feat: add support for is_default flag on policy collections (ENG-2684) (#34)

* feat: add support for is_default flag on policy collecitons

* Add explicit flags for including default collections / policies for projects

* Fix tests

Author: johnsca

scripts/openapi.json

@@ -424,8 +424,20 @@
           "Policy Collections"
         ],
         "summary": "List",
-        "description": "List all policy collections",
+        "description": "List all (or just defaults) policy collections",
         "operationId": "get_policy_collections_policy_collections_get",
+        "parameters": [
+          {
+            "required": false,
+            "schema": {
+              "title": "Only Defaults",
+              "type": "boolean",
+              "default": false
+            },
+            "name": "only_defaults",
+            "in": "query"
+          }
+        ],
         "responses": {
           "200": {
             "description": "Successful Response",
@@ -440,6 +452,16 @@
                 }
               }
             }
+          },
+          "422": {
+            "description": "Validation Error",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/HTTPValidationError"
+                }
+              }
+            }
           }
         }
       },
@@ -564,6 +586,54 @@
             }
           }
         }
+      },
+      "patch": {
+        "tags": [
+          "Policy Collections"
+        ],
+        "summary": "Update",
+        "operationId": "update_policy_collection_policy_collections__name__patch",
+        "parameters": [
+          {
+            "required": true,
+            "schema": {
+              "title": "Name",
+              "type": "string"
+            },
+            "name": "name",
+            "in": "path"
+          }
+        ],
+        "requestBody": {
+          "content": {
+            "application/json": {
+              "schema": {
+                "$ref": "#/components/schemas/UpdatePolicyCollectionInput"
+              }
+            }
+          },
+          "required": true
+        },
+        "responses": {
+          "200": {
+            "description": "Successful Response",
+            "content": {
+              "application/json": {
+                "schema": {}
+              }
+            }
+          },
+          "422": {
+            "description": "Validation Error",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/HTTPValidationError"
+                }
+              }
+            }
+          }
+        }
       }
     },
     "/policy-collections/{name}/policies": {
@@ -1209,6 +1279,16 @@
             },
             "name": "name",
             "in": "path"
+          },
+          {
+            "required": false,
+            "schema": {
+              "title": "Include Default Collections",
+              "type": "boolean",
+              "default": false
+            },
+            "name": "include_default_collections",
+            "in": "query"
           }
         ],
         "responses": {
@@ -1357,6 +1437,16 @@
             },
             "name": "name",
             "in": "path"
+          },
+          {
+            "required": false,
+            "schema": {
+              "title": "Include Defaults",
+              "type": "boolean",
+              "default": false
+            },
+            "name": "include_defaults",
+            "in": "query"
           }
         ],
         "responses": {
@@ -1522,6 +1612,16 @@
             },
             "name": "name",
             "in": "path"
+          },
+          {
+            "required": false,
+            "schema": {
+              "title": "Include Defaults",
+              "type": "boolean",
+              "default": false
+            },
+            "name": "include_defaults",
+            "in": "query"
           }
         ],
         "responses": {
@@ -2082,6 +2182,11 @@
             },
             "default": []
           },
+          "is_default": {
+            "title": "Is Default",
+            "type": "boolean",
+            "default": false
+          },
           "created_at": {
             "title": "Created At",
             "type": "string",
@@ -2114,6 +2219,11 @@
               "type": "string"
             },
             "default": []
+          },
+          "is_default": {
+            "title": "Is Default",
+            "type": "boolean",
+            "default": false
           }
         }
       },
@@ -2194,7 +2304,7 @@
               "added": 0,
               "updated": 0,
               "removed": 0,
-              "started_at": "2023-10-11T21:35:58.971771"
+              "started_at": "2023-10-13T19:14:36.359196"
             }
           }
         }
@@ -2320,7 +2430,7 @@
               "added": 0,
               "updated": 0,
               "removed": 0,
-              "started_at": "2023-10-11T21:35:58.971291"
+              "started_at": "2023-10-13T19:14:36.358730"
             }
           }
         }
@@ -2896,6 +3006,24 @@
           }
         }
       },
+      "UpdatePolicyCollectionInput": {
+        "title": "UpdatePolicyCollectionInput",
+        "type": "object",
+        "properties": {
+          "is_default": {
+            "title": "Is Default",
+            "type": "boolean"
+          },
+          "policies": {
+            "title": "Policies",
+            "uniqueItems": true,
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          }
+        }
+      },
       "UpdatePolicySource": {
         "title": "UpdatePolicySource",
         "type": "object",

stacklet/client/sinistral/commands/policy_collections.py

@@ -17,14 +17,14 @@ class PolicyCollections(Client):
 @PolicyCollections.commands.register("list")
 class List(ClientCommand):
     """
-    List all policy collections
+    List all (or just defaults) policy collections
     """
 
     command = "list"
     method = "get"
     path = "/policy-collections"
     params = {}
-    query_params = {}
+    query_params = {"--only_defaults": {"required": False}}
     payload_params = {}
 
