Youngestdev commented 2 years ago

Goal

The TinyDB database is used to add persistence and enable the API to track changes made to the policy stored as a JSON file.

Commits and changes

Workings.

Create a policy

A policy is created by sending a request to the API:

$ curl -X 'POST' \
  'http://127.0.0.1:8000/policy/save' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{
  "name": "auth",
  "rules": [
    [
      {
        "command": "input_prop_equals",
        "properties": {
          "input_property": "request_path",
          "value": [
            "v1",
            "collections",
            "*"
          ]
        }
      },
      {
        "command": "input_prop_in",
        "properties": {
          "input_property": "company",
          "datasource_name": "items",
          "datasource_loop_variable": "name"
        }
      },
      {
        "command": "input_prop_equals",
        "properties": {
          "input_property": "request_method",
          "value": "GET"
        }
      }
    ],
    [
      {
        "command": "input_prop_equals",
        "properties": {
          "input_property": "request_path",
          "value": [
            "v1",
            "collections"
          ]
        }
      },
      {
        "command": "input_prop_equals",
        "properties": {
          "input_property": "request_path",
          "value": [
            "v1",
            "collections",
            "lakes"
          ]
        }
      }
    ],
    [
      {
        "command": "input_prop_equals",
        "properties": {
          "input_property": "request_path",
          "value": [
            "v1",
            "collections",
            "*"
          ]
        }
      },
      {
        "command": "input_prop_equals",
        "properties": {
          "input_property": "company",
          "value": "geobeyond"
        }
      },
      {
        "command": "input_prop_in_as",
        "properties": {
          "datasource_name": "items",
          "datasource_loop_variables": [
            "name",
            "everyone"
          ],
          "input_properties": [
            "preferred_username",
            "groupname"
          ]
        }
      }
    ]
  ]
}'

The request above creates a policy stored in the database and then published to the repository.

Update policy

The fields to be changed are updated to update a policy, and another request is sent to the UPDATE route. The rego file is updated and then published to the GitHub repository. See:

$ curl -X 'PUT' \
  'http://127.0.0.1:8000/policy/auth' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{
  "rules": [
    [
      {
        "command": "input_prop_equals",
        "properties": {
          "input_property": "request_path",
          "value": [
            "v1",
            "collections",
            "*"
          ]
        }
      },
      {
        "command": "input_prop_in",
        "properties": {
          "input_property": "company",
          "datasource_name": "items",
          "datasource_loop_variable": "name"
        }
      },
      {
        "command": "input_prop_equals",
        "properties": {
          "input_property": "request_method",
          "value": "GET"
        }
      }
    ],
    [
      {
        "command": "input_prop_equals",
        "properties": {
          "input_property": "request_path",
          "value": [
            "v1",
            "collections"
          ]
        }
      },
      {
        "command": "input_prop_equals",
        "properties": {
          "input_property": "request_path",
          "value": [
            "v1",
            "collections",
            "lakes"
          ]
        }
      }
    ],
    [
      {
        "command": "input_prop_equals",
        "properties": {
          "input_property": "request_path",
          "value": [
            "v1",
            "collections",
            "*"
          ]
        }
      },
      {
        "command": "input_prop_equals",
        "properties": {
          "input_property": "company",
          "value": "fastgeoapi"
        }
      }
    ]
  ]
}'

A successful response is returned to confirm the operation status:

{
  "status": 200,
  "message": "Updated successfully"
}

The repo has been updated as well - Updated file

Retrieve policy

To retrieve a policy, a request is sent to the /policy/{name_of_ploicy} route:

$ curl -X 'GET' \
  'http://127.0.0.1:8000/policy/auth' \
  -H 'accept: application/json'

If the policy exists, it is returned otherwise, null is returned:

{
  "name": "auth",
  "rules": [
    [
      {
        "command": "input_prop_equals",
        "properties": {
          "input_property": "request_path",
          "value": [
            "v1",
            "collections",
            "*"
          ]
        }
      },
      {
        "command": "input_prop_in",
        "properties": {
          "input_property": "company",
          "datasource_name": "items",
          "datasource_loop_variable": "name"
        }
      },
      {
        "command": "input_prop_equals",
        "properties": {
          "input_property": "request_method",
          "value": "GET"
        }
      }
    ],
    [
      {
        "command": "input_prop_equals",
        "properties": {
          "input_property": "request_path",
          "value": [
            "v1",
            "collections"
          ]
        }
      },
      {
        "command": "input_prop_equals",
        "properties": {
          "input_property": "request_path",
          "value": [
            "v1",
            "collections",
            "lakes"
          ]
        }
      }
    ],
    [
      {
        "command": "input_prop_equals",
        "properties": {
          "input_property": "request_path",
          "value": [
            "v1",
            "collections",
            "*"
          ]
        }
      },
      {
        "command": "input_prop_equals",
        "properties": {
          "input_property": "company",
          "value": "fastgeoapi"
        }
      }
    ]
  ]
}

Delete a policy

A request is sent to /policy/{name}:

$ curl -X 'DELETE' \
  'http://127.0.0.1:8000/policy/auth' \
  -H 'accept: application/json'

A successful response returns the state of the request:

{
  "status": 200,
  "message": "Policy deleted successfully."
}

Todo

Update the DELETE route to remove the policy from the repository.

francbartoli commented 2 years ago

I see this has been already merged but it looks like the tinydb dependency is not declared in the poetry configuration file

Youngestdev commented 2 years ago

I see this has been already merged but it looks like the tinydb dependency is not declared in the poetry configuration file

I'll add that. Thanks for pointing that out, @francbartoli

r-scheele commented 2 years ago

@Youngestdev please make the update, so I can pull.

r-scheele / rego_builder

Integrate TinyDB #7

Goal

Commits and changes

Route updates

Workings.

Todo