Merging to release-5.3: [TT-12897] Merge path based permissions when combining policies (#6597)

gateway/api_definition.go

@@ -47,6 +47,7 @@
 	"github.com/TykTechnologies/tyk/apidef"
 	"github.com/TykTechnologies/tyk/config"
 	"github.com/TykTechnologies/tyk/header"
+	"github.com/TykTechnologies/tyk/internal/model"
 	"github.com/TykTechnologies/tyk/regexp"
 	"github.com/TykTechnologies/tyk/rpc"
 	"github.com/TykTechnologies/tyk/storage"
@@ -522,7 +523,11 @@
 	}
 
 	// Extract tagged APIs#
+<<<<<<< HEAD
 	list := &nestedApiDefinitionList{}
+=======
+	list := model.NewMergedAPIList()
+>>>>>>> e31a08f08... [TT-12897] Merge path based permissions when combining policies (#6597)
 	inBytes, err := io.ReadAll(resp.Body)
 	if err != nil {
 		log.Error("Couldn't read api definition list")
@@ -680,15 +685,23 @@
 }
 
 func (a APIDefinitionLoader) processRPCDefinitions(apiCollection string, gw *Gateway) ([]*APISpec, error) {
+<<<<<<< HEAD
 
 	var payload []nestedApiDefinition
+=======
+	var payload []model.MergedAPI
+>>>>>>> e31a08f08... [TT-12897] Merge path based permissions when combining policies (#6597)
 	if err := json.Unmarshal([]byte(apiCollection), &payload); err != nil {
 		return nil, err
 	}
 
+<<<<<<< HEAD
 	list := &nestedApiDefinitionList{
 		Message: payload,
 	}
+=======
+	list := model.NewMergedAPIList(payload...)
+>>>>>>> e31a08f08... [TT-12897] Merge path based permissions when combining policies (#6597)
 
 	gwConfig := a.Gw.GetConfig()
 

gateway/api_definition_test.go

@@ -21,6 +21,11 @@
 	"github.com/TykTechnologies/tyk/apidef"
 	"github.com/TykTechnologies/tyk/apidef/oas"
 	"github.com/TykTechnologies/tyk/config"
+<<<<<<< HEAD
+=======
+	"github.com/TykTechnologies/tyk/internal/model"
+	"github.com/TykTechnologies/tyk/internal/policy"
+>>>>>>> e31a08f08... [TT-12897] Merge path based permissions when combining policies (#6597)
 	"github.com/TykTechnologies/tyk/rpc"
 	"github.com/TykTechnologies/tyk/test"
 	"github.com/TykTechnologies/tyk/user"
@@ -1448,7 +1453,7 @@
 	loader := APIDefinitionLoader{Gw: ts.Gw}
 
 	t.Run("load APIs from RPC - success", func(t *testing.T) {
-		mockedStorage := &RPCDataLoaderMock{
+		mockedStorage := &policy.RPCDataLoaderMock{
 			ShouldConnect: true,
 			Apis: []nestedApiDefinition{
 				{APIDefinition: &apidef.APIDefinition{Id: objectID, OrgID: "org1", APIID: "api1"}},
@@ -1462,7 +1467,7 @@
 	})
 
 	t.Run("load APIs from RPC - success - then fail", func(t *testing.T) {
-		mockedStorage := &RPCDataLoaderMock{
+		mockedStorage := &policy.RPCDataLoaderMock{
 			ShouldConnect: true,
 			Apis: []nestedApiDefinition{
 				{APIDefinition: &apidef.APIDefinition{Id: objectID, OrgID: "org1", APIID: "api1"}},

