From 374a8888e2c289bfeb470ca8794a857b4281e7d4 Mon Sep 17 00:00:00 2001 From: Kush <3647166+kushsharma@users.noreply.github.com> Date: Sun, 17 Sep 2023 09:11:35 +0530 Subject: [PATCH] feat(frontier): list project permissions with project (#306) Signed-off-by: Kush Sharma --- raystack/frontier/v1beta1/frontier.proto | 99 ++++++++++++++++++------ 1 file changed, 77 insertions(+), 22 deletions(-) diff --git a/raystack/frontier/v1beta1/frontier.proto b/raystack/frontier/v1beta1/frontier.proto index ea46d459..ce3279a7 100644 --- a/raystack/frontier/v1beta1/frontier.proto +++ b/raystack/frontier/v1beta1/frontier.proto @@ -242,7 +242,7 @@ service FrontierService { }; } - rpc GetOrganizationsByUser(GetOrganizationsByUserRequest) returns (GetOrganizationsByUserResponse) { + rpc ListOrganizationsByUser(ListOrganizationsByUserRequest) returns (ListOrganizationsByUserResponse) { option (google.api.http) = {get: "/v1beta1/users/{id}/organizations"}; option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { tags: "User"; @@ -251,7 +251,7 @@ service FrontierService { }; } - rpc GetOrganizationsByCurrentUser(GetOrganizationsByCurrentUserRequest) returns (GetOrganizationsByCurrentUserResponse) { + rpc ListOrganizationsByCurrentUser(ListOrganizationsByCurrentUserRequest) returns (ListOrganizationsByCurrentUserResponse) { option (google.api.http) = {get: "/v1beta1/users/self/organizations"}; option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { tags: "User"; @@ -260,7 +260,7 @@ service FrontierService { }; } - rpc GetProjectsByUser(GetProjectsByUserRequest) returns (GetProjectsByUserResponse) { + rpc ListProjectsByUser(ListProjectsByUserRequest) returns (ListProjectsByUserResponse) { option (google.api.http) = {get: "/v1beta1/users/{id}/projects"}; option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { tags: "User"; @@ -269,7 +269,7 @@ service FrontierService { }; } - rpc GetProjectsByCurrentUser(GetProjectsByCurrentUserRequest) returns (GetProjectsByCurrentUserResponse) { + rpc ListProjectsByCurrentUser(ListProjectsByCurrentUserRequest) returns (ListProjectsByCurrentUserResponse) { option (google.api.http) = {get: "/v1beta1/users/self/projects"}; option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { tags: "User"; @@ -850,6 +850,15 @@ service FrontierService { }; } + rpc ListProjectServiceUsers(ListProjectServiceUsersRequest) returns (ListProjectServiceUsersResponse) { + option (google.api.http) = {get: "/v1beta1/projects/{id}/serviceusers"}; + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "Project"; + summary: "List project serviceusers" + description: "Returns a collection of users of a project. Filter by user permissions is supported."; + }; + } + rpc EnableProject(EnableProjectRequest) returns (EnableProjectResponse) { option (google.api.http) = { post: "/v1beta1/projects/{id}/enable", @@ -1484,34 +1493,48 @@ message CreateUserResponse { User user = 1; } -message GetOrganizationsByUserRequest { +message ListOrganizationsByUserRequest { string id = 1; } -message GetOrganizationsByUserResponse { +message ListOrganizationsByUserResponse { repeated Organization organizations = 1; repeated Organization joinable_via_domain = 2; } -message GetOrganizationsByCurrentUserRequest {} +message ListOrganizationsByCurrentUserRequest {} -message GetOrganizationsByCurrentUserResponse { +message ListOrganizationsByCurrentUserResponse { repeated Organization organizations = 1; repeated Organization joinable_via_domain = 2; } -message GetProjectsByUserRequest { +message ListProjectsByUserRequest { string id = 1; } -message GetProjectsByUserResponse { +message ListProjectsByUserResponse { repeated Project projects = 1; } -message GetProjectsByCurrentUserRequest {} +message ListProjectsByCurrentUserRequest { + // org_id is optional and filter projects by org + string org_id = 1; + + // list of permissions needs to be checked against each project + // query params are set as with_permissions=get&with_permissions=delete + // to be represented as array + repeated string with_permissions = 2; +} -message GetProjectsByCurrentUserResponse { +message ListProjectsByCurrentUserResponse { repeated Project projects = 1; + + message AccessPair { + string project_id = 1; + repeated string permissions = 2; + } + repeated AccessPair access_pairs = 2; } message EnableUserRequest { @@ -1560,10 +1583,21 @@ message GetUserRequest { string id = 1; } -message ListCurrentUserGroupsRequest {} +message ListCurrentUserGroupsRequest { + // org_id is optional filter over an organization + string org_id = 1; + + repeated string with_permissions = 2; +} message ListCurrentUserGroupsResponse { repeated Group groups = 1; + + message AccessPair { + string group_id = 1; + repeated string permissions = 2; + } + repeated AccessPair access_pairs = 2; } message ListUserGroupsRequest { @@ -2100,10 +2134,33 @@ message ListProjectAdminsResponse { message ListProjectUsersRequest { string id = 1 [(validate.rules).string.min_len = 3]; string permission_filter = 2; + + bool with_roles = 3; } message ListProjectUsersResponse { repeated User users = 1; + + message RolePair { + string user_id = 1; + repeated Role roles = 2; + } + repeated RolePair role_pairs = 2; +} + +message ListProjectServiceUsersRequest { + string id = 1 [(validate.rules).string.min_len = 3]; + bool with_roles = 3; +} + +message ListProjectServiceUsersResponse { + repeated ServiceUser serviceusers = 1; + + message RolePair { + string serviceuser_id = 1; + repeated Role roles = 2; + } + repeated RolePair role_pairs = 2; } message EnableProjectRequest { @@ -2290,19 +2347,17 @@ message ListGroupUsersRequest { string id = 1; string org_id = 2; - // list of permissions needs to be checked against each member - // of the group as principal and group as subject - repeated string with_member_permissions = 3; + bool with_roles = 3; } message ListGroupUsersResponse { repeated User users = 1; - message AccessPair { + message RolePair { string user_id = 1; - repeated string permissions = 2; + repeated Role roles = 2; } - repeated AccessPair access_pairs = 2; + repeated RolePair role_pairs = 2; } message EnableGroupRequest { @@ -2431,8 +2486,8 @@ message CheckResourcePermissionRequest { ]; string permission = 3 [ (google.api.field_behavior) = REQUIRED, - (validate.rules).string.pattern = "^[A-Za-z0-9_-]+$", - (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {description: "the permission name to check.
*Example:* `get` or `list`"} + (validate.rules).string.pattern = "^[A-Za-z0-9._-]+$", + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {description: "the permission name to check.
*Example:* `get`, `list`, `compute.instance.create`"} ]; string resource = 4 [(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {description: "`namespace:uuid` or `namespace:name` of the org or project, and `namespace:urn` of a resource under a project. In case of an org/project either provide the complete namespace (app/organization) or Frontier can also parse aliases for the same as `org` or `project`.
*Example:* `organization:92f69c3a-334b-4f25-90b8-4d4f3be6b825` or `app/project:project-name` or `compute/instance:92f69c3a-334b-4f25-90b8-4d4f3be6b825`"}]; } @@ -2450,7 +2505,7 @@ message BatchCheckPermissionRequest { message BatchCheckPermissionBody { string permission = 1 [ (google.api.field_behavior) = REQUIRED, - (validate.rules).string.pattern = "^[A-Za-z0-9_-]+$", + (validate.rules).string.pattern = "^[A-Za-z0-9._-]+$", (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {description: "the permission name to check.
*Example:* `get` or `list`"} ]; string resource = 2 [(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {description: "`namespace:uuid` or `namespace:name` of the org or project, and `namespace:urn` of a resource under a project. In case of an org/project either provide the complete namespace (app/organization) or Frontier can also parse aliases for the same as `org` or `project`.
*Example:* `organization:92f69c3a-334b-4f25-90b8-4d4f3be6b825` or `app/project:project-name` or `compute/instance:92f69c3a-334b-4f25-90b8-4d4f3be6b825`"}];