metacrypt/internal/grpcserver/policy.go

package grpcserver

import (
	"context"

	"google.golang.org/grpc/codes"
	"google.golang.org/grpc/status"

	pb "git.wntrmute.dev/mc/metacrypt/gen/metacrypt/v2"
	"git.wntrmute.dev/mc/metacrypt/internal/policy"
)

type policyServer struct {
	pb.UnimplementedPolicyServiceServer
	s *GRPCServer
}

func (ps *policyServer) CreatePolicy(ctx context.Context, req *pb.CreatePolicyRequest) (*pb.CreatePolicyResponse, error) {
	if req.Rule == nil || req.Rule.Id == "" {
		return nil, status.Error(codes.InvalidArgument, "rule.id is required")
	}
	rule := pbToRule(req.Rule)
	if err := ps.s.policy.CreateRule(ctx, rule); err != nil {
		ps.s.logger.Error("grpc: create policy", "error", err)
		return nil, status.Error(codes.Internal, "internal error")
	}
	ps.s.logger.Info("audit: policy created", "id", rule.ID, "username", callerUsername(ctx))
	return &pb.CreatePolicyResponse{Rule: ruleToPB(rule)}, nil
}

func (ps *policyServer) ListPolicies(ctx context.Context, _ *pb.ListPoliciesRequest) (*pb.ListPoliciesResponse, error) {
	rules, err := ps.s.policy.ListRules(ctx)
	if err != nil {
		ps.s.logger.Error("grpc: list policies", "error", err)
		return nil, status.Error(codes.Internal, "internal error")
	}
	pbRules := make([]*pb.PolicyRule, 0, len(rules))
	for i := range rules {
		pbRules = append(pbRules, ruleToPB(&rules[i]))
	}
	return &pb.ListPoliciesResponse{Rules: pbRules}, nil
}

func (ps *policyServer) GetPolicy(ctx context.Context, req *pb.GetPolicyRequest) (*pb.GetPolicyResponse, error) {
	if req.Id == "" {
		return nil, status.Error(codes.InvalidArgument, "id is required")
	}
	rule, err := ps.s.policy.GetRule(ctx, req.Id)
	if err != nil {
		return nil, status.Error(codes.NotFound, "not found")
	}
	return &pb.GetPolicyResponse{Rule: ruleToPB(rule)}, nil
}

func (ps *policyServer) DeletePolicy(ctx context.Context, req *pb.DeletePolicyRequest) (*pb.DeletePolicyResponse, error) {
	if req.Id == "" {
		return nil, status.Error(codes.InvalidArgument, "id is required")
	}
	if err := ps.s.policy.DeleteRule(ctx, req.Id); err != nil {
		return nil, status.Error(codes.NotFound, "not found")
	}
	ps.s.logger.Info("audit: policy deleted", "id", req.Id, "username", callerUsername(ctx))
	return &pb.DeletePolicyResponse{}, nil
}

func pbToRule(r *pb.PolicyRule) *policy.Rule {
	return &policy.Rule{
		ID:        r.Id,
		Priority:  int(r.Priority),
		Effect:    policy.Effect(r.Effect),
		Usernames: r.Usernames,
		Roles:     r.Roles,
		Resources: r.Resources,
		Actions:   r.Actions,
	}
}

func ruleToPB(r *policy.Rule) *pb.PolicyRule {
	return &pb.PolicyRule{
		Id:        r.ID,
		Priority:  int32(r.Priority), //nolint:gosec
		Effect:    string(r.Effect),
		Usernames: r.Usernames,
		Roles:     r.Roles,
		Resources: r.Resources,
		Actions:   r.Actions,
	}
}