diff --git a/app/cli/cmd/organization_update.go b/app/cli/cmd/organization_update.go index cc2306fd6..8976345e6 100644 --- a/app/cli/cmd/organization_update.go +++ b/app/cli/cmd/organization_update.go @@ -26,6 +26,7 @@ func newOrganizationUpdateCmd() *cobra.Command { blockOnPolicyViolation bool policiesAllowedHostnames []string preventImplicitWorkflowCreation bool + disableRequirementsAutoMatching bool ) cmd := &cobra.Command{ @@ -45,6 +46,10 @@ func newOrganizationUpdateCmd() *cobra.Command { opts.PreventImplicitWorkflowCreation = &preventImplicitWorkflowCreation } + if cmd.Flags().Changed("disable-requirements-auto-matching") { + opts.DisableRequirementsAutoMatching = &disableRequirementsAutoMatching + } + _, err := action.NewOrgUpdate(ActionOpts).Run(cmd.Context(), orgName, opts) if err != nil { return err @@ -62,5 +67,6 @@ func newOrganizationUpdateCmd() *cobra.Command { cmd.Flags().BoolVar(&blockOnPolicyViolation, "block", false, "set the default policy violation blocking strategy") cmd.Flags().StringSliceVar(&policiesAllowedHostnames, "policies-allowed-hostnames", []string{}, "set the allowed hostnames for the policy engine") cmd.Flags().BoolVar(&preventImplicitWorkflowCreation, "prevent-implicit-workflow-creation", false, "prevent workflows and projects from being created implicitly during attestation init") + cmd.Flags().BoolVar(&disableRequirementsAutoMatching, "disable-requirements-auto-matching", false, "disable automatic matching of policies to requirements based on parameters. When enabled, only explicit requirement references are used") return cmd } diff --git a/app/cli/documentation/cli-reference.mdx b/app/cli/documentation/cli-reference.mdx index 21c14c386..67822618d 100755 --- a/app/cli/documentation/cli-reference.mdx +++ b/app/cli/documentation/cli-reference.mdx @@ -2763,6 +2763,7 @@ Options ``` --block set the default policy violation blocking strategy +--disable-requirements-auto-matching disable automatic matching of policies to requirements based on parameters. When enabled, only explicit requirement references are used -h, --help help for update --name string organization name --policies-allowed-hostnames strings set the allowed hostnames for the policy engine diff --git a/app/cli/pkg/action/org_update.go b/app/cli/pkg/action/org_update.go index 9e344711e..9948419d5 100644 --- a/app/cli/pkg/action/org_update.go +++ b/app/cli/pkg/action/org_update.go @@ -33,6 +33,7 @@ type NewOrgUpdateOpts struct { BlockOnPolicyViolation *bool PoliciesAllowedHostnames *[]string PreventImplicitWorkflowCreation *bool + DisableRequirementsAutoMatching *bool } func (action *OrgUpdate) Run(ctx context.Context, name string, opts *NewOrgUpdateOpts) (*OrgItem, error) { @@ -42,6 +43,7 @@ func (action *OrgUpdate) Run(ctx context.Context, name string, opts *NewOrgUpdat Name: name, BlockOnPolicyViolation: opts.BlockOnPolicyViolation, PreventImplicitWorkflowCreation: opts.PreventImplicitWorkflowCreation, + DisableRequirementsAutoMatching: opts.DisableRequirementsAutoMatching, } if opts.PoliciesAllowedHostnames != nil { diff --git a/app/controlplane/api/controlplane/v1/organization.pb.go b/app/controlplane/api/controlplane/v1/organization.pb.go index 57380bc1a..2395119b9 100644 --- a/app/controlplane/api/controlplane/v1/organization.pb.go +++ b/app/controlplane/api/controlplane/v1/organization.pb.go @@ -448,8 +448,10 @@ type OrganizationServiceUpdateRequest struct { PreventImplicitWorkflowCreation *bool `protobuf:"varint,5,opt,name=prevent_implicit_workflow_creation,json=preventImplicitWorkflowCreation,proto3,oneof" json:"prevent_implicit_workflow_creation,omitempty"` // restrict_contract_creation_to_org_admins restricts contract creation (org-level and project-level) to only organization admins (owner/admin roles) RestrictContractCreationToOrgAdmins *bool `protobuf:"varint,6,opt,name=restrict_contract_creation_to_org_admins,json=restrictContractCreationToOrgAdmins,proto3,oneof" json:"restrict_contract_creation_to_org_admins,omitempty"` - unknownFields protoimpl.UnknownFields - sizeCache protoimpl.SizeCache + // disable_requirements_auto_matching disables automatic matching of policies to requirements + DisableRequirementsAutoMatching *bool `protobuf:"varint,7,opt,name=disable_requirements_auto_matching,json=disableRequirementsAutoMatching,proto3,oneof" json:"disable_requirements_auto_matching,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *OrganizationServiceUpdateRequest) Reset() { @@ -524,6 +526,13 @@ func (x *OrganizationServiceUpdateRequest) GetRestrictContractCreationToOrgAdmin return false } +func (x *OrganizationServiceUpdateRequest) GetDisableRequirementsAutoMatching() bool { + if x != nil && x.DisableRequirementsAutoMatching != nil { + return *x.DisableRequirementsAutoMatching + } + return false +} + type OrganizationServiceUpdateResponse struct { state protoimpl.MessageState `protogen:"open.v1"` Result *OrgItem `protobuf:"bytes,1,opt,name=result,proto3" json:"result,omitempty"` @@ -682,17 +691,19 @@ const file_controlplane_v1_organization_proto_rawDesc = "" + " OrganizationServiceCreateRequest\x12\x1b\n" + "\x04name\x18\x01 \x01(\tB\a\xbaH\x04r\x02\x10\x01R\x04name\"U\n" + "!OrganizationServiceCreateResponse\x120\n" + - "\x06result\x18\x01 \x01(\v2\x18.controlplane.v1.OrgItemR\x06result\"\xa8\x04\n" + + "\x06result\x18\x01 \x01(\v2\x18.controlplane.v1.OrgItemR\x06result\"\xa1\x05\n" + " OrganizationServiceUpdateRequest\x12\x1b\n" + "\x04name\x18\x01 \x01(\tB\a\xbaH\x04r\x02\x10\x01R\x04name\x12>\n" + "\x19block_on_policy_violation\x18\x02 \x01(\bH\x00R\x16blockOnPolicyViolation\x88\x01\x01\x12<\n" + "\x1apolicies_allowed_hostnames\x18\x03 \x03(\tR\x18policiesAllowedHostnames\x12I\n" + "!update_policies_allowed_hostnames\x18\x04 \x01(\bR\x1eupdatePoliciesAllowedHostnames\x12P\n" + "\"prevent_implicit_workflow_creation\x18\x05 \x01(\bH\x01R\x1fpreventImplicitWorkflowCreation\x88\x01\x01\x12Z\n" + - "(restrict_contract_creation_to_org_admins\x18\x06 \x01(\bH\x02R#restrictContractCreationToOrgAdmins\x88\x01\x01B\x1c\n" + + "(restrict_contract_creation_to_org_admins\x18\x06 \x01(\bH\x02R#restrictContractCreationToOrgAdmins\x88\x01\x01\x12P\n" + + "\"disable_requirements_auto_matching\x18\a \x01(\bH\x03R\x1fdisableRequirementsAutoMatching\x88\x01\x01B\x1c\n" + "\x1a_block_on_policy_violationB%\n" + "#_prevent_implicit_workflow_creationB+\n" + - ")_restrict_contract_creation_to_org_admins\"U\n" + + ")_restrict_contract_creation_to_org_adminsB%\n" + + "#_disable_requirements_auto_matching\"U\n" + "!OrganizationServiceUpdateResponse\x120\n" + "\x06result\x18\x01 \x01(\v2\x18.controlplane.v1.OrgItemR\x06result\"?