Nest Interface Policy under the interface field

.editorconfig

@@ -4,6 +4,10 @@ insert_final_newline = true
 [{*.yml, *.yaml}]
 indent_size = 2
 
+[*.graphql]
+indent_size = 4
+indent_style = space
+
 [Makefile]
 indent_style = tab
 indent_size = 4

deploy/kubernetes/charts/capact/charts/engine/templates/clusterpolicy-configmap.yaml

@@ -6,10 +6,7 @@ metadata:
  {{- include "engine.labels" . | nindent 4 }}
 data:
  cluster-policy.yaml: |
- apiVersion: 0.2.0
-
- rules:
- {{- if .Values.testSetup.enabled }}
- {{- toYaml .Values.testSetup.globalPolicyRules | nindent 8 }}
- {{- end }}
- {{- toYaml .Values.globalPolicyRules | nindent 8 }}
+ {{- if .Values.testSetup.enabled }}
+ {{- toYaml .Values.testSetup.globalPolicy | nindent 2 }}
+ {{- end }}
+ {{- toYaml .Values.globalPolicy | nindent 2 }}

deploy/kubernetes/charts/capact/charts/engine/values.yaml

@@ -60,67 +60,71 @@ affinity: {}
 
 # order from highest priority to the lowest
 policyOrder: "ACTION,GLOBAL,WORKFLOW"
-globalPolicyRules:
+globalPolicy:
 # Insert Interface paths with Implementations. For example:
-#
-# - interface:
-# # Rules for exact path and revision (looked up in first place)
-# path: "cap.interface.database.postgresql.install"
-# revision: "0.1.0"
-# oneOf:
-# - implementationConstraints:
-# requires:
-# - path: "cap.type.gcp.auth.service-account"
-# # any revision
-# attributes:
-# - path: "cap.attribute.cloud.provider.gcp"
-# # any revision
-# inject:
-# typeInstances:
-# - id: "{uuid}"
-# typeRef:
-# path: "cap.type.gcp.auth.service-account"
-# revision: "0.1.0"
-# - implementationConstraints:
-# attributes:
-# - path: cap.attribute.cloud.provider.aws
-# # any revision
-# - implementationConstraints:
-# path: cap.implementation.bitnami.postgresql.install
-# - interface:
-# # Rules for exact path in any revision (looked up in second place)
-# path: "cap.interface.database.postgresql.install"
-# oneOf:
-# - implementationConstraints:
-# requires:
-# - path: "cap.type.gcp.auth.service-account"
-# # any revision
-# attributes:
-# - path: "cap.attribute.cloud.provider.gcp"
-# # any revision
+# interface:
+# rules:
+# - interface:
+# # Rules for exact path and revision (looked up in first place)
+# path: "cap.interface.database.postgresql.install"
+# revision: "0.1.0"
+# oneOf:
+# - implementationConstraints:
+# requires:
+# - path: "cap.type.gcp.auth.service-account"
+# # any revision
+# attributes:
+# - path: "cap.attribute.cloud.provider.gcp"
+# # any revision
+# inject:
+# typeInstances:
+# - id: "{uuid}"
+# typeRef:
+# path: "cap.type.gcp.auth.service-account"
+# revision: "0.1.0"
+# - implementationConstraints:
+# attributes:
+# - path: cap.attribute.cloud.provider.aws
+# # any revision
+# - implementationConstraints:
+# path: cap.implementation.bitnami.postgresql.install
+# - interface:
+# # Rules for exact path in any revision (looked up in second place)
+# path: "cap.interface.database.postgresql.install"
+# oneOf:
+# - implementationConstraints:
+# requires:
+# - path: "cap.type.gcp.auth.service-account"
+# # any revision
+# attributes:
+# - path: "cap.attribute.cloud.provider.gcp"
+# # any revision
+ interface:
+ rules:
+ - interface:
+ # any other Interface (looked up in third place, if there is no rule for `path` and `revision` or `path`)
+ path: "cap.*"
+ oneOf:
+ - implementationConstraints: # prefer Implementation for Kubernetes
+ requires:
+ - path: "cap.core.type.platform.kubernetes"
+ # any revision
+ - implementationConstraints: {} # fallback to any Implementation
 
