From 72226f2bda133a2f750912cee03d1748345d5e96 Mon Sep 17 00:00:00 2001 From: Ishan Arya Date: Tue, 23 Jul 2024 14:38:05 +0530 Subject: [PATCH 1/9] feat: allow edit role on servicedatakey to be public --- internal/schema/predefined.go | 2 +- internal/store/spicedb/schema_generator/predefined_schema | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/schema/predefined.go b/internal/schema/predefined.go index 6c29fb4d2..79c7bf9b8 100644 --- a/internal/schema/predefined.go +++ b/internal/schema/predefined.go @@ -131,7 +131,7 @@ var ServiceDataKeyConfig = NamespaceConfig{ }, }, Roles: map[string][]string{ - EditorRole: {UserPrincipal, GroupPrincipal}, + EditorRole: {UserPrincipal, GroupPrincipal, UserPrincipalWildcard}, ViewerRole: {UserPrincipal, GroupPrincipal, UserPrincipalWildcard}, OwnerRole: {UserPrincipal, GroupPrincipal}, }, diff --git a/internal/store/spicedb/schema_generator/predefined_schema b/internal/store/spicedb/schema_generator/predefined_schema index c2ae7cb96..9538fd782 100644 --- a/internal/store/spicedb/schema_generator/predefined_schema +++ b/internal/store/spicedb/schema_generator/predefined_schema @@ -29,7 +29,7 @@ definition shield/group { } -- definition shield/servicedata_key { - relation editor: shield/user | shield/group#membership + relation editor: shield/user | shield/group#membership | shield/user:* relation viewer: shield/user | shield/group#membership | shield/user:* relation owner: shield/user | shield/group#membership permission edit = owner + editor + organization->owner + organization->editor + project->owner + project->editor From 3a72b8a005973fd325796a0509f2b727c3662f50 Mon Sep 17 00:00:00 2001 From: Ishan Arya Date: Tue, 23 Jul 2024 18:18:37 +0530 Subject: [PATCH 2/9] feat: allow self onboarding with public servicedata --- core/relation/relation.go | 1 + core/relation/service.go | 7 + .../api/v1beta1/mocks/relation_service.go | 55 ++++++++ internal/api/v1beta1/relation.go | 1 + internal/api/v1beta1/user.go | 123 +++++++++++++----- internal/store/spicedb/relation_repository.go | 52 ++++++++ 6 files changed, 204 insertions(+), 35 deletions(-) diff --git a/core/relation/relation.go b/core/relation/relation.go index 1208ae08b..c2d330508 100644 --- a/core/relation/relation.go +++ b/core/relation/relation.go @@ -31,6 +31,7 @@ type AuthzRepository interface { DeleteSubjectRelations(ctx context.Context, resourceType, optionalResourceID string) error AddV2(ctx context.Context, rel RelationV2) error LookupResources(ctx context.Context, resourceType, permission, subjectType, subjectID string) ([]string, error) + CheckIsPublic(ctx context.Context, rel Relation, act action.Action) (bool, error) } type Relation struct { diff --git a/core/relation/service.go b/core/relation/service.go index 31e60a87a..c249bd453 100644 --- a/core/relation/service.go +++ b/core/relation/service.go @@ -152,6 +152,13 @@ func (s Service) CheckPermission(ctx context.Context, usr user.User, resourceNS func (s Service) BulkCheckPermission(ctx context.Context, rels []Relation, acts []action.Action) ([]Permission, error) { return s.authzRepository.BulkCheck(ctx, rels, acts) } +func (s Service) CheckIsPublic(ctx context.Context, resourceNS namespace.Namespace, resourceIdxa string, action action.Action) (bool, error) { + return s.authzRepository.CheckIsPublic(ctx, Relation{ + ObjectNamespace: resourceNS, + ObjectID: resourceIdxa, + SubjectNamespace: namespace.DefinitionUser, + }, action) +} func (s Service) DeleteSubjectRelations(ctx context.Context, resourceType, optionalResourceID string) error { currentUser, err := s.userService.FetchCurrentUser(ctx) diff --git a/internal/api/v1beta1/mocks/relation_service.go b/internal/api/v1beta1/mocks/relation_service.go index e2f553678..41fed1ff7 100644 --- a/internal/api/v1beta1/mocks/relation_service.go +++ b/internal/api/v1beta1/mocks/relation_service.go @@ -29,6 +29,61 @@ func (_m *RelationService) EXPECT() *RelationService_Expecter { return &RelationService_Expecter{mock: &_m.Mock} } +// CheckIsPublic provides a mock function with given fields: ctx, resourceNS, resourceIdxa, _a3 +func (_m *RelationService) CheckIsPublic(ctx context.Context, resourceNS namespace.Namespace, resourceIdxa string, _a3 action.Action) (bool, error) { + ret := _m.Called(ctx, resourceNS, resourceIdxa, _a3) + + var r0 bool + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, namespace.Namespace, string, action.Action) (bool, error)); ok { + return rf(ctx, resourceNS, resourceIdxa, _a3) + } + if rf, ok := ret.Get(0).