\n" + " OrganizationServiceDeleteRequest\x12\x1b\n" + diff --git a/app/controlplane/api/controlplane/v1/organization.proto b/app/controlplane/api/controlplane/v1/organization.proto index cb5f2a989..5ad2a65f9 100644 --- a/app/controlplane/api/controlplane/v1/organization.proto +++ b/app/controlplane/api/controlplane/v1/organization.proto @@ -99,6 +99,9 @@ message OrganizationServiceUpdateRequest { // restrict_contract_creation_to_org_admins restricts contract creation (org-level and project-level) to only organization admins (owner/admin roles) optional bool restrict_contract_creation_to_org_admins = 6; + + // disable_requirements_auto_matching disables automatic matching of policies to requirements + optional bool disable_requirements_auto_matching = 7; } message OrganizationServiceUpdateResponse { diff --git a/app/controlplane/api/controlplane/v1/response_messages.pb.go b/app/controlplane/api/controlplane/v1/response_messages.pb.go index 26c2cd420..3b9104728 100644 --- a/app/controlplane/api/controlplane/v1/response_messages.pb.go +++ b/app/controlplane/api/controlplane/v1/response_messages.pb.go @@ -1888,8 +1888,10 @@ type OrgItem struct { PreventImplicitWorkflowCreation bool `protobuf:"varint,7,opt,name=prevent_implicit_workflow_creation,json=preventImplicitWorkflowCreation,proto3" json:"prevent_implicit_workflow_creation,omitempty"` // restrict_contract_creation_to_org_admins restricts contract creation (org-level and project-level) to only organization admins (owner/admin roles) RestrictContractCreationToOrgAdmins bool `protobuf:"varint,8,opt,name=restrict_contract_creation_to_org_admins,json=restrictContractCreationToOrgAdmins,proto3" json:"restrict_contract_creation_to_org_admins,omitempty"` - unknownFields protoimpl.UnknownFields - sizeCache protoimpl.SizeCache + // disable_requirements_auto_matching disables automatic matching of policies to requirements + DisableRequirementsAutoMatching bool `protobuf:"varint,9,opt,name=disable_requirements_auto_matching,json=disableRequirementsAutoMatching,proto3" json:"disable_requirements_auto_matching,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *OrgItem) Reset() { @@ -1978,6 +1980,13 @@ func (x *OrgItem) GetRestrictContractCreationToOrgAdmins() bool { return false } +func (x *OrgItem) GetDisableRequirementsAutoMatching() bool { + if x != nil { + return x.DisableRequirementsAutoMatching + } + return false +} + type CASBackendItem struct { state protoimpl.MessageState `protogen:"open.v1"` Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` @@ -2762,7 +2771,7 @@ const file_controlplane_v1_response_messages_proto_rawDesc = "" + "created_at\x18\x04 \x01(\v2\x1a.google.protobuf.TimestampR\tcreatedAt\x129\n" + "\n" + "updated_at\x18\x05 \x01(\v2\x1a.google.protobuf.TimestampR\tupdatedAt\x123\n" + - "\x04role\x18\x06 \x01(\x0e2\x1f.controlplane.v1.MembershipRoleR\x04role\"\xbe\x05\n" + + "\x04role\x18\x06 \x01(\x0e2\x1f.controlplane.v1.MembershipRoleR\x04role\"\x8b\x06\n" + "\aOrgItem\x12\x0e\n" + "\x02id\x18\x01 \x01(\tR\x02id\x12\x12\n" + "\x04name\x18\x02 \x01(\tR\x04name\x129\n" + @@ -2773,7 +2782,8 @@ const file_controlplane_v1_response_messages_proto_rawDesc = "" + "!default_policy_violation_strategy\x18\x04 \x01(\x0e28.controlplane.v1.OrgItem.PolicyViolationBlockingStrategyR\x1edefaultPolicyViolationStrategy\x128\n" + "\x18policy_allowed_hostnames\x18\x05 \x03(\tR\x16policyAllowedHostnames\x12K\n" + "\"prevent_implicit_workflow_creation\x18\a \x01(\bR\x1fpreventImplicitWorkflowCreation\x12U\n" + - "(restrict_contract_creation_to_org_admins\x18\b \x01(\bR#restrictContractCreationToOrgAdmins\"\xb4\x01\n" + + "(restrict_contract_creation_to_org_admins\x18\b \x01(\bR#restrictContractCreationToOrgAdmins\x12K\n" + + "\"disable_requirements_auto_matching\x18\t \x01(\bR\x1fdisableRequirementsAutoMatching\"\xb4\x01\n" + "\x1fPolicyViolationBlockingStrategy\x122\n" + ".POLICY_VIOLATION_BLOCKING_STRATEGY_UNSPECIFIED\x10\x00\x12,\n" + "(POLICY_VIOLATION_BLOCKING_STRATEGY_BLOCK\x10\x01\x12/\n" + diff --git a/app/controlplane/api/controlplane/v1/response_messages.proto b/app/controlplane/api/controlplane/v1/response_messages.proto index cb12e2ce8..88783b5d7 100644 --- a/app/controlplane/api/controlplane/v1/response_messages.proto +++ b/app/controlplane/api/controlplane/v1/response_messages.proto @@ -283,6 +283,8 @@ message OrgItem { bool prevent_implicit_workflow_creation = 7; // restrict_contract_creation_to_org_admins restricts contract creation (org-level and project-level) to only organization admins (owner/admin roles) bool restrict_contract_creation_to_org_admins = 8; + // disable_requirements_auto_matching disables automatic matching of policies to requirements + bool disable_requirements_auto_matching = 9; enum PolicyViolationBlockingStrategy { POLICY_VIOLATION_BLOCKING_STRATEGY_UNSPECIFIED = 0; diff --git a/app/controlplane/api/gen/frontend/controlplane/v1/organization.ts b/app/controlplane/api/gen/frontend/controlplane/v1/organization.ts index dc018ca11..ffc9645f3 100644 --- a/app/controlplane/api/gen/frontend/controlplane/v1/organization.ts +++ b/app/controlplane/api/gen/frontend/controlplane/v1/organization.ts @@ -81,7 +81,11 @@ export interface OrganizationServiceUpdateRequest { | boolean | undefined; /** restrict_contract_creation_to_org_admins restricts contract creation (org-level and project-level) to only organization admins (owner/admin roles) */ - restrictContractCreationToOrgAdmins?: boolean | undefined; + restrictContractCreationToOrgAdmins?: + | boolean + | undefined; + /** disable_requirements_auto_matching disables automatic matching of policies to requirements */ + disableRequirementsAutoMatching?: boolean | undefined; } export interface OrganizationServiceUpdateResponse { @@ -671,6 +675,7 @@ function createBaseOrganizationServiceUpdateRequest(): OrganizationServiceUpdate updatePoliciesAllowedHostnames: false, preventImplicitWorkflowCreation: undefined, restrictContractCreationToOrgAdmins: undefined, + disableRequirementsAutoMatching: undefined, }; } @@ -694,6 +699,9 @@ export const OrganizationServiceUpdateRequest = { if (message.restrictContractCreationToOrgAdmins !== undefined) { writer.uint32(48).bool(message.restrictContractCreationToOrgAdmins); } + if (message.disableRequirementsAutoMatching !== undefined) { + writer.uint32(56).bool(message.disableRequirementsAutoMatching); + } return writer; }, @@ -746,6 +754,13 @@ export const OrganizationServiceUpdateRequest = { message.restrictContractCreationToOrgAdmins = reader.bool(); continue; + case 7: + if (tag !== 56) { + break; + } + + message.disableRequirementsAutoMatching = reader.bool(); + continue; } if ((tag & 7) === 4 || tag === 0) { break; @@ -771,6 +786,9 @@ export const OrganizationServiceUpdateRequest = { restrictContractCreationToOrgAdmins: isSet(object.restrictContractCreationToOrgAdmins) ? Boolean(object.restrictContractCreationToOrgAdmins) : undefined, + disableRequirementsAutoMatching: isSet(object.disableRequirementsAutoMatching) + ? Boolean(object.disableRequirementsAutoMatching) + : undefined, }; }, @@ -789,6 +807,8 @@ export const OrganizationServiceUpdateRequest = { (obj.preventImplicitWorkflowCreation = message.preventImplicitWorkflowCreation); message.restrictContractCreationToOrgAdmins !== undefined && (obj.restrictContractCreationToOrgAdmins = message.restrictContractCreationToOrgAdmins); + message.disableRequirementsAutoMatching !== undefined && + (obj.disableRequirementsAutoMatching = message.disableRequirementsAutoMatching); return obj; }, @@ -808,6 +828,7 @@ export const OrganizationServiceUpdateRequest = { message.updatePoliciesAllowedHostnames = object.updatePoliciesAllowedHostnames ?? false; message.preventImplicitWorkflowCreation = object.preventImplicitWorkflowCreation ?? undefined; message.restrictContractCreationToOrgAdmins = object.restrictContractCreationToOrgAdmins ?? undefined; + message.disableRequirementsAutoMatching = object.disableRequirementsAutoMatching ?? undefined; return message; }, }; diff --git a/app/controlplane/api/gen/frontend/controlplane/v1/response_messages.ts b/app/controlplane/api/gen/frontend/controlplane/v1/response_messages.ts index 7fe2b2932..634157d26 100644 --- a/app/controlplane/api/gen/frontend/controlplane/v1/response_messages.ts +++ b/app/controlplane/api/gen/frontend/controlplane/v1/response_messages.ts @@ -610,6 +610,8 @@ export interface OrgItem { preventImplicitWorkflowCreation: boolean; /** restrict_contract_creation_to_org_admins restricts contract creation (org-level and project-level) to only organization admins (owner/admin roles) */ restrictContractCreationToOrgAdmins: boolean; + /** disable_requirements_auto_matching disables automatic matching of policies to requirements */ + disableRequirementsAutoMatching: boolean; } export enum OrgItem_PolicyViolationBlockingStrategy { @@ -3759,6 +3761,7 @@ function createBaseOrgItem(): OrgItem { policyAllowedHostnames: [], preventImplicitWorkflowCreation: false, restrictContractCreationToOrgAdmins: false, + disableRequirementsAutoMatching: false, }; } @@ -3788,6 +3791,9 @@ export const OrgItem = { if (message.restrictContractCreationToOrgAdmins === true) { writer.uint32(64).bool(message.restrictContractCreationToOrgAdmins); } + if (message.disableRequirementsAutoMatching === true) { + writer.uint32(72).bool(message.disableRequirementsAutoMatching); + } return writer; }, @@ -3854,6 +3860,13 @@ export const OrgItem = { message.restrictContractCreationToOrgAdmins = reader.bool(); continue; + case 9: + if (tag !