Add context less authorizer for non-prod usecases

vmware-labs · Feb 12, 2024 · dc33636 · dc33636
1 parent 3c9d2d1
commit dc33636
Show file tree

Hide file tree

Showing 4 changed files with 134 additions and 4 deletions.
diff --git a/docs/DOCUMENTATION.md b/docs/DOCUMENTATION.md
@@ -17,6 +17,12 @@ import "github.com/vmware-labs/multi-tenant-persistence-for-saas/pkg/authorizer"
 - [Constants](<#constants>)
 - [type Authorizer](<#Authorizer>)
 - [type ContextKey](<#ContextKey>)
+- [type ContextLessAuthorizer](<#ContextLessAuthorizer>)
+  - [func \(s \*ContextLessAuthorizer\) Configure\(tableName string, roleMapping map\[string\]dbrole.DbRole\)](<#ContextLessAuthorizer.Configure>)
+  - [func \(s \*ContextLessAuthorizer\) GetAuthContext\(orgId string, roles ...string\) context.Context](<#ContextLessAuthorizer.GetAuthContext>)
+  - [func \(s \*ContextLessAuthorizer\) GetDefaultOrgAdminContext\(\) context.Context](<#ContextLessAuthorizer.GetDefaultOrgAdminContext>)
+  - [func \(s \*ContextLessAuthorizer\) GetMatchingDbRole\(\_ context.Context, tableNames ...string\) \(dbrole.DbRole, error\)](<#ContextLessAuthorizer.GetMatchingDbRole>)
+  - [func \(s \*ContextLessAuthorizer\) GetOrgFromContext\(\_ context.Context\) \(string, error\)](<#ContextLessAuthorizer.GetOrgFromContext>)
 - [type Instancer](<#Instancer>)
 - [type MetadataBasedAuthorizer](<#MetadataBasedAuthorizer>)
   - [func \(s \*MetadataBasedAuthorizer\) Configure\(tableName string, roleMapping map\[string\]dbrole.DbRole\)](<#MetadataBasedAuthorizer.Configure>)
@@ -93,6 +99,62 @@ type Authorizer interface {
 type ContextKey string
 ```
 
+<a name="ContextLessAuthorizer"></a>
+## type [ContextLessAuthorizer](<https://github.com/vmware-labs/multi-tenant-persistence-for-saas/blob/main/pkg/authorizer/context_less_authorizer.go#L27-L29>)
+
+
+
+```go
+type ContextLessAuthorizer struct {
+    // contains filtered or unexported fields
+}
+```
+
+<a name="ContextLessAuthorizer.Configure"></a>
+### func \(\*ContextLessAuthorizer\) [Configure](<https://github.com/vmware-labs/multi-tenant-persistence-for-saas/blob/main/pkg/authorizer/context_less_authorizer.go#L55>)
+
+```go
+func (s *ContextLessAuthorizer) Configure(tableName string, roleMapping map[string]dbrole.DbRole)
+```
+
+
+
+<a name="ContextLessAuthorizer.GetAuthContext"></a>
+### func \(\*ContextLessAuthorizer\) [GetAuthContext](<https://github.com/vmware-labs/multi-tenant-persistence-for-saas/blob/main/pkg/authorizer/context_less_authorizer.go#L62>)
+
+```go
+func (s *ContextLessAuthorizer) GetAuthContext(orgId string, roles ...string) context.Context
+```
+
+
+
+<a name="ContextLessAuthorizer.GetDefaultOrgAdminContext"></a>
+### func \(\*ContextLessAuthorizer\) [GetDefaultOrgAdminContext](<https://github.com/vmware-labs/multi-tenant-persistence-for-saas/blob/main/pkg/authorizer/context_less_authorizer.go#L66>)
+
+```go
+func (s *ContextLessAuthorizer) GetDefaultOrgAdminContext() context.Context
+```
+
+
+
+<a name="ContextLessAuthorizer.GetMatchingDbRole"></a>
+### func \(\*ContextLessAuthorizer\) [GetMatchingDbRole](<https://github.com/vmware-labs/multi-tenant-persistence-for-saas/blob/main/pkg/authorizer/context_less_authorizer.go#L35>)
+
+```go
+func (s *ContextLessAuthorizer) GetMatchingDbRole(_ context.Context, tableNames ...string) (dbrole.DbRole, error)
+```
+
+
+
+<a name="ContextLessAuthorizer.GetOrgFromContext"></a>
