diff --git a/api/domain/commanddata/user.proto b/api/domain/commanddata/user.proto index ccd7e825a..5a9f0fbd6 100644 --- a/api/domain/commanddata/user.proto +++ b/api/domain/commanddata/user.proto @@ -18,6 +18,7 @@ syntax = "proto3"; // https://cloud.google.com/apis/design/naming_convention import "validate/validate.proto"; +import "api/domain/common/roles.proto"; option go_package = "github.com/finleap-connect/monoskope/pkg/api/domain/commanddata"; @@ -36,9 +37,9 @@ message CreateUserRoleBindingCommandData { // Unique identifier of the user (UUID 128-bit number) string user_id = 1 [(validate.rules).string.uuid = true]; // Name of the role to add - string role = 2 [(validate.rules).string = {pattern: "^[a-z]+$", max_bytes: 60}]; + common.Role role = 2; // Scope of the role - string scope = 3 [(validate.rules).string = {pattern: "^[a-z]+$", max_bytes: 60}]; + common.Scope scope = 3; // Unique identifier of the affected resource within scope (UUID 128-bit // number) string resource = 4 [(validate.rules).string.uuid = true]; diff --git a/pkg/domain/constants/roles/roles.go b/api/domain/common/roles.proto similarity index 53% rename from pkg/domain/constants/roles/roles.go rename to api/domain/common/roles.proto index 93e4fd0d2..5b9d5453f 100644 --- a/pkg/domain/constants/roles/roles.go +++ b/api/domain/common/roles.proto @@ -12,43 +12,33 @@ // See the License for the specific language governing permissions and // limitations under the License. -package roles +syntax = "proto3"; -import ( - "fmt" +// This file follows google's gRPC naming conventions: +// https://cloud.google.com/apis/design/naming_convention - "github.com/finleap-connect/monoskope/pkg/domain/errors" - es "github.com/finleap-connect/monoskope/pkg/eventsourcing" -) +option go_package = "github.com/finleap-connect/monoskope/pkg/api/domain/common"; + +package common; // Roles -const ( +enum Role { // Admin role - Admin es.Role = "admin" - + admin = 0; // User role - User es.Role = "user" - + user = 1; // OnCall role - OnCall es.Role = "oncall" - + oncall = 2; // K8sOperator role - K8sOperator es.Role = "k8soperator" -) - -// A list of all existing roles. -var AvailableRoles = []es.Role{ - Admin, - User, - K8sOperator, - OnCall, + k8soperator = 3; } -func ValidateRole(role string) error { - for _, v := range AvailableRoles { - if v.String() == role { - return nil - } - } - return errors.ErrInvalidArgument(fmt.Sprintf("Role '%s' is invalid.", role)) -} +// Scopes +enum Scope { + // System scope + system = 0; + // Tenant scope + tenant = 1; + // Cluster scope + cluster = 2; +} \ No newline at end of file diff --git a/api/domain/eventdata/user.proto b/api/domain/eventdata/user.proto index 77590731b..75556ae21 100644 --- a/api/domain/eventdata/user.proto +++ b/api/domain/eventdata/user.proto @@ -20,6 +20,7 @@ syntax = "proto3"; // import "google/protobuf/wrappers.proto"; import "validate/validate.proto"; +import "api/domain/common/roles.proto"; option go_package = "github.com/finleap-connect/monoskope/pkg/api/domain/eventdata"; @@ -36,9 +37,9 @@ message UserRoleAdded { // Unique identifier of the user (UUID 128-bit number) string user_id = 1 [(validate.rules).string.uuid = true]; // Name of the role added to the user - string role = 2 [(validate.rules).string = {pattern: "^[a-z]+$", max_bytes: 60}]; + common.Role role = 2; // Scope of the role - string scope = 3 [(validate.rules).string = {pattern: "^[a-z]+$", max_bytes: 60}]; + common.Scope scope = 3; // Unique identifier of the affected resource (UUID 128-bit number) string resource = 4 [(validate.rules).string.uuid = true]; } \ No newline at end of file diff --git a/docs/development/02-commands.md b/docs/development/02-commands.md index 5d766af50..9daf870a0 100644 --- a/docs/development/02-commands.md +++ b/docs/development/02-commands.md @@ -66,7 +66,7 @@ So before adding a new `Command` you might have a look at the docs about them fi // Policies returns the Role/Scope combination allowed to execute. func (c *UpdateUserNameCommand) Policies(ctx context.Context) []es.Policy { return []es.Policy{ - es.NewPolicy().WithRole(roles.Admin).WithScope(scopes.System), // Allows system admins to update a user name + es.NewPolicy().WithRole(es.Role(common.Role_admin.String())).WithScope(es.Scope(common.Scope_system.String())), // Allows system admins to update a user name } } ``` diff --git a/internal/commandhandler/api_server.go b/internal/commandhandler/api_server.go index a5d51b37b..f17490b3b 100644 --- a/internal/commandhandler/api_server.go +++ b/internal/commandhandler/api_server.go @@ -20,10 +20,9 @@ import ( "time" api_domain "github.com/finleap-connect/monoskope/pkg/api/domain" + "github.com/finleap-connect/monoskope/pkg/api/domain/common" api "github.com/finleap-connect/monoskope/pkg/api/eventsourcing" "github.com/finleap-connect/monoskope/pkg/api/eventsourcing/commands" - "github.com/finleap-connect/monoskope/pkg/domain/constants/roles" - "github.com/finleap-connect/monoskope/pkg/domain/constants/scopes" "github.com/finleap-connect/monoskope/pkg/domain/errors" metadata "github.com/finleap-connect/monoskope/pkg/domain/metadata" evs "github.com/finleap-connect/monoskope/pkg/eventsourcing" @@ -92,11 +91,11 @@ func (s *apiServer) Execute(ctx context.Context, command *commands.Command) (*ap // GetPermissionModel implements API method GetPermissionModel func (s *apiServer) GetPermissionModel(ctx context.Context, in *empty.Empty) (*api_domain.PermissionModel, error) { permissionModel := &api_domain.PermissionModel{} - for _, role := range roles.AvailableRoles { - permissionModel.Roles = append(permissionModel.Roles, role.String()) + for _, role := range common.Role_name { + permissionModel.Roles = append(permissionModel.Roles, role) } - for _, scope := range scopes.AvailableScopes { - permissionModel.Scopes = append(permissionModel.Scopes, scope.String()) + for _, scope := range common.Scope_name { + permissionModel.Scopes = append(permissionModel.Scopes, scope) } return permissionModel, nil } diff --git a/internal/gateway/suite_test.go b/internal/gateway/suite_test.go index 083edc843..3ad018097 100644 --- a/internal/gateway/suite_test.go +++ b/internal/gateway/suite_test.go @@ -29,8 +29,6 @@ import ( api_common "github.com/finleap-connect/monoskope/pkg/api/domain/common" api "github.com/finleap-connect/monoskope/pkg/api/gateway" clientAuth "github.com/finleap-connect/monoskope/pkg/auth" - "github.com/finleap-connect/monoskope/pkg/domain/constants/roles" - "github.com/finleap-connect/monoskope/pkg/domain/constants/scopes" "github.com/finleap-connect/monoskope/pkg/domain/projections" "github.com/finleap-connect/monoskope/pkg/domain/repositories" es_repos "github.com/finleap-connect/monoskope/pkg/eventsourcing/repositories" @@ -190,8 +188,8 @@ var _ = BeforeSuite(func() { env.AdminUser = adminUser adminRoleBinding := projections.NewUserRoleBinding(uuid.New()) adminRoleBinding.UserId = env.AdminUser.Id - adminRoleBinding.Role = roles.Admin.String() - adminRoleBinding.Scope = scopes.System.String() + adminRoleBinding.Role = api_common.Role_admin.String() + adminRoleBinding.Scope = api_common.Scope_system.String() existingUser := projections.NewUserProjection(uuid.New()).(*projections.User) existingUser.Name = "someone" diff --git a/internal/integration_test.go b/internal/integration_test.go index be533034f..d65259b02 100644 --- a/internal/integration_test.go +++ b/internal/integration_test.go @@ -34,8 +34,6 @@ import ( "github.com/finleap-connect/monoskope/pkg/domain/constants/aggregates" commandTypes "github.com/finleap-connect/monoskope/pkg/domain/constants/commands" "github.com/finleap-connect/monoskope/pkg/domain/constants/events" - "github.com/finleap-connect/monoskope/pkg/domain/constants/roles" - "github.com/finleap-connect/monoskope/pkg/domain/constants/scopes" "github.com/finleap-connect/monoskope/pkg/domain/errors" metadata "github.com/finleap-connect/monoskope/pkg/domain/metadata" es "github.com/finleap-connect/monoskope/pkg/eventsourcing" @@ -135,7 +133,7 @@ var _ = Describe("integration", func() { userRoleBindingId := uuid.New() command, err = cmd.AddCommandData( cmd.CreateCommand(userRoleBindingId, commandTypes.CreateUserRoleBinding), - &cmdData.CreateUserRoleBindingCommandData{Role: roles.Admin.String(), Scope: scopes.System.String(), UserId: userId.String(), Resource: uuid.New().String()}, + &cmdData.CreateUserRoleBindingCommandData{Role: common.Role_admin, Scope: common.Scope_system, UserId: userId.String(), Resource: uuid.New().String()}, ) Expect(err).ToNot(HaveOccurred()) @@ -146,9 +144,6 @@ var _ = Describe("integration", func() { // update userRolebBindingId, as the "create" command will have changed it. userRoleBindingId = uuid.MustParse(reply.AggregateId) - // Wait to propagate - time.Sleep(500 * time.Millisecond) - // Creating the same rolebinding again should fail Eventually(func(g Gomega) { command.Id = uuid.New().String() @@ -159,8 +154,8 @@ var _ = Describe("integration", func() { user, err = userServiceClient().GetByEmail(ctx, wrapperspb.String("jane.doe@monoskope.io")) Expect(err).ToNot(HaveOccurred()) Expect(user).ToNot(BeNil()) - Expect(user.Roles[0].Role).To(Equal(roles.Admin.String())) - Expect(user.Roles[0].Scope).To(Equal(scopes.System.String())) + Expect(user.Roles[0].Role).To(Equal(common.Role_admin.String())) + Expect(user.Roles[0].Scope).To(Equal(common.Scope_system.String())) _, err = commandHandlerClient().Execute(mdManager.GetOutgoingGrpcContext(), cmd.CreateCommand(userRoleBindingId, commandTypes.DeleteUserRoleBinding)) Expect(err).ToNot(HaveOccurred()) diff --git a/internal/suite_test.go b/internal/suite_test.go index cd68c6146..f608cd9d5 100644 --- a/internal/suite_test.go +++ b/internal/suite_test.go @@ -18,7 +18,6 @@ import ( "testing" "github.com/finleap-connect/monoskope/internal/test" - "github.com/onsi/ginkgo/reporters" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" @@ -31,8 +30,7 @@ var ( func TestQueryHandler(t *testing.T) { RegisterFailHandler(Fail) - junitReporter := reporters.NewJUnitReporter("../reports/internal-junit.xml") - RunSpecsWithDefaultAndCustomReporters(t, "integration", []Reporter{junitReporter}) + RunSpecs(t, "integration") } var _ = BeforeSuite(func() { diff --git a/pkg/api/domain/commanddata/user.pb.go b/pkg/api/domain/commanddata/user.pb.go index 0a251056c..71eb5c88c 100644 --- a/pkg/api/domain/commanddata/user.pb.go +++ b/pkg/api/domain/commanddata/user.pb.go @@ -22,6 +22,7 @@ package commanddata import ( _ "github.com/envoyproxy/protoc-gen-validate/validate" + common "github.com/finleap-connect/monoskope/pkg/api/domain/common" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" @@ -102,9 +103,9 @@ type CreateUserRoleBindingCommandData struct { // Unique identifier of the user (UUID 128-bit number) UserId string `protobuf:"bytes,1,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"` // Name