(func(context.Context, namespace.Namespace, string, action.Action) bool); ok { + r0 = rf(ctx, resourceNS, resourceIdxa, _a3) + } else { + r0 = ret.Get(0).(bool) + } + + if rf, ok := ret.Get(1).(func(context.Context, namespace.Namespace, string, action.Action) error); ok { + r1 = rf(ctx, resourceNS, resourceIdxa, _a3) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// RelationService_CheckIsPublic_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'CheckIsPublic' +type RelationService_CheckIsPublic_Call struct { + *mock.Call +} + +// CheckIsPublic is a helper method to define mock.On call +// - ctx context.Context +// - resourceNS namespace.Namespace +// - resourceIdxa string +// - _a3 action.Action +func (_e *RelationService_Expecter) CheckIsPublic(ctx interface{}, resourceNS interface{}, resourceIdxa interface{}, _a3 interface{}) *RelationService_CheckIsPublic_Call { + return &RelationService_CheckIsPublic_Call{Call: _e.mock.On("CheckIsPublic", ctx, resourceNS, resourceIdxa, _a3)} +} + +func (_c *RelationService_CheckIsPublic_Call) Run(run func(ctx context.Context, resourceNS namespace.Namespace, resourceIdxa string, _a3 action.Action)) *RelationService_CheckIsPublic_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(namespace.Namespace), args[2].(string), args[3].(action.Action)) + }) + return _c +} + +func (_c *RelationService_CheckIsPublic_Call) Return(_a0 bool, _a1 error) *RelationService_CheckIsPublic_Call { + _c.Call.Return(_a0, _a1) + return _c +} + +func (_c *RelationService_CheckIsPublic_Call) RunAndReturn(run func(context.Context, namespace.Namespace, string, action.Action) (bool, error)) *RelationService_CheckIsPublic_Call { + _c.Call.Return(run) + return _c +} + // CheckPermission provides a mock function with given fields: ctx, usr, resourceNS, resourceIdxa, _a4 func (_m *RelationService) CheckPermission(ctx context.Context, usr user.User, resourceNS namespace.Namespace, resourceIdxa string, _a4 action.Action) (bool, error) { ret := _m.Called(ctx, usr, resourceNS, resourceIdxa, _a4) diff --git a/internal/api/v1beta1/relation.go b/internal/api/v1beta1/relation.go index 5311d7186..f3b161fff 100644 --- a/internal/api/v1beta1/relation.go +++ b/internal/api/v1beta1/relation.go @@ -29,6 +29,7 @@ type RelationService interface { GetRelationByFields(ctx context.Context, rel relation.RelationV2) (relation.RelationV2, error) LookupResources(ctx context.Context, resourceType, permission, subjectType, subjectID string) ([]string, error) CheckPermission(ctx context.Context, usr user.User, resourceNS namespace.Namespace, resourceIdxa string, action action.Action) (bool, error) + CheckIsPublic(ctx context.Context, resourceNS namespace.Namespace, resourceIdxa string, action action.Action) (bool, error) } var grpcRelationNotFoundErr = status.Errorf(codes.NotFound, "relation doesn't exist") diff --git a/internal/api/v1beta1/user.go b/internal/api/v1beta1/user.go index 2a12cc832..e1f63d247 100644 --- a/internal/api/v1beta1/user.go +++ b/internal/api/v1beta1/user.go @@ -94,13 +94,10 @@ func (h Handler) ListUsers(ctx context.Context, request *shieldv1beta1.ListUsers } func (h Handler) CreateUser(ctx context.Context, request *shieldv1beta1.CreateUserRequest) (*shieldv1beta1.CreateUserResponse, error) { - logger := grpczap.Extract(ctx) + newUser := user.User{} + userSelfOnboard := false - currentUser, err := h.userService.FetchCurrentUser(ctx) - if err != nil { - logger.Error(err.Error()) - return