From 9fae103370ce343d2a9cf37a3c52c2382e0288c3 Mon Sep 17 00:00:00 2001
From: bcmmbaga <bethuelmbaga12@gmail.com>
Date: Wed, 11 Dec 2024 14:22:33 +0100
Subject: [PATCH] Extends policy rule API with source and destination resource

Signed-off-by: bcmmbaga <bethuelmbaga12@gmail.com>
---
 management/server/http/api/openapi.yml        | 43 ++++++++++---
 .../handlers/policies/policies_handler.go     | 60 +++++++++++++++++--
 2 files changed, 90 insertions(+), 13 deletions(-)

diff --git a/management/server/http/api/openapi.yml b/management/server/http/api/openapi.yml
index 98b2c7a89..65fbf5855 100644
--- a/management/server/http/api/openapi.yml
+++ b/management/server/http/api/openapi.yml
@@ -782,15 +782,18 @@ components:
               items:
                 type: string
                 example: "ch8i4ug6lnn4g9hqv797"
+            sourceResource:
+              description: Policy rule source resource that the rule is applied to
+              $ref: '#/components/schemas/Resource'
             destinations:
               description: Policy rule destination group IDs
               type: array
               items:
                 type: string
                 example: "ch8i4ug6lnn4g9h7v7m0"
-          required:
-            - sources
-            - destinations
+            destinationResource:
+              description: Policy rule destination resource that the rule is applied to
+              $ref: '#/components/schemas/Resource'
     PolicyRule:
       allOf:
         - $ref: '#/components/schemas/PolicyRuleMinimum'
@@ -801,14 +804,17 @@ components:
               type: array
               items:
                 $ref: '#/components/schemas/GroupMinimum'
+            sourceResource:
+                description: Policy rule source resource that the rule is applied to
+                $ref: '#/components/schemas/Resource'
             destinations:
               description: Policy rule destination group IDs
               type: array
               items:
                 $ref: '#/components/schemas/GroupMinimum'
-          required:
-            - sources
-            - destinations
+            destinationResource:
+              description: Policy rule destination resource that the rule is applied to
+              $ref: '#/components/schemas/Resource'
     PolicyMinimum:
       type: object
       properties:
@@ -1176,6 +1182,24 @@ components:
             - id
             - network_type
         - $ref: '#/components/schemas/RouteRequest'
+    Resource:
+      type: object
+      properties:
+        id:
+          description: Resource ID
+          type: string
+          example: chacdk86lnnboviihd7g
+        type:
+          description: Resource type
+          $ref: '#/components/schemas/ResourceType'
+      required:
+        - id
+        - type
+    ResourceType:
+      allOf:
+        - $ref: '#/components/schemas/NetworkResourceType'
+        - type: string
+          example: host
     NetworkRequest:
       type: object
       properties:
@@ -1228,13 +1252,16 @@ components:
               example: chacdk86lnnboviihd7g
             type:
               description: Network resource type based of the address
-              type: string
-              enum: [ "host", "subnet", "domain"]
+              $ref: '#/components/schemas/NetworkResourceType'
               example: host
           required:
             - id
             - type
         - $ref: '#/components/schemas/NetworkResourceRequest'
+    NetworkResourceType:
+      description: Network resource type based of the address
+      type: string
+      enum: [ "host", "subnet", "domain" ]
     NetworkRouterRequest:
       type: object
       properties:
diff --git a/management/server/http/handlers/policies/policies_handler.go b/management/server/http/handlers/policies/policies_handler.go
index 9cae8f823..efa1142b4 100644
--- a/management/server/http/handlers/policies/policies_handler.go
+++ b/management/server/http/handlers/policies/policies_handler.go
@@ -14,6 +14,7 @@ import (
 	"github.com/netbirdio/netbird/management/server/http/configs"
 	"github.com/netbirdio/netbird/management/server/http/util"
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
+	networkTypes "github.com/netbirdio/netbird/management/server/networks/resources/types"
 	"github.com/netbirdio/netbird/management/server/status"
 	"github.com/netbirdio/netbird/management/server/types"
 )
@@ -147,15 +148,58 @@ func (h *handler) savePolicy(w http.ResponseWriter, r *http.Request, accountID s
 			ruleID = *rule.Id
 		}
 
