goto / guardian / 18086206500

func NewAdapter() *adapter {

        return &adapter{}

}

func (a *adapter) FromProviderConfigProto(pc *guardianv1beta1.ProviderConfig) *domain.ProviderConfig {

        providerConfig := &domain.ProviderConfig{

                Type:        pc.GetType(),

                URN:         pc.GetUrn(),

                Labels:      pc.GetLabels(),

                Credentials: pc.GetCredentials().AsInterface(),

        }

        if pc.GetAppeal() != nil {

                appealConfig := &domain.AppealConfig{}

                appealConfig.AllowPermanentAccess = pc.GetAppeal().GetAllowPermanentAccess()

                appealConfig.AllowActiveAccessExtensionIn = pc.GetAppeal().GetAllowActiveAccessExtensionIn()

                providerConfig.Appeal = appealConfig

        }

        if pc.GetResources() != nil {

                resources := []*domain.ResourceConfig{}

                for _, r := range pc.GetResources() {

                        roles := []*domain.Role{}

                        for _, roleProto := range r.GetRoles() {

                                role := &domain.Role{

                                        ID:          roleProto.GetId(),

                                        Name:        roleProto.GetName(),

                                        Description: roleProto.GetDescription(),

                                }

                                if roleProto.Permissions != nil {

                                roles = append(roles, role)

                        resources = append(resources, &domain.ResourceConfig{

                                Type:   r.GetType(),

                                Filter: r.GetFilter(),

                                Policy: a.fromPolicyConfigProto(r.GetPolicy()),

                                Roles:  roles,

                        })

                providerConfig.Resources = resources

        if pc.GetParameters() != nil {

                parameters := []*domain.ProviderParameter{}

                for _, p := range pc.GetParameters() {

                        parameters = append(parameters, &domain.ProviderParameter{

                                Key:         p.GetKey(),

                                Label:       p.GetLabel(),

                                Required:    p.GetRequired(),

                                Description: p.GetDescription(),

                        })

                }

                providerConfig.Parameters = parameters

        if pc.GetAllowedAccountTypes() != nil {

                providerConfig.AllowedAccountTypes = pc.GetAllowedAccountTypes()

        }

        if pc.GetPolicies() != nil {

                policies := []*domain.ProviderPolicy{}

                for _, p := range pc.GetPolicies() {

                        policies = append(policies, &domain.ProviderPolicy{

                                When:   p.GetWhen(),

                                Policy: p.GetPolicy(),

                        })

                }

                providerConfig.Policies = policies

        return providerConfig

func (a *adapter) ToProviderProto(p *domain.Provider) (*guardianv1beta1.Provider, error) {

        providerProto := &guardianv1beta1.Provider{

                Id:   p.ID,

                Type: p.Type,

                Urn:  p.URN,

        }

        if p.Config != nil {

                config, err := a.ToProviderConfigProto(p.Config)

                if err != nil {

                        return nil, err

                }

                providerProto.Config = config

        if !p.CreatedAt.IsZero() {

                providerProto.CreatedAt = timestamppb.New(p.CreatedAt)

        }

        if !p.UpdatedAt.IsZero() {

                providerProto.UpdatedAt = timestamppb.New(p.UpdatedAt)

        }

        return providerProto, nil

func (a *adapter) ToProviderConfigProto(pc *domain.ProviderConfig) (*guardianv1beta1.ProviderConfig, error) {

        providerConfigProto := &guardianv1beta1.ProviderConfig{

                Type:   pc.Type,

                Urn:    pc.URN,

                Labels: pc.Labels,

        }

        if pc.Credentials != nil {

                credentials, err := structpb.NewValue(pc.Credentials)

                if err != nil {

                        return nil, err

                }

        if pc.Appeal != nil {

                providerConfigProto.Appeal = &guardianv1beta1.ProviderConfig_AppealConfig{

                        AllowPermanentAccess:         pc.Appeal.AllowPermanentAccess,

                        AllowActiveAccessExtensionIn: pc.Appeal.AllowActiveAccessExtensionIn,

                }

        }

        if pc.Resources != nil {

                resources := []*guardianv1beta1.ProviderConfig_ResourceConfig{}

                for _, rc := range pc.Resources {

                        roles := []*guardianv1beta1.Role{}

                        for _, role := range rc.Roles {

                                roleProto, err := a.ToRole(role)