== 72) { + break; + } + + message.disableRequirementsAutoMatching = reader.bool(); + continue; } if ((tag & 7) === 4 || tag === 0) { break; @@ -3881,6 +3894,9 @@ export const OrgItem = { restrictContractCreationToOrgAdmins: isSet(object.restrictContractCreationToOrgAdmins) ? Boolean(object.restrictContractCreationToOrgAdmins) : false, + disableRequirementsAutoMatching: isSet(object.disableRequirementsAutoMatching) + ? Boolean(object.disableRequirementsAutoMatching) + : false, }; }, @@ -3903,6 +3919,8 @@ export const OrgItem = { (obj.preventImplicitWorkflowCreation = message.preventImplicitWorkflowCreation); message.restrictContractCreationToOrgAdmins !== undefined && (obj.restrictContractCreationToOrgAdmins = message.restrictContractCreationToOrgAdmins); + message.disableRequirementsAutoMatching !== undefined && + (obj.disableRequirementsAutoMatching = message.disableRequirementsAutoMatching); return obj; }, @@ -3920,6 +3938,7 @@ export const OrgItem = { message.policyAllowedHostnames = object.policyAllowedHostnames?.map((e) => e) || []; message.preventImplicitWorkflowCreation = object.preventImplicitWorkflowCreation ?? false; message.restrictContractCreationToOrgAdmins = object.restrictContractCreationToOrgAdmins ?? false; + message.disableRequirementsAutoMatching = object.disableRequirementsAutoMatching ?? false; return message; }, }; diff --git a/app/controlplane/api/gen/jsonschema/controlplane.v1.OrgItem.jsonschema.json b/app/controlplane/api/gen/jsonschema/controlplane.v1.OrgItem.jsonschema.json index 9383bebdd..7773e4f1d 100644 --- a/app/controlplane/api/gen/jsonschema/controlplane.v1.OrgItem.jsonschema.json +++ b/app/controlplane/api/gen/jsonschema/controlplane.v1.OrgItem.jsonschema.json @@ -24,6 +24,10 @@ } ] }, + "^(disable_requirements_auto_matching)$": { + "description": "disable_requirements_auto_matching disables automatic matching of policies to requirements", + "type": "boolean" + }, "^(policy_allowed_hostnames)$": { "items": { "type": "string" @@ -64,6 +68,10 @@ } ] }, + "disableRequirementsAutoMatching": { + "description": "disable_requirements_auto_matching disables automatic matching of policies to requirements", + "type": "boolean" + }, "id": { "type": "string" }, diff --git a/app/controlplane/api/gen/jsonschema/controlplane.v1.OrgItem.schema.json b/app/controlplane/api/gen/jsonschema/controlplane.v1.OrgItem.schema.json index b3d35850c..d02945b30 100644 --- a/app/controlplane/api/gen/jsonschema/controlplane.v1.OrgItem.schema.json +++ b/app/controlplane/api/gen/jsonschema/controlplane.v1.OrgItem.schema.json @@ -24,6 +24,10 @@ } ] }, + "^(disableRequirementsAutoMatching)$": { + "description": "disable_requirements_auto_matching disables automatic matching of policies to requirements", + "type": "boolean" + }, "^(policyAllowedHostnames)$": { "items": { "type": "string" @@ -64,6 +68,10 @@ } ] }, + "disable_requirements_auto_matching": { + "description": "disable_requirements_auto_matching disables automatic matching of policies to requirements", + "type": "boolean" + }, "id": { "type": "string" }, diff --git a/app/controlplane/api/gen/jsonschema/controlplane.v1.OrganizationServiceUpdateRequest.jsonschema.json b/app/controlplane/api/gen/jsonschema/controlplane.v1.OrganizationServiceUpdateRequest.jsonschema.json index c80f03e8e..013fb800e 100644 --- a/app/controlplane/api/gen/jsonschema/controlplane.v1.OrganizationServiceUpdateRequest.jsonschema.json +++ b/app/controlplane/api/gen/jsonschema/controlplane.v1.OrganizationServiceUpdateRequest.jsonschema.json @@ -7,6 +7,10 @@ "description": "\"optional\" allow us to detect if the value is explicitly set", "type": "boolean" }, + "^(disable_requirements_auto_matching)$": { + "description": "disable_requirements_auto_matching disables automatic matching of policies to requirements", + "type": "boolean" + }, "^(policies_allowed_hostnames)$": { "description": "array of hostnames that are allowed to be used in the policies", "items": { @@ -32,6 +36,10 @@ "description": "\"optional\" allow us to detect if the value is explicitly set", "type": "boolean" }, + "disableRequirementsAutoMatching": { + "description": "disable_requirements_auto_matching disables automatic matching of policies to requirements", + "type": "boolean" + }, "name": { "minLength": 1, "type": "string" diff --git a/app/controlplane/api/gen/jsonschema/controlplane.v1.OrganizationServiceUpdateRequest.schema.json b/app/controlplane/api/gen/jsonschema/controlplane.v1.OrganizationServiceUpdateRequest.schema.json index 9d85dd0a6..c3870ce8d 100644 --- a/app/controlplane/api/gen/jsonschema/controlplane.v1.OrganizationServiceUpdateRequest.schema.json +++ b/app/controlplane/api/gen/jsonschema/controlplane.v1.OrganizationServiceUpdateRequest.schema.json @@ -7,6 +7,10 @@ "description": "\"optional\" allow us to detect if the value is explicitly set", "type": "boolean" }, + "^(disableRequirementsAutoMatching)$": { + "description": "disable_requirements_auto_matching disables automatic matching of policies to requirements", + "type": "boolean" + }, "^(policiesAllowedHostnames)$": { "description": "array of hostnames that are allowed to be used in the policies", "items": { @@ -32,6 +36,10 @@ "description": "\"optional\" allow us to detect if the value is explicitly set", "type": "boolean" }, + "disable_requirements_auto_matching": { + "description": "disable_requirements_auto_matching disables automatic matching of policies to requirements", + "type": "boolean" + }, "name": { "minLength": 1, "type": "string" diff --git a/app/controlplane/internal/service/context.go b/app/controlplane/internal/service/context.go index a9dd6aac5..26cc893f4 100644 --- a/app/controlplane/internal/service/context.go +++ b/app/controlplane/internal/service/context.go @@ -123,6 +123,7 @@ func bizOrgToPb(m *biz.Organization) *pb.OrgItem { PolicyAllowedHostnames: m.PoliciesAllowedHostnames, PreventImplicitWorkflowCreation: m.PreventImplicitWorkflowCreation, RestrictContractCreationToOrgAdmins: m.RestrictContractCreationToOrgAdmins, + DisableRequirementsAutoMatching: m.DisableRequirementsAutoMatching, } } diff --git a/app/controlplane/internal/service/organization.go b/app/controlplane/internal/service/organization.go index 1268c1bfd..af55b83dd 100644 --- a/app/controlplane/internal/service/organization.go +++ b/app/controlplane/internal/service/organization.go @@ -89,7 +89,7 @@ func (s *OrganizationService) Update(ctx context.Context, req *pb.OrganizationSe } } - org, err := s.orgUC.Update(ctx, currentUser.ID, req.Name, req.BlockOnPolicyViolation, policiesAllowedHostnames, req.PreventImplicitWorkflowCreation, req.RestrictContractCreationToOrgAdmins) + org, err := s.orgUC.Update(ctx, currentUser.ID, req.Name, req.BlockOnPolicyViolation, policiesAllowedHostnames, req.PreventImplicitWorkflowCreation, req.RestrictContractCreationToOrgAdmins, req.DisableRequirementsAutoMatching) if err != nil { return nil, handleUseCaseErr(err, s.log) } diff --git a/app/controlplane/pkg/biz/mocks/OrganizationRepo.go