chore: upgrade casbin and ent-adapter (#1581)

Signed-off-by: Miguel Martinez <[email protected]>

Author: migmartri

app/controlplane/pkg/authz/authz.go

@@ -258,7 +258,10 @@ func (e *Enforcer) ClearPolicies(sub *SubjectAPIToken) error {
 	}
 
 	// Get all the policies for the subject
-	policies := e.GetFilteredPolicy(0, sub.String())
+	policies, err := e.GetFilteredPolicy(0, sub.String())
+	if err != nil {
+		return fmt.Errorf("failed to get policies: %w", err)
+	}
 
 	if _, err := e.Enforcer.RemovePolicies(policies); err != nil {
 		return fmt.Errorf("failed to remove policies: %w", err)
@@ -362,7 +365,12 @@ func doSync(e *Enforcer, rolesMap map[Role][]*Policy) error {
 
 	// Delete all the policies that are not in the roles map
 	// 1 - load the policies from the enforcer DB
-	for _, gotPolicies := range e.GetPolicy() {
+	policies, err := e.GetPolicy()
+	if err != nil {
+		return fmt.Errorf("failed to get policies: %w", err)
+	}
+
+	for _, gotPolicies := range policies {
 		role := gotPolicies[0]
 		policy := &Policy{Resource: gotPolicies[1], Action: gotPolicies[2]}
 
@@ -395,7 +403,7 @@ func doSync(e *Enforcer, rolesMap map[Role][]*Policy) error {
 	}
 
 	// To finish we make sure that the admin role inherit all the policies from the viewer role
-	_, err := e.AddGroupingPolicy(string(RoleAdmin), string(RoleViewer))
+	_, err = e.AddGroupingPolicy(string(RoleAdmin), string(RoleViewer))
 	if err != nil {
 		return fmt.Errorf("failed to add grouping policy: %w", err)
 	}

app/controlplane/pkg/authz/authz_integration_test.go

@@ -47,12 +47,14 @@ func TestMultiReplicaPropagation(t *testing.T) {
 	require.NoError(t, err)
 
 	// Make sure it propagates to the other one
-	got := enforcerA.GetFilteredPolicy(0, sub.String())
+	got, err := enforcerA.GetFilteredPolicy(0, sub.String())
+	require.NoError(t, err)
 	assert.Len(t, got, 2)
 
 	// it might take a bit for the policies to propagate to the other enforcer
 	err = fnWithRetry(func() error {
-		got = enforcerB.GetFilteredPolicy(0, sub.String())
+		got, err = enforcerB.GetFilteredPolicy(0, sub.String())
+		require.NoError(t, err)
 		if len(got) == 2 {
 			return nil
 		}
@@ -63,19 +65,24 @@ func TestMultiReplicaPropagation(t *testing.T) {
 
 	// Then delete them from the second one and check propagation again
 	require.NoError(t, enforcerB.ClearPolicies(sub))
-	assert.Len(t, enforcerB.GetFilteredPolicy(0, sub.String()), 0)
+	got, err = enforcerB.GetFilteredPolicy(0, sub.String())
+	require.NoError(t, err)
+	assert.Len(t, got, 0)
 
 	// Make sure it propagates to the other one
 	err = fnWithRetry(func() error {
-		got = enforcerA.GetFilteredPolicy(0, sub.String())
+		got, err = enforcerA.GetFilteredPolicy(0, sub.String())
+		require.NoError(t, err)
 		if len(got) == 0 {
 			return nil
 		}
 
 		return fmt.Errorf("policies not propagated yet")
 	})
 	require.NoError(t, err)
-	assert.Len(t, enforcerA.GetFilteredPolicy(0, sub.String()), 0)
+	got, err = enforcerA.GetFilteredPolicy(0, sub.String())
+	require.NoError(t, err)
+	assert.Len(t, got, 0)
 }
 
 func fnWithRetry(f func() error) error {

app/controlplane/pkg/authz/authz_test.go

@@ -91,11 +91,13 @@ func TestAddPolicies(t *testing.T) {
 			require.NoError(t, err)
 
 			for _, p := range tc.policies {
-				ok := enforcer.HasPolicy(tc.subject.String(), p.Resource, p.Action)
+				ok, err := enforcer.HasPolicy(tc.subject.String(), p.Resource, p.Action)
+				assert.NoError(t, err)
 				assert.True(t, ok, fmt.Sprintf("policy %s:%s not found", p.Resource, p.Action))
 			}
 
-			gotLength := enforcer.GetFilteredPolicy(0, tc.subject.String())
+			gotLength, err := enforcer.GetFilteredPolicy(0, tc.subject.String())
+			assert.NoError(t, err)
 			assert.Len(t, gotLength, tc.wantNumberPolicies)
 		})
 	}
@@ -113,15 +115,17 @@ func TestAddPoliciesDuplication(t *testing.T) {
 
 	err := enforcer.AddPolicies(sub, want...)
 	require.NoError(t, err)
-	got := enforcer.GetFilteredPolicy(0, sub.String())
+	got, err := enforcer.GetFilteredPolicy(0, sub.String())
+	require.NoError(t, err)
 	assert.Len(t, got, 2)
 
