refactor policystore and idp

Signed-off-by: Saurabh Agarwal <[email protected]>
hexa-org · Dec 2, 2023 · 65b937b · 65b937b
1 parent 5af9f0f
commit 65b937b
Show file tree

Hide file tree

Showing 8 changed files with 203 additions and 147 deletions.
diff --git a/demo/internal/orchestrator/applications_service.go b/demo/internal/orchestrator/applications_service.go
@@ -3,6 +3,8 @@ package orchestrator
 import (
 	"errors"
 	"github.com/hexa-org/policy-mapper/hexaIdql/pkg/hexapolicy"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/providersV2/apps/aws/providercognito"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/providersV2/policy/aws/providerdynamodb"
 	log "golang.org/x/exp/slog"
 	"net/http"
 	"strings"
@@ -30,16 +32,23 @@ func (service ApplicationsService) GatherRecords(identifier string) (Application
 	// SAURABH - temporary workaround until we implement an app onboarding flow
 	var aProvider Provider
 	if integrationRecord.Provider == "amazon" {
-		aProvider, _ = NewOrchestrationProvider(integration.Key, integration.Key)
+		resAttrDef := providerdynamodb.NewAttributeDefinition("Resource", "string", true, false)
+		actionsAttrDef := providerdynamodb.NewAttributeDefinition("Action", "string", false, true)
+		membersDef := providerdynamodb.NewAttributeDefinition("Members", "string", false, false)
+		tableDef := providerdynamodb.NewTableDefinition(resAttrDef, actionsAttrDef, membersDef)
+		policyStore := providerdynamodb.NewDynamicItemStore(providerdynamodb.AwsPolicyStoreTableName, integration.Key, tableDef)
+
+		idp := providercognito.NewCognitoIdp(integration.Key)
+		aProvider, err = NewOrchestrationProvider(idp, policyStore)
+		if err != nil {
+			log.Error("GatherRecords", "msg", "error creating Provider", "provider", integrationRecord.Provider, "error", err)
+			return ApplicationInfo{}, IntegrationInfo{}, nil, err
+		}
 	} else {
 		aProvider = service.Providers[strings.ToLower(integrationRecord.Provider)]
 	}
 
-	if err != nil {
-		log.Error("GatherRecords", "msg", "error creating Provdider", "provider", integrationRecord.Provider, "error", err)
-		return ApplicationInfo{}, IntegrationInfo{}, nil, err
-	}
-	return application, integration, aProvider, err // todo - test for lower?
+	return application, integration, aProvider, nil // todo - test for lower?
 }
 
 func (service ApplicationsService) Apply(jsonRequest Orchestration) error {

diff --git a/demo/internal/orchestrator/orchestrator_provider.go b/demo/internal/orchestrator/orchestrator_provider.go
@@ -1,163 +1,45 @@
 package orchestrator
 
 import (
-	"encoding/json"
-	"fmt"
 	"github.com/hexa-org/policy-mapper/hexaIdql/pkg/hexapolicy"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/providersV2/apps"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/providersV2/policy"
 	"github.com/hexa-org/policy-orchestrator/sdk/core/idp"
 	"github.com/hexa-org/policy-orchestrator/sdk/core/policyprovider"
 	"github.com/hexa-org/policy-orchestrator/sdk/core/rar"
 	"github.com/hexa-org/policy-orchestrator/sdk/provideraws/cognitoidp"
-	"github.com/hexa-org/policy-orchestrator/sdk/provideraws/policystore/dynamodbpolicystore"
 	log "golang.org/x/exp/slog"
 	"net/http"
 )
 