gateway/gateway.go

@@ -0,0 +1,62 @@
+package gateway
+
+import (
+	"github.com/TykTechnologies/tyk/internal/policy"
+	"github.com/TykTechnologies/tyk/user"
+)
+
+// Repository is a description of our Gateway API promises.
+type Repository interface {
+	policy.Repository
+}
+
+// Gateway implements the Repository interface.
+var _ Repository = &Gateway{}
+
+// PolicyIDs returns a list of IDs for each policy loaded in the gateway.
+func (gw *Gateway) PolicyIDs() []string {
+	gw.policiesMu.RLock()
+	defer gw.policiesMu.RUnlock()
+
+	result := make([]string, 0, len(gw.policiesByID))
+	for id := range gw.policiesByID {
+		result = append(result, id)
+	}
+	return result
+}
+
+// PolicyByID will return a Policy matching the passed Policy ID.
+func (gw *Gateway) PolicyByID(id string) (user.Policy, bool) {
+	gw.policiesMu.RLock()
+	defer gw.policiesMu.RUnlock()
+
+	pol, ok := gw.policiesByID[id]
+	return pol, ok
+}
+
+// PolicyCount will return the number of policies loaded in the gateway.
+func (gw *Gateway) PolicyCount() int {
+	gw.policiesMu.RLock()
+	defer gw.policiesMu.RUnlock()
+
+	return len(gw.policiesByID)
+}
+
+// SetPolicies updates the internal policy map with a new policy map.
+func (gw *Gateway) SetPolicies(pols map[string]user.Policy) {
+	gw.policiesMu.Lock()
+	defer gw.policiesMu.Unlock()
+
+	gw.policiesByID = pols
+}
+
+// SetPoliciesByID will update the internal policiesByID map with new policies.
+// The key used will be the policy ID.
+func (gw *Gateway) SetPoliciesByID(pols ...user.Policy) {
+	gw.policiesMu.Lock()
+	defer gw.policiesMu.Unlock()
+
+	for _, pol := range pols {
+		gw.policiesByID[pol.ID] = pol
+	}
+}

gateway/health_check.go

@@ -8,15 +8,21 @@ import (
 	"sync"
 	"time"
 
+<<<<<<< HEAD
 	"github.com/TykTechnologies/tyk/rpc"
 
+=======
+>>>>>>> e31a08f08... [TT-12897] Merge path based permissions when combining policies (#6597)
 	"github.com/sirupsen/logrus"
 
 	"github.com/TykTechnologies/tyk/apidef"
 	"github.com/TykTechnologies/tyk/header"
+	"github.com/TykTechnologies/tyk/internal/model"
+	"github.com/TykTechnologies/tyk/rpc"
 	"github.com/TykTechnologies/tyk/storage"
 )
 
+<<<<<<< HEAD
 func (gw *Gateway) setCurrentHealthCheckInfo(h map[string]apidef.HealthCheckItem) {
 	gw.healthCheckInfo.Store(h)
 }
@@ -25,12 +31,40 @@ func (gw *Gateway) getHealthCheckInfo() map[string]apidef.HealthCheckItem {
 	ret, ok := gw.healthCheckInfo.Load().(map[string]apidef.HealthCheckItem)
 	if !ok {
 		return make(map[string]apidef.HealthCheckItem, 0)
+=======
+type (
+	HealthCheckItem     = model.HealthCheckItem
+	HealthCheckStatus   = model.HealthCheckStatus
+	HealthCheckResponse = model.HealthCheckResponse
+)
+
+const (
+	Pass      = model.Pass
+	Fail      = model.Fail
+	Warn      = model.Warn
+	Datastore = model.Datastore
+	System    = model.System
+)
+
+func (gw *Gateway) setCurrentHealthCheckInfo(h map[string]model.HealthCheckItem) {
+	gw.healthCheckInfo.Store(h)
+}
+
+func (gw *Gateway) getHealthCheckInfo() map[string]HealthCheckItem {
+	ret, ok := gw.healthCheckInfo.Load().(map[string]HealthCheckItem)
+	if !ok {
+		return make(map[string]HealthCheckItem, 0)
+>>>>>>> e31a08f08... [TT-12897] Merge path based permissions when combining policies (#6597)
 	}
 	return ret
 }
 
