goto / guardian / 21750572062

func NewAdapter() *adapter {

        return &adapter{}

}

func (a *adapter) FromProviderConfigProto(pc *guardianv1beta1.ProviderConfig) *domain.ProviderConfig {

        providerConfig := &domain.ProviderConfig{

                Type:        pc.GetType(),

                URN:         pc.GetUrn(),

                Labels:      pc.GetLabels(),

                Credentials: pc.GetCredentials().AsInterface(),

        }

        if pc.GetAppeal() != nil {

                appealConfig := &domain.AppealConfig{}

                appealConfig.AllowPermanentAccess = pc.GetAppeal().GetAllowPermanentAccess()

                appealConfig.AllowActiveAccessExtensionIn = pc.GetAppeal().GetAllowActiveAccessExtensionIn()

                providerConfig.Appeal = appealConfig

        }

        if pc.GetResources() != nil {

                resources := []*domain.ResourceConfig{}

                for _, r := range pc.GetResources() {

                        roles := []*domain.Role{}

                        for _, roleProto := range r.GetRoles() {

                                role := &domain.Role{

                                        ID:          roleProto.GetId(),

                                        Name:        roleProto.GetName(),

                                        Description: roleProto.GetDescription(),

                                }

                                if roleProto.Permissions != nil {

                                roles = append(roles, role)

                        resources = append(resources, &domain.ResourceConfig{

                                Type:   r.GetType(),

                                Filter: r.GetFilter(),

                                Policy: a.fromPolicyConfigProto(r.GetPolicy()),

                                Roles:  roles,

                        })

                providerConfig.Resources = resources

        if pc.GetParameters() != nil {

                parameters := []*domain.ProviderParameter{}

                for _, p := range pc.GetParameters() {

                        parameters = append(parameters, &domain.ProviderParameter{

                                Key:         p.GetKey(),

                                Label:       p.GetLabel(),

                                Required:    p.GetRequired(),

                                Description: p.GetDescription(),

                        })

                }

                providerConfig.Parameters = parameters

        if pc.GetAllowedAccountTypes() != nil {

                providerConfig.AllowedAccountTypes = pc.GetAllowedAccountTypes()

        }

        if pc.GetPolicies() != nil {

                policies := []*domain.ProviderPolicy{}

                for _, p := range pc.GetPolicies() {

                        policies = append(policies, &domain.ProviderPolicy{

                                When:   p.GetWhen(),

                                Policy: p.GetPolicy(),

                        })

                }

                providerConfig.Policies = policies

        return providerConfig

func (a *adapter) ToProviderProto(p *domain.Provider) (*guardianv1beta1.Provider, error) {

        providerProto := &guardianv1beta1.Provider{

                Id:   p.ID,

                Type: p.Type,

                Urn:  p.URN,

        }

        if p.Config != nil {

                config, err := a.ToProviderConfigProto(p.Config)

                if err != nil {

                        return nil, err

                }

                providerProto.Config = config

        if !p.CreatedAt.IsZero() {

                providerProto.CreatedAt = timestamppb.New(p.CreatedAt)

        }

        if !p.UpdatedAt.IsZero() {

                providerProto.UpdatedAt = timestamppb.New(p.UpdatedAt)

        }

        return providerProto, nil

func (a *adapter) ToProviderConfigProto(pc *domain.ProviderConfig) (*guardianv1beta1.ProviderConfig, error) {

        providerConfigProto := &guardianv1beta1.ProviderConfig{

                Type:   pc.Type,

                Urn:    pc.URN,

                Labels: pc.Labels,

        }

        if pc.Credentials != nil {

                credentials, err := structpb.NewValue(pc.Credentials)

                if err != nil {

                        return nil, err

                }

        if pc.Appeal != nil {

                providerConfigProto.Appeal = &guardianv1beta1.ProviderConfig_AppealConfig{

                        AllowPermanentAccess:         pc.Appeal.AllowPermanentAccess,

                        AllowActiveAccessExtensionIn: pc.Appeal.AllowActiveAccessExtensionIn,

                }

        }

        if pc.Resources != nil {

                resources := []*guardianv1beta1.ProviderConfig_ResourceConfig{}

                for _, rc := range pc.Resources {

                        roles := []*guardianv1beta1.Role{}

                        for _, role := range rc.Roles {

                                roleProto, err := a.ToRole(role)

