Skip to content

fix(policy): enhance proto validation across policy requests #1656

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jakedoublev merged 28 commits into from
Nov 4, 2024
Merged

fix(policy): enhance proto validation across policy requests #1656

Show file tree
Hide file tree
Changes from 13 commits
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
69c5727
fix(policy): enhance proto validation across policy requests
jakedoublev Oct 16, 2024
430cde5
custom validator
jakedoublev Oct 16, 2024
bb95739
require UUID for flags with required ID fields
jakedoublev Oct 16, 2024
7bd6a48
finish validations
jakedoublev Oct 16, 2024
ffacbd2
fix protovalidate tests
jakedoublev Oct 16, 2024
1d76720
assert no error
jakedoublev Oct 16, 2024
1ca4867
allow http as valid URI scheme in protos uri_format validation
jakedoublev Oct 16, 2024
dfdf7b7
expand attributes protovalidation tests
jakedoublev Oct 16, 2024
9fbcdb1
fix patch-style KASR update and add tests for protovalidate
jakedoublev Oct 16, 2024
92e22e0
namespace tests
jakedoublev Oct 16, 2024
fe3419b
new resource mapping tests
jakedoublev Oct 16, 2024
ebe742b
subject mapping create/update tests
jakedoublev Oct 16, 2024
b879ef9
improve SM test
jakedoublev Oct 16, 2024
a731d94
required/optional comments throughout
jakedoublev Oct 17, 2024
1c1cc78
gencode from comment fix
jakedoublev Oct 17, 2024
1a87617
unit test cleanup
jakedoublev Oct 17, 2024
51a54f0
move some tested attribute errors to variables
jakedoublev Oct 17, 2024
e74e081
add some contains checks to resource mappings unit tests
jakedoublev Oct 17, 2024
1db44ea
cleanup
jakedoublev Oct 17, 2024
fd0a27e
fix tests
jakedoublev Oct 17, 2024
17176d5
Update service/policy/kasregistry/key_access_server_registry.proto
jakedoublev Oct 25, 2024
42473ff
Update service/policy/kasregistry/key_access_server_registry.proto
jakedoublev Oct 25, 2024
0fff937
Update service/policy/kasregistry/key_access_server_registry.proto
jakedoublev Oct 25, 2024
fd94dd5
updated protos
jakedoublev Oct 25, 2024
a3ab1b3
fix tests
jakedoublev Oct 25, 2024
05ce6f2
Merge branch 'main' into fix/protovalidate
jakedoublev Oct 25, 2024
3ae12c9
Merge branch 'main' into fix/protovalidate
jakedoublev Nov 4, 2024
78ad031
fix proto field index
jakedoublev Nov 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion docs/grpc/index.html
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 1 addition & 4 deletions docs/openapi/policy/resourcemapping/resource_mapping.swagger.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

834 changes: 419 additions & 415 deletions protocol/go/policy/attributes/attributes.pb.go
View file
Open in desktop

Large diffs are not rendered by default.

431 changes: 259 additions & 172 deletions protocol/go/policy/kasregistry/key_access_server_registry.pb.go
View file
Open in desktop

Large diffs are not rendered by default.

412 changes: 207 additions & 205 deletions protocol/go/policy/namespaces/namespaces.pb.go
View file
Open in desktop

Large diffs are not rendered by default.

206 changes: 103 additions & 103 deletions protocol/go/policy/objects.pb.go
View file
Open in desktop

Large diffs are not rendered by default.

709 changes: 386 additions & 323 deletions protocol/go/policy/resourcemapping/resource_mapping.pb.go
View file
Open in desktop

Large diffs are not rendered by default.

589 changes: 306 additions & 283 deletions protocol/go/policy/subjectmapping/subject_mapping.pb.go
View file
Open in desktop

Large diffs are not rendered by default.

495 changes: 248 additions & 247 deletions protocol/go/policy/unsafe/unsafe.pb.go
View file
Open in desktop

Large diffs are not rendered by default.

