feat: Add identity.get_user_domain_id method

There are lot of cases where it is necessary to determine the
`domain_id` by the `user_id`. Fetching the whole user is relatively
expensive due to the multiple table joins while the attribute itself is
present already on the main table entry. Implement a method that only
returns the `domain_id` attribute by the `user_id`. Since this data can
never change (unless somebody mess directly in the database) caching can
be implemented to further improve the performance (when
`conf.identity.caching` is true).

Author: gtema

src/application_credential/mod.rs

@@ -139,7 +139,6 @@ mod mock;
 pub mod types;
 
 /// Application Credential Provider.
-#[derive(Clone)]
 pub struct ApplicationCredentialProvider {
     backend_driver: Arc<dyn ApplicationCredentialBackend>,
 }

src/assignment/mod.rs

@@ -73,7 +73,6 @@ use crate::resource::ResourceApi;
 pub use mock::MockAssignmentProvider;
 pub use types::AssignmentApi;
 
-#[derive(Clone)]
 pub struct AssignmentProvider {
     backend_driver: Arc<dyn AssignmentBackend>,
 }

src/catalog/mod.rs

@@ -52,7 +52,6 @@ pub use types::CatalogApi;
 
 use types::*;
 
-#[derive(Clone)]
 pub struct CatalogProvider {
     backend_driver: Arc<dyn CatalogBackend>,
 }

src/config.rs

@@ -263,6 +263,10 @@ pub struct IdentityProvider {
     #[serde(default = "default_sql_driver")]
     pub driver: String,
 
+    /// Caching.
+    #[serde(default)]
+    pub caching: bool,
+
     /// Default password hashing algorithm.
     #[serde(default)]
     pub password_hashing_algorithm: PasswordHashingAlgo,
@@ -282,6 +286,7 @@ impl Default for IdentityProvider {
     fn default() -> Self {
         Self {
             driver: default_sql_driver(),
+            caching: false,
             password_hashing_algorithm: PasswordHashingAlgo::Bcrypt,
             max_password_length: 4096,
             password_hash_rounds: None,

src/federation/mod.rs

@@ -37,7 +37,6 @@ use types::*;
 pub use mock::MockFederationProvider;
 pub use types::FederationApi;
 
-#[derive(Clone)]
 pub struct FederationProvider {
     backend_driver: Arc<dyn FederationBackend>,
 }

src/identity/backend.rs

@@ -27,34 +27,51 @@ pub mod sql;
 #[cfg_attr(test, mockall::automock)]
 #[async_trait]
 pub trait IdentityBackend: Send + Sync {
-    /// Authenticate a user by a password.
-    async fn authenticate_by_password(
+    /// Add the user to the group.
+    async fn add_user_to_group<'a>(
         &self,
         state: &ServiceState,
-        auth: &UserPasswordAuthRequest,
-    ) -> Result<AuthenticatedInfo, IdentityProviderError>;
+        user_id: &'a str,
+        group_id: &'a str,
+    ) -> Result<(), IdentityProviderError>;
 
-    /// List Users.
-    async fn list_users(
+    /// Add the user to the group with expiration.
+    async fn add_user_to_group_expiring<'a>(
         &self,
         state: &ServiceState,
-        params: &UserListParameters,
-    ) -> Result<Vec<UserResponse>, IdentityProviderError>;
+        user_id: &'a str,
+        group_id: &'a str,
+        idp_id: &'a str,
+    ) -> Result<(), IdentityProviderError>;
 
-    /// Get single user by ID.
-    async fn get_user<'a>(
+    /// Add user group membership relations.
+    async fn add_users_to_groups<'a>(
         &self,
         state: &ServiceState,
-        user_id: &'a str,
-    ) -> Result<Option<UserResponse>, IdentityProviderError>;
+        memberships: Vec<(&'a str, &'a str)>,
+    ) -> Result<(), IdentityProviderError>;
 
-    /// Find federated user by IDP and Unique ID.
-    async fn find_federated_user<'a>(
+    /// Add expiring user group membership relations.
+    async fn add_users_to_groups_expiring<'a>(
         &self,
         state: &ServiceState,
+        memberships: Vec<(&'a str, &'a str)>,
         idp_id: &'a str,
-        unique_id: &'a str,
-    ) -> Result<Option<UserResponse>, IdentityProviderError>;
+    ) -> Result<(), IdentityProviderError>;
+
+    /// Authenticate a user by a password.
+    async fn authenticate_by_password(
+        &self,
+        state: &ServiceState,
+        auth: &UserPasswordAuthRequest,
+    ) -> Result<AuthenticatedInfo, IdentityProviderError>;
+
+    /// Create group.
+    async fn create_group(
+        &self,
+        state: &ServiceState,
+        group: GroupCreate,
+    ) -> Result<Group, IdentityProviderError>;
 
