refactor(portal): move policy events to WAL (#9521)

Moves all of the policy lifecycle events to be broadcasted from the WAL consumer. #### Test - [x] Enable policy - [x] Disable policy - [x] Delete policy - [x] Non-breaking change - [x] Breaking change Related: #6294 --------- Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
2026-01-27 10:18:54 +00:00 · 2025-06-13 18:10:09 -07:00
parent 817eeff19f
commit cbe33cd108
27 changed files with 660 additions and 681 deletions
--- a/elixir/apps/api/lib/api/client/channel.ex
+++ b/elixir/apps/api/lib/api/client/channel.ex
@@ -138,8 +138,8 @@ defmodule API.Client.Channel do

      # We subscribe for policy access events for the actor and the groups the client is a member of,
      actor_group_ids = Actors.all_actor_group_ids!(socket.assigns.subject.actor)
-      :ok = Enum.each(actor_group_ids, &Policies.subscribe_to_events_for_actor_group/1)
-      :ok = Policies.subscribe_to_events_for_actor(socket.assigns.subject.actor)
+      :ok = Enum.each(actor_group_ids, &Events.Hooks.ActorGroups.subscribe_to_policies/1)
+      :ok = Events.Hooks.Actors.subscribe_to_policies(socket.assigns.subject.actor.id)

      {:ok, socket} = init(socket)

@@ -299,12 +299,12 @@ defmodule API.Client.Channel do

  # Those events are broadcasted by Actors whenever a membership is created or deleted
  def handle_info({:create_membership, _actor_id, group_id}, socket) do
-    :ok = Policies.subscribe_to_events_for_actor_group(group_id)
+    :ok = Events.Hooks.ActorGroups.subscribe_to_policies(group_id)
    {:noreply, socket}
  end

  def handle_info({:delete_membership, _actor_id, group_id}, socket) do
-    :ok = Policies.unsubscribe_from_events_for_actor_group(group_id)
+    :ok = Events.Hooks.ActorGroups.unsubscribe_from_policies(group_id)
    {:noreply, socket}
  end

--- a/elixir/apps/api/lib/api/controllers/policy_controller.ex
+++ b/elixir/apps/api/lib/api/controllers/policy_controller.ex
@@ -93,8 +93,8 @@ defmodule API.PolicyController do

    with {:ok, policy} <- Policies.fetch_policy_by_id_or_persistent_id(id, subject) do
      case Policies.update_policy(policy, params, subject) do
-        {:updated, updated_policy} ->
-          render(conn, :show, policy: updated_policy)
+        {:ok, policy} ->
+          render(conn, :show, policy: policy)

        {:error, reason} ->
          {:error, reason}
--- a/elixir/apps/api/test/api/client/channel_test.exs
+++ b/elixir/apps/api/test/api/client/channel_test.exs
@@ -708,7 +708,21 @@ defmodule API.Client.ChannelTest do
      subject: subject
    } do
      assert_push "init", %{}
-      {:ok, _resource} = Domain.Policies.disable_policy(dns_resource_policy, subject)
+      {:ok, policy} = Domain.Policies.disable_policy(dns_resource_policy, subject)
+
+      # Simulate disable
+      old_data = %{
+        "id" => policy.id,
+        "account_id" => policy.account_id,
+        "resource_id" => policy.resource_id,
+        "actor_group_id" => policy.actor_group_id,
+        "conditions" => [],
+        "disabled_at" => nil
+      }
+
+      data = Map.put(old_data, "disabled_at", "2024-01-01T00:00:00Z")
+      Events.Hooks.Policies.on_update(old_data, data)
+
      assert_push "resource_deleted", _payload
      refute_push "resource_created_or_updated", _payload
    end
@@ -935,6 +949,19 @@ defmodule API.Client.ChannelTest do

      Fixtures.Policies.disable_policy(policy)

+      # Simulate disable
+      old_data = %{
+        "id" => policy.id,
+        "account_id" => policy.account_id,
+        "resource_id" => policy.resource_id,
+        "actor_group_id" => policy.actor_group_id,
+        "conditions" => [],
+        "disabled_at" => nil
+      }
+
+      data = Map.put(old_data, "disabled_at", "2024-01-01T00:00:00Z")
+      Events.Hooks.Policies.on_update(old_data, data)
+
      assert_push "resource_deleted", resource_id
      assert resource_id == resource.id