b/app/controlplane/pkg/biz/mocks/OrganizationRepo.go index 56e67e83b..f55c01b46 100644 --- a/app/controlplane/pkg/biz/mocks/OrganizationRepo.go +++ b/app/controlplane/pkg/biz/mocks/OrganizationRepo.go @@ -301,8 +301,8 @@ func (_c *OrganizationRepo_FindByName_Call) RunAndReturn(run func(ctx context.Co } // Update provides a mock function for the type OrganizationRepo -func (_mock *OrganizationRepo) Update(ctx context.Context, id uuid.UUID, blockOnPolicyViolation *bool, policiesAllowedHostnames []string, preventImplicitWorkflowCreation *bool, preventProjectScopedContracts *bool) (*biz.Organization, error) { - ret := _mock.Called(ctx, id, blockOnPolicyViolation, policiesAllowedHostnames, preventImplicitWorkflowCreation, preventProjectScopedContracts) +func (_mock *OrganizationRepo) Update(ctx context.Context, id uuid.UUID, blockOnPolicyViolation *bool, policiesAllowedHostnames []string, preventImplicitWorkflowCreation *bool, restrictContractCreationToOrgAdmins *bool, disableRequirementsAutoMatching *bool) (*biz.Organization, error) { + ret := _mock.Called(ctx, id, blockOnPolicyViolation, policiesAllowedHostnames, preventImplicitWorkflowCreation, restrictContractCreationToOrgAdmins, disableRequirementsAutoMatching) if len(ret) == 0 { panic("no return value specified for Update") @@ -310,18 +310,18 @@ func (_mock *OrganizationRepo) Update(ctx context.Context, id uuid.UUID, blockOn var r0 *biz.Organization var r1 error - if returnFunc, ok := ret.Get(0).(func(context.Context, uuid.UUID, *bool, []string, *bool, *bool) (*biz.Organization, error)); ok { - return returnFunc(ctx, id, blockOnPolicyViolation, policiesAllowedHostnames, preventImplicitWorkflowCreation, preventProjectScopedContracts) + if returnFunc, ok := ret.Get(0).(func(context.Context, uuid.UUID, *bool, []string, *bool, *bool, *bool) (*biz.Organization, error)); ok { + return returnFunc(ctx, id, blockOnPolicyViolation, policiesAllowedHostnames, preventImplicitWorkflowCreation, restrictContractCreationToOrgAdmins, disableRequirementsAutoMatching) } - if returnFunc, ok := ret.Get(0).(func(context.Context, uuid.UUID, *bool, []string, *bool, *bool) *biz.Organization); ok { - r0 = returnFunc(ctx, id, blockOnPolicyViolation, policiesAllowedHostnames, preventImplicitWorkflowCreation, preventProjectScopedContracts) + if returnFunc, ok := ret.Get(0).(func(context.Context, uuid.UUID, *bool, []string, *bool, *bool, *bool) *biz.Organization); ok { + r0 = returnFunc(ctx, id, blockOnPolicyViolation, policiesAllowedHostnames, preventImplicitWorkflowCreation, restrictContractCreationToOrgAdmins, disableRequirementsAutoMatching) } else { if ret.Get(0) != nil { r0 = ret.Get(0).(*biz.Organization) } } - if returnFunc, ok := ret.Get(1).(func(context.Context, uuid.UUID, *bool, []string, *bool, *bool) error); ok { - r1 = returnFunc(ctx, id, blockOnPolicyViolation, policiesAllowedHostnames, preventImplicitWorkflowCreation, preventProjectScopedContracts) + if returnFunc, ok := ret.Get(1).(func(context.Context, uuid.UUID, *bool, []string, *bool, *bool, *bool) error); ok { + r1 = returnFunc(ctx, id, blockOnPolicyViolation, policiesAllowedHostnames, preventImplicitWorkflowCreation, restrictContractCreationToOrgAdmins, disableRequirementsAutoMatching) } else { r1 = ret.Error(1) } @@ -339,12 +339,13 @@ type OrganizationRepo_Update_Call struct { // - blockOnPolicyViolation *bool // - policiesAllowedHostnames []string // - preventImplicitWorkflowCreation *bool -// - preventProjectScopedContracts *bool -func (_e *OrganizationRepo_Expecter) Update(ctx interface{}, id interface{}, blockOnPolicyViolation interface{}, policiesAllowedHostnames interface{}, preventImplicitWorkflowCreation interface{}, preventProjectScopedContracts interface{}) *OrganizationRepo_Update_Call { - return &OrganizationRepo_Update_Call{Call: _e.mock.On("Update", ctx, id, blockOnPolicyViolation, policiesAllowedHostnames, preventImplicitWorkflowCreation, preventProjectScopedContracts)} +// - restrictContractCreationToOrgAdmins *bool +// - disableRequirementsAutoMatching *bool +func (_e *OrganizationRepo_Expecter) Update(ctx interface{}, id interface{}, blockOnPolicyViolation interface{}, policiesAllowedHostnames interface{}, preventImplicitWorkflowCreation interface{}, restrictContractCreationToOrgAdmins interface{}, disableRequirementsAutoMatching interface{}) *OrganizationRepo_Update_Call { + return &OrganizationRepo_Update_Call{Call: _e.mock.On("Update", ctx, id, blockOnPolicyViolation, policiesAllowedHostnames, preventImplicitWorkflowCreation, restrictContractCreationToOrgAdmins, disableRequirementsAutoMatching)} } -func (_c *OrganizationRepo_Update_Call) Run(run func(ctx context.Context, id uuid.UUID, blockOnPolicyViolation *bool, policiesAllowedHostnames []string, preventImplicitWorkflowCreation *bool, preventProjectScopedContracts *bool)) *OrganizationRepo_Update_Call { +func (_c *OrganizationRepo_Update_Call) Run(run func(ctx context.Context, id uuid.UUID, blockOnPolicyViolation *bool, policiesAllowedHostnames []string, preventImplicitWorkflowCreation *bool, restrictContractCreationToOrgAdmins *bool, disableRequirementsAutoMatching *bool)) *OrganizationRepo_Update_Call { _c.Call.Run(func(args mock.Arguments) { var arg0 context.Context if args[0] != nil { @@ -370,6 +371,10 @@ func (_c *OrganizationRepo_Update_Call) Run(run func(ctx context.Context, id uui if args[5] != nil { arg5 = args[5].(*bool) } + var arg6 *bool + if args[6] != nil { + arg6 = args[6].(*bool) + } run( arg0, arg1, @@ -377,6 +382,7 @@ func (_c *OrganizationRepo_Update_Call) Run(run func(ctx context.Context, id uui arg3, arg4, arg5, + arg6, ) }) return _c @@ -387,7 +393,7 @@ func (_c *OrganizationRepo_Update_Call) Return(organization *biz.Organization, e return _c } -func (_c *OrganizationRepo_Update_Call) RunAndReturn(run func(ctx context.Context, id uuid.UUID, blockOnPolicyViolation *bool, policiesAllowedHostnames []string, preventImplicitWorkflowCreation *bool, preventProjectScopedContracts *bool) (*biz.Organization, error)) *OrganizationRepo_Update_Call { +func (_c *OrganizationRepo_Update_Call) RunAndReturn(run func(ctx context.Context, id uuid.UUID, blockOnPolicyViolation *bool, policiesAllowedHostnames []string, preventImplicitWorkflowCreation *bool, restrictContractCreationToOrgAdmins *bool, disableRequirementsAutoMatching *bool) (*biz.Organization, error)) *OrganizationRepo_Update_Call { _c.Call.Return(run) return _c } diff --git a/app/controlplane/pkg/biz/organization.go b/app/controlplane/pkg/biz/organization.go index 3a4bc1ab3..aaf707cc9 100644 --- a/app/controlplane/pkg/biz/organization.go +++ b/app/controlplane/pkg/biz/organization.go @@ -43,13 +43,15 @@ type Organization struct { PreventImplicitWorkflowCreation bool // RestrictContractCreationToOrgAdmins restricts contract creation (org-level and project-level) to only organization admins RestrictContractCreationToOrgAdmins bool + // DisableRequirementsAutoMatching disables automatic matching of policies to requirements + DisableRequirementsAutoMatching bool } type OrganizationRepo interface { FindByID(ctx context.Context, orgID uuid.UUID) (*Organization, error) FindByName(ctx context.Context, name string) (*Organization, error) Create(ctx context.Context, name string) (*Organization, error) - Update(ctx context.Context, id uuid.UUID, blockOnPolicyViolation *bool, policiesAllowedHostnames []string, preventImplicitWorkflowCreation *bool, restrictContractCreationToOrgAdmins *bool) (*Organization, error) + Update(ctx context.Context, id uuid.UUID, blockOnPolicyViolation *bool, policiesAllowedHostnames []string, preventImplicitWorkflowCreation *bool, restrictContractCreationToOrgAdmins *bool, disableRequirementsAutoMatching *bool) (*Organization, error) Delete(ctx