feat: fetch service data

goto · May 30, 2024 · b703a6f · b703a6f
1 parent cac2cd5
commit b703a6f
Show file tree

Hide file tree

Showing 18 changed files with 3,288 additions and 1,460 deletions.
diff --git a/Makefile b/Makefile
@@ -2,7 +2,7 @@ GOVERSION := $(shell go version | cut -d ' ' -f 3 | cut -d '.' -f 2)
 
 .PHONY: build check fmt lint test test-race vet test-cover-html help install proto
 .DEFAULT_GOAL := build
-PROTON_COMMIT := "7e380e055d82cd8378989354785f6434d8615d70"
+PROTON_COMMIT := "2b2d5df2bace73dcca8f2c541f7bcd85ce523247"
 
 install:
 	@echo "Clean up imports..."

diff --git a/core/relation/relation.go b/core/relation/relation.go
@@ -29,6 +29,7 @@ type AuthzRepository interface {
 	DeleteV2(ctx context.Context, rel RelationV2) error
 	DeleteSubjectRelations(ctx context.Context, resourceType, optionalResourceID string) error
 	AddV2(ctx context.Context, rel RelationV2) error
+	LookupResources(ctx context.Context, resourceType, permission, subjectType, subjectID string) ([]string, error)
 }
 
 type Relation struct {

diff --git a/core/relation/service.go b/core/relation/service.go
@@ -170,3 +170,7 @@ func (s Service) DeleteSubjectRelations(ctx context.Context, resourceType, optio
 
 	return nil
 }
+
+func (s Service) LookupResources(ctx context.Context, resourceType, permission, subjectType, subjectID string) ([]string, error) {
+	return s.authzRepository.LookupResources(ctx, resourceType, permission, subjectType, subjectID)
+}
diff --git a/core/servicedata/mocks/relation_service.go b/core/servicedata/mocks/relation_service.go
diff --git a/core/servicedata/mocks/servicedata_repository.go b/core/servicedata/mocks/servicedata_repository.go
diff --git a/core/servicedata/service.go b/core/servicedata/service.go
@@ -2,6 +2,7 @@ package servicedata
 
 import (
 	"context"
+	"slices"
 
 	"github.com/goto/shield/core/project"
 	"github.com/goto/shield/core/relation"
@@ -10,14 +11,21 @@ import (
 	"github.com/goto/shield/internal/schema"
 )
 
-const keyNamespace = "shield/servicedata_key"
+const (
+	keyNamespace         = schema.ServiceDataKeyNamespace
+	userNamespace        = schema.UserPrincipal
+	groupNamespace       = schema.GroupPrincipal
+	viewActionID         = schema.ViewPermission
+	membershipPermission = schema.MembershipPermission
+)
 
 type ResourceService interface {
 	Create(ctx context.Context, res resource.Resource) (resource.Resource, error)
 }
 
 type RelationService interface {
 	Create(ctx context.Context, rel relation.RelationV2) (relation.RelationV2, error)
+	LookupResources(ctx context.Context, resourceType, permission, subjectType, subjectID string) ([]string, error)
 }
 
 type ProjectService interface {
@@ -122,3 +130,49 @@ func (s Service) CreateKey(ctx context.Context, key Key) (Key, error) {
 
 	return createdServiceDataKey, nil
 }
+
+func (s Service) Get(ctx context.Context, filter Filter) ([]ServiceData, error) {
+	// fetch current user
+	currentUser, err := s.userService.FetchCurrentUser(ctx)
+	if err != nil {
+		return []ServiceData{}, err
+	}
+
+	// build entity ID filter
+	filter.EntityIDs = [][]string{}
+	if filter.Namespace == groupNamespace {
+		filter.EntityIDs = append(filter.EntityIDs, []string{groupNamespace, filter.ID})
+	}
+	if filter.Namespace == userNamespace && slices.Contains(filter.Entity, userNamespace) {
+		filter.EntityIDs = append(filter.EntityIDs, []string{userNamespace, filter.ID})
+	}
+	if filter.Namespace == userNamespace && slices.Contains(filter.Entity, groupNamespace) {
+		entityGroup, err := s.relationService.LookupResources(ctx, groupNamespace, membershipPermission, userNamespace, filter.ID)
+		if err != nil {
+			return []ServiceData{}, err
+		}
+		for _, ent := range entityGroup {
+			filter.EntityIDs = append(filter.EntityIDs, []string{groupNamespace, ent})
+		}
+	}
+
+	// get all service data key resources that visible by current user
+	viewSD, err := s.relationService.LookupResources(ctx, keyNamespace, viewActionID, userNamespace, currentUser.ID)
+	if err != nil {
+		return []ServiceData{}, err
+	}
+
+	serviceData, err := s.repository.Get(ctx, filter)
+	if err != nil {
+		return []ServiceData{}, err
+	}
+
+	resultSD := []ServiceData{}
+	for _, sd := range serviceData {
+		if slices.Contains(viewSD, sd.Key.ResourceID) {
+			resultSD = append(resultSD, sd)
+		}
+	}
+
+	return resultSD, nil
+}
diff --git a/core/servicedata/servicedata.go b/core/servicedata/servicedata.go
@@ -8,6 +8,7 @@ import (
 type Repository interface {
 	Transactor
 	CreateKey(ctx context.Context, key Key) (Key, error)
+	Get(ctx context.Context, filter Filter) ([]ServiceData, error)
 }
 
 type Transactor interface {
@@ -26,6 +27,22 @@ type Key struct {
 	ResourceID  string
 }
 
+type ServiceData struct {
+	ID          string
+	NamespaceID string
+	EntityID    string
+	Key         Key
+	Value       string
+}
+
+type Filter struct {
+	ID        string
+	Namespace string
+	Entity    []string
+	EntityIDs [][]string
+	Project   string
+}
+
 func (key Key) CreateURN() string {
 	return fmt.Sprintf("%s:servicedata_key:%s", key.ProjectSlug, key.Key)
 }
diff --git a/internal/api/v1beta1/mocks/servicedata_service.go b/internal/api/v1beta1/mocks/servicedata_service.go