Dual Write: Generate replication events for Role endpoints

[lpichler]

• Class RelationApiDualWriteHandler was added. This class containers has methods which performs Replication Event generation
• methods:
  • generate_relations_from_current_state_of_role - this generate relations from current stage of role only from PRBAC DB- it uses mappings tables to get v2 role and role bindings uuids
  • generate_relations_and_mappings_for_role - this generates new relations for role - it generates new UUID for v2 role and role bindings
  • regenerate_relations_and_mappings_for_role - generate_relations_and_mappings_for_role
  • build_replication_event - generates json representation of relation which are sent to outbox table - see replication event bellow
  • save_replication_event_to_outbox - store relation event into outbox table (content of this method is not added yet)
  • generate_replication_event_to_outbox - regenerate_relations_and_mappings_for_role and save_replication_event_to_outbox

Each role action has mix of those methods:
CREATE:

• create role from input to DB
• generate_relations_and_mappings_for_role
• save_replication_event_to_outbox

UPDATE:

• generate_relations_from_current_state_of_role
• update role based on input in DB
• generate_replication_event_to_outbox

DELETE:

• generate_relations_from_current_state_of_role
• delete role in DB
• save_replication_event_to_outbox

---

• Replication Event is not stored into outbox table, PR with table is not merged yet- PR
• Migration tool and mappings update: Columns v2 role uuid and permissions where added into BindingMapping table ,
  this information are required to identification of role and role bindings
• Control Variable REPLICATION_TO_RELATION_ENABLED to enabled and disable replication - Replication is disable by default except to unit tests

Next Steps: Missing Endpoints

Replication Event (which will be stored in outbox table as payload):

{
  "relations_to_add": [
    {
      "resource": {
        "type": "role_binding",
        "id": "049fd753-4fe2-4d70-bc56-c59a68d749df"
      },
      "relation": "granted",
      "subject": {
        "type": "role",
        "id": "a1cb1ab4-0443-4257-b576-2eec75079d3d"
      }
    },
    {
      "resource": {
        "type": "role",
        "id": "a1cb1ab4-0443-4257-b576-2eec75079d3d"
      },
      "relation": "app_all_read",
      "subject": {
        "type": "user",
        "id": "*"
      }
    },
  ],
  "relations_to_remove": [
    {
      "resource": {
        "type": "keya/id",
        "id": "valueA"
      },
      "relation": "user_grant",
      "subject": {
        "type": "role_binding",
        "id": "bf8e6f6b-19b6-446a-81e4-d48a9b694bd4"
      }
    }]
}

Links

https://issues.redhat.com/browse/RHCLOUD-34786
https://issues.redhat.com/browse/RHCLOUD-34509

[lpichler]

/retest

[lennysgarage]

Might be a small nitpick not sure if the docstrings affect things here but should ArRray just be Array?

[alechenninger]

Also note that since most operations are performed in their own isolated transaction (autocommit / not inside atomic()) then I think the perf overhead of repeatable read (or serializable for that matter) should be negligible (however you will also not see any of the benefits of the increased isolation level in those cases–it will only matter to atomic() blocks).

[lpichler]

Option 2 was added.

[alechenninger]

Need to add a check if replication is enabled here

[lpichler]

/retest

[alechenninger]

IMO this is ready to ship