diff --git a/api/interservice/authz/authz.pb.go b/api/interservice/authz/authz.pb.go index 079898d9091..cd72c9c9b9b 100644 --- a/api/interservice/authz/authz.pb.go +++ b/api/interservice/authz/authz.pb.go @@ -9,7 +9,7 @@ import ( version "github.com/chef/automate/api/external/common/version" _ "github.com/envoyproxy/protoc-gen-validate/validate" proto "github.com/golang/protobuf/proto" - timestamp "github.com/golang/protobuf/ptypes/timestamp" + _ "github.com/golang/protobuf/ptypes/timestamp" grpc "google.golang.org/grpc" codes "google.golang.org/grpc/codes" status "google.golang.org/grpc/status" @@ -152,335 +152,6 @@ func (m *IsAuthorizedResp) GetAuthorized() bool { return false } -type Policy struct { - Action string `protobuf:"bytes,1,opt,name=action,proto3" json:"action,omitempty" toml:"action,omitempty" mapstructure:"action,omitempty"` - Subjects []string `protobuf:"bytes,2,rep,name=subjects,proto3" json:"subjects,omitempty" toml:"subjects,omitempty" mapstructure:"subjects,omitempty"` - Id string `protobuf:"bytes,3,opt,name=id,proto3" json:"id,omitempty" toml:"id,omitempty" mapstructure:"id,omitempty"` - Resource string `protobuf:"bytes,4,opt,name=resource,proto3" json:"resource,omitempty" toml:"resource,omitempty" mapstructure:"resource,omitempty"` - Effect string `protobuf:"bytes,5,opt,name=effect,proto3" json:"effect,omitempty" toml:"effect,omitempty" mapstructure:"effect,omitempty"` - CreatedAt *timestamp.Timestamp `protobuf:"bytes,6,opt,name=created_at,json=createdAt,proto3" json:"created_at,omitempty" toml:"created_at,omitempty" mapstructure:"created_at,omitempty"` - UpdatedAt *timestamp.Timestamp `protobuf:"bytes,7,opt,name=updated_at,json=updatedAt,proto3" json:"updated_at,omitempty" toml:"updated_at,omitempty" mapstructure:"updated_at,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-" toml:"-" mapstructure:"-,omitempty"` - XXX_unrecognized []byte `json:"-" toml:"-" mapstructure:"-,omitempty"` - XXX_sizecache int32 `json:"-" toml:"-" mapstructure:"-,omitempty"` -} - -func (m *Policy) Reset() { *m = Policy{} } -func (m *Policy) String() string { return proto.CompactTextString(m) } -func (*Policy) ProtoMessage() {} -func (*Policy) Descriptor() ([]byte, []int) { - return fileDescriptor_145513b0a9558cd4, []int{3} -} - -func (m *Policy) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_Policy.Unmarshal(m, b) -} -func (m *Policy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_Policy.Marshal(b, m, deterministic) -} -func (m *Policy) XXX_Merge(src proto.Message) { - xxx_messageInfo_Policy.Merge(m, src) -} -func (m *Policy) XXX_Size() int { - return xxx_messageInfo_Policy.Size(m) -} -func (m *Policy) XXX_DiscardUnknown() { - xxx_messageInfo_Policy.DiscardUnknown(m) -} - -var xxx_messageInfo_Policy proto.InternalMessageInfo - -func (m *Policy) GetAction() string { - if m != nil { - return m.Action - } - return "" -} - -func (m *Policy) GetSubjects() []string { - if m != nil { - return m.Subjects - } - return nil -} - -func (m *Policy) GetId() string { - if m != nil { - return m.Id - } - return "" -} - -func (m *Policy) GetResource() string { - if m != nil { - return m.Resource - } - return "" -} - -func (m *Policy) GetEffect() string { - if m != nil { - return m.Effect - } - return "" -} - -func (m *Policy) GetCreatedAt() *timestamp.Timestamp { - if m != nil { - return m.CreatedAt - } - return nil -} - -func (m *Policy) GetUpdatedAt() *timestamp.Timestamp { - if m != nil { - return m.UpdatedAt - } - return nil -} - -type CreatePolicyReq struct { - Action string `protobuf:"bytes,1,opt,name=action,proto3" json:"action,omitempty" toml:"action,omitempty" mapstructure:"action,omitempty"` - Subjects []string `protobuf:"bytes,2,rep,name=subjects,proto3" json:"subjects,omitempty" toml:"subjects,omitempty" mapstructure:"subjects,omitempty"` - Resource string `protobuf:"bytes,3,opt,name=resource,proto3" json:"resource,omitempty" toml:"resource,omitempty" mapstructure:"resource,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-" toml:"-" mapstructure:"-,omitempty"` - XXX_unrecognized []byte `json:"-" toml:"-" mapstructure:"-,omitempty"` - XXX_sizecache int32 `json:"-" toml:"-" mapstructure:"-,omitempty"` -} - -func (m *CreatePolicyReq) Reset() { *m = CreatePolicyReq{} } -func (m *CreatePolicyReq) String() string { return proto.CompactTextString(m) } -func (*CreatePolicyReq) ProtoMessage() {} -func (*CreatePolicyReq) Descriptor() ([]byte, []int) { - return fileDescriptor_145513b0a9558cd4, []int{4} -} - -func (m *CreatePolicyReq) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_CreatePolicyReq.Unmarshal(m, b) -} -func (m *CreatePolicyReq) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_CreatePolicyReq.Marshal(b, m, deterministic) -} -func (m *CreatePolicyReq) XXX_Merge(src proto.Message) { - xxx_messageInfo_CreatePolicyReq.Merge(m, src) -} -func (m *CreatePolicyReq) XXX_Size() int { - return xxx_messageInfo_CreatePolicyReq.Size(m) -} -func (m *CreatePolicyReq) XXX_DiscardUnknown() { - xxx_messageInfo_CreatePolicyReq.DiscardUnknown(m) -} - -var xxx_messageInfo_CreatePolicyReq proto.InternalMessageInfo - -func (m *CreatePolicyReq) GetAction() string { - if m != nil { - return m.Action - } - return "" -} - -func (m *CreatePolicyReq) GetSubjects() []string { - if m != nil { - return m.Subjects - } - return nil -} - -func (m *CreatePolicyReq) GetResource() string { - if m != nil { - return m.Resource - } - return "" -} - -type CreatePolicyResp struct { - Policy *Policy `protobuf:"bytes,1,opt,name=policy,proto3" json:"policy,omitempty" toml:"policy,omitempty" mapstructure:"policy,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-" toml:"-" mapstructure:"-,omitempty"` - XXX_unrecognized []byte `json:"-" toml:"-" mapstructure:"-,omitempty"` - XXX_sizecache int32 `json:"-" toml:"-" mapstructure:"-,omitempty"` -} - -func (m *CreatePolicyResp) Reset() { *m = CreatePolicyResp{} } -func (m *CreatePolicyResp) String() string { return proto.CompactTextString(m) } -func (*CreatePolicyResp) ProtoMessage() {} -func (*CreatePolicyResp) Descriptor() ([]byte, []int) { - return fileDescriptor_145513b0a9558cd4, []int{5} -} - -func (m *CreatePolicyResp) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_CreatePolicyResp.Unmarshal(m, b) -} -func (m *CreatePolicyResp) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_CreatePolicyResp.Marshal(b, m, deterministic) -} -func (m *CreatePolicyResp) XXX_Merge(src proto.Message) { - xxx_messageInfo_CreatePolicyResp.Merge(m, src) -} -func (m *CreatePolicyResp) XXX_Size() int { - return xxx_messageInfo_CreatePolicyResp.Size(m) -} -func (m *CreatePolicyResp) XXX_DiscardUnknown() { - xxx_messageInfo_CreatePolicyResp.DiscardUnknown(m) -} - -var xxx_messageInfo_CreatePolicyResp proto.InternalMessageInfo - -func (m *CreatePolicyResp) GetPolicy() *Policy { - if m != nil { - return m.Policy - } - return nil -} - -type ListPoliciesReq struct { - XXX_NoUnkeyedLiteral struct{} `json:"-" toml:"-" mapstructure:"-,omitempty"` - XXX_unrecognized []byte `json:"-" toml:"-" mapstructure:"-,omitempty"` - XXX_sizecache int32 `json:"-" toml:"-" mapstructure:"-,omitempty"` -} - -func (m *ListPoliciesReq) Reset() { *m = ListPoliciesReq{} } -func (m *ListPoliciesReq) String() string { return proto.CompactTextString(m) } -func (*ListPoliciesReq) ProtoMessage() {} -func (*ListPoliciesReq) Descriptor() ([]byte, []int) { - return fileDescriptor_145513b0a9558cd4, []int{6} -} - -func (m *ListPoliciesReq) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_ListPoliciesReq.Unmarshal(m, b) -} -func (m *ListPoliciesReq) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_ListPoliciesReq.Marshal(b, m, deterministic) -} -func (m *ListPoliciesReq) XXX_Merge(src proto.Message) { - xxx_messageInfo_ListPoliciesReq.Merge(m, src) -} -func (m *ListPoliciesReq) XXX_Size() int { - return xxx_messageInfo_ListPoliciesReq.Size(m) -} -func (m *ListPoliciesReq) XXX_DiscardUnknown() { - xxx_messageInfo_ListPoliciesReq.DiscardUnknown(m) -} - -var xxx_messageInfo_ListPoliciesReq proto.InternalMessageInfo - -type ListPoliciesResp struct { - Policies []*Policy `protobuf:"bytes,1,rep,name=policies,proto3" json:"policies,omitempty" toml:"policies,omitempty" mapstructure:"policies,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-" toml:"-" mapstructure:"-,omitempty"` - XXX_unrecognized []byte `json:"-" toml:"-" mapstructure:"-,omitempty"` - XXX_sizecache int32 `json:"-" toml:"-" mapstructure:"-,omitempty"` -} - -func (m *ListPoliciesResp) Reset() { *m = ListPoliciesResp{} } -func (m *ListPoliciesResp) String() string { return proto.CompactTextString(m) } -func (*ListPoliciesResp) ProtoMessage() {} -func (*ListPoliciesResp) Descriptor() ([]byte, []int) { - return fileDescriptor_145513b0a9558cd4, []int{7} -} - -func (m *ListPoliciesResp) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_ListPoliciesResp.Unmarshal(m, b) -} -func (m *ListPoliciesResp) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_ListPoliciesResp.Marshal(b, m, deterministic) -} -func (m *ListPoliciesResp) XXX_Merge(src proto.Message) { - xxx_messageInfo_ListPoliciesResp.Merge(m, src) -} -func (m *ListPoliciesResp) XXX_Size() int { - return xxx_messageInfo_ListPoliciesResp.Size(m) -} -func (m *ListPoliciesResp) XXX_DiscardUnknown() { - xxx_messageInfo_ListPoliciesResp.DiscardUnknown(m) -} - -var xxx_messageInfo_ListPoliciesResp proto.InternalMessageInfo - -func (m *ListPoliciesResp) GetPolicies() []*Policy { - if m != nil { - return m.Policies - } - return nil -} - -type DeletePolicyReq struct { - Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty" toml:"id,omitempty" mapstructure:"id,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-" toml:"-" mapstructure:"-,omitempty"` - XXX_unrecognized []byte `json:"-" toml:"-" mapstructure:"-,omitempty"` - XXX_sizecache int32 `json:"-" toml:"-" mapstructure:"-,omitempty"` -} - -func (m *DeletePolicyReq) Reset() { *m = DeletePolicyReq{} } -func (m *DeletePolicyReq) String() string { return proto.CompactTextString(m) } -func (*DeletePolicyReq) ProtoMessage() {} -func (*DeletePolicyReq) Descriptor() ([]byte, []int) { - return fileDescriptor_145513b0a9558cd4, []int{8} -} - -func (m *DeletePolicyReq) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_DeletePolicyReq.Unmarshal(m, b) -} -func (m *DeletePolicyReq) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_DeletePolicyReq.Marshal(b, m, deterministic) -} -func (m *DeletePolicyReq) XXX_Merge(src proto.Message) { - xxx_messageInfo_DeletePolicyReq.Merge(m, src) -} -func (m *DeletePolicyReq) XXX_Size() int { - return xxx_messageInfo_DeletePolicyReq.Size(m) -} -func (m *DeletePolicyReq) XXX_DiscardUnknown() { - xxx_messageInfo_DeletePolicyReq.DiscardUnknown(m) -} - -var xxx_messageInfo_DeletePolicyReq proto.InternalMessageInfo - -func (m *DeletePolicyReq) GetId() string { - if m != nil { - return m.Id - } - return "" -} - -type DeletePolicyResp struct { - Policy *Policy `protobuf:"bytes,1,opt,name=policy,proto3" json:"policy,omitempty" toml:"policy,omitempty" mapstructure:"policy,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-" toml:"-" mapstructure:"-,omitempty"` - XXX_unrecognized []byte `json:"-" toml:"-" mapstructure:"-,omitempty"` - XXX_sizecache int32 `json:"-" toml:"-" mapstructure:"-,omitempty"` -} - -func (m *DeletePolicyResp) Reset() { *m = DeletePolicyResp{} } -func (m *DeletePolicyResp) String() string { return proto.CompactTextString(m) } -func (*DeletePolicyResp) ProtoMessage() {} -func (*DeletePolicyResp) Descriptor() ([]byte, []int) { - return fileDescriptor_145513b0a9558cd4, []int{9} -} - -func (m *DeletePolicyResp) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_DeletePolicyResp.Unmarshal(m, b) -} -func (m *DeletePolicyResp) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_DeletePolicyResp.Marshal(b, m, deterministic) -} -func (m *DeletePolicyResp) XXX_Merge(src proto.Message) { - xxx_messageInfo_DeletePolicyResp.Merge(m, src) -} -func (m *DeletePolicyResp) XXX_Size() int { - return xxx_messageInfo_DeletePolicyResp.Size(m) -} -func (m *DeletePolicyResp) XXX_DiscardUnknown() { - xxx_messageInfo_DeletePolicyResp.DiscardUnknown(m) -} - -var xxx_messageInfo_DeletePolicyResp proto.InternalMessageInfo - -func (m *DeletePolicyResp) GetPolicy() *Policy { - if m != nil { - return m.Policy - } - return nil -} - type PurgeSubjectFromPoliciesReq struct { // Q: Right now, this allows purging subject wildcards (like "user:*"). // -- Do we want to restrict this to only complete subjects? @@ -494,7 +165,7 @@ func (m *PurgeSubjectFromPoliciesReq) Reset() { *m = PurgeSubjectFromPol func (m *PurgeSubjectFromPoliciesReq) String() string { return proto.CompactTextString(m) } func (*PurgeSubjectFromPoliciesReq) ProtoMessage() {} func (*PurgeSubjectFromPoliciesReq) Descriptor() ([]byte, []int) { - return fileDescriptor_145513b0a9558cd4, []int{10} + return fileDescriptor_145513b0a9558cd4, []int{3} } func (m *PurgeSubjectFromPoliciesReq) XXX_Unmarshal(b []byte) error { @@ -533,7 +204,7 @@ func (m *PurgeSubjectFromPoliciesResp) Reset() { *m = PurgeSubjectFromPo func (m *PurgeSubjectFromPoliciesResp) String() string { return proto.CompactTextString(m) } func (*PurgeSubjectFromPoliciesResp) ProtoMessage() {} func (*PurgeSubjectFromPoliciesResp) Descriptor() ([]byte, []int) { - return fileDescriptor_145513b0a9558cd4, []int{11} + return fileDescriptor_145513b0a9558cd4, []int{4} } func (m *PurgeSubjectFromPoliciesResp) XXX_Unmarshal(b []byte) error { @@ -573,7 +244,7 @@ func (m *FilterAuthorizedPairsReq) Reset() { *m = FilterAuthorizedPairsR func (m *FilterAuthorizedPairsReq) String() string { return proto.CompactTextString(m) } func (*FilterAuthorizedPairsReq) ProtoMessage() {} func (*FilterAuthorizedPairsReq) Descriptor() ([]byte, []int) { - return fileDescriptor_145513b0a9558cd4, []int{12} + return