feat(log,notifier): sending log and slack notif concurrently

api/handler/v1beta1/adapter.go

@@ -311,6 +311,7 @@ func (a *adapter) FromPolicyProto(p *guardianv1beta1.Policy) *domain.Policy {
 	if p.GetAppeal() != nil {
 		var durationOptions []domain.AppealDurationOption
 		var questions []domain.Question
+		var metadataSources map[string]*domain.AppealMetadataSource
 		for _, d := range p.GetAppeal().GetDurationOptions() {
 			option := domain.AppealDurationOption{
 				Name:  d.GetName(),
@@ -328,13 +329,27 @@ func (a *adapter) FromPolicyProto(p *guardianv1beta1.Policy) *domain.Policy {
 			questions = append(questions, question)
 		}
 
+		if mds := p.GetAppeal().GetMetadataSources(); mds != nil {
+			metadataSources = make(map[string]*domain.AppealMetadataSource)
+			for key, metadataCfg := range mds {
+				metadataSources[key] = &domain.AppealMetadataSource{
+					Name:        metadataCfg.GetName(),
+					Description: metadataCfg.GetDescription(),
+					Type:        metadataCfg.GetType(),
+					Config:      metadataCfg.GetConfig().AsInterface(),
+					Value:       metadataCfg.GetValue().AsInterface(),
+				}
+			}
+		}
+
 		policy.AppealConfig = &domain.PolicyAppealConfig{
 			DurationOptions:              durationOptions,
 			AllowOnBehalf:                p.GetAppeal().GetAllowOnBehalf(),
 			Questions:                    questions,
 			AllowPermanentAccess:         p.GetAppeal().GetAllowPermanentAccess(),
 			AllowActiveAccessExtensionIn: p.GetAppeal().GetAllowActiveAccessExtensionIn(),
 			AllowCreatorDetailsFailure:   p.GetAppeal().GetAllowCreatorDetailsFailure(),
+			MetadataSources:              metadataSources,
 		}
 	}
 
@@ -444,7 +459,11 @@ func (a *adapter) ToPolicyProto(p *domain.Policy) (*guardianv1beta1.Policy, erro
 		}
 	}
 
-	policyProto.Appeal = a.ToPolicyAppealConfigProto(p)
+	appealConfig, err := a.ToPolicyAppealConfigProto(p)
+	if err != nil {
+		return nil, fmt.Errorf("failed to convert appeal config to proto: %w", err)
+	}
+	policyProto.Appeal = appealConfig
 
 	if !p.CreatedAt.IsZero() {
 		policyProto.CreatedAt = timestamppb.New(p.CreatedAt)
@@ -456,9 +475,9 @@ func (a *adapter) ToPolicyProto(p *domain.Policy) (*guardianv1beta1.Policy, erro
 	return policyProto, nil
 }
 
-func (a *adapter) ToPolicyAppealConfigProto(p *domain.Policy) *guardianv1beta1.PolicyAppealConfig {
+func (a *adapter) ToPolicyAppealConfigProto(p *domain.Policy) (*guardianv1beta1.PolicyAppealConfig, error) {
 	if p.AppealConfig == nil {
-		return nil
+		return nil, nil
 	}
 
 	policyAppealConfigProto := &guardianv1beta1.PolicyAppealConfig{}
@@ -485,7 +504,34 @@ func (a *adapter) ToPolicyAppealConfigProto(p *domain.Policy) *guardianv1beta1.P
 			Description: q.Description,
 		})
 	}
-	return policyAppealConfigProto
+
+	for key, metadataSource := range p.AppealConfig.MetadataSources {
+		if policyAppealConfigProto.MetadataSources == nil {
+			policyAppealConfigProto.MetadataSources = make(map[string]*guardianv1beta1.PolicyAppealConfig_MetadataSource)
+		}
+		policyAppealConfigProto.MetadataSources[key] = &guardianv1beta1.PolicyAppealConfig_MetadataSource{
+			Name:        metadataSource.Name,
+			Description: metadataSource.Description,
+			Type:        metadataSource.Type,
+		}
+
+		if metadataSource.Config != nil {
+			cfg, err := structpb.NewValue(metadataSource.Config)
+			if err != nil {
+				return nil, err
+			}
+			policyAppealConfigProto.MetadataSources[key].Config = cfg
+		}
+		if metadataSource.Value != nil {
+			value, err := structpb.NewValue(metadataSource.Value)
+			if err != nil {
+				return nil, err
+			}
+			policyAppealConfigProto.MetadataSources[key].Value = value
+		}
+	}
+
+	return policyAppealConfigProto, nil
 }
 
 func (a *adapter) FromResourceProto(r *guardianv1beta1.Resource) *domain.Resource {

api/handler/v1beta1/grpc.go

@@ -27,7 +27,7 @@ type ProtoAdapter interface {
 	FromPolicyProto(*guardianv1beta1.Policy) *domain.Policy
 	ToPolicyProto(*domain.Policy) (*guardianv1beta1.Policy, error)
 