     /// Create user.
     async fn create_user(
@@ -63,19 +80,19 @@ pub trait IdentityBackend: Send + Sync {
         user: UserCreate,
     ) -> Result<UserResponse, IdentityProviderError>;
 
-    /// Delete user.
-    async fn delete_user<'a>(
+    /// Delete group by ID.
+    async fn delete_group<'a>(
         &self,
         state: &ServiceState,
-        user_id: &'a str,
+        group_id: &'a str,
     ) -> Result<(), IdentityProviderError>;
 
-    /// List groups.
-    async fn list_groups(
+    /// Delete user.
+    async fn delete_user<'a>(
         &self,
         state: &ServiceState,
-        params: &GroupListParameters,
-    ) -> Result<Vec<Group>, IdentityProviderError>;
+        user_id: &'a str,
+    ) -> Result<(), IdentityProviderError>;
 
     /// Get single group by ID.
     async fn get_group<'a>(
@@ -84,58 +101,48 @@ pub trait IdentityBackend: Send + Sync {
         group_id: &'a str,
     ) -> Result<Option<Group>, IdentityProviderError>;
 
-    /// Create group.
-    async fn create_group(
-        &self,
-        state: &ServiceState,
-        group: GroupCreate,
-    ) -> Result<Group, IdentityProviderError>;
-
-    /// Delete group by ID.
-    async fn delete_group<'a>(
+    /// Get single user by ID.
+    async fn get_user<'a>(
         &self,
         state: &ServiceState,
-        group_id: &'a str,
-    ) -> Result<(), IdentityProviderError>;
+        user_id: &'a str,
+    ) -> Result<Option<UserResponse>, IdentityProviderError>;
 
-    /// List groups a user is member of.
-    async fn list_groups_of_user<'a>(
+    /// Get single user by ID.
+    async fn get_user_domain_id<'a>(
         &self,
         state: &ServiceState,
         user_id: &'a str,
-    ) -> Result<Vec<Group>, IdentityProviderError>;
+    ) -> Result<Option<String>, IdentityProviderError>;
 
-    /// Add the user to the group.
-    async fn add_user_to_group<'a>(
+    /// Find federated user by IDP and Unique ID.
+    async fn find_federated_user<'a>(
         &self,
         state: &ServiceState,
-        user_id: &'a str,
-        group_id: &'a str,
-    ) -> Result<(), IdentityProviderError>;
+        idp_id: &'a str,
+        unique_id: &'a str,
+    ) -> Result<Option<UserResponse>, IdentityProviderError>;
 
-    /// Add the user to the group with expiration.
-    async fn add_user_to_group_expiring<'a>(
+    /// List groups.
+    async fn list_groups(
         &self,
         state: &ServiceState,
-        user_id: &'a str,
-        group_id: &'a str,
-        idp_id: &'a str,
-    ) -> Result<(), IdentityProviderError>;
+        params: &GroupListParameters,
+    ) -> Result<Vec<Group>, IdentityProviderError>;
 
-    /// Add user group membership relations.
-    async fn add_users_to_groups<'a>(
+    /// List Users.
+    async fn list_users(
         &self,
         state: &ServiceState,
-        memberships: Vec<(&'a str, &'a str)>,
-    ) -> Result<(), IdentityProviderError>;
+        params: &UserListParameters,
+    ) -> Result<Vec<UserResponse>, IdentityProviderError>;
 
-    /// Add expiring user group membership relations.
-    async fn add_users_to_groups_expiring<'a>(
+    /// List groups a user is member of.
+    async fn list_groups_of_user<'a>(
         &self,
         state: &ServiceState,
-        memberships: Vec<(&'a str, &'a str)>,
-        idp_id: &'a str,
-    ) -> Result<(), IdentityProviderError>;
+        user_id: &'a str,
+    ) -> Result<Vec<Group>, IdentityProviderError>;
 
     /// Remove the user from the group.
     async fn remove_user_from_group<'a>(