nil, grpcUnauthenticated - } + logger := grpczap.Extract(ctx) if request.GetBody() == nil { return nil, grpcBadBodyError @@ -120,39 +117,53 @@ func (h Handler) CreateUser(ctx context.Context, request *shieldv1beta1.CreateUs return nil, grpcBadBodyError } - for k := range metaDataMap { - urn := servicedata.CreateURN(h.serviceDataConfig.DefaultServiceDataProject, k) - key, err := h.serviceDataService.GetKeyByURN(ctx, urn) - if err != nil { - return nil, err - } - - permission, err := h.relationService.CheckPermission(ctx, currentUser, namespace.Namespace{ID: schema.ServiceDataKeyNamespace}, key.ResourceID, action.Action{ID: schema.EditPermission}) - if err != nil { - return nil, err - } - if !permission { - return nil, status.Error(codes.PermissionDenied, fmt.Sprintf("you are not authorized to update %s key", k)) - } - } - - // TODO might need to check the valid email form - newUser, err := h.userService.Create(ctx, user.User{ - Name: request.GetBody().GetName(), - Email: email, - Metadata: nil, - }) + currentUser, err := h.userService.FetchCurrentUser(ctx) if err != nil { logger.Error(err.Error()) switch { - case errors.Is(err, user.ErrConflict): - return nil, grpcConflictError - case errors.Is(errors.Unwrap(err), user.ErrKeyDoesNotExists): - return nil, grpcBadBodyError - case errors.Is(err, user.ErrInvalidEmail), - errors.Is(err, user.ErrMissingEmail): - return nil, grpcUnauthenticated + case errors.Is(err, user.ErrInvalidEmail): + callerEmail, ok := user.GetEmailFromContext(ctx) + if !ok { + return nil, grpcUnauthenticated + } + if callerEmail != email { + return nil, grpcUnauthenticated + } + userSelfOnboard = true + if !h.checkIsPublicEditable(ctx, metaDataMap) { + return nil, status.Error(codes.PermissionDenied, fmt.Sprintf("you are not authorized to update some key")) + } + newUser, err = h.createUser(ctx, request.GetBody().GetName(), email) + if err != nil { + logger.Error(err.Error()) + return nil, grpcInternalServerError + } default: + return nil, grpcUnauthenticated + } + } + + if !userSelfOnboard { + for k := range metaDataMap { + urn := servicedata.CreateURN(h.serviceDataConfig.DefaultServiceDataProject, k) + key, err := h.serviceDataService.GetKeyByURN(ctx, urn) + if err != nil { + return nil, err + } + + permission, err := h.relationService.CheckPermission(ctx, currentUser, namespace.Namespace{ID: schema.ServiceDataKeyNamespace}, key.ResourceID, action.Action{ID: schema.EditPermission}) + if err != nil { + return nil, err + } + if !permission { + return nil, status.Error(codes.PermissionDenied, fmt.Sprintf("you are not authorized to update %s key", k)) + } + } + + // TODO might need to check the valid email form + newUser, err = h.createUser(ctx, request.GetBody().GetName(), email) + if err != nil { + logger.Error(err.Error()) return nil, grpcInternalServerError } } @@ -595,3 +606,45 @@ func isValidEmail(email string) bool { _, err := mail.ParseAddress(email) return err == nil } + +func (h Handler) checkIsPublicEditable(ctx context.Context, metaDataMap metadata.Metadata) bool { + for k, _ := range metaDataMap { + urn := servicedata.CreateURN(h.serviceDataConfig.DefaultServiceDataProject, k) + key, err := h.serviceDataService.GetKeyByURN(ctx, urn) + if err != nil { + return false + } + permission, err := h.relationService.CheckIsPublic(ctx, namespace.Namespace{ID: schema.ServiceDataKeyNamespace}, key.ResourceID, action.Action{ID: schema.EditPermission}) + if err != nil { + fmt.Println(err.Error()) + return false + } + if !permission { + return false + } + } + return true +} + +func (h Handler) createUser(ctx context.Context, name, email string) (user.User, error) { + createdUser, err := h.userService.Create(ctx, user.User{ + Name: name, + Email: email, + Metadata: nil, + }) + if err != nil { + switch { + case errors.Is(err, user.ErrConflict): + return user.User{}, grpcConflictError + case errors.Is(errors.Unwrap(err), user.ErrKeyDoesNotExists): + return user.User{}, grpcBadBodyError + case errors.Is(err, user.ErrInvalidEmail), + errors.Is(err, user.ErrMissingEmail): + return user.User{}, grpcUnauthenticated + default: + return user.User{}, grpcInternalServerError + } + } + + return createdUser, nil +} diff --git a/internal/store/spicedb/relation_repository.go b/internal/store/spicedb/relation_repository.go index 00486b32b..8533ff269 100644 --- a/internal/store/spicedb/relation_repository.go +++ b/internal/store/spicedb/relation_repository.go @@ -203,6 +203,58 @@ func (r RelationRepository) BulkCheck(ctx context.Context, rels []relation.Relat return result, nil } +func (r RelationRepository) CheckIsPublic(ctx context.Context, rel relation.Relation, act action.Action) (bool, error) { + relationship, err := schema_generator.TransformCheckRelation(rel) + if err != nil { + return false, err + } + + request := &authzedpb.LookupSubjectsRequest{ + Consistency: &authzedpb.Consistency{ + Requirement: &authzedpb.Consistency_FullyConsistent{ + FullyConsistent: true, + }, + }, + SubjectObjectType: rel.SubjectNamespace.ID, + Resource: relationship.Resource, + Permission: act.ID, + OptionalConcreteLimit: 1, + WildcardOption: authzedpb.LookupSubjectsRequest_WILDCARD_OPTION_INCLUDE_WILDCARDS, + } + + nrCtx := newrelic.FromContext(ctx) + if nrCtx != nil { + nr := newrelic.DatastoreSegment{ + Product: nrProductName, + Collection: fmt.Sprintf("object:%s", request.Resource.ObjectType), + Operation: "CheckIsPublic", + StartTime: nrCtx.StartSegmentNow(), + } + defer nr.End() + } + + response, err := r.spiceDB.client.LookupSubjects(ctx, request) + if err != nil { + return false, err + } + + foundWildcard := false + for !foundWildcard { + resp, err := response.Recv() + if err != nil { + if err == io.EOF { + break + } + return false, err + } + if resp.Subject.SubjectObjectId == "*" { + foundWildcard = true + } + } + + return foundWildcard, nil +} + func (r RelationRepository) Delete(ctx context.Context, rel relation.Relation) error { relationship, err := schema_generator.TransformRelation(rel) if err != nil { From ca25e9b8d53901dbfaca013901aa55988b3c7a2d Mon Sep 17 00:00:00 2001 From: Ishan Arya Date: Wed, 24 Jul 2024 12:21:20 +0530 Subject: [PATCH 3/9] refactor --- internal/api/v1beta1/user.go | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) diff --git a/internal/api/v1beta1/user.go b/internal/api/v1beta1/user.go index e1f63d247..5097508fb 100644 --- a/internal/api/v1beta1/user.go +++ b/internal/api/v1beta1/user.go @@ -117,9 +117,9 @@ func (h Handler) CreateUser(ctx context.Context, request *shieldv1beta1.CreateUs return nil, grpcBadBodyError } - currentUser, err := h.userService.FetchCurrentUser(ctx) + callerUser, err := h.userService.FetchCurrentUser(ctx) if err != nil { - logger.Error(err.Error()) + logger.Error(fmt.Sprintf("error while fetching caller details: ", err.Error())) switch { case errors.Is(err, user.ErrInvalidEmail): callerEmail, ok := user.GetEmailFromContext(ctx) @@ -127,12 +127,19 @@ func (h Handler) CreateUser(ctx context.Context, request *shieldv1beta1.CreateUs return nil, grpcUnauthenticated } if callerEmail != email { - return nil, grpcUnauthenticated + return nil, grpcPermissionDenied } userSelfOnboard = true - if !h.checkIsPublicEditable(ctx, metaDataMap) { - return nil, status.Error(codes.PermissionDenied, fmt.Sprintf("you are not authorized to update some key")) + + haveEditPermission, key, err := h.checkIsWildcardEditable(ctx, metaDataMap) + if err != nil { + return nil, status.Error(codes.Internal, fmt.Sprintf("erro while updating %s key: %s", key, err.Error())) + } + if !haveEditPermission { + return nil, status.Error(codes.PermissionDenied, fmt.Sprintf("you are not authorized to update %s key", key)) + } + newUser, err = h.createUser(ctx, request.GetBody().GetName(), email) if err != nil { logger.Error(err.Error()) @@ -151,7 +158,7 @@ func (h Handler) CreateUser(ctx context.Context, request *shieldv1beta1.CreateUs return nil, err } - permission, err := h.relationService.CheckPermission(ctx, currentUser, namespace.Namespace{ID: schema.ServiceDataKeyNamespace}, key.ResourceID, action.Action{ID: schema.EditPermission}) + permission, err := h.relationService.CheckPermission(ctx, callerUser, namespace.Namespace{ID: schema.ServiceDataKeyNamespace}, key.ResourceID, action.Action{ID: schema.EditPermission}) if err != nil { return nil, err } @@ -607,23 +614,23 @@ func isValidEmail(email string) bool { return err == nil } -func (h Handler) checkIsPublicEditable(ctx context.Context, metaDataMap metadata.Metadata) bool { +func (h Handler) checkIsWildcardEditable(ctx context.Context, metaDataMap metadata.Metadata) (bool, string, error) { for k, _ := range metaDataMap { urn := servicedata.CreateURN(h.serviceDataConfig.DefaultServiceDataProject, k) key, err := h.serviceDataService.GetKeyByURN(ctx, urn) if err != nil { - return false + return false, k, err } permission, err := h.relationService.CheckIsPublic(ctx, namespace.Namespace{ID: schema.ServiceDataKeyNamespace}, key.ResourceID, action.Action{ID: schema.EditPermission}) if err != nil { fmt.Println(err.Error()) - return false + return false, k, err } if !permission { - return false + return false, k, nil } } - return true + return true, "", nil } func (h Handler) createUser(ctx context.Context, name, email string) (user.User, error) { From 7b203bc52a14a03ae55411bc6b67a8cdaf49eaba Mon Sep 17 00:00:00 2001 From: Ishan Arya Date: Wed, 24 Jul 2024 12:25:33 +0530 Subject: [PATCH 4/9] chore: add go mod file --- go.mod | 32 +++++++++++++++++--------------- go.sum | 56 ++++++++++++++++++++++++++++---------------------------- 2 files changed, 45 insertions(+), 43 deletions(-) diff --git a/go.mod b/go.mod index df9a68d1b..d4e7cb5a4 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,8 @@ module github.com/goto/shield -go 1.21 +go 1.21.0 + +toolchain go1.22.3 require ( github.com/MakeNowJust/heredoc v1.0.0 @@ -37,7 +39,7 @@ require ( github.com/robfig/cron/v3 v3.0.1 github.com/rs/xid v1.5.0 github.com/spf13/afero v1.11.0 - github.com/spf13/cobra v1.8.0 + github.com/spf13/cobra v1.8.1 github.com/stretchr/testify v1.9.0 github.com/tidwall/gjson v1.14.4 go.nhat.io/otelsql v0.13.0 @@ -46,11 +48,11 @@ require ( go.opentelemetry.io/otel v1.27.0 go.opentelemetry.io/otel/metric v1.27.0 go.opentelemetry.io/otel/trace v1.27.0 - go.uber.org/zap v1.24.0 + go.uber.org/zap v1.27.0 gocloud.dev v0.28.0 - golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8 - golang.org/x/net v0.26.0 - golang.org/x/oauth2 v0.20.0 + golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 + golang.org/x/net v0.27.0 + golang.org/x/oauth2 v0.21.0 google.golang.org/genproto/googleapis/api v0.0.0-20240513163218-0867130af1f8 google.golang.org/grpc v1.64.0 google.golang.org/protobuf v1.34.2 @@ -81,11 +83,11 @@ require ( github.com/cenkalti/backoff v2.2.1+incompatible // indirect github.com/cenkalti/backoff/v4 v4.3.0 // indirect github.com/certifi/gocertifi v0.0.0-20210507211836-431795d63e8d // indirect - github.com/cespare/xxhash/v2 v2.2.0 // indirect + github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/charmbracelet/glamour v0.6.0 // indirect github.com/cli/safeexec v1.0.1 // indirect github.com/containerd/continuity v0.3.0 // indirect - github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect + github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/dlclark/regexp2 v1.9.0 // indirect github.com/docker/go-connections v0.4.0 // indirect @@ -128,7 +130,7 @@ require ( github.com/magiconair/properties v1.8.7 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect - github.com/mattn/go-runewidth v0.0.14 // indirect + github.com/mattn/go-runewidth v0.0.16 // indirect github.com/microcosm-cc/bluemonday v1.0.21 // indirect github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db // indirect github.com/muesli/reflow v0.3.0 // indirect @@ -141,7 +143,7 @@ require ( github.com/pelletier/go-toml/v2 v2.2.2 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect - github.com/rivo/uniseg v0.4.4 // indirect + github.com/rivo/uniseg v0.4.7 // indirect github.com/rs/zerolog v1.33.0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/sagikazarmark/locafero v0.6.0 // indirect @@ -179,14 +181,14 @@ require ( go.uber.org/atomic v1.11.0 // indirect go.uber.org/multierr v1.11.0 // indirect golang.org/x/arch v0.8.0 // indirect - golang.org/x/crypto v0.24.0 // indirect - golang.org/x/mod v0.18.0 // indirect + golang.org/x/crypto v0.25.0 // indirect + golang.org/x/mod v0.19.0 // indirect golang.org/x/sync v0.7.0 // indirect - golang.org/x/sys v0.21.0 // indirect - golang.org/x/term v0.21.0 // indirect + golang.org/x/sys v0.22.0 // indirect + golang.org/x/term v0.22.0 // indirect golang.org/x/text v0.16.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.22.0 // indirect + golang.org/x/tools v0.23.0 // indirect golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect google.golang.org/api v0.171.0 // indirect google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 // indirect diff --git a/go.sum b/go.sum index 4af565b53..a86232702 100644 --- a/go.sum +++ b/go.sum @@ -590,8 +590,6 @@ github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuP github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= -github.com/benbjohnson/clock v1.3.0 h1:ip6w0uFQkncKQ979AypyG0ER7mqUSBdKLOgAle/AT8A= -github.com/benbjohnson/clock v1.3.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= @@ -631,8 +629,8 @@ github.com/certifi/gocertifi v0.0.0-20210507211836-431795d63e8d/go.mod h1:sGbDF6 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= -github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/charmbracelet/glamour v0.6.0 h1:wi8fse3Y7nfcabbbDuwolqTqMQPMnVPeZhDM273bISc= github.com/charmbracelet/glamour v0.6.0/go.mod h1:taqWV4swIMMbWALc0m7AfE9JkPSU8om2538k9ITBxOc= github.com/checkpoint-restore/go-criu/v4 v4.1.0/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw= @@ -793,8 +791,8 @@ github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfc github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= -github.com/cpuguy83/go-md2man/v2 v2.0.3 h1:qMCsGGgs+MAzDFyp9LpAe1Lqy/fY/qCovCm0qnXZOBM= -github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4= +github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= @@ -1513,8 +1511,9 @@ github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-runewidth v0.0.12/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk= -github.com/mattn/go-runewidth v0.0.14 h1:+xnbZSEeDbOIg5/mE6JF0w6n9duR1l3/WmbinWVwUuU= github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= +github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc= +github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o= github.com/mattn/go-shellwords v1.0.6/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o= github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y= @@ -1792,8 +1791,8 @@ github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqn github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.3/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= -github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis= -github.com/rivo/uniseg v0.4.4/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= +github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= +github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs= github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= @@ -1886,8 +1885,8 @@ github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee/go.mod h1:1l0Ry5zgKv github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= -github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= -github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho= +github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= +github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.1-0.20171106142849-4c012f6dcd95/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= @@ -2146,8 +2145,9 @@ go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= go.uber.org/zap