Permalink
Browse files

Split proto/authorization_proto between api/type and impl/authorizat…

…ion/authz_proto (#884)

* move proto/authorization_proto to api/type

* Fix imports

* Split authorization proto between core and impl
  • Loading branch information...
gdbelvin committed Dec 12, 2017
1 parent 6222ec8 commit 7e2628b25bd1a42e2e325d0d1b7e679b09380cfb

Some generated files are not rendered by default. Learn more.

Oops, something went wrong.
@@ -0,0 +1,26 @@
// Copyright 2016 Google Inc. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
option go_package = "github.com/google/keytransparency/core/api/type/type_proto";
package google.keytransparency.type;
// Permission specifies the permission a role can take.
enum Permission {
// LOG indicates whether access to resources will be logged.
LOG = 0;
READ = 1;
WRITE = 2;
}

Some generated files are not rendered by default. Learn more.

Oops, something went wrong.
@@ -18,7 +18,7 @@ package authorization
import (
"github.com/google/keytransparency/core/authentication"
authzpb "github.com/google/keytransparency/core/proto/authorization_proto"
authzpb "github.com/google/keytransparency/core/api/type/type_proto"
)
// Authorization authorizes access to RPCs.
View
@@ -27,6 +27,4 @@ package core
//go:generate protoc -I=. -I=$GOPATH/src/github.com/google/trillian/ -I=$GOPATH/src/github.com/googleapis/googleapis/ --go_out=,plugins=grpc:$GOPATH/src api/usermanager/v1/usermanager_proto/usermanager.proto
//go:generate protoc -I=. -I=$GOPATH/src/github.com/google/trillian/ -I=$GOPATH/src/github.com/googleapis/googleapis/ --grpc-gateway_out=logtostderr=true:. api/usermanager/v1/usermanager_proto/usermanager.proto
//go:generate protoc -I=. -I=$GOPATH/src/github.com/google/trillian/ -I=$GOPATH/src/github.com/googleapis/googleapis --go_out=:$GOPATH/src api/type/type_proto/type.proto api/type/type_proto/keymaster.proto
//go:generate protoc -I=. --go_out=:$GOPATH/src proto/authorization_proto/authorization_proto.proto
//go:generate protoc -I=. -I=$GOPATH/src/github.com/google/trillian/ -I=$GOPATH/src/github.com/googleapis/googleapis --go_out=:$GOPATH/src api/type/type_proto/type.proto api/type/type_proto/keymaster.proto api/type/type_proto/authz.proto
@@ -34,9 +34,9 @@ import (
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
authzpb "github.com/google/keytransparency/core/api/type/type_proto"
pb "github.com/google/keytransparency/core/api/v1/keytransparency_proto"
authzpb "github.com/google/keytransparency/core/proto/authorization_proto"
"github.com/google/trillian"
tpb "github.com/google/trillian"
)
const (
@@ -51,9 +51,9 @@ const (
// Server holds internal state for the key server.
type Server struct {
admin adminstorage.Storage
tlog trillian.TrillianLogClient
tmap trillian.TrillianMapClient
tadmin trillian.TrillianAdminClient
tlog tpb.TrillianLogClient
tmap tpb.TrillianMapClient
tadmin tpb.TrillianAdminClient
auth authentication.Authenticator
authz authorization.Authorization
mutator mutator.Mutator
@@ -63,9 +63,9 @@ type Server struct {
// New creates a new instance of the key server.
func New(admin adminstorage.Storage,
tlog trillian.TrillianLogClient,
tmap trillian.TrillianMapClient,
tadmin trillian.TrillianAdminClient,
tlog tpb.TrillianLogClient,
tmap tpb.TrillianMapClient,
tadmin tpb.TrillianAdminClient,
mutator mutator.Mutator,
auth authentication.Authenticator,
authz authorization.Authorization,
@@ -110,7 +110,7 @@ func (s *Server) getEntry(ctx context.Context, domainID, userID, appID string, f
// Fresh Root.
logRoot, err := s.tlog.GetLatestSignedLogRoot(ctx,
&trillian.GetLatestSignedLogRootRequest{
&tpb.GetLatestSignedLogRootRequest{
LogId: domain.LogID,
})
if err != nil {
@@ -130,7 +130,7 @@ func (s *Server) getEntry(ctx context.Context, domainID, userID, appID string, f
}
index, proof := vrfPriv.Evaluate(vrf.UniqueID(userID, appID))
getResp, err := s.tmap.GetLeavesByRevision(ctx, &trillian.GetMapLeavesByRevisionRequest{
getResp, err := s.tmap.GetLeavesByRevision(ctx, &tpb.GetMapLeavesByRevisionRequest{
MapId: domain.MapID,
Index: [][]byte{index[:]},
Revision: revision,
@@ -162,10 +162,10 @@ func (s *Server) getEntry(ctx context.Context, domainID, userID, appID string, f
secondTreeSize := logRoot.GetSignedLogRoot().GetTreeSize()
// Consistency proof.
var logConsistency *trillian.GetConsistencyProofResponse
var logConsistency *tpb.GetConsistencyProofResponse
if firstTreeSize != 0 {
logConsistency, err = s.tlog.GetConsistencyProof(ctx,
&trillian.GetConsistencyProofRequest{
&tpb.GetConsistencyProofRequest{
LogId: domain.LogID,
FirstTreeSize: firstTreeSize,
SecondTreeSize: secondTreeSize,
@@ -179,7 +179,7 @@ func (s *Server) getEntry(ctx context.Context, domainID, userID, appID string, f
// Inclusion proof.
logInclusion, err := s.tlog.GetInclusionProof(ctx,
&trillian.GetInclusionProofRequest{
&tpb.GetInclusionProofRequest{
LogId: domain.LogID,
// SignedMapRoot must be placed in the log at MapRevision.
// MapRevisions start at 1. Log leaves start at 1.
@@ -195,9 +195,9 @@ func (s *Server) getEntry(ctx context.Context, domainID, userID, appID string, f
return &pb.GetEntryResponse{
VrfProof: proof,
Committed: committed,
LeafProof: &trillian.MapLeafInclusion{
LeafProof: &tpb.MapLeafInclusion{
Inclusion: neighbors,
Leaf: &trillian.MapLeaf{
Leaf: &tpb.MapLeaf{
LeafValue: leaf,
},
},
@@ -217,7 +217,7 @@ func (s *Server) ListEntryHistory(ctx context.Context, in *pb.ListEntryHistoryRe
return nil, grpc.Errorf(codes.Internal, "Cannot fetch domain info")
}
// Get current epoch.
resp, err := s.tmap.GetSignedMapRoot(ctx, &trillian.GetSignedMapRootRequest{MapId: domain.MapID})
resp, err := s.tmap.GetSignedMapRoot(ctx, &tpb.GetSignedMapRootRequest{MapId: domain.MapID})
if err != nil {
glog.Errorf("GetSignedMapRoot(%v): %v", domain.MapID, err)
return nil, grpc.Errorf(codes.Internal, "Fetching latest signed map root failed")
@@ -369,11 +369,11 @@ func (s *Server) GetDomainInfo(ctx context.Context, in *pb.GetDomainInfoRequest)
return nil, grpc.Errorf(codes.Internal, "Cannot fetch domain info for %v", in.DomainId)
}
logTree, err := s.tadmin.GetTree(ctx, &trillian.GetTreeRequest{TreeId: domain.LogID})
logTree, err := s.tadmin.GetTree(ctx, &tpb.GetTreeRequest{TreeId: domain.LogID})
if err != nil {
return nil, err
}
mapTree, err := s.tadmin.GetTree(ctx, &trillian.GetTreeRequest{TreeId: domain.MapID})
mapTree, err := s.tadmin.GetTree(ctx, &tpb.GetTreeRequest{TreeId: domain.MapID})
if err != nil {
return nil, err
}
View
17 gen.go
@@ -0,0 +1,17 @@
// Copyright 2017 Google Inc. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package keytranspraency
//go:generate protoc -I=. --go_out=:$GOPATH/src impl/authorization/authz_proto/authz.proto
@@ -21,11 +21,12 @@ import (
"github.com/google/keytransparency/core/authentication"
