Skip to content

Commit

Permalink
feat: replace scopes with roles
Browse files Browse the repository at this point in the history
Replace user scopes with simplified roles.

Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
  • Loading branch information
utkuozdemir committed May 26, 2023
1 parent 5b4f3bb commit a034e9f
Show file tree
Hide file tree
Showing 5 changed files with 88 additions and 93 deletions.
100 changes: 51 additions & 49 deletions api/auth/auth.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 6 additions & 4 deletions api/auth/auth.proto
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,12 @@ message Identity {
message RegisterPublicKeyRequest {
PublicKey public_key = 1;
Identity identity = 2;
repeated string scopes = 3;

// If true and the scopes are empty, the user scopes will not be added to the public key.
bool skip_user_scopes = 4;
reserved 3;
reserved 4;
// The role of the public key. When skip_user_role is true, this field is ignored.
string role = 5;
// If true, the role field will be used to determine the role of the public key.
bool skip_user_role = 6;
}

message RegisterPublicKeyResponse {
Expand Down
2 changes: 1 addition & 1 deletion api/auth/auth_grpc.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

54 changes: 22 additions & 32 deletions api/auth/auth_vtproto.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

15 changes: 8 additions & 7 deletions pkg/client/auth/auth.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,18 +28,19 @@ func NewClient(conn *grpc.ClientConn) *Client {
// RegisterPGPPublicKeyOption customizes authpb.RegisterPublicKeyRequest.
type RegisterPGPPublicKeyOption func(*authpb.RegisterPublicKeyRequest)

// WithScopes sets the scopes in the authpb.RegisterPublicKeyRequest.
func WithScopes(scopes ...string) RegisterPGPPublicKeyOption {
// WithRole sets the role in the authpb.RegisterPublicKeyRequest.
// Only effective if skipUserRole is true.
func WithRole(role string) RegisterPGPPublicKeyOption {
return func(o *authpb.RegisterPublicKeyRequest) {
o.Scopes = scopes
o.Role = role
}
}

// WithSkipUserScopes sets the skipUserScopes flag in the authpb.RegisterPublicKeyRequest.
// If true and no scopes are specified using WithScopes, the scopes of the user are assigned to the public key by the server.
func WithSkipUserScopes(skipUserScopes bool) RegisterPGPPublicKeyOption {
// WithSkipUserRole sets the skipUserRole flag in the authpb.RegisterPublicKeyRequest.
// When true, the role set via WithRole is respected.
func WithSkipUserRole(skipUserRole bool) RegisterPGPPublicKeyOption {
return func(o *authpb.RegisterPublicKeyRequest) {
o.SkipUserScopes = skipUserScopes
o.SkipUserRole = skipUserRole
}
}

Expand Down

0 comments on commit a034e9f

Please sign in to comment.