feat: get resource from store using backend and resource type instead…

… of urn (#143)

* use backend and resource type to fetch resource instead of namespace_id

* add test for namespace

* remove unnecessary print statements

* refactor query building

* fix lint

* simplifying conditionls

* todo format correction

* remove unnecessary tag

* correct the comment

* correct the json keys in seed data

* lint fix

* get id from name and not urn

.shield.yaml

@@ -0,0 +1,32 @@
+version: 1
+log:
+  level: debug
+
+app:
+  port: 8089
+  ruleset: file:///Users/kartikverma/work/data-engineering/shield/ignore/rules
+  resources_config_path: file:///Users/kartikverma/work/data-engineering/shield/ignore/resource
+  identity_proxy_header: "X-Auth-Email"
+
+proxy:
+  services:
+    - host: 0.0.0.0
+      port: 5556
+      ruleset: file:///Users/kartikverma/work/data-engineering/shield/ignore/rules
+      resources_config_path: file:///Users/kartikverma/work/data-engineering/shield/ignore/resource
+      identity_proxy_header: "X-Auth-Email"
+
+db:
+  driver: postgres
+  url: postgres://shield:@localhost:5432/shield?sslmode=disable
+  max_query_timeout: 1000ms
+
+spicedb:
+  host: 0.0.0.0
+  port: 50052
+  pre_shared_key: shield
+
+newrelic:
+  app_name: local-shield-v2
+  license: e308f819064ac3e96012420aeca0d48d780cNRAL
+  enabled: false

core/bootstrap/bootstrap.go

@@ -186,8 +186,10 @@ func getResourceAction(actionStr string, ns namespace.Namespace) action.Action {
 func getResourceNamespace(resYAML resource.YAML) namespace.Namespace {
 	nsID := str.Slugify(resYAML.Name, str.SlugifyOptions{})
 	ns := namespace.Namespace{
-		Name: resYAML.Name,
-		ID:   nsID,
+		Name:         resYAML.Name,
+		ID:           nsID,
+		Backend:      resYAML.Backend,
+		ResourceType: resYAML.ResourceType,
 	}
 	return ns
 }

core/namespace/namespace.go

@@ -14,10 +14,12 @@ type Repository interface {
 }
 
 type Namespace struct {
-	ID        string
-	Name      string
-	CreatedAt time.Time
-	UpdatedAt time.Time
+	ID           string
+	Name         string
+	Backend      string
+	ResourceType string
+	CreatedAt    time.Time
+	UpdatedAt    time.Time
 }
 
 func strListHas(list []string, a string) bool {
@@ -34,5 +36,9 @@ func IsSystemNamespaceID(nsID string) bool {
 }
 
 func CreateID(backend, resourceType string) string {
+	if resourceType == "" {
+		return backend
+	}
+
 	return fmt.Sprintf("%s_%s", backend, resourceType)
 }

core/resource/resource.go

@@ -20,6 +20,7 @@ type Repository interface {
 	Create(ctx context.Context, resource Resource) (Resource, error)
 	List(ctx context.Context, flt Filter) ([]Resource, error)
 	Update(ctx context.Context, id string, resource Resource) (Resource, error)
+	GetByNamespace(ctx context.Context, name string, ns namespace.Namespace) (Resource, error)
 }
 
 type ConfigRepository interface {
@@ -64,6 +65,8 @@ type Filter struct {
 }
 
 type YAML struct {
-	Name    string              `json:"name" yaml:"name"`
-	Actions map[string][]string `json:"actions" yaml:"actions"`
+	Name         string              `json:"name" yaml:"name"`
+	Backend      string              `json:"backend" yaml:"backend"`
+	ResourceType string              `json:"resource_type" yaml:"resource_type"`
+	Actions      map[string][]string `json:"actions" yaml:"actions"`
 }

core/resource/service.go

@@ -214,21 +214,20 @@ func (s Service) GetAllConfigs(ctx context.Context) ([]YAML, error) {
 	return s.configRepository.GetAll(ctx)
 }
 
+// TODO(krkvrm): Separate Authz for Resources & System Namespaces
 func (s Service) CheckAuthz(ctx context.Context, res Resource, act action.Action) (bool, error) {
-	user, err := s.userService.FetchCurrentUser(ctx)
+	currentUser, err := s.userService.FetchCurrentUser(ctx)
 	if err != nil {
 		return false, err
 	}
 