                                if err != nil {

                                        return nil, err

                                }

                                roles = append(roles, roleProto)

                        resources = append(resources, &guardianv1beta1.ProviderConfig_ResourceConfig{

                                Type:   rc.Type,

                                Policy: a.toPolicyConfigProto(rc.Policy),

                                Roles:  roles,

                        })

                providerConfigProto.Resources = resources

        if pc.Parameters != nil {

                parameters := []*guardianv1beta1.ProviderConfig_ProviderParameter{}

                for _, p := range pc.Parameters {

                        parameters = append(parameters, &guardianv1beta1.ProviderConfig_ProviderParameter{

                                Key:         p.Key,

                                Label:       p.Label,

                                Required:    p.Required,

                                Description: p.Description,

                        })

                }

                providerConfigProto.Parameters = parameters

        if pc.AllowedAccountTypes != nil {

                providerConfigProto.AllowedAccountTypes = pc.AllowedAccountTypes

        }

        if pc.Policies != nil {

                policies := []*guardianv1beta1.ProviderPolicy{}

                for _, p := range pc.Policies {

                        policies = append(policies, &guardianv1beta1.ProviderPolicy{

                                Policy: p.Policy,

                                When:   p.When,

                        })

                }

                providerConfigProto.Policies = policies

        return providerConfigProto, nil

func (a *adapter) ToProviderTypeProto(pt domain.ProviderType) *guardianv1beta1.ProviderType {

        return &guardianv1beta1.ProviderType{

                Name:          pt.Name,

                ResourceTypes: pt.ResourceTypes,

        }

}

func (a *adapter) ToRole(role *domain.Role) (*guardianv1beta1.Role, error) {

        roleProto := &guardianv1beta1.Role{

                Id:          role.ID,

                Name:        role.Name,

                Description: role.Description,

        }

        if role.Permissions != nil {

                permissions := []*structpb.Value{}

                for _, p := range role.Permissions {

                        permission, err := structpb.NewValue(p)

                        if err != nil {

                                return nil, err

                        }

                        permissions = append(permissions, permission)

                roleProto.Permissions = permissions

        return roleProto, nil

func (a *adapter) FromPolicyProto(p *guardianv1beta1.Policy) *domain.Policy {

        policy := &domain.Policy{

                ID:          p.GetId(),

                Version:     uint(p.GetVersion()),

                Description: p.GetDescription(),

                Labels:      p.GetLabels(),

        }

        if p.GetSteps() != nil {

                var steps []*domain.Step

                for _, s := range p.GetSteps() {

                        steps = append(steps, &domain.Step{

                                Name:                  s.GetName(),

                                Description:           s.GetDescription(),

                                When:                  s.GetWhen(),

                                Strategy:              domain.ApprovalStepStrategy(s.GetStrategy()),

                                RejectionReason:       s.GetRejectionReason(),

                                ApproveIf:             s.GetApproveIf(),

                                AllowFailed:           s.GetAllowFailed(),

                                Approvers:             s.GetApprovers(),

                                DontAllowSelfApproval: s.GetDontAllowSelfApproval(),

                        })