+testSetup:
+ enabled: false
+ globalPolicy:
+ interface:
+ rules:
  - interface:
- # any other Interface (looked up in third place, if there is no rule for `path` and `revision` or `path`)
- path: "cap.*"
+ path: "cap.interface.capactio.capact.validation.action.passing"
  oneOf:
- - implementationConstraints: # prefer Implementation for Kubernetes
+ - implementationConstraints:
  requires:
- - path: "cap.core.type.platform.kubernetes"
- # any revision
- - implementationConstraints: {} # fallback to any Implementation
-
-testSetup:
- enabled: false
- globalPolicyRules:
- - interface:
- path: "cap.interface.capactio.capact.validation.action.passing"
- oneOf:
- - implementationConstraints:
- requires:
- - path: "cap.type.capactio.capact.validation.single-key"
- attributes:
- - path: "cap.attribute.capactio.capact.validation.policy.most-preferred"
- inject:
- requiredTypeInstances: [] # DO NOT MODIFY this line, as it is found and replaced during integration tests
- - implementationConstraints:
- path: cap.implementation.capactio.capact.validation.action.passing-a
+ - path: "cap.type.capactio.capact.validation.single-key"
+ attributes:
+ - path: "cap.attribute.capactio.capact.validation.policy.most-preferred"
+ inject:
+ requiredTypeInstances: [] # DO NOT MODIFY this line, as it is found and replaced during integration tests
+ - implementationConstraints:
+ path: cap.implementation.capactio.capact.validation.action.passing-a

internal/k8s-engine/graphql/domain/action/fixtures_test.go

@@ -302,33 +302,35 @@ func fixGQLInputActionPolicy() *graphql.PolicyInput {
  }
 
  return &graphql.PolicyInput{
- Rules: []*graphql.RulesForInterfaceInput{
- {
- Interface: &graphql.ManifestReferenceInput{
- Path: "cap.interface.dummy",
- },
- OneOf: []*graphql.PolicyRuleInput{
- {
- ImplementationConstraints: &graphql.PolicyRuleImplementationConstraintsInput{
- Path: ptr.String("cap.implementation.dummy"),
- },
- Inject: &graphql.PolicyRuleInjectDataInput{
- RequiredTypeInstances: []*graphql.RequiredTypeInstanceReferenceInput{
- {
- ID: "policy-ti-id",
- Description: ptr.String("Sample description"),
- },
+ Interface: &graphql.InterfacePolicyInput{
+ Rules: []*graphql.RulesForInterfaceInput{
+ {
+ Interface: &graphql.ManifestReferenceInput{
+ Path: "cap.interface.dummy",
+ },
+ OneOf: []*graphql.PolicyRuleInput{
+ {
+ ImplementationConstraints: &graphql.PolicyRuleImplementationConstraintsInput{
+ Path: ptr.String("cap.implementation.dummy"),
  },
- AdditionalParameters: []*graphql.AdditionalParameterInput{
- {
- Name: "additional-parameters",
- Value: additionalInput,
+ Inject: &graphql.PolicyRuleInjectDataInput{
+ RequiredTypeInstances: []*graphql.RequiredTypeInstanceReferenceInput{
+ {
+ ID: "policy-ti-id",
+ Description: ptr.String("Sample description"),
+ },
  },
- },
- AdditionalTypeInstances: []*graphql.AdditionalTypeInstanceReferenceInput{
- {
- Name: "additional-ti",
- ID: "additional-ti-id",
+ AdditionalParameters: []*graphql.AdditionalParameterInput{
+ {
+ Name: "additional-parameters",
+ Value: additionalInput,
+ },
+ },
+ AdditionalTypeInstances: []*graphql.AdditionalTypeInstanceReferenceInput{
+ {
+ Name: "additional-ti",
+ ID: "additional-ti-id",
+ },
  },
  },
  },
@@ -430,7 +432,7 @@ func fixModelInputSecret(name string, paramsEnabled, policyEnabled bool) *corev1
  sec.StringData["parameter-input-parameters"] = `{"param":"one"}`
  }
  if policyEnabled {
- sec.StringData["action-policy.json"] = `{"rules":[{"interface":{"path":"cap.interface.dummy","revision":null},"oneOf":[{"implementationConstraints":{"requires":null,"attributes":null,"path":"cap.implementation.dummy"},"inject":{"requiredTypeInstances":[{"id":"policy-ti-id","description":"Sample description"}],"additionalParameters":[{"name":"additional-parameters","value":{"snapshot":true}}],"additionalTypeInstances":[{"name":"additional-ti","id":"additional-ti-id"}]}}]}]}`
+ sec.StringData["action-policy.json"] = `{"interface":{"rules":[{"interface":{"path":"cap.interface.dummy","revision":null},"oneOf":[{"implementationConstraints":{"requires":null,"attributes":null,"path":"cap.implementation.dummy"},"inject":{"requiredTypeInstances":[{"id":"policy-ti-id","description":"Sample description"}],"additionalParameters":[{"name":"additional-parameters","value":{"snapshot":true}}],"additionalTypeInstances":[{"name":"additional-ti","id":"additional-ti-id"}]}}]}]}}`
  }
 
  return sec

internal/k8s-engine/graphql/domain/policy/converter.go

@@ -17,12 +17,26 @@ func NewConverter() *Converter {
 
 // FromGraphQLInput coverts Graphql Policy data to model.
 func (c *Converter) FromGraphQLInput(in graphql.PolicyInput) (policy.Policy, error) {
+ ifaceRules, err := c.interfaceFromGraphQLInput(in.Interface)
+ if err != nil {
+ return policy.Policy{}, err
+ }
+
+ return policy.Policy{
+ Interface: ifaceRules,
+ }, nil
+}
+
+func (c *Converter) interfaceFromGraphQLInput(in *graphql.InterfacePolicyInput) (policy.InterfacePolicy, error) {
+ if in == nil {
+ return policy.InterfacePolicy{}, nil
+ }
  var rules policy.RulesList
 
  for _, gqlRule := range in.Rules {
  policyRules, err := c.policyRulesFromGraphQLInput(gqlRule.OneOf)
  if err != nil {
- return policy.Policy{}, errors.Wrap(err, "while getting Policy rules")
+ return policy.InterfacePolicy{}, err
  }
 
  rules = append(rules, policy.RulesForInterface{
@@ -31,13 +45,17 @@ func (c *Converter) FromGraphQLInput(in graphql.PolicyInput) (policy.Policy, err
  })
  }
 
- return policy.Policy{
- Rules: rules,
- }, nil
+ return policy.InterfacePolicy{Rules: rules}, nil
 }
 
 // ToGraphQL converts Policy model representation to GraphQL DTO.
 func (c *Converter) ToGraphQL(in policy.Policy) graphql.Policy {
+ return graphql.Policy{
+ Interface: c.interfaceToGraphQL(in.Interface),
+ }
+}
+
+func (c *Converter) interfaceToGraphQL(in policy.InterfacePolicy) *graphql.InterfacePolicy {
  var gqlRules []*graphql.RulesForInterface
 
  for _, rule := range in.Rules {
@@ -47,7 +65,7 @@ func (c *Converter) ToGraphQL(in policy.Policy) graphql.Policy {
  })
  }
 
- return graphql.Policy{
+ return &graphql.InterfacePolicy{
  Rules: gqlRules,
  }
 }