Merge pull request #69 from Tecsisa/4-proxy-resources-db

read proxy resources from DB with auto refresh (closes #4)

api/authz.go

@@ -39,7 +39,7 @@ func (e ExternalResource) GetUrn() string {
 // AUTHZ API IMPLEMENTATION
 
 // GetAuthorizedUsers returns authorized users for specified resource+action
-func (api AuthAPI) GetAuthorizedUsers(requestInfo RequestInfo, resourceUrn string, action string, users []User) ([]User, error) {
+func (api WorkerAPI) GetAuthorizedUsers(requestInfo RequestInfo, resourceUrn string, action string, users []User) ([]User, error) {
 	resourcesToAuthorize := []Resource{}
 	for _, usr := range users {
 		resourcesToAuthorize = append(resourcesToAuthorize, usr)
@@ -56,7 +56,7 @@ func (api AuthAPI) GetAuthorizedUsers(requestInfo RequestInfo, resourceUrn strin
 }
 
 // GetAuthorizedGroups returns authorized users for specified user combined with resource+action
-func (api AuthAPI) GetAuthorizedGroups(requestInfo RequestInfo, resourceUrn string, action string, groups []Group) ([]Group, error) {
+func (api WorkerAPI) GetAuthorizedGroups(requestInfo RequestInfo, resourceUrn string, action string, groups []Group) ([]Group, error) {
 	resourcesToAuthorize := []Resource{}
 	for _, group := range groups {
 		resourcesToAuthorize = append(resourcesToAuthorize, group)
@@ -73,7 +73,7 @@ func (api AuthAPI) GetAuthorizedGroups(requestInfo RequestInfo, resourceUrn stri
 }
 
 // GetAuthorizedPolicies returns authorized policies for specified user combined with resource+action
-func (api AuthAPI) GetAuthorizedPolicies(requestInfo RequestInfo, resourceUrn string, action string, policies []Policy) ([]Policy, error) {
+func (api WorkerAPI) GetAuthorizedPolicies(requestInfo RequestInfo, resourceUrn string, action string, policies []Policy) ([]Policy, error) {
 	resourcesToAuthorize := []Resource{}
 	for _, policy := range policies {
 		resourcesToAuthorize = append(resourcesToAuthorize, policy)
@@ -90,7 +90,7 @@ func (api AuthAPI) GetAuthorizedPolicies(requestInfo RequestInfo, resourceUrn st
 }
 
 // GetAuthorizedExternalResources returns the resources where the specified user has the action granted
-func (api AuthAPI) GetAuthorizedExternalResources(requestInfo RequestInfo, action string, resources []string) ([]string, error) {
+func (api WorkerAPI) GetAuthorizedExternalResources(requestInfo RequestInfo, action string, resources []string) ([]string, error) {
 	// Validate parameters
 	if err := AreValidActions([]string{action}); err != nil {
 		// Transform to API error
@@ -154,7 +154,7 @@ func (api AuthAPI) GetAuthorizedExternalResources(requestInfo RequestInfo, actio
 // PRIVATE HELPER METHODS
 
 // getAuthorizedResources retrieves filtered resources where the authenticated user has permissions
-func (api AuthAPI) getAuthorizedResources(requestInfo RequestInfo, resourceUrn string, action string, resources []Resource) ([]Resource, error) {
+func (api WorkerAPI) getAuthorizedResources(requestInfo RequestInfo, resourceUrn string, action string, resources []Resource) ([]Resource, error) {
 	// If user is an admin return all resources without restriction
 	if requestInfo.Admin {
 		return resources, nil
@@ -183,7 +183,7 @@ func (api AuthAPI) getAuthorizedResources(requestInfo RequestInfo, resourceUrn s
 }
 
 // Get restrictions for this action and full resource or prefix resource, attached to this authenticated user
-func (api AuthAPI) getRestrictions(externalID string, action string, resource string) (*Restrictions, error) {
+func (api WorkerAPI) getRestrictions(externalID string, action string, resource string) (*Restrictions, error) {
 	// Get user if exists
 	user, err := api.UserRepo.GetUserByExternalID(externalID)
 
@@ -225,7 +225,7 @@ func (api AuthAPI) getRestrictions(externalID string, action string, resource st
 	return authResources, nil
 }
 
-func (api AuthAPI) getGroupsByUser(userID string) ([]Group, error) {
+func (api WorkerAPI) getGroupsByUser(userID string) ([]Group, error) {
 	userGroups, _, err := api.UserRepo.GetGroupsByUserID(userID, &Filter{})
 	if err != nil {
 		//Transform to DB error
@@ -246,7 +246,7 @@ func (api AuthAPI) getGroupsByUser(userID string) ([]Group, error) {
 }
 