52 changes: 39 additions & 13 deletions service/policy/attributes/attributes.proto
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,13 +13,21 @@ import "policy/selectors.proto";
*/

message AttributeKeyAccessServer {
string attribute_id = 1;
string key_access_server_id = 2;
string attribute_id = 1 [
(buf.validate.field).string.uuid = true
];
string key_access_server_id = 2 [
(buf.validate.field).string.uuid = true
];
}

message ValueKeyAccessServer {
string value_id = 1;
string key_access_server_id = 2;
string value_id = 1 [
(buf.validate.field).string.uuid = true
];
string key_access_server_id = 2 [
(buf.validate.field).string.uuid = true
];
}

/*
Expand All @@ -37,15 +45,19 @@ message ListAttributesResponse {
}

message GetAttributeRequest {
string id = 1 [(buf.validate.field).required = true];
string id = 1 [
(buf.validate.field).string.uuid = true
];
}
message GetAttributeResponse {
policy.Attribute attribute = 1;
}

message CreateAttributeRequest {
// Required
string namespace_id = 1 [(buf.validate.field).required = true];
string namespace_id = 1 [
(buf.validate.field).string.uuid = true
];
string name = 2 [
(buf.validate.field).required = true,
(buf.validate.field).string.max_len = 253,
Expand Down Expand Up @@ -84,7 +96,9 @@ message CreateAttributeResponse {

message UpdateAttributeRequest {
// Required
string id = 1 [(buf.validate.field).required = true];
string id = 1 [
(buf.validate.field).string.uuid = true
];

// Optional
common.MetadataMutable metadata = 100;
Expand All @@ -95,7 +109,9 @@ message UpdateAttributeResponse {
}

message DeactivateAttributeRequest {
string id = 1 [(buf.validate.field).required = true];
string id = 1 [
(buf.validate.field).string.uuid = true
];
}
message DeactivateAttributeResponse {
policy.Attribute attribute = 1;
Expand All @@ -105,14 +121,18 @@ message DeactivateAttributeResponse {
/// Value RPC messages
///
message GetAttributeValueRequest {
string id = 1 [(buf.validate.field).required = true];
string id = 1 [
(buf.validate.field).string.uuid = true
];
}
message GetAttributeValueResponse {
policy.Value value = 1;
}

message ListAttributeValuesRequest {
string attribute_id = 1 [(buf.validate.field).required = true];
string attribute_id = 1 [
(buf.validate.field).string.uuid = true
];
// ACTIVE by default when not specified
common.ActiveStateEnum state = 2;
}
Expand All @@ -122,7 +142,9 @@ message ListAttributeValuesResponse {

message CreateAttributeValueRequest {
// Required
string attribute_id = 1 [(buf.validate.field).required = true];
string attribute_id = 1 [
(buf.validate.field).string.uuid = true
];
string value = 2 [
(buf.validate.field).required = true,
(buf.validate.field).string.max_len = 253,
Expand All @@ -145,7 +167,9 @@ message CreateAttributeValueResponse {
}

message UpdateAttributeValueRequest {
string id = 1 [(buf.validate.field).required = true];
string id = 1 [
(buf.validate.field).string.uuid = true
];

// Deprecated
reserved "members";
Expand All @@ -160,7 +184,9 @@ message UpdateAttributeValueResponse {
}

message DeactivateAttributeValueRequest {
string id = 1 [(buf.validate.field).required = true];
string id = 1 [
(buf.validate.field).string.uuid = true
];
}
message DeactivateAttributeValueResponse {
policy.Value value = 1;
Expand Down
177 changes: 175 additions & 2 deletions service/policy/attributes/attributes_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -121,7 +121,7 @@ func TestCreateAttribute_NamespaceIdMissing_Fails(t *testing.T) {

require.Error(t, err)
require.Contains(t, err.Error(), "namespace_id")
require.Contains(t, err.Error(), "[required]")
require.Contains(t, err.Error(), "[string.uuid_empty]")
}

func TestCreateAttribute_RuleMissing_Fails(t *testing.T) {
Expand Down Expand Up @@ -187,6 +187,86 @@ func TestCreateAttribute_ValueInvalid_Fails(t *testing.T) {
require.Contains(t, err.Error(), "[string.pattern]")
}

func TestAttributeKeyAccessServer_Succeeds(t *testing.T) {
validAttrKAS := &attributes.AttributeKeyAccessServer{
AttributeId: validUUID,
KeyAccessServerId: validUUID,
}

err := getValidator().Validate(validAttrKAS)
require.NoError(t, err)
}

func TestAttributeKeyAccessServer_Fails(t *testing.T) {
bad := []struct {
attrID string
kasID string
}{
{
"",
validUUID,
},
{
validUUID,
"",
},
{
"",
"",
},
{},
}

