feat: CreateCurrentUserPAT RPC implementation by AmanGIT07 · Pull Request #1401 · raystack/frontier · GitHub
Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Makefile
10 changes: 9 additions & 1 deletion cmd/serve.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ import (

"github.com/raystack/frontier/core/kyc"
"github.com/raystack/frontier/core/prospect"
"github.com/raystack/frontier/core/userpat"

"golang.org/x/exp/slices"

Expand Down Expand Up @@ -372,6 +373,8 @@ func buildAPIDependencies(
prospectRepository := postgres.NewProspectRepository(dbc)
prospectService := prospect.NewService(prospectRepository)

userPATRepo := postgres.NewUserPATRepository(dbc)

svUserRepo := postgres.NewServiceUserRepository(dbc)
scUserCredRepo := postgres.NewServiceUserCredentialRepository(dbc)
serviceUserService := serviceuser.NewService(svUserRepo, scUserCredRepo, relationService)
Expand Down Expand Up @@ -406,7 +409,7 @@ func buildAPIDependencies(
groupRepository := postgres.NewGroupRepository(dbc)
organizationRepository := postgres.NewOrganizationRepository(dbc)

roleService := role.NewService(roleRepository, relationService, permissionService, auditRecordRepository)
roleService := role.NewService(roleRepository, relationService, permissionService, auditRecordRepository, cfg.App.PAT.DeniedPermissionsSet())
policyService := policy.NewService(policyPGRepository, relationService, roleService)
userService := user.NewService(userRepository, relationService, policyService, roleService)
authnService := authenticate.NewService(logger, cfg.App.Authentication,
Expand All @@ -415,6 +418,8 @@ func buildAPIDependencies(
organizationService := organization.NewService(organizationRepository, relationService, userService,
authnService, policyService, preferenceService, auditRecordRepository)

userPATService := userpat.NewService(logger, userPATRepo, cfg.App.PAT, organizationService, roleService, policyService, auditRecordRepository)

auditRecordService := auditrecord.NewService(auditRecordRepository, userService, serviceUserService, sessionService)

orgKycRepository := postgres.NewOrgKycRepository(dbc)
Expand Down Expand Up @@ -528,6 +533,8 @@ func buildAPIDependencies(
permissionService,
userService,
authzSchemaRepository,
relationService,
cfg.App.PAT.DeniedPermissionsSet(),
planService,
planBlobRepository,
)
Expand Down Expand Up @@ -606,6 +613,7 @@ func buildAPIDependencies(
UserOrgsService: userOrgsService,
UserProjectsService: userProjectsService,
AuditRecordService: auditRecordService,
UserPATService: userPATService,
}
return dependencies, nil
}
Expand Down
1 change: 1 addition & 0 deletions core/policy/policy.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ type Policy struct {
ResourceType string `json:"resource_type"`
PrincipalID string `json:"principal_id"`
PrincipalType string `json:"principal_type"`
GrantRelation string `json:"grant_relation"`
Metadata metadata.Metadata

CreatedAt time.Time
Expand Down
13 changes: 12 additions & 1 deletion core/policy/service.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package policy

import (
"context"
"fmt"

"github.com/raystack/frontier/pkg/utils"

Expand Down Expand Up @@ -54,6 +55,16 @@ func (s Service) Create(ctx context.Context, policy Policy) (Policy, error) {
return Policy{}, err
}
policy.RoleID = policyRole.ID
if policy.GrantRelation == "" {
policy.GrantRelation = schema.RoleGrantRelationName
}
if policy.GrantRelation != schema.RoleGrantRelationName && policy.GrantRelation != schema.PATGrantRelationName {
return Policy{}, fmt.Errorf("invalid grant_relation value: %q", policy.GrantRelation)
}
if policy.GrantRelation == schema.PATGrantRelationName && policy.PrincipalType != schema.PATPrincipal {
return Policy{}, fmt.Errorf("%q relation requires principal type %q, got %q",
schema.PATGrantRelationName, schema.PATPrincipal, policy.PrincipalType)
}

createdPolicy, err := s.repository.Upsert(ctx, policy)
if err != nil {
Expand Down Expand Up @@ -126,7 +137,7 @@ func (s Service) AssignRole(ctx context.Context, pol Policy) error {
ID: pol.ID,
Namespace: schema.RoleBindingNamespace,
},
RelationName: schema.RoleGrantRelationName,
RelationName: pol.GrantRelation,
})
if err != nil {
return err
Expand Down
33 changes: 33 additions & 0 deletions core/policy/service_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,33 @@ func TestService_Create(t *testing.T) {
return policy.NewService(repo, relationService, roleService)
},
},
{
name: "reject invalid grant_relation value",
policy: policy.Policy{
RoleID: "role-id",
GrantRelation: "invalid_relation",
},
wantErr: true,
setup: func() *policy.Service {
repo, roleService, relationService := mockService(t)
roleService.On("Get", ctx, "role-id").Return(role.Role{ID: "role-id"}, nil)
return policy.NewService(repo, relationService, roleService)
},
},
{
name: "reject pat_granted for non-PAT principal",
policy: policy.Policy{
RoleID: "role-id",
PrincipalType: schema.UserPrincipal,
GrantRelation: schema.PATGrantRelationName,
},
wantErr: true,
setup: func() *policy.Service {
repo, roleService, relationService := mockService(t)
roleService.On("Get", ctx, "role-id").Return(role.Role{ID: "role-id"}, nil)
return policy.NewService(repo, relationService, roleService)
},
},
{
name: "create policy successfully",
policy: policy.Policy{
Expand All @@ -109,6 +136,7 @@ func TestService_Create(t *testing.T) {
ResourceType: schema.ProjectNamespace,
PrincipalID: "user-id",
PrincipalType: schema.UserPrincipal,
GrantRelation: schema.RoleGrantRelationName,
},
setup: func() *policy.Service {
repo, roleService, relationService := mockService(t)
Expand All @@ -120,13 +148,15 @@ func TestService_Create(t *testing.T) {
ResourceType: schema.ProjectNamespace,
PrincipalID: "user-id",
PrincipalType: schema.UserPrincipal,
GrantRelation: schema.RoleGrantRelationName,
}).Return(policy.Policy{
ID: "policy-id",
RoleID: "role-id",
ResourceID: "resource-id",
ResourceType: schema.ProjectNamespace,
PrincipalID: "user-id",
PrincipalType: schema.UserPrincipal,
GrantRelation: schema.RoleGrantRelationName,
}, nil)

// assign role
Expand Down Expand Up @@ -184,6 +214,7 @@ func TestService_Create(t *testing.T) {
ResourceType: schema.ProjectNamespace,
PrincipalID: "group-id",
PrincipalType: schema.GroupPrincipal,
GrantRelation: schema.RoleGrantRelationName,
},
setup: func() *policy.Service {
repo, roleService, relationService := mockService(t)
Expand All @@ -195,13 +226,15 @@ func TestService_Create(t *testing.T) {
ResourceType: schema.ProjectNamespace,
PrincipalID: "group-id",
PrincipalType: schema.GroupPrincipal,
GrantRelation: schema.RoleGrantRelationName,
}).Return(policy.Policy{
ID: "policy-id",
RoleID: "role-id",
ResourceID: "resource-id",
ResourceType: schema.ProjectNamespace,
PrincipalID: "group-id",
PrincipalType: schema.GroupPrincipal,
GrantRelation: schema.RoleGrantRelationName,
}, nil)

// assign role
Expand Down
44 changes: 39 additions & 5 deletions core/role/service.go
Loading
Loading