {
                appeal := &domain.Appeal{
                        AccountID:   ca.GetAccountId(),
                        AccountType: ca.GetAccountType(),
                        GroupID:     r.GetGroupId(),
                        GroupType:   r.GetGroupType(),
                        CreatedBy:   authenticatedUser,
                        ResourceID:  r.GetId(),
                        Role:        r.GetRole(),
                        Description: ca.GetDescription(),
                }

                if r.GetOptions() != nil {
                        var options *domain.AppealOptions
                        if err := mapstructure.Decode(r.GetOptions().AsMap(), &options); err != nil {
                                return nil, err
                        }
                        appeal.Options = options
                }

                if r.GetDetails() != nil {
                        appeal.Details = r.GetDetails().AsMap()
                }

                appeals = append(appeals, appeal)
        }

        return appeals, nil
}

func (a *adapter) FromPatchAppealProto(ua *guardianv1beta1.PatchAppealRequest, authenticatedUser string) (*domain.Appeal, error) {
        appeal := &domain.Appeal{
                ID:          ua.GetId(),
                AccountID:   ua.GetAccountId(),
                AccountType: ua.GetAccountType(),
                CreatedBy:   authenticatedUser,
                ResourceID:  ua.GetResourceId(),
                Role:        ua.GetRole(),
                Description: ua.GetDescription(),
        }

        if ua.GetOptions() != nil {
                var options *domain.AppealOptions
                if err := mapstructure.Decode(ua.GetOptions().AsMap(), &options); err != nil {
                        return nil, err
                }
                appeal.Options = options
        }

        if ua.GetDetails() != nil {
                appeal.Details = ua.GetDetails().AsMap()
        }

        return appeal, nil
}

func (a *adapter) ToApprovalProto(approval *domain.Approval) (*guardianv1beta1.Approval, error) {
        approvalProto := &guardianv1beta1.Approval{
                Id:             approval.ID,
                Name:           approval.Name,
                AppealId:       approval.AppealID,
                Status:         approval.Status,
                Reason:         approval.Reason,
                PolicyId:       approval.PolicyID,
                PolicyVersion:  uint32(approval.PolicyVersion),
                Approvers:      approval.Approvers,
                CreatedAt:      timestamppb.New(approval.CreatedAt),
                UpdatedAt:      timestamppb.New(approval.UpdatedAt),
                IsStale:        approval.IsStale,
                AppealRevision: uint32(approval.AppealRevision),
        }

        if approval.Appeal != nil {
                appeal, err := a.ToAppealProto(approval.Appeal)
                if err != nil {
                        return nil, err
                }
                approvalProto.Appeal = appeal
        }

        if approval.Actor != nil {
                approvalProto.Actor = *approval.Actor
        }

        if !approval.CreatedAt.IsZero() {
                approvalProto.CreatedAt = timestamppb.New(approval.CreatedAt)
        }
        if !approval.UpdatedAt.IsZero() {
                approvalProto.UpdatedAt = timestamppb.New(approval.UpdatedAt)
        }

        return approvalProto, nil
}

func (a *adapter) FromGrantProto(g *guardianv1beta1.Grant) *domain.Grant {
        if g == nil {
                return nil
        }

        grant := &domain.Grant{
                ID:                   g.GetId(),
                Status:               domain.GrantStatus(g.GetStatus()),
                StatusInProvider:     domain.GrantStatus(g.GetStatusInProvider()),
                AccountID:            g.GetAccountId(),
                AccountType:          g.GetAccountType(),
                GroupID:              g.GetGroupId(),
                GroupType:            g.GetGroupType(),
                ResourceID:           g.GetResourceId(),
                Role:                 g.GetRole(),
                Permissions:          g.GetPermissions(),
                AppealID:             g.GetAppealId(),
                Source:               domain.GrantSource(g.Source),
                RevokedBy:            g.GetRevokedBy(),
                RevokeReason:         g.GetRevokeReason(),
                CreatedBy:            g.GetCreatedBy(),
                Owner:                g.GetOwner(),
                Resource:             a.FromResourceProto(g.GetResource()),
                ExpirationDateReason: g.GetExpirationDateReason(),
                RestoreReason:        g.GetRestoreReason(),
                RestoredBy:           g.GetRestoredBy(),
        }

        if g.GetExpirationDate() != nil {
                t := g.GetExpirationDate().AsTime()
                grant.ExpirationDate = &t
        }
        if g.GetRevokedAt() != nil {
                t := g.GetRevokedAt().AsTime()
                grant.RevokedAt = &t
        }
        if g.GetCreatedAt() != nil {
                grant.CreatedAt = g.GetCreatedAt().AsTime()
        }
        if g.GetUpdatedAt() != nil {
                grant.UpdatedAt = g.GetUpdatedAt().AsTime()
        }
        if g.GetRestoredAt() != nil {
                t := g.GetRestoredAt().AsTime()
                grant.RestoredAt = &t
        }