                }

                policy.Steps = steps

        if cs := p.GetCustomSteps(); cs != nil {

        if p.GetRequirements() != nil {

                var requirements []*domain.Requirement

                for _, r := range p.GetRequirements() {

                        var on *domain.RequirementTrigger

                        if r.GetOn() != nil {

                                var conditions []*domain.Condition

                                if r.GetOn().GetConditions() != nil {

                                on = &domain.RequirementTrigger{

                                        ProviderType: r.GetOn().GetProviderType(),

                                        ProviderURN:  r.GetOn().GetProviderUrn(),

                                        ResourceType: r.GetOn().GetResourceType(),

                                        ResourceURN:  r.GetOn().GetResourceUrn(),

                                        Role:         r.GetOn().GetRole(),

                                        Conditions:   conditions,

                                        Expression:   r.GetOn().GetExpression(),

                                }

                        var additionalAppeals []*domain.AdditionalAppeal

                        if r.GetAppeals() != nil {

                                for _, aa := range r.GetAppeals() {

                                        var resource *domain.ResourceIdentifier

                                        if aa.GetResource() != nil {

                                                resource = &domain.ResourceIdentifier{

                                                        ProviderType: aa.GetResource().GetProviderType(),

                                                        ProviderURN:  aa.GetResource().GetProviderUrn(),

                                                        Type:         aa.GetResource().GetType(),

                                                        URN:          aa.GetResource().GetUrn(),

                                                        ID:           aa.GetResource().GetId(),

                                                }

                                        }

                                        additionalAppeals = append(additionalAppeals, &domain.AdditionalAppeal{

                                                Resource:    resource,

                                                Role:        aa.GetRole(),

                                                Options:     a.fromAppealOptionsProto(aa.GetOptions()),

                                                Policy:      a.fromPolicyConfigProto(aa.GetPolicy()),

                                                AccountType: aa.GetAccountType(),

                                        })

                        requirements = append(requirements, &domain.Requirement{

                                On:      on,

                                Appeals: additionalAppeals,

                        })

                        policy.Requirements = requirements

        if p.GetIam() != nil {

                policy.IAM = &domain.IAMConfig{

                        Provider: domain.IAMProviderType(p.GetIam().GetProvider()),

                        Config:   p.GetIam().GetConfig().AsInterface(),

                        Schema:   p.GetIam().GetSchema(),

                }

        }

        if p.GetAppeal() != nil {

                var durationOptions []domain.AppealDurationOption

                var questions []domain.Question

                var metadataSources map[string]*domain.AppealMetadataSource

                for _, d := range p.GetAppeal().GetDurationOptions() {

                        option := domain.AppealDurationOption{

                                Name:  d.GetName(),

                                Value: d.GetValue(),

                        }

                        durationOptions = append(durationOptions, option)

                }

                for _, q := range p.GetAppeal().GetQuestions() {

                        question := domain.Question{

                                Key:         q.GetKey(),

                                Question:    q.GetQuestion(),

                                Required:    q.GetRequired(),

                                Description: q.GetDescription(),

                        }

                        questions = append(questions, question)

                }

                if mds := p.GetAppeal().GetMetadataSources(); mds != nil {

                        metadataSources = make(map[string]*domain.AppealMetadataSource)

                        for key, metadataCfg := range mds {

                                metadataSources[key] = &domain.AppealMetadataSource{

                                        Name:        metadataCfg.GetName(),

                                        Description: metadataCfg.GetDescription(),

                                        Type:        metadataCfg.GetType(),

                                        Config:      metadataCfg.GetConfig().AsInterface(),

                                        Value:       metadataCfg.GetValue().AsInterface(),

                                }

                        }

                policy.AppealConfig = &domain.PolicyAppealConfig{

                        DurationOptions:              durationOptions,

                        AllowOnBehalf:                p.GetAppeal().GetAllowOnBehalf(),

                        Questions:                    questions,

                        AllowPermanentAccess:         p.GetAppeal().GetAllowPermanentAccess(),

                        AllowActiveAccessExtensionIn: p.GetAppeal().GetAllowActiveAccessExtensionIn(),

                        AllowCreatorDetailsFailure:   p.GetAppeal().GetAllowCreatorDetailsFailure(),

                        MetadataSources:              metadataSources,

                }

        if p.GetCreatedAt() != nil {

        if p.GetUpdatedAt() != nil {

        return policy

func (a *adapter) ToPolicyProto(p *domain.Policy) (*guardianv1beta1.Policy, error) {