-	ToPolicyAppealConfigProto(policy *domain.Policy) *guardianv1beta1.PolicyAppealConfig
+	ToPolicyAppealConfigProto(policy *domain.Policy) (*guardianv1beta1.PolicyAppealConfig, error)
 
 	FromResourceProto(*guardianv1beta1.Resource) *domain.Resource
 	ToResourceProto(*domain.Resource) (*guardianv1beta1.Resource, error)

api/handler/v1beta1/policy.go

@@ -18,9 +18,7 @@ func (s *GRPCServer) ListPolicies(ctx context.Context, req *guardianv1beta1.List
 
 	policyProtos := []*guardianv1beta1.Policy{}
 	for _, p := range policies {
-		if p.IAM != nil {
-			p.IAM.Config = nil
-		}
+		p.RemoveSensitiveValues()
 		policyProto, err := s.adapter.ToPolicyProto(p)
 		if err != nil {
 			return nil, s.internalError(ctx, "failed to parse policy %v: %v", p.ID, err)
@@ -44,9 +42,7 @@ func (s *GRPCServer) GetPolicy(ctx context.Context, req *guardianv1beta1.GetPoli
 		}
 	}
 
-	if p.IAM != nil {
-		p.IAM.Config = nil
-	}
+	p.RemoveSensitiveValues()
 	policyProto, err := s.adapter.ToPolicyProto(p)
 	if err != nil {
 		return nil, s.internalError(ctx, "failed to parse policy: %v", err)
@@ -116,7 +112,11 @@ func (s *GRPCServer) GetPolicyPreferences(ctx context.Context, req *guardianv1be
 		}
 	}
 
-	appealConfigProto := s.adapter.ToPolicyAppealConfigProto(p)
+	p.RemoveSensitiveValues()
+	appealConfigProto, err := s.adapter.ToPolicyAppealConfigProto(p)
+	if err != nil {
+		return nil, s.internalError(ctx, "failed to parse policy preferences: %v", err)
+	}
 
 	return &guardianv1beta1.GetPolicyPreferencesResponse{
 		Appeal: appealConfigProto,