+		hasSources := rule.Sources != nil
+		hasSourceResource := rule.SourceResource != nil
+
+		hasDestinations := rule.Destinations != nil
+		hasDestinationResource := rule.DestinationResource != nil
+
+		if hasSources && hasSourceResource {
+			util.WriteError(r.Context(), status.Errorf(status.InvalidArgument, "specify either sources or  source resources, not both"), w)
+			return
+		}
+
+		if hasDestinations && hasDestinationResource {
+			util.WriteError(r.Context(), status.Errorf(status.InvalidArgument, "specify either destinations or  destination resources, not both"), w)
+			return
+		}
+
+		if !(hasSources || hasSourceResource) || !(hasDestinations || hasDestinationResource) {
+			util.WriteError(r.Context(), status.Errorf(status.InvalidArgument, "specify either sources or source resources and destinations or destination resources"), w)
+			return
+		}
+
 		pr := types.PolicyRule{
 			ID:            ruleID,
 			PolicyID:      policyID,
 			Name:          rule.Name,
-			Destinations:  rule.Destinations,
-			Sources:       rule.Sources,
 			Bidirectional: rule.Bidirectional,
 		}
 
+		if hasSources {
+			pr.Sources = *rule.Sources
+		}
+
+		if hasSourceResource {
+			// TODO: validate the resource id and type
+			pr.SourceResource = networkTypes.Resource{
+				ID:   rule.SourceResource.Id,
+				Type: string(rule.SourceResource.Type),
+			}
+		}
+
+		if hasDestinations {
+			pr.Destinations = *rule.Destinations
+		}
+
+		if hasDestinationResource {
+			// TODO: validate the resource id and type
+			pr.DestinationResource = networkTypes.Resource{
+				ID:   rule.DestinationResource.Id,
+				Type: string(rule.DestinationResource.Type),
+			}
+		}
+
 		pr.Enabled = rule.Enabled
 		if rule.Description != nil {
 			pr.Description = *rule.Description
@@ -363,26 +407,30 @@ func toPolicyResponse(groups []*nbgroup.Group, policy *types.Policy) *api.Policy
 			rule.PortRanges = &portRanges
 		}
 
+		var sources []api.GroupMinimum
 		for _, gid := range r.Sources {
 			_, ok := cache[gid]
 			if ok {
 				continue
 			}
+
 			if group, ok := groupsMap[gid]; ok {
 				minimum := api.GroupMinimum{
 					Id:         group.ID,
 					Name:       group.Name,
 					PeersCount: len(group.Peers),
 				}
-				rule.Sources = append(rule.Sources, minimum)
+				sources = append(sources, minimum)
 				cache[gid] = minimum
 			}
 		}
+		rule.Sources = &sources
 
+		var destinations []api.GroupMinimum
 		for _, gid := range r.Destinations {
 			cachedMinimum, ok := cache[gid]
 			if ok {
-				rule.Destinations = append(rule.Destinations, cachedMinimum)
+				destinations = append(destinations, cachedMinimum)
 				continue
 			}
 			if group, ok := groupsMap[gid]; ok {
@@ -391,10 +439,12 @@ func toPolicyResponse(groups []*nbgroup.Group, policy *types.Policy) *api.Policy
 					Name:       group.Name,
 					PeersCount: len(group.Peers),
 				}
-				rule.Destinations = append(rule.Destinations, minimum)
+				destinations = append(destinations, minimum)
 				cache[gid] = minimum
 			}
 		}
+		rule.Destinations = &destinations
+
 		ap.Rules = append(ap.Rules, rule)
 	}
 	return ap