fileDescriptor_145513b0a9558cd4, []int{5} } func (m *FilterAuthorizedPairsReq) XXX_Unmarshal(b []byte) error { @@ -619,7 +290,7 @@ func (m *FilterAuthorizedPairsResp) Reset() { *m = FilterAuthorizedPairs func (m *FilterAuthorizedPairsResp) String() string { return proto.CompactTextString(m) } func (*FilterAuthorizedPairsResp) ProtoMessage() {} func (*FilterAuthorizedPairsResp) Descriptor() ([]byte, []int) { - return fileDescriptor_145513b0a9558cd4, []int{13} + return fileDescriptor_145513b0a9558cd4, []int{6} } func (m *FilterAuthorizedPairsResp) XXX_Unmarshal(b []byte) error { @@ -659,7 +330,7 @@ func (m *Pair) Reset() { *m = Pair{} } func (m *Pair) String() string { return proto.CompactTextString(m) } func (*Pair) ProtoMessage() {} func (*Pair) Descriptor() ([]byte, []int) { - return fileDescriptor_145513b0a9558cd4, []int{14} + return fileDescriptor_145513b0a9558cd4, []int{7} } func (m *Pair) XXX_Unmarshal(b []byte) error { @@ -698,13 +369,6 @@ func init() { proto.RegisterType((*GetVersionReq)(nil), "chef.automate.domain.authz.GetVersionReq") proto.RegisterType((*IsAuthorizedReq)(nil), "chef.automate.domain.authz.IsAuthorizedReq") proto.RegisterType((*IsAuthorizedResp)(nil), "chef.automate.domain.authz.IsAuthorizedResp") - proto.RegisterType((*Policy)(nil), "chef.automate.domain.authz.Policy") - proto.RegisterType((*CreatePolicyReq)(nil), "chef.automate.domain.authz.CreatePolicyReq") - proto.RegisterType((*CreatePolicyResp)(nil), "chef.automate.domain.authz.CreatePolicyResp") - proto.RegisterType((*ListPoliciesReq)(nil), "chef.automate.domain.authz.ListPoliciesReq") - proto.RegisterType((*ListPoliciesResp)(nil), "chef.automate.domain.authz.ListPoliciesResp") - proto.RegisterType((*DeletePolicyReq)(nil), "chef.automate.domain.authz.DeletePolicyReq") - proto.RegisterType((*DeletePolicyResp)(nil), "chef.automate.domain.authz.DeletePolicyResp") proto.RegisterType((*PurgeSubjectFromPoliciesReq)(nil), "chef.automate.domain.authz.PurgeSubjectFromPoliciesReq") proto.RegisterType((*PurgeSubjectFromPoliciesResp)(nil), "chef.automate.domain.authz.PurgeSubjectFromPoliciesResp") proto.RegisterType((*FilterAuthorizedPairsReq)(nil), "chef.automate.domain.authz.FilterAuthorizedPairsReq") @@ -715,72 +379,50 @@ func init() { func init() { proto.RegisterFile("api/interservice/authz/authz.proto", fileDescriptor_145513b0a9558cd4) } var fileDescriptor_145513b0a9558cd4 = []byte{ - // 1040 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x57, 0x4f, 0x6f, 0x1b, 0x45, - 0x14, 0xcf, 0xd8, 0xad, 0xeb, 0x4c, 0x5a, 0x1c, 0x56, 0xa2, 0xb8, 0x2e, 0x7f, 0xac, 0x91, 0x0f, - 0xb6, 0x5b, 0xef, 0x36, 0xdb, 0x00, 0xc9, 0x1e, 0xb0, 0x6c, 0x50, 0xaa, 0x88, 0x7f, 0xd1, 0x16, - 0x5a, 0x68, 0x64, 0x97, 0xf1, 0x7a, 0x9c, 0x0c, 0x59, 0x7b, 0x37, 0x33, 0xb3, 0x11, 0x04, 0xe7, - 0x40, 0x0f, 0x5c, 0x51, 0x23, 0x24, 0x2e, 0x20, 0x71, 0xe2, 0x33, 0x20, 0x4e, 0x48, 0x1c, 0xf8, - 0x00, 0x5c, 0xf8, 0x0a, 0x1c, 0xb9, 0x70, 0x46, 0xb3, 0x7f, 0xec, 0xf5, 0x26, 0x5e, 0x92, 0x70, - 0x80, 0x4b, 0xb2, 0x6f, 0xf6, 0xfd, 0xde, 0x9b, 0xf7, 0x9b, 0xdf, 0xbe, 0x37, 0x86, 0x08, 0xbb, - 0x54, 0xa3, 0x23, 0x41, 0x18, 0x27, 0xec, 0x80, 0x5a, 0x44, 0xc3, 0x9e, 0xd8, 0x3d, 0x0c, 0xfe, - 0xaa, 0x2e, 0x73, 0x84, 0xa3, 0x94, 0xac, 0x5d, 0x32, 0x50, 0xb1, 0x27, 0x9c, 0x21, 0x16, 0x44, - 0xed, 0x3b, 0x43, 0x4c, 0x47, 0xaa, 0xef, 0x51, 0xaa, 0x49, 0x3c, 0xf9, 0x54, 0x10, 0x36, 0xc2, - 0xb6, 0x66, 0x39, 0xc3, 0xa1, 0x33, 0xd2, 0x0e, 0x08, 0xe3, 0x74, 0xfa, 0x3f, 0x08, 0x53, 0x7a, - 0xfe, 0x00, 0xdb, 0xb4, 0x8f, 0x05, 0xd1, 0xa2, 0x87, 0xf0, 0xc5, 0xcb, 0x3b, 0x8e, 0xb3, 0x63, - 0x13, 0xcd, 0xb7, 0x7a, 0xde, 0x40, 0x13, 0x74, 0x48, 0xb8, 0xc0, 0x43, 0x37, 0x70, 0x40, 0x05, - 0x78, 0xed, 0x1e, 0x11, 0x0f, 0x82, 0x68, 0x26, 0xd9, 0x47, 0x4f, 0x33, 0xb0, 0xb0, 0xc9, 0x5b, - 0x9e, 0xd8, 0x75, 0x18, 0x3d, 0x24, 0x7d, 0x93, 0xec, 0x2b, 0x5f, 0x00, 0x98, 0xe7, 0x5e, 0xef, - 0x13, 0x62, 0x09, 0x5e, 0x04, 0xe5, 0x6c, 0x75, 0xb1, 0x4d, 0x7e, 0xfa, 0xe3, 0xe7, 0xec, 0xc7, - 0xc7, 0xa0, 0x93, 0x07, 0xe8, 0x23, 0xf6, 0x50, 0xff, 0xa0, 0x5b, 0x6d, 0x1a, 0x82, 0xe0, 0xe1, - 0xd8, 0xe3, 0x84, 0xd5, 0x8c, 0x6a, 0xd3, 0xb0, 0x1d, 0x0b, 0xdb, 0x63, 0xbb, 0x8f, 0xdd, 0x31, - 0xc7, 0x43, 0xbb, 0x66, 0x6c, 0x77, 0x8d, 0x7a, 0xe7, 0x56, 0x65, 0xdc, 0x15, 0xce, 0x1e, 0x19, - 0xc5, 0x4c, 0x9b, 0x1b, 0x21, 0x45, 0xe1, 0x62, 0xf4, 0xce, 0x9c, 0xa4, 0x55, 0x5e, 0x87, 0x79, - 0x46, 0xb8, 0xe3, 0x31, 0x8b, 0x14, 0x33, 0x65, 0x50, 0x5d, 0x6c, 0x23, 0xb9, 0x85, 0x17, 0xd9, - 0x4d, 0xfd, 0x46, 0x77, 0x1b, 0x37, 0x0e, 0x3b, 0x3e, 0xa6, 0x5e, 0x6d, 0x1a, 0x21, 0xba, 0x56, - 0xaf, 0x98, 0x13, 0x8c, 0x62, 0xc0, 0x1c, 0xb6, 0x04, 0x75, 0x46, 0xc5, 0xec, 0x99, 0xd1, 0x21, - 0x02, 0xe9, 0x70, 0x79, 0x96, 0x12, 0xee, 0x2a, 0x2f, 0x41, 0x88, 0x27, 0x2b, 0x45, 0x50, 0x06, - 0xd5, 0xbc, 0x19, 0x5b, 0x41, 0x7f, 0x01, 0x98, 0xdb, 0x72, 0x6c, 0x6a, 0x7d, 0xa6, 0x5c, 0x9f, - 0xa4, 0x96, 0x6e, 0x8b, 0x51, 0x58, 0xa5, 0x14, 0x63, 0x35, 0x23, 0x59, 0x8d, 0x95, 0xfb, 0x0c, - 0xcc, 0xd0, 0x7e, 0xb0, 0x55, 0x33, 0x43, 0xfb, 0xd2, 0x77, 0x52, 0xfe, 0x25, 0x7f, 0x75, 0x5a, - 0xda, 0x75, 0x98, 0x23, 0x83, 0x01, 0xb1, 0x44, 0xf1, 0x72, 0x10, 0x3f, 0xb0, 0x94, 0x75, 0x08, - 0x2d, 0x46, 0xb0, 0x20, 0xfd, 0xc7, 0x58, 0x14, 0x73, 0x65, 0x50, 0x5d, 0xd2, 0x4b, 0x6a, 0xa0, - 0x08, 0x35, 0x52, 0x84, 0xfa, 0x7e, 0xa4, 0x08, 0x73, 0x31, 0xf4, 0x6e, 0xf9, 0x50, 0xcf, 0xed, - 0x47, 0xd0, 0x2b, 0xff, 0x0c, 0x0d, 0xbd, 0x5b, 0x02, 0xfd, 0x99, 0x81, 0x85, 0x37, 0xfc, 0x40, - 0x41, 0xf9, 0x52, 0x40, 0x9b, 0xb3, 0x0c, 0xb4, 0x57, 0x24, 0xf9, 0xb7, 0x59, 0x5d, 0xaf, 0xce, - 0x23, 0xdf, 0x7f, 0xae, 0x77, 0x6a, 0xcd, 0xca, 0xb8, 0xbb, 0x5d, 0xef, 0x4c, 0xce, 0x42, 0xf9, - 0x05, 0x24, 0x59, 0x6b, 0xff, 0x00, 0x64, 0xb8, 0xef, 0xc1, 0x31, 0xf8, 0x16, 0xe4, 0x01, 0xfa, - 0x06, 0xb0, 0xaf, 0x81, 0xfe, 0x14, 0x9c, 0x41, 0x91, 0xd5, 0x66, 0x98, 0x70, 0x2c, 0x73, 0x55, - 0xc6, 0x12, 0x12, 0x47, 0x8d, 0x7d, 0xa5, 0x8e, 0x43, 0x71, 0xd6, 0x8c, 0x5a, 0x53, 0xee, 0x25, - 0x55, 0xc0, 0x93, 0x90, 0x46, 0xad, 0x99, 0x08, 0x1f, 0x3b, 0xde, 0x77, 0x62, 0xc7, 0x99, 0xbd, - 0x28, 0x25, 0x93, 0x10, 0xe8, 0x5d, 0xb8, 0x3c, 0x4b, 0x39, 0x77, 0xa5, 0xe0, 0x5d, 0xdf, 0xf2, - 0x39, 0x5f, 0xd2, 0x91, 0x3a, 0xbf, 0xd7, 0xa8, 0x21, 0x2e, 0x44, 0xa0, 0x67, 0x61, 0xe1, 0x6d, - 0xca, 0x85, 0xbf, 0x4a, 0x09, 0x97, 0x7d, 0xc1, 0x84, 0xcb, 0xb3, 0x4b, 0xdc, 0x95, 0xdf, 0xa4, - 0x1b, 0xda, 0x7e, 0x5b, 0x38, 0x5b, 0x92, 0x09, 0x06, 0x3d, 0x01, 0xb0, 0xf0, 0x26, 0xb1, 0x49, - 0x5c, 0x2a, 0x8e, 0x2f, 0xfc, 0x40, 0x26, 0x8f, 0x25, 0x27, 0x8f, 0xd8, 0x87, 0xfa, 0x03, 0xc9, - 0xc9, 0xa0, 0xd5, 0xd8, 0xb8, 0xd3, 0x58, 0xef, 0x7c, 0xbe, 0x76, 0xd4, 0x88, 0x9b, 0xab, 0x47, - 0x8d, 0xd5, 0xb8, 0x7d, 0xf7, 0xa8, 0xb1, 0xbd, 0xb6, 0x8e, 0x5b, 0xbd, 0x76, 0x27, 0xb9, 0x1c, - 0x33, 0x57, 0xf4, 0xa3, 0x8a, 0xfc, 0xb2, 0x24, 0x77, 0xb3, 0x7b, 0xf8, 0x97, 0xdc, 0xfd, 0x0e, - 0xe0, 0xcd, 0x2d, 0x8f, 0xed, 0x90, 0xfb, 0xc1, 0x61, 0x6f, 0x30, 0x67, 0x18, 0x23, 0x52, 0xf9, - 