 	// Update the list of policies we want to add by appending an extra one
 	want = append(want, PolicyWorkflowContractUpdate)
 	// AddPolicies only add the policies that are not already present preventing duplication
 	err = enforcer.AddPolicies(sub, want...)
 	assert.NoError(t, err)
-	got = enforcer.GetFilteredPolicy(0, sub.String())
+	got, err = enforcer.GetFilteredPolicy(0, sub.String())
+	assert.NoError(t, err)
 	assert.Len(t, got, 3)
 }
 
@@ -145,7 +149,8 @@ func TestSyncRBACRoles(t *testing.T) {
 
 	// Make sure we are adding all the policies for the listed roles
 	for r, policies := range rolesMap {
-		got := e.GetFilteredPolicy(0, string(r))
+		got, err := e.GetFilteredPolicy(0, string(r))
+		assert.NoError(t, err)
 		assert.Len(t, got, len(policies))
 	}
 
@@ -178,7 +183,9 @@ func TestDoSync(t *testing.T) {
 	// load custom policies
 	err := doSync(e, policiesM)
 	assert.NoError(t, err)
-	assert.Len(t, e.GetPolicy(), 3)
+	got, err := e.GetPolicy()
+	assert.NoError(t, err)
+	assert.Len(t, got, 3)
 
 	// update stored map removing one item of one role
 	policiesM = map[Role][]*Policy{
@@ -192,7 +199,9 @@ func TestDoSync(t *testing.T) {
 
 	err = doSync(e, policiesM)
 	assert.NoError(t, err)
-	assert.Len(t, e.GetPolicy(), 2)
+	got, err = e.GetPolicy()
+	assert.NoError(t, err)
+	assert.Len(t, got, 2)
 
 	// or deleting a whole section
 	policiesM = map[Role][]*Policy{
@@ -203,7 +212,9 @@ func TestDoSync(t *testing.T) {
 
 	err = doSync(e, policiesM)
 	assert.NoError(t, err)
-	assert.Len(t, e.GetPolicy(), 1)
+	got, err = e.GetPolicy()
+	assert.NoError(t, err)
+	assert.Len(t, got, 1)
 }
 
 func TestClearPolicies(t *testing.T) {
@@ -223,17 +234,20 @@ func TestClearPolicies(t *testing.T) {
 	err = enforcer.AddPolicies(sub2, want...)
 	require.NoError(t, err)
 	// Each have 2 items
-	got := enforcer.GetFilteredPolicy(0, sub.String())
+	got, err := enforcer.GetFilteredPolicy(0, sub.String())
+	require.NoError(t, err)
 	assert.Len(t, got, 2)
 
 	// Clear all the policies for the subject
 	err = enforcer.ClearPolicies(sub)
 	assert.NoError(t, err)
 	// there should be no policies left for this user
-	got = enforcer.GetFilteredPolicy(0, sub.String())
+	got, err = enforcer.GetFilteredPolicy(0, sub.String())
+	require.NoError(t, err)
 	assert.Len(t, got, 0)
 	// but the other user should still have 2
-	got = enforcer.GetFilteredPolicy(0, sub2.String())
+	got, err = enforcer.GetFilteredPolicy(0, sub2.String())
+	require.NoError(t, err)
 	assert.Len(t, got, 2)
 }
 

app/controlplane/pkg/biz/apitoken_integration_test.go

@@ -121,12 +121,14 @@ func (s *apiTokenTestSuite) TestAuthzPolicies() {
 
 	subject := (&authz.SubjectAPIToken{ID: token.ID.String()}).String()
 	// load the policies associated with the token from the global enforcer
-	policies := s.Enforcer.GetFilteredPolicy(0, subject)
+	policies, err := s.Enforcer.GetFilteredPolicy(0, subject)
+	s.Require().NoError(err)
 
 	// Check that only default policies are loaded
 	s.Len(policies, len(s.APIToken.DefaultAuthzPolicies))
 	for _, p := range s.APIToken.DefaultAuthzPolicies {
-		ok := s.Enforcer.HasPolicy(subject, p.Resource, p.Action)
+		ok, err := s.Enforcer.HasPolicy(subject, p.Resource, p.Action)
+		s.NoError(err)
 		s.True(ok, fmt.Sprintf("policy %s:%s not found", p.Resource, p.Action))
 	}
 }
@@ -155,12 +157,14 @@ func (s *apiTokenTestSuite) TestRevoke() {
 	s.Run("the revoked token also get its policies cleared", func() {
 		sub := (&authz.SubjectAPIToken{ID: s.t2.ID.String()}).String()
 		// It has the default policies
-		gotPolicies := s.Enforcer.GetFilteredPolicy(0, sub)
+		gotPolicies, err := s.Enforcer.GetFilteredPolicy(0, sub)
+		s.NoError(err)
 		s.Len(gotPolicies, len(s.APIToken.DefaultAuthzPolicies))
-		err := s.APIToken.Revoke(ctx, s.org.ID, s.t2.ID.String())
+		err = s.APIToken.Revoke(ctx, s.org.ID, s.t2.ID.String())
 		s.NoError(err)
 		// once revoked, the policies are cleared
-		gotPolicies = s.Enforcer.GetFilteredPolicy(0, sub)
+		gotPolicies, err = s.Enforcer.GetFilteredPolicy(0, sub)
+		s.NoError(err)
 		s.Len(gotPolicies, 0)
 	})