Switch config format to names rather than maps

- take roles and users as names in config
- use role.Name rather than nesting role.Role for name
- update examples and tests

docs/configuration.md

@@ -67,16 +67,16 @@ sources:
     apiToken: 001XJv9xhv899sdfns938haos3h8oahsdaohd2o8hdao82hd
 
 users:
-  admin@example.com:
+  - name: admin@example.com
     roles:
-      admin:
+      - name: admin
         kind: cluster-role
         clusters:
           - cluster-AAA
           - cluster-BBB
-  bob@example.com:
+  - name: developer@example.com
     roles:
-      writer:
+      - name: writer
         kind: cluster-role
         clusters:
           - cluster-AAA

internal/engine/engine.go

@@ -295,7 +295,7 @@ func Run(options Options) error {
 
 		var rbs []RoleBinding
 		for _, r := range rolesRes.Roles {
-			rbs = append(rbs, RoleBinding{User: r.User.Email, Role: r.Role})
+			rbs = append(rbs, RoleBinding{User: r.User.Email, Role: r.Name})
 		}
 
 		err = kubernetes.UpdateRoles(rbs)

internal/registry/_testdata/infra.yaml

@@ -5,20 +5,20 @@ sources:
     oktaClientSecret: jfpn0qwiQPiMIfs408fjs048fjpn0qwiQPiMajsdf08j10j2
     oktaApiToken: 001XJv9xhv899sdfns938haos3h8oahsdaohd2o8hdao82hd
 users:
-  admin@example.com:
+  - name: admin@example.com
     roles:
-      admin:
+      - name: admin
         kind: cluster-role
         clusters:
           - cluster-AAA
           - cluster-BBB
-  user@example.com:
+  - name: user@example.com
     roles:
-      writer:
+      - name: writer
         kind: cluster-role
         clusters:
           - cluster-AAA
-      reader:
+      - name: reader
         kind: cluster-role
         clusters:
           - cluster-BBB

internal/registry/config.go

@@ -17,24 +17,20 @@ type ConfigSource struct {
 }
 
 type ConfigRoleKubernetes struct {
+	Name     string   `yaml:"name"`
 	Kind     string   `yaml:"kind"`
 	Clusters []string `yaml:"clusters"`
 }
 
 type ConfigUserMapping struct {
-	Roles map[string]ConfigRoleKubernetes
+	Name  string
+	Roles []ConfigRoleKubernetes
 	// TODO (brucemacd): Add groups here
 }
 
 type Config struct {
-	Sources []ConfigSource               `yaml:"sources"`
-	Users   map[string]ConfigUserMapping `yaml:"users"`
-}
-
-func NewConfig() Config {
-	var config Config
-	config.Users = make(map[string]ConfigUserMapping)
-	return config
+	Sources []ConfigSource      `yaml:"sources"`
+	Users   []ConfigUserMapping `yaml:"users"`
 }
 
 var initialConfig Config
@@ -71,11 +67,11 @@ func ImportSources(db *gorm.DB, sources []ConfigSource) error {
 	return nil
 }
 
-func ApplyUserMapping(db *gorm.DB, users map[string]ConfigUserMapping) ([]string, error) {
+func ApplyUserMapping(db *gorm.DB, users []ConfigUserMapping) ([]string, error) {
 	var ids []string
-	for email, userMapping := range users {
+	for _, u := range users {
 		var user User
-		err := db.Where(&User{Email: email}).First(&user).Error
+		err := db.Where(&User{Email: u.Name}).First(&user).Error
 		if err != nil {
 			if errors.Is(err, gorm.ErrRecordNotFound) {
 				// skip this user, if they're created these roles will be added later
@@ -85,15 +81,15 @@ func ApplyUserMapping(db *gorm.DB, users map[string]ConfigUserMapping) ([]string
 			return nil, err
 		}
 
-		for roleName, role := range userMapping.Roles {
-			switch role.Kind {
+		for _, r := range u.Roles {
+			switch r.Kind {
 			case ROLE_KIND_K8S_ROLE:
 				// TODO (brucemacd): Handle config imports of roles when we support RoleBindings
-				logging.L.Info("Skipping role: " + roleName + ", RoleBindings are not supported yet")
+				logging.L.Info("Skipping role: " + r.Name + ", RoleBindings are not supported yet")
 			case ROLE_KIND_K8S_CLUSTER_ROLE:
-				for _, dest := range role.Clusters {
+				for _, cName := range r.Clusters {
 					var destination Destination
-					err := db.Where(&Destination{Name: dest}).First(&destination).Error
+					err := db.Where(&Destination{Name: cName}).First(&destination).Error
 					if err != nil {
 						if errors.Is(err, gorm.ErrRecordNotFound) {
 							// when a destination is added then the config import will be retried, skip for now
@@ -104,15 +100,15 @@ func ApplyUserMapping(db *gorm.DB, users map[string]ConfigUserMapping) ([]string
 					}
 
