fix: namespace passed in resource/check api handle namespace aliases (#…

…257) Signed-off-by: Kush Sharma <thekushsharma@gmail.com>
raystack · Jun 10, 2023 · a89059f · a89059f
1 parent 6c3ac60
commit a89059f
Show file tree

Hide file tree

Showing 11 changed files with 5,238 additions and 16,039 deletions.
diff --git a/buf.gen.yaml b/buf.gen.yaml
@@ -13,6 +13,8 @@ plugins:
   - plugin: "buf.build/grpc-ecosystem/gateway:v2.15.2"
     out: "proto"
     opt: "paths=source_relative"
-  - plugin: "buf.build/grpc-ecosystem/openapiv2:v2.15.2"
+  - plugin: "buf.build/grpc-ecosystem/openapiv2:v2.16.0"
     out: "proto"
-    opt: "allow_merge=true"
+    opt:
+      - allow_merge=true
+      - output_format=yaml
diff --git a/docs/docs/reference/api-definitions.md b/docs/docs/reference/api-definitions.md
@@ -14,6 +14,6 @@ The current deployment uses the [v1beta1](https://github.com/odpf/proton/tree/ma
 While making any changes in Shield APIs, the makefile in Shield contains the Proton commit hash, which is utilized in Shield for generating protobuf files and documentation with `make proto` and `make doc` rules. 
 :::
 
-The **`make proto`** command creates [admin.swagger.json](https://github.com/odpf/shield/blob/main/proto/v1beta1/admin.swagger.json) and [shield.swagger.json](https://github.com/odpf/shield/blob/main/proto/v1beta1/shield.swagger.json) files in which can be used to create a Postman collection to test these APIs. 
+The **`make proto`** command creates [apidocs.swagger.yaml](https://github.com/odpf/shield/blob/main/proto/apidocs.swagger.json) specification which can be used to create a Postman collection to test these APIs. 
 
 Besides this, one can import these files it in the [Swagger Editor](https://editor.swagger.io/) to visualize the Shield API documentation using the Swagger OpenAPI specification format.
diff --git a/docs/docusaurus.config.js b/docs/docusaurus.config.js
@@ -49,7 +49,7 @@ const darkCodeTheme = require('prism-react-renderer/themes/dracula');
         docsPluginId: "classic",
         config: {
           auth: {
-            specPath: "../proto/apidocs.swagger.json",
+            specPath: "../proto/apidocs.swagger.yaml",
             outputDir: "docs/apis",
             sidebarOptions: {
               groupPathsBy: "tag",

diff --git a/internal/api/v1beta1/permission_check.go b/internal/api/v1beta1/permission_check.go
@@ -4,6 +4,8 @@ import (
 	"context"
 	"fmt"
 
+	"github.com/odpf/shield/internal/bootstrap/schema"
+
 	"github.com/odpf/shield/core/relation"
 
 	"github.com/odpf/shield/core/user"
@@ -17,9 +19,10 @@ import (
 
 func (h Handler) CheckResourcePermission(ctx context.Context, req *shieldv1beta1.CheckResourcePermissionRequest) (*shieldv1beta1.CheckResourcePermissionResponse, error) {
 	logger := grpczap.Extract(ctx)
+	objectNamespace := schema.ParseNamespaceAliasIfRequired(req.GetObjectNamespace())
 	result, err := h.resourceService.CheckAuthz(ctx, relation.Object{
 		ID:        req.GetObjectId(),
-		Namespace: req.GetObjectNamespace(),
+		Namespace: objectNamespace,
 	}, req.GetPermission())
 	if err != nil {
 		switch {

diff --git a/internal/api/v1beta1/resource.go b/internal/api/v1beta1/resource.go
@@ -4,6 +4,8 @@ import (
 	"context"
 	"errors"
 
+	"github.com/odpf/shield/internal/bootstrap/schema"
+
 	"github.com/odpf/shield/core/relation"
 
 	"google.golang.org/protobuf/types/known/structpb"
@@ -32,8 +34,9 @@ var grpcResourceNotFoundErr = status.Errorf(codes.NotFound, "resource doesn't ex
 func (h Handler) ListResources(ctx context.Context, request *shieldv1beta1.ListResourcesRequest) (*shieldv1beta1.ListResourcesResponse, error) {
 	logger := grpczap.Extract(ctx)
 	var resources []*shieldv1beta1.Resource
+	namespaceID := schema.ParseNamespaceAliasIfRequired(request.GetNamespace())
 	filters := resource.Filter{
-		NamespaceID: request.GetNamespace(),
+		NamespaceID: namespaceID,
 		ProjectID:   request.GetProjectId(),
 	}
 	resourcesList, err := h.resourceService.List(ctx, filters)
@@ -60,8 +63,9 @@ func (h Handler) ListProjectResources(ctx context.Context, request *shieldv1beta
 	logger := grpczap.Extract(ctx)
 
 	var resources []*shieldv1beta1.Resource
+	namespaceID := schema.ParseNamespaceAliasIfRequired(request.GetNamespace())
 	filters := resource.Filter{
-		NamespaceID: request.GetNamespace(),
+		NamespaceID: namespaceID,
 		ProjectID:   request.GetProjectId(),
 	}
 	resourcesList, err := h.resourceService.List(ctx, filters)
@@ -100,11 +104,12 @@ func (h Handler) CreateProjectResource(ctx context.Context, request *shieldv1bet
 		}
 	}
 
+	namespaceID := schema.ParseNamespaceAliasIfRequired(request.GetBody().GetNamespace())
 	newResource, err := h.resourceService.Create(ctx, resource.Resource{
 		ID:          request.GetId(),
 		Name:        request.GetBody().GetName(),
 		ProjectID:   request.GetProjectId(),
-		NamespaceID: request.GetBody().GetNamespace(),
+		NamespaceID: namespaceID,
 		UserID:      request.GetBody().GetUserId(),
 		Metadata:    metaDataMap,
 	})
@@ -165,10 +170,11 @@ func (h Handler) UpdateProjectResource(ctx context.Context, request *shieldv1bet
 		return nil, grpcBadBodyError
 	}
 
+	namespaceID := schema.ParseNamespaceAliasIfRequired(request.GetBody().GetNamespace())
 	updatedResource, err := h.resourceService.Update(ctx, resource.Resource{
 		ID:          request.GetId(),
 		ProjectID:   request.GetProjectId(),
-		NamespaceID: request.GetBody().GetNamespace(),
+		NamespaceID: namespaceID,
 		Name:        request.GetBody().GetName(),
 		UserID:      request.GetBody().GetUserId(),
 	})

diff --git a/internal/bootstrap/schema/schema.go b/internal/bootstrap/schema/schema.go
@@ -156,6 +156,8 @@ func ParseNamespaceAliasIfRequired(n string) string {
 	switch n {
 	case "user":
 		n = UserPrincipal
+	case "superuser":
+		n = SuperUserPrincipal
 	case "group":
 		n = GroupPrincipal
 	case "org", "organization":