of the role to add - Role string `protobuf:"bytes,2,opt,name=role,proto3" json:"role,omitempty"` + Role common.Role `protobuf:"varint,2,opt,name=role,proto3,enum=common.Role" json:"role,omitempty"` // Scope of the role - Scope string `protobuf:"bytes,3,opt,name=scope,proto3" json:"scope,omitempty"` + Scope common.Scope `protobuf:"varint,3,opt,name=scope,proto3,enum=common.Scope" json:"scope,omitempty"` // Unique identifier of the affected resource within scope (UUID 128-bit // number) Resource string `protobuf:"bytes,4,opt,name=resource,proto3" json:"resource,omitempty"` @@ -149,18 +150,18 @@ func (x *CreateUserRoleBindingCommandData) GetUserId() string { return "" } -func (x *CreateUserRoleBindingCommandData) GetRole() string { +func (x *CreateUserRoleBindingCommandData) GetRole() common.Role { if x != nil { return x.Role } - return "" + return common.Role_admin } -func (x *CreateUserRoleBindingCommandData) GetScope() string { +func (x *CreateUserRoleBindingCommandData) GetScope() common.Scope { if x != nil { return x.Scope } - return "" + return common.Scope_system } func (x *CreateUserRoleBindingCommandData) GetResource() string { @@ -177,29 +178,30 @@ var file_api_domain_commanddata_user_proto_rawDesc = []byte{ 0x6d, 0x61, 0x6e, 0x64, 0x64, 0x61, 0x74, 0x61, 0x2f, 0x75, 0x73, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0b, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x64, 0x61, 0x74, 0x61, 0x1a, 0x17, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x2f, 0x76, 0x61, 0x6c, 0x69, 0x64, - 0x61, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x54, 0x0a, 0x15, 0x43, 0x72, 0x65, - 0x61, 0x74, 0x65, 0x55, 0x73, 0x65, 0x72, 0x43, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x44, 0x61, - 0x74, 0x61, 0x12, 0x1d, 0x0a, 0x05, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x42, 0x07, 0xfa, 0x42, 0x04, 0x72, 0x02, 0x60, 0x01, 0x52, 0x05, 0x65, 0x6d, 0x61, 0x69, - 0x6c, 0x12, 0x1c, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, - 0x08, 0xfa, 0x42, 0x05, 0x72, 0x03, 0x28, 0x96, 0x01, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x22, - 0xbb, 0x01, 0x0a, 0x20, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x55, 0x73, 0x65, 0x72, 0x52, 0x6f, - 0x6c, 0x65, 0x42, 0x69, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, - 0x44, 0x61, 0x74, 0x61, 0x12, 0x21, 0x0a, 0x07, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x69, 0x64, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x08, 0xfa, 0x42, 0x05, 0x72, 0x03, 0xb0, 0x01, 0x01, 0x52, - 0x06, 0x75, 0x73, 0x65, 0x72, 0x49, 0x64, 0x12, 0x25, 0x0a, 0x04, 0x72, 0x6f, 0x6c, 0x65, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x11, 0xfa, 0x42, 0x0e, 0x72, 0x0c, 0x28, 0x3c, 0x32, 0x08, - 0x5e, 0x5b, 0x61, 0x2d, 0x7a, 0x5d, 0x2b, 0x24, 0x52, 0x04, 0x72, 0x6f, 0x6c, 0x65, 0x12, 0x27, - 0x0a, 0x05, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x42, 0x11, 0xfa, - 0x42, 0x0e, 0x72, 0x0c, 0x28, 0x3c, 0x32, 0x08, 0x5e, 0x5b, 0x61, 0x2d, 0x7a, 0x5d, 0x2b, 0x24, - 0x52, 0x05, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x12, 0x24, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, - 0x72, 0x63, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x42, 0x08, 0xfa, 0x42, 0x05, 0x72, 0x03, - 0xb0, 0x01, 0x01, 0x52, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x42, 0x41, 0x5a, - 0x3f, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x66, 0x69, 0x6e, 0x6c, - 0x65, 0x61, 0x70, 0x2d, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x2f, 0x6d, 0x6f, 0x6e, 0x6f, - 0x73, 0x6b, 0x6f, 0x70, 0x65, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x64, 0x6f, - 0x6d, 0x61, 0x69, 0x6e, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x64, 0x61, 0x74, 0x61, - 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x61, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1d, 0x61, 0x70, 0x69, 0x2f, 0x64, + 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x72, 0x6f, 0x6c, + 0x65, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x54, 0x0a, 0x15, 0x43, 0x72, 0x65, 0x61, + 0x74, 0x65, 0x55, 0x73, 0x65, 0x72, 0x43, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x44, 0x61, 0x74, + 0x61, 0x12, 0x1d, 0x0a, 0x05, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x42, 0x07, 0xfa, 0x42, 0x04, 0x72, 0x02, 0x60, 0x01, 0x52, 0x05, 0x65, 0x6d, 0x61, 0x69, 0x6c, + 0x12, 0x1c, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x08, + 0xfa, 0x42, 0x05, 0x72, 0x03, 0x28, 0x96, 0x01, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0xb2, + 0x01, 0x0a, 0x20, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x55, 0x73, 0x65, 0x72, 0x52, 0x6f, 0x6c, + 0x65, 0x42, 0x69, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x44, + 0x61, 0x74, 0x61, 0x12, 0x21, 0x0a, 0x07, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x69, 0x64, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x42, 0x08, 0xfa, 0x42, 0x05, 0x72, 0x03, 0xb0, 0x01, 0x01, 0x52, 0x06, + 0x75, 0x73, 0x65, 0x72, 0x49, 0x64, 0x12, 0x20, 0x0a, 0x04, 0x72, 0x6f, 0x6c, 0x65, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x52, 0x6f, + 0x6c, 0x65, 0x52, 0x04, 0x72, 0x6f, 0x6c, 0x65, 0x12, 0x23, 0x0a, 0x05, 0x73, 0x63, 0x6f, 0x70, + 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0d, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, + 0x2e, 0x53, 0x63, 0x6f, 0x70, 0x65, 0x52, 0x05, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x12, 0x24, 0x0a, + 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x42, + 0x08, 0xfa, 0x42, 0x05, 0x72, 0x03, 0xb0, 0x01, 0x01, 0x52, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, + 0x72, 0x63, 0x65, 0x42, 0x41, 0x5a, 0x3f, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, + 0x6d, 0x2f, 0x66, 0x69, 0x6e, 0x6c, 0x65, 0x61, 0x70, 0x2d, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, + 0x74, 0x2f, 0x6d, 0x6f, 0x6e, 0x6f, 0x73, 0x6b, 0x6f, 0x70, 0x65, 0x2f, 0x70, 0x6b, 0x67, 0x2f, + 0x61, 0x70, 0x69, 0x2f, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x61, + 0x6e, 0x64, 0x64, 0x61, 0x74, 0x61, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -218,13 +220,17 @@ var file_api_domain_commanddata_user_proto_msgTypes = make([]protoimpl.MessageIn var file_api_domain_commanddata_user_proto_goTypes = []interface{}{ (*CreateUserCommandData)(nil), // 0: commanddata.CreateUserCommandData (*CreateUserRoleBindingCommandData)(nil), // 1: commanddata.CreateUserRoleBindingCommandData + (common.Role)(0), // 2: common.Role + (common.Scope)(0), // 3: common.Scope } var file_api_domain_commanddata_user_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name + 2, // 0: commanddata.CreateUserRoleBindingCommandData.role:type_name -> common.Role + 3, // 1: commanddata.CreateUserRoleBindingCommandData.scope:type_name -> common.Scope + 2, // [2:2] is the sub-list for method output_type + 2, // [2:2] is the sub-list for method input_type + 2, // [2:2] is the sub-list for extension type_name + 2, // [2:2] is the sub-list for extension extendee + 0, // [0:2] is the sub-list for field type_name } func init() { file_api_domain_commanddata_user_proto_init() } diff --git a/pkg/api/domain/commanddata/user.pb.validate.go b/pkg/api/domain/commanddata/user.pb.validate.go index 0ca4b82a2..adb69f58e 100644 --- a/pkg/api/domain/commanddata/user.pb.validate.go +++ b/pkg/api/domain/commanddata/user.pb.validate.go @@ -17,6 +17,8 @@ import ( "unicode/utf8" "google.golang.org/protobuf/types/known/anypb" + + common "github.com/finleap-connect/monoskope/pkg/api/domain/common" ) // ensure the imports are used @@ -33,6 +35,10 @@ var ( _ = (*mail.Address)(nil) _ = anypb.Any{} _ = sort.Sort + + _ = common.Role(0) + + _ = common.Scope(0) ) // define the regex for a UUID once up-front @@ -247,49 +253,9 @@ func (m *CreateUserRoleBindingCommandData) validate(all bool) error { errors = append(errors, err) } - if len(m.GetRole()) > 60 { - err := CreateUserRoleBindingCommandDataValidationError{ - field: "Role", - reason: "value length must be at most 60 bytes", - } - if !all { - return err - } - errors = append(errors, err) - } + // no validation rules for Role - if !_CreateUserRoleBindingCommandData_Role_Pattern.MatchString(m.GetRole()) { - err := CreateUserRoleBindingCommandDataValidationError{ - field: "Role", - reason: "value does not match regex pattern \"^[a-z]+$\"", - } - if !all { - return err - } - errors = append(errors, err) - } - - if len(m.GetScope()) > 60 { - err := CreateUserRoleBindingCommandDataValidationError{ - field: "Scope", - reason: "value length must be at most 60 bytes", - } - if !all { - return err - } - errors = append(errors, err) - } - - if !_CreateUserRoleBindingCommandData_Scope_Pattern.MatchString(m.GetScope()) { - err := CreateUserRoleBindingCommandDataValidationError{ - field: "Scope", - reason: "value does not match regex pattern \"^[a-z]+$\"", - } - if !all { - return err - } - errors = append(errors, err) - } + // no validation rules for Scope if err := m._validateUuid(m.GetResource()); err != nil { err = CreateUserRoleBindingCommandDataValidationError{ @@ -391,7 +357,3 @@ var _ interface { Cause() error ErrorName() string } = CreateUserRoleBindingCommandDataValidationError{} - -var _CreateUserRoleBindingCommandData_Role_Pattern = regexp.MustCompile("^[a-z]+$") - -var _CreateUserRoleBindingCommandData_Scope_Pattern = regexp.MustCompile("^[a-z]+$") diff --git a/pkg/api/domain/common/roles.pb.go b/pkg/api/domain/common/roles.pb.go new file mode 100644 index 000000000..65b32ba19 --- /dev/null +++ b/pkg/api/domain/common/roles.pb.go @@ -0,0 +1,214 @@ +// Copyright 2021 Monoskope Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.26.0 +// protoc v3.17.0 +// source: api/domain/common/roles.proto + +package common + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// Roles +type Role int32 + +const ( + // Admin role + Role_admin Role = 0 + // User role + Role_user Role = 1 + // OnCall role + Role_oncall Role = 2 + // K8sOperator role + Role_k8soperator Role = 3 +) + +// Enum value maps for Role. +var ( + Role_name = map[int32]string{ + 0: "admin", + 1: "user", + 2: "oncall", + 3: "k8soperator", + } + Role_value = map[string]int32{ + "admin": 0, + "user": 1, + "oncall": 2, + "k8soperator": 3, + } +) + +func (x Role) Enum() *Role { + p := new(Role) + *p = x + return p +} + +func (x Role) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (Role) Descriptor() protoreflect.EnumDescriptor { + return file_api_domain_common_roles_proto_enumTypes[0].Descriptor() +} + +func (Role) Type() protoreflect.EnumType { + return &file_api_domain_common_roles_proto_enumTypes[0] +} + +func (x Role) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use Role.Descriptor instead. +func (Role) EnumDescriptor() ([]byte, []int) { + return file_api_domain_common_roles_proto_rawDescGZIP(), []int{0} +} + +// Scopes +type Scope int32 + +const ( + // System scope + Scope_system Scope = 0 + // Tenant scope + Scope_tenant Scope = 1 + // Cluster scope + Scope_cluster Scope = 2 +) + +// Enum value maps for Scope. +var ( + Scope_name = map[int32]string{ + 0: "system", + 1: "tenant", + 2: "cluster", + } + Scope_value = map[string]int32{ + "system": 0, + "tenant": 1, + "cluster": 2, + } +) + +func (x Scope) Enum() *Scope { + p := new(Scope) + *p = x + return p +} + +func (x Scope) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (Scope) Descriptor() protoreflect.EnumDescriptor { + return file_api_domain_common_roles_proto_enumTypes[1].Descriptor() +} + +func (Scope) Type() protoreflect.EnumType { + return &file_api_domain_common_roles_proto_enumTypes[1] +} + +func (x Scope) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use Scope.Descriptor instead. +func (Scope) EnumDescriptor() ([]byte, []int) { + return file_api_domain_common_roles_proto_rawDescGZIP(), []int{1} +} + +var File_api_domain_common_roles_proto protoreflect.FileDescriptor + +var file_api_domain_common_roles_proto_rawDesc = []byte{ + 0x0a, 0x1d, 0x61, 0x70, 0x69, 0x2f, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x2f, 0x63, 0x6f, 0x6d, + 0x6d, 0x6f, 0x6e, 0x2f, 0x72, 0x6f, 0x6c, 0x65, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, + 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2a, 0x38, 0x0a, 0x04, 0x52, 0x6f, 0x6c, 0x65, 0x12, + 0x09, 0x0a, 0x05, 0x61, 0x64, 0x6d, 0x69, 0x6e, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x75, 0x73, + 0x65, 0x72, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x6f, 0x6e, 0x63, 0x61, 0x6c, 0x6c, 0x10, 0x02, + 0x12, 0x0f, 0x0a, 0x0b, 0x6b, 0x38, 0x73, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x10, + 0x03, 0x2a, 0x2c, 0x0a, 0x05, 0x53, 0x63, 0x6f, 0x70, 0x65, 0x12, 0x0a, 0x0a, 0x06, 0x73, 0x79, + 0x73, 0x74, 0x65, 0x6d, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x74, 0x65, 0x6e, 0x61, 0x6e, 0x74, + 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x10, 0x02, 0x42, + 0x3c, 0x5a, 0x3a, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x66, 0x69, + 0x6e, 0x6c, 0x65, 0x61, 0x70, 0x2d, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x2f, 0x6d, 0x6f, + 0x6e, 0x6f, 0x73, 0x6b, 0x6f, 0x70, 0x65, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x61, 0x70, 0x69, 0x2f, + 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x62, 0x06, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_api_domain_common_roles_proto_rawDescOnce sync.Once + file_api_domain_common_roles_proto_rawDescData = file_api_domain_common_roles_proto_rawDesc +) + +func file_api_domain_common_roles_proto_rawDescGZIP() []byte { + file_api_domain_common_roles_proto_rawDescOnce.Do(func() { + file_api_domain_common_roles_proto_rawDescData = protoimpl.X.CompressGZIP(file_api_domain_common_roles_proto_rawDescData) + }) + return file_api_domain_common_roles_proto_rawDescData +} + +var file_api_domain_common_roles_proto_enumTypes = make([]protoimpl.EnumInfo, 2) +var file_api_domain_common_roles_proto_goTypes = []interface{}{ + (Role)(0), // 0: common.Role + (Scope)(0), // 1: common.Scope +} +var file_api_domain_common_roles_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_api_domain_common_roles_proto_init() } +func file_api_domain_common_roles_proto_init() { + if File_api_domain_common_roles_proto != nil { + return + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_api_domain_common_roles_proto_rawDesc, + NumEnums: 2, + NumMessages: 0, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_api_domain_common_roles_proto_goTypes, + DependencyIndexes: file_api_domain_common_roles_proto_depIdxs, + EnumInfos: file_api_domain_common_roles_proto_enumTypes, + }.Build() + File_api_domain_common_roles_proto = out.File + file_api_domain_common_roles_proto_rawDesc = nil + file_api_domain_common_roles_proto_goTypes = nil + file_api_domain_common_roles_proto_depIdxs = nil +} diff --git a/pkg/api/domain/common/roles.pb.validate.go b/pkg/api/domain/common/roles.pb.validate.go new file mode 100644 index 000000000..1b16d4a58 --- /dev/null +++ b/pkg/api/domain/common/roles.pb.validate.go @@ -0,0 +1,36 @@ +// Code generated by protoc-gen-validate. DO NOT EDIT. +// source: api/domain/common/roles.proto + +package common + +import ( + "bytes" + "errors" + "fmt" + "net" + "net/mail" + "net/url" + "regexp" + "sort" + "strings" + "time" + "unicode/utf8" + + "google.golang.org/protobuf/types/known/anypb" +) + +// ensure the imports are used +var ( + _ = bytes.MinRead + _ = errors.New("") + _ = fmt.Print + _ = utf8.UTFMax + _ = (*regexp.Regexp)(nil) + _ = (*strings.Reader)(nil) + _ = net.IPv4len + _ = time.Duration(0) + _ = (*url.URL)(nil) + _ = (*mail.Address)(nil) + _ = anypb.Any{} + _ = sort.Sort +) diff --git a/pkg/api/domain/eventdata/user.pb.go b/pkg/api/domain/eventdata/user.pb.go index aa958eb6d..f8f754083 100644 --- a/pkg/api/domain/eventdata/user.pb.go +++ b/pkg/api/domain/eventdata/user.pb.go @@ -22,6 +22,7 @@ package eventdata import ( _ "github.com/envoyproxy/protoc-gen-validate/validate" + common "github.com/finleap-connect/monoskope/pkg/api/domain/common" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" @@ -100,9 +101,9 @@ type UserRoleAdded struct { // Unique identifier of the user (UUID 128-bit number) UserId string `protobuf:"bytes,1,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"` // Name of the role added to the user - Role string `protobuf:"bytes,2,opt,name=role,proto3" json:"role,omitempty"` + Role common.Role `protobuf:"varint,2,opt,name=role,proto3,enum=common.Role" json:"role,omitempty"` // Scope of the role - Scope string `protobuf:"bytes,3,opt,name=scope,proto3" json:"scope,omitempty"` + Scope common.Scope `protobuf:"varint,3,opt,name=scope,proto3,enum=common.Scope" json:"scope,omitempty"` // Unique identifier of the affected resource (UUID 128-bit number) Resource string `protobuf:"bytes,4,opt,name=resource,proto3" json:"resource,omitempty"` } @@ -146,18 +147,18 @@ func (x *UserRoleAdded) GetUserId() string { return "" } -func (x *UserRoleAdded) GetRole() string { +func (x *UserRoleAdded) GetRole() common.Role { if x != nil { return x.Role } - return "" + return common.Role_admin } -func (x *UserRoleAdded) GetScope() string { +func (x *UserRoleAdded) GetScope() common.Scope { if x != nil { return x.Scope } - return "" + return common.Scope_system } func (x *UserRoleAdded) GetResource() string { @@ -174,27 +175,28 @@ var file_api_domain_eventdata_user_proto_rawDesc = []byte{ 0x6e, 0x74, 0x64, 0x61, 0x74, 0x61, 0x2f, 0x75, 0x73, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x09, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x64, 0x61, 0x74, 0x61, 0x1a, 0x17, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x2f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x4a, 0x0a, 0x0b, 0x55, 0x73, 0x65, 0x72, 0x43, 0x72, 0x65, - 0x61, 0x74, 0x65, 0x64, 0x12, 0x1d, 0x0a, 0x05, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x42, 0x07, 0xfa, 0x42, 0x04, 0x72, 0x02, 0x60, 0x01, 0x52, 0x05, 0x65, 0x6d, - 0x61, 0x69, 0x6c, 0x12, 0x1c, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x09, 0x42, 0x08, 0xfa, 0x42, 0x05, 0x72, 0x03, 0x28, 0x96, 0x01, 0x52, 0x04, 0x6e, 0x61, 0x6d, - 0x65, 0x22, 0xa8, 0x01, 0x0a, 0x0d, 0x55, 0x73, 0x65, 0x72, 0x52, 0x6f, 0x6c, 0x65, 0x41, 0x64, - 0x64, 0x65, 0x64, 0x12, 0x21, 0x0a, 0x07, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x69, 0x64, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x42, 0x08, 0xfa, 0x42, 0x05, 0x72, 0x03, 0xb0, 0x01, 0x01, 0x52, 0x06, - 0x75, 0x73, 0x65, 0x72, 0x49, 0x64, 0x12, 0x25, 0x0a, 0x04, 0x72, 0x6f, 0x6c, 0x65, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x09, 0x42, 0x11, 0xfa, 0x42, 0x0e, 0x72, 0x0c, 0x28, 0x3c, 0x32, 0x08, 0x5e, - 0x5b, 0x61, 0x2d, 0x7a, 0x5d, 0x2b, 0x24, 0x52, 0x04, 0x72, 0x6f, 0x6c, 0x65, 0x12, 0x27, 0x0a, - 0x05, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x42, 0x11, 0xfa, 0x42, - 0x0e, 0x72, 0x0c, 0x28, 0x3c, 0x32, 0x08, 0x5e, 0x5b, 0x61, 0x2d, 0x7a, 0x5d, 0x2b, 0x24, 0x52, - 0x05, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x12, 0x24, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x42, 0x08, 0xfa, 0x42, 0x05, 0x72, 0x03, 0xb0, - 0x01, 0x01, 0x52, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x42, 0x3f, 0x5a, 0x3d, - 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x66, 0x69, 0x6e, 0x6c, 0x65, - 0x61, 0x70, 0x2d, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x2f, 0x6d, 0x6f, 0x6e, 0x6f, 0x73, - 0x6b, 0x6f, 0x70, 0x65, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x64, 0x6f, 0x6d, - 0x61, 0x69, 0x6e, 0x2f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x64, 0x61, 0x74, 0x61, 0x62, 0x06, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1d, 0x61, 0x70, 0x69, 0x2f, 0x64, 0x6f, 0x6d, 0x61, 0x69, + 0x6e, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x72, 0x6f, 0x6c, 0x65, 0x73, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x4a, 0x0a, 0x0b, 0x55, 0x73, 0x65, 0x72, 0x43, 0x72, 0x65, 0x61, + 0x74, 0x65, 0x64, 0x12, 0x1d, 0x0a, 0x05, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x42, 0x07, 0xfa, 0x42, 0x04, 0x72, 0x02, 0x60, 0x01, 0x52, 0x05, 0x65, 0x6d, 0x61, + 0x69, 0x6c, 0x12, 0x1c, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x42, 0x08, 0xfa, 0x42, 0x05, 0x72, 0x03, 0x28, 0x96, 0x01, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, + 0x22, 0x9f, 0x01, 0x0a, 0x0d, 0x55, 0x73, 0x65, 0x72, 0x52, 0x6f, 0x6c, 0x65, 0x41, 0x64, 0x64, + 0x65, 0x64, 0x12, 0x21, 0x0a, 0x07, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x09, 0x42, 0x08, 0xfa, 0x42, 0x05, 0x72, 0x03, 0xb0, 0x01, 0x01, 0x52, 0x06, 0x75, + 0x73, 0x65, 0x72, 0x49, 0x64, 0x12, 0x20, 0x0a, 0x04, 0x72, 0x6f, 0x6c, 0x65, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x0e, 0x32, 0x0c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x52, 0x6f, 0x6c, + 0x65, 0x52, 0x04, 0x72, 0x6f, 0x6c, 0x65, 0x12, 0x23, 0x0a, 0x05, 0x73, 0x63, 0x6f, 0x70, 0x65, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0d, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, + 0x53, 0x63, 0x6f, 0x70, 0x65, 0x52, 0x05, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x12, 0x24, 0x0a, 0x08, + 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x42, 0x08, + 0xfa, 0x42, 0x05, 0x72, 0x03, 0xb0, 0x01, 0x01, 0x52, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, + 0x63, 0x65, 0x42, 0x3f, 0x5a, 0x3d, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, + 0x2f, 0x66, 0x69, 0x6e, 0x6c, 0x65, 0x61, 0x70, 0x2d, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, + 0x2f, 0x6d, 0x6f, 0x6e, 0x6f, 0x73, 0x6b, 0x6f, 0x70, 0x65, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x61, + 0x70, 0x69, 0x2f, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x2f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x64, + 0x61, 0x74, 0x61, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -213,13 +215,17 @@ var