fix: set initial owner to account_id for imported grants with user ac…

…count_type
raystack · Jan 20, 2023 · 92d74cd · 92d74cd
1 parent 8146397
commit 92d74cd
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 5 deletions.
diff --git a/core/grant/service.go b/core/grant/service.go
@@ -367,9 +367,8 @@ func (s *Service) ImportFromProvider(ctx context.Context, criteria ImportFromPro
 			for _, g := range grants {
 				key := g.PermissionsKey()
 				if existingGrant, ok := activeGrantsMap[rURN][accountSignature][key]; ok {
-					// update existing grants
+					// replace imported grant values with existing grant
 					*g = *existingGrant
-					g.StatusInProvider = existingGrant.StatusInProvider
 
 					// remove updated grant from active grants map
 					delete(activeGrantsMap[rURN][accountSignature], key)

diff --git a/core/grant/service_test.go b/core/grant/service_test.go
@@ -336,6 +336,11 @@ func (s *ServiceTestSuite) TestImportFromProvider() {
 							AccountType: "user",
 							Permission:  "test-permission",
 						},
+						{
+							AccountID:   "test-account-id-2",
+							AccountType: "serviceAccount",
+							Permission:  "test-permission",
+						},
 					},
 				},
 				existingGrants:            []domain.Grant{},
@@ -351,7 +356,19 @@ func (s *ServiceTestSuite) TestImportFromProvider() {
 						Status:           domain.GrantStatusActive,
 						StatusInProvider: domain.GrantStatusActive,
 						Source:           domain.GrantSourceImport,
-						CreatedBy:        domain.SystemActorName,
+						Owner:            "test-account-id",
+					},
+					{
+						ResourceID:       "test-resource-id",
+						AccountID:        "test-account-id-2",
+						AccountType:      "serviceAccount",
+						Role:             "test-role-id",
+						Permissions:      []string{"test-permission"},
+						IsPermanent:      true,
+						Status:           domain.GrantStatusActive,
+						StatusInProvider: domain.GrantStatusActive,
+						Source:           domain.GrantSourceImport,
+						Owner:            domain.SystemActorName,
 					},
 				},
 			},
@@ -378,6 +395,7 @@ func (s *ServiceTestSuite) TestImportFromProvider() {
 						Role:             "test-role-id",
 						Permissions:      []string{"test-permission"},
 						Resource:         dummyResources[0],
+						Owner:            "test-account-id",
 					},
 					{
 						ID:               "test-grant-id-2",
@@ -389,6 +407,7 @@ func (s *ServiceTestSuite) TestImportFromProvider() {
 						Role:             "test-role-id",
 						Permissions:      []string{"test-permission"},
 						Resource:         dummyResources[0],
+						Owner:            "test-account-id-2",
 					},
 				},
 				expectedDeactivatedGrants: []*domain.Grant{
@@ -402,6 +421,7 @@ func (s *ServiceTestSuite) TestImportFromProvider() {
 						Role:             "test-role-id",
 						Permissions:      []string{"test-permission"},
 						Resource:         dummyResources[0],
+						Owner:            "test-account-id-2",
 					},
 				},
 				expectedNewAndUpdatedGrants: []*domain.Grant{
@@ -415,6 +435,7 @@ func (s *ServiceTestSuite) TestImportFromProvider() {
 						Role:             "test-role-id",
 						Permissions:      []string{"test-permission"},
 						Resource:         dummyResources[0],
+						Owner:            "test-account-id",
 					},
 				},
 			},

diff --git a/domain/grant.go b/domain/grant.go
@@ -118,17 +118,21 @@ type AccessEntry struct {
 }
 
 func (ae AccessEntry) ToGrant(resource Resource) Grant {
-	return Grant{
+	g := Grant{
 		ResourceID:       resource.ID,
 		Status:           GrantStatusActive,
 		StatusInProvider: GrantStatusActive,
 		AccountID:        ae.AccountID,
 		AccountType:      ae.AccountType,
-		CreatedBy:        SystemActorName,
+		Owner:            SystemActorName,
 		Permissions:      []string{ae.Permission},
 		Source:           GrantSourceImport,
 		IsPermanent:      true,
 	}
+	if ae.AccountType == "user" {
+		g.Owner = ae.AccountID
+	}
+	return g
 }
 
 // MapResourceAccess is list of UserAccess grouped by resource urn