-	res.URN = res.CreateURN()
-
 	isSystemNS := namespace.IsSystemNamespaceID(res.NamespaceID)
 	fetchedResource := res
 
 	if isSystemNS {
-		fetchedResource.Idxa = res.URN
+		fetchedResource.Idxa = res.Name
 	} else {
-		fetchedResource, err = s.repository.GetByURN(ctx, res.URN)
+		fetchedResource, err = s.repository.GetByNamespace(ctx, res.Name, res.Namespace)
 		if err != nil {
 			return false, err
 		}
@@ -237,5 +236,5 @@ func (s Service) CheckAuthz(ctx context.Context, res Resource, act action.Action
 	fetchedResourceNS := namespace.Namespace{
 		ID: str.DefaultStringIfEmpty(fetchedResource.NamespaceID, fetchedResource.Namespace.ID),
 	}
-	return s.relationService.CheckPermission(ctx, user, fetchedResourceNS, fetchedResource.Idxa, act)
+	return s.relationService.CheckPermission(ctx, currentUser, fetchedResourceNS, fetchedResource.Idxa, act)
 }

internal/proxy/middleware/authz/authz.go

@@ -6,8 +6,8 @@ import (
 	"net/http"
 
 	"github.com/mitchellh/mapstructure"
-
 	"github.com/odpf/salt/log"
+
 	"github.com/odpf/shield/core/action"
 	"github.com/odpf/shield/core/namespace"
 	"github.com/odpf/shield/core/resource"
@@ -165,10 +165,16 @@ func createResources(permissionAttributes map[string]interface{}) ([]resource.Re
 	}
 
 	for _, res := range resourceList {
+		nsID := namespace.CreateID(backendNamespace[0], resourceType[0])
 		resources = append(resources, resource.Resource{
 			Name:        res,
-			NamespaceID: namespace.CreateID(backendNamespace[0], resourceType[0]),
+			NamespaceID: nsID,
 			ProjectID:   project[0],
+			Namespace: namespace.Namespace{
+				ID:           nsID,
+				Backend:      backendNamespace[0],
+				ResourceType: resourceType[0],
+			},
 		})
 	}
 	return resources, nil

internal/store/blob/resources_repository.go

@@ -129,8 +129,10 @@ func (repo *ResourcesRepository) refresh(ctx context.Context) error {
 		for _, resourceBackend := range resourceBackends.Backends {
 			for _, resourceType := range resourceBackend.ResourceTypes {
 				resources = append(resources, resource.YAML{
-					Name:    namespace.CreateID(resourceBackend.Name, resourceType.Name),
-					Actions: resourceType.Actions,
+					Name:         namespace.CreateID(resourceBackend.Name, resourceType.Name),
+					Actions:      resourceType.Actions,
+					Backend:      resourceBackend.Name,
+					ResourceType: resourceType.Name,
 				})
 			}
 		}

internal/store/postgres/migrations/20220802035409_add_backend_and_resource_type_column_in_namespace.down.sql

@@ -0,0 +1,3 @@
+ALTER TABLE namespaces drop column backend;
+
+ALTER TABLE namespaces drop column resource_type;

internal/store/postgres/migrations/20220802035409_add_backend_and_resource_type_column_in_namespace.up.sql

@@ -0,0 +1,3 @@
+ALTER TABLE namespaces ADD COLUMN backend varchar;
+
+ALTER TABLE namespaces ADD COLUMN resource_type varchar;

internal/store/postgres/namespace.go

@@ -9,18 +9,22 @@ import (
 )
 
 type Namespace struct {
-	ID        string       `db:"id"`
-	Name      string       `db:"name"`
-	CreatedAt time.Time    `db:"created_at"`
-	UpdatedAt time.Time    `db:"updated_at"`
-	DeletedAt sql.NullTime `db:"deleted_at"`
+	ID           string       `db:"id"`
+	Name         string       `db:"name"`
+	Backend      string       `db:"backend"`
+	ResourceType string       `db:"resource_type"`
+	CreatedAt    time.Time    `db:"created_at"`
+	UpdatedAt    time.Time    `db:"updated_at"`
+	DeletedAt    sql.NullTime `db:"deleted_at"`
 }
 
 func (from Namespace) transformToNamespace() namespace.Namespace {
 	return namespace.Namespace{
-		ID:        from.ID,
-		Name:      from.Name,
-		CreatedAt: from.CreatedAt,
-		UpdatedAt: from.UpdatedAt,
+		ID:           from.ID,
+		Name:         from.Name,
+		Backend:      from.Backend,
+		ResourceType: from.ResourceType,
+		CreatedAt:    from.CreatedAt,
+		UpdatedAt:    from.UpdatedAt,
 	}
 }

internal/store/postgres/namespace_repository.go

@@ -60,12 +60,16 @@ func (r NamespaceRepository) Create(ctx context.Context, ns namespace.Namespace)
 
