Merge pull request #79 from aserto-dev/resolve-by-key

Support user resolution by key
aserto-dev · Apr 28, 2023 · ae3ff83 · ae3ff83
2 parents aa39513 + 58c0b0a
commit ae3ff83
Show file tree

Hide file tree

Showing 5 changed files with 41 additions and 23 deletions.
diff --git a/builtins/edge/ds/user.go b/builtins/edge/ds/user.go
@@ -8,6 +8,7 @@ import (
 	"github.com/aserto-dev/topaz/resolvers"
 	"github.com/pkg/errors"
 	"github.com/rs/zerolog"
+	"google.golang.org/protobuf/proto"
 
 	"github.com/open-policy-agent/opa/ast"
 	"github.com/open-policy-agent/opa/rego"
@@ -17,7 +18,8 @@ import (
 // RegisterUser - ds.user
 //
 //	ds.user({
-//		"id": ""
+//		"id": "",
+//		"key": ""
 //	})
 func RegisterUser(logger *zerolog.Logger, fnName string, dr resolvers.DirectoryResolver) (*rego.Function, rego.Builtin1) {
 	return &rego.Function{
@@ -28,7 +30,8 @@ func RegisterUser(logger *zerolog.Logger, fnName string, dr resolvers.DirectoryR
 		func(bctx rego.BuiltinContext, op1 *ast.Term) (*ast.Term, error) {
 
 			type args struct {
-				ID string `json:"id"`
+				ID  string `json:"id"`
+				Key string `json:"key"`
 			}
 
 			var a args
@@ -47,7 +50,9 @@ func RegisterUser(logger *zerolog.Logger, fnName string, dr resolvers.DirectoryR
 
 			resp, err := client.GetObject(bctx.Context, &dsr.GetObjectRequest{
 				Param: &dsc.ObjectIdentifier{
-					Id: &a.ID,
+					Id:   &a.ID,
+					Key:  &a.Key,
+					Type: proto.String("user"),
 				},
 			})
 			if err != nil {

diff --git a/directory/identity.go b/directory/identity.go
@@ -9,23 +9,19 @@ import (
 	v2 "github.com/aserto-dev/go-directory/aserto/directory/common/v2"
 	ds2 "github.com/aserto-dev/go-directory/aserto/directory/reader/v2"
 	"github.com/aserto-dev/go-directory/pkg/derr"
+	"google.golang.org/protobuf/proto"
 )
 
 func GetIdentityV2(client ds2.ReaderClient, ctx context.Context, identity string) (*v2.Object, error) {
-	identityString := "identity"
-	obj := v2.ObjectIdentifier{Type: &identityString, Key: &identity}
-
-	relationString := "identifier"
-	subjectType := "user"
-	withObjects := true
+	obj := v2.ObjectIdentifier{Type: proto.String("identity"), Key: &identity}
 
 	relResp, err := client.GetRelation(ctx, &ds2.GetRelationRequest{
 		Param: &v2.RelationIdentifier{
 			Object:   &obj,
-			Relation: &v2.RelationTypeIdentifier{Name: &relationString, ObjectType: &identityString},
-			Subject:  &v2.ObjectIdentifier{Type: &subjectType},
+			Relation: &v2.RelationTypeIdentifier{Name: proto.String("identifier"), ObjectType: proto.String("identity")},
+			Subject:  &v2.ObjectIdentifier{Type: proto.String("user")},
 		},
-		WithObjects: &withObjects,
+		WithObjects: proto.Bool(true),
 	})
 	switch {
 	case err != nil && errors.Is(cerr.UnwrapAsertoError(err), derr.ErrNotFound):

