Introduces namespaces for memberships.

Author: Gerrit91

api/v1/project_member.pb.go

@@ -31,7 +31,7 @@ func main() {
 
 	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
 	defer cancel()
-	c, err := client.NewClient(ctx, "localhost", 50051, "certs/client.pem", "certs/client-key.pem", "certs/ca.pem", hmacKey, true, logger)
+	c, err := client.NewClient(ctx, "localhost", 50051, "certs/client.pem", "certs/client-key.pem", "certs/ca.pem", hmacKey, true, logger, "test")
 	if err != nil {
 		logger.Error(err.Error())
 		panic(err)

api/v1/tenant_member.pb.go

@@ -34,7 +34,7 @@ type GRPCClient struct {
 }
 
 // NewClient creates a new client for the services for the given address, with the certificate and hmac.
-func NewClient(ctx context.Context, hostname string, port int, certFile string, keyFile string, caFile string, hmacKey string, insecure bool, logger *slog.Logger) (Client, error) {
+func NewClient(ctx context.Context, hostname string, port int, certFile string, keyFile string, caFile string, hmacKey string, insecure bool, logger *slog.Logger, namespace string) (Client, error) {
 
 	address := fmt.Sprintf("%s:%d", hostname, port)
 
@@ -83,6 +83,20 @@ func NewClient(ctx context.Context, hostname string, port int, certFile string,
 		return nil, fmt.Errorf("failed to create hmac-authenticator: %w", err)
 	}
 
+	namespaceInterceptor := func(ctx context.Context, method string, req, reply any, cc *grpc.ClientConn, invoker grpc.UnaryInvoker, opts ...grpc.CallOption) error {
+		switch r := req.(type) {
+		case *v1.TenantMemberCreateRequest:
+			r.TenantMember.Namespace = namespace
+		case *v1.TenantMemberFindRequest:
+			r.Namespace = namespace
+		case *v1.ProjectMemberCreateRequest:
+			r.ProjectMember.Namespace = namespace
+		case *v1.ProjectMemberFindRequest:
+			r.Namespace = namespace
+		}
+		return invoker(ctx, method, req, reply, cc, opts...)
+	}
+
 	opts := []grpc.DialOption{
 		// In addition to the following grpc.DialOption, callers may also use
 		// the grpc.CallOption grpc.PerRPCCredentials with the RPC invocation
@@ -93,6 +107,8 @@ func NewClient(ctx context.Context, hostname string, port int, certFile string,
 		// credentials.
 		grpc.WithTransportCredentials(creds),
 
+		grpc.WithChainUnaryInterceptor(namespaceInterceptor),
+
 		// grpc.WithInsecure(),
 	}
 	// Set up a connection to the server.

client/main.go

@@ -53,11 +53,24 @@ func (s *projectMemberService) Create(ctx context.Context, req *v1.ProjectMember
 	err = s.projectMemberStore.Create(ctx, projectMember)
 	return projectMember.NewProjectMemberResponse(), err
 }
+
 func (s *projectMemberService) Update(ctx context.Context, req *v1.ProjectMemberUpdateRequest) (*v1.ProjectMemberResponse, error) {
 	projectMember := req.ProjectMember
-	err := s.projectMemberStore.Update(ctx, projectMember)
+
+	old, err := s.projectMemberStore.Get(ctx, projectMember.Meta.Id)
+	if err != nil {
+		return nil, err
+	}
+
+	if old.Namespace != projectMember.Namespace {
+		return nil, status.Error(codes.InvalidArgument, "updating the namespace of a project member is not allowed")
+	}
+
+	err = s.projectMemberStore.Update(ctx, projectMember)
+
 	return projectMember.NewProjectMemberResponse(), err
 }
+
 func (s *projectMemberService) Delete(ctx context.Context, req *v1.ProjectMemberDeleteRequest) (*v1.ProjectMemberResponse, error) {
 	projectMember := req.NewProjectMember()
 	err := s.projectMemberStore.Delete(ctx, projectMember.Meta.Id)
@@ -78,6 +91,9 @@ func (s *projectMemberService) Find(ctx context.Context, req *v1.ProjectMemberFi
 	if req.TenantId != nil {
 		filter["projectmember ->> 'tenant_id'"] = req.TenantId
 	}
+	if req.TenantId != nil {
+		filter["projectmember ->> 'tenant_id'"] = req.TenantId
+	}
 	for key, value := range req.Annotations {
 		// select * from projectMember where projectMember -> 'meta' -> 'annotations' ->>  'metal-stack.io/role' = 'owner';
 		f := fmt.Sprintf("projectmember -> 'meta' -> 'annotations' ->> '%s'", key)

pkg/client/client.go

@@ -53,7 +53,18 @@ func (s *tenantMemberService) Create(ctx context.Context, req *v1.TenantMemberCr
 }
 func (s *tenantMemberService) Update(ctx context.Context, req *v1.TenantMemberUpdateRequest) (*v1.TenantMemberResponse, error) {
 	tenantMember := req.TenantMember
-	err := s.tenantMemberStore.Update(ctx, tenantMember)
+
+	old, err := s.tenantMemberStore.Get(ctx, tenantMember.Meta.Id)
+	if err != nil {
+		return nil, err
+	}
+
+	if old.Namespace != tenantMember.Namespace {
+		return nil, status.Error(codes.InvalidArgument, "updating the namespace of a tenant member is not allowed")
+	}
+
+	err = s.tenantMemberStore.Update(ctx, tenantMember)
+
 	return tenantMember.NewTenantMemberResponse(), err
 }
 func (s *tenantMemberService) Delete(ctx context.Context, req *v1.TenantMemberDeleteRequest) (*v1.TenantMemberResponse, error) {
@@ -69,7 +80,9 @@ func (s *tenantMemberService) Get(ctx context.Context, req *v1.TenantMemberGetRe
 	return tenantMember.NewTenantMemberResponse(), nil
 }
 func (s *tenantMemberService) Find(ctx context.Context, req *v1.TenantMemberFindRequest) (*v1.TenantMemberListResponse, error) {
-	filter := make(map[string]any)
+	filter := map[string]any{
+		"tenantmember ->> 'namespace'": req.Namespace,
+	}
 	if req.TenantId != nil {
 		filter["tenantmember ->> 'tenant_id'"] = req.TenantId
 	}

pkg/service/projectmember.go

@@ -17,6 +17,8 @@ message ProjectMember {
   Meta meta = 1;
   string project_id = 2;
   string tenant_id = 4;
+  // Namespace introduces the possibility to associate memberships for different applications that use the masterdata-api as a backend.
+  string namespace = 5;
 }
 
 message ProjectMemberCreateRequest {
@@ -39,6 +41,7 @@ message ProjectMemberFindRequest {
   optional string project_id = 1;
   optional string tenant_id = 2;
   map<string, string> annotations = 6;
+  string namespace = 7;
 }
 
 message ProjectMemberResponse {

pkg/service/tenantmember.go

@@ -19,6 +19,8 @@ message TenantMember {
   string tenant_id = 2;
   // MemberId is the id of the member tenant
   string member_id = 3;
+  // Namespace introduces the possibility to associate memberships for different applications that use the masterdata-api as a backend.
+  string namespace = 4;
 }
 
 message TenantMemberCreateRequest {
@@ -41,6 +43,7 @@ message TenantMemberFindRequest {
   optional string tenant_id = 1;
   optional string member_id = 2;
   map<string, string> annotations = 6;
+  string namespace = 7;
 }
 
 message TenantMemberResponse {