        policyProto := &guardianv1beta1.Policy{

                Id:          p.ID,

                Version:     uint32(p.Version),

                Description: p.Description,

                Labels:      p.Labels,

        }

        if p.Steps != nil {

                var steps []*guardianv1beta1.Policy_ApprovalStep

                for _, s := range p.Steps {

                        steps = append(steps, &guardianv1beta1.Policy_ApprovalStep{

                                Name:                  s.Name,

                                Description:           s.Description,

                                When:                  s.When,

                                Strategy:              string(s.Strategy),

                                RejectionReason:       s.RejectionReason,

                                ApproveIf:             s.ApproveIf,

                                AllowFailed:           s.AllowFailed,

                                Approvers:             s.Approvers,

                                DontAllowSelfApproval: s.DontAllowSelfApproval,

                        })

                }

                policyProto.Steps = steps

        if p.Requirements != nil {

                var requirements []*guardianv1beta1.Policy_Requirement

                for _, r := range p.Requirements {

                        var on *guardianv1beta1.Policy_Requirement_RequirementTrigger

                        if r.On != nil {

                                var conditions []*guardianv1beta1.Condition

                                if r.On.Conditions != nil {

                                on = &guardianv1beta1.Policy_Requirement_RequirementTrigger{

                                        ProviderType: r.On.ProviderType,

                                        ProviderUrn:  r.On.ProviderURN,

                                        ResourceType: r.On.ResourceType,

                                        ResourceUrn:  r.On.ResourceURN,

                                        Role:         r.On.Role,

                                        Conditions:   conditions,

                                        Expression:   r.On.Expression,

                                }

                        var additionalAppeals []*guardianv1beta1.Policy_Requirement_AdditionalAppeal

                        if r.Appeals != nil {

                                for _, aa := range r.Appeals {

                                        var resource *guardianv1beta1.Policy_Requirement_AdditionalAppeal_ResourceIdentifier

                                        if aa.Resource != nil {

                                                resource = &guardianv1beta1.Policy_Requirement_AdditionalAppeal_ResourceIdentifier{

                                                        ProviderType: aa.Resource.ProviderType,

                                                        ProviderUrn:  aa.Resource.ProviderURN,

                                                        Type:         aa.Resource.Type,

                                                        Urn:          aa.Resource.URN,

                                                        Id:           aa.Resource.ID,

                                                }

                                        }

                                        additionalAppeals = append(additionalAppeals, &guardianv1beta1.Policy_Requirement_AdditionalAppeal{

                                                Resource: resource,

                                                Role:     aa.Role,

                                                Options:  a.toAppealOptionsProto(aa.Options),

                                                Policy:   a.toPolicyConfigProto(aa.Policy),

                                        })

                        requirements = append(requirements, &guardianv1beta1.Policy_Requirement{

                                On:      on,

                                Appeals: additionalAppeals,

                        })

                        policyProto.Requirements = requirements

        if p.HasIAMConfig() {

                config, err := structpb.NewValue(p.IAM.Config)

                if err != nil {

                        return nil, err

                }

                policyProto.Iam = &guardianv1beta1.Policy_IAM{

                        Provider: string(p.IAM.Provider),

                        Config:   config,

                        Schema:   p.IAM.Schema,

                }

        appealConfig, err := a.ToPolicyAppealConfigProto(p)

        if err != nil {

        policyProto.Appeal = appealConfig

        if !p.CreatedAt.IsZero() {

                policyProto.CreatedAt = timestamppb.New(p.CreatedAt)

        }

        if !p.UpdatedAt.IsZero() {

                policyProto.UpdatedAt = timestamppb.New(p.UpdatedAt)

        }

        return policyProto, nil

func (a *adapter) ToPolicyAppealConfigProto(p *domain.Policy) (*guardianv1beta1.PolicyAppealConfig, error) {

        if p.AppealConfig == nil {

                return nil, nil

        }

        policyAppealConfigProto := &guardianv1beta1.PolicyAppealConfig{}

        var durationOptions []*guardianv1beta1.PolicyAppealConfig_DurationOptions

        if p.AppealConfig.DurationOptions != nil {

                for _, d := range p.AppealConfig.DurationOptions {

                        durationOptions = append(durationOptions, &guardianv1beta1.PolicyAppealConfig_DurationOptions{

