implement posture checks update and request validation

management/server/http/api/openapi.yml

@@ -784,8 +784,11 @@ components:
               type: array
               items:
                 $ref: '#/components/schemas/PolicyRuleUpdate'
+            postureCheck:
+              $ref: '#/components/schemas/PostureCheck'
           required:
             - rules
+            - PostureCheck
     Policy:
       allOf:
         - $ref: '#/components/schemas/PolicyMinimum'
@@ -796,11 +799,11 @@ components:
               type: array
               items:
                 $ref: '#/components/schemas/PolicyRule'
-            PostureCheck:
+            postureCheck:
               $ref: '#/components/schemas/PostureCheck'
           required:
             - rules
-            - PostureCheck
+            - postureCheck
     RouteRequest:
       type: object
       properties:

management/server/http/api/types.gen.go

@@ -567,9 +567,6 @@ type PersonalAccessTokenRequest struct {
 
 // Policy defines model for Policy.
 type Policy struct {
-	// PostureCheck Policy poster check
-	PostureCheck PostureCheck `json:"PostureCheck"`
-
 	// Description Policy friendly description
 	Description string `json:"description"`
 
@@ -582,6 +579,9 @@ type Policy struct {
 	// Name Policy name identifier
 	Name string `json:"name"`
 
+	// PostureCheck Policy poster check
+	PostureCheck PostureCheck `json:"postureCheck"`
+
 	// Query Policy Rego query
 	Query string `json:"query"`
 
@@ -732,6 +732,9 @@ type PolicyUpdate struct {
 	// Name Policy name identifier
 	Name string `json:"name"`
 
+	// PostureCheck Policy poster check
+	PostureCheck *PostureCheck `json:"postureCheck,omitempty"`
+
 	// Query Policy Rego query
 	Query string `json:"query"`
 

management/server/http/policies_handler.go

@@ -9,6 +9,7 @@ import (
 	"github.com/rs/xid"
 
 	"github.com/netbirdio/netbird/management/server"
+	"github.com/netbirdio/netbird/management/server/checks"
 	"github.com/netbirdio/netbird/management/server/http/api"
 	"github.com/netbirdio/netbird/management/server/http/util"
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
@@ -117,13 +118,8 @@ func (h *Policies) savePolicy(
 		return
 	}
 
-	if req.Name == "" {
+	if err := validatePolicyUpdateReq(req); err != nil {
-		util.WriteError(status.Errorf(status.InvalidArgument, "policy name shouldn't be empty"), w)
+		util.WriteError(err, w)
-		return
-	}
-
-	if len(req.Rules) == 0 {
-		util.WriteError(status.Errorf(status.InvalidArgument, "policy rules shouldn't be empty"), w)
 		return
 	}
 
@@ -206,6 +202,35 @@ func (h *Policies) savePolicy(
 		policy.Rules = append(policy.Rules, &pr)
 	}
 
+	if req.PostureCheck != nil {
+		var (
+			osVersionPostureCheck checks.OSVersionPostureCheck
+			nbVersionPostureCheck checks.NBVersionPostureCheck
+		)
+
+		osVersionPostureCheckReq := req.PostureCheck.OsVersionPostureCheck
+		if enabled := osVersionPostureCheckReq.Enabled; enabled != nil {
+			osVersionPostureCheck.Enabled = *enabled
+		}
+		if minAllowedVersionReq := osVersionPostureCheckReq.MinimumVersionAllowed; minAllowedVersionReq != nil {
+			osVersionPostureCheck.MinimumVersionAllowed = *minAllowedVersionReq
+		}
+
+		nbVersionPostureCheckReq := req.PostureCheck.NbVersionPostureCheck
+		if enabled := nbVersionPostureCheckReq.Enabled; enabled != nil {
+			nbVersionPostureCheck.Enabled = *enabled
+		}
+		if minAllowedVersionReq := nbVersionPostureCheckReq.MinimumVersionAllowed; minAllowedVersionReq != nil {
+			nbVersionPostureCheck.MinimumVersionAllowed = *minAllowedVersionReq
+		}
+
+		policy.PostureCheck = checks.PostureCheck{
+			ID:             policyID,
+			NBVersionCheck: nbVersionPostureCheck,
+			OSVersionCheck: osVersionPostureCheck,
+		}
+	}
+
 	if err := h.accountManager.SavePolicy(account.Id, user.Id, &policy); err != nil {
 		util.WriteError(err, w)
 		return
@@ -365,3 +390,31 @@ func groupMinimumsToStrings(account *server.Account, gm []string) []string {
 	}
 	return result
 }
+
+func validatePolicyUpdateReq(req api.PutApiPoliciesPolicyIdJSONRequestBody) error {
+	if req.Name == "" {
+		return status.Errorf(status.InvalidArgument, "policy name shouldn't be empty")
+	}
+
+	if len(req.Rules) == 0 {
+		return status.Errorf(status.InvalidArgument, "policy rules shouldn't be empty")
+	}
+
+	if req.PostureCheck == nil {
+		return status.Errorf(status.InvalidArgument, "policy posture checks shouldn't be empty")
+	}
+
+	if enabled := req.PostureCheck.NbVersionPostureCheck.Enabled; enabled != nil && *enabled {
+		if minVersion := req.PostureCheck.NbVersionPostureCheck.MinimumVersionAllowed; minVersion == nil || *minVersion == "" {
+			return status.Errorf(status.InvalidArgument, "netbird version posture check is enabled, minimum version allowed shouldn't be empty")
+		}
+	}
+
+	if enabled := req.PostureCheck.OsVersionPostureCheck.Enabled; enabled != nil && *enabled {
+		if minVersion := req.PostureCheck.OsVersionPostureCheck.MinimumVersionAllowed; minVersion == nil || *minVersion == "" {
+			return status.Errorf(status.InvalidArgument, "os version posture check is enabled, minimum version allowed shouldn't be empty")
+		}
+	}
+
+	return nil
+}