More fixes

Author: hladush

internal/pkg/heimdall/heimdall.go

@@ -1,7 +1,6 @@
 package heimdall
 
 import (
-	"context"
 	"fmt"
 	"net/http"
 	"net/http/httputil"
@@ -119,7 +118,7 @@ func (h *Heimdall) Init() error {
 
 	rbacsByName := map[string]rbac.RBAC{}
 	for rbacName, r := range h.RBACs {
-		if err := r.Init(context.Background()); err != nil {
+		if err := r.Init(); err != nil {
 			return fmt.Errorf("failed to init rbac %s: %w", rbacName, err)
 		}
 		rbacsByName[rbacName] = r

pkg/rbac/ranger/client.go

@@ -9,8 +9,6 @@ import (
 	"net/http"
 	"strings"
 	"time"
-
-	"gopkg.in/yaml.v3"
 )
 
 const (
@@ -24,29 +22,6 @@ type Client interface {
 	GetPolicies(serviceName string) ([]*Policy, error)
 }
 
-type ClientWrapper struct {
-	Client Client
-}
-
-func (aw *ClientWrapper) UnmarshalYAML(value *yaml.Node) error {
-	var cl client
-	if err := value.Decode(&cl); err != nil {
-		return err
-	}
-	aw.Client = &cl
-	cl.client = &http.Client{}
-	return nil
-}
-
-func (cw *ClientWrapper) GetUsers() (map[string]*User, error) {
-	return cw.Client.GetUsers()
-}
-
-
-func (cw *ClientWrapper) GetPolicies(serviceName string) ([]*Policy, error) {
-	return cw.Client.GetPolicies(serviceName)
-}
-
 type User struct {
 	ID            int64    `json:"id,omitempty"`
 	Name          string   `json:"name,omitempty"`

pkg/rbac/ranger/ranger.go

@@ -2,41 +2,57 @@ package ranger
 
 import (
 	"context"
+	"errors"
 	"log"
 	"strings"
 	"time"
 
+	"gopkg.in/yaml.v3"
+
 	"github.com/patterninc/heimdall/pkg/sql/parser"
+	"github.com/patterninc/heimdall/pkg/sql/parser/factory"
+)
+
+var (
+	ErrRangerClientConfigIsRequired         = errors.New("ranger client_config is required")
+	ErrRangerParserConfigIsRequired         = errors.New("ranger parser_config is required")
+	ErrRangerParserTypeIsRequired           = errors.New("ranger parser_config.type is required")
+	ErrRangerParserDefaultCatalogIsRequired = errors.New("ranger parser_config.default_catalog is required")
+	ErrRangerUnsupportedParserType          = errors.New("unsupported ranger parser_config.type. supported types: trino")
 )
 
-// only private
-// add links
 type Ranger struct {
-	Name                  string                `yaml:"name,omitempty" json:"name,omitempty"`
-	ServiceName           string                `yaml:"service_name,omitempty" json:"service_name,omitempty"`
-	Client                *ClientWrapper        `yaml:"client,omitempty" json:"client,omitempty"`
+	Name                  string `yaml:"name,omitempty" json:"name,omitempty"`
+	ServiceName           string `yaml:"service_name,omitempty" json:"service_name,omitempty"`
+	Client                Client
 	SyncIntervalInMinutes int                   `yaml:"sync_interval_in_minutes,omitempty" json:"sync_interval_in_minutes,omitempty"`
 	AccessReceiver        parser.AccessReceiver `yaml:"parser,omitempty" json:"parser,omitempty"`
-	permissionsByUser     map[string]*UserPermissions
+	permissionsByUser     map[string]*userPermissions
 }
 
-type ParserConfig struct {
+type parserConfig struct {
 	Type           string `yaml:"type,omitempty" json:"type,omitempty"`
 	DefaultCatalog string `yaml:"default_catalog,omitempty" json:"default_catalog,omitempty"`
 }
 
-type UserPermissions struct {
-	AllowPolicies map[parser.Action][]*Policy // todo AllowPolicies
+type clientConfig struct {
+	Endpoint string `yaml:"endpoint,omitempty" json:"endpoint,omitempty"`
+	Username string `yaml:"username,omitempty" json:"username,omitempty"`
+	Password string `yaml:"password,omitempty" json:"password,omitempty"`
+}
+
+type userPermissions struct {
+	AllowPolicies map[parser.Action][]*Policy
 	DenyPolicies  map[parser.Action][]*Policy
 }
 
-func (r *Ranger) Init(ctx context.Context) error {
+func (r *Ranger) Init() error {
 	// first time lets sync state explicitly
 	if err := r.SyncState(); err != nil {
 		return err
 	}
 	go func() {
-		ctx, cancel := context.WithCancel(ctx)
+		ctx, cancel := context.WithCancel(context.Background())
 		defer cancel()
 
 		ticker := time.NewTicker(time.Duration(r.SyncIntervalInMinutes) * time.Minute)
@@ -115,7 +131,7 @@ func (r *Ranger) SyncState() error {
 		}
 	}
 
