diff --git a/Makefile b/Makefile index 46343fe6a6..b667aeb35e 100644 --- a/Makefile +++ b/Makefile @@ -94,7 +94,7 @@ ifneq "$(INCUS_OFFLINE)" "" endif $(GO) get -t -v -d -u ./... $(GO) get github.com/mdlayher/socket@v0.4.1 - $(GO) get github.com/openfga/go-sdk@v0.2.2 + $(GO) get github.com/openfga/go-sdk@v0.3.1-go1.20 $(GO) mod tidy --go=1.20 $(GO) get toolchain@none diff --git a/cmd/lxd-to-incus/go.mod b/cmd/lxd-to-incus/go.mod index 356cc9a5bd..a14df1b686 100644 --- a/cmd/lxd-to-incus/go.mod +++ b/cmd/lxd-to-incus/go.mod @@ -40,7 +40,7 @@ require ( github.com/sirupsen/logrus v1.9.3 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/zitadel/oidc/v2 v2.12.0 // indirect - golang.org/x/crypto v0.16.0 // indirect + golang.org/x/crypto v0.17.0 // indirect golang.org/x/net v0.19.0 // indirect golang.org/x/oauth2 v0.15.0 // indirect golang.org/x/term v0.15.0 // indirect diff --git a/cmd/lxd-to-incus/go.sum b/cmd/lxd-to-incus/go.sum index 06bcdd8486..03d4414706 100644 --- a/cmd/lxd-to-incus/go.sum +++ b/cmd/lxd-to-incus/go.sum @@ -134,8 +134,8 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= -golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY= -golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= +golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= +golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= diff --git a/go.mod b/go.mod index 5cd83f896b..bbd19771b3 100644 --- a/go.mod +++ b/go.mod @@ -18,23 +18,23 @@ require ( github.com/gorilla/mux v1.8.1 github.com/gorilla/websocket v1.5.1 github.com/gosexy/gettext v0.0.0-20160830220431-74466a0a0c4a - github.com/grafana/dskit v0.0.0-20231212004558-69248346b5cf + github.com/grafana/dskit v0.0.0-20231219164408-2bfd67958535 github.com/j-keck/arping v1.0.3 github.com/jaypipes/pcidb v1.0.0 github.com/jochenvg/go-udev v0.0.0-20171110120927-d6b62d56d37b github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 github.com/lxc/go-lxc v0.0.0-20230926171149-ccae595aa49e github.com/mattn/go-colorable v0.1.13 - github.com/mattn/go-sqlite3 v1.14.18 + github.com/mattn/go-sqlite3 v1.14.19 github.com/mdlayher/ndp v1.0.1 github.com/mdlayher/netx v0.0.0-20230430222610-7e21880baee8 github.com/mdlayher/vsock v1.2.1 github.com/miekg/dns v1.1.57 github.com/minio/madmin-go v1.7.5 - github.com/minio/minio-go/v7 v7.0.65 + github.com/minio/minio-go/v7 v7.0.66 github.com/mitchellh/mapstructure v1.5.0 github.com/olekukonko/tablewriter v0.0.5 - github.com/openfga/go-sdk v0.2.2 + github.com/openfga/go-sdk v0.3.1-go1.20 github.com/osrg/gobgp/v3 v3.21.0 github.com/pkg/sftp v1.13.6 github.com/pkg/xattr v0.4.9 @@ -46,7 +46,7 @@ require ( github.com/vishvananda/netlink v1.2.1-beta.2 github.com/zitadel/oidc/v2 v2.12.0 go.starlark.net v0.0.0-20231121155337-90ade8b19d09 - golang.org/x/crypto v0.16.0 + golang.org/x/crypto v0.17.0 golang.org/x/oauth2 v0.15.0 golang.org/x/sync v0.5.0 golang.org/x/sys v0.15.0 @@ -115,7 +115,7 @@ require ( github.com/spf13/afero v1.11.0 // indirect github.com/spf13/cast v1.6.0 // indirect github.com/spf13/pflag v1.0.5 // indirect - github.com/spf13/viper v1.18.1 // indirect + github.com/spf13/viper v1.18.2 // indirect github.com/subosito/gotenv v1.6.0 // indirect github.com/tinylib/msgp v1.1.9 // indirect github.com/tklauser/go-sysconf v0.3.13 // indirect @@ -126,13 +126,13 @@ require ( go.opentelemetry.io/otel/metric v1.21.0 // indirect go.opentelemetry.io/otel/trace v1.21.