Another pack of test

Author: hladush

cmd/heimdall/heimdall.go

@@ -29,7 +29,7 @@ var (
 
 func init() {
 
-	flag.StringVar(&configFile, `conf`, `/etc/heimdall/heimdall.yaml`, `config file`)
+	flag.StringVar(&configFile, `conf`, `/Users/ivanhladush/git/heimdall/configs/local.yaml`, `config file`)
 	flag.Parse()
 
 }

configs/local.yaml

@@ -1,4 +1,3 @@
-
 # database settings
 database:
   connection_string: "postgres://heimdall:heimdall@postgres:5432/heimdall?sslmode=disable"
@@ -8,14 +7,14 @@ pool:
   size: 5
   sleep: 500
 
-# plugins location
-plugin_directory: ./plugins
+# # plugins location
+# plugin_directory: ./plugins
 
-# auth plugin
-auth:
-  plugin: ./plugins/auth_header.so
-  context:
-    header: X-Heimdall-User
+# # auth plugin
+# auth:
+#   plugin: ./plugins/auth_header.so
+#   context:
+#     header: X-Heimdall-User
 
 # supported commands
 commands:
@@ -36,6 +35,34 @@ clusters:
     status: active
     version: 0.0.1
     description: Just a localhost
+    rbacs:
+      - trino
+      - trino2
     tags:
       - type:localhost
-      - data:local
+      - data:local
+
+rbacs:
+  - name: trino
+    type: apache_ranger
+    service_name: TrinoRanger
+    sync_interval_in_minutes: 1
+    client:
+      url: http://localhost:6080
+      username: admin
+      password: admin
+    parser:
+      type: trino
+      default_catalog: hive
+
+  - name: trino2
+    type: apache_ranger
+    service_name: TrinoRanger
+    sync_interval_in_minutes: 1
+    client:
+      url: http://localhost:6080
+      username: admin
+      password: 
+    parser:
+      type: trino
+      default_catalog: hive

internal/pkg/heimdall/heimdall.go

@@ -1,6 +1,7 @@
 package heimdall
 
 import (
+	"context"
 	"fmt"
 	"net/http"
 	"net/http/httputil"
@@ -20,6 +21,7 @@ import (
 	"github.com/patterninc/heimdall/pkg/object/command"
 	"github.com/patterninc/heimdall/pkg/object/job"
 	"github.com/patterninc/heimdall/pkg/plugin"
+	"github.com/patterninc/heimdall/pkg/rbac"
 )
 
 const (
@@ -42,6 +44,7 @@ type Heimdall struct {
 	Server           *server.Server       `yaml:"server,omitempty" json:"server,omitempty"`
 	Commands         command.Commands     `yaml:"commands,omitempty" json:"commands,omitempty"`
 	Clusters         cluster.Clusters     `yaml:"clusters,omitempty" json:"clusters,omitempty"`
+	RBACs            rbac.RBACs           `yaml:"rbacs,omitempty" json:"rbacs,omitempty"`
 	JobsDirectory    string               `yaml:"jobs_directory,omitempty" json:"jobs_directory,omitempty"`
 	ArchiveDirectory string               `yaml:"archive_directory,omitempty" json:"archive_directory,omitempty"`
 	ResultDirectory  string               `yaml:"result_directory,omitempty" json:"result_directory,omitempty"`
@@ -79,41 +82,48 @@ func (h *Heimdall) Init() error {
 	}
 	h.agentName = fmt.Sprintf("%s-%d", strings.ToLower(hostname), time.Now().UnixMicro())
 
-	// let's load all the plugins
-	plugins, err := h.loadPlugins()
-	if err != nil {
-		return err
-	}
+	// // let's load all the plugins
+	// plugins, err := h.loadPlugins()
+	// if err != nil {
+	// 	return err
+	// }
 
-	h.commandHandlers = make(map[string]plugin.Handler)
+	// h.commandHandlers = make(map[string]plugin.Handler)
 