 					var role Role
-					err = db.FirstOrCreate(&role, &Role{Role: roleName, Kind: role.Kind, UserId: user.Id, DestinationId: destination.Id, FromConfig: true}).Error
+					err = db.FirstOrCreate(&role, &Role{Name: r.Name, Kind: r.Kind, UserId: user.Id, DestinationId: destination.Id, FromConfig: true}).Error
 					if err != nil {
 						return nil, err
 					}
 
 					ids = append(ids, role.Id)
 				}
 			default:
-				logging.L.Info("Unrecognized role kind: " + role.Kind + " in infra.yaml, role skipped.")
+				logging.L.Info("Unrecognized role kind: " + r.Kind + " in infra.yaml, role skipped.")
 			}
 		}
 
@@ -121,7 +117,7 @@ func ApplyUserMapping(db *gorm.DB, users map[string]ConfigUserMapping) ([]string
 	return ids, nil
 }
 
-func ImportUserMappings(db *gorm.DB, users map[string]ConfigUserMapping) error {
+func ImportUserMappings(db *gorm.DB, users []ConfigUserMapping) error {
 	idsToKeep, err := ApplyUserMapping(db, users)
 	if err != nil {
 		return err
@@ -130,7 +126,7 @@ func ImportUserMappings(db *gorm.DB, users map[string]ConfigUserMapping) error {
 }
 
 func ImportConfig(db *gorm.DB, bs []byte) error {
-	config := NewConfig()
+	var config Config
 	err := yaml.Unmarshal(bs, &config)
 	if err != nil {
 		return err

internal/registry/config_test.go

@@ -27,7 +27,7 @@ func TestImportRolesForExistingUsersAndDestinations(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	config := NewConfig()
+	var config Config
 	err = yaml.Unmarshal(confFile, &config)
 	if err != nil {
 		t.Fatal(err)
@@ -78,7 +78,7 @@ func TestImportRolesForUnknownUsers(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	config := NewConfig()
+	var config Config
 	err = yaml.Unmarshal(confFile, &config)
 	if err != nil {
 		t.Fatal(err)
@@ -116,7 +116,7 @@ func TestImportRolesForUnknownDestinations(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	config := NewConfig()
+	var config Config
 	err = yaml.Unmarshal(confFile, &config)
 	if err != nil {
 		t.Fatal(err)
@@ -140,7 +140,7 @@ func TestImportRolesForUnknownDestinations(t *testing.T) {
 
 func containsUserRoleForDestination(roles []Role, userId string, destinationId string, roleName string) bool {
 	for _, role := range roles {
-		if role.UserId == userId && role.DestinationId == destinationId && role.Role == roleName {
+		if role.UserId == userId && role.DestinationId == destinationId && role.Name == roleName {
 			return true
 		}
 	}

internal/registry/data.go

@@ -80,7 +80,7 @@ type Role struct {
 	Id            string `gorm:"primaryKey"`
 	Created       int64  `gorm:"autoCreateTime"`
 	Updated       int64  `gorm:"autoUpdateTime"`
-	Role          string
+	Name          string
 	Kind          string
 	UserId        string
 	DestinationId string
@@ -164,7 +164,7 @@ func (u *User) AfterSave(tx *gorm.DB) (err error) {
 			return err
 		}
 
-		role.Role = givenRole
+		role.Name = givenRole
 
 		err = tx.Save(&role).Error
 		if err != nil {
@@ -215,7 +215,7 @@ func (d *Destination) AfterSave(tx *gorm.DB) (err error) {
 		}
 
 		var role Role
-		err := tx.FirstOrCreate(&role, &Role{UserId: u.Id, DestinationId: d.Id, Role: givenRole, FromDefault: true}).Error
+		err := tx.FirstOrCreate(&role, &Role{UserId: u.Id, DestinationId: d.Id, Name: givenRole, FromDefault: true}).Error
 		if err != nil {
 			return err
 		}

internal/registry/grpc.go

@@ -474,7 +474,7 @@ func dbToProtoRole(in *Role) *v1.Role {
 		Id:          in.Id,
 		Created:     in.Created,
 		Updated:     in.Updated,
-		Role:        in.Role,
+		Name:        in.Name,
 		User:        dbToProtoUser(&in.User),
 		Destination: dbToProtoDestination(&in.Destination),
 	}

internal/v1/v1.proto

@@ -144,7 +144,7 @@ message Role {
 
     Destination destination = 50;
 
-    string role = 60;
+    string name = 60;
 
     KubernetesRoleType kind = 70;
 }