for _, test := range bad {
invalidAttrKAS := &attributes.AttributeKeyAccessServer{
AttributeId: test.attrID,
KeyAccessServerId: test.kasID,
}
err := getValidator().Validate(invalidAttrKAS)
require.Error(t, err)
require.Contains(t, err.Error(), "string.uuid")
}
}

func TestGetAttributeRequest(t *testing.T) {
req := &attributes.GetAttributeRequest{}
err := getValidator().Validate(req)
require.Error(t, err)
require.Contains(t, err.Error(), "string.uuid")

req = &attributes.GetAttributeRequest{
Id: validUUID,
}
err = getValidator().Validate(req)
require.NoError(t, err)
}

func TestUpdateAttributeRequest(t *testing.T) {
req := &attributes.UpdateAttributeRequest{}
err := getValidator().Validate(req)
require.Error(t, err)
require.Contains(t, err.Error(), "string.uuid")

req = &attributes.UpdateAttributeRequest{
Id: validUUID,
}
err = getValidator().Validate(req)
require.NoError(t, err)
}

func TestDeactivateAttributeRequest(t *testing.T) {
req := &attributes.DeactivateAttributeRequest{}
err := getValidator().Validate(req)
require.Error(t, err)
require.Contains(t, err.Error(), "string.uuid")

req = &attributes.DeactivateAttributeRequest{
Id: validUUID,
}
err = getValidator().Validate(req)
require.NoError(t, err)
}

// Create Attribute Values

func TestCreateAttributeValue_Valid_Succeeds(t *testing.T) {
Expand Down Expand Up @@ -259,7 +339,7 @@ func TestCreateAttributeValue_AttributeIdMissing_Fails(t *testing.T) {

require.Error(t, err)
require.Contains(t, err.Error(), "attribute_id")
require.Contains(t, err.Error(), "[required]")
require.Contains(t, err.Error(), "[string.uuid_empty]")
}

func TestCreateAttributeValue_ValueMissing_Fails(t *testing.T) {
Expand All @@ -274,3 +354,96 @@ func TestCreateAttributeValue_ValueMissing_Fails(t *testing.T) {
require.Contains(t, err.Error(), "value")
require.Contains(t, err.Error(), "[required]")
}

func TestValueKeyAccessServer_Succeeds(t *testing.T) {
validValueKAS := &attributes.ValueKeyAccessServer{
ValueId: validUUID,
KeyAccessServerId: validUUID,
}

err := getValidator().Validate(validValueKAS)
require.NoError(t, err)
}

func TestValueKeyAccessServer_Fails(t *testing.T) {
bad := []struct {
valID string
kasID string
}{
{
"",
validUUID,
},
{
validUUID,
"",
},
{
"",
"",
},
{},
}

for _, test := range bad {
invalidValKAS := &attributes.ValueKeyAccessServer{
ValueId: test.valID,
KeyAccessServerId: test.kasID,
}
err := getValidator().Validate(invalidValKAS)
require.Error(t, err)
require.Contains(t, err.Error(), "string.uuid")
}
}

func TestGetAttributeValueRequest(t *testing.T) {
req := &attributes.GetAttributeValueRequest{}
err := getValidator().Validate(req)
require.Error(t, err)
require.Contains(t, err.Error(), "string.uuid")

req = &attributes.GetAttributeValueRequest{
Id: validUUID,
}
err = getValidator().Validate(req)
require.NoError(t, err)
}

func TestListAttributeValuesRequest(t *testing.T) {
req := &attributes.ListAttributeValuesRequest{}
err := getValidator().Validate(req)
require.Error(t, err)
require.Contains(t, err.Error(), "string.uuid")

req = &attributes.ListAttributeValuesRequest{
AttributeId: validUUID,
}
err = getValidator().Validate(req)
require.NoError(t, err)
}

func TestUpdateAttributeValueRequest(t *testing.T) {
req := &attributes.UpdateAttributeValueRequest{}
err := getValidator().Validate(req)
require.Error(t, err)
require.Contains(t, err.Error(), "string.uuid")

req = &attributes.UpdateAttributeValueRequest{
Id: validUUID,
}
err = getValidator().Validate(req)
require.NoError(t, err)
}

func TestDeactivateAttributeValueRequest(t *testing.T) {
req := &attributes.DeactivateAttributeValueRequest{}
err := getValidator().Validate(req)
require.Error(t, err)
require.Contains(t, err.Error(), "string.uuid")

req = &attributes.DeactivateAttributeValueRequest{
Id: validUUID,
}
err = getValidator().Validate(req)
require.NoError(t, err)
}
Loading