Add idprefix validation (#260)

* add idprefix validation Signed-off-by: Bailin He <[email protected]> * fix teests Signed-off-by: Bailin He <[email protected]> * apply review suggestions Signed-off-by: Bailin He <[email protected]> --------- Signed-off-by: Bailin He <[email protected]>
infratographer · Jun 6, 2024 · 53c0413 · 53c0413
1 parent ad02a3f
commit 53c0413
Show file tree

Hide file tree

Showing 2 changed files with 49 additions and 15 deletions.
diff --git a/internal/iapl/policy.go b/internal/iapl/policy.go
@@ -11,6 +11,7 @@ import (
 
 	"go.infratographer.com/permissions-api/internal/types"
 
+	"go.infratographer.com/x/gidx"
 	"gopkg.in/yaml.v3"
 )
 
@@ -231,7 +232,6 @@ func LoadPolicyDocumentFromDirectory(directoryPath string) (PolicyDocument, erro
 
 		return nil
 	})
-
 	if err != nil {
 		return PolicyDocument{}, err
 	}
@@ -287,6 +287,10 @@ func (v *policy) validateUnions() error {
 
 func (v *policy) validateResourceTypes() error {
 	for _, resourceType := range v.rt {
+		if _, err := gidx.NewID(resourceType.IDPrefix); err != nil {
+			return fmt.Errorf("%w: %s", err, resourceType.Name)
+		}
+
 		for _, rel := range resourceType.Relationships {
 			for _, tt := range rel.TargetTypes {
 				if _, ok := v.rt[tt.Name]; !ok {

diff --git a/internal/iapl/policy_test.go b/internal/iapl/policy_test.go
@@ -5,6 +5,7 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/require"
+	"go.infratographer.com/x/gidx"
 
 	"go.infratographer.com/permissions-api/internal/testingx"
 	"go.infratographer.com/permissions-api/internal/types"
@@ -19,7 +20,8 @@ func TestPolicy(t *testing.T) {
 			Input: PolicyDocument{
 				ResourceTypes: []ResourceType{
 					{
-						Name: "foo",
+						Name:     "foo",
+						IDPrefix: "permfoo",
 					},
 				},
 				Unions: []Union{
@@ -35,6 +37,21 @@ func TestPolicy(t *testing.T) {
 				require.ErrorIs(t, res.Err, ErrorTypeExists)
 			},
 		},
+		{
+			Name: "Invalid prefix ID",
+			Input: PolicyDocument{
+				ResourceTypes: []ResourceType{
+					{
+						Name:     "foo",
+						IDPrefix: "fooooooooooooooooooooo",
+					},
+				},
+			},
+			CheckFn: func(_ context.Context, t *testing.T, res testingx.TestResult[Policy]) {
+				require.Error(t, res.Err)
+				require.ErrorContains(t, res.Err, (&gidx.ErrInvalidID{}).Error())
+			},
+		},
 		{
 			Name: "UnknownTypeInUnion",
 			Input: PolicyDocument{
@@ -61,7 +78,8 @@ func TestPolicy(t *testing.T) {
 			Input: PolicyDocument{
 				ResourceTypes: []ResourceType{
 					{
-						Name: "foo",
+						Name:     "foo",
+						IDPrefix: "permfoo",
 					},
 				},
 				Unions: []Union{
@@ -82,7 +100,8 @@ func TestPolicy(t *testing.T) {
 			Input: PolicyDocument{
 				ResourceTypes: []ResourceType{
 					{
-						Name: "foo",
+						Name:     "foo",
+						IDPrefix: "permfoo",
 						Relationships: []Relationship{
 							{
 								Relation: "bar",
@@ -103,7 +122,8 @@ func TestPolicy(t *testing.T) {
 			Input: PolicyDocument{
 				ResourceTypes: []ResourceType{
 					{
-						Name: "foo",
+						Name:     "foo",
+						IDPrefix: "permfoo",
 						Relationships: []Relationship{
 							{
 								Relation: "bar",
@@ -135,7 +155,8 @@ func TestPolicy(t *testing.T) {
 			Input: PolicyDocument{
 				ResourceTypes: []ResourceType{
 					{
-						Name: "foo",
+						Name:     "foo",
+						IDPrefix: "permfoo",
 						Relationships: []Relationship{
 							{
 								Relation: "bar",
@@ -175,7 +196,8 @@ func TestPolicy(t *testing.T) {
 			Input: PolicyDocument{
 				ResourceTypes: []ResourceType{
 					{
-						Name: "foo",
+						Name:     "foo",
+						IDPrefix: "permfoo",
 					},
 				},
 				Actions: []Action{
@@ -207,7 +229,8 @@ func TestPolicy(t *testing.T) {
 			Input: PolicyDocument{
 				ResourceTypes: []ResourceType{
 					{
-						Name: "foo",
+						Name:     "foo",
+						IDPrefix: "permfoo",
 						Relationships: []Relationship{
 							{
 								Relation: "bar",
@@ -218,7 +241,8 @@ func TestPolicy(t *testing.T) {
 						},
 					},
 					{
-						Name: "baz",
+						Name:     "baz",
+						IDPrefix: "permbaz",
 					},
 				},
 				Unions: []Union{
@@ -259,7 +283,8 @@ func TestPolicy(t *testing.T) {
 			Input: PolicyDocument{
 				ResourceTypes: []ResourceType{
 					{
-						Name: "foo",
+						Name:     "foo",
+						IDPrefix: "permfoo",
 						Relationships: []Relationship{
 							{
 								Relation: "bar",
@@ -270,7 +295,8 @@ func TestPolicy(t *testing.T) {
 						},
 					},
 					{
-						Name: "baz",
+						Name:     "baz",
+						IDPrefix: "permbaz",
 						Relationships: []Relationship{
 							{
 								Relation: "bar",
@@ -319,7 +345,8 @@ func TestPolicy(t *testing.T) {
 			Input: PolicyDocument{
 				ResourceTypes: []ResourceType{
 					{
-						Name: "foo",
+						Name:     "foo",
+						IDPrefix: "permfoo",
 						Relationships: []Relationship{
 							{
 								Relation: "bar",
@@ -330,7 +357,8 @@ func TestPolicy(t *testing.T) {
 						},
 					},
 					{
-						Name: "baz",
+						Name:     "baz",
+						IDPrefix: "permbaz",
 						Relationships: []Relationship{
 							{
 								Relation: "bar",
@@ -379,7 +407,8 @@ func TestPolicy(t *testing.T) {
 			Input: PolicyDocument{
 				ResourceTypes: []ResourceType{
 					{
-						Name: "foo",
+						Name:     "foo",
+						IDPrefix: "permfoo",
 					},
 					{
 						Name:     "rolev2",
@@ -428,7 +457,8 @@ func TestPolicy(t *testing.T) {
 				},
 				ResourceTypes: []ResourceType{
 					{
-						Name: "tenant",
+						Name:     "tenant",
+						IDPrefix: "tnntten",
 					},
 					{
 						Name:     "user",