                                if err != nil {

                                        return nil, err

                                }

                                roles = append(roles, roleProto)

                        resources = append(resources, &guardianv1beta1.ProviderConfig_ResourceConfig{

                                Type:   rc.Type,

                                Policy: a.toPolicyConfigProto(rc.Policy),

                                Roles:  roles,

                        })

                providerConfigProto.Resources = resources

        if pc.Parameters != nil {

                parameters := []*guardianv1beta1.ProviderConfig_ProviderParameter{}

                for _, p := range pc.Parameters {

                        parameters = append(parameters, &guardianv1beta1.ProviderConfig_ProviderParameter{

                                Key:         p.Key,

                                Label:       p.Label,

                                Required:    p.Required,

                                Description: p.Description,

                        })

                }

                providerConfigProto.Parameters = parameters

        if pc.AllowedAccountTypes != nil {

                providerConfigProto.AllowedAccountTypes = pc.AllowedAccountTypes

        }

        if pc.Policies != nil {

                policies := []*guardianv1beta1.ProviderPolicy{}

                for _, p := range pc.Policies {

                        policies = append(policies, &guardianv1beta1.ProviderPolicy{

                                Policy: p.Policy,

                                When:   p.When,

                        })

                }

                providerConfigProto.Policies = policies

        return providerConfigProto, nil

func (a *adapter) ToProviderTypeProto(pt domain.ProviderType) *guardianv1beta1.ProviderType {

        return &guardianv1beta1.ProviderType{

                Name:          pt.Name,

                ResourceTypes: pt.ResourceTypes,

        }

}

func (a *adapter) ToRole(role *domain.Role) (*guardianv1beta1.Role, error) {

        roleProto := &guardianv1beta1.Role{

                Id:          role.ID,

                Name:        role.Name,

                Description: role.Description,

        }

        if role.Permissions != nil {

                permissions := []*structpb.Value{}

                for _, p := range role.Permissions {

                        permission, err := structpb.NewValue(p)

                        if err != nil {

                                return nil, err

                        }

                        permissions = append(permissions, permission)

                roleProto.Permissions = permissions

        return roleProto, nil

func (a *adapter) FromPolicyProto(p *guardianv1beta1.Policy) *domain.Policy {

        policy := &domain.Policy{

                ID:          p.GetId(),

                Version:     uint(p.GetVersion()),

                Description: p.GetDescription(),

                Labels:      p.GetLabels(),

        }

        if p.GetSteps() != nil {

                var steps []*domain.Step

                for _, s := range p.GetSteps() {

                        stepProto := &domain.Step{

                                Name:                  s.GetName(),

                                Description:           s.GetDescription(),

                                When:                  s.GetWhen(),

                                Strategy:              domain.ApprovalStepStrategy(s.GetStrategy()),

                                RejectionReason:       s.GetRejectionReason(),

                                ApproveIf:             s.GetApproveIf(),

                                AllowFailed:           s.GetAllowFailed(),

                                Approvers:             s.GetApprovers(),

                                DontAllowSelfApproval: s.GetDontAllowSelfApproval(),

                                TermsAndConditions:    s.GetTermsAndConditions(),

                        }

                        if s.Details != nil {

                        steps = append(steps, stepProto)

