From e0166236018940208eaf7e4de81cb863bfba12bb Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio <juan.osoriorobles@eu.equinix.com>
Date: Tue, 11 Apr 2023 16:50:39 +0300
Subject: [PATCH] allow API: Make resource optional

Signed-off-by: Juan Antonio Osorio <juan.osoriorobles@eu.equinix.com>
---
 internal/api/permissions.go | 27 ++++++++++++++-------------
 openapi-v1.yaml             | 10 +++++-----
 2 files changed, 19 insertions(+), 18 deletions(-)

diff --git a/internal/api/permissions.go b/internal/api/permissions.go
index c5a8eac3..b54d70f5 100644
--- a/internal/api/permissions.go
+++ b/internal/api/permissions.go
@@ -20,20 +20,16 @@ import (
 // contain the subject of the request in the "sub" claim.
 //
 // The following query parameters are required:
-// - resource: the resource URN to check
 // - tenant: the tenant URN to check
 // - action: the action to check
+//
+// The following query parameters are optional:
+// - resource: the resource URN to check
 func (r *Router) checkAction(c *gin.Context) {
 	ctx, span := tracer.Start(c.Request.Context(), "api.checkAction")
 	defer span.End()
 
 	// Get the query parameters. These are mandatory.
-	resourceURNStr, hasQuery := c.GetQuery("resource")
-	if !hasQuery {
-		c.JSON(http.StatusBadRequest, gin.H{"message": "missing resource query parameter"})
-		return
-	}
-
 	tenantURNStr, hasQuery := c.GetQuery("tenant")
 	if !hasQuery {
 		c.JSON(http.StatusBadRequest, gin.H{"message": "missing tenant query parameter"})
@@ -46,15 +42,12 @@ func (r *Router) checkAction(c *gin.Context) {
 		return
 	}
 
+	// Optional query parameters
+	resourceURNStr, hasResourceParam := c.GetQuery("resource")
+
 	// Query parameter validation
 	// Note that we currently only check the tenant as a scope. The
 	// resource is not checked as of yet.
-	_, err := urnx.Parse(resourceURNStr)
-	if err != nil {
-		c.JSON(http.StatusBadRequest, gin.H{"message": "error processing resource URN", "error": err.Error()})
-		return
-	}
-
 	tenantURN, err := urnx.Parse(tenantURNStr)
 	if err != nil {
 		c.JSON(http.StatusBadRequest, gin.H{"message": "error processing tenant URN", "error": err.Error()})
@@ -67,6 +60,14 @@ func (r *Router) checkAction(c *gin.Context) {
 		return
 	}
 
+	if hasResourceParam {
+		_, err := urnx.Parse(resourceURNStr)
+		if err != nil {
+			c.JSON(http.StatusBadRequest, gin.H{"message": "error processing resource URN", "error": err.Error()})
+			return
+		}
+	}
+
 	// Subject validation
 	subject, err := currentSubject(c)
 	if err != nil {
diff --git a/openapi-v1.yaml b/openapi-v1.yaml
index a4bffeff..f7c326a2 100644
--- a/openapi-v1.yaml
+++ b/openapi-v1.yaml
@@ -58,15 +58,15 @@ components:
       required: true
       schema:
         type: string
-    resourceParam:
+    actionParam:
       in: query
-      name: resource
+      name: action
       required: true
       schema:
         type: string
-    actionParam:
+    resourceParam:
       in: query
-      name: action
-      required: true
+      name: resource
+      required: false
       schema:
         type: string