-type attributeDefinition struct {
-	nameOrPath string
-	valType    string
-	pk         bool
-	sk         bool
-}
-
-type tableDefinition struct {
-	resource *attributeDefinition
-	actions  *attributeDefinition
-	members  *attributeDefinition
-}
-
-type TableDefinitionOpt func(t *tableDefinition)
-
-func WithResourceAttrDefinition(nameOrPath string, valType string, pk bool, sk bool) TableDefinitionOpt {
-	return func(t *tableDefinition) {
-		t.resource = &attributeDefinition{
-			nameOrPath: nameOrPath,
-			valType:    valType,
-			pk:         pk,
-			sk:         sk,
-		}
-	}
-}
-
-func WithActionsAttrDefinition(nameOrPath string, valType string, pk bool, sk bool) TableDefinitionOpt {
-	return func(t *tableDefinition) {
-		t.actions = &attributeDefinition{
-			nameOrPath: nameOrPath,
-			valType:    valType,
-			pk:         pk,
-			sk:         sk,
-		}
-	}
-}
-
-func WithMembersAttrDefinition(nameOrPath string, valType string) TableDefinitionOpt {
-	return func(t *tableDefinition) {
-		t.members = &attributeDefinition{
-			nameOrPath: nameOrPath,
-			valType:    valType,
-			pk:         false,
-			sk:         false,
-		}
-	}
-}
-
 type OrchestrationProvider struct {
-	service policyprovider.ProviderService
-}
-
-const awsPolicyStoreTableName = "ResourcePolicies"
-
-type resourcePolicyItem struct {
-	Resource string `json:"Resource" meta:"resource,pk"`
-	Action   string `json:"Action" meta:"actions,sk"`
-	Members  string `json:"Members" meta:"members"`
+	idp         string
+	policyStore string
+	service     policyprovider.ProviderService
 }
 
-func (t resourcePolicyItem) MapTo() (rar.ResourceActionRoles, error) {
-	log.Info("resourcePolicyItem.MapTo", "msg", "Mapping", "rar", fmt.Sprintf("%v", t))
-	members := make([]string, 0)
-	err := json.Unmarshal([]byte(t.Members), &members)
-	if err != nil {
-		log.Error("resourcePolicyItem.MapTo", "msg", "Failed to unmarshal members string",
-			"members", t.Members,
-			"Err", err)
-		return rar.ResourceActionRoles{}, err
-	}
-	return rar.NewResourceActionRoles(t.Resource, []string{t.Action}, members)
-}
-
-const tableDefinitionV2Json = `
-			{
-				"metadata": {
-					"pk": { "attribute": "resource" },
-					"sk": { "attribute": "actions" }
-				},
-				"attributes": {
-					"resource": { "nameOrPath": "Resource", "valType": "string", "pk": true },
-					"actions": { "nameOrPath": "Action", "valType": "string", "sk": true },
-					"members": { "nameOrPath": "Members", "valType": "string" }
-				}  
-			}`
-
-func NewOrchestrationProviderWithDynamicTableInfo(idpCredentials []byte, policyStoreCredentials []byte, tableOpts ...TableDefinitionOpt) (*OrchestrationProvider, error) {
-
-	log.Info("NewOrchestrationProviderWithDynamicTableInfo", "msg", "New")
-	tableDef := &tableDefinition{}
-	for _, aOpt := range tableOpts {
-		aOpt(tableDef)
-	}
-
-	attrDef := tableDef.resource
-	resDef := dynamodbpolicystore.NewAttributeDefinition(attrDef.nameOrPath, attrDef.valType, attrDef.pk, attrDef.sk)
-
-	attrDef = tableDef.actions
-	actionsDef := dynamodbpolicystore.NewAttributeDefinition(attrDef.nameOrPath, attrDef.valType, attrDef.pk, attrDef.sk)
-
-	attrDef = tableDef.members
-	membersDef := dynamodbpolicystore.NewAttributeDefinition(attrDef.nameOrPath, attrDef.valType, attrDef.pk, attrDef.sk)
-
-	tableInfo, err := dynamodbpolicystore.NewDynamicTableInfo(awsPolicyStoreTableName, resDef, actionsDef, membersDef)
-	policyStoreSvc, err := dynamodbpolicystore.NewPolicyStoreSvc(tableInfo, policyStoreCredentials)
-	if err != nil {
-		log.Error("NewOrchestrationProviderWithDynamicTableInfo",
-			"msg", "failed to create dynamodbpolicystore.PolicyStoreSvc",
-			"error", err)
-		return nil, err
-	}
-
-	appInfoSvc, err := cognitoidp.NewAppInfoSvc(idpCredentials)
-	if err != nil {
-		log.Error("NewAwsApiGatewayProviderV2",
-			"msg", "failed to create cognitoidp.AppInfoSvc",
-			"error", err)
-		return nil, err
-	}
-
-	service := policyprovider.NewProviderService[resourcePolicyItem](appInfoSvc, policyStoreSvc)
-	provider := &OrchestrationProvider{
-		service: service,
-	}
-	return provider, nil
-}
-func NewOrchestrationProvider(idpCredentials []byte, policyStoreCredentials []byte) (*OrchestrationProvider, error) {
-	tableInfo, err := dynamodbpolicystore.NewSimpleTableInfo(awsPolicyStoreTableName, resourcePolicyItem{})
-	policyStoreSvc, err := dynamodbpolicystore.NewPolicyStoreSvc(tableInfo, policyStoreCredentials)
+func NewOrchestrationProvider[R rar.ResourceActionRolesMapper](aIdp apps.Idp, policyStoreOpt policy.PolicyStore[R]) (*OrchestrationProvider, error) {
+	// idpCredentials []byte, policyStoreCredentials []byte
+	//tableInfo, err := dynamodbpolicystore.NewSimpleTableInfo(awsPolicyStoreTableName, resourcePolicyItem{})
+	//policyStoreSvc, err := dynamodbpolicystore.NewPolicyStoreSvc(tableInfo, policyStoreOpt.key)
+	policyStoreSvc, err := policyStoreOpt.Provider()
 	if err != nil {
 		log.Error("NewOrchestrationProvider",
 			"msg", "failed to create dynamodbpolicystore.PolicyStoreSvc",
 			"error", err)
 		return nil, err
 	}
 