                policy.Steps = steps

        if cs := p.GetCustomSteps(); cs != nil {

        if p.GetRequirements() != nil {

                var requirements []*domain.Requirement

                for _, r := range p.GetRequirements() {

                        var on *domain.RequirementTrigger

                        if r.GetOn() != nil {

                                var conditions []*domain.Condition

                                if r.GetOn().GetConditions() != nil {

                                on = &domain.RequirementTrigger{

                                        ProviderType: r.GetOn().GetProviderType(),

                                        ProviderURN:  r.GetOn().GetProviderUrn(),

                                        ResourceType: r.GetOn().GetResourceType(),

                                        ResourceURN:  r.GetOn().GetResourceUrn(),

                                        Role:         r.GetOn().GetRole(),

                                        Conditions:   conditions,

                                        Expression:   r.GetOn().GetExpression(),

                                }

                        var additionalAppeals []*domain.AdditionalAppeal

                        if r.GetAppeals() != nil {

                                for _, aa := range r.GetAppeals() {

                                        var resource *domain.ResourceIdentifier

                                        if aa.GetResource() != nil {

                                                resource = &domain.ResourceIdentifier{

                                                        ProviderType: aa.GetResource().GetProviderType(),

                                                        ProviderURN:  aa.GetResource().GetProviderUrn(),

                                                        Type:         aa.GetResource().GetType(),

                                                        URN:          aa.GetResource().GetUrn(),

                                                        ID:           aa.GetResource().GetId(),

                                                }

                                        }

                                        additionalAppeals = append(additionalAppeals, &domain.AdditionalAppeal{

                                                Resource:    resource,

                                                Role:        aa.GetRole(),

                                                Options:     a.fromAppealOptionsProto(aa.GetOptions()),

                                                Policy:      a.fromPolicyConfigProto(aa.GetPolicy()),

                                                AccountType: aa.GetAccountType(),

                                        })

                        var postHooks []*domain.PostAppealHook

                        if r.GetPostHooks() != nil {

                        requirements = append(requirements, &domain.Requirement{

                                On:        on,

                                Appeals:   additionalAppeals,

                                PostHooks: postHooks,

                        })

                        policy.Requirements = requirements

        if p.GetIam() != nil {

                policy.IAM = &domain.IAMConfig{

                        Provider: domain.IAMProviderType(p.GetIam().GetProvider()),

                        Config:   p.GetIam().GetConfig().AsInterface(),

                        Schema:   p.GetIam().GetSchema(),

                }

        }

        if p.GetAppeal() != nil {

                var durationOptions []domain.AppealDurationOption

                var questions []domain.Question

                var metadataSources map[string]*domain.AppealMetadataSource

                for _, d := range p.GetAppeal().GetDurationOptions() {

                        option := domain.AppealDurationOption{

                                Name:  d.GetName(),

                                Value: d.GetValue(),

                        }

                        durationOptions = append(durationOptions, option)

                }

                for _, q := range p.GetAppeal().GetQuestions() {

                        question := domain.Question{

                                Key:         q.GetKey(),

                                Question:    q.GetQuestion(),

                                Required:    q.GetRequired(),

                                Description: q.GetDescription(),

                        }

                        questions = append(questions, question)

                }

                if mds := p.GetAppeal().GetMetadataSources(); mds != nil {

                        metadataSources = make(map[string]*domain.AppealMetadataSource)

                        for key, metadataCfg := range mds {

                                metadataSources[key] = &domain.AppealMetadataSource{

                                        Name:        metadataCfg.GetName(),

                                        Description: metadataCfg.GetDescription(),

                                        Type:        metadataCfg.GetType(),

                                        Config:      metadataCfg.GetConfig().AsInterface(),

                                        Value:       metadataCfg.GetValue().AsInterface(),

                                }

                        }

                var labelingRules []domain.LabelingRule

                if lrs := p.GetAppeal().GetLabelingRules(); lrs != nil {

                        for _, lr := range lrs {

                                rule := domain.LabelingRule{

                                        RuleName:     lr.GetRuleName(),

                                        Description:  lr.GetDescription(),

                                        When:         lr.GetWhen(),

                                        Labels:       lr.GetLabels(),

                                        Priority:     int(lr.GetPriority()),

                                        AllowFailure: lr.GetAllowFailure(),

                                }

                                if lm := lr.GetLabelMetadata(); lm != nil {

                                        rule.LabelMetadata = make(map[string]*domain.LabelMetadataConfig)

                                        for key, metadata := range lm {

                                                rule.LabelMetadata[key] = &domain.LabelMetadataConfig{

                                                        Category:   metadata.GetCategory(),

                                                        Attributes: metadata.GetAttributes().AsMap(),

                                                }

                                        }

                                labelingRules = append(labelingRules, rule)

