config: add source ppl field (#5419)

2025-04-28 18:06:34 +02:00 · 2025-01-14 10:13:56 -07:00 · 2025-01-14 10:13:56 -07:00 · c571769adc
commit c571769adc
parent 21b9e7890c
3 changed files with 546 additions and 526 deletions
--- a/config/policy.go
+++ b/config/policy.go
@ -205,6 +205,7 @@ type SubPolicy struct {
 	AllowedDomains   []string                 `mapstructure:"allowed_domains" yaml:"allowed_domains,omitempty" json:"allowed_domains,omitempty"`
 	AllowedIDPClaims identity.FlattenedClaims `mapstructure:"allowed_idp_claims" yaml:"allowed_idp_claims,omitempty" json:"allowed_idp_claims,omitempty"`
 	Rego             []string                 `mapstructure:"rego" yaml:"rego" json:"rego,omitempty"`
+	SourcePPL        string                   `mapstructure:"source_ppl" yaml:"source_ppl,omitempty" json:"source_ppl,omitempty"`

 	// Explanation is the explanation for why a policy failed.
 	Explanation string `mapstructure:"explanation" yaml:"explanation" json:"explanation,omitempty"`
@ -389,6 +390,7 @@ func NewPolicyFromProto(pb *configpb.Route) (*Policy, error) {
 			AllowedDomains:   sp.GetAllowedDomains(),
 			AllowedIDPClaims: identity.NewFlattenedClaimsFromPB(sp.GetAllowedIdpClaims()),
 			Rego:             sp.GetRego(),
+			SourcePPL:        sp.GetSourcePpl(),

 			Explanation: sp.GetExplanation(),
 			Remediation: sp.GetRemediation(),
@ -411,7 +413,7 @@ func (p *Policy) ToProto() (*configpb.Route, error) {
 	}
 	sps := make([]*configpb.Policy, 0, len(p.SubPolicies))
 	for _, sp := range p.SubPolicies {
-		sps = append(sps, &configpb.Policy{
+		p := &configpb.Policy{
 			Id:               sp.ID,
 			Name:             sp.Name,
 			AllowedUsers:     sp.AllowedUsers,
@ -420,7 +422,11 @@ func (p *Policy) ToProto() (*configpb.Route, error) {
 			Explanation:      sp.Explanation,
 			Remediation:      sp.Remediation,
 			Rego:             sp.Rego,
-		})
+		}
+		if sp.SourcePPL != "" {
+			p.SourcePpl = proto.String(sp.SourcePPL)
+		}
+		sps = append(sps, p)
 	}

 	pb := &configpb.Route{
--- a/pkg/grpc/config/config.pb.go
+++ b/pkg/grpc/config/config.pb.go
--- a/pkg/grpc/config/config.proto
+++ b/pkg/grpc/config/config.proto
@ -141,6 +141,7 @@ message Policy {
  repeated string allowed_domains = 5;
  map<string, google.protobuf.ListValue> allowed_idp_claims = 7;
  repeated string rego = 6;
+  optional string source_ppl = 10;

  string explanation = 8;
  string remediation = 9;