Approvals are optional in rego input

narval-xyz · Mar 20, 2024 · 33ae82c · 33ae82c
1 parent 0d80ebc
commit 33ae82c
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 2 deletions.
diff --git a/apps/policy-engine/src/open-policy-agent/core/rego/__test__/policies/approvals.rego b/apps/policy-engine/src/open-policy-agent/core/rego/__test__/policies/approvals.rego
@@ -94,3 +94,26 @@ permit[{"policyId": "approvalByUserRoles"}] = reason {
 		"approvalsMissing": approvals.approvalsMissing,
 	}
 }
+
+permit[{"policyId": "withoutApprovals"}] = reason {
+	resources = {"eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"}
+	transferTypes = {"transferERC20"}
+	tokens = {"eip155:137/erc20:0x2791bca1f2de4661ed88a30c99a7a9449aa84174"}
+	transferValueCondition = {"currency": "*", "operator": "lte", "value": "1000000000000000000"}
+
+	checkResourceIntegrity
+	checkPrincipal
+	checkNonceExists
+	checkAction({"signTransaction"})
+	checkWalletId(resources)
+	checkIntentType(transferTypes)
+	checkIntentToken(tokens)
+	checkIntentAmount(transferValueCondition)
+
+	reason = {
+		"type": "permit",
+		"policyId": "withoutApprovals",
+		"approvalsSatisfied": [],
+		"approvalsMissing": [],
+	}
+}
diff --git a/apps/policy-engine/src/open-policy-agent/core/rego/__test__/policies/approvals_test.rego b/apps/policy-engine/src/open-policy-agent/core/rego/__test__/policies/approvals_test.rego
@@ -61,3 +61,23 @@ test_approvalByUserRoles {
 		"type": "permit",
 	}
 }
+
+test_withoutApprovals {
+	withoutApprovalsReq = {
+		"action": "signTransaction",
+		"transactionRequest": transactionRequestReq,
+		"principal": {"userId": "test-alice-uid"},
+		"resource": resourceReq,
+		"intent": intentReq,
+		"feeds": feedsReq,
+	}
+
+	res = permit[{"policyId": "withoutApprovals"}] with input as withoutApprovalsReq with data.entities as entities
+
+	res == {
+		"type": "permit",
+		"policyId": "withoutApprovals",
+		"approvalsSatisfied": [],
+		"approvalsMissing": [],
+	}
+}
diff --git a/apps/policy-engine/src/shared/type/domain.type.ts b/apps/policy-engine/src/shared/type/domain.type.ts
@@ -20,7 +20,7 @@ export type RegoInput = {
   transactionRequest?: TransactionRequest
   principal: CredentialEntity
   resource?: { uid: string }
-  approvals: CredentialEntity[]
+  approvals?: CredentialEntity[]
   transfers?: HistoricalTransfer[]
 }
 

diff --git a/apps/policy-engine/src/shared/type/rego.ts b/apps/policy-engine/src/shared/type/rego.ts
@@ -13,7 +13,7 @@ export type RegoInput = {
   transactionRequest?: TransactionRequest
   principal: CredentialEntity
   resource?: { uid: string }
-  approvals: CredentialEntity[]
+  approvals?: CredentialEntity[]
   transfers?: HistoricalTransfer[]
 }