v1.18.1/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= go.uber.org/zap v1.23.0/go.mod h1:D+nX8jyLsMHMYrln8A0rJjFt/T/9/bGgIhAqxv5URuY= -go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60= go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg= +go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= +go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= gocloud.dev v0.28.0 h1:PjL1f9zu8epY1pFCIHdrQnJRZzRcDyAr18hNTkXIKlQ= gocloud.dev v0.28.0/go.mod h1:nzSs01FpRYyIb/OqXLNNa+NMPZG9CdTUY/pGLgSpIN0= golang.org/x/arch v0.8.0 h1:3wRIsP3pM4yUptoR96otTUOXI367OS0+c9eeRi9doIc= @@ -2191,8 +2191,8 @@ golang.org/x/crypto v0.0.0-20221012134737-56aed061732a/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= -golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= -golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= +golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30= +golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -2204,8 +2204,8 @@ golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= golang.org/x/exp v0.0.0-20221031165847-c99f073a8326/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= -golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8 h1:LoYXNGAShUG3m/ehNk4iFctuhGX/+R1ZpfJ4/ia80JM= -golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -2236,8 +2236,8 @@ golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= -golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0= -golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8= +golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -2323,8 +2323,8 @@ golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= -golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= +golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys= +golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -2354,8 +2354,8 @@ golang.org/x/oauth2 v0.0.0-20221006150949-b44042a4b9c1/go.mod h1:h4gKUeWbJ4rQPri golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= golang.org/x/oauth2 v0.1.0/go.mod h1:G9FE4dLTsbXUu90h/Pf85g4w1D+SSAgR+q46nJZ8M4A= golang.org/x/oauth2 v0.2.0/go.mod h1:Cwn6afJ8jrQwYMxQDTpISoXmXW9I6qF6vDeuuoX3Ibs= -golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo= -golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= +golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -2534,8 +2534,8 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= -golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= +golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -2546,8 +2546,8 @@ golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= -golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= -golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= +golang.org/x/term v0.22.0 h1:BbsgPEJULsl2fV/AT3v15Mjva5yXKQDyKf+TbDz7QJk= +golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -2662,8 +2662,8 @@ golang.org/x/tools v0.1.9/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU= golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= -golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA= -golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c= +golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg= +golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From 556f6b4e9fe515b79f05a7c0a510d7b95d462529 Mon Sep 17 00:00:00 2001 From: Ishan Arya Date: Wed, 24 Jul 2024 12:27:52 +0530 Subject: [PATCH 5/9] chore: add formating directive --- internal/api/v1beta1/user.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/api/v1beta1/user.go b/internal/api/v1beta1/user.go index 5097508fb..060d94509 100644 --- a/internal/api/v1beta1/user.go +++ b/internal/api/v1beta1/user.go @@ -119,7 +119,7 @@ func (h Handler) CreateUser(ctx context.Context, request *shieldv1beta1.CreateUs callerUser, err := h.userService.FetchCurrentUser(ctx) if err != nil { - logger.Error(fmt.Sprintf("error while fetching caller details: ", err.Error())) + logger.Error(fmt.Sprintf("error while fetching caller details: %s", err.Error())) switch { case errors.Is(err, user.ErrInvalidEmail): callerEmail, ok := user.GetEmailFromContext(ctx) From f09dd7c070f5bf9e208e97b79548bfb8bddb117e Mon Sep 17 00:00:00 2001 From: Ishan Arya Date: Wed, 24 Jul 2024 12:32:46 +0530 Subject: [PATCH 6/9] fix: err --- internal/api/v1beta1/user.