                var userLabelConfig *domain.UserLabelConfig

                if mlc := p.GetAppeal().GetUserLabelConfig(); mlc != nil {

                        userLabelConfig = &domain.UserLabelConfig{

                                AllowUserLabels: mlc.GetAllowUserLabels(),

                                AllowedKeys:     mlc.GetAllowedKeys(),

                                RequiredKeys:    mlc.GetRequiredKeys(),

                                MaxLabels:       int(mlc.GetMaxLabels()),

                                KeyPattern:      mlc.GetKeyPattern(),

                                ValuePattern:    mlc.GetValuePattern(),

                                AllowOverride:   mlc.GetAllowOverride(),

                        }

                }

                policy.AppealConfig = &domain.PolicyAppealConfig{

                        DurationOptions:              durationOptions,

                        AllowOnBehalf:                p.GetAppeal().GetAllowOnBehalf(),

                        Questions:                    questions,

                        AllowPermanentAccess:         p.GetAppeal().GetAllowPermanentAccess(),

                        AllowActiveAccessExtensionIn: p.GetAppeal().GetAllowActiveAccessExtensionIn(),

                        AllowCreatorDetailsFailure:   p.GetAppeal().GetAllowCreatorDetailsFailure(),

                        MetadataSources:              metadataSources,

                        TermsAndConditions:           p.GetAppeal().GetTermsAndConditions(),

                        LabelingRules:                labelingRules,

                        UserLabelConfig:              userLabelConfig,

                }

        if p.GetCreatedAt() != nil {

        if p.GetUpdatedAt() != nil {

        return policy

func (a *adapter) ToPolicyProto(p *domain.Policy) (*guardianv1beta1.Policy, error) {

        policyProto := &guardianv1beta1.Policy{

                Id:          p.ID,

                Version:     uint32(p.Version),

                Description: p.Description,

                Labels:      p.Labels,

        }

        if p.Steps != nil {

                var steps []*guardianv1beta1.Policy_ApprovalStep

                for _, s := range p.Steps {

                        approvalStepProto := &guardianv1beta1.Policy_ApprovalStep{

                                Name:                  s.Name,

                                Description:           s.Description,

                                When:                  s.When,

                                Strategy:              string(s.Strategy),

                                RejectionReason:       s.RejectionReason,

                                ApproveIf:             s.ApproveIf,

                                AllowFailed:           s.AllowFailed,

                                Approvers:             s.Approvers,

                                DontAllowSelfApproval: s.DontAllowSelfApproval,

                                TermsAndConditions:    s.TermsAndConditions,

                        }

                        if s.Details != nil {

                        steps = append(steps, approvalStepProto)

                policyProto.Steps = steps

        if p.Requirements != nil {

                var requirements []*guardianv1beta1.Policy_Requirement

                for _, r := range p.Requirements {

                        var on *guardianv1beta1.Policy_Requirement_RequirementTrigger

                        if r.On != nil {

                                var conditions []*guardianv1beta1.Condition

                                if r.On.Conditions != nil {

                                on = &guardianv1beta1.Policy_Requirement_RequirementTrigger{

                                        ProviderType: r.On.ProviderType,

                                        ProviderUrn:  r.On.ProviderURN,

                                        ResourceType: r.On.ResourceType,

                                        ResourceUrn:  r.On.ResourceURN,

                                        Role:         r.On.Role,

                                        Conditions:   conditions,

                                        Expression:   r.On.Expression,

                                }

                        var additionalAppeals []*guardianv1beta1.Policy_Requirement_AdditionalAppeal

                        if r.Appeals != nil {

                                for _, aa := range r.Appeals {

                                        var resource *guardianv1beta1.Policy_Requirement_AdditionalAppeal_ResourceIdentifier

                                        if aa.Resource != nil {

                                                resource = &guardianv1beta1.Policy_Requirement_AdditionalAppeal_ResourceIdentifier{

                                                        ProviderType: aa.Resource.ProviderType,

                                                        ProviderUrn:  aa.Resource.ProviderURN,

                                                        Type:         aa.Resource.Type,

                                                        Urn:          aa.Resource.URN,

                                                        Id:           aa.Resource.ID,

                                                }

                                        }

                                        additionalAppeals = append(additionalAppeals, &guardianv1beta1.Policy_Requirement_AdditionalAppeal{

                                                Resource: resource,

                                                Role:     aa.Role,

                                                Options:  a.toAppealOptionsProto(aa.Options),

                                                Policy:   a.toPolicyConfigProto(aa.Policy),

                                        })