0x11, 0xc0, 0x2b, 0xa1, 0x0e, 0xc2, 0x32, 0xbf, 0xf3, 0xf5, 0xfb, 0xff, 0x95, 0x6d, 0xb4, 0x5d, - 0x74, 0x07, 0xbe, 0x30, 0xbf, 0x32, 0xee, 0x2a, 0xcb, 0x30, 0x4b, 0xfb, 0xe1, 0x84, 0x30, 0xe5, - 0x23, 0xfa, 0x15, 0xc0, 0xe2, 0x06, 0xb5, 0x05, 0x61, 0xd3, 0xf6, 0xb9, 0x85, 0x29, 0xf3, 0x99, - 0xe0, 0x27, 0xa6, 0xca, 0x43, 0x49, 0x84, 0x79, 0x0c, 0xde, 0xcb, 0x03, 0xf4, 0x16, 0xdb, 0xd4, - 0xef, 0x25, 0x2b, 0x3b, 0x95, 0x8f, 0xb0, 0xdc, 0x93, 0x63, 0xa4, 0x76, 0xca, 0x1c, 0x79, 0x15, - 0x5e, 0x76, 0xe5, 0x06, 0xfc, 0xde, 0xb1, 0xa4, 0x97, 0x53, 0x4f, 0x16, 0x53, 0x66, 0x06, 0xee, - 0xe8, 0x3e, 0xbc, 0x31, 0xa7, 0x10, 0xee, 0x4e, 0x83, 0x82, 0xf3, 0x05, 0x7d, 0x02, 0xe0, 0x25, - 0x69, 0xff, 0x97, 0xd3, 0x4d, 0xff, 0x2d, 0x07, 0xaf, 0x45, 0x45, 0x61, 0xbf, 0xc7, 0x72, 0x08, - 0xa7, 0x97, 0x02, 0x65, 0x35, 0x51, 0x0d, 0x76, 0xa9, 0x1a, 0xdc, 0x46, 0xd4, 0xe8, 0x16, 0x12, - 0xba, 0x6e, 0x8e, 0x06, 0x8e, 0x49, 0xf6, 0x3d, 0xc2, 0x45, 0xa9, 0x71, 0x2e, 0x14, 0x5a, 0x50, - 0xf6, 0xe0, 0xd5, 0xf8, 0x90, 0x55, 0x6e, 0xa5, 0x91, 0x98, 0xb8, 0xa1, 0x94, 0x6e, 0x9f, 0xdd, - 0x99, 0xbb, 0x68, 0x41, 0xf9, 0x12, 0xc0, 0xe7, 0x4e, 0x3d, 0xce, 0x13, 0xd5, 0xce, 0x44, 0x9a, - 0x27, 0xe5, 0xd2, 0x2b, 0x17, 0x40, 0xf9, 0x1b, 0xd9, 0x83, 0x57, 0xe3, 0x9d, 0x3b, 0xbd, 0xea, - 0xc4, 0x58, 0x4d, 0xaf, 0x3a, 0x39, 0x10, 0x82, 0x64, 0xf1, 0x1e, 0x9e, 0x9e, 0x2c, 0x31, 0x00, - 0xd2, 0x93, 0x25, 0x47, 0x43, 0x90, 0x2c, 0xde, 0x57, 0xd3, 0x93, 0x25, 0xa6, 0x40, 0x7a, 0xb2, - 0x64, 0xbb, 0x46, 0x0b, 0xca, 0x57, 0x00, 0x16, 0xe7, 0xb5, 0x26, 0xe5, 0xb5, 0xd4, 0xcf, 0x71, - 0x7e, 0xab, 0x2e, 0xad, 0x5d, 0x0c, 0x28, 0x77, 0xd4, 0x5e, 0x79, 0xa4, 0xed, 0x50, 0xb1, 0xeb, - 0xf5, 0xa4, 0xea, 0x35, 0x19, 0x47, 0x8b, 0xe2, 0x68, 0xa7, 0xff, 0x30, 0xe8, 0xe5, 0xfc, 0x8b, - 0xd5, 0xdd, 0xbf, 0x03, 0x00, 0x00, 0xff, 0xff, 0x75, 0xa0, 0x4e, 0xec, 0x39, 0x0c, 0x00, 0x00, + // 673 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xc4, 0x55, 0xcd, 0x6e, 0xd3, 0x4a, + 0x14, 0xee, 0x24, 0xf7, 0xf6, 0xa6, 0x73, 0x6f, 0xd5, 0xca, 0xd2, 0x15, 0x69, 0xca, 0x4f, 0x64, + 0x75, 0x61, 0xa7, 0xd4, 0x86, 0xf0, 0xb3, 0xf0, 0x82, 0x88, 0x2c, 0x5a, 0x55, 0x2c, 0xa8, 0x5c, + 0x41, 0x05, 0x51, 0x22, 0x26, 0xce, 0x69, 0x32, 0xd4, 0xce, 0xb8, 0x33, 0xe3, 0x0a, 0x55, 0xde, + 0xc0, 0x82, 0x7d, 0x2b, 0x24, 0x56, 0xbc, 0x07, 0x62, 0xc5, 0x8e, 0x57, 0xe0, 0x15, 0x78, 0x05, + 0x56, 0x68, 0x6c, 0xe7, 0xa7, 0x69, 0x52, 0xb5, 0x6c, 0xd8, 0x24, 0x33, 0x67, 0xce, 0xf7, 0xf9, + 0x7c, 0x9f, 0xcf, 0x1c, 0x63, 0x9d, 0x84, 0xd4, 0xa6, 0x7d, 0x09, 0x5c, 0x00, 0x3f, 0xa2, 0x1e, + 0xd8, 0x24, 0x92, 0xbd, 0xe3, 0xf4, 0xd7, 0x0a, 0x39, 0x93, 0x4c, 0x2b, 0x79, 0x3d, 0xd8, 0xb7, + 0x48, 0x24, 0x59, 0x40, 0x24, 0x58, 0x1d, 0x16, 0x10, 0xda, 0xb7, 0x92, 0x8c, 0x92, 0xa9, 0xf0, + 0xf0, 0x46, 0x02, 0xef, 0x13, 0xdf, 0xf6, 0x58, 0x10, 0xb0, 0xbe, 0x7d, 0x04, 0x5c, 0xd0, 0xd1, + 0x7f, 0x4a, 0x53, 0xba, 0x76, 0x44, 0x7c, 0xda, 0x21, 0x12, 0xec, 0xc1, 0x22, 0x3b, 0xb8, 0xd5, + 0x65, 0xac, 0xeb, 0x83, 0x9d, 0xec, 0xda, 0xd1, 0xbe, 0x2d, 0x69, 0x00, 0x42, 0x92, 0x20, 0x4c, + 0x13, 0xf4, 0x25, 0xbc, 0xb8, 0x05, 0xf2, 0x79, 0xca, 0xe6, 0xc2, 0xa1, 0x7e, 0x92, 0xc3, 0x4b, + 0xdb, 0xe2, 0x71, 0x24, 0x7b, 0x8c, 0xd3, 0x63, 0xe8, 0xb8, 0x70, 0xa8, 0xbd, 0x45, 0xb8, 0x20, + 0xa2, 0xf6, 0x6b, 0xf0, 0xa4, 0x28, 0xa2, 0x72, 0xde, 0x58, 0xa8, 0xc3, 0x97, 0x1f, 0x5f, 0xf3, + 0xaf, 0x4e, 0x51, 0xb3, 0x80, 0xf4, 0x17, 0x7c, 0xaf, 0xfa, 0xac, 0x65, 0xd4, 0x1c, 0x09, 0x24, + 0x88, 0x23, 0x01, 0xdc, 0x74, 0x8c, 0x9a, 0xe3, 0x33, 0x8f, 0xf8, 0xb1, 0xdf, 0x21, 0x61, 0x2c, + 0x48, 0xe0, 0x9b, 0x4e, 0xa3, 0xe5, 0x54, 0x9a, 0xeb, 0x6b, 0x71, 0x4b, 0xb2, 0x03, 0xe8, 0x8f, + 0x6d, 0x7d, 0xe1, 0x64, 0x16, 0x65, 0xc1, 0xc1, 0x99, 0x3b, 0x7c, 0xac, 0xf6, 0x08, 0x17, 0x38, + 0x08, 0x16, 0x71, 0x0f, 0x8a, 0xb9, 0x32, 0x32, 0x16, 0xea, 0xba, 0x2a, 0xe1, 0x06, 0x5f, 0xad, + 0xae, 0xb4, 0x1a, 0x64, 0xe3, 0xb8, 0x99, 0x60, 0x2a, 0x46, 0xcd, 0xc9, 0xd0, 0x66, 0x65, 0xcd, + 0x1d, 0x62, 0x34, 0x07, 0xcf, 0x13, 0x4f, 0x52, 0xd6, 0x2f, 0xe6, 0x2f, 0x8d, 0xce, 0x10, 0x7a, + 0x15, 0x2f, 0x9f, 0xb5, 0x44, 0x84, 0xda, 0x4d, 0x8c, 0xc9, 0x30, 0x52, 0x44, 0x65, 0x64, 0x14, + 0xdc, 0xb1, 0x88, 0xfe, 0x1d, 0xe1, 0xd5, 0x9d, 0x88, 0x77, 0x61, 0x37, 0x55, 0xb0, 0xc9, 0x59, + 0xb0, 0xc3, 0x7c, 0xea, 0x51, 0x10, 0xca, 0xd3, 0xcf, 0x08, 0xff, 0x93, 0x89, 0x4b, 0xd0, 0x0b, + 0xf5, 0x4f, 0x48, 0x95, 0xf4, 0x11, 0xf1, 0x0f, 0xa8, 0x7a, 0x82, 0x2e, 0xe1, 0xa7, 0x51, 0xcb, + 0x6a, 0x8d, 0x1b, 0x95, 0xa6, 0xb9, 0x16, 0x2b, 0xc8, 0x38, 0x2a, 0x4e, 0x7c, 0x8e, 0x33, 0x6b, + 0x4d, 0xc7, 0xac, 0x35, 0x2a, 0xcd, 0x8b, 0xed, 0x1f, 0x52, 0x3a, 0x66, 0x6d, 0x82, 0xde, 0x1d, + 0x94, 0xab, 0xdf, 0xc1, 0xd7, 0x67, 0x2b, 0x13, 0xa1, 0xb6, 0x8c, 0xf3, 0xb4, 0x93, 0x35, 0x8a, + 0xab, 0x96, 0xfa, 0x37, 0x84, 0x8b, 0x9b, 0xd4, 0x97, 0xc0, 0x47, 0x2e, 0xee, 0x10, 0xca, 0x13, + 0x27, 0xc4, 0xb9, 0xe6, 0xda, 0x53, 0x46, 0xb8, 0xa7, 0xe8, 0x69, 0x01, 0xe9, 0x4f, 0xf8, 0x76, + 0x75, 0x6b, 0x52, 0xd9, 0x54, 0x3f, 0x32, 0xb9, 0xe7, 0xbb, 0xc9, 0x9c, 0xd2, 0x4e, 0x0f, 0xf1, + 0xdf, 0xa1, 0x2a, 0xa0, 0x98, 0x2b, 0xe7, 0x8d, 0x7f, 0xab, 0x65, 0x6b, 0xf6, 0x45, 0xb4, 0x54, + 0xa5, 0x6e, 0x9a, 0xae, 0xef, 0xe2, 0x95, 0x19, 0x42, 0x44, 0x38, 0x22, 0x45, 0x57, 0x23, 0x7d, + 0x87, 0xf0, 0x5f, 0x6a, 0xff, 0x27, 0x9b, 0xbc, 0xfa, 0x33, 0x87, 0x17, 0x07, 0xa2, 0x88, 0x8a, + 0x68, 0x02, 0xe3, 0xd1, 0x6c, 0xd0, 0xee, 0x4f, 0xa8, 0x21, 0x21, 0xb5, 0xd2, 0xa1, 0x64, 0x0d, + 0x86, 0x51, 0x96, 0xba, 0xdd, 0xdf, 0x67, 0x2e, 0x1c, 0x46, 0x20, 0x64, 0x69, 0xe3, 0x4a, 0x28, + 0x7d, 0x4e, 0x3b, 0xc0, 0xff, 0x8d, 0xdf, 0x35, 0x6d, 0xfd, 0x22, 0x13, 0x27, 0x06, 0x55, 0xe9, + 0xf6, 0xe5, 0x93, 0x45, 0xa8, 0xcf, 0x69, 0xef, 0x11, 0xfe, 0x7f, 0xea, 0xeb, 0x3c, 0xa7, 0xf6, + 0x0c, 0xd3, 0xac, 0x56, 0x2e, 0x3d, 0xf8, 0x0d, 0x94, 0x2a, 0xa4, 0x7e, 0xf7, 0xa5, 0xdd, 0xa5, + 0xb2, 0x17, 0xb5, 0x95, 0x39, 0xb6, 0x22, 0xb1, 0x07, 0x24, 0xf6, 0xf4, 0xcf, 0x48, 0x7b, 0x3e, + 0x19, 0xe0, 0xf7, 0x7e, 0x05, 0x00, 0x00, 0xff, 0xff, 0xf9, 0x8a, 0x7a, 0x87, 0x67, 0x06, 0x00, + 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -798,10 +440,6 @@ type AuthorizationClient interface { GetVersion(ctx context.Context, in *version.VersionInfoRequest, opts ...grpc.CallOption) (*version.VersionInfo, error) IsAuthorized(ctx context.Context, in *IsAuthorizedReq, opts ...grpc.CallOption) (*IsAuthorizedResp, error) FilterAuthorizedPairs(ctx context.Context, in *FilterAuthorizedPairsReq, opts ...grpc.CallOption) (*FilterAuthorizedPairsResp, error) - CreatePolicy(ctx context.Context, in *CreatePolicyReq, opts ...grpc.CallOption) (*CreatePolicyResp, error) - ListPolicies(ctx context.Context, in *ListPoliciesReq, opts ...grpc.CallOption) (*ListPoliciesResp, error) - DeletePolicy(ctx context.Context, in *DeletePolicyReq, opts ...grpc.CallOption) (*DeletePolicyResp, error) - PurgeSubjectFromPolicies(ctx context.Context, in *PurgeSubjectFromPoliciesReq, opts ...grpc.CallOption) (*PurgeSubjectFromPoliciesResp, error) } type