Skip to content
This repository has been archived by the owner on Oct 11, 2023. It is now read-only.

Commit

Permalink
read proxy resources from DB with auto refresh (closes #4)
Browse files Browse the repository at this point in the history
  • Loading branch information
gerson24 committed Oct 21, 2016
1 parent c4e277d commit 562da41
Show file tree
Hide file tree
Showing 27 changed files with 1,233 additions and 193 deletions.
16 changes: 8 additions & 8 deletions api/authz.go
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ func (e ExternalResource) GetUrn() string {
// AUTHZ API IMPLEMENTATION

// GetAuthorizedUsers returns authorized users for specified resource+action
func (api AuthAPI) GetAuthorizedUsers(requestInfo RequestInfo, resourceUrn string, action string, users []User) ([]User, error) {
func (api WorkerAPI) GetAuthorizedUsers(requestInfo RequestInfo, resourceUrn string, action string, users []User) ([]User, error) {
resourcesToAuthorize := []Resource{}
for _, usr := range users {
resourcesToAuthorize = append(resourcesToAuthorize, usr)
Expand All @@ -56,7 +56,7 @@ func (api AuthAPI) GetAuthorizedUsers(requestInfo RequestInfo, resourceUrn strin
}

// GetAuthorizedGroups returns authorized users for specified user combined with resource+action
func (api AuthAPI) GetAuthorizedGroups(requestInfo RequestInfo, resourceUrn string, action string, groups []Group) ([]Group, error) {
func (api WorkerAPI) GetAuthorizedGroups(requestInfo RequestInfo, resourceUrn string, action string, groups []Group) ([]Group, error) {
resourcesToAuthorize := []Resource{}
for _, group := range groups {
resourcesToAuthorize = append(resourcesToAuthorize, group)
Expand All @@ -73,7 +73,7 @@ func (api AuthAPI) GetAuthorizedGroups(requestInfo RequestInfo, resourceUrn stri
}

// GetAuthorizedPolicies returns authorized policies for specified user combined with resource+action
func (api AuthAPI) GetAuthorizedPolicies(requestInfo RequestInfo, resourceUrn string, action string, policies []Policy) ([]Policy, error) {
func (api WorkerAPI) GetAuthorizedPolicies(requestInfo RequestInfo, resourceUrn string, action string, policies []Policy) ([]Policy, error) {
resourcesToAuthorize := []Resource{}
for _, policy := range policies {
resourcesToAuthorize = append(resourcesToAuthorize, policy)
Expand All @@ -90,7 +90,7 @@ func (api AuthAPI) GetAuthorizedPolicies(requestInfo RequestInfo, resourceUrn st
}

// GetAuthorizedExternalResources returns the resources where the specified user has the action granted
func (api AuthAPI) GetAuthorizedExternalResources(requestInfo RequestInfo, action string, resources []string) ([]string, error) {
func (api WorkerAPI) GetAuthorizedExternalResources(requestInfo RequestInfo, action string, resources []string) ([]string, error) {
// Validate parameters
if err := AreValidActions([]string{action}); err != nil {
// Transform to API error
Expand Down Expand Up @@ -154,7 +154,7 @@ func (api AuthAPI) GetAuthorizedExternalResources(requestInfo RequestInfo, actio
// PRIVATE HELPER METHODS

// getAuthorizedResources retrieves filtered resources where the authenticated user has permissions
func (api AuthAPI) getAuthorizedResources(requestInfo RequestInfo, resourceUrn string, action string, resources []Resource) ([]Resource, error) {
func (api WorkerAPI) getAuthorizedResources(requestInfo RequestInfo, resourceUrn string, action string, resources []Resource) ([]Resource, error) {
// If user is an admin return all resources without restriction
if requestInfo.Admin {
return resources, nil
Expand Down Expand Up @@ -183,7 +183,7 @@ func (api AuthAPI) getAuthorizedResources(requestInfo RequestInfo, resourceUrn s
}

// Get restrictions for this action and full resource or prefix resource, attached to this authenticated user
func (api AuthAPI) getRestrictions(externalID string, action string, resource string) (*Restrictions, error) {
func (api WorkerAPI) getRestrictions(externalID string, action string, resource string) (*Restrictions, error) {
// Get user if exists
user, err := api.UserRepo.GetUserByExternalID(externalID)

Expand Down Expand Up @@ -225,7 +225,7 @@ func (api AuthAPI) getRestrictions(externalID string, action string, resource st
return authResources, nil
}

func (api AuthAPI) getGroupsByUser(userID string) ([]Group, error) {
func (api WorkerAPI) getGroupsByUser(userID string) ([]Group, error) {
userGroups, _, err := api.UserRepo.GetGroupsByUserID(userID, &Filter{})
if err != nil {
//Transform to DB error
Expand All @@ -246,7 +246,7 @@ func (api AuthAPI) getGroupsByUser(userID string) ([]Group, error) {
}

