Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rename ProjectRoles and friends to ProjectRole etc #1220

Merged
merged 1 commit into from Jun 16, 2022
Merged

Rename ProjectRoles and friends to ProjectRole etc #1220

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
6 changes: 3 additions & 3 deletions nexus/src/app/iam.rs
View file
Open in desktop
Expand Up @@ -23,7 +23,7 @@ impl super::Nexus {
pub async fn fleet_fetch_policy(
&self,
opctx: &OpContext,
) -> LookupResult<shared::Policy<authz::FleetRoles>> {
) -> LookupResult<shared::Policy<authz::FleetRole>> {
let role_assignments = self
.db_datastore
.role_assignment_fetch_visible(opctx, &authz::FLEET)
Expand All @@ -38,8 +38,8 @@ impl super::Nexus {
pub async fn fleet_update_policy(
&self,
opctx: &OpContext,
policy: &shared::Policy<authz::FleetRoles>,
) -> UpdateResult<shared::Policy<authz::FleetRoles>> {
policy: &shared::Policy<authz::FleetRole>,
) -> UpdateResult<shared::Policy<authz::FleetRole>> {
let role_assignments = self
.db_datastore
.role_assignment_replace_visible(
Expand Down
6 changes: 3 additions & 3 deletions nexus/src/app/organization.rs
View file
Open in desktop
Expand Up @@ -97,7 +97,7 @@ impl super::Nexus {
&self,
opctx: &OpContext,
organization_name: &Name,
) -> LookupResult<shared::Policy<authz::OrganizationRoles>> {
) -> LookupResult<shared::Policy<authz::OrganizationRole>> {
let (.., authz_org) = LookupPath::new(opctx, &self.db_datastore)
.organization_name(organization_name)
.lookup_for(authz::Action::ReadPolicy)
Expand All @@ -117,8 +117,8 @@ impl super::Nexus {
&self,
opctx: &OpContext,
organization_name: &Name,
policy: &shared::Policy<authz::OrganizationRoles>,
) -> UpdateResult<shared::Policy<authz::OrganizationRoles>> {
policy: &shared::Policy<authz::OrganizationRole>,
) -> UpdateResult<shared::Policy<authz::OrganizationRole>> {
let (.., authz_org) = LookupPath::new(opctx, &self.db_datastore)
.organization_name(organization_name)
.lookup_for(authz::Action::ModifyPolicy)
Expand Down
6 changes: 3 additions & 3 deletions nexus/src/app/project.rs
View file
Open in desktop
Expand Up @@ -156,7 +156,7 @@ impl super::Nexus {
opctx: &OpContext,
organization_name: &Name,
project_name: &Name,
) -> LookupResult<shared::Policy<authz::ProjectRoles>> {
) -> LookupResult<shared::Policy<authz::ProjectRole>> {
let (.., authz_project) = LookupPath::new(opctx, &self.db_datastore)
.organization_name(organization_name)
.project_name(project_name)
Expand All @@ -178,8 +178,8 @@ impl super::Nexus {
opctx: &OpContext,
organization_name: &Name,
project_name: &Name,
policy: &shared::Policy<authz::ProjectRoles>,
) -> UpdateResult<shared::Policy<authz::ProjectRoles>> {
policy: &shared::Policy<authz::ProjectRole>,
) -> UpdateResult<shared::Policy<authz::ProjectRole>> {
let (.., authz_project) = LookupPath::new(opctx, &self.db_datastore)
.organization_name(organization_name)
.project_name(project_name)
Expand Down
6 changes: 3 additions & 3 deletions nexus/src/app/silo.rs
View file
Open in desktop
Expand Up @@ -82,7 +82,7 @@ impl super::Nexus {
&self,
opctx: &OpContext,
silo_name: &Name,
) -> LookupResult<shared::Policy<authz::SiloRoles>> {
) -> LookupResult<shared::Policy<authz::SiloRole>> {
let (.., authz_silo) = LookupPath::new(opctx, &self.db_datastore)
.silo_name(silo_name)
.lookup_for(authz::Action::ReadPolicy)
Expand All @@ -102,8 +102,8 @@ impl super::Nexus {
&self,
opctx: &OpContext,
silo_name: &Name,
policy: &shared::Policy<authz::SiloRoles>,
) -> UpdateResult<shared::Policy<authz::SiloRoles>> {
policy: &shared::Policy<authz::SiloRole>,
) -> UpdateResult<shared::Policy<authz::SiloRole>> {
let (.., authz_silo) = LookupPath::new(opctx, &self.db_datastore)
.silo_name(silo_name)
.lookup_for(authz::Action::ModifyPolicy)
Expand Down
88 changes: 44 additions & 44 deletions nexus/src/authz/api_resources.rs
View file
Open in desktop
Expand Up @@ -202,38 +202,38 @@ impl ApiResourceWithRoles for Fleet {
}

impl ApiResourceWithRolesType for Fleet {
type AllowedRoles = FleetRoles;
type AllowedRoles = FleetRole;
}

