Skip to content

Commit

Permalink
feat(policy)!: remove exposed sensitive data (#138)
Browse files Browse the repository at this point in the history
* feat(policy): remove exposed sensitive data

* fix: update flow and test

* chore: remove config on list policies

---------

Co-authored-by: Muhammad Idil Haq Amir <[email protected]>
  • Loading branch information
idilhaq and Muhammad Idil Haq Amir authored Mar 25, 2024
1 parent a2376bb commit 526673b
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 44 deletions.
2 changes: 2 additions & 0 deletions api/handler/v1beta1/policy.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ func (s *GRPCServer) ListPolicies(ctx context.Context, req *guardianv1beta1.List

policyProtos := []*guardianv1beta1.Policy{}
for _, p := range policies {
p.IAM.Config = nil
policyProto, err := s.adapter.ToPolicyProto(p)
if err != nil {
return nil, s.internalError(ctx, "failed to parse policy %v: %v", p.ID, err)
Expand All @@ -41,6 +42,7 @@ func (s *GRPCServer) GetPolicy(ctx context.Context, req *guardianv1beta1.GetPoli
}
}

p.IAM.Config = nil
policyProto, err := s.adapter.ToPolicyProto(p)
if err != nil {
return nil, s.internalError(ctx, "failed to parse policy: %v", err)
Expand Down
55 changes: 11 additions & 44 deletions api/handler/v1beta1/policy_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,15 +19,24 @@ func (s *GrpcHandlersSuite) TestListPolicies() {
s.Run("should return list of policies on success", func() {
s.setup()

expectedIAMConfig, _ := structpb.NewValue(nil)
expectedResponse := &guardianv1beta1.ListPoliciesResponse{
Policies: []*guardianv1beta1.Policy{
{
Id: "test-policy",
Iam: &guardianv1beta1.Policy_IAM{
Config: expectedIAMConfig,
},
},
},
}
dummyPolicies := []*domain.Policy{
{ID: "test-policy"},
{
ID: "test-policy",
IAM: &domain.IAMConfig{
Config: map[string]interface{}{"foo": "bar"},
},
},
}
s.policyService.EXPECT().Find(mock.MatchedBy(func(ctx context.Context) bool { return true })).Return(dummyPolicies, nil).Once()

Expand All @@ -52,27 +61,6 @@ func (s *GrpcHandlersSuite) TestListPolicies() {
s.Nil(res)
s.policyService.AssertExpectations(s.T())
})

s.Run("should return internal error if there's an error when parsing policy", func() {
s.setup()

dummyPolicies := []*domain.Policy{
{
ID: "test-policy",
IAM: &domain.IAMConfig{
Config: make(chan int), // invalid json
},
},
}
s.policyService.EXPECT().Find(mock.MatchedBy(func(ctx context.Context) bool { return true })).Return(dummyPolicies, nil).Once()

req := &guardianv1beta1.ListPoliciesRequest{}
res, err := s.grpcServer.ListPolicies(context.Background(), req)

s.Equal(codes.Internal, status.Code(err))
s.Nil(res)
s.policyService.AssertExpectations(s.T())
})
}

func (s *GrpcHandlersSuite) TestGetPolicy() {
Expand Down Expand Up @@ -126,7 +114,7 @@ func (s *GrpcHandlersSuite) TestGetPolicy() {
CreatedAt: timeNow,
UpdatedAt: timeNow,
}
expectedIAMConfig, err := structpb.NewValue(dummyPolicy.IAM.Config)
expectedIAMConfig, err := structpb.NewValue(nil)
s.Require().NoError(err)
expectedResponse := &guardianv1beta1.GetPolicyResponse{
Policy: &guardianv1beta1.Policy{
Expand Down Expand Up @@ -218,27 +206,6 @@ func (s *GrpcHandlersSuite) TestGetPolicy() {
s.Nil(res)
s.policyService.AssertExpectations(s.T())
})

s.Run("should return internal error if there's an error when parsing policy", func() {
s.setup()

dummyPolicy := &domain.Policy{

ID: "test-policy",
IAM: &domain.IAMConfig{
Config: make(chan int), // invalid json
},
}
s.policyService.EXPECT().GetOne(mock.MatchedBy(func(ctx context.Context) bool { return true }), mock.AnythingOfType("string"), mock.AnythingOfType("uint")).
Return(dummyPolicy, nil).Once()

req := &guardianv1beta1.GetPolicyRequest{}
res, err := s.grpcServer.GetPolicy(context.Background(), req)

s.Equal(codes.Internal, status.Code(err))
s.Nil(res)
s.policyService.AssertExpectations(s.T())
})
}

func (s *GrpcHandlersSuite) TestCreatePolicy() {
Expand Down

0 comments on commit 526673b

Please sign in to comment.