Merge pull request #42

gRPC endpoint to add collections to access-policies

proto/gk/v1/gatekeeper.proto

@@ -45,6 +45,14 @@ service Gatekeeper {
 		};
 	}
 
+	// Access policies - collections
+	rpc AddAccessPolicyCollection(AddAccessPolicyCollectionRequest) returns (AddAccessPolicyCollectionResponse) {
+		option (google.api.http) = {
+			post : "/v1/access-policies/{policy_id}/collections"
+			body : "*"
+		};
+	}
+
 	// Collections
 	rpc CreateCollection(CreateCollectionRequest) returns (Collection) {
 		option (google.api.http) = {
@@ -205,6 +213,14 @@ message RetrieveAccessPolicyRequest {
 	string id = 1;
 }
 
+// Access policies - collections
+message AddAccessPolicyCollectionRequest {
+	string policy_id     = 1;
+	string collection_id = 2;
+}
+
+message AddAccessPolicyCollectionResponse {}
+
 // Collections
 message Collection {
 	string id   = 1;

src/service/gatekeeper.access-policies.cpp

@@ -51,6 +51,7 @@ grpc::ServerUnaryReactor *Gatekeeper::RetrieveAccessPolicy(
 	gk::v1::AccessPolicy *response) {
 	auto *reactor = context->DefaultReactor();
 
+	// TODO: error handling
 	auto policy = datastore::RetrieveAccessPolicy(request->id());
 	map(policy, response);
 
@@ -65,4 +66,18 @@ grpc::ServerUnaryReactor *Gatekeeper::RetrieveAccessPolicy(
 	reactor->Finish(grpc::Status::OK);
 	return reactor;
 }
+
+// Collections
+grpc::ServerUnaryReactor *Gatekeeper::AddAccessPolicyCollection(
+	grpc::CallbackServerContext *context, const gk::v1::AddAccessPolicyCollectionRequest *request,
+	gk::v1::AddAccessPolicyCollectionResponse *response) {
+	auto *reactor = context->DefaultReactor();
+
+	// TODO: error handling
+	auto policy = datastore::RetrieveAccessPolicy(request->policy_id());
+	policy.addCollection(request->collection_id());
+
+	reactor->Finish(grpc::Status::OK);
+	return reactor;
+}
 } // namespace service

src/service/gatekeeper.access-policies_test.cpp

@@ -237,3 +237,39 @@ TEST_F(GatekeeperAccessPoliciesTest, RetrieveAccessPolicy) {
 		EXPECT_EQ(policy.rules().cbegin()->attrs, attrs);
 	}
 }
+
+// Collections
+TEST_F(GatekeeperAccessPoliciesTest, AddAccessPolicyCollection) {
+	service::Gatekeeper service;
+
+	// Success: add collection
+	{
+		const datastore::Collection collection({
+			.name = "name:GatekeeperAccessPoliciesTest.AddAccessPolicyCollection",
+		});
+		ASSERT_NO_THROW(collection.store());
+
+		const datastore::AccessPolicy policy({
+			.name = "name:GatekeeperAccessPoliciesTest.AddAccessPolicyCollection",
+		});
+		ASSERT_NO_THROW(policy.store());
+		EXPECT_EQ(0, policy.collections().size());
+
+		grpc::CallbackServerContext               ctx;
+		grpc::testing::DefaultReactorTestPeer     peer(&ctx);
+		gk::v1::AddAccessPolicyCollectionResponse response;
+
+		gk::v1::AddAccessPolicyCollectionRequest request;
+		request.set_policy_id(policy.id());
+		request.set_collection_id(collection.id());
+
+		auto reactor = service.AddAccessPolicyCollection(&ctx, &request, &response);
+		EXPECT_TRUE(peer.test_status_set());
+		EXPECT_TRUE(peer.test_status().ok());
+		EXPECT_EQ(peer.reactor(), reactor);
+
+		const auto ids = policy.collections();
+		ASSERT_EQ(1, ids.size());
+		EXPECT_EQ(collection.id(), *ids.cbegin());
+	}
+}

src/service/gatekeeper.h

@@ -22,6 +22,12 @@ class Gatekeeper final : public gk::v1::Gatekeeper::CallbackService {
 		grpc::CallbackServerContext *context, const gk::v1::RetrieveAccessPolicyRequest *request,
 		gk::v1::AccessPolicy *response) override;
 
+	// Access policies - collections
+	grpc::ServerUnaryReactor *AddAccessPolicyCollection(
+		grpc::CallbackServerContext                    *context,
+		const gk::v1::AddAccessPolicyCollectionRequest *request,
+		gk::v1::AddAccessPolicyCollectionResponse      *response) override;
+
 	// Collections
 	grpc::ServerUnaryReactor *CreateCollection(
 		grpc::CallbackServerContext *context, const gk::v1::CreateCollectionRequest *request,