context.Context, ID uuid.UUID) error } @@ -189,7 +191,7 @@ func (uc *OrganizationUseCase) doCreate(ctx context.Context, name string, opts . return org, nil } -func (uc *OrganizationUseCase) Update(ctx context.Context, userID, orgName string, blockOnPolicyViolation *bool, policiesAllowedHostnames []string, preventImplicitWorkflowCreation *bool, restrictContractCreationToOrgAdmins *bool) (*Organization, error) { +func (uc *OrganizationUseCase) Update(ctx context.Context, userID, orgName string, blockOnPolicyViolation *bool, policiesAllowedHostnames []string, preventImplicitWorkflowCreation *bool, restrictContractCreationToOrgAdmins *bool, disableRequirementsAutoMatching *bool) (*Organization, error) { userUUID, err := uuid.Parse(userID) if err != nil { return nil, NewErrInvalidUUID(err) @@ -209,7 +211,7 @@ func (uc *OrganizationUseCase) Update(ctx context.Context, userID, orgName strin } // Perform the update - org, err := uc.orgRepo.Update(ctx, orgUUID, blockOnPolicyViolation, policiesAllowedHostnames, preventImplicitWorkflowCreation, restrictContractCreationToOrgAdmins) + org, err := uc.orgRepo.Update(ctx, orgUUID, blockOnPolicyViolation, policiesAllowedHostnames, preventImplicitWorkflowCreation, restrictContractCreationToOrgAdmins, disableRequirementsAutoMatching) if err != nil { return nil, fmt.Errorf("failed to update organization: %w", err) } else if org == nil { diff --git a/app/controlplane/pkg/biz/organization_integration_test.go b/app/controlplane/pkg/biz/organization_integration_test.go index 801a86fb2..48d1fbf0a 100644 --- a/app/controlplane/pkg/biz/organization_integration_test.go +++ b/app/controlplane/pkg/biz/organization_integration_test.go @@ -118,7 +118,7 @@ func (s *OrgIntegrationTestSuite) TestUpdate() { s.Run("org non existent", func() { // org not found - _, err := s.Organization.Update(ctx, s.user.ID, uuid.NewString(), nil, nil, nil, nil) + _, err := s.Organization.Update(ctx, s.user.ID, uuid.NewString(), nil, nil, nil, nil, nil) s.Error(err) s.True(biz.IsNotFound(err)) }) @@ -126,35 +126,35 @@ func (s *OrgIntegrationTestSuite) TestUpdate() { s.Run("org not accessible to user", func() { org2, err := s.Organization.CreateWithRandomName(ctx) require.NoError(s.T(), err) - _, err = s.Organization.Update(ctx, s.user.ID, org2.Name, nil, nil, nil, nil) + _, err = s.Organization.Update(ctx, s.user.ID, org2.Name, nil, nil, nil, nil, nil) s.Error(err) s.True(biz.IsNotFound(err)) }) s.Run("valid block on policy violation update", func() { - got, err := s.Organization.Update(ctx, s.user.ID, s.org.Name, toPtrBool(true), nil, nil, nil) + got, err := s.Organization.Update(ctx, s.user.ID, s.org.Name, toPtrBool(true), nil, nil, nil, nil) s.NoError(err) s.True(got.BlockOnPolicyViolation) }) s.Run("valid policy allowed hostnames update", func() { - got, err := s.Organization.Update(ctx, s.user.ID, s.org.Name, nil, []string{"foo.com", "bar.com"}, nil, nil) + got, err := s.Organization.Update(ctx, s.user.ID, s.org.Name, nil, []string{"foo.com", "bar.com"}, nil, nil, nil) s.NoError(err) s.Equal([]string{"foo.com", "bar.com"}, got.PoliciesAllowedHostnames) }) s.Run("clear policy allowed hostnames", func() { - got, err := s.Organization.Update(ctx, s.user.ID, s.org.Name, nil, []string{}, nil, nil) + got, err := s.Organization.Update(ctx, s.user.ID, s.org.Name, nil, []string{}, nil, nil, nil) s.NoError(err) s.Equal([]string{}, got.PoliciesAllowedHostnames) }) s.Run("but not passing a value doesn't clear the hostnames value", func() { - got, err := s.Organization.Update(ctx, s.user.ID, s.org.Name, nil, []string{"foo.com", "bar.com"}, nil, nil) + got, err := s.Organization.Update(ctx, s.user.ID, s.org.Name, nil, []string{"foo.com", "bar.com"}, nil, nil, nil) s.NoError(err) s.Equal([]string{"foo.com", "bar.com"}, got.PoliciesAllowedHostnames) - got, err = s.Organization.Update(ctx, s.user.ID, s.org.Name, nil, nil, nil, nil) + got, err = s.Organization.Update(ctx, s.user.ID, s.org.Name, nil, nil, nil, nil, nil) s.NoError(err) s.Equal([]string{"foo.com", "bar.com"}, got.PoliciesAllowedHostnames) }) diff --git a/app/controlplane/pkg/biz/workflow_integration_test.go b/app/controlplane/pkg/biz/workflow_integration_test.go index 5bc303f00..d12cf4df1 100644 --- a/app/controlplane/pkg/biz/workflow_integration_test.go +++ b/app/controlplane/pkg/biz/workflow_integration_test.go @@ -187,7 +187,7 @@ func (s *workflowIntegrationTestSuite) TestCreate() { // Enable implicit workflow creation prevention for testing orgID, _ := uuid.Parse(s.org.ID) - _, err = s.Repos.OrganizationRepo.Update(ctx, orgID, nil, nil, toPtrBool(true), nil) + _, err = s.Repos.OrganizationRepo.Update(ctx, orgID, nil, nil, toPtrBool(true), nil, nil) s.Require().NoError(err) for _, tc := range testCases { diff --git a/app/controlplane/pkg/data/ent/migrate/migrations/20251223083432.sql b/app/controlplane/pkg/data/ent/migrate/migrations/20251223083432.sql new file mode 100644 index 000000000..c18018468 --- /dev/null +++ b/app/controlplane/pkg/data/ent/migrate/migrations/20251223083432.sql @@ -0,0 +1,2 @@ +-- Modify "organizations" table +ALTER TABLE "organizations" ADD COLUMN "disable_requirements_auto_matching" boolean NOT NULL DEFAULT false; diff --git a/app/controlplane/pkg/data/ent/migrate/migrations/atlas.sum b/app/controlplane/pkg/data/ent/migrate/migrations/atlas.sum index aad719a8f..b85e7a4bc 100644 --- a/app/controlplane/pkg/data/ent/migrate/migrations/atlas.sum +++ b/app/controlplane/pkg/data/ent/migrate/migrations/atlas.sum @@ -1,4 +1,4 @@ -h1:F5OlLQoOXh5aKu7gY5y8xBRBqjAxsW729schjakKjJk= +h1:IcQkfgXpJfLXaUrpdEeul5rMfaSrWjHdLERfSFBDzdM= 20230706165452_init-schema.sql h1:VvqbNFEQnCvUVyj2iDYVQQxDM0+sSXqocpt/5H64k8M= 20230710111950-cas-backend.sql h1:A8iBuSzZIEbdsv9ipBtscZQuaBp3V5/VMw7eZH6GX+g= 20230712094107-cas-backends-workflow-runs.sql h1:a5rzxpVGyd56nLRSsKrmCFc9sebg65RWzLghKHh5xvI= @@ -122,3 +122,4 @@ h1:F5OlLQoOXh5aKu7gY5y8xBRBqjAxsW729schjakKjJk= 20251114174059.sql h1:f/wB/OlhZxIc9AVCxTNu4dFmPd1T3sCY0nS8Zb9ZS9Q= 20251212115308.sql h1:CmwHDA9X91++2dnThzk57++5sBDAGw2IQnHzO3/bRlk= 20251217164302.sql h1:OL3OCqWsMtv06RfIlQNcdLMbt4Tz91Lijpbkxqwt7zM= +20251223083432.sql h1:pV52lt0zvDgeWM0v0UXdOPiG0Nyj0Wve9+xEOtjUWZI= diff --git a/app/controlplane/pkg/data/ent/migrate/schema.go b/app/controlplane/pkg/data/ent/migrate/schema.go index d949d1c79..416728ba7 100644 --- a/app/controlplane/pkg/data/ent/migrate/schema.go +++ b/app/controlplane/pkg/data/ent/migrate/schema.go @@ -424,6 +424,7 @@ var ( {Name: "policies_allowed_hostnames", Type: field.TypeJSON, Nullable: true}, {Name: "prevent_implicit_workflow_creation", Type: field.TypeBool, Default: false}, {Name: "restrict_contract_creation_to_org_admins", Type: field.TypeBool, Default: false}, + {Name: "disable_requirements_auto_matching", Type: field.TypeBool, Default: false}, } // OrganizationsTable holds the schema information for the "organizations" table. OrganizationsTable = &schema.Table{ diff --git a/app/controlplane/pkg/data/ent/mutation.go b/app/controlplane/pkg/data/ent/mutation.go index d4c0c8a00..d5bae8b1d 100644 --- a/app/controlplane/pkg/data/ent/mutation.go +++ b/app/controlplane/pkg/data/ent/mutation.go @@ -8708,6 +8708,7 @@ type OrganizationMutation struct { appendpolicies_allowed_hostnames []string prevent_implicit_workflow_creation *bool restrict_contract_creation_to_org_admins *bool + disable_requirements_auto_matching *bool clearedFields map[string]struct{} memberships map[uuid.UUID]struct{} removedmemberships map[uuid.UUID]struct{} @@ -9172,6 +9173,42 @@ func (m *OrganizationMutation) ResetRestrictContractCreationToOrgAdmins() { m.restrict_contract_creation_to_org_admins = nil } +// SetDisableRequirementsAutoMatching sets the "disable_requirements_auto_matching" field. +func (m *OrganizationMutation) SetDisableRequirementsAutoMatching(b bool) { + m.disable_requirements_auto_matching = &b +} + +// DisableRequirementsAutoMatching returns the value of the "disable_requirements_auto_matching" field in the mutation. +func (m *OrganizationMutation) DisableRequirementsAutoMatching() (r bool, exists bool) { + v := m.disable_requirements_auto_matching + if v == nil { + return + } + return *v, true +} + +// OldDisableRequirementsAutoMatching returns the old "disable_requirements_auto_matching" field's value of the Organization entity. +// If the Organization object wasn't provided to the builder, the object is fetched from the database. +// An error is returned if the mutation operation is not UpdateOne, or the database query fails. +func (m *OrganizationMutation) OldDisableRequirementsAutoMatching(ctx context.Context) (v bool, err error) { + if !m.op.Is(OpUpdateOne) { + return v, errors.New("OldDisableRequirementsAutoMatching is only allowed on UpdateOne operations") + } + if m.id == nil || m.oldValue == nil { + return v, errors.New("OldDisableRequirementsAutoMatching requires an ID field in the mutation") + } + oldValue, err := m.oldValue(ctx) + if err != nil { + return v, fmt.Errorf("querying old value for OldDisableRequirementsAutoMatching: %w", err) + } + return oldValue.DisableRequirementsAutoMatching, nil +} + +// ResetDisableRequirementsAutoMatching resets all changes to the "disable_requirements_auto_matching" field. +func (m *OrganizationMutation) ResetDisableRequirementsAutoMatching() { + m.disable_requirements_auto_matching = nil +} + // AddMembershipIDs adds the "memberships" edge to the Membership entity by ids. func (m *OrganizationMutation) AddMembershipIDs(ids ...uuid.UUID) { if m.memberships == nil { @@ -9638,7 +9675,7 @@ func (m *OrganizationMutation) Type() string { // order to get all numeric fields that were incremented/decremented, call // AddedFields(). func (m *OrganizationMutation) Fields() []string { - fields := make([]string, 0, 8) + fields := make([]string, 0, 9) if m.name != nil { fields = append(fields, organization.FieldName) } @@ -9663,6 +9700,9 @@ func (m *OrganizationMutation) Fields() []string { if m.restrict_contract_creation_to_org_admins != nil { fields = append(fields, organization.FieldRestrictContractCreationToOrgAdmins) } + if m.disable_requirements_auto_matching != nil { + fields = append(fields, organization.FieldDisableRequirementsAutoMatching) + } return fields } @@ -9687,6 +9727,8 @@ func (m *OrganizationMutation) Field(name string) (ent.Value, bool) { return m.PreventImplicitWorkflowCreation() case organization.FieldRestrictContractCreationToOrgAdmins: return m.RestrictContractCreationToOrgAdmins() + case organization.FieldDisableRequirementsAutoMatching: + return m.DisableRequirementsAutoMatching() } return nil, false } @@ -9712,6 +9754,8 @@ func (m *OrganizationMutation) OldField(ctx context.Context, name string) (ent.V return m.OldPreventImplicitWorkflowCreation(ctx) case organization.FieldRestrictContractCreationToOrgAdmins: return m.OldRestrictContractCreationToOrgAdmins(ctx) + case organization.FieldDisableRequirementsAutoMatching: + return m.OldDisableRequirementsAutoMatching(ctx) } return nil, fmt.Errorf("unknown Organization field %s", name) } @@ -9777,6 +9821,13 @@ func (m *OrganizationMutation) SetField(name string, value ent.Value) error { } m.SetRestrictContractCreationToOrgAdmins(v) return nil + case organization.FieldDisableRequirementsAutoMatching: + v, ok := value.(bool) + if !ok { + return fmt.Errorf("unexpected type %T for field %s", value, name) + } + m.SetDisableRequirementsAutoMatching(v) + return nil } return fmt.Errorf("unknown Organization field %s", name) } @@ -9865,6 +9916,9 @@ func (m *OrganizationMutation) ResetField(name string) error { case organization.FieldRestrictContractCreationToOrgAdmins: m.ResetRestrictContractCreationToOrgAdmins() return nil + case organization.FieldDisableRequirementsAutoMatching: + m.ResetDisableRequirementsAutoMatching() + return nil } return fmt.Errorf("unknown Organization field %s", name) } diff --git a/app/controlplane/pkg/data/ent/organization.go b/app/controlplane/pkg/data/ent/organization.go index c9d7d2715..5d64008c9 100644 --- a/app/controlplane/pkg/data/ent/organization.go +++ b/app/controlplane/pkg/data/ent/organization.go @@ -35,6 +35,8 @@ type Organization struct { PreventImplicitWorkflowCreation bool `json:"prevent_implicit_workflow_creation,omitempty"` // RestrictContractCreationToOrgAdmins holds the value of the "restrict_contract_creation_to_org_admins" field. RestrictContractCreationToOrgAdmins bool `json:"restrict_contract_creation_to_org_admins,omitempty"` + // DisableRequirementsAutoMatching holds the value of the "disable_requirements_auto_matching" field. + DisableRequirementsAutoMatching bool `json:"disable_requirements_auto_matching,omitempty"` // Edges holds the relations/edges for other nodes in the graph. // The values are being populated by the OrganizationQuery when eager-loading is set. Edges OrganizationEdges `json:"edges"` @@ -143,7 +145,7 @@ func (*Organization) scanValues(columns []string) ([]any, error) { switch columns[i] { case organization.FieldPoliciesAllowedHostnames: values[i] = new([]byte) - case organization.FieldBlockOnPolicyViolation, organization.FieldPreventImplicitWorkflowCreation, organization.FieldRestrictContractCreationToOrgAdmins: + case organization.FieldBlockOnPolicyViolation, organization.FieldPreventImplicitWorkflowCreation, organization.FieldRestrictContractCreationToOrgAdmins, organization.FieldDisableRequirementsAutoMatching: values[i] = new(sql.NullBool) case organization.FieldName: values[i] = new(sql.NullString) @@ -222,6 +224,12 @@ func (_m *Organization) assignValues(columns []string, values []any) error { } else if value.Valid { _m.RestrictContractCreationToOrgAdmins = value.Bool } + case organization.FieldDisableRequirementsAutoMatching: + if value, ok := values[i].(*sql.NullBool); !ok { + return fmt.Errorf("unexpected type %T for field disable_requirements_auto_matching", values[i]) + } else if value.Valid { + _m.DisableRequirementsAutoMatching = value.Bool + } default: _m.selectValues.Set(columns[i], values[i]) } @@ -321,6 +329,9 @@ func (_m *Organization) String() string { builder.WriteString(", ") builder.WriteString("restrict_contract_creation_to_org_admins=") builder.WriteString(fmt.Sprintf("%v", _m.RestrictContractCreationToOrgAdmins)) + builder.WriteString(", ") + builder.WriteString("disable_requirements_auto_matching=") + builder.WriteString(fmt.Sprintf("%v", _m.DisableRequirementsAutoMatching)) builder.WriteByte(')') return builder.String() } diff --git a/app/controlplane/pkg/data/ent/organization/organization.go b/app/controlplane/pkg/data/ent/organization/organization.go index 603667a7a..f68c8401e 100644 --- a/app/controlplane/pkg/data/ent/organization/organization.go +++ b/app/controlplane/pkg/data/ent/organization/organization.go @@ -31,6 +31,8 @@ const ( FieldPreventImplicitWorkflowCreation = "prevent_implicit_workflow_creation" // FieldRestrictContractCreationToOrgAdmins holds the string denoting the restrict_contract_creation_to_org_admins field in the database. FieldRestrictContractCreationToOrgAdmins = "restrict_contract_creation_to_org_admins" + // FieldDisableRequirementsAutoMatching holds the string denoting the disable_requirements_auto_matching field in the database. + FieldDisableRequirementsAutoMatching = "disable_requirements_auto_matching" // EdgeMemberships holds the string denoting the memberships edge name in mutations. EdgeMemberships = "memberships" // EdgeWorkflowContracts holds the string denoting the workflow_contracts