                                Name:  d.Name,

                                Value: d.Value,

                        })

                }

        policyAppealConfigProto.DurationOptions = durationOptions

        policyAppealConfigProto.AllowOnBehalf = p.AppealConfig.AllowOnBehalf

        policyAppealConfigProto.AllowPermanentAccess = p.AppealConfig.AllowPermanentAccess

        policyAppealConfigProto.AllowActiveAccessExtensionIn = p.AppealConfig.AllowActiveAccessExtensionIn

        policyAppealConfigProto.AllowCreatorDetailsFailure = p.AppealConfig.AllowCreatorDetailsFailure

        for _, q := range p.AppealConfig.Questions {

                policyAppealConfigProto.Questions = append(policyAppealConfigProto.Questions, &guardianv1beta1.PolicyAppealConfig_Question{

                        Key:         q.Key,

                        Question:    q.Question,

                        Required:    q.Required,

                        Description: q.Description,

                })

        }

        for key, metadataSource := range p.AppealConfig.MetadataSources {

                if policyAppealConfigProto.MetadataSources == nil {

                        policyAppealConfigProto.MetadataSources = make(map[string]*guardianv1beta1.PolicyAppealConfig_MetadataSource)

                }

                policyAppealConfigProto.MetadataSources[key] = &guardianv1beta1.PolicyAppealConfig_MetadataSource{

                        Name:        metadataSource.Name,

                        Description: metadataSource.Description,

                        Type:        metadataSource.Type,

                }

                if metadataSource.Config != nil {

                        cfg, err := structpb.NewValue(metadataSource.Config)

                        if err != nil {

                        policyAppealConfigProto.MetadataSources[key].Config = cfg

                if metadataSource.Value != nil {

                        value, err := structpb.NewValue(metadataSource.Value)

                        if err != nil {

                        policyAppealConfigProto.MetadataSources[key].Value = value

        return policyAppealConfigProto, nil

func (a *adapter) FromResourceProto(r *guardianv1beta1.Resource) *domain.Resource {

        resource := &domain.Resource{

                ID:           r.GetId(),

                ProviderType: r.GetProviderType(),

                ProviderURN:  r.GetProviderUrn(),

                Type:         r.GetType(),

                URN:          r.GetUrn(),

                Name:         r.GetName(),

                Labels:       r.GetLabels(),

                IsDeleted:    r.GetIsDeleted(),

                GroupID:      r.GetGroupId(),

                GroupType:    r.GetGroupType(),

        }

        if r.GetParentId() != "" {

        if r.GetChildren() != nil {

        if r.GetDetails() != nil {

        if r.GetCreatedAt() != nil {

        if r.GetUpdatedAt() != nil {

        return resource

func (a *adapter) ToResourceProto(r *domain.Resource) (*guardianv1beta1.Resource, error) {

        resourceProto := &guardianv1beta1.Resource{

                Id:           r.ID,

                ProviderType: r.ProviderType,

                ProviderUrn:  r.ProviderURN,

                Type:         r.Type,

                Urn:          r.URN,

                Name:         r.Name,

                Labels:       r.Labels,

                IsDeleted:    r.IsDeleted,

                GroupId:      r.GroupID,

                GroupType:    r.GroupType,

        }

        if r.ParentID != nil {

        if r.GlobalURN != "" {

                resourceProto.GlobalUrn = r.GlobalURN

        }

        if r.Children != nil {

        if r.Details != nil {

                details, err := structpb.NewStruct(r.Details)

                if err != nil {

                        return nil, err

                }

                resourceProto.Details = details

        if !r.CreatedAt.IsZero() {

                resourceProto.CreatedAt = timestamppb.New(r.CreatedAt)

