Skip to content

Commit 9db0b09

Browse files
byashimovbyashimov
committed
feat: add Permissions map
Contributes to NEX-2265. Adds `Permissions()` function that returns the most granular permissions list required for an OperationID. "Granular" means avoiding "composite" roles like operator or developer where possible. While these roles include most permissions, they undermine the goal of having precise control over resources.
1 parent 5033238 commit 9db0b09

42 files changed

Lines changed: 618 additions & 636 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

generator/permissions.go

Lines changed: 50 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,8 @@
33
package main
44

55
import (
6+
"bytes"
7+
"fmt"
68
"os"
79

810
"gopkg.in/yaml.v3"
@@ -11,15 +13,61 @@ import (
1113
// readPermissions reads PermissionsFile
1214
// Returns map[OperationID][]Permission
1315
func readPermissions(cfg *envConfig) (map[string][]string, error) {
14-
b, err := os.ReadFile(cfg.PermissionsFile)
16+
var config map[string][]string
17+
err := readYamlFile(cfg.ConfigFile, &config)
1518
if err != nil {
1619
return nil, err
1720
}
1821

1922
var permissions map[string][]string
20-
err = yaml.Unmarshal(b, &permissions)
23+
err = readYamlFile(cfg.PermissionsFile, &permissions)
2124
if err != nil {
2225
return nil, err
2326
}
27+
28+
operationIDs := make(map[string]bool)
29+
for _, list := range config {
30+
for _, k := range list {
31+
operationIDs[k] = true
32+
}
33+
}
34+
35+
for k, v := range permissions {
36+
if !operationIDs[k] {
37+
delete(permissions, k)
38+
continue
39+
}
40+
41+
permissions[k] = v
42+
if len(v) == 0 {
43+
delete(permissions, k)
44+
}
45+
}
46+
47+
// Write permissions back to file
48+
var buffer bytes.Buffer
49+
encoder := yaml.NewEncoder(&buffer)
50+
encoder.SetIndent(yamlTabSize)
51+
err = encoder.Encode(&permissions)
52+
if err != nil {
53+
return nil, err
54+
}
55+
err = os.WriteFile(cfg.PermissionsFile, buffer.Bytes(), writeMode)
56+
if err != nil {
57+
return nil, err
58+
}
59+
2460
return permissions, nil
2561
}
62+
63+
func readYamlFile(path string, out any) error {
64+
b, err := os.ReadFile(path)
65+
if err != nil {
66+
return err
67+
}
68+
err = yaml.Unmarshal(b, out)
69+
if err != nil {
70+
return fmt.Errorf("error parsing yaml file %q: %v", path, err)
71+
}
72+
return nil
73+
}

go.mod

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,8 @@ require (
2222
github.com/mattn/go-colorable v0.1.13 // indirect
2323
github.com/mattn/go-isatty v0.0.20 // indirect
2424
github.com/pmezard/go-difflib v1.0.0 // indirect
25+
github.com/samber/lo v1.52.0 // indirect
2526
github.com/stretchr/objx v0.5.2 // indirect
2627
golang.org/x/sys v0.21.0 // indirect
28+
golang.org/x/text v0.22.0 // indirect
2729
)

go.sum

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,8 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN
3535
github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0=
3636
github.com/rs/zerolog v1.34.0 h1:k43nTLIwcTVQAncfCw4KZ2VY6ukYoZaBPNOE8txlOeY=
3737
github.com/rs/zerolog v1.34.0/go.mod h1:bJsvje4Z08ROH4Nhs5iH600c3IkWhwp44iRc54W6wYQ=
38+
github.com/samber/lo v1.52.0 h1:Rvi+3BFHES3A8meP33VPAxiBZX/Aws5RxrschYGjomw=
39+
github.com/samber/lo v1.52.0/go.mod h1:4+MXEGsJzbKGaUEQFKBq2xtfuznW9oz/WrgyzMzRoM0=
3840
github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
3941
github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
4042
github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
@@ -46,6 +48,8 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
4648
golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
4749
golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
4850
golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
51+
golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
52+
golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
4953
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
5054
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
5155
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=

handler/account/account.go

Lines changed: 0 additions & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

handler/accountauthentication/accountauthentication.go

Lines changed: 5 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

handler/alloydbomni/alloydbomni.go

Lines changed: 3 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

handler/applicationuser/applicationuser.go

Lines changed: 8 additions & 7 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

handler/billinggroup/billinggroup.go

Lines changed: 7 additions & 13 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)