diff --git a/policy-migration/src/config/config.ts b/policy-migration/src/config/config.ts index dc5d4072..13ebf64b 100644 --- a/policy-migration/src/config/config.ts +++ b/policy-migration/src/config/config.ts @@ -25,7 +25,8 @@ type LogLevel = ( export enum Migration { ReplaceSubject = "replaceSubject", AddSubject = "addSubject", - AddEntry = "addEntry" + AddEntry = "addEntry", + ReplaceEntries = "replaceEntries" } export type Config = { @@ -37,10 +38,17 @@ export type Config = { readonly secret: string; readonly scope: string; }; + readonly basicAuth: { readonly username: string; readonly password: string; }; + + readonly apiKey: { + readonly key: string; + readonly value: string + }; + readonly namespaces?: [string]; readonly filter?: string; readonly pageSize: number; @@ -58,6 +66,22 @@ export type Config = { }; readonly migrations: [{ [key: string]: unknown }]; + + readonly policyEntries: { + [label: string]: { + subjects: { + [subject: string]: { + type: string; + }; + }; + resources: { + [resource: string]: { + grant: (string)[]; + revoke: (string)[]; + }; + }; + }; + } }; const defaults = { diff --git a/policy-migration/src/http/auth.ts b/policy-migration/src/http/auth.ts index 8089b1d5..f794f4b8 100644 --- a/policy-migration/src/http/auth.ts +++ b/policy-migration/src/http/auth.ts @@ -36,10 +36,15 @@ export class HttpAuth { headers.append( "Authorization", "Basic " + - btoa( - this.cfg.basicAuth.username + ":" + - this.cfg.basicAuth.password, - ), + btoa( + this.cfg.basicAuth.username + ":" + + this.cfg.basicAuth.password, + ), + ); + } else if (this.cfg.apiKey) { + headers.append( + this.cfg.apiKey.key, + this.cfg.apiKey.value ); } } diff --git a/policy-migration/src/migration.ts b/policy-migration/src/migration.ts index 6fe3008a..1cd9862d 100644 --- a/policy-migration/src/migration.ts +++ b/policy-migration/src/migration.ts @@ -17,7 +17,7 @@ import { HttpErrorResponse, MigrationResult, Progress } from "./model/base.ts"; import { Policy } from "./model/policy.ts"; import { Search } from "./search.ts"; import { HttpAuth } from "./http/auth.ts"; -import { AddEntry, AddSubject, ReplaceSubject } from "./model/migration.ts"; +import { AddEntry, AddSubject, ReplaceEntries, ReplaceSubject } from "./model/migration.ts"; /** * The policy migration is done in several steps: @@ -222,6 +222,8 @@ export class MigrationStep { return this.addSubject(policy, step as AddSubject); case Migration.AddEntry: return this.addEntry(policy, step as AddEntry); + case Migration.ReplaceEntries: + return this.replaceEntries(policy, step as ReplaceEntries) default: this.logger.info(`Unknown migration ${label}. Ignoring.`); return false; @@ -263,4 +265,9 @@ export class MigrationStep { } return changed; } + + private replaceEntries(policy: Policy, replaceEntries: ReplaceEntries) { + policy.entries = replaceEntries.policyEntries; + return true; + } } diff --git a/policy-migration/src/model/migration.ts b/policy-migration/src/model/migration.ts index 0b8e06a6..a7d4dacc 100644 --- a/policy-migration/src/model/migration.ts +++ b/policy-migration/src/model/migration.ts @@ -33,4 +33,8 @@ export type AddEntry = { label: string; entry: PolicyEntry; replace: boolean; -}; \ No newline at end of file +}; + +export type ReplaceEntries = { + policyEntries: { [label: string]: PolicyEntry }; +} diff --git a/policy-migration/src/search.ts b/policy-migration/src/search.ts index 57ceeb9e..630e4077 100644 --- a/policy-migration/src/search.ts +++ b/policy-migration/src/search.ts @@ -82,8 +82,15 @@ export class Search { this.completed = true; } + const policiesMap: Map = new Map(); + sr.items.forEach((item) => { + policiesMap.set(item._policy.policyId, item._policy); + }); const policies: Policy[] = []; - sr.items.forEach((item) => policies.push(item._policy)); + policiesMap.forEach((value, _) => { + policies.push(value); + }); + return policies; }); }