diff --git a/go.work.sum b/go.work.sum
@@ -172,14 +172,12 @@ github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/aserto-dev/aserto-go v0.8.14-0.20221018123009-a56db85a7ed3 h1:Kp2Ojrem4ixQEQYaxtUiR2RAW6HnQCastADjO3VOJOQ=
 github.com/aserto-dev/aserto-grpc v0.1.1 h1:iILD2u0yjHdibBsG7CchkiudUmwvNhBmPUN7kNm9cvM=
-github.com/aserto-dev/mage-loot v0.8.13 h1:i8kRhcwnbTd6MB8rDxg/JZ53aWs09srIPQSttO8joJo=
-github.com/aserto-dev/mage-loot v0.8.13/go.mod h1:Oi7gxbSzxC4qlCMUaiNHWLE1DjmcMTk96fzFHNN/bsc=
+github.com/aserto-dev/errors v0.0.2/go.mod h1:TBlc5z9t1ClYehyJT614pJ0jknkCFWo7sdyAFkFEndY=
+github.com/aserto-dev/go-directory-cli v0.20.11 h1:0Q5KDOi5c1eyXjyBSEM50UxXuBPdSti2y57lybnvOgI=
 github.com/aserto-dev/runtime v0.47.3 h1:KEXQ5bFImIWAqUM5uIPDQ94zeHYScalhWziu+GAqRzk=
 github.com/aserto-dev/runtime v0.47.3/go.mod h1:0iis95JxPIOPQvdmS0+zJnhCPLrz3bkinFNzDtbwuak=
 github.com/aserto-dev/runtime v0.51.0 h1:bJPCP5v0nY1NS1t4q3+1TSf6WA+wQorTXRiD8UQP+QY=
 github.com/aserto-dev/runtime v0.51.0/go.mod h1:j2RGQkslP9gsvjhaAhEekMpnMJvvlhy7YhYDK0ZagFk=
-github.com/aserto-dev/runtime v0.51.1 h1:NpX0PoKtQFl2vutcfH5u0eAfIECRs01FeUhiqS0cmk4=
-github.com/aserto-dev/runtime v0.51.1/go.mod h1:j2RGQkslP9gsvjhaAhEekMpnMJvvlhy7YhYDK0ZagFk=
 github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
 github.com/cenkalti/backoff/v4 v4.1.3/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
@@ -269,6 +267,7 @@ github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+
 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3/go.mod h1:o//XUCC/F+yRGJoPO/VU0GSB0f8Nhgmxx0VIRUvaC0w=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.14.0/go.mod h1:4OGVnY4qf2+gw+ssiHbW+pq4mo2yko94YxxMmXZ7jCA=
 github.com/hashicorp/consul/api v1.15.3/go.mod h1:/g/qgcoBcEXALCNZgRRisyTW0nY86++L0KbeAMXYCeY=
 github.com/hashicorp/consul/api v1.18.0/go.mod h1:owRRGJ9M5xReDC5nfT8FTJrNAPbT4NM6p/k+d03q2v4=
 github.com/hashicorp/consul/sdk v0.11.0/go.mod h1:yPkX5Q6CsxTFMjQQDJwzeNmUUF5NUGGbrDsv9wTb8cw=
@@ -388,6 +387,7 @@ github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljT
 github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+go.etcd.io/bbolt v1.3.6 h1:/ecaJf0sk1l4l6V4awd65v2C3ILy7MSj+s/x1ADCIMU=
 go.etcd.io/etcd/api/v3 v3.5.5/go.mod h1:KFtNaxGDw4Yx/BA4iPPwevUTAuqcsPxzyX8PHydchN8=
 go.etcd.io/etcd/api/v3 v3.5.6/go.mod h1:KFtNaxGDw4Yx/BA4iPPwevUTAuqcsPxzyX8PHydchN8=
 go.etcd.io/etcd/client/pkg/v3 v3.5.5/go.mod h1:ggrwbk069qxpKPq8/FKkQ3Xq9y39kbFR4LnKszpRXeQ=
@@ -619,6 +619,7 @@ google.golang.org/genproto v0.0.0-20220920201722-2b89144ce006/go.mod h1:ht8XFiar
 google.golang.org/genproto v0.0.0-20220927151529-dcaddaf36704/go.mod h1:woMGP53BroOrRY3xTxlbr8Y3eB/nzAvvFM83q7kG2OI=
 google.golang.org/genproto v0.0.0-20221024183307-1bc688fe9f3e/go.mod h1:9qHF0xnpdSfF6knlcsnpzUu5y+rpwgbvsyGAZPBMg4s=
 google.golang.org/genproto v0.0.0-20221027153422-115e99e71e1c/go.mod h1:CGI5F/G+E5bKwmfYo09AXuVN4dD894kIKUFmVbP2/Fo=
+google.golang.org/genproto v0.0.0-20221114212237-e4508ebdbee1/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg=
 google.golang.org/genproto v0.0.0-20221227171554-f9683d7f8bef/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM=
 google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM=
 google.golang.org/genproto v0.0.0-20230124163310-31e0e69b6fc2/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM=