                        var postHooks []*guardianv1beta1.Policy_Requirement_PostAppealHook

                        if r.PostHooks != nil {

                        requirements = append(requirements, &guardianv1beta1.Policy_Requirement{

                                On:        on,

                                Appeals:   additionalAppeals,

                                PostHooks: postHooks,

                        })

                        policyProto.Requirements = requirements

        if p.HasIAMConfig() {

                config, err := structpb.NewValue(p.IAM.Config)

                if err != nil {

                        return nil, err

                }

                policyProto.Iam = &guardianv1beta1.Policy_IAM{

                        Provider: string(p.IAM.Provider),

                        Config:   config,

                        Schema:   p.IAM.Schema,

                }

        appealConfig, err := a.ToPolicyAppealConfigProto(p)

        if err != nil {

        policyProto.Appeal = appealConfig

        if !p.CreatedAt.IsZero() {

                policyProto.CreatedAt = timestamppb.New(p.CreatedAt)

        }

        if !p.UpdatedAt.IsZero() {

                policyProto.UpdatedAt = timestamppb.New(p.UpdatedAt)

        }

        return policyProto, nil

func (a *adapter) ToPolicyAppealConfigProto(p *domain.Policy) (*guardianv1beta1.PolicyAppealConfig, error) {

        if p.AppealConfig == nil {

                return nil, nil

        }

        policyAppealConfigProto := &guardianv1beta1.PolicyAppealConfig{}

        var durationOptions []*guardianv1beta1.PolicyAppealConfig_DurationOptions

        if p.AppealConfig.DurationOptions != nil {

                for _, d := range p.AppealConfig.DurationOptions {

                        durationOptions = append(durationOptions, &guardianv1beta1.PolicyAppealConfig_DurationOptions{

                                Name:  d.Name,

                                Value: d.Value,

                        })

                }

        policyAppealConfigProto.DurationOptions = durationOptions

        policyAppealConfigProto.AllowOnBehalf = p.AppealConfig.AllowOnBehalf

        policyAppealConfigProto.AllowPermanentAccess = p.AppealConfig.AllowPermanentAccess

        policyAppealConfigProto.AllowActiveAccessExtensionIn = p.AppealConfig.AllowActiveAccessExtensionIn

        policyAppealConfigProto.AllowCreatorDetailsFailure = p.AppealConfig.AllowCreatorDetailsFailure

        for _, q := range p.AppealConfig.Questions {

                policyAppealConfigProto.Questions = append(policyAppealConfigProto.Questions, &guardianv1beta1.PolicyAppealConfig_Question{

                        Key:         q.Key,

                        Question:    q.Question,

                        Required:    q.Required,

                        Description: q.Description,

                })

        }

        for key, metadataSource := range p.AppealConfig.MetadataSources {

                if policyAppealConfigProto.MetadataSources == nil {

                        policyAppealConfigProto.MetadataSources = make(map[string]*guardianv1beta1.PolicyAppealConfig_MetadataSource)

                }

                policyAppealConfigProto.MetadataSources[key] = &guardianv1beta1.PolicyAppealConfig_MetadataSource{

                        Name:        metadataSource.Name,

                        Description: metadataSource.Description,

                        Type:        metadataSource.Type,

                }

                if metadataSource.Config != nil {

                        cfg, err := structpb.NewValue(metadataSource.Config)

                        if err != nil {

                        policyAppealConfigProto.MetadataSources[key].Config = cfg

                if metadataSource.Value != nil {

                        value, err := structpb.NewValue(metadataSource.Value)

                        if err != nil {

                        policyAppealConfigProto.MetadataSources[key].Value = value

        policyAppealConfigProto.TermsAndConditions = p.AppealConfig.TermsAndConditions

        if p.AppealConfig.LabelingRules != nil {

                for _, rule := range p.AppealConfig.LabelingRules {

                        ruleProto := &guardianv1beta1.LabelingRule{

                                RuleName:     rule.RuleName,

                                Description:  rule.Description,

                                When:         rule.When,

                                Labels:       rule.Labels,

                                Priority:     int32(rule.Priority),

                                AllowFailure: rule.AllowFailure,

                        }

                        if rule.LabelMetadata != nil {

                                ruleProto.LabelMetadata = make(map[string]*guardianv1beta1.LabelMetadataConfig)