-	newPermissionsByUser := map[string]*UserPermissions{}
+	newPermissionsByUser := map[string]*userPermissions{}
 	for _, policy := range policies {
 		if !policy.IsEnabled {
 			continue
@@ -133,7 +149,7 @@ func (r *Ranger) SyncState() error {
 		controlledActions := policy.getControlledActions(usersByGroup)
 		for userName, actions := range controlledActions.allowedActionsByUser {
 			if _, ok := newPermissionsByUser[userName]; !ok {
-				newPermissionsByUser[userName] = &UserPermissions{
+				newPermissionsByUser[userName] = &userPermissions{
 					AllowPolicies: map[parser.Action][]*Policy{},
 					DenyPolicies:  map[parser.Action][]*Policy{},
 				}
@@ -144,7 +160,7 @@ func (r *Ranger) SyncState() error {
 		}
 		for userName, actions := range controlledActions.deniedActionsByUser {
 			if _, ok := newPermissionsByUser[userName]; !ok {
-				newPermissionsByUser[userName] = &UserPermissions{
+				newPermissionsByUser[userName] = &userPermissions{
 					AllowPolicies: map[parser.Action][]*Policy{},
 					DenyPolicies:  map[parser.Action][]*Policy{},
 				}
@@ -159,3 +175,47 @@ func (r *Ranger) SyncState() error {
 	log.Println("Syncing users and groups from Apache Ranger for service:", r.ServiceName)
 	return nil
 }
+
+func (r *Ranger) UnmarshalYAML(value *yaml.Node) error {
+	type rawRanger struct {
+		Name                  string        `yaml:"name,omitempty" json:"name,omitempty"`
+		ServiceName           string        `yaml:"service_name,omitempty" json:"service_name,omitempty"`
+		SyncIntervalInMinutes int           `yaml:"sync_interval_in_minutes,omitempty" json:"sync_interval_in_minutes,omitempty"`
+		Client                *clientConfig `yaml:"client"`
+		Parser                *parserConfig `yaml:"parser"`
+	}
+
+	var raw rawRanger
+	if err := value.Decode(&raw); err != nil {
+		return err
+	}
+
+	if raw.Client == nil {
+		return ErrRangerClientConfigIsRequired
+	}
+	if raw.Parser == nil {
+		return ErrRangerParserConfigIsRequired
+	}
+	if raw.Parser.Type == "" {
+		return ErrRangerParserTypeIsRequired
+	}
+	if raw.Parser.DefaultCatalog == "" {
+		return ErrRangerParserDefaultCatalogIsRequired
+	}
+
+	r.Name = raw.Name
+	r.ServiceName = raw.ServiceName
+	r.SyncIntervalInMinutes = raw.SyncIntervalInMinutes
+	r.Client = NewClient(raw.Client.Endpoint, raw.Client.Username, raw.Client.Password)
+
+	accessReceiver, err := factory.CreateParserByType(raw.Parser.Type, raw.Parser.DefaultCatalog)
+	if err != nil {
+		return ErrRangerUnsupportedParserType
+	}
+
+	r.AccessReceiver = accessReceiver
+	if r.SyncIntervalInMinutes == 0 {
+		r.SyncIntervalInMinutes = 5
+	}
+	return nil
+}

pkg/rbac/ranger/tests/ranger_policy_check_test.go

@@ -839,9 +839,9 @@ func getAllowAllPolicy(resource *ranger.Resource, additionalResource *ranger.Res
 	}
 }
 
-func getMockRangerClient(users map[string]*ranger.User, policies []*ranger.Policy) *ranger.ClientWrapper {
+func getMockRangerClient(users map[string]*ranger.User, policies []*ranger.Policy) ranger.Client {
 	m := new(mocks.Client)
 	m.On("GetUsers").Return(users, nil)
 	m.On("GetPolicies", serviceName).Return(policies, nil)
-	return &ranger.ClientWrapper{Client: m}
+	return m
 }

pkg/rbac/rbac.go

@@ -1,13 +1,11 @@
 package rbac
 
 import (
-	"context"
 	"errors"
 	"fmt"
 
-	"gopkg.in/yaml.v3"
-
 	"github.com/patterninc/heimdall/pkg/rbac/ranger"
+	"gopkg.in/yaml.v3"
 )
 
 var (
@@ -18,7 +16,7 @@ var (
 )
 
 type RBAC interface {
-	Init(ctx context.Context) error //todo consider if we have init in another interface
+	Init() error
 	HasAccess(user string, query string) (bool, error)
 	GetName() string
 }
@@ -29,10 +27,6 @@ type configs struct {
 	RBAC []RBAC
 }
 
-// type accessReceiverHolder struct {
-//     AccessReceiver
-// }
-
 func (c *RBACs) UnmarshalYAML(unmarshal func(interface{}) error) error {
 
 	var temp configs