diff --git a/magefiles/go.sum b/magefiles/go.sum
@@ -42,8 +42,8 @@ github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8
 github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q=
 github.com/aserto-dev/clui v0.8.1 h1:5IW9OnFZoIWjvnmTE4FNTXrjP1wnMzd39qKAcRnRHt8=
 github.com/aserto-dev/clui v0.8.1/go.mod h1:XpJxwNzSQaGN6rqXONZJEaeez4MUaCPikM2lKSngrXM=
-github.com/aserto-dev/mage-loot v0.8.11 h1:3Xs/vF44SMeMU571Gnm/NCyOm4M+m1g/l091nMqzbTU=
-github.com/aserto-dev/mage-loot v0.8.11/go.mod h1:Oi7gxbSzxC4qlCMUaiNHWLE1DjmcMTk96fzFHNN/bsc=
+github.com/aserto-dev/mage-loot v0.8.13 h1:i8kRhcwnbTd6MB8rDxg/JZ53aWs09srIPQSttO8joJo=
+github.com/aserto-dev/mage-loot v0.8.13/go.mod h1:Oi7gxbSzxC4qlCMUaiNHWLE1DjmcMTk96fzFHNN/bsc=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=

diff --git a/pkg/app/impl/jwt.go b/pkg/app/impl/jwt.go
@@ -189,21 +189,37 @@ func (s *AuthorizerServer) getUserFromIdentity(ctx context.Context, identity str
 	}
 
 	if user == nil {
-		return s.getObject(ctx, identity)
+		return s.findUser(ctx, identity)
 	}
 
 	return user, nil
 }
 
-func (s *AuthorizerServer) getObject(ctx context.Context, id string) (proto.Message, error) {
+func (s *AuthorizerServer) findUser(ctx context.Context, keyOrID string) (proto.Message, error) {
+	user, err := s.getObjectByID(ctx, keyOrID)
+	if err == nil {
+		return user, nil
+	}
+	s.logger.Debug().Err(err).Msg("failed to find user by ID. attempting to find by key")
+
+	return s.getObjectByKey(ctx, "user", keyOrID)
+}
+
+func (s *AuthorizerServer) getObjectByKey(ctx context.Context, objType, key string) (proto.Message, error) {
+	return s.getObject(ctx, &v2.ObjectIdentifier{Type: &objType, Key: &key})
+}
+
+func (s *AuthorizerServer) getObjectByID(ctx context.Context, id string) (proto.Message, error) {
+	return s.getObject(ctx, &v2.ObjectIdentifier{Id: &id})
+}
+
+func (s *AuthorizerServer) getObject(ctx context.Context, obj *v2.ObjectIdentifier) (proto.Message, error) {
 	client, err := s.resolver.GetDirectoryResolver().GetDS(ctx)
 	if err != nil {
 		return nil, err
 	}
 
-	objResp, err := client.GetObject(ctx, &ds2.GetObjectRequest{
-		Param: &v2.ObjectIdentifier{Id: &id},
-	})
+	objResp, err := client.GetObject(ctx, &ds2.GetObjectRequest{Param: obj})
 	if err != nil {
 		return nil, err
 	}