                                for key, metadata := range rule.LabelMetadata {

                                        attrs, err := structpb.NewStruct(metadata.Attributes)

                                        if err != nil {

                                        ruleProto.LabelMetadata[key] = &guardianv1beta1.LabelMetadataConfig{

                                                Category:   metadata.Category,

                                                Attributes: attrs,

                                        }

                        policyAppealConfigProto.LabelingRules = append(policyAppealConfigProto.LabelingRules, ruleProto)

        if p.AppealConfig.UserLabelConfig != nil {

                policyAppealConfigProto.UserLabelConfig = &guardianv1beta1.UserLabelConfig{

                        AllowUserLabels: p.AppealConfig.UserLabelConfig.AllowUserLabels,

                        AllowedKeys:     p.AppealConfig.UserLabelConfig.AllowedKeys,

                        RequiredKeys:    p.AppealConfig.UserLabelConfig.RequiredKeys,

                        MaxLabels:       int32(p.AppealConfig.UserLabelConfig.MaxLabels),

                        KeyPattern:      p.AppealConfig.UserLabelConfig.KeyPattern,

                        ValuePattern:    p.AppealConfig.UserLabelConfig.ValuePattern,

                        AllowOverride:   p.AppealConfig.UserLabelConfig.AllowOverride,

                }

        }

        return policyAppealConfigProto, nil

func (a *adapter) FromResourceProto(r *guardianv1beta1.Resource) *domain.Resource {

        resource := &domain.Resource{

                ID:           r.GetId(),

                ProviderType: r.GetProviderType(),

                ProviderURN:  r.GetProviderUrn(),

                Type:         r.GetType(),

                URN:          r.GetUrn(),

                Name:         r.GetName(),

                Labels:       r.GetLabels(),

                IsDeleted:    r.GetIsDeleted(),

                GroupID:      r.GetGroupId(),

                GroupType:    r.GetGroupType(),

        }

        if r.GetParentId() != "" {

        if r.GetChildren() != nil {

        if r.GetDetails() != nil {

        if r.GetCreatedAt() != nil {

        if r.GetUpdatedAt() != nil {

        return resource

func (a *adapter) ToResourceProto(r *domain.Resource) (*guardianv1beta1.Resource, error) {

        resourceProto := &guardianv1beta1.Resource{

                Id:           r.ID,

                ProviderType: r.ProviderType,

                ProviderUrn:  r.ProviderURN,

                Type:         r.Type,

                Urn:          r.URN,

                Name:         r.Name,

                Labels:       r.Labels,

                IsDeleted:    r.IsDeleted,

                GroupId:      r.GroupID,

                GroupType:    r.GroupType,

        }

        if r.ParentID != nil {

        if r.GlobalURN != "" {

                resourceProto.GlobalUrn = r.GlobalURN

        }

        if r.Children != nil {

        if r.Details != nil {

                details, err := structpb.NewStruct(r.Details)

                if err != nil {

                        return nil, err

                }

                resourceProto.Details = details

        if !r.CreatedAt.IsZero() {

                resourceProto.CreatedAt = timestamppb.New(r.CreatedAt)

        }

        if !r.UpdatedAt.IsZero() {

                resourceProto.UpdatedAt = timestamppb.New(r.UpdatedAt)

        }

        return resourceProto, nil

func (a *adapter) ToAppealProto(appeal *domain.Appeal) (*guardianv1beta1.Appeal, error) {

        appealProto := &guardianv1beta1.Appeal{

                Id:             appeal.ID,

                ResourceId:     appeal.ResourceID,

                PolicyId:       appeal.PolicyID,

                PolicyVersion:  uint32(appeal.PolicyVersion),

                Status:         appeal.Status,

                AccountId:      appeal.AccountID,

                AccountType:    appeal.AccountType,

                GroupId:        appeal.GroupID,

                GroupType:      appeal.GroupType,

                CreatedBy:      appeal.CreatedBy,

                Role:           appeal.Role,

                Permissions:    appeal.Permissions,

                Options:        a.toAppealOptionsProto(appeal.Options),

                Labels:         appeal.Labels,

                LabelsMetadata: a.toLabelMetadataProto(appeal.LabelsMetadata),

                Description:    appeal.Description,

                Revision:       uint32(appeal.Revision),

        }

        if appeal.Resource != nil {

                r, err := a.ToResourceProto(appeal.Resource)

                if err != nil {

                appealProto.Resource = r

        if appeal.Creator != nil {

                creator, err := structpb.NewValue(appeal.Creator)

                if err != nil {

                        return nil, err

                }

                appealProto.Creator = creator

        if appeal.Approvals != nil {

                approvals := []*guardianv1beta1.Approval{}

                for _, approval := range appeal.Approvals {

                        approvalProto, err := a.ToApprovalProto(approval)