-	appInfoSvc, err := cognitoidp.NewAppInfoSvc(idpCredentials)
+	//appInfoSvc, err := cognitoidp.NewAppInfoSvc(idpOpt.key)
+	appInfoSvc, err := aIdp.Provider()
 	if err != nil {
 		log.Error("NewAwsApiGatewayProviderV2",
 			"msg", "failed to create cognitoidp.AppInfoSvc",
 			"error", err)
 		return nil, err
 	}
 
-	service := policyprovider.NewProviderService[resourcePolicyItem](appInfoSvc, policyStoreSvc)
+	service := policyprovider.NewProviderService[R](appInfoSvc, policyStoreSvc)
 	provider := &OrchestrationProvider{
 		service: service,
 	}
@@ -168,27 +50,27 @@ func (a *OrchestrationProvider) Name() string {
 	return "amazon"
 }
 
-func (a *OrchestrationProvider) DiscoverApplications(integrationInfo IntegrationInfo) ([]ApplicationInfo, error) {
-	apps, err := a.service.DiscoverApplications()
+func (a *OrchestrationProvider) DiscoverApplications(_ IntegrationInfo) ([]ApplicationInfo, error) {
+	discoveredApps, err := a.service.DiscoverApplications()
 	if err != nil {
 		return nil, err
 	}
 
 	retApps := make([]ApplicationInfo, 0)
-	for _, oneApp := range apps {
+	for _, oneApp := range discoveredApps {
 		retApps = append(retApps, toApplicationInfo(oneApp))
 	}
 
 	return retApps, nil
 
 }
 
-func (a *OrchestrationProvider) GetPolicyInfo(info IntegrationInfo, applicationInfo ApplicationInfo) ([]hexapolicy.PolicyInfo, error) {
+func (a *OrchestrationProvider) GetPolicyInfo(_ IntegrationInfo, applicationInfo ApplicationInfo) ([]hexapolicy.PolicyInfo, error) {
 	idpAppInfo := toIdpAppInfo(applicationInfo)
 	return a.service.GetPolicyInfo(idpAppInfo)
 }
 