authorizationClient struct { @@ -839,51 +477,11 @@ func (c *authorizationClient) FilterAuthorizedPairs(ctx context.Context, in *Fil return out, nil } -func (c *authorizationClient) CreatePolicy(ctx context.Context, in *CreatePolicyReq, opts ...grpc.CallOption) (*CreatePolicyResp, error) { - out := new(CreatePolicyResp) - err := c.cc.Invoke(ctx, "/chef.automate.domain.authz.Authorization/CreatePolicy", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *authorizationClient) ListPolicies(ctx context.Context, in *ListPoliciesReq, opts ...grpc.CallOption) (*ListPoliciesResp, error) { - out := new(ListPoliciesResp) - err := c.cc.Invoke(ctx, "/chef.automate.domain.authz.Authorization/ListPolicies", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *authorizationClient) DeletePolicy(ctx context.Context, in *DeletePolicyReq, opts ...grpc.CallOption) (*DeletePolicyResp, error) { - out := new(DeletePolicyResp) - err := c.cc.Invoke(ctx, "/chef.automate.domain.authz.Authorization/DeletePolicy", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *authorizationClient) PurgeSubjectFromPolicies(ctx context.Context, in *PurgeSubjectFromPoliciesReq, opts ...grpc.CallOption) (*PurgeSubjectFromPoliciesResp, error) { - out := new(PurgeSubjectFromPoliciesResp) - err := c.cc.Invoke(ctx, "/chef.automate.domain.authz.Authorization/PurgeSubjectFromPolicies", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - // AuthorizationServer is the server API for Authorization service. type AuthorizationServer interface { GetVersion(context.Context, *version.VersionInfoRequest) (*version.VersionInfo, error) IsAuthorized(context.Context, *IsAuthorizedReq) (*IsAuthorizedResp, error) FilterAuthorizedPairs(context.Context, *FilterAuthorizedPairsReq) (*FilterAuthorizedPairsResp, error) - CreatePolicy(context.Context, *CreatePolicyReq) (*CreatePolicyResp, error) - ListPolicies(context.Context, *ListPoliciesReq) (*ListPoliciesResp, error) - DeletePolicy(context.Context, *DeletePolicyReq) (*DeletePolicyResp, error) - PurgeSubjectFromPolicies(context.Context, *PurgeSubjectFromPoliciesReq) (*PurgeSubjectFromPoliciesResp, error) } // UnimplementedAuthorizationServer can be embedded to have forward compatible implementations. @@ -899,18 +497,6 @@ func (*UnimplementedAuthorizationServer) IsAuthorized(ctx context.Context, req * func (*UnimplementedAuthorizationServer) FilterAuthorizedPairs(ctx context.Context, req *FilterAuthorizedPairsReq) (*FilterAuthorizedPairsResp, error) { return nil, status.Errorf(codes.Unimplemented, "method FilterAuthorizedPairs not implemented") } -func (*UnimplementedAuthorizationServer) CreatePolicy(ctx context.Context, req *CreatePolicyReq) (*CreatePolicyResp, error) { - return nil, status.Errorf(codes.Unimplemented, "method CreatePolicy not implemented") -} -func (*UnimplementedAuthorizationServer) ListPolicies(ctx context.Context, req *ListPoliciesReq) (*ListPoliciesResp, error) { - return nil, status.Errorf(codes.Unimplemented, "method ListPolicies not implemented") -} -func (*UnimplementedAuthorizationServer) DeletePolicy(ctx context.Context, req *DeletePolicyReq) (*DeletePolicyResp, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeletePolicy not implemented") -} -func (*UnimplementedAuthorizationServer) PurgeSubjectFromPolicies(ctx context.Context, req *PurgeSubjectFromPoliciesReq) (*PurgeSubjectFromPoliciesResp, error) { - return nil, status.Errorf(codes.Unimplemented, "method PurgeSubjectFromPolicies not implemented") -} func RegisterAuthorizationServer(s *grpc.Server, srv AuthorizationServer) { s.RegisterService(&_Authorization_serviceDesc, srv) @@ -970,78 +556,6 @@ func _Authorization_FilterAuthorizedPairs_Handler(srv interface{}, ctx context.C return interceptor(ctx, in, info, handler) } -func _Authorization_CreatePolicy_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(CreatePolicyReq) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(AuthorizationServer).CreatePolicy(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/chef.automate.domain.authz.Authorization/CreatePolicy", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthorizationServer).CreatePolicy(ctx, req.(*CreatePolicyReq)) - } - return interceptor(ctx, in, info, handler) -} - -func _Authorization_ListPolicies_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(ListPoliciesReq) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(AuthorizationServer).ListPolicies(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/chef.automate.domain.authz.Authorization/ListPolicies", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthorizationServer).ListPolicies(ctx, req.(*ListPoliciesReq)) - } - return interceptor(ctx, in, info, handler) -} - -func _Authorization_DeletePolicy_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(DeletePolicyReq) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(AuthorizationServer).DeletePolicy(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/chef.automate.domain.authz.Authorization/DeletePolicy", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthorizationServer).DeletePolicy(ctx, req.(*DeletePolicyReq)) - } - return interceptor(ctx, in, info, handler) -} - -func _Authorization_PurgeSubjectFromPolicies_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(PurgeSubjectFromPoliciesReq) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(AuthorizationServer).PurgeSubjectFromPolicies(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/chef.automate.domain.authz.Authorization/PurgeSubjectFromPolicies", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthorizationServer).PurgeSubjectFromPolicies(ctx, req.(*PurgeSubjectFromPoliciesReq)) - } - return interceptor(ctx, in, info, handler) -} - var _Authorization_serviceDesc = grpc.ServiceDesc{ ServiceName: "chef.automate.domain.authz.Authorization", HandlerType: (*AuthorizationServer)(nil), @@ -1058,22 +572,6 @@ var _Authorization_serviceDesc = grpc.ServiceDesc{ MethodName: "FilterAuthorizedPairs", Handler: _Authorization_FilterAuthorizedPairs_Handler, }, - { - MethodName: "CreatePolicy", - Handler: _Authorization_CreatePolicy_Handler, - }, - { - MethodName: "ListPolicies", - Handler: _Authorization_ListPolicies_Handler, - }, - { - MethodName: "DeletePolicy", - Handler: _Authorization_DeletePolicy_Handler, - }, - { - MethodName: "PurgeSubjectFromPolicies", - Handler: _Authorization_PurgeSubjectFromPolicies_Handler, - }, }, Streams: []grpc.StreamDesc{}, Metadata: "api/interservice/authz/authz.proto", diff --git a/api/interservice/authz/authz.pb.mock.go b/api/interservice/authz/authz.pb.mock.go index dcf435b7a34..73f5ab37438 100644 --- a/api/interservice/authz/authz.pb.mock.go +++ b/api/interservice/authz/authz.pb.mock.go @@ -29,14 +29,10 @@ func NewAuthorizationServerMockWithoutValidation() *AuthorizationServerMock { // AuthorizationServerMock is the mock-what-you-want struct that stubs all not-overridden // methods with "not implemented" returns type AuthorizationServerMock struct { - validateRequests bool - GetVersionFunc func(context.Context, *version.VersionInfoRequest) (*version.VersionInfo, error) - IsAuthorizedFunc func(context.Context, *IsAuthorizedReq) (*IsAuthorizedResp, error) - FilterAuthorizedPairsFunc func(context.Context, *FilterAuthorizedPairsReq) (*FilterAuthorizedPairsResp, error) - CreatePolicyFunc func(context.Context, *CreatePolicyReq) (*CreatePolicyResp, error) - ListPoliciesFunc func(context.Context, *ListPoliciesReq) (*ListPoliciesResp, error) - DeletePolicyFunc func(context.Context, *DeletePolicyReq) (*DeletePolicyResp, error) - PurgeSubjectFromPoliciesFunc func(context.Context, *PurgeSubjectFromPoliciesReq) (*PurgeSubjectFromPoliciesResp, error) + validateRequests bool + GetVersionFunc func(context.Context, *version.VersionInfoRequest) (*version.VersionInfo, error) + IsAuthorizedFunc func(context.Context, *IsAuthorizedReq) (*IsAuthorizedResp, error) + FilterAuthorizedPairsFunc func(context.Context, *FilterAuthorizedPairsReq) (*FilterAuthorizedPairsResp, error) } func (m *AuthorizationServerMock) GetVersion(ctx context.Context, req *version.VersionInfoRequest) (*version.VersionInfo, error) { @@ -75,61 +71,9 @@ func (m *AuthorizationServerMock) FilterAuthorizedPairs(ctx context.Context, req return nil, status.Error(codes.Internal, "mock: 'FilterAuthorizedPairs' not implemented") } -func (m *AuthorizationServerMock) CreatePolicy(ctx context.Context, req *CreatePolicyReq) (*CreatePolicyResp, error) { - if msg, ok := interface{}(req).(interface{ Validate() error }); m.validateRequests && ok { - if err := msg.Validate(); err != nil { - return nil, status.Error(codes.InvalidArgument, err.Error()) - } - } - if f := m.CreatePolicyFunc; f != nil { - return f(ctx, req) - } - return nil, status.Error(codes.Internal, "mock: 'CreatePolicy' not implemented") -} - -func (m *AuthorizationServerMock) ListPolicies(ctx context.Context, req *ListPoliciesReq) (*ListPoliciesResp, error) { - if msg, ok := interface{}(req).(interface{ Validate() error }); m.validateRequests && ok { - if err := msg.Validate(); err != nil { - return nil, status.Error(codes.InvalidArgument, err.Error()) - } - } - if f := m.ListPoliciesFunc; f != nil { - return f(ctx, req) - } - return nil, status.Error(codes.Internal, "mock: 'ListPolicies' not implemented") -} - -func (m *AuthorizationServerMock) DeletePolicy(ctx context.Context, req *DeletePolicyReq) (*DeletePolicyResp, error) { - if msg, ok := interface{}(req).(interface{ Validate() error }); m.validateRequests && ok { - if err := msg.Validate(); err != nil { - return nil, status.Error(codes.InvalidArgument, err.Error()) - } - } - if f := m.DeletePolicyFunc; f != nil { - return f(ctx, req) - } - return nil, status.Error(codes.Internal, "mock: 'DeletePolicy' not implemented") -} - -func (m *AuthorizationServerMock) PurgeSubjectFromPolicies(ctx context.Context, req *PurgeSubjectFromPoliciesReq) (*PurgeSubjectFromPoliciesResp, error) { - if msg, ok := interface{}(req).(interface{ Validate() error }); m.validateRequests && ok { - if err := msg.Validate(); err != nil { - return nil, status.Error(codes.InvalidArgument, err.Error()) - } - } - if f := m.PurgeSubjectFromPoliciesFunc; f != nil { - return f(ctx, req) - } - return nil, status.Error(codes.Internal, "mock: 'PurgeSubjectFromPolicies' not implemented") -} - // Reset resets all overridden functions func (m *AuthorizationServerMock) Reset() { m.GetVersionFunc = nil m.IsAuthorizedFunc = nil m.FilterAuthorizedPairsFunc = nil - m.CreatePolicyFunc = nil - m.ListPoliciesFunc = nil - m.DeletePolicyFunc = nil - m.PurgeSubjectFromPoliciesFunc = nil } diff --git a/api/interservice/authz/authz.pb.validate.go b/api/interservice/authz/authz.pb.validate.go index f6d86c61ea2..32709804f12 100644 --- a/api/interservice/authz/authz.pb.validate.go +++ b/api/interservice/authz/authz.pb.validate.go @@ -269,571 +269,6 @@ var _ interface { ErrorName() string } = IsAuthorizedRespValidationError{} -// Validate checks the field values on Policy with the rules defined in the -// proto definition for this message. If any rules are violated, an error is returned. -func (m *Policy) Validate() error { - if m == nil { - return nil - } - - // no validation rules for Action - - // no validation rules for Id - - // no validation rules for Resource - - // no validation rules for Effect - - if v, ok := interface{}(m.GetCreatedAt()).(interface{ Validate() error }); ok { - if err := v.Validate(); err != nil { - return PolicyValidationError{ - field: "CreatedAt", - reason: "embedded message failed validation", - cause: err, - } - } - } - - if v, ok := interface{}(m.GetUpdatedAt()).(interface{ Validate() error }); ok { - if err := v.Validate(); err != nil { - return PolicyValidationError{ - field: "UpdatedAt", - reason: "embedded message failed validation", - cause: err, - } - } - } - - return nil -} - -// PolicyValidationError is the validation error returned by Policy.Validate if -// the designated constraints aren't met. -type PolicyValidationError struct { - field string - reason string - cause error - key bool -} - -// Field function returns field value. -func (e PolicyValidationError) Field() string { return e.field } - -// Reason function returns reason value. -func (e PolicyValidationError) Reason() string { return e.reason } - -// Cause function returns cause value. -func (e PolicyValidationError) Cause() error { return e.cause } - -// Key function returns key value. -func (e PolicyValidationError) Key() bool { return e.key } - -// ErrorName returns error name. -func (e PolicyValidationError) ErrorName() string { return "PolicyValidationError" } - -// Error satisfies the builtin error interface -func (e PolicyValidationError) Error() string { - cause := "" - if e.cause != nil { - cause = fmt.Sprintf(" | caused by: %v", e.cause) - } - - key := "" - if e.key { - key = "key for " - } - - return fmt.Sprintf( - "invalid %sPolicy.%s: %s%s", - key, - e.field, - e.reason, - cause) -} - -var _ error = PolicyValidationError{} - -var _ interface { - Field() string - Reason() string - Key() bool - Cause() error - ErrorName() string -} = PolicyValidationError{} - -// Validate checks the field values on CreatePolicyReq with the rules defined -// in the proto definition for this message. If any rules are violated, an -// error is returned. -func (m *CreatePolicyReq) Validate() error { - if m == nil { - return nil - } - - if !_CreatePolicyReq_Action_Pattern.MatchString(m.GetAction()) { - return CreatePolicyReqValidationError{ - field: "Action", - reason: "value does not match regex pattern \"^[a-z][^:*]*(?::[^:*]+)*(?::[*])?$|^[*]$\"", - } - } - - if len(m.GetSubjects()) < 1 { - return CreatePolicyReqValidationError{ - field: "Subjects", - reason: "value must contain at least 1 item(s)", - } - } - - for idx, item := range m.GetSubjects() { - _, _ = idx, item - - if !