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb // indirect + golang.org/x/exp v0.0.0-20231219180239-dc181d75b848 // indirect golang.org/x/mod v0.14.0 // indirect golang.org/x/net v0.19.0 // indirect golang.org/x/tools v0.16.1 // indirect google.golang.org/appengine v1.6.8 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20231212172506-995d672761c0 // indirect - google.golang.org/grpc v1.60.0 // indirect + google.golang.org/grpc v1.60.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/square/go-jose.v2 v2.6.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/go.sum b/go.sum index f514f1363a..3ea5d09f1e 100644 --- a/go.sum +++ b/go.sum @@ -211,8 +211,8 @@ github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/ github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY= github.com/gosexy/gettext v0.0.0-20160830220431-74466a0a0c4a h1:N2b2mb4Gki1SlF3WuhR9P1YHOpl7oy/b+xxX4A3iM2E= github.com/gosexy/gettext v0.0.0-20160830220431-74466a0a0c4a/go.mod h1:IEJaV4/6J0VpoQ33kFCUUP6umRjrcBVEbOva6XCub/Q= -github.com/grafana/dskit v0.0.0-20231212004558-69248346b5cf h1:WcARLmVEu6y0Pg+AlyocAiMBNLqpUDKR7PaZqgVcEG4= -github.com/grafana/dskit v0.0.0-20231212004558-69248346b5cf/go.mod h1:8dsy5tQOkeNQyjXpm5mQsbCu3H5uzeBD35MzRQFznKU= +github.com/grafana/dskit v0.0.0-20231219164408-2bfd67958535 h1:qUdSymzUZ9bpNVcE79kTIW6oEB2J3oDLY7q82sHurjU= +github.com/grafana/dskit v0.0.0-20231219164408-2bfd67958535/go.mod h1:kkWM4WUV230bNG3urVRWPBnSJHs64y/0RmWjftnnn0c= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= @@ -242,7 +242,7 @@ github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/j-keck/arping v1.0.3 h1:aeVk5WnsK6xPaRsFt5wV6W2x5l/n5XBNp0MMr/FEv2k= github.com/j-keck/arping v1.0.3/go.mod h1:aJbELhR92bSk7tp79AWM/ftfc90EfEi2bQJrbBFOsPw= -github.com/jarcoal/httpmock v1.3.0 h1:2RJ8GP0IIaWwcC9Fp2BmVi8Kog3v2Hn7VXM3fTd+nuc= +github.com/jarcoal/httpmock v1.3.1 h1:iUx3whfZWVf3jT01hQTO/Eo5sAYtB2/rqaUuOtpInww= github.com/jaypipes/pcidb v1.0.0 h1:vtZIfkiCUE42oYbJS0TAq9XSfSmcsgo9IdxSm9qzYU8= github.com/jaypipes/pcidb v1.0.0/go.mod h1:TnYUvqhPBzCKnH34KrIX22kAeEbDCSRJ9cqLRCuNDfk= github.com/jeremija/gosubmit v0.2.7 h1:At0OhGCFGPXyjPYAsCchoBUhE099pcBXmsb4iZqROIc= @@ -295,8 +295,8 @@ github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U= github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/mattn/go-sqlite3 v1.14.7/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= -github.com/mattn/go-sqlite3 v1.14.18 h1:JL0eqdCOq6DJVNPSvArO/bIV9/P7fbGrV00LZHc+5aI= -github.com/mattn/go-sqlite3 v1.14.18/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg= +github.com/mattn/go-sqlite3 v1.14.19 h1:fhGleo2h1p8tVChob4I9HpmVFIAkKGpiukdrgQbWfGI= +github.com/mattn/go-sqlite3 v1.14.19/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg= github.com/mdlayher/ndp v1.0.1 h1:+yAD79/BWyFlvAoeG5ncPS0ItlHP/eVbH7bQ6/+LVA4= github.com/mdlayher/ndp v1.0.1/go.mod h1:rf3wKaWhAYJEXFKpgF8kQ2AxypxVbfNcZbqoAo6fVzk= github.com/mdlayher/netx v0.0.0-20230430222610-7e21880baee8 h1:HMgSn3c16SXca3M+n6fLK2hXJLd4mhKAsZZh7lQfYmQ= @@ -312,8 +312,8 @@ github.com/minio/madmin-go v1.7.5 h1:IF8j2HR0jWc7msiOcy0KJ8EyY7Q3z+j+lsmSDksQm+I github.com/minio/madmin-go v1.7.5/go.mod h1:3SO8SROxHN++tF6QxdTii2SSUaYSrr8lnE9EJWjvz0k= github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34= github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM= -github.com/minio/minio-go/v7 v7.0.65 h1:sOlB8T3nQK+TApTpuN3k4WD5KasvZIE3vVFzyyCa0go= -github.com/minio/minio-go/v7 v7.0.65/go.mod h1:R4WVUR6ZTedlCcGwZRauLMIKjgyaWxhs4Mqi/OMPmEc= +github.com/minio/minio-go/v7 v7.0.66 h1:bnTOXOHjOqv/gcMuiVbN9o2ngRItvqE774dG9nq0Dzw= +github.com/minio/minio-go/v7 