// Retrieve policies attached to a slice of groups
func (api AuthAPI) getPoliciesByGroups(groups []Group) ([]Policy, error) {
func (api WorkerAPI) getPoliciesByGroups(groups []Group) ([]Policy, error) {
if groups == nil || len(groups) < 1 {
return nil, nil
}
Expand Down
22 changes: 11 additions & 11 deletions api/group.go
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ type GroupPolicies struct {

// GROUP API IMPLEMENTATION

func (api AuthAPI) AddGroup(requestInfo RequestInfo, org string, name string, path string) (*Group, error) {
func (api WorkerAPI) AddGroup(requestInfo RequestInfo, org string, name string, path string) (*Group, error) {
// Validate fields
if !IsValidName(name) {
return nil, &Error{
Expand Down Expand Up @@ -123,7 +123,7 @@ func (api AuthAPI) AddGroup(requestInfo RequestInfo, org string, name string, pa

}

func (api AuthAPI) GetGroupByName(requestInfo RequestInfo, org string, name string) (*Group, error) {
func (api WorkerAPI) GetGroupByName(requestInfo RequestInfo, org string, name string) (*Group, error) {
// Validate fields
if !IsValidName(name) {
return nil, &Error{
Expand Down Expand Up @@ -178,7 +178,7 @@ func (api AuthAPI) GetGroupByName(requestInfo RequestInfo, org string, name stri
}
}

func (api AuthAPI) ListGroups(requestInfo RequestInfo, filter *Filter) ([]GroupIdentity, int, error) {
func (api WorkerAPI) ListGroups(requestInfo RequestInfo, filter *Filter) ([]GroupIdentity, int, error) {
// Validate fields
var total int
orderByValidColumns := api.UserRepo.OrderByValidColumns(GROUP_ACTION_LIST_GROUPS)
Expand Down Expand Up @@ -224,7 +224,7 @@ func (api AuthAPI) ListGroups(requestInfo RequestInfo, filter *Filter) ([]GroupI
return groupIDs, total, nil
}

func (api AuthAPI) UpdateGroup(requestInfo RequestInfo, org string, name string, newName string, newPath string) (*Group, error) {
func (api WorkerAPI) UpdateGroup(requestInfo RequestInfo, org string, name string, newName string, newPath string) (*Group, error) {
// Validate fields
if !IsValidName(newName) {
return nil, &Error{
Expand Down Expand Up @@ -320,7 +320,7 @@ func (api AuthAPI) UpdateGroup(requestInfo RequestInfo, org string, name string,

}

func (api AuthAPI) RemoveGroup(requestInfo RequestInfo, org string, name string) error {
func (api WorkerAPI) RemoveGroup(requestInfo RequestInfo, org string, name string) error {

// Call repo to retrieve the group
group, err := api.GetGroupByName(requestInfo, org, name)
Expand Down Expand Up @@ -358,7 +358,7 @@ func (api AuthAPI) RemoveGroup(requestInfo RequestInfo, org string, name string)
return nil
}

func (api AuthAPI) AddMember(requestInfo RequestInfo, externalId string, name string, org string) error {
func (api WorkerAPI) AddMember(requestInfo RequestInfo, externalId string, name string, org string) error {

// Call repo to retrieve the group
groupDB, err := api.GetGroupByName(requestInfo, org, name)
Expand Down Expand Up @@ -420,7 +420,7 @@ func (api AuthAPI) AddMember(requestInfo RequestInfo, externalId string, name st
return nil
}

func (api AuthAPI) RemoveMember(requestInfo RequestInfo, externalId string, name string, org string) error {
func (api WorkerAPI) RemoveMember(requestInfo RequestInfo, externalId string, name string, org string) error {

// Call repo to retrieve the group
groupDB, err := api.GetGroupByName(requestInfo, org, name)
Expand Down Expand Up @@ -483,7 +483,7 @@ func (api AuthAPI) RemoveMember(requestInfo RequestInfo, externalId string, name
return nil
}

func (api AuthAPI) ListMembers(requestInfo RequestInfo, filter *Filter) ([]GroupMembers, int, error) {
func (api WorkerAPI) ListMembers(requestInfo RequestInfo, filter *Filter) ([]GroupMembers, int, error) {
// Validate fields
var total int
orderByValidColumns := api.UserRepo.OrderByValidColumns(GROUP_ACTION_LIST_MEMBERS)
Expand Down Expand Up @@ -538,7 +538,7 @@ func (api AuthAPI) ListMembers(requestInfo RequestInfo, filter *Filter) ([]Group
return members, total, nil
}

func (api AuthAPI) AttachPolicyToGroup(requestInfo RequestInfo, org string, name string, policyName string) error {
func (api WorkerAPI) AttachPolicyToGroup(requestInfo RequestInfo, org string, name string, policyName string) error {

