From a089ca7c36d7fe9a854210d2291bb8998a0c8ffb Mon Sep 17 00:00:00 2001 From: Paul Lorenz Date: Wed, 20 Mar 2024 14:23:15 -0400 Subject: [PATCH] Return dummy values in service list for posture checks if no posture checks are defined. Fixes #1576 --- controller/internal/routes/service_api_model.go | 15 ++++++++++++++- controller/model/edge_service_manager.go | 4 ++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/controller/internal/routes/service_api_model.go b/controller/internal/routes/service_api_model.go index 2f7fb0baf..de20a82d1 100644 --- a/controller/internal/routes/service_api_model.go +++ b/controller/internal/routes/service_api_model.go @@ -17,6 +17,7 @@ package routes import ( + "fmt" "github.com/michaelquigley/pfxlog" "github.com/openziti/edge-api/rest_model" "github.com/openziti/foundation/v2/stringz" @@ -148,8 +149,20 @@ func MapServiceToRestModel(ae *env.AppEnv, rc *response.RequestContext, service policyPostureCheckMap := ae.GetManagers().EdgeService.GetPolicyPostureChecks(rc.Identity.Id, *ret.ID) - for policyId, policyPostureChecks := range policyPostureCheckMap { + if len(policyPostureCheckMap) == 0 { + for _, permission := range ret.Permissions { + passing := true + id := fmt.Sprintf("dummy %s policy: no posture checks defined", strings.ToLower(string(permission))) + ret.PostureQueries = append(ret.PostureQueries, &rest_model.PostureQueries{ + PolicyID: &id, + PostureQueries: []*rest_model.PostureQuery{}, + PolicyType: permission, + IsPassing: &passing, + }) + } + } + for policyId, policyPostureChecks := range policyPostureCheckMap { isPolicyPassing := true policyIdCopy := policyId querySet := &rest_model.PostureQueries{ diff --git a/controller/model/edge_service_manager.go b/controller/model/edge_service_manager.go index 5918b45c3..378425f96 100644 --- a/controller/model/edge_service_manager.go +++ b/controller/model/edge_service_manager.go @@ -340,6 +340,10 @@ func (self *EdgeServiceManager) GetPolicyPostureChecks(identityId, serviceId str policyTypeSymbol := self.env.GetStores().ServicePolicy.GetSymbol(db.FieldServicePolicyType) _ = self.GetDb().View(func(tx *bbolt.Tx) error { + if !self.env.GetStores().PostureCheck.IterateIds(tx, ast.BoolNodeTrue).IsValid() { + return nil + } + policyCursor := self.env.GetStores().Identity.GetRelatedEntitiesCursor(tx, identityId, db.EntityTypeServicePolicies, true) policyCursor = ast.NewFilteredCursor(policyCursor, func(policyId []byte) bool { return serviceLinks.IsLinked(tx, policyId, []byte(serviceId))