file_api_domain_eventdata_user_proto_msgTypes = make([]protoimpl.MessageInfo var file_api_domain_eventdata_user_proto_goTypes = []interface{}{ (*UserCreated)(nil), // 0: eventdata.UserCreated (*UserRoleAdded)(nil), // 1: eventdata.UserRoleAdded + (common.Role)(0), // 2: common.Role + (common.Scope)(0), // 3: common.Scope } var file_api_domain_eventdata_user_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name + 2, // 0: eventdata.UserRoleAdded.role:type_name -> common.Role + 3, // 1: eventdata.UserRoleAdded.scope:type_name -> common.Scope + 2, // [2:2] is the sub-list for method output_type + 2, // [2:2] is the sub-list for method input_type + 2, // [2:2] is the sub-list for extension type_name + 2, // [2:2] is the sub-list for extension extendee + 0, // [0:2] is the sub-list for field type_name } func init() { file_api_domain_eventdata_user_proto_init() } diff --git a/pkg/api/domain/eventdata/user.pb.validate.go b/pkg/api/domain/eventdata/user.pb.validate.go index afabbc8e2..e1992ed59 100644 --- a/pkg/api/domain/eventdata/user.pb.validate.go +++ b/pkg/api/domain/eventdata/user.pb.validate.go @@ -17,6 +17,8 @@ import ( "unicode/utf8" "google.golang.org/protobuf/types/known/anypb" + + common "github.com/finleap-connect/monoskope/pkg/api/domain/common" ) // ensure the imports are used @@ -33,6 +35,10 @@ var ( _ = (*mail.Address)(nil) _ = anypb.Any{} _ = sort.Sort + + _ = common.Role(0) + + _ = common.Scope(0) ) // define the regex for a UUID once up-front @@ -243,49 +249,9 @@ func (m *UserRoleAdded) validate(all bool) error { errors = append(errors, err) } - if len(m.GetRole()) > 60 { - err := UserRoleAddedValidationError{ - field: "Role", - reason: "value length must be at most 60 bytes", - } - if !all { - return err - } - errors = append(errors, err) - } + // no validation rules for Role - if !_UserRoleAdded_Role_Pattern.MatchString(m.GetRole()) { - err := UserRoleAddedValidationError{ - field: "Role", - reason: "value does not match regex pattern \"^[a-z]+$\"", - } - if !all { - return err - } - errors = append(errors, err) - } - - if len(m.GetScope()) > 60 { - err := UserRoleAddedValidationError{ - field: "Scope", - reason: "value length must be at most 60 bytes", - } - if !all { - return err - } - errors = append(errors, err) - } - - if !_UserRoleAdded_Scope_Pattern.MatchString(m.GetScope()) { - err := UserRoleAddedValidationError{ - field: "Scope", - reason: "value does not match regex pattern \"^[a-z]+$\"", - } - if !all { - return err - } - errors = append(errors, err) - } + // no validation rules for Scope if err := m._validateUuid(m.GetResource()); err != nil { err = UserRoleAddedValidationError{ @@ -383,7 +349,3 @@ var _ interface { Cause() error ErrorName() string } = UserRoleAddedValidationError{} - -var _UserRoleAdded_Role_Pattern = regexp.MustCompile("^[a-z]+$") - -var _UserRoleAdded_Scope_Pattern = regexp.MustCompile("^[a-z]+$") diff --git a/pkg/domain/aggregates/domain_aggregate.go b/pkg/domain/aggregates/domain_aggregate.go index 9096cbd48..5bb6ae79e 100644 --- a/pkg/domain/aggregates/domain_aggregate.go +++ b/pkg/domain/aggregates/domain_aggregate.go @@ -17,8 +17,8 @@ package aggregates import ( "context" + "github.com/finleap-connect/monoskope/pkg/api/domain/common" "github.com/finleap-connect/monoskope/pkg/api/domain/projections" - "github.com/finleap-connect/monoskope/pkg/domain/constants/scopes" domainErrors "github.com/finleap-connect/monoskope/pkg/domain/errors" metadata "github.com/finleap-connect/monoskope/pkg/domain/metadata" es "github.com/finleap-connect/monoskope/pkg/eventsourcing" @@ -64,7 +64,7 @@ func validatePolicy(roleBinding *projections.UserRoleBinding, policy es.Policy, if !policy.AcceptsScope(es.Scope(roleBinding.GetScope())) { return false } - if roleBinding.GetScope() != scopes.System.String() && roleBinding.GetResource() != expectedResource.String() { + if roleBinding.GetScope() != common.Scope_system.String() && roleBinding.GetResource() != expectedResource.String() { return false } return true diff --git a/pkg/domain/aggregates/suite_test.go b/pkg/domain/aggregates/suite_test.go index 530b5a3a2..ce7347e81 100644 --- a/pkg/domain/aggregates/suite_test.go +++ b/pkg/domain/aggregates/suite_test.go @@ -18,12 +18,11 @@ import ( "context" "testing" + "github.com/finleap-connect/monoskope/pkg/api/domain/common" projections "github.com/finleap-connect/monoskope/pkg/api/domain/projections" "github.com/finleap-connect/monoskope/pkg/domain/commands" cmd "github.com/finleap-connect/monoskope/pkg/domain/commands" "github.com/finleap-connect/monoskope/pkg/domain/constants/aggregates" - "github.com/finleap-connect/monoskope/pkg/domain/constants/roles" - "github.com/finleap-connect/monoskope/pkg/domain/constants/scopes" "github.com/finleap-connect/monoskope/pkg/domain/errors" meta "github.com/finleap-connect/monoskope/pkg/domain/metadata" es "github.com/finleap-connect/monoskope/pkg/eventsourcing" @@ -36,8 +35,8 @@ var ( expectedUserName = "the one cluster" expectedEmail = "me@example.com" - expectedTenantScope = scopes.Tenant - expectedAdminRole = roles.Admin + expectedTenantScope = common.Scope_tenant + expectedAdminRole = common.Role_admin expectedResourceId = uuid.New() expectedUserId = uuid.New() @@ -70,8 +69,8 @@ func createSysAdminCtx() context.Context { metaMgr.SetRoleBindings([]*projections.UserRoleBinding{ { - Role: roles.Admin.String(), - Scope: scopes.System.String(), + Role: common.Role_admin.String(), + Scope: common.Scope_system.String(), }, }) @@ -200,8 +199,8 @@ func createUserRoleBinding(ctx context.Context, agg es.Aggregate, userId uuid.UU Expect(ok).To(BeTrue()) esCommand.UserId = userId.String() - esCommand.Role = expectedAdminRole.String() - esCommand.Scope = expectedTenantScope.String() + esCommand.Role = expectedAdminRole + esCommand.Scope = expectedTenantScope esCommand.Resource = expectedResourceId.String() return agg.HandleCommand(ctx, esCommand) diff --git a/pkg/domain/aggregates/user_role_binding.go b/pkg/domain/aggregates/user_role_binding.go index 30400ea26..e2ae7a649 100644 --- a/pkg/domain/aggregates/user_role_binding.go +++ b/pkg/domain/aggregates/user_role_binding.go @@ -18,12 +18,11 @@ import ( "context" "fmt" + "github.com/finleap-connect/monoskope/pkg/api/domain/common" "github.com/finleap-connect/monoskope/pkg/api/domain/eventdata" "github.com/finleap-connect/monoskope/pkg/domain/commands" aggregates "github.com/finleap-connect/monoskope/pkg/domain/constants/aggregates" "github.com/finleap-connect/monoskope/pkg/domain/constants/events" - "github.com/finleap-connect/monoskope/pkg/domain/constants/roles" - "github.com/finleap-connect/monoskope/pkg/domain/constants/scopes" domainErrors "github.com/finleap-connect/monoskope/pkg/domain/errors" es "github.com/finleap-connect/monoskope/pkg/eventsourcing" "github.com/google/uuid" @@ -71,12 +70,6 @@ func (a *UserRoleBindingAggregate) validate(ctx context.Context, cmd es.Command) if userId, err = uuid.Parse(cmd.GetUserId()); err != nil { return domainErrors.ErrInvalidArgument("user id is invalid") } - if err := roles.ValidateRole(cmd.GetRole()); err != nil { - return err - } - if err := scopes.ValidateScope(cmd.GetScope()); err != nil { - return err - } if resource, err = uuid.Parse(cmd.GetResource()); err != nil && cmd.GetResource() != "" { return domainErrors.ErrInvalidArgument("resource id is invalid") } @@ -153,8 +146,8 @@ func (a *UserRoleBindingAggregate) userRoleBindingCreated(event es.Event) error } a.userId = userId - a.role = es.Role(data.Role) - a.scope = es.Scope(data.Scope) + a.role = es.Role(data.Role.String()) + a.scope = es.Scope(data.Scope.String()) a.resource = uuid.Nil if data.Resource != "" { @@ -168,7 +161,7 @@ func (a *UserRoleBindingAggregate) userRoleBindingCreated(event es.Event) error return nil } -func containsRoleBinding(values []es.Aggregate, userId string, role, scope, resource string) bool { +func containsRoleBinding(values []es.Aggregate, userId string, role common.Role, scope common.Scope, resource string) bool { resourceId := uuid.Nil if resource != "" { id, err := uuid.Parse(resource) @@ -182,8 +175,8 @@ func containsRoleBinding(values []es.Aggregate, userId string, role, scope, reso d, ok := value.(*UserRoleBindingAggregate) if ok && d.userId.String() == userId && - d.role.String() == role && - d.scope.String() == scope && + d.role == es.Role(role.String()) && + d.scope == es.Scope(scope.String()) && d.resource == resourceId { return true } diff --git a/pkg/domain/aggregates/user_role_binding_test.go b/pkg/domain/aggregates/user_role_binding_test.go index 983da30ed..eb54ad78c 100644 --- a/pkg/domain/aggregates/user_role_binding_test.go +++ b/pkg/domain/aggregates/user_role_binding_test.go @@ -63,8 +63,8 @@ var _ = Describe("Unit Test for UserRoleBinding Aggregate", func() { Expect(data.UserId).To(Equal(expectedUserId.String())) Expect(data.Resource).To(Equal(expectedResourceId.String())) - Expect(data.Scope).To(Equal(expectedTenantScope.String())) - Expect(data.Role).To(Equal(expectedAdminRole.String())) + Expect(data.Scope).To(Equal(expectedTenantScope)) + Expect(data.Role).To(Equal(expectedAdminRole)) }) @@ -75,8 +75,8 @@ var _ = Describe("Unit Test for UserRoleBinding Aggregate", func() { ed := es.ToEventDataFromProto(&eventdata.UserRoleAdded{ UserId: expectedUserId.String(), - Role: expectedAdminRole.String(), - Scope: expectedTenantScope.String(), + Role: expectedAdminRole, + Scope: expectedTenantScope, Resource: expectedResourceId.String(), }) esEvent := es.NewEvent(ctx, events.UserRoleBindingCreated, ed, time.Now().UTC(), @@ -86,8 +86,8 @@ var _ = Describe("Unit Test for UserRoleBinding Aggregate", func() { Expect(err).NotTo(HaveOccurred()) Expect(agg.(*UserRoleBindingAggregate).resource).To(Equal(expectedResourceId)) - Expect(agg.(*UserRoleBindingAggregate).role).To(Equal(expectedAdminRole)) - Expect(agg.(*UserRoleBindingAggregate).scope).To(Equal(expectedTenantScope)) + Expect(agg.(*UserRoleBindingAggregate).role.String()).To(Equal(expectedAdminRole.String())) + Expect(agg.(*UserRoleBindingAggregate).scope.String()).To(Equal(expectedTenantScope.String())) Expect(agg.