 	query, params, err := dialect.Insert(TABLE_NAMESPACES).Rows(
 		goqu.Record{
-			"id":   ns.ID,
-			"name": ns.Name,
+			"id":            ns.ID,
+			"name":          ns.Name,
+			"backend":       ns.Backend,
+			"resource_type": ns.ResourceType,
 		}).OnConflict(
 		goqu.DoUpdate("id", goqu.Record{
-			"name":       ns.Name,
-			"updated_at": goqu.L("now()"),
+			"name":          ns.Name,
+			"updated_at":    goqu.L("now()"),
+			"backend":       ns.Backend,
+			"resource_type": ns.ResourceType,
 		})).Returning(&Namespace{}).ToSQL()
 	if err != nil {
 		return namespace.Namespace{}, fmt.Errorf("%w: %s", queryErr, err)
@@ -97,7 +101,6 @@ func (r NamespaceRepository) List(ctx context.Context) ([]namespace.Namespace, e
 	if err = r.dbc.WithTimeout(ctx, func(ctx context.Context) error {
 		return r.dbc.SelectContext(ctx, &fetchedNamespaces, query, params...)
 	}); err != nil {
-		// should not throw error but return empty instead
 		if errors.Is(err, sql.ErrNoRows) {
 			return []namespace.Namespace{}, nil
 		}
@@ -123,9 +126,11 @@ func (r NamespaceRepository) Update(ctx context.Context, ns namespace.Namespace)
 
 	query, params, err := dialect.Update(TABLE_NAMESPACES).Set(
 		goqu.Record{
-			"id":         ns.ID,
-			"name":       ns.Name,
-			"updated_at": goqu.L("now()"),
+			"id":            ns.ID,
+			"name":          ns.Name,
+			"updated_at":    goqu.L("now()"),
+			"backend":       ns.Backend,
+			"resource_type": ns.ResourceType,
 		}).Where(
 		goqu.Ex{
 			"id": ns.ID,

internal/store/postgres/namespace_repository_test.go

@@ -176,6 +176,24 @@ func (s *NamespaceRepositoryTestSuite) TestList() {
 					ID:   "ns2",
 					Name: "ns2",
 				},
+				{
+					ID:           "back1_r1",
+					Name:         "Back1 R1",
+					Backend:      "back1",
+					ResourceType: "r1",
+				},
+				{
+					ID:           "back1_r2",
+					Name:         "Back1 R2",
+					Backend:      "back1",
+					ResourceType: "r2",
+				},
+				{
+					ID:           "back2_r1",
+					Name:         "Back2 R1",
+					Backend:      "back2",
+					ResourceType: "r1",
+				},
 			},
 		},
 	}

internal/store/postgres/resource_repository.go

@@ -9,6 +9,7 @@ import (
 	"database/sql"
 
 	"github.com/doug-martin/goqu/v9"
+	"github.com/odpf/shield/core/namespace"
 	"github.com/odpf/shield/core/resource"
 	"github.com/odpf/shield/pkg/db"
 	"github.com/odpf/shield/pkg/uuid"
@@ -224,3 +225,44 @@ func (r ResourceRepository) GetByURN(ctx context.Context, urn string) (resource.
 
 	return resourceModel.transformToResource(), nil
 }
+
+func buildGetResourcesByNamespaceQuery(dialect goqu.DialectWrapper, name string, ns namespace.Namespace) (string, interface{}, error) {
+	namespaceQueryExpression := goqu.Ex{
+		"backend": goqu.L(ns.Backend),
+	}
+
+	if ns.ResourceType != "" {
+		namespaceQueryExpression["resource_type"] = goqu.L(ns.ResourceType)
+	}
+
+	getNamespaceQuery := dialect.Select("id").From(TABLE_NAMESPACES).Where(namespaceQueryExpression)
+	getResourcesByURNQuery, params, err := dialect.Select(&ResourceCols{}).From(TABLE_RESOURCES).Where(goqu.Ex{
+		"name":         goqu.L(name),
+		"namespace_id": goqu.Op{"in": getNamespaceQuery},
+	}).ToSQL()
+
+	return getResourcesByURNQuery, params, err
+}
+
+func (r ResourceRepository) GetByNamespace(ctx context.Context, name string, ns namespace.Namespace) (resource.Resource, error) {
+	var fetchedResource Resource
+
+	query, params, err := buildGetResourcesByNamespaceQuery(dialect, name, ns)
+	if err != nil {
+		return resource.Resource{}, fmt.Errorf("%w: %s", queryErr, err)
+	}
+
+	err = r.dbc.WithTimeout(ctx, func(ctx context.Context) error {
+		return r.dbc.GetContext(ctx, &fetchedResource, query, params)
+	})
+
+	if err != nil {
+		if errors.Is(err, sql.ErrNoRows) {
+			return resource.Resource{}, resource.ErrNotExist
+		}
+
+		return resource.Resource{}, fmt.Errorf("%w: %s", dbErr, err)
+	}
+
+	return fetchedResource.transformToResource(), nil
+}

internal/store/postgres/testdata/mock-namespace.json

@@ -6,5 +6,23 @@
     {
         "id": "ns2",
         "name": "ns2"
+    },
+    {
+        "id": "back1_r1",
+        "name": "Back1 R1",
+        "backend": "back1",
+        "resourceType": "r1"
+    },
+    {
+        "id": "back1_r2",
+        "name": "Back1 R2",
+        "backend": "back1",
+        "resourceType": "r2"
+    },
+    {
+        "id": "back2_r1",
+        "name": "Back2 R1",
+        "backend": "back2",
+        "resourceType": "r1"
     }
-]
+]