 // Retrieve policies attached to a slice of groups
-func (api AuthAPI) getPoliciesByGroups(groups []Group) ([]Policy, error) {
+func (api WorkerAPI) getPoliciesByGroups(groups []Group) ([]Policy, error) {
 	if groups == nil || len(groups) < 1 {
 		return nil, nil
 	}

api/group.go

@@ -48,7 +48,7 @@ type GroupPolicies struct {
 
 // GROUP API IMPLEMENTATION
 
-func (api AuthAPI) AddGroup(requestInfo RequestInfo, org string, name string, path string) (*Group, error) {
+func (api WorkerAPI) AddGroup(requestInfo RequestInfo, org string, name string, path string) (*Group, error) {
 	// Validate fields
 	if !IsValidName(name) {
 		return nil, &Error{
@@ -123,7 +123,7 @@ func (api AuthAPI) AddGroup(requestInfo RequestInfo, org string, name string, pa
 
 }
 
-func (api AuthAPI) GetGroupByName(requestInfo RequestInfo, org string, name string) (*Group, error) {
+func (api WorkerAPI) GetGroupByName(requestInfo RequestInfo, org string, name string) (*Group, error) {
 	// Validate fields
 	if !IsValidName(name) {
 		return nil, &Error{
@@ -178,7 +178,7 @@ func (api AuthAPI) GetGroupByName(requestInfo RequestInfo, org string, name stri
 	}
 }
 
-func (api AuthAPI) ListGroups(requestInfo RequestInfo, filter *Filter) ([]GroupIdentity, int, error) {
+func (api WorkerAPI) ListGroups(requestInfo RequestInfo, filter *Filter) ([]GroupIdentity, int, error) {
 	// Validate fields
 	var total int
 	orderByValidColumns := api.UserRepo.OrderByValidColumns(GROUP_ACTION_LIST_GROUPS)
@@ -224,7 +224,7 @@ func (api AuthAPI) ListGroups(requestInfo RequestInfo, filter *Filter) ([]GroupI
 	return groupIDs, total, nil
 }
 
-func (api AuthAPI) UpdateGroup(requestInfo RequestInfo, org string, name string, newName string, newPath string) (*Group, error) {
+func (api WorkerAPI) UpdateGroup(requestInfo RequestInfo, org string, name string, newName string, newPath string) (*Group, error) {
 	// Validate fields
 	if !IsValidName(newName) {
 		return nil, &Error{
@@ -320,7 +320,7 @@ func (api AuthAPI) UpdateGroup(requestInfo RequestInfo, org string, name string,
 
 }
 
-func (api AuthAPI) RemoveGroup(requestInfo RequestInfo, org string, name string) error {
+func (api WorkerAPI) RemoveGroup(requestInfo RequestInfo, org string, name string) error {
 
 	// Call repo to retrieve the group
 	group, err := api.GetGroupByName(requestInfo, org, name)
@@ -358,7 +358,7 @@ func (api AuthAPI) RemoveGroup(requestInfo RequestInfo, org string, name string)
 	return nil
 }
 
-func (api AuthAPI) AddMember(requestInfo RequestInfo, externalId string, name string, org string) error {
+func (api WorkerAPI) AddMember(requestInfo RequestInfo, externalId string, name string, org string) error {
 
 	// Call repo to retrieve the group
 	groupDB, err := api.GetGroupByName(requestInfo, org, name)
@@ -420,7 +420,7 @@ func (api AuthAPI) AddMember(requestInfo RequestInfo, externalId string, name st
 	return nil
 }
 
-func (api AuthAPI) RemoveMember(requestInfo RequestInfo, externalId string, name string, org string) error {
+func (api WorkerAPI) RemoveMember(requestInfo RequestInfo, externalId string, name string, org string) error {
 
 	// Call repo to retrieve the group
 	groupDB, err := api.GetGroupByName(requestInfo, org, name)
@@ -483,7 +483,7 @@ func (api AuthAPI) RemoveMember(requestInfo RequestInfo, externalId string, name
 	return nil
 }
 
-func (api AuthAPI) ListMembers(requestInfo RequestInfo, filter *Filter) ([]GroupMembers, int, error) {
+func (api WorkerAPI) ListMembers(requestInfo RequestInfo, filter *Filter) ([]GroupMembers, int, error) {
 	// Validate fields
 	var total int
 	orderByValidColumns := api.UserRepo.OrderByValidColumns(GROUP_ACTION_LIST_MEMBERS)
@@ -538,7 +538,7 @@ func (api AuthAPI) ListMembers(requestInfo RequestInfo, filter *Filter) ([]Group
 	return members, total, nil
 }
 