 func (gw *Gateway) initHealthCheck(ctx context.Context) {
+<<<<<<< HEAD
 	gw.setCurrentHealthCheckInfo(make(map[string]apidef.HealthCheckItem, 3))
+=======
+	gw.setCurrentHealthCheckInfo(make(map[string]HealthCheckItem, 3))
+>>>>>>> e31a08f08... [TT-12897] Merge path based permissions when combining policies (#6597)
 
 	go func(ctx context.Context) {
 		var n = gw.GetConfig().LivenessCheck.CheckDuration
@@ -59,12 +93,20 @@ func (gw *Gateway) initHealthCheck(ctx context.Context) {
 }
 
 type SafeHealthCheck struct {
+<<<<<<< HEAD
 	info map[string]apidef.HealthCheckItem
+=======
+	info map[string]HealthCheckItem
+>>>>>>> e31a08f08... [TT-12897] Merge path based permissions when combining policies (#6597)
 	mux  sync.Mutex
 }
 
 func (gw *Gateway) gatherHealthChecks() {
+<<<<<<< HEAD
 	allInfos := SafeHealthCheck{info: make(map[string]apidef.HealthCheckItem, 3)}
+=======
+	allInfos := SafeHealthCheck{info: make(map[string]HealthCheckItem, 3)}
+>>>>>>> e31a08f08... [TT-12897] Merge path based permissions when combining policies (#6597)
 
 	redisStore := storage.RedisCluster{KeyPrefix: "livenesscheck-", ConnectionHandler: gw.StorageConnectionHandler}
 
@@ -76,17 +118,27 @@ func (gw *Gateway) gatherHealthChecks() {
 	go func() {
 		defer wg.Done()
 
+<<<<<<< HEAD
 		var checkItem = apidef.HealthCheckItem{
 			Status:        apidef.Pass,
 			ComponentType: apidef.Datastore,
+=======
+		var checkItem = HealthCheckItem{
+			Status:        Pass,
+			ComponentType: Datastore,
+>>>>>>> e31a08f08... [TT-12897] Merge path based permissions when combining policies (#6597)
 			Time:          time.Now().Format(time.RFC3339),
 		}
 
 		err := redisStore.SetRawKey(key, key, 10)
 		if err != nil {
 			mainLog.WithField("liveness-check", true).WithError(err).Error("Redis health check failed")
 			checkItem.Output = err.Error()
+<<<<<<< HEAD
 			checkItem.Status = apidef.Fail
+=======
+			checkItem.Status = Fail
+>>>>>>> e31a08f08... [TT-12897] Merge path based permissions when combining policies (#6597)
 		}
 
 		allInfos.mux.Lock()
@@ -100,16 +152,23 @@ func (gw *Gateway) gatherHealthChecks() {
 		go func() {
 			defer wg.Done()
 
+<<<<<<< HEAD
 			var checkItem = apidef.HealthCheckItem{
 				Status:        apidef.Pass,
 				ComponentType: apidef.Datastore,
+=======
+			var checkItem = HealthCheckItem{
+				Status:        Pass,
+				ComponentType: Datastore,
+>>>>>>> e31a08f08... [TT-12897] Merge path based permissions when combining policies (#6597)
 				Time:          time.Now().Format(time.RFC3339),
 			}
 
 			if gw.DashService == nil {
 				err := errors.New("Dashboard service not initialized")
 				mainLog.WithField("liveness-check", true).Error(err)
 				checkItem.Output = err.Error()
+<<<<<<< HEAD
 				checkItem.Status = apidef.Fail
 			} else if err := gw.DashService.Ping(); err != nil {
 				mainLog.WithField("liveness-check", true).Error(err)
@@ -118,6 +177,16 @@ func (gw *Gateway) gatherHealthChecks() {
 			}
 
 			checkItem.ComponentType = apidef.System
+=======
+				checkItem.Status = Fail
+			} else if err := gw.DashService.Ping(); err != nil {
+				mainLog.WithField("liveness-check", true).Error(err)
+				checkItem.Output = err.Error()
+				checkItem.Status = Fail
+			}
+
+			checkItem.ComponentType = System
+>>>>>>> e31a08f08... [TT-12897] Merge path based permissions when combining policies (#6597)
 
 			allInfos.mux.Lock()
 			allInfos.info["dashboard"] = checkItem
@@ -132,18 +201,31 @@ func (gw *Gateway) gatherHealthChecks() {
 		go func() {
 			defer wg.Done()
 