(*UserRoleBindingAggregate).userId).To(Equal(expectedUserId)) }) diff --git a/pkg/domain/commandhandler.go b/pkg/domain/commandhandler.go index c89e7ee5b..d995e5f6e 100644 --- a/pkg/domain/commandhandler.go +++ b/pkg/domain/commandhandler.go @@ -22,12 +22,11 @@ import ( domainApi "github.com/finleap-connect/monoskope/pkg/api/domain" cmdData "github.com/finleap-connect/monoskope/pkg/api/domain/commanddata" + "github.com/finleap-connect/monoskope/pkg/api/domain/common" esApi "github.com/finleap-connect/monoskope/pkg/api/eventsourcing" "github.com/finleap-connect/monoskope/pkg/domain/aggregates" "github.com/finleap-connect/monoskope/pkg/domain/commands" commandTypes "github.com/finleap-connect/monoskope/pkg/domain/constants/commands" - "github.com/finleap-connect/monoskope/pkg/domain/constants/roles" - "github.com/finleap-connect/monoskope/pkg/domain/constants/scopes" "github.com/finleap-connect/monoskope/pkg/domain/constants/users" domainErrors "github.com/finleap-connect/monoskope/pkg/domain/errors" domainHandlers "github.com/finleap-connect/monoskope/pkg/domain/handler" @@ -85,7 +84,7 @@ func setupUser(ctx context.Context, name, email string, handler es.CommandHandle } // setupRoleBinding creates rolebindings -func setupRoleBinding(ctx context.Context, userId uuid.UUID, role, scope string, handler es.CommandHandler) error { +func setupRoleBinding(ctx context.Context, userId uuid.UUID, role common.Role, scope common.Scope, handler es.CommandHandler) error { data, err := commands.CreateCommandData(&cmdData.CreateUserRoleBindingCommandData{ UserId: userId.String(), Role: role, @@ -126,7 +125,7 @@ func setupSuperUsers(ctx context.Context, handler es.CommandHandler) error { return err } - err = setupRoleBinding(ctx, userId, roles.Admin.String(), scopes.System.String(), handler) + err = setupRoleBinding(ctx, userId, common.Role_admin, common.Scope_system, handler) if err != nil { return err } diff --git a/pkg/domain/commands/create_cluster.go b/pkg/domain/commands/create_cluster.go index 323d97738..664183c81 100644 --- a/pkg/domain/commands/create_cluster.go +++ b/pkg/domain/commands/create_cluster.go @@ -18,10 +18,9 @@ import ( "context" cmdData "github.com/finleap-connect/monoskope/pkg/api/domain/commanddata" + "github.com/finleap-connect/monoskope/pkg/api/domain/common" "github.com/finleap-connect/monoskope/pkg/domain/constants/aggregates" "github.com/finleap-connect/monoskope/pkg/domain/constants/commands" - "github.com/finleap-connect/monoskope/pkg/domain/constants/roles" - "github.com/finleap-connect/monoskope/pkg/domain/constants/scopes" es "github.com/finleap-connect/monoskope/pkg/eventsourcing" "github.com/google/uuid" "google.golang.org/protobuf/types/known/anypb" @@ -51,6 +50,6 @@ func (c *CreateClusterCommand) SetData(a *anypb.Any) error { // Policies returns the Role/Scope/Resource combination allowed to execute. func (c *CreateClusterCommand) Policies(ctx context.Context) []es.Policy { return []es.Policy{ - es.NewPolicy().WithRole(roles.Admin).WithScope(scopes.System), // Allows system admins + es.NewPolicy().WithRole(es.Role(common.Role_admin.String())).WithScope(es.Scope(common.Scope_system.String())), // Allows system admins } } diff --git a/pkg/domain/commands/create_tenant.go b/pkg/domain/commands/create_tenant.go index d8490d93c..30a324bce 100644 --- a/pkg/domain/commands/create_tenant.go +++ b/pkg/domain/commands/create_tenant.go @@ -18,10 +18,9 @@ import ( "context" cmdData "github.com/finleap-connect/monoskope/pkg/api/domain/commanddata" + "github.com/finleap-connect/monoskope/pkg/api/domain/common" "github.com/finleap-connect/monoskope/pkg/domain/constants/aggregates" "github.com/finleap-connect/monoskope/pkg/domain/constants/commands" - "github.com/finleap-connect/monoskope/pkg/domain/constants/roles" - "github.com/finleap-connect/monoskope/pkg/domain/constants/scopes" es "github.com/finleap-connect/monoskope/pkg/eventsourcing" "github.com/google/uuid" "google.golang.org/protobuf/types/known/anypb" @@ -54,6 +53,6 @@ func (c *CreateTenantCommand) SetData(a *anypb.Any) error { // Policies returns the Role/Scope/Resource combination allowed to execute. func (c *CreateTenantCommand) Policies(ctx context.Context) []es.Policy { return []es.Policy{ - es.NewPolicy().WithRole(roles.Admin).WithScope(scopes.System), // Allows system admins to create a tenant + es.NewPolicy().WithRole(es.Role(common.Role_admin.String())).WithScope(es.Scope(common.Scope_system.String())), // Allows system admins to create a tenant } } diff --git a/pkg/domain/commands/create_tenant_cluster_binding.go b/pkg/domain/commands/create_tenant_cluster_binding.go index e5623b273..d44a4988d 100644 --- a/pkg/domain/commands/create_tenant_cluster_binding.go +++ b/pkg/domain/commands/create_tenant_cluster_binding.go @@ -18,10 +18,9 @@ import ( "context" cmdData "github.com/finleap-connect/monoskope/pkg/api/domain/commanddata" + "github.com/finleap-connect/monoskope/pkg/api/domain/common" "github.com/finleap-connect/monoskope/pkg/domain/constants/aggregates" "github.com/finleap-connect/monoskope/pkg/domain/constants/commands" - "github.com/finleap-connect/monoskope/pkg/domain/constants/roles" - "github.com/finleap-connect/monoskope/pkg/domain/constants/scopes" es "github.com/finleap-connect/monoskope/pkg/eventsourcing" "github.com/google/uuid" "google.golang.org/protobuf/types/known/anypb" @@ -47,6 +46,6 @@ func (c *CreateTenantClusterBindingCommand) SetData(a *anypb.Any) error { } func (c *CreateTenantClusterBindingCommand) Policies(ctx context.Context) []es.Policy { return []es.Policy{ - es.NewPolicy().WithRole(roles.Admin).WithScope(scopes.System), // System admin + es.NewPolicy().WithRole(es.Role(common.Role_admin.String())).WithScope(es.Scope(common.Scope_system.String())), // System admin } } diff --git a/pkg/domain/commands/create_user.go b/pkg/domain/commands/create_user.go index 1356e92b7..21440d8be 100644 --- a/pkg/domain/commands/create_user.go +++ b/pkg/domain/commands/create_user.go @@ -18,10 +18,9 @@ import ( "context" cmdData "github.com/finleap-connect/monoskope/pkg/api/domain/commanddata" + "github.com/finleap-connect/monoskope/pkg/api/domain/common" "github.com/finleap-connect/monoskope/pkg/domain/constants/aggregates" "github.com/finleap-connect/monoskope/pkg/domain/constants/commands" - "github.com/finleap-connect/monoskope/pkg/domain/constants/roles" - "github.com/finleap-connect/monoskope/pkg/domain/constants/scopes" es "github.com/finleap-connect/monoskope/pkg/eventsourcing" "github.com/google/uuid" "google.golang.org/protobuf/types/known/anypb" @@ -49,6 +48,6 @@ func (c *CreateUserCommand) SetData(a *anypb.Any) error { func (c *CreateUserCommand) Policies(ctx context.Context) []es.Policy { return []es.Policy{ - es.NewPolicy().WithRole(roles.Admin).WithScope(scopes.System), // Allows system admins to create users + es.NewPolicy().WithRole(es.Role(common.Role_admin.String())).WithScope(es.Scope(common.Scope_system.String())), // Allows system admins to create users } } diff --git a/pkg/domain/commands/create_user_role_binding.go b/pkg/domain/commands/create_user_role_binding.go index a960a35ef..1c79073de 100644 --- a/pkg/domain/commands/create_user_role_binding.go +++ b/pkg/domain/commands/create_user_role_binding.go @@ -18,10 +18,9 @@ import ( "context" cmdData "github.com/finleap-connect/monoskope/pkg/api/domain/commanddata" + "github.com/finleap-connect/monoskope/pkg/api/domain/common" "github.com/finleap-connect/monoskope/pkg/domain/constants/aggregates" "github.com/finleap-connect/monoskope/pkg/domain/constants/commands" - "github.com/finleap-connect/monoskope/pkg/domain/constants/roles" - "github.com/finleap-connect/monoskope/pkg/domain/constants/scopes" es "github.com/finleap-connect/monoskope/pkg/eventsourcing" "github.com/google/uuid" "google.golang.org/protobuf/types/known/anypb" @@ -47,7 +46,7 @@ func (c *CreateUserRoleBindingCommand) SetData(a *anypb.Any) error { } func (c *CreateUserRoleBindingCommand) Policies(ctx context.Context) []es.Policy { return []es.Policy{ - es.NewPolicy().WithRole(roles.Admin).WithScope(scopes.System), // System admin - es.NewPolicy().WithRole(roles.Admin).WithScope(scopes.Tenant), // Tenant admin + es.NewPolicy().WithRole(es.Role(common.Role_admin.String())).WithScope(es.Scope(common.Scope_system.String())), // System admin + es.NewPolicy().WithRole(es.Role(common.Role_admin.String())).WithScope(es.Scope(common.Scope_tenant.String())), // Tenant admin } } diff --git a/pkg/domain/commands/delete_cluster.go b/pkg/domain/commands/delete_cluster.go index 1982c784e..2c1fe0d1c 100644 --- a/pkg/domain/commands/delete_cluster.go +++ b/pkg/domain/commands/delete_cluster.go @@ -17,10 +17,9 @@ package commands import ( "context" + "github.com/finleap-connect/monoskope/pkg/api/domain/common" "github.com/finleap-connect/monoskope/pkg/domain/constants/aggregates" "github.com/finleap-connect/monoskope/pkg/domain/constants/commands" - "github.com/finleap-connect/monoskope/pkg/domain/constants/roles" - "github.com/finleap-connect/monoskope/pkg/domain/constants/scopes" es "github.com/finleap-connect/monoskope/pkg/eventsourcing" "github.com/google/uuid" "google.golang.org/protobuf/types/known/anypb" @@ -49,6 +48,6 @@ func (c *DeleteClusterCommand) SetData(a *anypb.Any) error { // Policies returns the Role/Scope/Resource combination allowed to execute. func (c *DeleteClusterCommand) Policies(ctx context.Context) []es.Policy { return []es.Policy{ - es.NewPolicy().WithRole(roles.Admin).WithScope(scopes.System), // Allows system admins + es.NewPolicy().WithRole(es.Role(common.Role_admin.String())).WithScope(es.Scope(common.Scope_system.String())), // Allows system admins } } diff --git a/pkg/domain/commands/delete_tenant.go b/pkg/domain/commands/delete_tenant.go index 1ff965ecd..d925b6c67 100644 --- a/pkg/domain/commands/delete_tenant.go +++ b/pkg/domain/commands/delete_tenant.go @@ -17,10 +17,9 @@ package commands import ( "context" + "github.com/finleap-connect/monoskope/pkg/api/domain/common" "github.com/finleap-connect/monoskope/pkg/domain/constants/aggregates" "github.com/finleap-connect/monoskope/pkg/domain/constants/commands" - "github.com/finleap-connect/monoskope/pkg/domain/constants/roles" - "github.com/finleap-connect/monoskope/pkg/domain/constants/scopes" es "github.com/finleap-connect/monoskope/pkg/eventsourcing" "github.com/google/uuid" "google.golang.org/protobuf/types/known/anypb" @@ -49,6 +48,6 @@ func (c *DeleteTenantCommand) SetData(a *anypb.Any) error { // Policies returns the Role/Scope/Resource combination allowed to execute. func (c *DeleteTenantCommand) Policies(ctx context.Context) []es.Policy { return []es.Policy{ - es.NewPolicy().WithRole(roles.Admin).WithScope(scopes.System), // Allows system admins to delete a tenant + es.NewPolicy().WithRole(es.Role(common.Role_admin.String())).WithScope(es.Scope(common.Scope_system.String())), // Allows system admins to delete a tenant } } diff --git a/pkg/domain/commands/delete_tenant_cluster_binding.go b/pkg/domain/commands/delete_tenant_cluster_binding.go index 8cf02734e..8699e83b0 100644 --- a/pkg/domain/commands/delete_tenant_cluster_binding.go +++ b/pkg/domain/commands/delete_tenant_cluster_binding.go @@ -17,10 +17,9 @@ package commands import ( "context" + "github.com/finleap-connect/monoskope/pkg/api/domain/common" "github.com/finleap-connect/monoskope/pkg/domain/constants/aggregates" "github.com/finleap-connect/monoskope/pkg/domain/constants/commands" - "github.com/finleap-connect/monoskope/pkg/domain/constants/roles" - "github.com/finleap-connect/monoskope/pkg/domain/constants/scopes" es "github.com/finleap-connect/monoskope/pkg/eventsourcing" "github.com/google/uuid" "google.golang.org/protobuf/types/known/anypb" @@ -49,6 +48,6 @@ func (c *DeleteTenantClusterBindingCommand) SetData(a *anypb.Any) error { // Policies returns the Role/Scope/Resource combination allowed to execute. func (c *DeleteTenantClusterBindingCommand) Policies(ctx context.Context) []es.Policy { return []es.Policy{ - es.NewPolicy().WithRole(roles.Admin).WithScope(scopes.System), // Allows system admins + es.NewPolicy().WithRole(es.Role(common.Role_admin.String())).WithScope(es.Scope(common.Scope_system.String())), // Allows system admins } } diff --git a/pkg/domain/commands/delete_user.go b/pkg/domain/commands/delete_user.go index 67665697a..aa558547b 100644 --- a/pkg/domain/commands/delete_user.go +++ b/pkg/domain/commands/delete_user.go @@ -17,10 +17,9 @@ package commands import ( "context" + "github.com/finleap-connect/monoskope/pkg/api/domain/common" "github.com/finleap-connect/monoskope/pkg/domain/constants/aggregates" "github.com/finleap-connect/monoskope/pkg/domain/constants/commands" - "github.com/finleap-connect/monoskope/pkg/domain/constants/roles" - "github.com/finleap-connect/monoskope/pkg/domain/constants/scopes" es "github.com/finleap-connect/monoskope/pkg/eventsourcing" "github.com/google/uuid" "google.golang.org/protobuf/types/known/anypb" @@ -49,6 +48,6 @@ func (c *DeleteUserCommand) SetData(a *anypb.Any) error { // Policies returns the Role/Scope/Resource combination allowed to execute. func (c *DeleteUserCommand) Policies(ctx context.Context) []es.Policy { return []es.Policy{ - es.NewPolicy().WithRole(roles.Admin).WithScope(scopes.System), // Allows system admins + es.NewPolicy().WithRole(es.Role(common.Role_admin.String())).WithScope(es.Scope(common.Scope_system.String())), // Allows system admins } } diff --git a/pkg/domain/commands/delete_user_role_binding.go b/pkg/domain/commands/delete_user_role_binding.go index acecafe41..27439b920 100644 --- a/pkg/domain/commands/delete_user_role_binding.go +++ b/pkg/domain/commands/delete_user_role_binding.go @@ -17,10 +17,9 @@ package commands import ( "context" + "github.com/finleap-connect/monoskope/pkg/api/domain/common" "github.com/finleap-connect/monoskope/pkg/domain/constants/aggregates" "github.com/finleap-connect/monoskope/pkg/domain/constants/commands" - "github.com/finleap-connect/monoskope/pkg/domain/constants/roles" - "github.com/finleap-connect/monoskope/pkg/domain/constants/scopes" es "github.com/finleap-connect/monoskope/pkg/eventsourcing" "github.com/google/uuid" "google.golang.org/protobuf/types/known/anypb" @@ -45,7 +44,7 @@ func (c *DeleteUserRoleBindingCommand) SetData(a *anypb.Any) error { } func (c *DeleteUserRoleBindingCommand) Policies(ctx context.Context) []es.Policy { return []es.Policy{ - es.NewPolicy().WithRole(roles.Admin).WithScope(scopes.System), // System admin - es.NewPolicy().WithRole(roles.Admin).WithScope(scopes.Tenant), // Tenant admin + es.NewPolicy().WithRole(es.Role(common.Role_admin.String())).WithScope(es.Scope(common.Scope_system.String())), // System admin + es.NewPolicy().WithRole(es.Role(common.Role_admin.String())).WithScope(es.Scope(common.Scope_tenant.String())), // Tenant admin } } diff --git a/pkg/domain/commands/request_certificate.go b/pkg/domain/commands/request_certificate.go index f85308996..1238625e2 100644 --- a/pkg/domain/commands/request_certificate.go +++ b/pkg/domain/commands/request_certificate.go @@ -18,10 +18,9 @@ import ( "context" cmdData "github.com/finleap-connect/monoskope/pkg/api/domain/commanddata" + "github.com/finleap-connect/monoskope/pkg/api/domain/common" "github.com/finleap-connect/monoskope/pkg/domain/constants/aggregates" "github.com/finleap-connect/monoskope/pkg/domain/constants/commands" - "github.com/finleap-connect/monoskope/pkg/domain/constants/roles" - "github.com/finleap-connect/monoskope/pkg/domain/constants/scopes" es "github.com/finleap-connect/monoskope/pkg/eventsourcing" "github.com/google/uuid" "google.golang.org/protobuf/types/known/anypb" @@ -51,7 +50,7 @@ func (c *RequestCertificateCommand) SetData(a *anypb.Any) error { // Policies returns the Role/Scope/Resource combination allowed to execute. func (c *RequestCertificateCommand) Policies(ctx context.Context) []es.Policy { return []es.Policy{ - es.NewPolicy().WithRole(roles.Admin).WithScope(scopes.System), // Allows system admins - es.NewPolicy().WithRole(roles.K8sOperator).WithScope(scopes.System), // Allows k8s operators + es.NewPolicy().WithRole(es.Role(common.Role_admin.String())).WithScope(es.Scope(common.Scope_system.String())), // Allows system admins + es.NewPolicy().WithRole(es.Role(common.Role_k8soperator.String())).WithScope(es.Scope(common.Scope_tenant.String())), // Allows k8s operators } } diff --git a/pkg/domain/commands/update_cluster.go b/pkg/domain/commands/update_cluster.go index e730e7284..4cbedfa0c 100644 --- a/pkg/domain/commands/update_cluster.go +++ b/pkg/domain/commands/update_cluster.go @@ -18,10 +18,9 @@ import ( "context" cmdData "github.com/finleap-connect/monoskope/pkg/api/domain/commanddata" + "github.com/finleap-connect/monoskope/pkg/api/domain/common" "github.com/finleap-connect/monoskope/pkg/domain/constants/aggregates" "github.com/finleap-connect/monoskope/pkg/domain/constants/commands" - "github.com/finleap-connect/monoskope/pkg/domain/constants/roles" - "github.com/finleap-connect/monoskope/pkg/domain/constants/scopes" es "github.com/finleap-connect/monoskope/pkg/eventsourcing" "github.com/google/uuid" "google.golang.org/protobuf/types/known/anypb" @@ -51,6 +50,6 @@ func (c *UpdateClusterCommand) SetData(a *anypb.Any) error { // Policies returns the Role/Scope/Resource combination allowed to execute. func (c *UpdateClusterCommand) Policies(ctx context.Context) []es.Policy { return []es.Policy{ - es.NewPolicy().WithRole(roles.Admin).WithScope(scopes.System), // Allows system admins to update a cluster + es.NewPolicy().WithRole(es.Role(common.Role_admin.String())).WithScope(es.Scope(common.Scope_system.String())), // Allows system admins to update a cluster } } diff --git a/pkg/domain/commands/update_tenant.go b/pkg/domain/commands/update_tenant.go index 54ddfc8ae..b2b84564c 100644 --- a/pkg/domain/commands/update_tenant.go +++ b/pkg/domain/commands/update_tenant.go @@ -18,10 +18,9 @@ import ( "context" cmdData "github.com/finleap-connect/monoskope/pkg/api/domain/commanddata" + "github.com/finleap-connect/monoskope/pkg/api/domain/common" "github.com/finleap-connect/monoskope/pkg/domain/constants/aggregates" "github.com/finleap-connect/monoskope/pkg/domain/constants/commands" - "github.com/finleap-connect/monoskope/pkg/domain/constants/roles" - "github.com/finleap-connect/monoskope/pkg/domain/constants/scopes" es "github.com/finleap-connect/monoskope/pkg/eventsourcing" "github.com/google/uuid" "google.golang.org/protobuf/types/known/anypb" @@ -51,6 +50,6 @@ func (c *UpdateTenantCommand) SetData(a *anypb.Any) error { // Policies returns the Role/Scope/Resource combination allowed to execute. func (c *UpdateTenantCommand) Policies(ctx context.Context) []es.Policy { return []es.Policy{ - es.NewPolicy().WithRole(roles.Admin).WithScope(scopes.System), // Allows system admins to update a tenant + es.NewPolicy().WithRole(es.Role(common.Role_admin.String())).WithScope(es.Scope(common.Scope_system.String())), // Allows system admins to update a tenant } } diff --git a/pkg/domain/constants/scopes/scopes.go b/pkg/domain/constants/scopes/scopes.go deleted file mode 100644 index 9953604db..000000000 --- a/pkg/domain/constants/scopes/scopes.go +++ /dev/null @@ -1,52 +0,0 @@ -// Copyright 2021 Monoskope Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Package scopes sets the scope of permissions granted to a role: System, Tenant or Cluster. -// For the scopes Tenant and Cluster, a role binding will define to which specific tenant or cluster -// the role should be applied for a given user. -package scopes - -import ( - "fmt" - - "github.com/finleap-connect/monoskope/pkg/domain/errors" - es "github.com/finleap-connect/monoskope/pkg/eventsourcing" -) - -// Scopes -const ( - // System scope - System es.Scope = "system" - - // Tenant scope - Tenant es.Scope = "tenant" - - // Cluster scope - Cluster es.Scope = "cluster" -) - -// A list of all existing scopes. -var AvailableScopes = []es.Scope{ - System, - Tenant, -} - -func ValidateScope(scope string) error { - for _, v := range AvailableScopes { - if v.String() == scope { - return nil - } - } - return errors.ErrInvalidArgument(fmt.Sprintf("Scope '%s' is invalid.", scope)) -} diff --git a/pkg/domain/constants/users/users.go b/pkg/domain/constants/users/users.go index e1dd1338b..de3a1dc9c 100644 --- a/pkg/domain/constants/users/users.go +++ b/pkg/domain/constants/users/users.go @@ -17,8 +17,7 @@ package users import ( "fmt" - "github.com/finleap-connect/monoskope/pkg/domain/constants/roles" - "github.com/finleap-connect/monoskope/pkg/domain/constants/scopes" + "github.com/finleap-connect/monoskope/pkg/api/domain/common" "github.com/finleap-connect/monoskope/pkg/domain/projections" "github.com/google/uuid" ) @@ -54,8 +53,8 @@ func newSystemUser(name string) *projections.User { // Create admin rolebinding adminRoleBinding := projections.NewUserRoleBinding(uuid.Nil) adminRoleBinding.UserId = userId.String() - adminRoleBinding.Role = string(roles.Admin) - adminRoleBinding.Scope = string(scopes.System) + adminRoleBinding.Role = string(common.Role_admin.String()) + adminRoleBinding.Scope = string(common.Scope_system.String()) // Create system user user := projections.NewUserProjection(userId).