fix: enabling few report apis to be invoked internally without tokens

82c281de · Keshav Prasad · 9cb8d58e · 82c281de · 82c281de
Commit 82c281de authored 2 years ago by Keshav Prasad
Hide whitespace changes
Inline Side-by-side

Showing

with 92 additions and 0 deletions
+92 -0
--- a/kubernetes/opa/report/policies.rego
+++ b/kubernetes/opa/report/policies.rego
@@ -22,6 +22,10 @@ getReport {
  super.role_check(roles)
 }
+getReport {
+  super.is_an_internal_request
+}
 listReports {
  acls := ["listReports"]
  roles := ["REPORT_ADMIN", "REPORT_VIEWER", "ORG_ADMIN"]
@@ -37,6 +41,10 @@ createReport {
  input.parsed_body.request.report.createdby == super.userid
 }
+createReport {
+  super.is_an_internal_request
+}
 deleteReport {
  acls := ["deleteReport"]
  roles := ["REPORT_ADMIN", "ORG_ADMIN"]
@@ -51,6 +59,10 @@ updateReport {
  super.role_check(roles)
 }
+updateReport {
+  super.is_an_internal_request
+}
 publishReport {
  acls := ["publishReport"]
  roles := ["REPORT_ADMIN", "ORG_ADMIN"]

--- a/kubernetes/opa/report/policies_test.rego
+++ b/kubernetes/opa/report/policies_test.rego
@@ -26,6 +26,24 @@ test_get_report {
    }
 }
+test_get_report_internal_request {
+    data.main.allow.allowed
+    with data.common.current_time as current_time
+    with data.common.iss as iss
+    with input as
+    {
+      "attributes": {
+        "request": {
+          "http": {
+            "headers": {},
+            "path": "/report/get/1656a060-bf3a-11ec-b495-9fb99cdeb463",
+            "host": "1.2.3.4"
+          }
+        }
+      }
+    }
+}
 test_list_reports {
    data.main.allow.allowed
    with data.common.current_time as current_time
@@ -90,6 +108,45 @@ test_create_report {
    }
 }
+test_create_report_internal_request {
+    data.main.allow.allowed
+    with data.common.current_time as current_time
+    with data.common.iss as iss
+    with input as
+    {
+      "attributes": {
+        "request": {
+          "http": {
+            "headers": {},
+            "path": "/report/create",
+            "host": "1.2.3.4"
+          }
+        }
+      },
+      "parsed_body": {
+        "request": {
+          "report": {
+            "title": "string",
+            "description": "string",
+            "authorizedroles": ["string"],
+            "status": "string",
+            "type": "string",
+            "createdby": "28b0d08f-c2ea-40d1-bcd0-8ae00fca66be",
+            "reportconfig": {
+              "id": "string",
+              "label": "string",
+              "title": "string",
+              "description": "string",
+            },
+            "slug": "string",
+            "reportgenerateddate": "string",
+            "updatefrequency": "string"
+          }
+        }
+      }
+    }
+}
 test_delete_report {
    data.main.allow.allowed
    with data.common.current_time as current_time
@@ -133,6 +190,29 @@ test_update_report {
    }
 }
+test_update_report_internal_request {
+    data.main.allow.allowed
+    with data.common.current_time as current_time
+    with data.common.iss as iss
+    with input as
+    {
+      "attributes": {
+        "request": {
+          "http": {
+            "headers": {},
+            "path": "/report/update",
+            "host": "1.2.3.4"
+          }
+        }
+      },
+      "parsed_body": {
+        "request": {
+          "report": {}
+        }
+      }
+    }
+}
 test_publish_report {
    data.main.allow.allowed
    with data.common.current_time as current_time