        return grant
}

func (a *adapter) ToGrantProto(grant *domain.Grant) (*guardianv1beta1.Grant, error) {
        if grant == nil {
                return nil, nil
        }

        grantProto := &guardianv1beta1.Grant{
                Id:                   grant.ID,
                Status:               string(grant.Status),
                StatusInProvider:     string(grant.StatusInProvider),
                AccountId:            grant.AccountID,
                AccountType:          grant.AccountType,
                GroupId:              grant.GroupID,
                GroupType:            grant.GroupType,
                ResourceId:           grant.ResourceID,
                Role:                 grant.Role,
                Permissions:          grant.Permissions,
                IsPermanent:          grant.IsPermanent,
                AppealId:             grant.AppealID,
                Source:               string(grant.Source),
                RevokedBy:            grant.RevokedBy,
                RevokeReason:         grant.RevokeReason,
                CreatedBy:            grant.CreatedBy,
                Owner:                grant.Owner,
                ExpirationDateReason: grant.ExpirationDateReason,
                RestoreReason:        grant.RestoreReason,
                RestoredBy:           grant.RestoredBy,
        }

        if grant.ExpirationDate != nil {
                grantProto.ExpirationDate = timestamppb.New(*grant.ExpirationDate)
        }
        if grant.RevokedAt != nil {
                grantProto.RevokedAt = timestamppb.New(*grant.RevokedAt)
        }
        if !grant.CreatedAt.IsZero() {
                grantProto.CreatedAt = timestamppb.New(grant.CreatedAt)
        }
        if !grant.UpdatedAt.IsZero() {
                grantProto.UpdatedAt = timestamppb.New(grant.UpdatedAt)
        }
        if grant.Resource != nil {
                resourceProto, err := a.ToResourceProto(grant.Resource)
                if err != nil {
                        return nil, fmt.Errorf("parsing resource: %w", err)
                }
                grantProto.Resource = resourceProto
        }
        if grant.Appeal != nil {
                appealProto, err := a.ToAppealProto(grant.Appeal)
                if err != nil {
                        return nil, fmt.Errorf("parsing appeal: %w", err)
                }
                grantProto.Appeal = appealProto
        }
        if grant.RestoredAt != nil {
                grantProto.RestoredAt = timestamppb.New(*grant.RestoredAt)
        }

        return grantProto, nil
}

func (a *adapter) FromUpdateGrantRequestProto(grantUpdate *guardianv1beta1.UpdateGrantRequest) *domain.GrantUpdate {
        if grantUpdate == nil {
                return nil
        }

        gu := &domain.GrantUpdate{
                ID:                   grantUpdate.GetId(),
                ExpirationDateReason: grantUpdate.ExpirationDateReason,
        }
        if grantUpdate.GetOwner() != "" {
                gu.Owner = &grantUpdate.Owner
        }

        if grantUpdate.ExpirationDate != nil {
                expDate := grantUpdate.GetExpirationDate().AsTime()
                gu.ExpirationDate = &expDate
        }

        return gu
}

func (a *adapter) ToActivityProto(activity *domain.Activity) (*guardianv1beta1.ProviderActivity, error) {
        if activity == nil {
                return nil, nil
        }

        activityProto := &guardianv1beta1.ProviderActivity{
                Id:                 activity.ID,
                ProviderId:         activity.ProviderID,
                ResourceId:         activity.ResourceID,
                ProviderActivityId: activity.ProviderActivityID,
                AccountType:        activity.AccountType,
                AccountId:          activity.AccountID,
                Authorizations:     activity.Authorizations,
                RelatedPermissions: activity.RelatedPermissions,
                Type:               activity.Type,
        }

        if !activity.Timestamp.IsZero() {
                activityProto.Timestamp = timestamppb.New(activity.Timestamp)
        }

        if activity.Metadata != nil {
                metadataStruct, err := structpb.NewStruct(activity.Metadata)
                if err != nil {
                        return nil, fmt.Errorf("parsing metadata: %w", err)
                }
                activityProto.Metadata = metadataStruct
        }

        if !activity.CreatedAt.IsZero() {
                activityProto.CreatedAt = timestamppb.New(activity.CreatedAt)
        }

        if activity.Provider != nil {
                providerProto, err := a.ToProviderProto(activity.Provider)
                if err != nil {
                        return nil, fmt.Errorf("parsing provider: %w", err)
                }
                activityProto.Provider = providerProto
        }

        if activity.Resource != nil {
                resourceProto, err := a.ToResourceProto(activity.Resource)
                if err != nil {
                        return nil, fmt.Errorf("parsing resource: %w", err)
                }
                activityProto.Resource = resourceProto
        }

        return activityProto, nil
}

func (a *adapter) ToCommentProto(c *domain.Comment) *guardianv1beta1.AppealComment {
        if c == nil {
                return nil
        }

        commentProto := &guardianv1beta1.AppealComment{
                Id:        c.ID,
                AppealId:  c.ParentID,
                CreatedBy: c.CreatedBy,
                Body:      c.Body,
        }

