diff --git a/services/src/modules/registry-schema/resolvers/delete-resources.ts b/services/src/modules/registry-schema/resolvers/delete-resources.ts index a7de9b74..4ada875c 100644 --- a/services/src/modules/registry-schema/resolvers/delete-resources.ts +++ b/services/src/modules/registry-schema/resolvers/delete-resources.ts @@ -6,7 +6,7 @@ import { createGatewaySchema } from '../../apollo-server'; import { applyResourceGroupDeletions } from '../../resource-repository'; import { validateResourceGroupOrThrow } from '../validation'; import { transformResourceGroup as applyPluginForResourceGroup } from '../../plugins'; -import { PolicyAttachmentsHelper } from '../helpers'; +import { markOptionalPolicyArgs, PolicyAttachmentsHelper } from '../helpers'; import getResourceRepository from '../repository'; import { RegistryRequestContext, ResourceGroupMetadataInput } from '..'; import { updateRemoteGqlSchemas } from '../../directives/gql'; @@ -42,6 +42,9 @@ export default async function (deletions: ResourceGroupMetadataInput, context: R logger.debug('Creating schema config...'); await createGatewaySchema(gatewayRg); + logger.debug('Marking optional policy arguments...'); + markOptionalPolicyArgs(gatewayRg.policies); + logger.debug('Synchronizing policy attachments...'); await policyAttachments.sync(existingPolicies, gatewayRg.policies); diff --git a/services/src/modules/registry-schema/resolvers/rebuild-resource-group.ts b/services/src/modules/registry-schema/resolvers/rebuild-resource-group.ts index 9dda1af2..8f719405 100644 --- a/services/src/modules/registry-schema/resolvers/rebuild-resource-group.ts +++ b/services/src/modules/registry-schema/resolvers/rebuild-resource-group.ts @@ -5,7 +5,7 @@ import { updateRemoteGqlSchemas } from '../../directives/gql'; import { createGatewaySchema } from '../../apollo-server'; import logger from '../../logger'; import { transformResourceGroup as applyPluginsForResourceGroup } from '../../plugins'; -import { PolicyAttachmentsHelper } from '../helpers'; +import { markOptionalPolicyArgs, PolicyAttachmentsHelper } from '../helpers'; import getResourceRepository from '../repository'; import { validateResourceGroupOrThrow } from '../validation'; @@ -37,6 +37,9 @@ export default async function (context: RegistryRequestContext, dryRun = false) logger.debug('Creating schema...'); await createGatewaySchema(gatewayRg); + logger.debug('Marking optional policy arguments...'); + markOptionalPolicyArgs(gatewayRg.policies); + logger.debug('Synchronizing policy attachments...'); await policyAttachments.sync(existingPolicies, gatewayRg.policies); diff --git a/services/src/modules/registry-schema/resolvers/update-resource-group.ts b/services/src/modules/registry-schema/resolvers/update-resource-group.ts index fe912679..f5fb878a 100644 --- a/services/src/modules/registry-schema/resolvers/update-resource-group.ts +++ b/services/src/modules/registry-schema/resolvers/update-resource-group.ts @@ -43,7 +43,7 @@ export default async function (updates: ResourceGroupInput, context: RegistryReq await createGatewaySchema(gatewayRg); logger.debug('Marking optional policy arguments...'); - markOptionalPolicyArgs(updates.policies); + markOptionalPolicyArgs(gatewayRg.policies); logger.debug('Synchronizing policy attachments...'); await policyAttachments.sync(existingPolicies, gatewayRg.policies); diff --git a/services/tests/e2e/authorization/auth-with-queries.schema.ts b/services/tests/e2e/authorization/auth-with-queries.schema.ts index 77a241c1..e757d3ec 100644 --- a/services/tests/e2e/authorization/auth-with-queries.schema.ts +++ b/services/tests/e2e/authorization/auth-with-queries.schema.ts @@ -39,6 +39,22 @@ export const policies: PolicyDefinition[] = [ hireDate: { type: 'Int' }, }, }, + { + metadata: { + name: 'is-active', + namespace: 'auth-with-query', + }, + type: PolicyType.opa, + code: ` + default allow = false + allow { + input.args.active + } + `, + args: { + active: { type: 'Boolean!', default: '{ true }' }, + }, + }, { metadata: { name: 'notClassified', @@ -50,11 +66,12 @@ export const policies: PolicyDefinition[] = [ allow { input.query.classifiedDepartments[_].id != input.args.departmentId; input.query.policy.auth_with_query___is_senior.allow + input.query.policy.auth_with_query___is_active.allow } `, args: { - departmentId: { type: 'String', default: '{source.department.id}' }, - hireDate: { type: 'Int', default: '{source.hireDate}' }, + departmentId: { type: 'String!', default: '{source.department.id}' }, + hireDate: { type: 'Int!', default: '{source.hireDate}' }, }, query: { gql: print(gql` @@ -66,6 +83,9 @@ export const policies: PolicyDefinition[] = [ auth_with_query___is_senior(hireDate: $hireDate) { allow } + auth_with_query___is_active { + allow + } } } `), diff --git a/services/tests/integration/registry/__snapshots__/delete-resources.spec.ts.snap b/services/tests/integration/registry/__snapshots__/delete-resources.spec.ts.snap index 4adfb744..86678a8e 100644 --- a/services/tests/integration/registry/__snapshots__/delete-resources.spec.ts.snap +++ b/services/tests/integration/registry/__snapshots__/delete-resources.spec.ts.snap @@ -65,9 +65,11 @@ Object { Object { "args": Object { "an": Object { + "optional": true, "type": "String", }, "another": Object { + "optional": false, "type": "String!", }, }, @@ -132,9 +134,11 @@ Object { Object { "args": Object { "an": Object { + "optional": true, "type": "String", }, "another": Object { + "optional": false, "type": "String!", }, }, @@ -199,9 +203,11 @@ Object { Object { "args": Object { "an": Object { + "optional": true, "type": "String", }, "another": Object { + "optional": false, "type": "String!", }, }, @@ -262,9 +268,11 @@ Object { Object { "args": Object { "an": Object { + "optional": true, "type": "String", }, "another": Object { + "optional": false, "type": "String!", }, }, @@ -379,9 +387,11 @@ Object { Object { "args": Object { "an": Object { + "optional": true, "type": "String", }, "another": Object { + "optional": false, "type": "String!", }, }, diff --git a/services/tests/integration/registry/__snapshots__/rebuild-resources.spec.ts.snap b/services/tests/integration/registry/__snapshots__/rebuild-resources.spec.ts.snap index 155a82a0..878d54d5 100644 --- a/services/tests/integration/registry/__snapshots__/rebuild-resources.spec.ts.snap +++ b/services/tests/integration/registry/__snapshots__/rebuild-resources.spec.ts.snap @@ -7,9 +7,11 @@ Object { "args": Object { "an": Object { "default": "{source.an}", + "optional": true, "type": "String", }, "another": Object { + "optional": false, "type": "String!", }, }, @@ -81,9 +83,11 @@ Object { "args": Object { "an": Object { "default": "{source.an}", + "optional": true, "type": "String", }, "another": Object { + "optional": false, "type": "String!", }, }, @@ -156,9 +160,11 @@ Object { "args": Object { "an": Object { "default": "{source.an}", + "optional": true, "type": "String", }, "another": Object { + "optional": false, "type": "String!", }, }, @@ -231,9 +237,11 @@ Object { "args": Object { "an": Object { "default": "{source.an}", + "optional": true, "type": "String", }, "another": Object { + "optional": false, "type": "String!", }, }, diff --git a/services/tests/integration/registry/__snapshots__/update-resources.spec.ts.snap b/services/tests/integration/registry/__snapshots__/update-resources.spec.ts.snap index 8ad1ccf5..bc4adcf8 100644 --- a/services/tests/integration/registry/__snapshots__/update-resources.spec.ts.snap +++ b/services/tests/integration/registry/__snapshots__/update-resources.spec.ts.snap @@ -8,9 +8,11 @@ Object { "args": Object { "an": Object { "default": "{source.an}", + "optional": true, "type": "String", }, "another": Object { + "optional": false, "type": "String!", }, }, @@ -100,9 +102,11 @@ Object { "args": Object { "an": Object { "default": "{source.an}", + "optional": true, "type": "String", }, "another": Object { + "optional": false, "type": "String!", }, }, @@ -175,9 +179,11 @@ Object { "args": Object { "an": Object { "default": "{source.an}", + "optional": true, "type": "String", }, "another": Object { + "optional": false, "type": "String!", }, }, @@ -250,9 +256,11 @@ Object { "args": Object { "an": Object { "default": "{source.an}", + "optional": true, "type": "String", }, "another": Object { + "optional": false, "type": "String!", }, }, @@ -326,9 +334,11 @@ Object { "args": Object { "an": Object { "default": "{source.an}", + "optional": true, "type": "String", }, "another": Object { + "optional": false, "type": "String!", }, }, diff --git a/services/tests/integration/registry/delete-resources.spec.ts b/services/tests/integration/registry/delete-resources.spec.ts index b718d617..3298e3b9 100644 --- a/services/tests/integration/registry/delete-resources.spec.ts +++ b/services/tests/integration/registry/delete-resources.spec.ts @@ -59,9 +59,11 @@ const policy: PolicyDefinition = { args: { an: { type: 'String', + optional: true, }, another: { type: 'String!', + optional: false, }, }, query: { diff --git a/services/tests/integration/registry/rebuild-resources.spec.ts b/services/tests/integration/registry/rebuild-resources.spec.ts index 8b7a3d11..dbf9ef08 100644 --- a/services/tests/integration/registry/rebuild-resources.spec.ts +++ b/services/tests/integration/registry/rebuild-resources.spec.ts @@ -61,8 +61,8 @@ const policy: PolicyDefinition = { with multiple lines`, args: { - an: { type: 'String', default: '{source.an}' }, - another: { type: 'String!' }, + an: { type: 'String', default: '{source.an}', optional: true }, + another: { type: 'String!', optional: false }, }, query: { gql: 'some another gql', diff --git a/services/tests/integration/registry/update-resources.spec.ts b/services/tests/integration/registry/update-resources.spec.ts index 3e9a668b..4a8ef5a3 100644 --- a/services/tests/integration/registry/update-resources.spec.ts +++ b/services/tests/integration/registry/update-resources.spec.ts @@ -77,8 +77,8 @@ const policy: PolicyDefinition = { with multiple lines`, args: { - an: { type: 'String', default: '{source.an}' }, - another: { type: 'String!' }, + an: { type: 'String', default: '{source.an}', optional: true }, + another: { type: 'String!', optional: false }, }, query: { gql: 'some another gql',