Skip to content

Commit

Permalink
Merge branch 'main' into refactor-common-crate
Browse files Browse the repository at this point in the history
  • Loading branch information
@Natoandro
Natoandro committed Feb 6, 2025
2 parents 7d9ac3f + 4227fa0 commit 9a1cbd1
Show file tree
Hide file tree
Showing 27 changed files with 2,873 additions and 1,386 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/tests.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ on:
tmate_enabled:
type: boolean
description: |
Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate).
Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate).
This disables all but the test-full jobs.
required: false
default: false
Expand All @@ -20,7 +20,6 @@ on:
- synchronize
- ready_for_review


# Cancel any in-flight jobs for the same PR/branch so there's only one active
# at a time
concurrency:
Expand Down Expand Up @@ -305,6 +304,7 @@ jobs:
tests/runtimes/wasm_reflected/*.ts \
tests/runtimes/python/*.ts \
tests/runtimes/substantial/common.ts \
tests/introspection/common.ts \
tests/e2e/self_deploy/self_deploy.ts \
tests/e2e/published/*.ts \
tests/metagen/typegraphs/metagen.ts \
Expand Down
4 changes: 2 additions & 2 deletions src/typegate/src/engine/computation_engine.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -185,12 +185,12 @@ export class ComputationEngine {
(lens as Array<Record<string, unknown>>).forEach((l, i) => {
// Objects are replaced by empty objects `{}`.
// It will be populated by child compute stages using values in `cache`.
l[field] = withEmptyObjects(res[i]);
(l ?? {})[field] = withEmptyObjects(res[i]);
});

// TODO
this.lenses[stageId] = lens.flatMap((l) =>
batcher([(l as Record<string, unknown>)[field]]) ?? []
batcher([((l ?? {})as Record<string, unknown>)[field]]) ?? []
);
}

Expand Down
83 changes: 47 additions & 36 deletions src/typegate/src/engine/planner/policies.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -203,31 +203,33 @@ export class OperationPolicies {
} // elif deny => already thrown
}

const res = await this.#checkStageAuthorization(
const resultsPerField = await this.#checkStageAuthorization(
stageId,
activeEffect,
getResolverResult,
);

switch (res.authorized) {
case "ALLOW": {
resolvedPolicyCachePerStage.set(stageId, "ALLOW");
continue;
}
case "PASS": {
resolvedPolicyCachePerStage.set(stageId, "PASS");
continue;
}
default: {
resolvedPolicyCachePerStage.set(stageId, res.authorized);
const policyNames = res.policiesFailed.map((operand) => ({
name: this.tg.policy(operand.index).name,
concernedField: operand.canonFieldName,
}));

throw new BadContext(
this.#getRejectionReason(stageId, activeEffect, policyNames),
);
for (const { fieldStageId, check } of resultsPerField) {
switch (check.authorized) {
case "ALLOW": {
resolvedPolicyCachePerStage.set(fieldStageId, "ALLOW");
continue;
}
case "PASS": {
resolvedPolicyCachePerStage.set(fieldStageId, "PASS");
continue;
}
default: {
resolvedPolicyCachePerStage.set(fieldStageId, check.authorized);
const policyNames = check.policiesFailed.map((operand) => ({
name: this.tg.policy(operand.index).name,
concernedField: operand.canonFieldName,
}));

throw new BadContext(
this.#getRejectionReason(fieldStageId, activeEffect, policyNames),
);
}
}
}
}
Expand All @@ -238,19 +240,19 @@ export class OperationPolicies {
effect: EffectType,
policiesData: Array<{ name: string; concernedField: string }>,
): string {
const getPath = (concernedField: string) => {
const getPath = () => {
if (stageId == EXPOSE_STAGE_ID) {
return [EXPOSE_STAGE_ID, concernedField].join(".");
return EXPOSE_STAGE_ID;
}
return [EXPOSE_STAGE_ID, stageId, concernedField].join(".");
return [EXPOSE_STAGE_ID, stageId].join(".");
};

const detailsPerPolicy = policiesData
.map(({ name, concernedField }) =>
.map(({ name }) =>
[
`policy '${name}'`,
`with effect '${effect}'`,
`at '${getPath(concernedField)}'`,
`at '${getPath()}'`,
].join(" ")
);
return `Authorization failed for ${detailsPerPolicy.join("; ")}`;
Expand Down Expand Up @@ -407,12 +409,16 @@ export class OperationPolicies {
getResolverResult: GetResolverResult,
) {
const selectedFields = this.#findSelectedFields(stageId);

const checkResults = [];
const policiesForStage = this.#stageToPolicies.get(stageId) ?? [];
const policies = [];
for (const { canonFieldName, indices } of policiesForStage) {
const policies = [];

// Note: canonFieldName is the field on the type (but not the alias if any!)
if (!selectedFields.includes(canonFieldName)) {
const selected = selectedFields.find(({ node }) =>
node == canonFieldName
);
if (!selected) {
continue;
}

Expand All @@ -433,25 +439,30 @@ export class OperationPolicies {
policies.push({ canonFieldName, index: actualIndex });
}
}

checkResults.push({
fieldStageId: selected.stageId,
check: await this.#composePolicies(
policies,
effect,
getResolverResult,
),
});
}

return await this.#composePolicies(
policies,
effect,
getResolverResult,
);
return checkResults;
}

#findSelectedFields(targetStageId: string) {
return this.orderedStageMetadata.map(({ stageId, node }) => {
const chunks = stageId.split(".");
const parent = chunks.slice(0, -1).join(".");
if (parent == "" && targetStageId == EXPOSE_STAGE_ID) {
return node;
return { stageId, node };
}

return targetStageId == parent ? node : null;
}).filter((name) => name != null);
return targetStageId == parent ? { stageId, node } : null;
}).filter((val) => val != null);
}

// for testing
Expand Down
Loading

0 comments on commit 9a1cbd1

Please sign in to comment.