edge name in mutations. @@ -118,6 +120,7 @@ var Columns = []string{ FieldPoliciesAllowedHostnames, FieldPreventImplicitWorkflowCreation, FieldRestrictContractCreationToOrgAdmins, + FieldDisableRequirementsAutoMatching, } // ValidColumn reports if the column name is valid (part of the table columns). @@ -141,6 +144,8 @@ var ( DefaultPreventImplicitWorkflowCreation bool // DefaultRestrictContractCreationToOrgAdmins holds the default value on creation for the "restrict_contract_creation_to_org_admins" field. DefaultRestrictContractCreationToOrgAdmins bool + // DefaultDisableRequirementsAutoMatching holds the default value on creation for the "disable_requirements_auto_matching" field. + DefaultDisableRequirementsAutoMatching bool // DefaultID holds the default value on creation for the "id" field. DefaultID func() uuid.UUID ) @@ -188,6 +193,11 @@ func ByRestrictContractCreationToOrgAdmins(opts ...sql.OrderTermOption) OrderOpt return sql.OrderByField(FieldRestrictContractCreationToOrgAdmins, opts...).ToFunc() } +// ByDisableRequirementsAutoMatching orders the results by the disable_requirements_auto_matching field. +func ByDisableRequirementsAutoMatching(opts ...sql.OrderTermOption) OrderOption { + return sql.OrderByField(FieldDisableRequirementsAutoMatching, opts...).ToFunc() +} + // ByMembershipsCount orders the results by memberships count. func ByMembershipsCount(opts ...sql.OrderTermOption) OrderOption { return func(s *sql.Selector) { diff --git a/app/controlplane/pkg/data/ent/organization/where.go b/app/controlplane/pkg/data/ent/organization/where.go index 022a28f8e..1f2c8da3c 100644 --- a/app/controlplane/pkg/data/ent/organization/where.go +++ b/app/controlplane/pkg/data/ent/organization/where.go @@ -91,6 +91,11 @@ func RestrictContractCreationToOrgAdmins(v bool) predicate.Organization { return predicate.Organization(sql.FieldEQ(FieldRestrictContractCreationToOrgAdmins, v)) } +// DisableRequirementsAutoMatching applies equality check predicate on the "disable_requirements_auto_matching" field. It's identical to DisableRequirementsAutoMatchingEQ. +func DisableRequirementsAutoMatching(v bool) predicate.Organization { + return predicate.Organization(sql.FieldEQ(FieldDisableRequirementsAutoMatching, v)) +} + // NameEQ applies the EQ predicate on the "name" field. func NameEQ(v string) predicate.Organization { return predicate.Organization(sql.FieldEQ(FieldName, v)) @@ -326,6 +331,16 @@ func RestrictContractCreationToOrgAdminsNEQ(v bool) predicate.Organization { return predicate.Organization(sql.FieldNEQ(FieldRestrictContractCreationToOrgAdmins, v)) } +// DisableRequirementsAutoMatchingEQ applies the EQ predicate on the "disable_requirements_auto_matching" field. +func DisableRequirementsAutoMatchingEQ(v bool) predicate.Organization { + return predicate.Organization(sql.FieldEQ(FieldDisableRequirementsAutoMatching, v)) +} + +// DisableRequirementsAutoMatchingNEQ applies the NEQ predicate on the "disable_requirements_auto_matching" field. +func DisableRequirementsAutoMatchingNEQ(v bool) predicate.Organization { + return predicate.Organization(sql.FieldNEQ(FieldDisableRequirementsAutoMatching, v)) +} + // HasMemberships applies the HasEdge predicate on the "memberships" edge. func HasMemberships() predicate.Organization { return predicate.Organization(func(s *sql.Selector) { diff --git a/app/controlplane/pkg/data/ent/organization_create.go b/app/controlplane/pkg/data/ent/organization_create.go index 166afdcf4..97af7ffad 100644 --- a/app/controlplane/pkg/data/ent/organization_create.go +++ b/app/controlplane/pkg/data/ent/organization_create.go @@ -128,6 +128,20 @@ func (_c *OrganizationCreate) SetNillableRestrictContractCreationToOrgAdmins(v * return _c } +// SetDisableRequirementsAutoMatching sets the "disable_requirements_auto_matching" field. +func (_c *OrganizationCreate) SetDisableRequirementsAutoMatching(v bool) *OrganizationCreate { + _c.mutation.SetDisableRequirementsAutoMatching(v) + return _c +} + +// SetNillableDisableRequirementsAutoMatching sets the "disable_requirements_auto_matching" field if the given value is not nil. +func (_c *OrganizationCreate) SetNillableDisableRequirementsAutoMatching(v *bool) *OrganizationCreate { + if v != nil { + _c.SetDisableRequirementsAutoMatching(*v) + } + return _c +} + // SetID sets the "id" field. func (_c *OrganizationCreate) SetID(v uuid.UUID) *OrganizationCreate { _c.mutation.SetID(v) @@ -317,6 +331,10 @@ func (_c *OrganizationCreate) defaults() { v := organization.DefaultRestrictContractCreationToOrgAdmins _c.mutation.SetRestrictContractCreationToOrgAdmins(v) } + if _, ok := _c.mutation.DisableRequirementsAutoMatching(); !ok { + v := organization.DefaultDisableRequirementsAutoMatching + _c.mutation.SetDisableRequirementsAutoMatching(v) + } if _, ok := _c.mutation.ID(); !ok { v := organization.DefaultID() _c.mutation.SetID(v) @@ -343,6 +361,9 @@ func (_c *OrganizationCreate) check() error { if _, ok := _c.mutation.RestrictContractCreationToOrgAdmins(); !ok { return &ValidationError{Name: "restrict_contract_creation_to_org_admins", err: errors.New(`ent: missing required field "Organization.restrict_contract_creation_to_org_admins"`)} } + if _, ok := _c.mutation.DisableRequirementsAutoMatching(); !ok { + return &ValidationError{Name: "disable_requirements_auto_matching", err: errors.New(`ent: missing required field "Organization.disable_requirements_auto_matching"`)} + } return nil } @@ -411,6 +432,10 @@ func (_c *OrganizationCreate) createSpec() (*Organization, *sqlgraph.CreateSpec) _spec.SetField(organization.FieldRestrictContractCreationToOrgAdmins, field.TypeBool, value) _node.RestrictContractCreationToOrgAdmins = value } + if value, ok := _c.mutation.DisableRequirementsAutoMatching(); ok { + _spec.SetField(organization.FieldDisableRequirementsAutoMatching, field.TypeBool, value) + _node.DisableRequirementsAutoMatching = value + } if nodes := _c.mutation.MembershipsIDs(); len(nodes) > 0 { edge := &sqlgraph.EdgeSpec{ Rel: sqlgraph.O2M, @@ -687,6 +712,18 @@ func (u *OrganizationUpsert) UpdateRestrictContractCreationToOrgAdmins() *Organi return u } +// SetDisableRequirementsAutoMatching sets the "disable_requirements_auto_matching" field. +func (u *OrganizationUpsert) SetDisableRequirementsAutoMatching(v bool) *OrganizationUpsert { + u.Set(organization.FieldDisableRequirementsAutoMatching, v) + return u +} + +// UpdateDisableRequirementsAutoMatching sets the "disable_requirements_auto_matching" field to the value that was provided on create. +func (u *OrganizationUpsert) UpdateDisableRequirementsAutoMatching() *OrganizationUpsert { + u.SetExcluded(organization.FieldDisableRequirementsAutoMatching) + return u +} + // UpdateNewValues updates the mutable fields using the new values that were set on create except the ID field. // Using this option is equivalent to using: // @@ -850,6 +887,20 @@ func (u *OrganizationUpsertOne) UpdateRestrictContractCreationToOrgAdmins() *Org }) } +// SetDisableRequirementsAutoMatching sets the "disable_requirements_auto_matching" field. +func (u *OrganizationUpsertOne) SetDisableRequirementsAutoMatching(v bool) *OrganizationUpsertOne { + return u.Update(func(s *OrganizationUpsert) { + s.SetDisableRequirementsAutoMatching(v) + }) +} + +// UpdateDisableRequirementsAutoMatching sets the "disable_requirements_auto_matching" field to the value that was provided on create. +func (u *OrganizationUpsertOne) UpdateDisableRequirementsAutoMatching() *OrganizationUpsertOne { + return u.Update(func(s *OrganizationUpsert) { + s.UpdateDisableRequirementsAutoMatching() + }) +} + // Exec executes the query. func (u *OrganizationUpsertOne) Exec(ctx context.Context) error { if len(u.create.conflict) == 0 { @@ -1180,6 +1231,20 @@ func (u *OrganizationUpsertBulk) UpdateRestrictContractCreationToOrgAdmins() *Or }) } +// SetDisableRequirementsAutoMatching sets the "disable_requirements_auto_matching" field. +func (u *OrganizationUpsertBulk) SetDisableRequirementsAutoMatching(v bool) *OrganizationUpsertBulk { + return u.Update(func(s *OrganizationUpsert) { + s.SetDisableRequirementsAutoMatching(v) + }) +} + +// UpdateDisableRequirementsAutoMatching sets the "disable_requirements_auto_matching" field to the value that was provided on create. +func (u *OrganizationUpsertBulk) UpdateDisableRequirementsAutoMatching() *OrganizationUpsertBulk { + return u.Update(func(s *OrganizationUpsert) { + s.UpdateDisableRequirementsAutoMatching() + }) +} + // Exec executes the query. func (u *OrganizationUpsertBulk) Exec(ctx context.Context) error { if u.create.err != nil { diff --git a/app/controlplane/pkg/data/ent/organization_update.go b/app/controlplane/pkg/data/ent/organization_update.go index 0f3ba2d96..30367fad0 100644 --- a/app/controlplane/pkg/data/ent/organization_update.go +++ b/app/controlplane/pkg/data/ent/organization_update.go @@ -147,6 +147,20 @@ func (_u *OrganizationUpdate) SetNillableRestrictContractCreationToOrgAdmins(v * return _u } +// SetDisableRequirementsAutoMatching sets the "disable_requirements_auto_matching" field. +func (_u *OrganizationUpdate) SetDisableRequirementsAutoMatching(v bool) *OrganizationUpdate { + _u.mutation.SetDisableRequirementsAutoMatching(v) + return _u +} + +// SetNillableDisableRequirementsAutoMatching sets the "disable_requirements_auto_matching" field if the given value is not nil. +func (_u *OrganizationUpdate) SetNillableDisableRequirementsAutoMatching(v *bool) *OrganizationUpdate { + if v != nil { + _u.SetDisableRequirementsAutoMatching(*v) + } + return _u +} + // AddMembershipIDs adds the "memberships" edge to the Membership entity by IDs. func (_u *OrganizationUpdate) AddMembershipIDs(ids ...uuid.UUID) *OrganizationUpdate { _u.mutation.AddMembershipIDs(ids...) @@ -514,6 +528,9 @@ func (_u *OrganizationUpdate) sqlSave(ctx context.Context) (_node int, err error if value, ok := _u.mutation.RestrictContractCreationToOrgAdmins(); ok { _spec.SetField(organization.FieldRestrictContractCreationToOrgAdmins, field.TypeBool, value) } + if value, ok := _u.mutation.DisableRequirementsAutoMatching(); ok { + _spec.SetField(organization.FieldDisableRequirementsAutoMatching, field.TypeBool, value) + } if _u.mutation.MembershipsCleared() { edge := &sqlgraph.EdgeSpec{ Rel: sqlgraph.O2M, @@ -1004,6 +1021,20 @@ func (_u *OrganizationUpdateOne) SetNillableRestrictContractCreationToOrgAdmins( return _u } +// SetDisableRequirementsAutoMatching sets the "disable_requirements_auto_matching" field. +func (_u *OrganizationUpdateOne) SetDisableRequirementsAutoMatching(v bool) *OrganizationUpdateOne { + _u.mutation.SetDisableRequirementsAutoMatching(v) + return _u +} + +// SetNillableDisableRequirementsAutoMatching sets the "disable_requirements_auto_matching" field if the given value is not nil. +func (_u *OrganizationUpdateOne) SetNillableDisableRequirementsAutoMatching(v *bool) *OrganizationUpdateOne { + if v != nil { + _u.SetDisableRequirementsAutoMatching(*v) + } + return _u +} + // AddMembershipIDs adds the "memberships" edge to the Membership entity by IDs. func (_u *OrganizationUpdateOne) AddMembershipIDs(ids ...uuid.UUID) *OrganizationUpdateOne { _u.mutation.AddMembershipIDs(ids...) @@ -1401,6 +1432,9 @@ func (_u *OrganizationUpdateOne) sqlSave(ctx context.Context) (_node *Organizati if value, ok := _u.mutation.RestrictContractCreationToOrgAdmins(); ok { _spec.SetField(organization.FieldRestrictContractCreationToOrgAdmins, field.TypeBool, value) } + if value, ok := _u.mutation.DisableRequirementsAutoMatching(); ok { + _spec.SetField(organization.FieldDisableRequirementsAutoMatching, field.TypeBool, value) + } if _u.mutation.MembershipsCleared() { edge := &sqlgraph.EdgeSpec{ Rel: sqlgraph.O2M, diff --git a/app/controlplane/pkg/data/ent/runtime.go b/app/controlplane/pkg/data/ent/runtime.go index d0cae38ce..013c6dcb7 100644 --- a/app/controlplane/pkg/data/ent/runtime.go +++ b/app/controlplane/pkg/data/ent/runtime.go @@ -213,6 +213,10 @@ func init() { organizationDescRestrictContractCreationToOrgAdmins := organizationFields[8].Descriptor() // organization.DefaultRestrictContractCreationToOrgAdmins holds the default value on creation for the restrict_contract_creation_to_org_admins field. organization.DefaultRestrictContractCreationToOrgAdmins = organizationDescRestrictContractCreationToOrgAdmins.Default.(bool) + // organizationDescDisableRequirementsAutoMatching is the schema descriptor for disable_requirements_auto_matching field. + organizationDescDisableRequirementsAutoMatching := organizationFields[9].Descriptor() + // organization.DefaultDisableRequirementsAutoMatching holds the default value on creation for the disable_requirements_auto_matching field. + organization.DefaultDisableRequirementsAutoMatching = organizationDescDisableRequirementsAutoMatching.Default.(bool) // organizationDescID is the schema descriptor for id field. organizationDescID := organizationFields[0].Descriptor() // organization.DefaultID holds the default value on creation for the id field. diff --git a/app/controlplane/pkg/data/ent/schema/organization.go b/app/controlplane/pkg/data/ent/schema/organization.go index 0c2367a4e..346bea563 100644 --- a/app/controlplane/pkg/data/ent/schema/organization.go +++ b/app/controlplane/pkg/data/ent/schema/organization.go @@ -55,6 +55,8 @@ func (Organization) Fields() []ent.Field { field.Bool("prevent_implicit_workflow_creation").Default(false), // restrict_contract_creation_to_org_admins restricts contract creation (org-level and project-level) to only organization admins field.Bool("restrict_contract_creation_to_org_admins").Default(false), + // disable_requirements_auto_matching disables automatic matching of policies to requirements + field.Bool("disable_requirements_auto_matching").Default(false), } } diff --git a/app/controlplane/pkg/data/organization.go b/app/controlplane/pkg/data/organization.go index 6c349d1d6..667e88196 100644 --- a/app/controlplane/pkg/data/organization.go +++ b/app/controlplane/pkg/data/organization.go @@ -77,12 +77,13 @@ func (r *OrganizationRepo) FindByName(ctx context.Context, name string) (*biz.Or return entOrgToBizOrg(org), nil } -func (r *OrganizationRepo) Update(ctx context.Context, id uuid.UUID, blockOnPolicyViolation *bool, policiesAllowedHostnames []string, preventImplicitWorkflowCreation *bool, restrictContractCreationToOrgAdmins *bool) (*biz.Organization, error) { +func (r *OrganizationRepo) Update(ctx context.Context, id uuid.UUID, blockOnPolicyViolation *bool, policiesAllowedHostnames []string, preventImplicitWorkflowCreation *bool, restrictContractCreationToOrgAdmins *bool, disableRequirementsAutoMatching *bool) (*biz.Organization, error) { opts := r.data.DB.Organization.UpdateOneID(id). Where(organization.DeletedAtIsNil()). SetNillableBlockOnPolicyViolation(blockOnPolicyViolation). SetNillablePreventImplicitWorkflowCreation(preventImplicitWorkflowCreation). SetNillableRestrictContractCreationToOrgAdmins(restrictContractCreationToOrgAdmins). + SetNillableDisableRequirementsAutoMatching(disableRequirementsAutoMatching). SetUpdatedAt(time.Now()) if policiesAllowedHostnames != nil { @@ -115,5 +116,6 @@ func entOrgToBizOrg(eu *ent.Organization) *biz.Organization { PoliciesAllowedHostnames: eu.PoliciesAllowedHostnames, PreventImplicitWorkflowCreation: eu.PreventImplicitWorkflowCreation, RestrictContractCreationToOrgAdmins: eu.RestrictContractCreationToOrgAdmins, + DisableRequirementsAutoMatching: eu.DisableRequirementsAutoMatching, } }