-func (api AuthAPI) AttachPolicyToGroup(requestInfo RequestInfo, org string, name string, policyName string) error {
+func (api WorkerAPI) AttachPolicyToGroup(requestInfo RequestInfo, org string, name string, policyName string) error {
 
 	// Check if group exists
 	group, err := api.GetGroupByName(requestInfo, org, name)
@@ -598,7 +598,7 @@ func (api AuthAPI) AttachPolicyToGroup(requestInfo RequestInfo, org string, name
 	return nil
 }
 
-func (api AuthAPI) DetachPolicyToGroup(requestInfo RequestInfo, org string, name string, policyName string) error {
+func (api WorkerAPI) DetachPolicyToGroup(requestInfo RequestInfo, org string, name string, policyName string) error {
 
 	// Check if group exists
 	group, err := api.GetGroupByName(requestInfo, org, name)
@@ -659,7 +659,7 @@ func (api AuthAPI) DetachPolicyToGroup(requestInfo RequestInfo, org string, name
 	return nil
 }
 
-func (api AuthAPI) ListAttachedGroupPolicies(requestInfo RequestInfo, filter *Filter) ([]GroupPolicies, int, error) {
+func (api WorkerAPI) ListAttachedGroupPolicies(requestInfo RequestInfo, filter *Filter) ([]GroupPolicies, int, error) {
 	// Validate fields
 	var total int
 	orderByValidColumns := api.UserRepo.OrderByValidColumns(GROUP_ACTION_LIST_ATTACHED_GROUP_POLICIES)

api/manager.go

@@ -8,34 +8,41 @@ import (
 
 // TYPE DEFINITIONS
 
-// Interface that all resource types have to implement
+// Resource interface that all resource types have to implement
 type Resource interface {
 	// This method must return resource URN
 	GetUrn() string
 }
 
-// Interface for User-Group relationships
+// UserGroupRelation interface for User-Group relationships
 type UserGroupRelation interface {
 	GetUser() *User
 	GetGroup() *Group
 	GetDate() time.Time
 }
 
-// Interface for Policy-Group relationships
+// PolicyGroupRelation interface for Policy-Group relationships
 type PolicyGroupRelation interface {
 	GetGroup() *Group
 	GetPolicy() *Policy
 	GetDate() time.Time
 }
 
-// Foulkon API that implements API interfaces using repositories
-type AuthAPI struct {
+// WorkerAPI that implements API interfaces using repositories
+type WorkerAPI struct {
 	UserRepo   UserRepo
 	GroupRepo  GroupRepo
 	PolicyRepo PolicyRepo
+	ProxyRepo  ProxyRepo
 	Logger     *log.Logger
 }
 
+// ProxyAPI that implements API interfaces using repositories
+type ProxyAPI struct {
+	ProxyRepo ProxyRepo
+	Logger    *log.Logger
+}
+
 // Filter properties for database search
 type Filter struct {
 	PathPrefix string
@@ -52,6 +59,7 @@ type Filter struct {
 
 // API INTERFACES WITH AUTHORIZATION
 
+// UserAPI interface
 type UserAPI interface {
 	// Store user in database. Throw error when parameters are invalid,
 	// user already exists or unexpected error happen.
@@ -78,6 +86,7 @@ type UserAPI interface {
 	ListGroupsByUser(requestInfo RequestInfo, filter *Filter) ([]UserGroups, int, error)
 }
 
+// GroupAPI interface
 type GroupAPI interface {
 	// Store group in database. Throw error when the input parameters are invalid,
 	// the group already exist or unexpected error happen.
@@ -125,6 +134,7 @@ type GroupAPI interface {
 	ListAttachedGroupPolicies(requestInfo RequestInfo, filter *Filter) ([]GroupPolicies, int, error)
 }
 
+// PolicyAPI interface
 type PolicyAPI interface {
 	// Store policy in database. Throw error when the input parameters are invalid,
 	// the policy already exist or unexpected error happen.
@@ -153,6 +163,7 @@ type PolicyAPI interface {
 	ListAttachedGroups(requestInfo RequestInfo, filter *Filter) ([]PolicyGroups, int, error)
 }
 
+// AuthzAPI interface
 type AuthzAPI interface {
 	// Retrieve list of authorized user resources filtered according to the input parameters. Throw error
 	// if requestInfo doesn't exist, requestInfo doesn't have access to any resources or unexpected error happen.
@@ -171,6 +182,12 @@ type AuthzAPI interface {
 	GetAuthorizedExternalResources(requestInfo RequestInfo, action string, resources []string) ([]string, error)
 }
 
+// ProxyResourcesAPI interface to manage proxy resources
+type ProxyResourcesAPI interface {
+	// Retrieve list of proxy resources.
+	GetProxyResources() ([]ProxyResource, error)
+}
+
 // REPOSITORY INTERFACES
 