        if !c.CreatedAt.IsZero() {
                commentProto.CreatedAt = timestamppb.New(c.CreatedAt)
        }
        if !c.UpdatedAt.IsZero() {
                commentProto.UpdatedAt = timestamppb.New(c.UpdatedAt)
        }

        return commentProto
}

func (a *adapter) fromConditionProto(c *guardianv1beta1.Condition) *domain.Condition {
        if c == nil {
                return nil
        }

        var match *domain.MatchCondition
        if c.GetMatch() != nil {
                match = &domain.MatchCondition{
                        Eq: c.GetMatch().GetEq(),
                }
        }

        return &domain.Condition{
                Field: c.GetField(),
                Match: match,
        }
}

func (a *adapter) ToAppealActivityProto(e *domain.Event) (*guardianv1beta1.AppealActivity, error) {
        if e == nil {
                return nil, nil
        }

        activityProto := &guardianv1beta1.AppealActivity{
                AppealId:  e.ParentID,
                Timestamp: timestamppb.New(e.Timestamp),
                Type:      e.Type,
                Actor:     e.Actor,
        }

        if e.Data != nil {
                data, err := structpb.NewStruct(e.Data)
                if err != nil {
                        return nil, err
                }
                activityProto.Data = data
        }
        return activityProto, nil
}

func (a *adapter) ToSummaryProto(s *domain.SummaryResult) (*guardianv1beta1.SummaryResult, error) {
        if s == nil {
                return nil, nil
        }

        var appliedParameters *guardianv1beta1.SummaryParameters
        if s.AppliedParameters != nil {
                filters, err := toProtoMap(s.AppliedParameters.Filters)
                if err != nil {
                        return nil, fmt.Errorf("parsing filters: %w", err)
                }

                appliedParameters = &guardianv1beta1.SummaryParameters{
                        GroupBys: s.AppliedParameters.GroupBys,
                        Filters:  filters,
                }
        }

        summaryProto := &guardianv1beta1.SummaryResult{
                AppliedParameters: appliedParameters,
                Groups:            make([]*guardianv1beta1.SummaryResult_Group, len(s.SummaryGroups)),
                Count:             s.Count,
        }

        for i, group := range s.SummaryGroups {
                groupFields, err := toProtoMap(group.GroupFields)
                if err != nil {
                        return nil, fmt.Errorf("parsing group fields: %w", err)
                }

                summaryProto.Groups[i] = &guardianv1beta1.SummaryResult_Group{
                        GroupFields: groupFields,
                        Count:       group.Count,
                }
        }

        return summaryProto, nil
}

func (a *adapter) toConditionProto(c *domain.Condition) (*guardianv1beta1.Condition, error) {
        if c == nil {
                return nil, nil
        }

        var match *guardianv1beta1.Condition_MatchCondition
        if c.Match != nil {
                eq, err := structpb.NewValue(c.Match.Eq)
                if err != nil {
                        return nil, err
                }

                match = &guardianv1beta1.Condition_MatchCondition{
                        Eq: eq,
                }
        }

        return &guardianv1beta1.Condition{
                Field: c.Field,
                Match: match,
        }, nil
}

func (a *adapter) fromAppealOptionsProto(o *guardianv1beta1.AppealOptions) *domain.AppealOptions {
        if o == nil {
                return nil
        }

        options := &domain.AppealOptions{
                Duration: o.GetDuration(),
        }

        if o.GetExpirationDate() != nil {
                expDate := o.GetExpirationDate().AsTime()
                options.ExpirationDate = &expDate
        }

        return options
}

func (a *adapter) toAppealOptionsProto(o *domain.AppealOptions) *guardianv1beta1.AppealOptions {
        if o == nil {
                return nil
        }

        optionsProto := &guardianv1beta1.AppealOptions{
                Duration: o.Duration,
        }

        if o.ExpirationDate != nil {
                optionsProto.ExpirationDate = timestamppb.New(*o.ExpirationDate)
        }

        return optionsProto
}

func (a *adapter) fromPolicyConfigProto(c *guardianv1beta1.PolicyConfig) *domain.PolicyConfig {
        if c == nil {
                return nil
        }

        return &domain.PolicyConfig{
                ID:      c.GetId(),
                Version: int(c.GetVersion()),
        }
}

func (a *adapter) toPolicyConfigProto(c *domain.PolicyConfig) *guardianv1beta1.PolicyConfig {
        if c == nil {
                return nil
        }

        return &guardianv1beta1.PolicyConfig{
                Id:      c.ID,
                Version: int32(c.Version),
        }
}

func toGoMap(in map[string]*structpb.Value) map[string]any {
        out := make(map[string]any, len(in))
        for k, v := range in {
                out[k] = v.AsInterface()
        }
        return out
}

func toProtoMap(in map[string]any) (map[string]*structpb.Value, error) {
        out := make(map[string]*structpb.Value, len(in))
        for k, v := range in {
                val, err := structpb.NewValue(v)
                if err != nil {
                        return nil, err
                }
                out[k] = val
        }
        return out, nil
}

goto / guardian / 17816287169

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous