Skip to content

Commit

Permalink
access_policy: update more references and method signatures
Browse files Browse the repository at this point in the history
  • Loading branch information
jacobbednarz committed Jul 5, 2023
1 parent 978579f commit 0a58e18
Show file tree
Hide file tree
Showing 3 changed files with 150 additions and 9 deletions.
83 changes: 83 additions & 0 deletions .changelog/1326.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
```release-note:breaking-change
logpush: all methods are updated to use the newer client conventions for method signatures
```

```release-note:breaking-change
logpush: `CreateAccountLogpushJob` is removed in favour of `CreateLogpushJob` with `ResourceContainer` method parameter
```

```release-note:breaking-change
logpush: `CreateZoneLogpushJob` is removed in favour of `CreateLogpushJob` with `ResourceContainer` method parameter
```

```release-note:breaking-change
logpush: `ListAccountLogpushJobs` is removed in favour of `ListLogpushJobs` with `ResourceContainer` method parameter
```

```release-note:breaking-change
logpush: `ListZoneLogpushJobs` is removed in favour of `ListLogpushJobs` with `ResourceContainer` method parameter
```

```release-note:breaking-change
logpush: `ListAccountLogpushJobsForDataset` is removed in favour of `ListLogpushJobsForDataset` with `ResourceContainer` method parameter
```

```release-note:breaking-change
logpush: `ListZoneLogpushJobsForDataset` is removed in favour of `ListLogpushJobsForDataset` with `ResourceContainer` method parameter
```

```release-note:breaking-change
logpush: `GetAccountLogpushFields` is removed in favour of `GetLogpushFields` with `ResourceContainer` method parameter
```

```release-note:breaking-change
logpush: `GetZoneLogpushFields` is removed in favour of `GetLogpushFields` with `ResourceContainer` method parameter
```

```release-note:breaking-change
logpush: `GetAccountLogpushJob` is removed in favour of `GetLogpushJob` with `ResourceContainer` method parameter
```

```release-note:breaking-change
logpush: `GetZoneLogpushJob` is removed in favour of `GetLogpushJob` with `ResourceContainer` method parameter
```

```release-note:breaking-change
logpush: `UpdateAccountLogpushJob` is removed in favour of `UpdateLogpushJob` with `ResourceContainer` method parameter
```

```release-note:breaking-change
logpush: `UpdateZoneLogpushJob` is removed in favour of `UpdateLogpushJob` with `ResourceContainer` method parameter
```

```release-note:breaking-change
logpush: `DeleteAccountLogpushJob` is removed in favour of `DeleteLogpushJob` with `ResourceContainer` method parameter
```

```release-note:breaking-change
logpush: `DeleteZoneLogpushJob` is removed in favour of `DeleteLogpushJob` with `ResourceContainer` method parameter
```

```release-note:breaking-change
logpush: `GetAccountLogpushOwnershipChallenge` is removed in favour of `GetLogpushOwnershipChallenge` with `ResourceContainer` method parameter
```

```release-note:breaking-change
logpush: `GetZoneLogpushOwnershipChallenge` is removed in favour of `GetLogpushOwnershipChallenge` with `ResourceContainer` method parameter
```

```release-note:breaking-change
logpush: `ValidateAccountLogpushOwnershipChallenge` is removed in favour of `ValidateLogpushOwnershipChallenge` with `ResourceContainer` method parameter
```

```release-note:breaking-change
logpush: `ValidateZoneLogpushOwnershipChallenge` is removed in favour of `ValidateLogpushOwnershipChallenge` with `ResourceContainer` method parameter
```

```release-note:breaking-change
logpush: `CheckAccountLogpushDestinationExists` is removed in favour of `CheckLogpushDestinationExists` with `ResourceContainer` method parameter
```

```release-note:breaking-change
logpush: `CheckZoneLogpushDestinationExists` is removed in favour of `CheckLogpushDestinationExists` with `ResourceContainer` method parameter
```
38 changes: 33 additions & 5 deletions access_policy.go
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,33 @@ type CreateAccessPolicyParams struct {
Require []interface{} `json:"require"`
}

type UpdateAccessPolicyParams struct {
ApplicationID string `json:"-"`
PolicyID string `json:"-"`

Precedence int `json:"precedence"`
Decision string `json:"decision"`
Name string `json:"name"`

IsolationRequired *bool `json:"isolation_required,omitempty"`
PurposeJustificationRequired *bool `json:"purpose_justification_required,omitempty"`
PurposeJustificationPrompt *string `json:"purpose_justification_prompt,omitempty"`
ApprovalRequired *bool `json:"approval_required,omitempty"`
ApprovalGroups []AccessApprovalGroup `json:"approval_groups"`

// The include policy works like an OR logical operator. The user must
// satisfy one of the rules.
Include []interface{} `json:"include"`

// The exclude policy works like a NOT logical operator. The user must
// not satisfy all the rules in exclude.
Exclude []interface{} `json:"exclude"`

// The require policy works like a AND logical operator. The user must
// satisfy all the rules in require.
Require []interface{} `json:"require"`
}

type DeleteAccessPolicyParams struct {
ApplicationID string `json:"-"`
PolicyID string `json:"-"`
Expand Down Expand Up @@ -215,19 +242,20 @@ func (api *API) CreateAccessPolicy(ctx context.Context, rc *ResourceContainer, p
//
// Account API reference: https://developers.cloudflare.com/api/operations/access-policies-update-an-access-policy
// Zone API reference: https://developers.cloudflare.com/api/operations/zone-level-access-policies-update-an-access-policy
func (api *API) UpdateAccessPolicy(ctx context.Context, rc *ResourceContainer, applicationID string, accessPolicy AccessPolicy) (AccessPolicy, error) {
if accessPolicy.ID == "" {
func (api *API) UpdateAccessPolicy(ctx context.Context, rc *ResourceContainer, params UpdateAccessPolicyParams) (AccessPolicy, error) {
if params.PolicyID == "" {
return AccessPolicy{}, fmt.Errorf("access policy ID cannot be empty")
}

uri := fmt.Sprintf(
"/%s/%s/access/apps/%s/policies/%s",
rc.Level,
rc.Identifier,
applicationID,
accessPolicy.ID,
params.ApplicationID,
params.PolicyID,
)

res, err := api.makeRequestContext(ctx, http.MethodPut, uri, accessPolicy)
res, err := api.makeRequestContext(ctx, http.MethodPut, uri, params)
if err != nil {
return AccessPolicy{}, fmt.Errorf("%s: %w", errMakeRequestError, err)
}
Expand Down
38 changes: 34 additions & 4 deletions access_policy_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -329,6 +329,36 @@ func TestUpdateAccessPolicy(t *testing.T) {
setup()
defer teardown()

accessPolicy := UpdateAccessPolicyParams{
ApplicationID: accessApplicationID,
PolicyID: accessPolicyID,
Precedence: 1,
Decision: "allow",
Name: "Allow devs",
Include: []interface{}{
map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
},
Exclude: []interface{}{
map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
},
Require: []interface{}{
map[string]interface{}{"email": map[string]interface{}{"email": "test@example.com"}},
},
IsolationRequired: &isolationRequired,
PurposeJustificationRequired: &purposeJustificationRequired,
ApprovalRequired: &approvalRequired,
PurposeJustificationPrompt: &purposeJustificationPrompt,
ApprovalGroups: []AccessApprovalGroup{
{
EmailListUuid: "2413b6d7-bbe5-48bd-8fbb-e52069c85561",
ApprovalsNeeded: 3,
},
{
EmailAddresses: []string{"email1@example.com", "email2@example.com"},
ApprovalsNeeded: 1,
},
},
}
handler := func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, http.MethodPut, r.Method, "Expected method 'PUT', got %s", r.Method)
w.Header().Set("content-type", "application/json")
Expand Down Expand Up @@ -384,14 +414,14 @@ func TestUpdateAccessPolicy(t *testing.T) {
}

mux.HandleFunc("/accounts/"+testAccountID+"/access/apps/"+accessApplicationID+"/policies/"+accessPolicyID, handler)
actual, err := client.UpdateAccessPolicy(context.Background(), testAccountRC, accessApplicationID, expectedAccessPolicy)
actual, err := client.UpdateAccessPolicy(context.Background(), testAccountRC, accessPolicy)

if assert.NoError(t, err) {
assert.Equal(t, expectedAccessPolicy, actual)
}

mux.HandleFunc("/zones/"+testZoneID+"/access/apps/"+accessApplicationID+"/policies/"+accessPolicyID, handler)
actual, err = client.UpdateAccessPolicy(context.Background(), testZoneRC, accessApplicationID, expectedAccessPolicy)
actual, err = client.UpdateAccessPolicy(context.Background(), testZoneRC, accessPolicy)

if assert.NoError(t, err) {
assert.Equal(t, expectedAccessPolicy, actual)
Expand All @@ -402,10 +432,10 @@ func TestUpdateAccessPolicyWithMissingID(t *testing.T) {
setup()
defer teardown()

_, err := client.UpdateAccessPolicy(context.Background(), testAccountRC, accessApplicationID, AccessPolicy{})
_, err := client.UpdateAccessPolicy(context.Background(), testAccountRC, UpdateAccessPolicyParams{ApplicationID: accessApplicationID})
assert.EqualError(t, err, "access policy ID cannot be empty")

_, err = client.UpdateAccessPolicy(context.Background(), testZoneRC, accessApplicationID, AccessPolicy{})
_, err = client.UpdateAccessPolicy(context.Background(), testZoneRC, UpdateAccessPolicyParams{ApplicationID: accessApplicationID})
assert.EqualError(t, err, "access policy ID cannot be empty")
}

Expand Down

0 comments on commit 0a58e18

Please sign in to comment.