 // UserRepo contains all database operations
@@ -281,3 +298,9 @@ type PolicyRepo interface {
 	// OrderByValidColumns returns valid columns that you can use in OrderBy
 	OrderByValidColumns(action string) []string
 }
+
+// ProxyRepo contains all database operations
+type ProxyRepo interface {
+	// Retrieve proxy resources from database. Otherwise it throws an error.
+	GetProxyResources() ([]ProxyResource, error)
+}

api/policy.go

@@ -54,7 +54,7 @@ func (s Statement) String() string {
 
 // POLICY API IMPLEMENTATION
 
-func (api AuthAPI) AddPolicy(requestInfo RequestInfo, name string, path string, org string, statements []Statement) (*Policy, error) {
+func (api WorkerAPI) AddPolicy(requestInfo RequestInfo, name string, path string, org string, statements []Statement) (*Policy, error) {
 	// Validate fields
 	if !IsValidName(name) {
 		return nil, &Error{
@@ -139,7 +139,7 @@ func (api AuthAPI) AddPolicy(requestInfo RequestInfo, name string, path string,
 	}
 }
 
-func (api AuthAPI) GetPolicyByName(requestInfo RequestInfo, org string, policyName string) (*Policy, error) {
+func (api WorkerAPI) GetPolicyByName(requestInfo RequestInfo, org string, policyName string) (*Policy, error) {
 	// Validate fields
 	if !IsValidName(policyName) {
 		return nil, &Error{
@@ -192,7 +192,7 @@ func (api AuthAPI) GetPolicyByName(requestInfo RequestInfo, org string, policyNa
 	}
 }
 
-func (api AuthAPI) ListPolicies(requestInfo RequestInfo, filter *Filter) ([]PolicyIdentity, int, error) {
+func (api WorkerAPI) ListPolicies(requestInfo RequestInfo, filter *Filter) ([]PolicyIdentity, int, error) {
 	// Validate fields
 	var total int
 	orderByValidColumns := api.UserRepo.OrderByValidColumns(POLICY_ACTION_LIST_POLICIES)
@@ -237,7 +237,7 @@ func (api AuthAPI) ListPolicies(requestInfo RequestInfo, filter *Filter) ([]Poli
 	return policyIDs, total, nil
 }
 
-func (api AuthAPI) UpdatePolicy(requestInfo RequestInfo, org string, policyName string, newName string, newPath string,
+func (api WorkerAPI) UpdatePolicy(requestInfo RequestInfo, org string, policyName string, newName string, newPath string,
 	newStatements []Statement) (*Policy, error) {
 	// Validate fields
 	if !IsValidName(newName) {
@@ -344,7 +344,7 @@ func (api AuthAPI) UpdatePolicy(requestInfo RequestInfo, org string, policyName
 	return updatedPolicy, nil
 }
 
-func (api AuthAPI) RemovePolicy(requestInfo RequestInfo, org string, name string) error {
+func (api WorkerAPI) RemovePolicy(requestInfo RequestInfo, org string, name string) error {
 
 	// Call repo to retrieve the policy
 	policy, err := api.GetPolicyByName(requestInfo, org, name)
@@ -379,7 +379,7 @@ func (api AuthAPI) RemovePolicy(requestInfo RequestInfo, org string, name string
 	return nil
 }
 
-func (api AuthAPI) ListAttachedGroups(requestInfo RequestInfo, filter *Filter) ([]PolicyGroups, int, error) {
+func (api WorkerAPI) ListAttachedGroups(requestInfo RequestInfo, filter *Filter) ([]PolicyGroups, int, error) {
 	// Validate fields
 	var total int
 	orderByValidColumns := api.UserRepo.OrderByValidColumns(POLICY_ACTION_LIST_ATTACHED_GROUPS)

api/proxy.go

@@ -0,0 +1,32 @@
+package api
+
+import "github.com/Tecsisa/foulkon/database"
+
+// TYPE DEFINITIONS
+
+// ProxyResource domain
+type ProxyResource struct {
+	ID     string `json:"id, omitempty"`
+	Host   string `json:"host, omitempty"`
+	Url    string `json:"url, omitempty"`
+	Method string `json:"method, omitempty"`
+	Urn    string `json:"urn, omitempty"`
+	Action string `json:"action, omitempty"`
+}
+
+// GetProxyResources return proxy resources
+func (api ProxyAPI) GetProxyResources() ([]ProxyResource, error) {
+	resources, err := api.ProxyRepo.GetProxyResources()
+
+	// Error handling
+	if err != nil {
+		//Transform to DB error
+		dbError := err.(*database.Error)
+		return nil, &Error{
+			Code:    UNKNOWN_API_ERROR,
+			Message: dbError.Message,
+		}
+	}
+
+	return resources, nil
+}