-func (a *OrchestrationProvider) SetPolicyInfo(info IntegrationInfo, applicationInfo ApplicationInfo, policyInfos []hexapolicy.PolicyInfo) (status int, foundErr error) {
+func (a *OrchestrationProvider) SetPolicyInfo(_ IntegrationInfo, applicationInfo ApplicationInfo, policyInfos []hexapolicy.PolicyInfo) (status int, foundErr error) {
 	log.Info("SetPolicyInfo", "msg", "BEGIN",
 		"applicationInfo.ObjectID", applicationInfo.ObjectID,
 		"Name", applicationInfo.Name,

diff --git a/demo/internal/orchestrator/orchestrator_provider_test.go b/demo/internal/orchestrator/orchestrator_provider_test.go
@@ -2,24 +2,31 @@ package orchestrator_test
 
 import (
 	"github.com/hexa-org/policy-orchestrator/demo/internal/orchestrator"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/providersV2/apps/aws/providercognito"
+	"github.com/hexa-org/policy-orchestrator/demo/internal/providersV2/policy/aws/providerdynamodb"
 	"github.com/hexa-org/policy-orchestrator/demo/pkg/testsupport/awstestsupport"
 	"github.com/stretchr/testify/assert"
 	"testing"
 )
 
 func TestWithSimpleTableInfo(t *testing.T) {
 	creds := awstestsupport.AwsCredentialsForTest()
-	p, err := orchestrator.NewOrchestrationProvider(creds, creds)
+	idpOpt := providercognito.NewCognitoIdp(creds)
+	policyStore := providerdynamodb.NewSimpleItemStore("tableName", creds)
+	p, err := orchestrator.NewOrchestrationProvider(idpOpt, policyStore)
 	assert.NoError(t, err)
 	assert.NotNil(t, p)
 }
 
 func TestDynamicTableInfo(t *testing.T) {
 	creds := awstestsupport.AwsCredentialsForTest()
-	resOpt := orchestrator.WithResourceAttrDefinition("ResourceX", "string", true, false)
-	actionsOpt := orchestrator.WithActionsAttrDefinition("ActionsX", "string", false, true)
-	membersOpt := orchestrator.WithMembersAttrDefinition("MembersX", "string")
-	p, err := orchestrator.NewOrchestrationProviderWithDynamicTableInfo(creds, creds, resOpt, actionsOpt, membersOpt)
+	idpOpt := providercognito.NewCognitoIdp(creds)
+	resAttrDef := providerdynamodb.NewAttributeDefinition("ResourceX", "string", true, false)
+	actionsAttrDef := providerdynamodb.NewAttributeDefinition("ActionsX", "string", false, true)
+	membersDef := providerdynamodb.NewAttributeDefinition("MembersX", "string", false, false)
+	tableDef := providerdynamodb.NewTableDefinition(resAttrDef, actionsAttrDef, membersDef)
+	policyStore := providerdynamodb.NewDynamicItemStore(providerdynamodb.AwsPolicyStoreTableName, creds, tableDef)
+	p, err := orchestrator.NewOrchestrationProvider(idpOpt, policyStore)
 	assert.NoError(t, err)
 	assert.NotNil(t, p)
 }
diff --git a/demo/internal/providersV2/apps/aws/providercognito/provider.go b/demo/internal/providersV2/apps/aws/providercognito/provider.go
@@ -0,0 +1,20 @@
+package providercognito
+
+import (
+	"github.com/hexa-org/policy-orchestrator/demo/internal/providersV2/apps"
+	"github.com/hexa-org/policy-orchestrator/sdk/core/idp"
+	"github.com/hexa-org/policy-orchestrator/sdk/provideraws/cognitoidp"
+)
+
+type cognitoIdp struct {
+	name string
+	key  []byte
+}
+
+func NewCognitoIdp(key []byte) apps.Idp {
+	return &cognitoIdp{key: key}
+}
+
+func (c *cognitoIdp) Provider() (idp.AppInfoSvc, error) {
+	return cognitoidp.NewAppInfoSvc(c.key)
+}
diff --git a/demo/internal/providersV2/apps/provider.go b/demo/internal/providersV2/apps/provider.go
@@ -0,0 +1,7 @@
+package apps
+
+import "github.com/hexa-org/policy-orchestrator/sdk/core/idp"
+
+type Idp interface {
+	Provider() (idp.AppInfoSvc, error)
+}