"github.com/google/keytransparency/core/authorization"
authzpb "github.com/google/keytransparency/core/proto/authorization_proto"
authzpb "github.com/google/keytransparency/core/api/type/type_proto"
pb "github.com/google/keytransparency/impl/authorization/authz_proto"
)
type authz struct {
policy *authzpb.AuthorizationPolicy
policy *pb.AuthorizationPolicy
}
// New creates a new instance of the authorization module.
@@ -63,7 +64,7 @@ func resourceLabel(mapID int64, appID string) string {
return fmt.Sprintf("%d|%s", mapID, appID)
}
func isPrincipalInRole(role *authzpb.AuthorizationPolicy_Role, identity string) bool {
func isPrincipalInRole(role *pb.AuthorizationPolicy_Role, identity string) bool {
for _, p := range role.GetPrincipals() {
if p == identity {
return true
@@ -72,7 +73,7 @@ func isPrincipalInRole(role *authzpb.AuthorizationPolicy_Role, identity string)
return false
}
func isPermisionInRole(role *authzpb.AuthorizationPolicy_Role, permission authzpb.Permission) bool {
func isPermisionInRole(role *pb.AuthorizationPolicy_Role, permission authzpb.Permission) bool {
for _, p := range role.GetPermissions() {
if p == permission {
return true
@@ -20,7 +20,8 @@ import (
"github.com/google/keytransparency/core/authentication"
authzpb "github.com/google/keytransparency/core/proto/authorization_proto"
authzpb "github.com/google/keytransparency/core/api/type/type_proto"
pb "github.com/google/keytransparency/impl/authorization/authz_proto"
)
const (
@@ -42,8 +43,8 @@ const (
func setup() *authz {
a := &authz{}
a.policy = &authzpb.AuthorizationPolicy{
Roles: map[string]*authzpb.AuthorizationPolicy_Role{
a.policy = &pb.AuthorizationPolicy{
Roles: map[string]*pb.AuthorizationPolicy_Role{
l1: {
Principals: []string{admin1},
Permissions: []authzpb.Permission{
@@ -65,7 +66,7 @@ func setup() *authz {
},
l4: {},
},
ResourceToRoleLabels: map[string]*authzpb.AuthorizationPolicy_RoleLabels{
ResourceToRoleLabels: map[string]*pb.AuthorizationPolicy_RoleLabels{
res1: {
Labels: []string{l1, l2},
},
@@ -205,13 +206,13 @@ func TestIsPermisionInRole(t *testing.T) {
// AuthorizationPolicy_Role.Principals is not relevant in this test.
for _, tc := range []struct {
description string
role *authzpb.AuthorizationPolicy_Role
role *pb.AuthorizationPolicy_Role
permission authzpb.Permission
out bool
}{
{
"permission is not in role, empty permissions list",
&authzpb.AuthorizationPolicy_Role{
&pb.AuthorizationPolicy_Role{
Principals: []string{},
Permissions: []authzpb.Permission{},
},
@@ -220,7 +221,7 @@ func TestIsPermisionInRole(t *testing.T) {
},
{
"permission is not in role, permission not found",
&authzpb.AuthorizationPolicy_Role{
&pb.AuthorizationPolicy_Role{
Principals: []string{},
Permissions: []authzpb.Permission{
authzpb.Permission_LOG,
@@ -232,7 +233,7 @@ func TestIsPermisionInRole(t *testing.T) {
},
{
"permission is in role, one permission in the list",
&authzpb.AuthorizationPolicy_Role{
&pb.AuthorizationPolicy_Role{
Principals: []string{},
Permissions: []authzpb.Permission{
authzpb.Permission_LOG,
@@ -244,7 +245,7 @@ func TestIsPermisionInRole(t *testing.T) {
},
{
"permission is in role, multiple permissions in the list",
&authzpb.AuthorizationPolicy_Role{
&pb.AuthorizationPolicy_Role{
Principals: []string{},
Permissions: []authzpb.Permission{
authzpb.Permission_LOG,
Oops, something went wrong.

0 comments on commit 7e2628b

Please sign in to comment.