        }

        if !r.UpdatedAt.IsZero() {

                resourceProto.UpdatedAt = timestamppb.New(r.UpdatedAt)

        }

        return resourceProto, nil

func (a *adapter) ToAppealProto(appeal *domain.Appeal) (*guardianv1beta1.Appeal, error) {

        appealProto := &guardianv1beta1.Appeal{

                Id:            appeal.ID,

                ResourceId:    appeal.ResourceID,

                PolicyId:      appeal.PolicyID,

                PolicyVersion: uint32(appeal.PolicyVersion),

                Status:        appeal.Status,

                AccountId:     appeal.AccountID,

                AccountType:   appeal.AccountType,

                GroupId:       appeal.GroupID,

                GroupType:     appeal.GroupType,

                CreatedBy:     appeal.CreatedBy,

                Role:          appeal.Role,

                Permissions:   appeal.Permissions,

                Options:       a.toAppealOptionsProto(appeal.Options),

                Labels:        appeal.Labels,

                Description:   appeal.Description,

                Revision:      uint32(appeal.Revision),

        }

        if appeal.Resource != nil {

                r, err := a.ToResourceProto(appeal.Resource)

                if err != nil {

                appealProto.Resource = r

        if appeal.Creator != nil {

                creator, err := structpb.NewValue(appeal.Creator)

                if err != nil {

                        return nil, err

                }

                appealProto.Creator = creator

        if appeal.Approvals != nil {

                approvals := []*guardianv1beta1.Approval{}

                for _, approval := range appeal.Approvals {

                        approvalProto, err := a.ToApprovalProto(approval)

                        if err != nil {

                        approvals = append(approvals, approvalProto)

                appealProto.Approvals = approvals

        if appeal.Details != nil {

                details, err := structpb.NewStruct(appeal.Details)

                if err != nil {

                appealProto.Details = details

        if !appeal.CreatedAt.IsZero() {

                appealProto.CreatedAt = timestamppb.New(appeal.CreatedAt)

        }

        if !appeal.UpdatedAt.IsZero() {

                appealProto.UpdatedAt = timestamppb.New(appeal.UpdatedAt)

        }

        grantProto, err := a.ToGrantProto(appeal.Grant)

        if err != nil {

        appealProto.Grant = grantProto

        return appealProto, nil

func (a *adapter) FromCreateAppealProto(ca *guardianv1beta1.CreateAppealRequest, authenticatedUser string) ([]*domain.Appeal, error) {

        var appeals []*domain.Appeal

        for _, r := range ca.GetResources() {

                appeal := &domain.Appeal{

                        AccountID:   ca.GetAccountId(),

                        AccountType: ca.GetAccountType(),

                        GroupID:     r.GetGroupId(),

                        GroupType:   r.GetGroupType(),

                        CreatedBy:   authenticatedUser,

                        ResourceID:  r.GetId(),

                        Role:        r.GetRole(),

                        Description: ca.GetDescription(),

                }

                if r.GetOptions() != nil {

                        var options *domain.AppealOptions

                        if err := mapstructure.Decode(r.GetOptions().AsMap(), &options); err != nil {

                        appeal.Options = options

                if r.GetDetails() != nil {

                        appeal.Details = r.GetDetails().AsMap()

                }

                appeals = append(appeals, appeal)

        return appeals, nil

func (a *adapter) FromPatchAppealProto(ua *guardianv1beta1.PatchAppealRequest, authenticatedUser string) (*domain.Appeal, error) {

        appeal := &domain.Appeal{

                ID:          ua.GetId(),

                AccountID:   ua.GetAccountId(),

                AccountType: ua.GetAccountType(),

                CreatedBy:   authenticatedUser,

                ResourceID:  ua.GetResourceId(),

                Role:        ua.GetRole(),

                Description: ua.GetDescription(),

        }

        if ua.GetOptions() != nil {

                var options *domain.AppealOptions

                if err := mapstructure.Decode(ua.GetOptions().AsMap(), &options); err != nil {

                appeal.Options = options

        if ua.GetDetails() != nil {

                appeal.Details = ua.GetDetails().AsMap()