v7.0.66/go.mod h1:DHAgmyQEGdW3Cif0UooKOyrT3Vxs82zNdV6tkKhRtbs= github.com/minio/sha256-simd v1.0.1 h1:6kaan5IFmwTNynnKKpDHe6FWHohJOHhCPchzK49dzMM= github.com/minio/sha256-simd v1.0.1/go.mod h1:Pz6AKMiUdngCLpeTL/RJY1M9rUuPMYujV5xJjtbRSN8= github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= @@ -342,8 +342,8 @@ github.com/muhlemmer/httpforwarded v0.1.0/go.mod h1:yo9czKedo2pdZhoXe+yDkGVbU0TJ github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec= github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY= -github.com/openfga/go-sdk v0.2.2 h1:zzQPdcX/CNLXwycqYNx5LvP78kzVs6R8p5GXw/0II3s= -github.com/openfga/go-sdk v0.2.2/go.mod h1:ZB13O8GilPc0ITWssOszgxmz6CnIe8PQLZqbqAnx2IY= +github.com/openfga/go-sdk v0.3.1-go1.20 h1:mH0nczUUEl4dTMTC5WY09o+1sgPcwyL7m4jVudqhlvg= +github.com/openfga/go-sdk v0.3.1-go1.20/go.mod h1:W4SNYMSxptGOtA9aGYxsYUmSC7LaZYP7y9qbT36ouCc= github.com/osrg/gobgp/v3 v3.21.0 h1:OCjDIz2duA36tLoQElm8S2ZfxClPqcM9B4SfIlfYQTI= github.com/osrg/gobgp/v3 v3.21.0/go.mod h1:4fbscYpsCk14EO16nTWAdJyErO4MbAZ2zLJmsmeXu/k= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= @@ -422,8 +422,8 @@ github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH9Ns= -github.com/spf13/viper v1.18.1 h1:rmuU42rScKWlhhJDyXZRKJQHXFX02chSVW1IvkPGiVM= -github.com/spf13/viper v1.18.1/go.mod h1:EKmWIqdnk5lOcmR72yw6hS+8OPYcwD0jteitLMVB+yk= +github.com/spf13/viper v1.18.2 h1:LUXCnvUvSM6FXAsj6nnfc8Q2tp1dIgUfY9Kc8GsSOiQ= +github.com/spf13/viper v1.18.2/go.mod h1:EKmWIqdnk5lOcmR72yw6hS+8OPYcwD0jteitLMVB+yk= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= @@ -500,8 +500,8 @@ golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= -golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY= -golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= +golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= +golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -512,8 +512,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb h1:c0vyKkb6yr3KR7jEfJaOSv4lG7xPkbN6r52aJz1d8a8= -golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI= +golang.org/x/exp v0.0.0-20231219180239-dc181d75b848 h1:+iq7lrkxmFNBM7xx+Rae2W6uyPfhPeDWD+n+JgppptE= +golang.org/x/exp v0.0.0-20231219180239-dc181d75b848/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -842,8 +842,8 @@ google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.60.0 h1:6FQAR0kM31P6MRdeluor2w2gPaS4SVNrD/DNTxrQ15k= -google.golang.org/grpc v1.60.0/go.mod h1:OlCHIeLYqSSsLi6i49B5QGdzaMZK9+M7LXN2FKz4eGM= +google.golang.org/grpc v1.60.1 h1:26+wFr+cNqSGFcOXcabYC0lUVJVRa2Sb2ortSK7VrEU= +google.golang.org/grpc v1.60.1/go.mod h1:OlCHIeLYqSSsLi6i49B5QGdzaMZK9+M7LXN2FKz4eGM= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= diff --git a/internal/server/auth/driver_openfga.go b/internal/server/auth/driver_openfga.go index 0f4ad282c1..317d0e7536 100644 --- a/internal/server/auth/driver_openfga.go +++ b/internal/server/auth/driver_openfga.go @@ -222,6 +222,26 @@ func (f *fga) connect(ctx context.Context, certificateCache *certificate.Cache, return fmt.Errorf("Existing OpenFGA model has schema version %q, but our model has version %q", readModelResponse.AuthorizationModel.SchemaVersion, builtinAuthorizationModel.SchemaVersion) } + // Clear condition field from older servers. + for _, entry := range readModelResponse.AuthorizationModel.TypeDefinitions { + if entry.Metadata == nil || entry.Metadata.Relations == nil { + continue + } + + for _, relation := range *entry.Metadata.Relations { + if