                        if err != nil {

                        approvals = append(approvals, approvalProto)

                appealProto.Approvals = approvals

        if appeal.Details != nil {

                details, err := structpb.NewStruct(appeal.Details)

                if err != nil {

                        return nil, err

                }

                appealProto.Details = details

        if !appeal.CreatedAt.IsZero() {

                appealProto.CreatedAt = timestamppb.New(appeal.CreatedAt)

        }

        if !appeal.UpdatedAt.IsZero() {

                appealProto.UpdatedAt = timestamppb.New(appeal.UpdatedAt)

        }

        grantProto, err := a.ToGrantProto(appeal.Grant)

        if err != nil {

        appealProto.Grant = grantProto

        return appealProto, nil

func (a *adapter) FromCreateAppealProto(ca *guardianv1beta1.CreateAppealRequest, authenticatedUser string) ([]*domain.Appeal, error) {

        var appeals []*domain.Appeal

        for _, r := range ca.GetResources() {

                appeal := &domain.Appeal{

                        AccountID:   ca.GetAccountId(),

                        AccountType: ca.GetAccountType(),

                        GroupID:     r.GetGroupId(),

                        GroupType:   r.GetGroupType(),

                        CreatedBy:   authenticatedUser,

                        ResourceID:  r.GetId(),

                        Role:        r.GetRole(),

                        Description: ca.GetDescription(),

                        UserLabels:  ca.GetUserLabels(),

                }

                if r.GetOptions() != nil {

                        var options *domain.AppealOptions

                        jsonBytes, err := json.Marshal(r.GetOptions().AsMap())

                        if err != nil {

                        if err := json.Unmarshal(jsonBytes, &options); err != nil {

                                return nil, err

                        }

                        appeal.Options = options

                if r.GetDetails() != nil {

                        appeal.Details = r.GetDetails().AsMap()

                }

                appeals = append(appeals, appeal)

        return appeals, nil

func (a *adapter) FromPatchAppealProto(ua *guardianv1beta1.PatchAppealRequest, authenticatedUser string) (*domain.Appeal, error) {

        appeal := &domain.Appeal{

                ID:          ua.GetId(),

                AccountID:   ua.GetAccountId(),

                AccountType: ua.GetAccountType(),

                CreatedBy:   authenticatedUser,

                ResourceID:  ua.GetResourceId(),

                Role:        ua.GetRole(),

                Description: ua.GetDescription(),

        }

        if ua.GetOptions() != nil {

                var options *domain.AppealOptions

                if err := mapstructure.Decode(ua.GetOptions().AsMap(), &options); err != nil {

                appeal.Options = options

        if ua.GetDetails() != nil {

                appeal.Details = ua.GetDetails().AsMap()

        }

        return appeal, nil

func (a *adapter) ToApprovalProto(approval *domain.Approval) (*guardianv1beta1.Approval, error) {

        approvalProto := &guardianv1beta1.Approval{

                Id:                    approval.ID,

                Name:                  approval.Name,

                AppealId:              approval.AppealID,

                Status:                approval.Status,

                Reason:                approval.Reason,

                PolicyId:              approval.PolicyID,

                PolicyVersion:         uint32(approval.PolicyVersion),

                Approvers:             approval.Approvers,

                CreatedAt:             timestamppb.New(approval.CreatedAt),

                UpdatedAt:             timestamppb.New(approval.UpdatedAt),

                IsStale:               approval.IsStale,

                AppealRevision:        uint32(approval.AppealRevision),

                AllowFailed:           approval.AllowFailed,

                DontAllowSelfApproval: approval.DontAllowSelfApproval,

        }

        if approval.Details != nil {

        if approval.Appeal != nil {

                appeal, err := a.ToAppealProto(approval.Appeal)

                if err != nil {