        }

        return appeal, nil

func (a *adapter) ToApprovalProto(approval *domain.Approval) (*guardianv1beta1.Approval, error) {

        approvalProto := &guardianv1beta1.Approval{

                Id:             approval.ID,

                Name:           approval.Name,

                AppealId:       approval.AppealID,

                Status:         approval.Status,

                Reason:         approval.Reason,

                PolicyId:       approval.PolicyID,

                PolicyVersion:  uint32(approval.PolicyVersion),

                Approvers:      approval.Approvers,

                CreatedAt:      timestamppb.New(approval.CreatedAt),

                UpdatedAt:      timestamppb.New(approval.UpdatedAt),

                IsStale:        approval.IsStale,

                AppealRevision: uint32(approval.AppealRevision),

        }

        if approval.Appeal != nil {

                appeal, err := a.ToAppealProto(approval.Appeal)

                if err != nil {

                        return nil, err

                }

                approvalProto.Appeal = appeal

        if approval.Actor != nil {

                approvalProto.Actor = *approval.Actor

        }

        if !approval.CreatedAt.IsZero() {

                approvalProto.CreatedAt = timestamppb.New(approval.CreatedAt)

        }

        if !approval.UpdatedAt.IsZero() {

                approvalProto.UpdatedAt = timestamppb.New(approval.UpdatedAt)

        }

        return approvalProto, nil

func (a *adapter) ToGrantProto(grant *domain.Grant) (*guardianv1beta1.Grant, error) {

        if grant == nil {

                return nil, nil

        }

        grantProto := &guardianv1beta1.Grant{

                Id:                   grant.ID,

                Status:               string(grant.Status),

                StatusInProvider:     string(grant.StatusInProvider),

                AccountId:            grant.AccountID,

                AccountType:          grant.AccountType,

                GroupId:              grant.GroupID,

                GroupType:            grant.GroupType,

                ResourceId:           grant.ResourceID,

                Role:                 grant.Role,

                Permissions:          grant.Permissions,

                IsPermanent:          grant.IsPermanent,

                AppealId:             grant.AppealID,

                Source:               string(grant.Source),

                RevokedBy:            grant.RevokedBy,

                RevokeReason:         grant.RevokeReason,

                CreatedBy:            grant.CreatedBy,

                Owner:                grant.Owner,

                ExpirationDateReason: grant.ExpirationDateReason,

                RestoreReason:        grant.RestoreReason,

                RestoredBy:           grant.RestoredBy,

        }

        if grant.ExpirationDate != nil {

                grantProto.ExpirationDate = timestamppb.New(*grant.ExpirationDate)

        }

        if grant.RevokedAt != nil {

                grantProto.RevokedAt = timestamppb.New(*grant.RevokedAt)

        }

        if !grant.CreatedAt.IsZero() {

                grantProto.CreatedAt = timestamppb.New(grant.CreatedAt)

        }

        if !grant.UpdatedAt.IsZero() {

                grantProto.UpdatedAt = timestamppb.New(grant.UpdatedAt)

        }

        if grant.Resource != nil {

                resourceProto, err := a.ToResourceProto(grant.Resource)

                if err != nil {

                        return nil, fmt.Errorf("parsing resource: %w", err)

                }

                grantProto.Resource = resourceProto

        if grant.Appeal != nil {

                appealProto, err := a.ToAppealProto(grant.Appeal)

                if err != nil {

                grantProto.Appeal = appealProto

        if grant.RestoredAt != nil {

        return grantProto, nil

func (a *adapter) FromUpdateGrantRequestProto(grantUpdate *guardianv1beta1.UpdateGrantRequest) *domain.GrantUpdate {

        if grantUpdate == nil {

        gu := &domain.GrantUpdate{

                ID:                   grantUpdate.GetId(),

                ExpirationDateReason: grantUpdate.ExpirationDateReason,

        }

        if grantUpdate.GetOwner() != "" {

                gu.Owner = &grantUpdate.Owner