#[derive(
Clone, Copy, Debug, Deserialize, Eq, PartialEq, Serialize, JsonSchema,
)]
#[cfg_attr(test, derive(EnumIter))]
#[serde(rename_all = "snake_case")]
pub enum FleetRoles {
pub enum FleetRole {
Admin,
Collaborator,
Viewer,
// There are other Fleet roles, but they are not externally-visible and so
// they do not show up in this enum.
}

impl db::model::DatabaseString for FleetRoles {
impl db::model::DatabaseString for FleetRole {
type Error = anyhow::Error;

fn to_database_string(&self) -> &str {
match self {
FleetRoles::Admin => "admin",
FleetRoles::Collaborator => "collaborator",
FleetRoles::Viewer => "viewer",
FleetRole::Admin => "admin",
FleetRole::Collaborator => "collaborator",
FleetRole::Viewer => "viewer",
}
}

fn from_database_string(s: &str) -> Result<Self, Self::Error> {
match s {
"admin" => Ok(FleetRoles::Admin),
"collaborator" => Ok(FleetRoles::Collaborator),
"viewer" => Ok(FleetRoles::Viewer),
"admin" => Ok(FleetRole::Admin),
"collaborator" => Ok(FleetRole::Collaborator),
"viewer" => Ok(FleetRole::Viewer),
_ => Err(anyhow!("unsupported Fleet role from database: {:?}", s)),
}
}
Expand Down Expand Up @@ -370,7 +370,7 @@ authz_resource! {
}

impl ApiResourceWithRolesType for Organization {
type AllowedRoles = OrganizationRoles;
type AllowedRoles = OrganizationRole;
}

#[derive(
Expand All @@ -388,28 +388,28 @@ impl ApiResourceWithRolesType for Organization {
#[cfg_attr(test, derive(EnumIter))]
#[display(style = "kebab-case")]
#[serde(rename_all = "snake_case")]
pub enum OrganizationRoles {
pub enum OrganizationRole {
Admin,
Collaborator,
Viewer,
}

impl db::model::DatabaseString for OrganizationRoles {
impl db::model::DatabaseString for OrganizationRole {
type Error = anyhow::Error;

fn to_database_string(&self) -> &str {
match self {
OrganizationRoles::Admin => "admin",
OrganizationRoles::Collaborator => "collaborator",
OrganizationRoles::Viewer => "viewer",
OrganizationRole::Admin => "admin",
OrganizationRole::Collaborator => "collaborator",
OrganizationRole::Viewer => "viewer",
}
}

fn from_database_string(s: &str) -> Result<Self, Self::Error> {
match s {
"admin" => Ok(OrganizationRoles::Admin),
"collaborator" => Ok(OrganizationRoles::Collaborator),
"viewer" => Ok(OrganizationRoles::Viewer),
"admin" => Ok(OrganizationRole::Admin),
"collaborator" => Ok(OrganizationRole::Collaborator),
"viewer" => Ok(OrganizationRole::Viewer),
_ => Err(anyhow!(
"unsupported Organization role from database: {:?}",
s
Expand All @@ -427,7 +427,7 @@ authz_resource! {
}

impl ApiResourceWithRolesType for Project {
type AllowedRoles = ProjectRoles;
type AllowedRoles = ProjectRole;
}

#[derive(
Expand All @@ -445,28 +445,28 @@ impl ApiResourceWithRolesType for Project {
#[cfg_attr(test, derive(EnumIter))]
#[display(style = "kebab-case")]
#[serde(rename_all = "snake_case")]
pub enum ProjectRoles {
pub enum ProjectRole {
Admin,
Collaborator,
Viewer,
}

impl db::model::DatabaseString for ProjectRoles {
impl db::model::DatabaseString for ProjectRole {
type Error = anyhow::Error;

fn to_database_string(&self) -> &str {
match self {
ProjectRoles::Admin => "admin",
ProjectRoles::Collaborator => "collaborator",
ProjectRoles::Viewer => "viewer",
ProjectRole::Admin => "admin",
ProjectRole::Collaborator => "collaborator",
ProjectRole::Viewer => "viewer",
}
}

