From dc33636f2a607d48f927ff0350880ce316ca8f71 Mon Sep 17 00:00:00 2001 From: Krishna Miriyala Date: Thu, 8 Feb 2024 16:37:42 -0800 Subject: [PATCH] Add context less authorizer for non-prod usecases --- docs/DOCUMENTATION.md | 62 +++++++++++++++++++++ go.mod | 4 +- go.sum | 4 +- pkg/authorizer/context_less_authorizer.go | 68 +++++++++++++++++++++++ 4 files changed, 134 insertions(+), 4 deletions(-) create mode 100644 pkg/authorizer/context_less_authorizer.go diff --git a/docs/DOCUMENTATION.md b/docs/DOCUMENTATION.md index 348f419..a4458fb 100755 --- a/docs/DOCUMENTATION.md +++ b/docs/DOCUMENTATION.md @@ -17,6 +17,12 @@ import "github.com/vmware-labs/multi-tenant-persistence-for-saas/pkg/authorizer" - [Constants](<#constants>) - [type Authorizer](<#Authorizer>) - [type ContextKey](<#ContextKey>) +- [type ContextLessAuthorizer](<#ContextLessAuthorizer>) + - [func \(s \*ContextLessAuthorizer\) Configure\(tableName string, roleMapping map\[string\]dbrole.DbRole\)](<#ContextLessAuthorizer.Configure>) + - [func \(s \*ContextLessAuthorizer\) GetAuthContext\(orgId string, roles ...string\) context.Context](<#ContextLessAuthorizer.GetAuthContext>) + - [func \(s \*ContextLessAuthorizer\) GetDefaultOrgAdminContext\(\) context.Context](<#ContextLessAuthorizer.GetDefaultOrgAdminContext>) + - [func \(s \*ContextLessAuthorizer\) GetMatchingDbRole\(\_ context.Context, tableNames ...string\) \(dbrole.DbRole, error\)](<#ContextLessAuthorizer.GetMatchingDbRole>) + - [func \(s \*ContextLessAuthorizer\) GetOrgFromContext\(\_ context.Context\) \(string, error\)](<#ContextLessAuthorizer.GetOrgFromContext>) - [type Instancer](<#Instancer>) - [type MetadataBasedAuthorizer](<#MetadataBasedAuthorizer>) - [func \(s \*MetadataBasedAuthorizer\) Configure\(tableName string, roleMapping map\[string\]dbrole.DbRole\)](<#MetadataBasedAuthorizer.Configure>) @@ -93,6 +99,62 @@ type Authorizer interface { type ContextKey string ``` + +## type [ContextLessAuthorizer]() + + + +```go +type ContextLessAuthorizer struct { + // contains filtered or unexported fields +} +``` + + +### func \(\*ContextLessAuthorizer\) [Configure]() + +```go +func (s *ContextLessAuthorizer) Configure(tableName string, roleMapping map[string]dbrole.DbRole) +``` + + + + +### func \(\*ContextLessAuthorizer\) [GetAuthContext]() + +```go +func (s *ContextLessAuthorizer) GetAuthContext(orgId string, roles ...string) context.Context +``` + + + + +### func \(\*ContextLessAuthorizer\) [GetDefaultOrgAdminContext]() + +```go +func (s *ContextLessAuthorizer) GetDefaultOrgAdminContext() context.Context +``` + + + + +### func \(\*ContextLessAuthorizer\) [GetMatchingDbRole]() + +```go +func (s *ContextLessAuthorizer) GetMatchingDbRole(_ context.Context, tableNames ...string) (dbrole.DbRole, error) +``` + + + + +### func \(\*ContextLessAuthorizer\) [GetOrgFromContext]() + +```go +func (s *ContextLessAuthorizer) GetOrgFromContext(_ context.Context) (string, error) +``` + + + ## type [Instancer]() diff --git a/go.mod b/go.mod index d6c18b7..4f8c703 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( google.golang.org/grpc v1.61.0 google.golang.org/protobuf v1.32.0 gorm.io/driver/postgres v1.5.5 - gorm.io/gorm v1.25.5 + gorm.io/gorm v1.25.7 ) require ( @@ -33,4 +33,4 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect ) -replace gorm.io/gorm => github.com/go-gorm/gorm v1.25.4 +replace gorm.io/gorm => github.com/go-gorm/gorm v1.25.7 diff --git a/go.sum b/go.sum index fc45c9a..8a86d32 100644 --- a/go.sum +++ b/go.sum @@ -6,8 +6,8 @@ github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ3 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/go-gorm/gorm v1.25.4 h1:Cuta7ou119zvPMC2aNImEVoTo7d4rWrkepCSiPks0eo= -github.com/go-gorm/gorm v1.25.4/go.mod h1:L4uxeKpfBml98NYqVqwAdmV1a2nBtAec/cf3fpucW/k= +github.com/go-gorm/gorm v1.25.7 h1:2SZNwgnwrUyi4ex5o29kXKr6Z5KmWf0n2oYf1gxfFAE= +github.com/go-gorm/gorm v1.25.7/go.mod h1:hbnx/Oo0ChWMn1BIhpy1oYozzpM15i4YPuHDmfYtwg8= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= diff --git a/pkg/authorizer/context_less_authorizer.go b/pkg/authorizer/context_less_authorizer.go new file mode 100644 index 0000000..113f655 --- /dev/null +++ b/pkg/authorizer/context_less_authorizer.go @@ -0,0 +1,68 @@ +// Copyright 2023 VMware, Inc. +// Licensed to VMware, Inc. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. VMware, Inc. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package authorizer + +import ( + "context" + + "github.com/vmware-labs/multi-tenant-persistence-for-saas/pkg/dbrole" +) + +type ContextLessAuthorizer struct { + roleMapping map[string]map[string]dbrole.DbRole // Maps DB table to its service roles and matching DB roles +} + +func (s *ContextLessAuthorizer) GetOrgFromContext(_ context.Context) (string, error) { + return GLOBAL_DEFAULT_ORG_ID, nil +} + +func (s *ContextLessAuthorizer) GetMatchingDbRole(_ context.Context, tableNames ...string) (dbrole.DbRole, error) { + // Use roleMapping if configured + if s.roleMapping != nil { + allTableRoles := make([]dbrole.DbRole, 0) + for _, tableName := range tableNames { + dbRoles := make([]dbrole.DbRole, 0) + for _, dbRole := range s.roleMapping[tableName] { + dbRoles = append(dbRoles, dbRole) + } + if len(dbRoles) > 0 { + allTableRoles = append(allTableRoles, dbrole.Max(dbRoles)) + } + } + if len(allTableRoles) > 0 { + return dbrole.Min(allTableRoles), nil + } + } + return dbrole.TENANT_READER, nil +} + +func (s *ContextLessAuthorizer) Configure(tableName string, roleMapping map[string]dbrole.DbRole) { + if s.roleMapping == nil { + s.roleMapping = make(map[string]map[string]dbrole.DbRole) + } + s.roleMapping[tableName] = roleMapping +} + +func (s *ContextLessAuthorizer) GetAuthContext(orgId string, roles ...string) context.Context { + return nil +} + +func (s *ContextLessAuthorizer) GetDefaultOrgAdminContext() context.Context { + return nil +}