// Check if group exists
group, err := api.GetGroupByName(requestInfo, org, name)
Expand Down Expand Up @@ -598,7 +598,7 @@ func (api AuthAPI) AttachPolicyToGroup(requestInfo RequestInfo, org string, name
return nil
}

func (api AuthAPI) DetachPolicyToGroup(requestInfo RequestInfo, org string, name string, policyName string) error {
func (api WorkerAPI) DetachPolicyToGroup(requestInfo RequestInfo, org string, name string, policyName string) error {

// Check if group exists
group, err := api.GetGroupByName(requestInfo, org, name)
Expand Down Expand Up @@ -659,7 +659,7 @@ func (api AuthAPI) DetachPolicyToGroup(requestInfo RequestInfo, org string, name
return nil
}

func (api AuthAPI) ListAttachedGroupPolicies(requestInfo RequestInfo, filter *Filter) ([]GroupPolicies, int, error) {
func (api WorkerAPI) ListAttachedGroupPolicies(requestInfo RequestInfo, filter *Filter) ([]GroupPolicies, int, error) {
// Validate fields
var total int
orderByValidColumns := api.UserRepo.OrderByValidColumns(GROUP_ACTION_LIST_ATTACHED_GROUP_POLICIES)
Expand Down
33 changes: 28 additions & 5 deletions api/manager.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,34 +8,41 @@ import (

// TYPE DEFINITIONS

// Interface that all resource types have to implement
// Resource interface that all resource types have to implement
type Resource interface {
// This method must return resource URN
GetUrn() string
}

// Interface for User-Group relationships
// UserGroupRelation interface for User-Group relationships
type UserGroupRelation interface {
GetUser() *User
GetGroup() *Group
GetDate() time.Time
}

// Interface for Policy-Group relationships
// PolicyGroupRelation interface for Policy-Group relationships
type PolicyGroupRelation interface {
GetGroup() *Group
GetPolicy() *Policy
GetDate() time.Time
}

// Foulkon API that implements API interfaces using repositories
type AuthAPI struct {
// WorkerAPI that implements API interfaces using repositories
type WorkerAPI struct {
UserRepo UserRepo
GroupRepo GroupRepo
PolicyRepo PolicyRepo
ProxyRepo ProxyRepo
Logger *log.Logger
}

// ProxyAPI that implements API interfaces using repositories
type ProxyAPI struct {
ProxyRepo ProxyRepo
Logger *log.Logger
}

// Filter properties for database search
type Filter struct {
PathPrefix string
Expand All @@ -52,6 +59,7 @@ type Filter struct {

// API INTERFACES WITH AUTHORIZATION

// UserAPI interface
type UserAPI interface {
// Store user in database. Throw error when parameters are invalid,
// user already exists or unexpected error happen.
Expand All @@ -78,6 +86,7 @@ type UserAPI interface {
ListGroupsByUser(requestInfo RequestInfo, filter *Filter) ([]UserGroups, int, error)
}

// GroupAPI interface
type GroupAPI interface {
// Store group in database. Throw error when the input parameters are invalid,
// the group already exist or unexpected error happen.
Expand Down Expand Up @@ -125,6 +134,7 @@ type GroupAPI interface {
ListAttachedGroupPolicies(requestInfo RequestInfo, filter *Filter) ([]GroupPolicies, int, error)
}

// PolicyAPI interface
type PolicyAPI interface {
// Store policy in database. Throw error when the input parameters are invalid,
// the policy already exist or unexpected error happen.
Expand Down Expand Up @@ -153,6 +163,7 @@ type PolicyAPI interface {
ListAttachedGroups(requestInfo RequestInfo, filter *Filter) ([]PolicyGroups, int, error)
}

// AuthzAPI interface
type AuthzAPI interface {
// Retrieve list of authorized user resources filtered according to the input parameters. Throw error
// if requestInfo doesn't exist, requestInfo doesn't have access to any resources or unexpected error happen.
Expand All @@ -171,6 +182,12 @@ type AuthzAPI interface {
GetAuthorizedExternalResources(requestInfo RequestInfo, action string, resources []string) ([]string, error)
}

// ProxyResourcesAPI interface to manage proxy resources
type ProxyResourcesAPI interface {
// Retrieve list of proxy resources.
GetProxyResources() ([]ProxyResource, error)
}