+<<<<<<< HEAD
 			var checkItem = apidef.HealthCheckItem{
 				Status:        apidef.Pass,
 				ComponentType: apidef.Datastore,
+=======
+			var checkItem = HealthCheckItem{
+				Status:        Pass,
+				ComponentType: Datastore,
+>>>>>>> e31a08f08... [TT-12897] Merge path based permissions when combining policies (#6597)
 				Time:          time.Now().Format(time.RFC3339),
 			}
 
 			if !rpc.Login() {
 				checkItem.Output = "Could not connect to RPC"
+<<<<<<< HEAD
 				checkItem.Status = apidef.Fail
 			}
 
 			checkItem.ComponentType = apidef.System
+=======
+				checkItem.Status = Fail
+			}
+
+			checkItem.ComponentType = System
+>>>>>>> e31a08f08... [TT-12897] Merge path based permissions when combining policies (#6597)
 
 			allInfos.mux.Lock()
 			allInfos.info["rpc"] = checkItem
@@ -166,8 +248,13 @@ func (gw *Gateway) liveCheckHandler(w http.ResponseWriter, r *http.Request) {
 
 	checks := gw.getHealthCheckInfo()
 
+<<<<<<< HEAD
 	res := apidef.HealthCheckResponse{
 		Status:      apidef.Pass,
+=======
+	res := HealthCheckResponse{
+		Status:      Pass,
+>>>>>>> e31a08f08... [TT-12897] Merge path based permissions when combining policies (#6597)
 		Version:     VERSION,
 		Description: "Tyk GW",
 		Details:     checks,
@@ -176,11 +263,16 @@ func (gw *Gateway) liveCheckHandler(w http.ResponseWriter, r *http.Request) {
 	var failCount int
 
 	for _, v := range checks {
+<<<<<<< HEAD
 		if v.Status == apidef.Fail {
+=======
+		if v.Status == Fail {
+>>>>>>> e31a08f08... [TT-12897] Merge path based permissions when combining policies (#6597)
 			failCount++
 		}
 	}
 
+<<<<<<< HEAD
 	var status apidef.HealthCheckStatus
 
 	switch failCount {
@@ -192,6 +284,19 @@ func (gw *Gateway) liveCheckHandler(w http.ResponseWriter, r *http.Request) {
 
 	default:
 		status = apidef.Warn
+=======
+	var status HealthCheckStatus
+
+	switch failCount {
+	case 0:
+		status = Pass
+
+	case len(checks):
+		status = Fail
+
+	default:
+		status = Warn
+>>>>>>> e31a08f08... [TT-12897] Merge path based permissions when combining policies (#6597)
 	}
 
 	res.Status = status

gateway/policy_test.go

@@ -20,7 +20,6 @@ import (
 	"github.com/TykTechnologies/tyk/apidef"
 	"github.com/TykTechnologies/tyk/config"
 	"github.com/TykTechnologies/tyk/header"
-	"github.com/TykTechnologies/tyk/rpc"
 	"github.com/TykTechnologies/tyk/test"
 	"github.com/TykTechnologies/tyk/user"
 
@@ -1596,6 +1595,7 @@ func TestParsePoliciesFromRPC(t *testing.T) {
 	}
 
 }
+<<<<<<< HEAD
 
 type RPCDataLoaderMock struct {
 	ShouldConnect bool
@@ -1666,3 +1666,5 @@ func Test_LoadPoliciesFromRPC(t *testing.T) {
 		assert.Equal(t, 1, len(polMap), "expected 0 policies to be loaded from RPC")
 	})
 }
+=======
+>>>>>>> e31a08f08... [TT-12897] Merge path based permissions when combining policies (#6597)