relation.DirectlyRelatedUserTypes == nil { + continue + } + + for i, reference := range *relation.DirectlyRelatedUserTypes { + if reference.Condition != nil && *reference.Condition == "" { + rel := *relation.DirectlyRelatedUserTypes + rel[i].Condition = nil + } + } + } + } + existingTypeDefinitions, err := json.Marshal(readModelResponse.AuthorizationModel.TypeDefinitions) if err != nil { return fmt.Errorf("Failed to compare OpenFGA model type definitions: %w", err) @@ -384,7 +404,7 @@ func (f *fga) AddProject(ctx context.Context, _ int64, projectName string) error func (f *fga) DeleteProject(ctx context.Context, _ int64, projectName string) error { // Only empty projects can be deleted, so we don't need to worry about any tuples with this project as a parent. - deletions := []client.ClientTupleKey{ + deletions := []client.ClientTupleKeyWithoutCondition{ { // Remove the default profile User: ObjectProject(projectName).String(), @@ -416,7 +436,7 @@ func (f *fga) RenameProject(ctx context.Context, _ int64, oldName string, newNam } // Only empty projects can be renamed, so we don't need to worry about any tuples with this project as a parent. - deletions := []client.ClientTupleKey{ + deletions := []client.ClientTupleKeyWithoutCondition{ { // Remove the default profile User: ObjectProject(oldName).String(), @@ -448,7 +468,7 @@ func (f *fga) AddCertificate(ctx context.Context, fingerprint string) error { // DeleteCertificate is a no-op. func (f *fga) DeleteCertificate(ctx context.Context, fingerprint string) error { - deletions := []client.ClientTupleKey{ + deletions := []client.ClientTupleKeyWithoutCondition{ { User: ObjectServer().String(), Relation: relationServer, @@ -474,7 +494,7 @@ func (f *fga) AddStoragePool(ctx context.Context, storagePoolName string) error // DeleteStoragePool is a no-op. func (f *fga) DeleteStoragePool(ctx context.Context, storagePoolName string) error { - deletions := []client.ClientTupleKey{ + deletions := []client.ClientTupleKeyWithoutCondition{ { User: ObjectServer().String(), Relation: relationServer, @@ -500,7 +520,7 @@ func (f *fga) AddImage(ctx context.Context, projectName string, fingerprint stri // DeleteImage is a no-op. func (f *fga) DeleteImage(ctx context.Context, projectName string, fingerprint string) error { - deletions := []client.ClientTupleKey{ + deletions := []client.ClientTupleKeyWithoutCondition{ { User: ObjectProject(projectName).String(), Relation: relationProject, @@ -526,7 +546,7 @@ func (f *fga) AddImageAlias(ctx context.Context, projectName string, imageAliasN // DeleteImageAlias is a no-op. func (f *fga) DeleteImageAlias(ctx context.Context, projectName string, imageAliasName string) error { - deletions := []client.ClientTupleKey{ + deletions := []client.ClientTupleKeyWithoutCondition{ { User: ObjectProject(projectName).String(), Relation: relationProject, @@ -547,7 +567,7 @@ func (f *fga) RenameImageAlias(ctx context.Context, projectName string, oldAlias }, } - deletions := []client.ClientTupleKey{ + deletions := []client.ClientTupleKeyWithoutCondition{ { User: ObjectProject(projectName).String(), Relation: relationProject, @@ -573,7 +593,7 @@ func (f *fga) AddInstance(ctx context.Context, projectName string, instanceName // DeleteInstance is a no-op. func (f *fga) DeleteInstance(ctx context.Context, projectName string, instanceName string) error { - deletions := []client.ClientTupleKey{ + deletions := []client.ClientTupleKeyWithoutCondition{ { User: ObjectProject(projectName).String(), Relation: relationProject, @@ -594,7 +614,7 @@ func (f *fga) RenameInstance(ctx context.Context, projectName string, oldInstanc }, } - deletions := []client.ClientTupleKey{ + deletions := []client.ClientTupleKeyWithoutCondition{ { User: ObjectProject(projectName).String(), Relation: relationProject, @@ -620,7 +640,7 @@ func (f *fga) AddNetwork(ctx context.Context, projectName string, networkName st // DeleteNetwork is a no-op. func (f *fga) DeleteNetwork(ctx context.Context, projectName string, networkName string) error { - deletions := []client.ClientTupleKey{ + deletions := []client.ClientTupleKeyWithoutCondition{ { User: ObjectProject(projectName).String(), Relation: relationProject, @@ -641,7 +661,7 @@ func (f *fga) RenameNetwork(ctx context.Context, projectName string, oldNetworkN }, } - deletions := []client.ClientTupleKey{ + deletions := []client.ClientTupleKeyWithoutCondition{ { User: ObjectProject(projectName).String(), Relation: relationProject, @@ -667,7 +687,7 @@ func (f *fga) AddNetworkZone(ctx context.Context, projectName string, networkZon // DeleteNetworkZone is a no-op. func (f *fga) DeleteNetworkZone(ctx context.Context, projectName string, networkZoneName string) error { - deletions := []client.ClientTupleKey{ + deletions := []client.ClientTupleKeyWithoutCondition{ { User: ObjectProject(projectName).String(), Relation: relationProject, @@ -693,7 +713,7 @@ func (f *fga) AddNetworkACL(ctx context.Context, projectName string, networkACLN // DeleteNetworkACL is a no-op. func (f *fga) DeleteNetworkACL(ctx context.Context, projectName string, networkACLName string) error { - deletions := []client.ClientTupleKey{ + deletions := []client.ClientTupleKeyWithoutCondition{ { User: ObjectProject(projectName).String(), Relation: relationProject, @@ -714,7 +734,7 @@ func (f *fga) RenameNetworkACL(ctx context.Context, projectName string, oldNetwo }, } - deletions := []client.ClientTupleKey{ + deletions := []client.ClientTupleKeyWithoutCondition{ { User: ObjectProject(projectName).String(), Relation: relationProject, @@ -740,7 +760,7 @@ func (f *fga) AddProfile(ctx context.Context, projectName string, profileName st // DeleteProfile is a no-op. func (f *fga) DeleteProfile(ctx context.Context, projectName string, profileName string) error { - deletes := []client.ClientTupleKey{ + deletions := []client.ClientTupleKeyWithoutCondition{ { User: ObjectProject(projectName).String(), Relation: relationProject, @@ -748,7 +768,7 @@ func (f *fga) DeleteProfile(ctx context.Context, projectName string, profileName }, } - return f.updateTuples(ctx, nil, deletes) + return f.updateTuples(ctx, nil, deletions) } // RenameProfile is a no-op. @@ -761,7 +781,7 @@ func (f *fga) RenameProfile(ctx context.Context, projectName string, oldProfileN }, } - deletes := []client.ClientTupleKey{ + deletions := []client.ClientTupleKeyWithoutCondition{ { User: ObjectProject(projectName).String(), Relation: relationProject, @@ -769,7 +789,7 @@ func (f *fga) RenameProfile(ctx context.Context, projectName string, oldProfileN }, } - return f.updateTuples(ctx, writes, deletes) + return f.updateTuples(ctx, writes, deletions) } // AddStoragePoolVolume is a no-op. @@ -787,7 +807,7 @@ func (f *fga) AddStoragePoolVolume(ctx context.Context, projectName string, stor // DeleteStoragePoolVolume is a no-op. func (f *fga) DeleteStoragePoolVolume(ctx context.Context, projectName string, storagePoolName string, storageVolumeType string, storageVolumeName string, storageVolumeLocation string) error { - deletions := []client.ClientTupleKey{ + deletions := []client.ClientTupleKeyWithoutCondition{ { User: ObjectProject(projectName).String(), Relation: relationProject, @@ -808,7 +828,7 @@ func (f *fga) RenameStoragePoolVolume(ctx context.Context, projectName string, s }, } - deletions := []client.ClientTupleKey{ + deletions := []client.ClientTupleKeyWithoutCondition{ { User: ObjectProject(projectName).String(), Relation: relationProject, @@ -834,7 +854,7 @@ func (f *fga) AddStorageBucket(ctx context.Context, projectName string, storageP // DeleteStorageBucket is a no-op. func (f *fga) DeleteStorageBucket(ctx context.Context, projectName string, storagePoolName string, storageBucketName string, storageBucketLocation string) error { - deletions := []client.ClientTupleKey{ + deletions := []client.ClientTupleKeyWithoutCondition{ { User: ObjectProject(projectName).String(), Relation: relationProject, @@ -845,7 +865,7 @@ func (f *fga) DeleteStorageBucket(ctx context.Context, projectName string, stora return f.updateTuples(ctx, nil, deletions) } -func (f *fga) updateTuples(ctx context.Context, writes []client.ClientTupleKey, deletions []client.ClientTupleKey) error { +func (f *fga) updateTuples(ctx context.Context, writes []client.ClientTupleKey, deletions []client.ClientTupleKeyWithoutCondition) error { // If offline, skip updating as a full sync will happen after connection. if !f.online { return nil @@ -870,15 +890,15 @@ func (f *fga) updateTuples(ctx context.Context, writes []client.ClientTupleKey, body := client.ClientWriteRequest{} if writes != nil { - body.Writes = &writes + body.Writes = writes } else { - body.Writes = &[]client.ClientTupleKey{} + body.Writes = []client.ClientTupleKey{} } if deletions != nil { - body.Deletes = &deletions + body.Deletes = deletions } else { - body.Deletes = &[]client.ClientTupleKey{} + body.Deletes = []openfga.TupleKeyWithoutCondition{} } clientWriteResponse, err := f.client.Write(ctx).Options(opts).Body(body).Execute() @@ -938,7 +958,7 @@ func (f *fga) projectObjects(ctx context.Context, projectName string) ([]string, func (f *fga) syncResources(ctx context.Context, resources Resources) error { var writes []client.ClientTupleKey - var deletions []client.ClientTupleKey + var deletions []client.ClientTupleKeyWithoutCondition // Check if the type-bound public access is set. resp, err := f.client.Check(ctx).Options(client.ClientCheckOptions{AuthorizationModelId: openfga.PtrString(f.authModelID)}).Body(client.ClientCheckRequest{ @@ -990,7 +1010,7 @@ func (f *fga) syncResources(ctx context.Context, resources Resources) error { user = ObjectProject(remoteObject.Project()).String() } - deletions = append(deletions, client.ClientTupleKey{ + deletions = append(deletions, client.ClientTupleKeyWithoutCondition{ User: user, Relation: relation, Object: remoteObject.String(), diff --git a/test/mini-oidc/go.mod b/test/mini-oidc/go.mod index 8cb8c737f7..57cf52898f 100644 --- a/test/mini-oidc/go.mod +++ b/test/mini-oidc/go.mod @@ -6,8 +6,8 @@ require ( github.com/go-chi/chi/v5 v5.0.10 github.com/go-jose/go-jose/v3 v3.0.1 github.com/google/uuid v1.5.0 - github.com/zitadel/oidc/v3 v3.6.0 - golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb + github.com/zitadel/oidc/v3 v3.8.0 + golang.org/x/exp v0.0.0-20231219180239-dc181d75b848 golang.org/x/text v0.14.0 ) @@ -25,7 +25,7 @@ require ( go.opentelemetry.io/otel v1.21.0 // indirect go.opentelemetry.io/otel/metric v1.21.0 // indirect go.opentelemetry.io/otel/trace v1.21.0 // indirect - golang.org/x/crypto v0.16.0 // indirect + golang.org/x/crypto v0.17.0 // indirect golang.org/x/oauth2 v0.15.0 // indirect golang.org/x/sys v0.15.0 // indirect google.golang.org/appengine v1.6.8 // indirect diff --git a/test/mini-oidc/go.sum b/test/mini-oidc/go.sum index 01622ee9a0..cbe86ff1af 100644 --- a/test/mini-oidc/go.sum +++ b/test/mini-oidc/go.sum @@ -42,8 +42,8 @@ github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcU github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/zitadel/logging v0.5.0 h1:Kunouvqse/efXy4UDvFw5s3vP+Z4AlHo3y8wF7stXHA= github.com/zitadel/logging v0.5.0/go.mod h1:IzP5fzwFhzzyxHkSmfF8dsyqFsQRJLLcQmwhIBzlGsE= -github.com/zitadel/oidc/v3 v3.6.0 h1:q+yJ0Z8e2QIhtnauIp/Na0t4NavKPG50S0jgxk8Ks8g= -github.com/zitadel/oidc/v3 v3.6.0/go.mod h1:R8sF5DPR98QQnOoyySsaNqI4NcF/VFMkf/XoYiBUuXQ= +github.com/zitadel/oidc/v3 v3.8.0 h1:4Nvok+e6o3FDpqrf14JOg4EVBvwXNFOI1lFHPZU75iA= +github.com/zitadel/oidc/v3 v3.8.0/go.mod h1:v+aHyg4lBAUuuUHINwXqHtKunPJZo8kPvMpRRBYEKHY= github.com/zitadel/schema v1.3.0 h1:kQ9W9tvIwZICCKWcMvCEweXET1OcOyGEuFbHs4o5kg0= github.com/zitadel/schema v1.3.0/go.mod h1:NptN6mkBDFvERUCvZHlvWmmME+gmZ44xzwRXwhzsbtc= go.opentelemetry.io/otel v1.21.0 h1:hzLeKBZEL7Okw2mGzZ0cc4k/A7Fta0uoPgaJCr8fsFc= @@ -55,10 +55,10 @@ go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY= -golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= -golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb h1:c0vyKkb6yr3KR7jEfJaOSv4lG7xPkbN6r52aJz1d8a8= -golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI= +golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= +golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= +golang.org/x/exp v0.0.0-20231219180239-dc181d75b848 h1:+iq7lrkxmFNBM7xx+Rae2W6uyPfhPeDWD+n+JgppptE= +golang.org/x/exp v0.0.0-20231219180239-dc181d75b848/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= diff --git a/test/mini-oidc/main.go b/test/mini-oidc/main.go index e8e1d112f6..b9c1cecd94 100644 --- a/test/mini-oidc/main.go +++ b/test/mini-oidc/main.go @@ -28,7 +28,8 @@ func main() { // Setup the OIDC provider. key := sha256.Sum256([]byte("test")) router := chi.NewRouter() - storage := storage.NewStorage(storage.NewUserStore(issuer)) + users := &userStore{} + storage := storage.NewStorage(users) // Create the provider. config := &op.Config{ @@ -74,6 +75,8 @@ func main() { } func userCodeHandler(storage *storage.Storage, w http.ResponseWriter, r *http.Request) { + name := username() + err := r.ParseForm() if err != nil { return @@ -84,21 +87,47 @@ func userCodeHandler(storage *storage.Storage, w http.ResponseWriter, r *http.Re return } + err = storage.CompleteDeviceAuthorization(r.Context(), userCode, name) + if err != nil { + return + } + + fmt.Printf("%s => %s\n", userCode, name) + + return +} + +func username() string { userName := "unknown" content, err := os.ReadFile(os.Args[2]) if err == nil { userName = strings.TrimSpace(string(content)) - } else if !os.IsNotExist(err) { - return } - err = storage.CompleteDeviceAuthorization(r.Context(), userCode, userName) - if err != nil { - return + return userName +} + +type userStore struct{} + +func (u userStore) ExampleClientID() string { + return "service" +} + +func (u userStore) GetUserByID(string) *storage.User { + name := username() + + return &storage.User{ + ID: name, + Username: name, } +} - fmt.Printf("%s => %s\n", userCode, userName) +func (u userStore) GetUserByUsername(string) *storage.User { + name := username() - return + return &storage.User{ + ID: name, + Username: name, + } }