Extend policy endpoint with posture checks (#1450)

* Implement posture and version checks in API models

* go mod tidy

* Allow attaching posture checks to policy

* Update error message for linked posture check on deleting

* Refactor PostureCheck and Checks structures

* go mod tidy

management/server/http/api/openapi.yml

@@ -779,6 +779,12 @@ components:
         - $ref: '#/components/schemas/PolicyMinimum'
         - type: object
           properties:
+            source_posture_checks:
+              description: Posture checks ID's applied to policy source groups
+              type: array
+              items:
+                type: string
+                example: "chacdk86lnnboviihd70"
             rules:
               description: Policy rule object for policy UI editor
               type: array
@@ -825,7 +831,7 @@ components:
       required:
         - id
         - name
-        - check
+        - checks
     Checks:
       description: List of objects that perform the actual checks
       type: object

management/server/http/policies_handler.go

@@ -206,6 +206,10 @@ func (h *Policies) savePolicy(
 		policy.Rules = append(policy.Rules, &pr)
 	}
 
+	if req.SourcePostureChecks != nil {
+		policy.SourcePostureChecks = sourcePostureChecksToStrings(account, *req.SourcePostureChecks)
+	}
+
 	if err := h.accountManager.SavePolicy(account.Id, user.Id, &policy); err != nil {
 		util.WriteError(err, w)
 		return
@@ -352,3 +356,17 @@ func groupMinimumsToStrings(account *server.Account, gm []string) []string {
 	}
 	return result
 }
+
+func sourcePostureChecksToStrings(account *server.Account, postureChecksIds []string) []string {
+	result := make([]string, 0, len(postureChecksIds))
+	for _, id := range postureChecksIds {
+		for _, postureCheck := range account.PostureChecks {
+			if id == postureCheck.ID {
+				result = append(result, id)
+				continue
+			}
+		}
+
+	}
+	return result
+}

management/server/http/posture_checks_handler.go

@@ -229,6 +229,6 @@ func toPostureChecksResponse(postureChecks *posture.Checks) *api.PostureCheck {
 		Id:          postureChecks.ID,
 		Name:        postureChecks.Name,
 		Description: &postureChecks.Description,
-		Checks:      &checks,
+		Checks:      checks,
 	}
 }

management/server/http/posture_checks_handler_test.go

@@ -187,7 +187,7 @@ func TestPostureCheckUpdate(t *testing.T) {
 				Id:          "postureCheck",
 				Name:        "default",
 				Description: str("default"),
-				Checks: &api.Checks{
+				Checks: api.Checks{
 					NbVersionCheck: &api.NBVersionCheck{
 						Enabled:    true,
 						MinVersion: "1.2.3",
@@ -247,7 +247,7 @@ func TestPostureCheckUpdate(t *testing.T) {
 				Id:          "postureCheck",
 				Name:        "default",
 				Description: str(""),
-				Checks: &api.Checks{
+				Checks: api.Checks{
 					NbVersionCheck: &api.NBVersionCheck{
 						Enabled:    true,
 						MinVersion: "1.9.0",

management/server/policy.go

@@ -163,11 +163,12 @@ func (p *Policy) Copy() *Policy {
 		Description:         p.Description,
 		Enabled:             p.Enabled,
 		Rules:               make([]*PolicyRule, len(p.Rules)),
-		SourcePostureChecks: p.SourcePostureChecks,
+		SourcePostureChecks: make([]string, len(p.SourcePostureChecks)),
 	}
 	for i, r := range p.Rules {
 		c.Rules[i] = r.Copy()
 	}
+	copy(c.SourcePostureChecks, p.SourcePostureChecks)
 	return c
 }
 

management/server/posture_checks.go

@@ -1,8 +1,6 @@
 package server
 
 import (
-	"fmt"
-
 	"github.com/netbirdio/netbird/management/server/activity"
 	"github.com/netbirdio/netbird/management/server/posture"
 	"github.com/netbirdio/netbird/management/server/status"
@@ -134,7 +132,7 @@ func (am *DefaultAccountManager) deletePostureChecks(account *Account, postureCh
 	for _, policy := range account.Policies {
 		for _, id := range policy.SourcePostureChecks {
 			if id == postureChecksID {
-				return nil, fmt.Errorf("posture checks have been linked to policy: %s", policy.Name)
+				return nil, status.Errorf(status.PreconditionFailed, "posture checks have been linked to policy: %s", policy.Name)
 			}
 		}
 	}