fn from_database_string(s: &str) -> Result<Self, Self::Error> {
match s {
"admin" => Ok(ProjectRoles::Admin),
"collaborator" => Ok(ProjectRoles::Collaborator),
"viewer" => Ok(ProjectRoles::Viewer),
"admin" => Ok(ProjectRole::Admin),
"collaborator" => Ok(ProjectRole::Collaborator),
"viewer" => Ok(ProjectRole::Viewer),
_ => {
Err(anyhow!("unsupported Project role from database: {:?}", s))
}
Expand Down Expand Up @@ -573,7 +573,7 @@ authz_resource! {
}

impl ApiResourceWithRolesType for Silo {
type AllowedRoles = SiloRoles;
type AllowedRoles = SiloRole;
}

#[derive(
Expand All @@ -591,28 +591,28 @@ impl ApiResourceWithRolesType for Silo {
#[cfg_attr(test, derive(EnumIter))]
#[display(style = "kebab-case")]
#[serde(rename_all = "snake_case")]
pub enum SiloRoles {
pub enum SiloRole {
Admin,
Collaborator,
Viewer,
}

impl db::model::DatabaseString for SiloRoles {
impl db::model::DatabaseString for SiloRole {
type Error = anyhow::Error;

fn to_database_string(&self) -> &str {
match self {
SiloRoles::Admin => "admin",
SiloRoles::Collaborator => "collaborator",
SiloRoles::Viewer => "viewer",
SiloRole::Admin => "admin",
SiloRole::Collaborator => "collaborator",
SiloRole::Viewer => "viewer",
}
}

fn from_database_string(s: &str) -> Result<Self, Self::Error> {
match s {
"admin" => Ok(SiloRoles::Admin),
"collaborator" => Ok(SiloRoles::Collaborator),
"viewer" => Ok(SiloRoles::Viewer),
"admin" => Ok(SiloRole::Admin),
"collaborator" => Ok(SiloRole::Collaborator),
"viewer" => Ok(SiloRole::Viewer),
_ => Err(anyhow!("unsupported Silo role from database: {:?}", s)),
}
}
Expand Down Expand Up @@ -676,24 +676,24 @@ authz_resource! {

#[cfg(test)]
mod test {
use super::FleetRoles;
use super::OrganizationRoles;
use super::ProjectRoles;
use super::SiloRoles;
use super::FleetRole;
use super::OrganizationRole;
use super::ProjectRole;
use super::SiloRole;
use crate::db::model::test_database_string_impl;

#[test]
fn test_roles_database_strings() {
test_database_string_impl::<FleetRoles, _>(
test_database_string_impl::<FleetRole, _>(
"tests/output/authz-roles-fleet.txt",
);
test_database_string_impl::<SiloRoles, _>(
test_database_string_impl::<SiloRole, _>(
"tests/output/authz-roles-silo.txt",
);
test_database_string_impl::<OrganizationRoles, _>(
test_database_string_impl::<OrganizationRole, _>(
"tests/output/authz-roles-organization.txt",
);
test_database_string_impl::<ProjectRoles, _>(
test_database_string_impl::<ProjectRole, _>(
"tests/output/authz-roles-project.txt",
);
}
Expand Down
8 changes: 4 additions & 4 deletions nexus/src/db/fixed_data/role_builtin.rs
View file
Open in desktop
Expand Up @@ -104,12 +104,12 @@ mod test {
// resource must have a corresponding entry in BUILTIN_ROLES above.
// The reverse is not necessarily true because we have some internal
// roles that are not exposed to end users.
check_public_roles::<authz::FleetRoles>(ResourceType::Fleet);
check_public_roles::<authz::SiloRoles>(ResourceType::Silo);
check_public_roles::<authz::OrganizationRoles>(
check_public_roles::<authz::FleetRole>(ResourceType::Fleet);
check_public_roles::<authz::SiloRole>(ResourceType::Silo);
check_public_roles::<authz::OrganizationRole>(
ResourceType::Organization,
);
check_public_roles::<authz::ProjectRoles>(ResourceType::Project);
check_public_roles::<authz::ProjectRole>(ResourceType::Project);
}

fn check_public_roles<T>(resource_type: ResourceType)
Expand Down
24 changes: 12 additions & 12 deletions nexus/src/external_api/http_entrypoints.rs
View file
Open in desktop
Expand Up @@ -264,7 +264,7 @@ pub fn external_api() -> NexusApiDescription {
}]
async fn policy_get(
rqctx: Arc<RequestContext<Arc<ServerContext>>>,
) -> Result<HttpResponseOk<shared::Policy<authz::FleetRoles>>, HttpError> {
) -> Result<HttpResponseOk<shared::Policy<authz::FleetRole>>, HttpError> {
let apictx = rqctx.context();
let nexus = &apictx.nexus;