_CreatePolicyReq_Subjects_Pattern.MatchString(item) { - return CreatePolicyReqValidationError{ - field: fmt.Sprintf("Subjects[%v]", idx), - reason: "value does not match regex pattern \"^(?:team|user):(?:local|ldap|saml):(?:[^:*]+|[*])$|^(?:(?:team|user|token|service):)?[*]$|^token:[^:*]+$|^tls:service:(?:[^:*]+:)?(?:[^:*]+|[*])$\"", - } - } - - } - - if !_CreatePolicyReq_Resource_Pattern.MatchString(m.GetResource()) { - return CreatePolicyReqValidationError{ - field: "Resource", - reason: "value does not match regex pattern \"^[a-z][^:*]*(?::[^:*]+)*(?::[*])?$|^[*]$\"", - } - } - - return nil -} - -// CreatePolicyReqValidationError is the validation error returned by -// CreatePolicyReq.Validate if the designated constraints aren't met. -type CreatePolicyReqValidationError struct { - field string - reason string - cause error - key bool -} - -// Field function returns field value. -func (e CreatePolicyReqValidationError) Field() string { return e.field } - -// Reason function returns reason value. -func (e CreatePolicyReqValidationError) Reason() string { return e.reason } - -// Cause function returns cause value. -func (e CreatePolicyReqValidationError) Cause() error { return e.cause } - -// Key function returns key value. -func (e CreatePolicyReqValidationError) Key() bool { return e.key } - -// ErrorName returns error name. -func (e CreatePolicyReqValidationError) ErrorName() string { return "CreatePolicyReqValidationError" } - -// Error satisfies the builtin error interface -func (e CreatePolicyReqValidationError) Error() string { - cause := "" - if e.cause != nil { - cause = fmt.Sprintf(" | caused by: %v", e.cause) - } - - key := "" - if e.key { - key = "key for " - } - - return fmt.Sprintf( - "invalid %sCreatePolicyReq.%s: %s%s", - key, - e.field, - e.reason, - cause) -} - -var _ error = CreatePolicyReqValidationError{} - -var _ interface { - Field() string - Reason() string - Key() bool - Cause() error - ErrorName() string -} = CreatePolicyReqValidationError{} - -var _CreatePolicyReq_Action_Pattern = regexp.MustCompile("^[a-z][^:*]*(?::[^:*]+)*(?::[*])?$|^[*]$") - -var _CreatePolicyReq_Subjects_Pattern = regexp.MustCompile("^(?:team|user):(?:local|ldap|saml):(?:[^:*]+|[*])$|^(?:(?:team|user|token|service):)?[*]$|^token:[^:*]+$|^tls:service:(?:[^:*]+:)?(?:[^:*]+|[*])$") - -var _CreatePolicyReq_Resource_Pattern = regexp.MustCompile("^[a-z][^:*]*(?::[^:*]+)*(?::[*])?$|^[*]$") - -// Validate checks the field values on CreatePolicyResp with the rules defined -// in the proto definition for this message. If any rules are violated, an -// error is returned. -func (m *CreatePolicyResp) Validate() error { - if m == nil { - return nil - } - - if v, ok := interface{}(m.GetPolicy()).(interface{ Validate() error }); ok { - if err := v.Validate(); err != nil { - return CreatePolicyRespValidationError{ - field: "Policy", - reason: "embedded message failed validation", - cause: err, - } - } - } - - return nil -} - -// CreatePolicyRespValidationError is the validation error returned by -// CreatePolicyResp.Validate if the designated constraints aren't met. -type CreatePolicyRespValidationError struct { - field string - reason string - cause error - key bool -} - -// Field function returns field value. -func (e CreatePolicyRespValidationError) Field() string { return e.field } - -// Reason function returns reason value. -func (e CreatePolicyRespValidationError) Reason() string { return e.reason } - -// Cause function returns cause value. -func (e CreatePolicyRespValidationError) Cause() error { return e.cause } - -// Key function returns key value. -func (e CreatePolicyRespValidationError) Key() bool { return e.key } - -// ErrorName returns error name. -func (e CreatePolicyRespValidationError) ErrorName() string { return "CreatePolicyRespValidationError" } - -// Error satisfies the builtin error interface -func (e CreatePolicyRespValidationError) Error() string { - cause := "" - if e.cause != nil { - cause = fmt.Sprintf(" | caused by: %v", e.cause) - } - - key := "" - if e.key { - key = "key for " - } - - return fmt.Sprintf( - "invalid %sCreatePolicyResp.%s: %s%s", - key, - e.field, - e.reason, - cause) -} - -var _ error = CreatePolicyRespValidationError{} - -var _ interface { - Field() string - Reason() string - Key() bool - Cause() error - ErrorName() string -} = CreatePolicyRespValidationError{} - -// Validate checks the field values on ListPoliciesReq with the rules defined -// in the proto definition for this message. If any rules are violated, an -// error is returned. -func (m *ListPoliciesReq) Validate() error { - if m == nil { - return nil - } - - return nil -} - -// ListPoliciesReqValidationError is the validation error returned by -// ListPoliciesReq.Validate if the designated constraints aren't met. -type ListPoliciesReqValidationError struct { - field string - reason string - cause error - key bool -} - -// Field function returns field value. -func (e ListPoliciesReqValidationError) Field() string { return e.field } - -// Reason function returns reason value. -func (e ListPoliciesReqValidationError) Reason() string { return e.reason } - -// Cause function returns cause value. -func (e ListPoliciesReqValidationError) Cause() error { return e.cause } - -// Key function returns key value. -func (e ListPoliciesReqValidationError) Key() bool { return e.key } - -// ErrorName returns error name. -func (e ListPoliciesReqValidationError) ErrorName() string { return "ListPoliciesReqValidationError" } - -// Error satisfies the builtin error interface -func (e ListPoliciesReqValidationError) Error() string { - cause := "" - if e.cause != nil { - cause = fmt.Sprintf(" | caused by: %v", e.cause) - } - - key := "" - if e.key { - key = "key for " - } - - return fmt.Sprintf( - "invalid %sListPoliciesReq.%s: %s%s", - key, - e.field, - e.reason, - cause) -} - -var _ error = ListPoliciesReqValidationError{} - -var _ interface { - Field() string - Reason() string - Key() bool - Cause() error - ErrorName() string -} = ListPoliciesReqValidationError{} - -// Validate checks the field values on ListPoliciesResp with the rules defined -// in the proto definition for this message. If any rules are violated, an -// error is returned. -func (m *ListPoliciesResp) Validate() error { - if m == nil { - return nil - } - - for idx, item := range m.GetPolicies() { - _, _ = idx, item - - if v, ok := interface{}(item).