 
@@ -53,6 +53,11 @@ class Create(ClientCommand):
                     "items": {"type": "string"},
                     "default": [],
                 },
+                "is_default": {
+                    "title": "Is Default",
+                    "type": "boolean",
+                    "default": False,
+                },
             },
         }
     }
@@ -86,6 +91,34 @@ class Delete(ClientCommand):
     payload_params = {}
 
 
+@PolicyCollections.commands.register("update")
+class Update(ClientCommand):
+    """
+    None
+    """
+
+    command = "update"
+    method = "patch"
+    path = "/policy-collections/{name}"
+    params = {"--name": {"required": True}}
+    query_params = {}
+    payload_params = {
+        "schema": {
+            "title": "UpdatePolicyCollectionInput",
+            "type": "object",
+            "properties": {
+                "is_default": {"title": "Is Default", "type": "boolean"},
+                "policies": {
+                    "title": "Policies",
+                    "uniqueItems": True,
+                    "type": "array",
+                    "items": {"type": "string"},
+                },
+            },
+        }
+    }
+
+
 @PolicyCollections.commands.register("get-policies")
 class GetPolicies(ClientCommand):
     """

stacklet/client/sinistral/commands/projects.py

@@ -79,7 +79,7 @@ class Get(ClientCommand):
     method = "get"
     path = "/projects/{name}"
     params = {"--name": {"required": True}}
-    query_params = {}
+    query_params = {"--include_default_collections": {"required": False}}
     payload_params = {}
 
 
@@ -146,7 +146,7 @@ class GetCollections(ClientCommand):
     method = "get"
     path = "/projects/{name}/collections"
     params = {"--name": {"required": True}}
-    query_params = {}
+    query_params = {"--include_defaults": {"required": False}}
     payload_params = {}
 
 
@@ -203,7 +203,7 @@ class GetPolicies(ClientCommand):
     method = "get"
     path = "/projects/{name}/policies"
     params = {"--name": {"required": True}}
-    query_params = {}
+    query_params = {"--include_defaults": {"required": False}}
     payload_params = {}
 
 

stacklet/client/sinistral/commands/run.py

@@ -76,26 +76,21 @@ def run(ctx, project, dryrun, *args, **kwargs):
     sinistral = sinistral_client()
 
     projects_client = sinistral.client("projects")
-    policy_collections_client = sinistral.client("policy-collections")
-
-    results = []
     try:
-        project_data = projects_client.get(name=project)
+        policies = projects_client.get_policies(name=project, include_defaults=True)
     except Exception as e:
         click.echo(f"Unable to get project: {e}", err=True)
         sys.exit(1)
 
-    if not project_data.get("collections"):
+    if not policies:
         click.echo("Project has no policy collections", err=True)
         sys.exit(1)
 
-    for c in project_data["collections"]:
-        policies = policy_collections_client.get_policies(name=c)
-        raw_policies = [p["raw_policy"] for p in policies]
-        with TemporaryDirectory() as tempdir:
-            with open(f"{tempdir}/policy.yaml", "w+") as f:
-                yaml.dump({"policies": raw_policies}, f)
-                ctx.params["policy_dir"] = tempdir
-                results.append(int(left_run.invoke(ctx)))
-
+    raw_policies = [p["raw_policy"] for p in policies]
+    results = []
+    with TemporaryDirectory() as tempdir:
+        with open(f"{tempdir}/policy.yaml", "w+") as f:
+            yaml.dump({"policies": raw_policies}, f)
+            ctx.params["policy_dir"] = tempdir
+            results.append(int(left_run.invoke(ctx)))
     sys.exit(int(sorted(results)[-1]))

tests/test_run.py

@@ -7,8 +7,7 @@
 
 
 from .utils import (
-    get_project_response,
-    get_policies_for_collection_response,
+    get_policies_for_project_response,
     create_scan_response,
     get_mock_response,
 )
@@ -33,8 +32,7 @@ def test_submit_run():
         RestExecutor,
         "get",
         side_effect=[
-            get_mock_response(json=get_project_response),
-            get_mock_response(json=get_policies_for_collection_response),
+            get_mock_response(json=get_policies_for_project_response),
         ],
     ):
         with patch.object(
@@ -68,8 +66,7 @@ def test_submit_run_fail():
         RestExecutor,
         "get",
         side_effect=[
-            get_mock_response(json=get_project_response),
-            get_mock_response(json=get_policies_for_collection_response),
+            get_mock_response(json=get_policies_for_project_response),
         ],
     ):
         with patch.object(

tests/utils.py

@@ -23,7 +23,7 @@ def get_mock_response(status_code=200, json={}):
     "updated_at": "2023-02-17T14:40:49.394311+00:00",
 }
 
-get_policies_for_collection_response = [
+get_policies_for_project_response = [
     {
         "name": "check-tags",
         "source_name": "csd-policies",