Expand All @@ -284,8 +284,8 @@ async fn policy_get(
}]
async fn policy_put(
rqctx: Arc<RequestContext<Arc<ServerContext>>>,
new_policy: TypedBody<shared::Policy<authz::FleetRoles>>,
) -> Result<HttpResponseOk<shared::Policy<authz::FleetRoles>>, HttpError> {
new_policy: TypedBody<shared::Policy<authz::FleetRole>>,
) -> Result<HttpResponseOk<shared::Policy<authz::FleetRole>>, HttpError> {
let apictx = rqctx.context();
let nexus = &apictx.nexus;
let new_policy = new_policy.into_inner();
Expand Down Expand Up @@ -421,7 +421,7 @@ async fn silos_delete_silo(
async fn silos_get_silo_policy(
rqctx: Arc<RequestContext<Arc<ServerContext>>>,
path_params: Path<SiloPathParam>,
) -> Result<HttpResponseOk<shared::Policy<authz::SiloRoles>>, HttpError> {
) -> Result<HttpResponseOk<shared::Policy<authz::SiloRole>>, HttpError> {
let apictx = rqctx.context();
let nexus = &apictx.nexus;
let path = path_params.into_inner();
Expand All @@ -444,8 +444,8 @@ async fn silos_get_silo_policy(
async fn silos_put_silo_policy(
rqctx: Arc<RequestContext<Arc<ServerContext>>>,
path_params: Path<SiloPathParam>,
new_policy: TypedBody<shared::Policy<authz::SiloRoles>>,
) -> Result<HttpResponseOk<shared::Policy<authz::SiloRoles>>, HttpError> {
new_policy: TypedBody<shared::Policy<authz::SiloRole>>,
) -> Result<HttpResponseOk<shared::Policy<authz::SiloRole>>, HttpError> {
let apictx = rqctx.context();
let nexus = &apictx.nexus;
let path = path_params.into_inner();
Expand Down Expand Up @@ -725,7 +725,7 @@ async fn organizations_put_organization(
async fn organization_get_policy(
rqctx: Arc<RequestContext<Arc<ServerContext>>>,
path_params: Path<OrganizationPathParam>,
) -> Result<HttpResponseOk<shared::Policy<authz::OrganizationRoles>>, HttpError>
) -> Result<HttpResponseOk<shared::Policy<authz::OrganizationRole>>, HttpError>
{
let apictx = rqctx.context();
let nexus = &apictx.nexus;
Expand All @@ -750,8 +750,8 @@ async fn organization_get_policy(
async fn organization_put_policy(
rqctx: Arc<RequestContext<Arc<ServerContext>>>,
path_params: Path<OrganizationPathParam>,
new_policy: TypedBody<shared::Policy<authz::OrganizationRoles>>,
) -> Result<HttpResponseOk<shared::Policy<authz::OrganizationRoles>>, HttpError>
new_policy: TypedBody<shared::Policy<authz::OrganizationRole>>,
) -> Result<HttpResponseOk<shared::Policy<authz::OrganizationRole>>, HttpError>
{
let apictx = rqctx.context();
let nexus = &apictx.nexus;
Expand Down Expand Up @@ -957,7 +957,7 @@ async fn organization_projects_put_project(
async fn organization_projects_get_project_policy(
rqctx: Arc<RequestContext<Arc<ServerContext>>>,
path_params: Path<ProjectPathParam>,
) -> Result<HttpResponseOk<shared::Policy<authz::ProjectRoles>>, HttpError> {
) -> Result<HttpResponseOk<shared::Policy<authz::ProjectRole>>, HttpError> {
let apictx = rqctx.context();
let nexus = &apictx.nexus;
let path = path_params.into_inner();
Expand All @@ -983,8 +983,8 @@ async fn organization_projects_get_project_policy(
async fn organization_projects_put_project_policy(
rqctx: Arc<RequestContext<Arc<ServerContext>>>,
path_params: Path<ProjectPathParam>,
new_policy: TypedBody<shared::Policy<authz::ProjectRoles>>,
) -> Result<HttpResponseOk<shared::Policy<authz::ProjectRoles>>, HttpError> {
new_policy: TypedBody<shared::Policy<authz::ProjectRole>>,
) -> Result<HttpResponseOk<shared::Policy<authz::ProjectRole>>, HttpError> {
let apictx = rqctx.context();
let nexus = &apictx.nexus;
let path = path_params.into_inner();
Expand Down