// REPOSITORY INTERFACES

// UserRepo contains all database operations
Expand Down Expand Up @@ -281,3 +298,9 @@ type PolicyRepo interface {
// OrderByValidColumns returns valid columns that you can use in OrderBy
OrderByValidColumns(action string) []string
}

// ProxyRepo contains all database operations
type ProxyRepo interface {
// Retrieve proxy resources from database. Otherwise it throws an error.
GetProxyResources() ([]ProxyResource, error)
}
12 changes: 6 additions & 6 deletions api/policy.go
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ func (s Statement) String() string {

// POLICY API IMPLEMENTATION

func (api AuthAPI) AddPolicy(requestInfo RequestInfo, name string, path string, org string, statements []Statement) (*Policy, error) {
func (api WorkerAPI) AddPolicy(requestInfo RequestInfo, name string, path string, org string, statements []Statement) (*Policy, error) {
// Validate fields
if !IsValidName(name) {
return nil, &Error{
Expand Down Expand Up @@ -139,7 +139,7 @@ func (api AuthAPI) AddPolicy(requestInfo RequestInfo, name string, path string,
}
}

func (api AuthAPI) GetPolicyByName(requestInfo RequestInfo, org string, policyName string) (*Policy, error) {
func (api WorkerAPI) GetPolicyByName(requestInfo RequestInfo, org string, policyName string) (*Policy, error) {
// Validate fields
if !IsValidName(policyName) {
return nil, &Error{
Expand Down Expand Up @@ -192,7 +192,7 @@ func (api AuthAPI) GetPolicyByName(requestInfo RequestInfo, org string, policyNa
}
}

func (api AuthAPI) ListPolicies(requestInfo RequestInfo, filter *Filter) ([]PolicyIdentity, int, error) {
func (api WorkerAPI) ListPolicies(requestInfo RequestInfo, filter *Filter) ([]PolicyIdentity, int, error) {
// Validate fields
var total int
orderByValidColumns := api.UserRepo.OrderByValidColumns(POLICY_ACTION_LIST_POLICIES)
Expand Down Expand Up @@ -237,7 +237,7 @@ func (api AuthAPI) ListPolicies(requestInfo RequestInfo, filter *Filter) ([]Poli
return policyIDs, total, nil
}

func (api AuthAPI) UpdatePolicy(requestInfo RequestInfo, org string, policyName string, newName string, newPath string,
func (api WorkerAPI) UpdatePolicy(requestInfo RequestInfo, org string, policyName string, newName string, newPath string,
newStatements []Statement) (*Policy, error) {
// Validate fields
if !IsValidName(newName) {
Expand Down Expand Up @@ -344,7 +344,7 @@ func (api AuthAPI) UpdatePolicy(requestInfo RequestInfo, org string, policyName
return updatedPolicy, nil
}

func (api AuthAPI) RemovePolicy(requestInfo RequestInfo, org string, name string) error {
func (api WorkerAPI) RemovePolicy(requestInfo RequestInfo, org string, name string) error {

// Call repo to retrieve the policy
policy, err := api.GetPolicyByName(requestInfo, org, name)
Expand Down Expand Up @@ -379,7 +379,7 @@ func (api AuthAPI) RemovePolicy(requestInfo RequestInfo, org string, name string
return nil
}

func (api AuthAPI) ListAttachedGroups(requestInfo RequestInfo, filter *Filter) ([]PolicyGroups, int, error) {
func (api WorkerAPI) ListAttachedGroups(requestInfo RequestInfo, filter *Filter) ([]PolicyGroups, int, error) {
// Validate fields
var total int
orderByValidColumns := api.UserRepo.OrderByValidColumns(POLICY_ACTION_LIST_ATTACHED_GROUPS)
Expand Down
32 changes: 32 additions & 0 deletions api/proxy.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
package api

import "github.com/Tecsisa/foulkon/database"

// TYPE DEFINITIONS

// ProxyResource domain
type ProxyResource struct {
ID string `json:"id, omitempty"`
Host string `json:"host, omitempty"`
Url string `json:"url, omitempty"`
Method string `json:"method, omitempty"`
Urn string `json:"urn, omitempty"`
Action string `json:"action, omitempty"`
}

// GetProxyResources return proxy resources
func (api ProxyAPI) GetProxyResources() ([]ProxyResource, error) {
resources, err := api.ProxyRepo.GetProxyResources()

// Error handling
if err != nil {
//Transform to DB error
dbError := err.(*database.Error)
return nil, &Error{
Code: UNKNOWN_API_ERROR,
Message: dbError.Message,
}
}

return resources, nil
}
Loading

0 comments on commit 562da41

Please sign in to comment.