 	// process commands / add default values if missing, write commands to db
-	for _, c := range h.Commands {
-
-		// set defaults for missing properties
-		if err := c.Init(); err != nil {
-			return err
-		}
-
-		// set command handlers
-		pluginNew, found := plugins[c.Plugin]
-		if !found {
-			return fmt.Errorf(formatErrUnknownPlugin, c.Plugin)
-		}
-
-		handler, err := pluginNew(c.Context)
-		if err != nil {
-			return err
-		}
-		h.commandHandlers[c.ID] = handler
-
-		// let's record command in the database
-		if err := h.commandUpsert(c); err != nil {
-			return err
+	// for _, c := range h.Commands {
+
+	// 	// set defaults for missing properties
+	// 	if err := c.Init(); err != nil {
+	// 		return err
+	// 	}
+
+	// 	// // set command handlers
+	// 	// pluginNew, found := plugins[c.Plugin]
+	// 	// if !found {
+	// 	// 	return fmt.Errorf(formatErrUnknownPlugin, c.Plugin)
+	// 	// }
+
+	// 	// handler, err := pluginNew(c.Context)
+	// 	// if err != nil {
+	// 	// 	return err
+	// 	// }
+	// 	// h.commandHandlers[c.ID] = handler
+
+	// 	// let's record command in the database
+	// 	if err := h.commandUpsert(c); err != nil {
+	// 		return err
+	// 	}
+
+	// }
+
+	rbacsByName := map[string]rbac.RBAC{}
+	for rbacName, r := range h.RBACs {
+		if err := r.Init(context.Background()); err != nil {
+			return fmt.Errorf("failed to init rbac %s: %w", rbacName, err)
 		}
-
+		rbacsByName[rbacName] = r
 	}
-
 	// process commands / add default values if missing, write commands to db
 	for _, c := range h.Clusters {
 
@@ -122,11 +132,19 @@ func (h *Heimdall) Init() error {
 			return err
 		}
 
-		// let's record command in the database
-		if err := h.clusterUpsert(c); err != nil {
-			return err
+		// // let's record command in the database
+		// if err := h.clusterUpsert(c); err != nil {
+		// 	return err
+		// }
+		if len(c.RBACNames) > 0 {
+			for _, rbacName := range c.RBACNames {
+				r, found := rbacsByName[rbacName]
+				if !found {
+					return fmt.Errorf("failed to find rbac %s for cluster %s", rbacName, c.Name)
+				}
+				c.RBACs = append(c.RBACs, r)
+			}
 		}
-
 	}
 
 	// start janitor

pkg/object/cluster/cluster.go

@@ -5,6 +5,7 @@ import (
 
 	"github.com/patterninc/heimdall/pkg/object"
 	"github.com/patterninc/heimdall/pkg/object/status"
+	"github.com/patterninc/heimdall/pkg/rbac"
 )
 
 var (
@@ -14,6 +15,8 @@ var (
 type Cluster struct {
 	object.Object `yaml:",inline" json:",inline"`
 	Status        status.Status `yaml:"status,omitempty" json:"status,omitempty"`
+	RBACNames     []string      `yaml:"rbacs,omitempty" json:"rbacs,omitempty"`
+	RBACs         []rbac.RBAC   `yaml:"-" json:"-"`
 }
 
 type Clusters map[string]*Cluster

pkg/rbac/ranger/client.go

@@ -9,6 +9,8 @@ import (
 	"net/http"
 	"strings"
 	"time"
+
+	"gopkg.in/yaml.v3"
 )
 
 const (
@@ -46,6 +48,32 @@ type getResponse struct {
 
 //go:generate go run github.com/vektra/mockery/v2@v2.53.4 --name=Client --output=./mocks --outpkg=mocks
 
+type ClientWrapper struct {
+	Client Client
+}
+
+func (aw *ClientWrapper) UnmarshalYAML(value *yaml.Node) error {
+	var cl client
+	if err := value.Decode(&cl); err != nil {
+		return err
+	}
+	aw.Client = &cl
+	cl.client = &http.Client{}
+	return nil
+}
+
+func (cw *ClientWrapper) GetUsers() (map[string]*User, error) {
+	return cw.Client.GetUsers()
+}
+
+func (cw *ClientWrapper) GetGroups() (map[string]*Group, error) {
+	return cw.Client.GetGroups()
+}
+
+func (cw *ClientWrapper) GetPolicies(serviceName string) ([]*Policy, error) {
+	return cw.Client.GetPolicies(serviceName)
+}
+
 type Client interface {
 	GetUsers() (map[string]*User, error)
 	GetGroups() (map[string]*Group, error)

pkg/rbac/ranger/policy.go

@@ -150,7 +150,6 @@ func (p *Policy) controlTableAccess(a *parser.TableAccess) bool {
 				continue
 			}
 		}
-
 		return true
 	}
 	return false