(*projections.User) diff --git a/pkg/domain/handler/user_information_handler_test.go b/pkg/domain/handler/user_information_handler_test.go index 5f7493ecb..7b8c06c08 100644 --- a/pkg/domain/handler/user_information_handler_test.go +++ b/pkg/domain/handler/user_information_handler_test.go @@ -18,12 +18,11 @@ import ( "context" cmddata "github.com/finleap-connect/monoskope/pkg/api/domain/commanddata" + "github.com/finleap-connect/monoskope/pkg/api/domain/common" projectionsApi "github.com/finleap-connect/monoskope/pkg/api/domain/projections" cmd "github.com/finleap-connect/monoskope/pkg/domain/commands" "github.com/finleap-connect/monoskope/pkg/domain/constants/aggregates" "github.com/finleap-connect/monoskope/pkg/domain/constants/commands" - "github.com/finleap-connect/monoskope/pkg/domain/constants/roles" - "github.com/finleap-connect/monoskope/pkg/domain/constants/scopes" metadata "github.com/finleap-connect/monoskope/pkg/domain/metadata" projections "github.com/finleap-connect/monoskope/pkg/domain/projections" "github.com/finleap-connect/monoskope/pkg/domain/repositories" @@ -49,8 +48,8 @@ var _ = Describe("domain/handler", func() { adminRoleBinding := projections.NewUserRoleBinding(uuid.New()) adminRoleBinding.UserId = adminUser.Id - adminRoleBinding.Role = roles.Admin.String() - adminRoleBinding.Scope = scopes.System.String() + adminRoleBinding.Role = common.Role_admin.String() + adminRoleBinding.Scope = common.Scope_system.String() inMemoryRoleRepo := es_repos.NewInMemoryRepository() err := inMemoryRoleRepo.Upsert(context.Background(), adminRoleBinding) @@ -103,8 +102,8 @@ var _ = Describe("domain/handler", func() { BaseCommand: roleBindingBase, CreateUserRoleBindingCommandData: cmddata.CreateUserRoleBindingCommandData{ UserId: someUser.Id, - Role: roles.Admin.String(), - Scope: scopes.System.String(), + Role: common.Role_admin, + Scope: common.Scope_system, }, }) Expect(err).ToNot(HaveOccurred()) @@ -118,8 +117,8 @@ var _ = Describe("domain/handler", func() { BaseCommand: roleBindingBase, CreateUserRoleBindingCommandData: cmddata.CreateUserRoleBindingCommandData{ UserId: someUser.Id, - Role: roles.Admin.String(), - Scope: scopes.System.String(), + Role: common.Role_admin, + Scope: common.Scope_system, }, } _, err = handler.HandleCommand(manager.GetContext(), command) diff --git a/pkg/domain/projectors/user_role_binding.go b/pkg/domain/projectors/user_role_binding.go index ff55f8c0b..84cf5fe71 100644 --- a/pkg/domain/projectors/user_role_binding.go +++ b/pkg/domain/projectors/user_role_binding.go @@ -56,8 +56,8 @@ func (u *userRoleBindingProjector) Project(ctx context.Context, event es.Event, } p.UserId = data.GetUserId() - p.Role = data.GetRole() - p.Scope = data.GetScope() + p.Role = data.GetRole().String() + p.Scope = data.GetScope().String() p.Resource = data.GetResource() if err := u.projectCreated(event, p.DomainProjection); err != nil { diff --git a/pkg/domain/reactors/cluster_bootstrap_reactor.go b/pkg/domain/reactors/cluster_bootstrap_reactor.go index 64f49a2a1..351db67d2 100644 --- a/pkg/domain/reactors/cluster_bootstrap_reactor.go +++ b/pkg/domain/reactors/cluster_bootstrap_reactor.go @@ -25,8 +25,6 @@ import ( "github.com/finleap-connect/monoskope/pkg/certificatemanagement" "github.com/finleap-connect/monoskope/pkg/domain/constants/aggregates" "github.com/finleap-connect/monoskope/pkg/domain/constants/events" - "github.com/finleap-connect/monoskope/pkg/domain/constants/roles" - "github.com/finleap-connect/monoskope/pkg/domain/constants/scopes" "github.com/finleap-connect/monoskope/pkg/domain/constants/users" "github.com/finleap-connect/monoskope/pkg/domain/metadata" es "github.com/finleap-connect/monoskope/pkg/eventsourcing" @@ -151,8 +149,8 @@ func (r *clusterBootstrapReactor) handleClusterCreated(ctx context.Context, name events.UserRoleBindingCreated, es.ToEventDataFromProto(&eventdata.UserRoleAdded{ UserId: userId.String(), - Role: roles.K8sOperator.String(), - Scope: scopes.System.String(), + Role: common.Role_k8soperator, + Scope: common.Scope_system, }), time.Now().UTC(), aggregates.UserRoleBinding, diff --git a/pkg/domain/repositories/certificate_repo_test.go b/pkg/domain/repositories/certificate_repo_test.go index 4142114f0..f9e1d8743 100644 --- a/pkg/domain/repositories/certificate_repo_test.go +++ b/pkg/domain/repositories/certificate_repo_test.go @@ -19,9 +19,8 @@ import ( "time" "github.com/finleap-connect/monoskope/pkg/api/domain" + "github.com/finleap-connect/monoskope/pkg/api/domain/common" projectionsApi "github.com/finleap-connect/monoskope/pkg/api/domain/projections" - "github.com/finleap-connect/monoskope/pkg/domain/constants/roles" - "github.com/finleap-connect/monoskope/pkg/domain/constants/scopes" projections "github.com/finleap-connect/monoskope/pkg/domain/projections" es_repos "github.com/finleap-connect/monoskope/pkg/eventsourcing/repositories" "github.com/google/uuid" @@ -45,8 +44,8 @@ var _ = Describe("domain/certificate_repo", func() { adminRoleBinding := projections.NewUserRoleBinding(uuid.New()) adminRoleBinding.UserId = adminUser.Id - adminRoleBinding.Role = roles.Admin.String() - adminRoleBinding.Scope = scopes.System.String() + adminRoleBinding.Role = common.Role_admin.String() + adminRoleBinding.Scope = common.Scope_system.String() newCertificate := projections.NewCertificateProjection(certId).(*projections.Certificate) newCertificate.Certificate = &projectionsApi.Certificate{ diff --git a/pkg/domain/repositories/cluster_access_repo.go b/pkg/domain/repositories/cluster_access_repo.go index 6c26fb56a..f0be76665 100644 --- a/pkg/domain/repositories/cluster_access_repo.go +++ b/pkg/domain/repositories/cluster_access_repo.go @@ -17,8 +17,8 @@ package repositories import ( "context" + "github.com/finleap-connect/monoskope/pkg/api/domain/common" "github.com/finleap-connect/monoskope/pkg/api/domain/projections" - "github.com/finleap-connect/monoskope/pkg/domain/constants/scopes" "github.com/google/uuid" ) @@ -53,7 +53,7 @@ func (r *clusterAccessRepository) GetClustersAccessibleByUserId(ctx context.Cont var clusters []*projections.Cluster for _, roleBinding := range roleBindings { - if roleBinding.Scope == scopes.Tenant.String() { + if roleBinding.Scope == common.Scope_tenant.String() { tenantClusterBinding, err := r.tenantClusterBindingRepo.GetByTenantId(ctx, uuid.MustParse(roleBinding.GetResource())) if err != nil { return nil, err diff --git a/pkg/domain/repositories/cluster_access_repo_test.go b/pkg/domain/repositories/cluster_access_repo_test.go index cd10abbff..d290ae911 100644 --- a/pkg/domain/repositories/cluster_access_repo_test.go +++ b/pkg/domain/repositories/cluster_access_repo_test.go @@ -17,9 +17,8 @@ package repositories import ( "context" + "github.com/finleap-connect/monoskope/pkg/api/domain/common" projectionsApi "github.com/finleap-connect/monoskope/pkg/api/domain/projections" - "github.com/finleap-connect/monoskope/pkg/domain/constants/roles" - "github.com/finleap-connect/monoskope/pkg/domain/constants/scopes" "github.com/finleap-connect/monoskope/pkg/domain/projections" es_repos "github.com/finleap-connect/monoskope/pkg/eventsourcing/repositories" "github.com/google/uuid" @@ -38,14 +37,14 @@ var _ = Describe("pkg/domain/repositories/clusterAccessRepository", func() { adminRoleBinding := projections.NewUserRoleBinding(uuid.New()) adminRoleBinding.UserId = adminUser.Id - adminRoleBinding.Role = roles.Admin.String() - adminRoleBinding.Scope = scopes.Tenant.String() + adminRoleBinding.Role = common.Role_admin.String() + adminRoleBinding.Scope = common.Scope_tenant.String() adminRoleBinding.Resource = tenantId.String() otherUserRoleBinding := projections.NewUserRoleBinding(uuid.New()) otherUserRoleBinding.UserId = otherUser.Id - otherUserRoleBinding.Role = roles.User.String() - otherUserRoleBinding.Scope = scopes.Tenant.String() + otherUserRoleBinding.Role = common.Role_admin.String() + otherUserRoleBinding.Scope = common.Scope_tenant.String() otherUserRoleBinding.Resource = tenantId.String() cluster := projections.NewClusterProjection(clusterId).(*projections.Cluster) diff --git a/pkg/domain/repositories/cluster_repo_test.go b/pkg/domain/repositories/cluster_repo_test.go index b6ba70d6a..91b48e2b5 100644 --- a/pkg/domain/repositories/cluster_repo_test.go +++ b/pkg/domain/repositories/cluster_repo_test.go @@ -18,9 +18,8 @@ import ( "context" "time" + "github.com/finleap-connect/monoskope/pkg/api/domain/common" projectionsApi "github.com/finleap-connect/monoskope/pkg/api/domain/projections" - "github.com/finleap-connect/monoskope/pkg/domain/constants/roles" - "github.com/finleap-connect/monoskope/pkg/domain/constants/scopes" projections "github.com/finleap-connect/monoskope/pkg/domain/projections" es_repos "github.com/finleap-connect/monoskope/pkg/eventsourcing/repositories" "github.com/google/uuid" @@ -45,8 +44,8 @@ var _ = Describe("domain/cluster_repo", func() { adminRoleBinding := projections.NewUserRoleBinding(uuid.New()) adminRoleBinding.UserId = adminUser.Id - adminRoleBinding.Role = roles.Admin.String() - adminRoleBinding.Scope = scopes.System.String() + adminRoleBinding.Role = common.Role_admin.String() + adminRoleBinding.Scope = common.Scope_system.String() newCluster := projections.NewClusterProjection(clusterId).(*projections.Cluster) newCluster.Name = expectedClusterName diff --git a/pkg/domain/repositories/tenant_user_repo.go b/pkg/domain/repositories/tenant_user_repo.go index 3c0ac0cee..c957eef68 100644 --- a/pkg/domain/repositories/tenant_user_repo.go +++ b/pkg/domain/repositories/tenant_user_repo.go @@ -17,8 +17,9 @@ package repositories import ( "context" - "github.com/finleap-connect/monoskope/pkg/domain/constants/scopes" + "github.com/finleap-connect/monoskope/pkg/api/domain/common" projections "github.com/finleap-connect/monoskope/pkg/domain/projections" + "github.com/finleap-connect/monoskope/pkg/eventsourcing" "github.com/google/uuid" ) @@ -43,7 +44,7 @@ func NewTenantUserRepository(userRepo ReadOnlyUserRepository, userRoleBindingRep // GetTenantUsersById searches for users belonging to a tenant. func (r *tenantuserRepository) GetTenantUsersById(ctx context.Context, id uuid.UUID) ([]*projections.TenantUser, error) { - roleBindings, err := r.userRoleBindingRepo.ByScopeAndResource(ctx, scopes.Tenant, id) + roleBindings, err := r.userRoleBindingRepo.ByScopeAndResource(ctx, eventsourcing.Scope(common.Scope_tenant.String()), id) if err != nil { return nil, err } @@ -58,7 +59,7 @@ func (r *tenantuserRepository) GetTenantUsersById(ctx context.Context, id uuid.U } if _, ok := userMap[user.Id]; !ok { - bindings, err := r.userRoleBindingRepo.ByUserIdAndScope(ctx, user.ID(), scopes.Tenant) + bindings, err := r.userRoleBindingRepo.ByUserIdAndScope(ctx, user.ID(), eventsourcing.Scope(common.Scope_tenant.String())) if err != nil { return nil, err } diff --git a/pkg/domain/repositories/tenant_user_repo_test.go b/pkg/domain/repositories/tenant_user_repo_test.go index 58185a4d8..9344a4f9b 100644 --- a/pkg/domain/repositories/tenant_user_repo_test.go +++ b/pkg/domain/repositories/tenant_user_repo_test.go @@ -17,9 +17,8 @@ package repositories import ( "context" + "github.com/finleap-connect/monoskope/pkg/api/domain/common" projectionsApi "github.com/finleap-connect/monoskope/pkg/api/domain/projections" - "github.com/finleap-connect/monoskope/pkg/domain/constants/roles" - "github.com/finleap-connect/monoskope/pkg/domain/constants/scopes" projections "github.com/finleap-connect/monoskope/pkg/domain/projections" es_repos "github.com/finleap-connect/monoskope/pkg/eventsourcing/repositories" "github.com/google/uuid" @@ -36,14 +35,14 @@ var _ = Describe("domain/tenant_user_repo_test", func() { adminRoleBinding := projections.NewUserRoleBinding(uuid.New()) adminRoleBinding.UserId = adminUser.Id - adminRoleBinding.Role = roles.Admin.String() - adminRoleBinding.Scope = scopes.Tenant.String() + adminRoleBinding.Role = common.Role_admin.String() + adminRoleBinding.Scope = common.Scope_tenant.String() adminRoleBinding.Resource = tenantId.String() otherUserRoleBinding := projections.NewUserRoleBinding(uuid.New()) otherUserRoleBinding.UserId = otherUser.Id - otherUserRoleBinding.Role = roles.User.String() - otherUserRoleBinding.Scope = scopes.Tenant.String() + otherUserRoleBinding.Role = common.Role_user.String() + otherUserRoleBinding.Scope = common.Scope_tenant.String() otherUserRoleBinding.Resource = tenantId.String() It("can read/write projections", func() { diff --git a/pkg/domain/repositories/user_repo_test.go b/pkg/domain/repositories/user_repo_test.go index c65a9b681..8802a4c46 100644 --- a/pkg/domain/repositories/user_repo_test.go +++ b/pkg/domain/repositories/user_repo_test.go @@ -17,9 +17,8 @@ package repositories import ( "context" + "github.com/finleap-connect/monoskope/pkg/api/domain/common" projectionsApi "github.com/finleap-connect/monoskope/pkg/api/domain/projections" - "github.com/finleap-connect/monoskope/pkg/domain/constants/roles" - "github.com/finleap-connect/monoskope/pkg/domain/constants/scopes" projections "github.com/finleap-connect/monoskope/pkg/domain/projections" es_repos "github.com/finleap-connect/monoskope/pkg/eventsourcing/repositories" "github.com/google/uuid" @@ -33,8 +32,8 @@ var _ = Describe("domain/user_repo", func() { adminRoleBinding := projections.NewUserRoleBinding(uuid.New()) adminRoleBinding.UserId = adminUser.Id - adminRoleBinding.Role = roles.Admin.String() - adminRoleBinding.Scope = scopes.System.String() + adminRoleBinding.Role = common.Role_admin.String() + adminRoleBinding.Scope = common.Scope_system.String() It("can read/write projections", func() { inMemoryRoleRepo := es_repos.NewInMemoryRepository() diff --git a/pkg/grpc/middleware/validator/suite_test.go b/pkg/grpc/middleware/validator/suite_test.go index 91fc8c494..8e41e6cca 100644 --- a/pkg/grpc/middleware/validator/suite_test.go +++ b/pkg/grpc/middleware/validator/suite_test.go @@ -15,8 +15,12 @@ package validator import ( + "strings" + "testing" + "github.com/finleap-connect/monoskope/pkg/api/domain" "github.com/finleap-connect/monoskope/pkg/api/domain/commanddata" + "github.com/finleap-connect/monoskope/pkg/api/domain/common" "github.com/finleap-connect/monoskope/pkg/api/domain/eventdata" "github.com/finleap-connect/monoskope/pkg/api/eventsourcing" "github.com/finleap-connect/monoskope/pkg/api/eventsourcing/commands" @@ -24,8 +28,6 @@ import ( "github.com/google/uuid" "google.golang.org/protobuf/types/known/anypb" "google.golang.org/protobuf/types/known/wrapperspb" - "strings" - "testing" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" @@ -34,52 +36,50 @@ import ( var ( noValidationRules = "No Validation rules on this level" - validString = "123 Whatever, no re$triction character wise !@#$%^&*()" + validString = "123 Whatever, no re$triction character wise !@#$%^&*()" validRestrictedString = "ValidRestricted-String_V1" - validLowercaseString = "onlylowercase" - validUUID = uuid.New().String() + validUUID = uuid.New().String() validAggregateType = validRestrictedString - validCSR = []byte("-----BEGIN CERTIFICATE REQUEST-----valid CSR-----END CERTIFICATE REQUEST-----") + validCSR = []byte("-----BEGIN CERTIFICATE REQUEST-----valid CSR-----END CERTIFICATE REQUEST-----") - validName = validRestrictedString - validDisplayName = validString + validName = validRestrictedString + validDisplayName = validString validApiServerAddress = "https://k8s-api.lab.example.com:6443" validTenantPrefix = validRestrictedString[0:12] validEmail = "email@invalid.com" - validRole = validLowercaseString - validScope = validLowercaseString + validRole = common.Role_admin + validScope = common.Scope_system - validCommand = validRestrictedString + validCommand = validRestrictedString validCommandType = validRestrictedString validEventType = validRestrictedString - - invalidStringLength = strings.Repeat("x", 151) - invalidRestrictedString = "0Start_withNumber-V1" + invalidStringLength = strings.Repeat("x", 151) + invalidRestrictedString = "0Start_withNumber-V1" invalidRestrictedStringLength = strings.Repeat("x", 61) - invalidLowercaseString = "onlyLowerCase" + invalidLowercaseString = "onlyLowerCase" - invalidUUID = "invalid uuid" + invalidUUID = "invalid uuid" invalidAggregateTypeStartWithNumber = invalidRestrictedString - invalidAggregateTypeTooLong = invalidRestrictedStringLength - invalidCSR = []byte("invalid CSR") + invalidAggregateTypeTooLong = invalidRestrictedStringLength + invalidCSR = []byte("invalid CSR") - invalidName = invalidRestrictedString + invalidName = invalidRestrictedString invalidDisplayNameTooLong = invalidStringLength - invalidApiServerAddress = "k8s-api.lab. example.com:6443" + invalidApiServerAddress = "k8s-api.lab. example.com:6443" - invalidTenantPrefixTooLong = validRestrictedString + invalidTenantPrefixTooLong = validRestrictedString invalidTenantPrefixStartWithNumber = invalidRestrictedString[0:12] invalidEmail = "email#invalid.com" - invalidRole = invalidLowercaseString + invalidRole = invalidLowercaseString invalidScope = invalidLowercaseString - invalidCommand = invalidRestrictedString + invalidCommand = invalidRestrictedString invalidCommandType = invalidRestrictedString invalidEventType = invalidRestrictedString @@ -108,71 +108,71 @@ func NewValidRequestedCertificate() *eventdata.CertificateRequested { func NewValidCreateCluster() *commanddata.CreateCluster { return &commanddata.CreateCluster{ - Name: validName, - DisplayName: validDisplayName, + Name: validName, + DisplayName: validDisplayName, ApiServerAddress: validApiServerAddress, - CaCertBundle: []byte(noValidationRules), + CaCertBundle: []byte(noValidationRules), } } func NewValidClusterCreated() *eventdata.ClusterCreated { return &eventdata.ClusterCreated{ - Name: validDisplayName, - Label: validName, - ApiServerAddress: validApiServerAddress, + Name: validDisplayName, + Label: validName, + ApiServerAddress: validApiServerAddress, CaCertificateBundle: []byte(noValidationRules), } } func NewValidClusterCreatedV2() *eventdata.ClusterCreatedV2 { return &eventdata.ClusterCreatedV2{ - Name: validName, - DisplayName: validDisplayName, - ApiServerAddress: validApiServerAddress, + Name: validName, + DisplayName: validDisplayName, + ApiServerAddress: validApiServerAddress, CaCertificateBundle: []byte(noValidationRules), } } func NewValidUpdateCluster() *commanddata.UpdateCluster { return &commanddata.UpdateCluster{ - DisplayName: &wrapperspb.StringValue{Value: validDisplayName}, + DisplayName: &wrapperspb.StringValue{Value: validDisplayName}, ApiServerAddress: &wrapperspb.StringValue{Value: validApiServerAddress}, - CaCertBundle: []byte(noValidationRules), + CaCertBundle: []byte(noValidationRules), } } func NewValidClusterUpdated() *eventdata.ClusterUpdated { return &eventdata.ClusterUpdated{ - DisplayName: validDisplayName, - ApiServerAddress: validApiServerAddress, + DisplayName: validDisplayName, + ApiServerAddress: validApiServerAddress, CaCertificateBundle: []byte(noValidationRules), } } func NewValidCreateTenantClusterBindingCommandData() *commanddata.CreateTenantClusterBindingCommandData { return &commanddata.CreateTenantClusterBindingCommandData{ - TenantId: validUUID, + TenantId: validUUID, ClusterId: validUUID, } } func NewValidTenantClusterBindingCreated() *eventdata.TenantClusterBindingCreated { return &eventdata.TenantClusterBindingCreated{ - TenantId: validUUID, + TenantId: validUUID, ClusterId: validUUID, } } func NewValidCreateTenantCommandData() *commanddata.CreateTenantCommandData { return &commanddata.CreateTenantCommandData{ - Name: validDisplayName, + Name: validDisplayName, Prefix: validTenantPrefix, } } func NewValidTenantCreated() *eventdata.TenantCreated { return &eventdata.TenantCreated{ - Name: validDisplayName, + Name: validDisplayName, Prefix: validTenantPrefix, } } @@ -191,54 +191,54 @@ func NewValidTenantUpdated() *eventdata.TenantUpdated { func NewValidCreateUserCommandData() *commanddata.CreateUserCommandData { return &commanddata.CreateUserCommandData{ - Name: validDisplayName, + Name: validDisplayName, Email: validEmail, } } func NewValidUserCreated() *eventdata.UserCreated { return &eventdata.UserCreated{ - Name: validDisplayName, + Name: validDisplayName, Email: validEmail, } } func NewValidCreateUserRoleBindingCommandData() *commanddata.CreateUserRoleBindingCommandData { return &commanddata.CreateUserRoleBindingCommandData{ - UserId: validUUID, - Role: validRole, - Scope: validScope, + UserId: validUUID, + Role: validRole, + Scope: validScope, Resource: validUUID, } } func NewValidUserRoleAdded() *eventdata.UserRoleAdded { return &eventdata.UserRoleAdded{ - UserId: validUUID, - Role: validRole, - Scope: validScope, + UserId: validUUID, + Role: validRole, + Scope: validScope, Resource: validUUID, } } func NewValidPermissionModel() *domain.PermissionModel { return &domain.PermissionModel{ - Roles: []string{validRole, validRole, validRole}, - Scopes: []string{validScope, validScope, validScope}, + Roles: []string{validRole.String(), validRole.String(), validRole.String()}, + Scopes: []string{validScope.String(), validScope.String(), validScope.String()}, } } func NewValidPolicy() *domain.Policy { return &domain.Policy{ Command: validCommand, - Role: validRole, - Scope: validScope, + Role: validRole.String(), + Scope: validScope.String(), } } func NewValidCommand() *commands.Command { return &commands.Command{ - Id: validUUID, + Id: validUUID, Type: validCommandType, Data: &anypb.Any{}, } @@ -252,15 +252,15 @@ func NewValidCommandReply() *eventsourcing.CommandReply { func NewValidEvent() *eventsourcing.Event { return &eventsourcing.Event{ - Type: validEventType, - AggregateId: validUUID, + Type: validEventType, + AggregateId: validUUID, AggregateType: validAggregateType, } } func NewValidEventFilter() *eventsourcing.EventFilter { return &eventsourcing.EventFilter{ - AggregateId: &wrapperspb.StringValue{Value: validUUID}, + AggregateId: &wrapperspb.StringValue{Value: validUUID}, AggregateType: &wrapperspb.StringValue{Value: validAggregateType}, } } @@ -268,6 +268,6 @@ func NewValidEventFilter() *eventsourcing.EventFilter { func NewValidClusterAuthTokenRequest() *gateway.ClusterAuthTokenRequest { return &gateway.ClusterAuthTokenRequest{ ClusterId: validUUID, - Role: validRole, + Role: validRole.String(), } -} \ No newline at end of file +} diff --git a/pkg/grpc/middleware/validator/user_test.go b/pkg/grpc/middleware/validator/user_test.go index 45a57ef0d..7776d0271 100644 --- a/pkg/grpc/middleware/validator/user_test.go +++ b/pkg/grpc/middleware/validator/user_test.go @@ -85,18 +85,6 @@ var _ = Describe("Test validation rules for user messages", func() { ValidateErrorExpected() }) - It("should check for a valid Role", func() { - cd.Role = invalidRole - ed.Role = invalidRole - ValidateErrorExpected() - }) - - It("should check for a valid Scope", func() { - cd.Scope = invalidScope - ed.Scope = invalidScope - ValidateErrorExpected() - }) - It("should check for a valid Resource", func() { cd.Resource = invalidUUID ed.Resource = invalidUUID