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/api/v1beta1/user.go b/internal/api/v1beta1/user.go index 060d94509..941f5ddad 100644 --- a/internal/api/v1beta1/user.go +++ b/internal/api/v1beta1/user.go @@ -171,7 +171,7 @@ func (h Handler) CreateUser(ctx context.Context, request *shieldv1beta1.CreateUs newUser, err = h.createUser(ctx, request.GetBody().GetName(), email) if err != nil { logger.Error(err.Error()) - return nil, grpcInternalServerError + return nil, err } } From 22237cb400613004f01d11d3e350481ad250b2d5 Mon Sep 17 00:00:00 2001 From: Ishan Arya Date: Wed, 24 Jul 2024 12:34:13 +0530 Subject: [PATCH 7/9] chore: fmt --- internal/api/v1beta1/user.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/internal/api/v1beta1/user.go b/internal/api/v1beta1/user.go index 941f5ddad..cc4d71354 100644 --- a/internal/api/v1beta1/user.go +++ b/internal/api/v1beta1/user.go @@ -134,7 +134,6 @@ func (h Handler) CreateUser(ctx context.Context, request *shieldv1beta1.CreateUs haveEditPermission, key, err := h.checkIsWildcardEditable(ctx, metaDataMap) if err != nil { return nil, status.Error(codes.Internal, fmt.Sprintf("erro while updating %s key: %s", key, err.Error())) - } if !haveEditPermission { return nil, status.Error(codes.PermissionDenied, fmt.Sprintf("you are not authorized to update %s key", key)) @@ -615,7 +614,7 @@ func isValidEmail(email string) bool { } func (h Handler) checkIsWildcardEditable(ctx context.Context, metaDataMap metadata.Metadata) (bool, string, error) { - for k, _ := range metaDataMap { + for k := range metaDataMap { urn := servicedata.CreateURN(h.serviceDataConfig.DefaultServiceDataProject, k) key, err := h.serviceDataService.GetKeyByURN(ctx, urn) if err != nil { From 632be2bfa26ece9783c29cdcaff52ea18530c9f5 Mon Sep 17 00:00:00 2001 From: Ishan Arya Date: Tue, 20 Aug 2024 19:27:55 +0530 Subject: [PATCH 8/9] lint --- core/relation/service.go | 1 + 1 file changed, 1 insertion(+) diff --git a/core/relation/service.go b/core/relation/service.go index c249bd453..8d345c58a 100644 --- a/core/relation/service.go +++ b/core/relation/service.go @@ -152,6 +152,7 @@ func (s Service) CheckPermission(ctx context.Context, usr user.User, resourceNS func (s Service) BulkCheckPermission(ctx context.Context, rels []Relation, acts []action.Action) ([]Permission, error) { return s.authzRepository.BulkCheck(ctx, rels, acts) } + func (s Service) CheckIsPublic(ctx context.Context, resourceNS namespace.Namespace, resourceIdxa string, action action.Action) (bool, error) { return s.authzRepository.CheckIsPublic(ctx, Relation{ ObjectNamespace: resourceNS, From 66dc3287763b3466c47ad54512b27d96d304b333 Mon Sep 17 00:00:00 2001 From: Ishan Arya Date: Wed, 21 Aug 2024 09:47:19 +0530 Subject: [PATCH 9/9] fix: remove duplicate method declaration --- core/relation/service.go | 8 -------- 1 file changed, 8 deletions(-) diff --git a/core/relation/service.go b/core/relation/service.go index ddc205781..dd59f7c8a 100644 --- a/core/relation/service.go +++ b/core/relation/service.go @@ -161,14 +161,6 @@ func (s Service) BulkCheckPermission(ctx context.Context, rels []Relation, acts return s.authzRepository.BulkCheck(ctx, rels, acts) } -func (s Service) CheckIsPublic(ctx context.Context, resourceNS namespace.Namespace, resourceIdxa string, action action.Action) (bool, error) { - return s.authzRepository.CheckIsPublic(ctx, Relation{ - ObjectNamespace: resourceNS, - ObjectID: resourceIdxa, - SubjectNamespace: namespace.DefinitionUser, - }, action) -} - func (s Service) DeleteSubjectRelations(ctx context.Context, resourceType, optionalResourceID string) error { currentUser, err := s.userService.FetchCurrentUser(ctx) if err != nil {