api/handler/v1beta1/policy_test.go

@@ -28,6 +28,13 @@ func (s *GrpcHandlersSuite) TestListPolicies() {
 						Config:   expectedIAMConfig,
 						Provider: "provider",
 					},
+					Appeal: &guardianv1beta1.PolicyAppealConfig{
+						MetadataSources: map[string]*guardianv1beta1.PolicyAppealConfig_MetadataSource{
+							"test-source": {
+								Name: "test-source",
+							},
+						},
+					},
 				},
 			},
 		}
@@ -38,6 +45,14 @@ func (s *GrpcHandlersSuite) TestListPolicies() {
 					Config:   map[string]interface{}{"foo": "bar"},
 					Provider: "provider",
 				},
+				AppealConfig: &domain.PolicyAppealConfig{
+					MetadataSources: map[string]*domain.AppealMetadataSource{
+						"test-source": {
+							Name:   "test-source",
+							Config: map[string]interface{}{"foo": "bar"},
+						},
+					},
+				},
 			},
 		}
 		s.policyService.EXPECT().Find(mock.MatchedBy(func(ctx context.Context) bool { return true })).Return(dummyPolicies, nil).Once()
@@ -403,11 +418,24 @@ func (s *GrpcHandlersSuite) TestCreatePolicy() {
 						Description: "Please provide the name of the team you are in",
 					},
 				},
+				MetadataSources: map[string]*domain.AppealMetadataSource{
+					"test-source": {
+						Name:        "test-source",
+						Description: "test-description",
+						Type:        "test-type",
+						Config:      map[string]interface{}{"foo": "bar"},
+						Value:       "test-value",
+					},
+				},
 			},
 		}
 		expectedVersion := uint(1)
 		expectedIAMConfig, err := structpb.NewValue(expectedPolicy.IAM.Config)
 		s.Require().NoError(err)
+		expectedMetadataSourceConfig, err := structpb.NewValue(expectedPolicy.AppealConfig.MetadataSources["test-source"].Config)
+		s.Require().NoError(err)
+		expectedMetadataSourceValue, err := structpb.NewValue(expectedPolicy.AppealConfig.MetadataSources["test-source"].Value)
+		s.Require().NoError(err)
 		expectedResponse := &guardianv1beta1.CreatePolicyResponse{
 			Policy: &guardianv1beta1.Policy{
 				Id:          expectedPolicy.ID,
@@ -464,6 +492,15 @@ func (s *GrpcHandlersSuite) TestCreatePolicy() {
 							Description: "Please provide the name of the team you are in",
 						},
 					},
+					MetadataSources: map[string]*guardianv1beta1.PolicyAppealConfig_MetadataSource{
+						"test-source": {
+							Name:        "test-source",
+							Description: "test-description",
+							Type:        "test-type",
+							Config:      expectedMetadataSourceConfig,
+							Value:       expectedMetadataSourceValue,
+						},
+					},
 				},
 				CreatedAt: timestamppb.New(timeNow),
 				UpdatedAt: timestamppb.New(timeNow),
@@ -531,6 +568,15 @@ func (s *GrpcHandlersSuite) TestCreatePolicy() {
 							Description: "Please provide the name of the team you are in",
 						},
 					},
+					MetadataSources: map[string]*guardianv1beta1.PolicyAppealConfig_MetadataSource{
+						"test-source": {
+							Name:        "test-source",
+							Description: "test-description",
+							Type:        "test-type",
+							Config:      expectedMetadataSourceConfig,
+							Value:       expectedMetadataSourceValue,
+						},
+					},
 				},
 			},
 		}
@@ -798,3 +844,92 @@ func (s *GrpcHandlersSuite) TestUpdatePolicy() {
 		s.policyService.AssertExpectations(s.T())
 	})
 }
+
+func (s *GrpcHandlersSuite) TestGetPolicyPreferences() {
+	s.Run("should return policy preferences on success", func() {
+		s.setup()
+
+		dummyPolicy := &domain.Policy{
+			ID:      "test-policy",
+			Version: 1,
+			AppealConfig: &domain.PolicyAppealConfig{
+				AllowActiveAccessExtensionIn: "24h",
+				AllowPermanentAccess:         true,
+				MetadataSources: map[string]*domain.AppealMetadataSource{
+					"test-source": {
+						Name:   "test-source",
+						Config: map[string]interface{}{"foo": "bar"},
+					},
+				},
+			},
+		}
+
+		s.policyService.EXPECT().
+			GetOne(mock.MatchedBy(func(ctx context.Context) bool { return true }), dummyPolicy.ID, dummyPolicy.Version).
+			Return(dummyPolicy, nil).Once()
+		expectedResponse := &guardianv1beta1.GetPolicyPreferencesResponse{
+			Appeal: &guardianv1beta1.PolicyAppealConfig{
+				AllowActiveAccessExtensionIn: "24h",
+				AllowPermanentAccess:         true,
+				MetadataSources: map[string]*guardianv1beta1.PolicyAppealConfig_MetadataSource{
+					"test-source": {
+						Name: "test-source",
+					},
+				},
+			},
+		}
+
+		req := &guardianv1beta1.GetPolicyPreferencesRequest{
+			Id:      dummyPolicy.ID,
+			Version: uint32(dummyPolicy.Version),
+		}
+		res, err := s.grpcServer.GetPolicyPreferences(context.Background(), req)
+
+		s.NoError(err)
+		s.Equal(expectedResponse, res)
+		s.Nil(res.Appeal.MetadataSources["test-source"].Config) // config that might contain sensitive value should be removed
+		s.policyService.AssertExpectations(s.T())
+	})
+
+	s.Run("should return not found error if policy not found", func() {
+		s.setup()
+
+		policyID := "test-policy"
+		policyVersion := uint(1)
+		expectedError := policy.ErrPolicyNotFound
+		s.policyService.EXPECT().
+			GetOne(mock.MatchedBy(func(ctx context.Context) bool { return true }), policyID, policyVersion).
+			Return(nil, expectedError).Once()
+
+		req := &guardianv1beta1.GetPolicyPreferencesRequest{
+			Id:      policyID,
+			Version: uint32(policyVersion),
+		}
+		res, err := s.grpcServer.GetPolicyPreferences(context.Background(), req)
+
+		s.Equal(codes.NotFound, status.Code(err))
+		s.Nil(res)
+		s.policyService.AssertExpectations(s.T())
+	})
+
+	s.Run("should return internal error if policy service returns error", func() {
+		s.setup()
+
+		policyID := "test-policy"
+		policyVersion := uint(1)
+		expectedError := errors.New("random error")
+		s.policyService.EXPECT().
+			GetOne(mock.MatchedBy(func(ctx context.Context) bool { return true }), policyID, policyVersion).
+			Return(nil, expectedError).Once()
+
+		req := &guardianv1beta1.GetPolicyPreferencesRequest{
+			Id:      policyID,
+			Version: uint32(policyVersion),
+		}
+		res, err := s.grpcServer.GetPolicyPreferences(context.Background(), req)
+
+		s.Equal(codes.Internal, status.Code(err))
+		s.Nil(res)
+		s.policyService.AssertExpectations(s.T())
+	})
+}