+### func \(\*ContextLessAuthorizer\) [GetOrgFromContext](<https://github.com/vmware-labs/multi-tenant-persistence-for-saas/blob/main/pkg/authorizer/context_less_authorizer.go#L31>)
+
+```go
+func (s *ContextLessAuthorizer) GetOrgFromContext(_ context.Context) (string, error)
+```
+
+
+
 <a name="Instancer"></a>
 ## type [Instancer](<https://github.com/vmware-labs/multi-tenant-persistence-for-saas/blob/main/pkg/authorizer/instancer.go#L16-L19>)
 

diff --git a/go.mod b/go.mod
@@ -13,7 +13,7 @@ require (
 	google.golang.org/grpc v1.61.0
 	google.golang.org/protobuf v1.32.0
 	gorm.io/driver/postgres v1.5.5
-	gorm.io/gorm v1.25.5
+	gorm.io/gorm v1.25.7
 )
 
 require (
@@ -33,4 +33,4 @@ require (
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
 
-replace gorm.io/gorm => github.com/go-gorm/gorm v1.25.4
+replace gorm.io/gorm => github.com/go-gorm/gorm v1.25.7
diff --git a/go.sum b/go.sum
@@ -6,8 +6,8 @@ github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ3
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/go-gorm/gorm v1.25.4 h1:Cuta7ou119zvPMC2aNImEVoTo7d4rWrkepCSiPks0eo=
-github.com/go-gorm/gorm v1.25.4/go.mod h1:L4uxeKpfBml98NYqVqwAdmV1a2nBtAec/cf3fpucW/k=
+github.com/go-gorm/gorm v1.25.7 h1:2SZNwgnwrUyi4ex5o29kXKr6Z5KmWf0n2oYf1gxfFAE=
+github.com/go-gorm/gorm v1.25.7/go.mod h1:hbnx/Oo0ChWMn1BIhpy1oYozzpM15i4YPuHDmfYtwg8=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
 github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=

diff --git a/pkg/authorizer/context_less_authorizer.go b/pkg/authorizer/context_less_authorizer.go
@@ -0,0 +1,68 @@
+// Copyright 2023 VMware, Inc.
+// Licensed to VMware, Inc. under one or more contributor
+// license agreements. See the NOTICE file distributed with
+// this work for additional information regarding copyright
+// ownership. VMware, Inc. licenses this file to you under
+// the Apache License, Version 2.0 (the "License"); you may
+// not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package authorizer
+
+import (
+	"context"
+
+	"github.com/vmware-labs/multi-tenant-persistence-for-saas/pkg/dbrole"
+)
+
+type ContextLessAuthorizer struct {
+	roleMapping map[string]map[string]dbrole.DbRole // Maps DB table to its service roles and matching DB roles
+}
+
+func (s *ContextLessAuthorizer) GetOrgFromContext(_ context.Context) (string, error) {
+	return GLOBAL_DEFAULT_ORG_ID, nil
+}
+
+func (s *ContextLessAuthorizer) GetMatchingDbRole(_ context.Context, tableNames ...string) (dbrole.DbRole, error) {
+	// Use roleMapping if configured
+	if s.roleMapping != nil {
+		allTableRoles := make([]dbrole.DbRole, 0)
+		for _, tableName := range tableNames {
+			dbRoles := make([]dbrole.DbRole, 0)
+			for _, dbRole := range s.roleMapping[tableName] {
+				dbRoles = append(dbRoles, dbRole)
+			}
+			if len(dbRoles) > 0 {
+				allTableRoles = append(allTableRoles, dbrole.Max(dbRoles))
+			}
+		}
+		if len(allTableRoles) > 0 {
+			return dbrole.Min(allTableRoles), nil
+		}
+	}
+	return dbrole.TENANT_READER, nil
+}
+
+func (s *ContextLessAuthorizer) Configure(tableName string, roleMapping map[string]dbrole.DbRole) {
+	if s.roleMapping == nil {
+		s.roleMapping = make(map[string]map[string]dbrole.DbRole)
+	}
+	s.roleMapping[tableName] = roleMapping
+}
+
+func (s *ContextLessAuthorizer) GetAuthContext(orgId string, roles ...string) context.Context {
+	return nil
+}
+
+func (s *ContextLessAuthorizer) GetDefaultOrgAdminContext() context.Context {
+	return nil
+}