pkg/rbac/ranger/ranger.go

@@ -10,12 +10,18 @@ import (
 )
 
 type ApacheRanger struct {
-	Name                  string `yaml:"name,omitempty" json:"name,omitempty"`
-	ServiceName           string `yaml:"service_name,omitempty" json:"service_name,omitempty"`
-	Client                Client
-	SyncIntervalInMinutes int `yaml:"sync_interval_in_minutes,omitempty" json:"sync_interval_in_minutes,omitempty"`
+	Name                  string        `yaml:"name,omitempty" json:"name,omitempty"`
+	ServiceName           string        `yaml:"service_name,omitempty" json:"service_name,omitempty"`
+	Client                ClientWrapper `yaml:"client,omitempty" json:"client,omitempty"`
+	SyncIntervalInMinutes int           `yaml:"sync_interval_in_minutes,omitempty" json:"sync_interval_in_minutes,omitempty"`
 	AccessReceiver        parser.AccessReceiver
 	permitionsByUser      map[string]*UserPermitions
+	Parser                ParserConfig `yaml:"parser,omitempty" json:"parser,omitempty"`
+}
+
+type ParserConfig struct {
+	Type           string `yaml:"type,omitempty" json:"type,omitempty"`
+	DefaultCatalog string `yaml:"default_catalog,omitempty" json:"default_catalog,omitempty"`
 }
 
 type PermitionStatus int
@@ -98,3 +104,7 @@ func (ar *ApacheRanger) startSyncPolicies(ctx context.Context) {
 		}
 	}()
 }
+
+func (r *ApacheRanger) GetName() string {
+	return r.Name
+}

pkg/rbac/rbac.go

@@ -2,9 +2,79 @@ package rbac
 
 import (
 	"context"
+	"errors"
+	"fmt"
+
+	"github.com/patterninc/heimdall/pkg/rbac/ranger"
+	parserFactory "github.com/patterninc/heimdall/pkg/sql/parser/factory"
+	"gopkg.in/yaml.v3"
+)
+
+var (
+	ErrRBACIDsAreNotUnique = errors.New("rbac IDs are not unique")
 )
 
 type RBAC interface {
 	Init(ctx context.Context) error
 	HasAccess(user string, query string) (bool, error)
+	GetName() string
+}
+
+type RBACs map[string]RBAC
+
+func (c *RBACs) UnmarshalYAML(unmarshal func(interface{}) error) error {
+
+	var temp RBACConfig
+
+	if err := unmarshal(&temp); err != nil {
+		return err
+	}
+
+	items := make(map[string]RBAC)
+
+	for _, t := range temp.RBAC {
+		items[t.GetName()] = t
+	}
+
+	if len(temp.RBAC) != len(items) {
+		return ErrRBACIDsAreNotUnique
+	}
+
+	*c = items
+
+	return nil
+
+}
+
+type RBACConfig struct {
+	RBAC []RBAC
+}
+
+// Implements custom unmarshaling based on `type` field in YAML
+func (c *RBACConfig) UnmarshalYAML(value *yaml.Node) error {
+	for _, value := range value.Content {
+		var probe struct {
+			Type string `yaml:"type"`
+		}
+		if err := value.Decode(&probe); err != nil {
+			return err
+		}
+
+		switch probe.Type {
+		case "apache_ranger":
+			var r ranger.ApacheRanger
+			if err := value.Decode(&r); err != nil {
+				return err
+			}
+			c.RBAC = append(c.RBAC, &r)
+			parser, err := parserFactory.CreateParserByType(r.Parser.Type, r.Parser.DefaultCatalog)
+			if err != nil {
+				return err
+			}
+			r.AccessReceiver = parser
+		default:
+			return fmt.Errorf("unknown RBAC type: %s", probe.Type)
+		}
+	}
+	return nil
 }

pkg/sql/parser/factory/factory.go

@@ -0,0 +1,17 @@
+package factory
+
+import (
+	"fmt"
+
+	"github.com/patterninc/heimdall/pkg/sql/parser"
+	"github.com/patterninc/heimdall/pkg/sql/parser/trino"
+)
+
+func CreateParserByType(typ string, defaultCatalog string) (parser.AccessReceiver, error) {
+	switch typ {
+	case "trino":
+		return trino.NewTrinoAccessReceiver(defaultCatalog), nil
+	default:
+		return nil, fmt.Errorf("unknown parser type: %s", typ)
+	}
+}