(interface{ Validate() error }); ok { - if err := v.Validate(); err != nil { - return ListPoliciesRespValidationError{ - field: fmt.Sprintf("Policies[%v]", idx), - reason: "embedded message failed validation", - cause: err, - } - } - } - - } - - return nil -} - -// ListPoliciesRespValidationError is the validation error returned by -// ListPoliciesResp.Validate if the designated constraints aren't met. -type ListPoliciesRespValidationError struct { - field string - reason string - cause error - key bool -} - -// Field function returns field value. -func (e ListPoliciesRespValidationError) Field() string { return e.field } - -// Reason function returns reason value. -func (e ListPoliciesRespValidationError) Reason() string { return e.reason } - -// Cause function returns cause value. -func (e ListPoliciesRespValidationError) Cause() error { return e.cause } - -// Key function returns key value. -func (e ListPoliciesRespValidationError) Key() bool { return e.key } - -// ErrorName returns error name. -func (e ListPoliciesRespValidationError) ErrorName() string { return "ListPoliciesRespValidationError" } - -// Error satisfies the builtin error interface -func (e ListPoliciesRespValidationError) Error() string { - cause := "" - if e.cause != nil { - cause = fmt.Sprintf(" | caused by: %v", e.cause) - } - - key := "" - if e.key { - key = "key for " - } - - return fmt.Sprintf( - "invalid %sListPoliciesResp.%s: %s%s", - key, - e.field, - e.reason, - cause) -} - -var _ error = ListPoliciesRespValidationError{} - -var _ interface { - Field() string - Reason() string - Key() bool - Cause() error - ErrorName() string -} = ListPoliciesRespValidationError{} - -// Validate checks the field values on DeletePolicyReq with the rules defined -// in the proto definition for this message. If any rules are violated, an -// error is returned. -func (m *DeletePolicyReq) Validate() error { - if m == nil { - return nil - } - - if !_DeletePolicyReq_Id_Pattern.MatchString(m.GetId()) { - return DeletePolicyReqValidationError{ - field: "Id", - reason: "value does not match regex pattern \"^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-4[a-fA-F0-9]{3}-[89aAbB][a-fA-F0-9]{3}-[a-fA-F0-9]{12}$\"", - } - } - - return nil -} - -// DeletePolicyReqValidationError is the validation error returned by -// DeletePolicyReq.Validate if the designated constraints aren't met. -type DeletePolicyReqValidationError struct { - field string - reason string - cause error - key bool -} - -// Field function returns field value. -func (e DeletePolicyReqValidationError) Field() string { return e.field } - -// Reason function returns reason value. -func (e DeletePolicyReqValidationError) Reason() string { return e.reason } - -// Cause function returns cause value. -func (e DeletePolicyReqValidationError) Cause() error { return e.cause } - -// Key function returns key value. -func (e DeletePolicyReqValidationError) Key() bool { return e.key } - -// ErrorName returns error name. -func (e DeletePolicyReqValidationError) ErrorName() string { return "DeletePolicyReqValidationError" } - -// Error satisfies the builtin error interface -func (e DeletePolicyReqValidationError) Error() string { - cause := "" - if e.cause != nil { - cause = fmt.Sprintf(" | caused by: %v", e.cause) - } - - key := "" - if e.key { - key = "key for " - } - - return fmt.Sprintf( - "invalid %sDeletePolicyReq.%s: %s%s", - key, - e.field, - e.reason, - cause) -} - -var _ error = DeletePolicyReqValidationError{} - -var _ interface { - Field() string - Reason() string - Key() bool - Cause() error - ErrorName() string -} = DeletePolicyReqValidationError{} - -var _DeletePolicyReq_Id_Pattern = regexp.MustCompile("^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-4[a-fA-F0-9]{3}-[89aAbB][a-fA-F0-9]{3}-[a-fA-F0-9]{12}$") - -// Validate checks the field values on DeletePolicyResp with the rules defined -// in the proto definition for this message. If any rules are violated, an -// error is returned. -func (m *DeletePolicyResp) Validate() error { - if m == nil { - return nil - } - - if v, ok := interface{}(m.GetPolicy()).(interface{ Validate() error }); ok { - if err := v.Validate(); err != nil { - return DeletePolicyRespValidationError{ - field: "Policy", - reason: "embedded message failed validation", - cause: err, - } - } - } - - return nil -} - -// DeletePolicyRespValidationError is the validation error returned by -// DeletePolicyResp.Validate if the designated constraints aren't met. -type DeletePolicyRespValidationError struct { - field string - reason string - cause error - key bool -} - -// Field function returns field value. -func (e DeletePolicyRespValidationError) Field() string { return e.field } - -// Reason function returns reason value. -func (e DeletePolicyRespValidationError) Reason() string { return e.reason } - -// Cause function returns cause value. -func (e DeletePolicyRespValidationError) Cause() error { return e.cause } - -// Key function returns key value. -func (e DeletePolicyRespValidationError) Key() bool { return e.key } - -// ErrorName returns error name. -func (e DeletePolicyRespValidationError) ErrorName() string { return "DeletePolicyRespValidationError" } - -// Error satisfies the builtin error interface -func (e DeletePolicyRespValidationError) Error() string { - cause := "" - if e.cause != nil { - cause = fmt.Sprintf(" | caused by: %v", e.cause) - } - - key := "" - if e.key { - key = "key for " - } - - return fmt.Sprintf( - "invalid %sDeletePolicyResp.%s: %s%s", - key, - e.field, - e.reason, - cause) -} - -var _ error = DeletePolicyRespValidationError{} - -var _ interface { - Field() string - Reason() string - Key() bool - Cause() error - ErrorName() string -} = DeletePolicyRespValidationError{} - // Validate checks the field values on PurgeSubjectFromPoliciesReq with the // rules defined in the proto definition for this message. If any rules are // violated, an error is returned. diff --git a/api/interservice/authz/authz.proto b/api/interservice/authz/authz.proto index 8f0295148d4..87bdbc6a540 100644 --- a/api/interservice/authz/authz.proto +++ b/api/interservice/authz/authz.proto @@ -44,62 +44,15 @@ message IsAuthorizedResp { bool authorized = 1; } -message Policy { - string action = 1; - repeated string subjects = 2; - string id = 3; - string resource = 4; - string effect = 5; - google.protobuf.Timestamp created_at = 6; - google.protobuf.Timestamp updated_at = 7; -} - -message CreatePolicyReq { - string action = 1 - [(validate.rules).string.pattern = "^[a-z][^:*]*(?::[^:*]+)*(?::[*])?$|^[*]$" ]; - repeated string subjects = 2 - [(validate.rules).repeated = { - min_items: 1, - items: { string: { pattern: "^(?:team|user):(?:local|ldap|saml):(?:[^:*]+|[*])$|^(?:(?:team|user|token|service):)?[*]$|^token:[^:*]+$|^tls:service:(?:[^:*]+:)?(?:[^:*]+|[*])$" } } - }]; - string resource = 3 - [(validate.rules).string.pattern = "^[a-z][^:*]*(?::[^:*]+)*(?::[*])?$|^[*]$" ]; -} - -message CreatePolicyResp { - Policy policy = 1; -} - -message ListPoliciesReq { -} - -message ListPoliciesResp { - repeated Policy policies = 1; -} - -message DeletePolicyReq { - string id = 1 - [(validate.rules).string.pattern = "^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-4[a-fA-F0-9]{3}-[89aAbB][a-fA-F0-9]{3}-[a-fA-F0-9]{12}$"]; -} -// Note: This regular expression describes a valid UUIDv4. It would be nice -// to make UUIDv4 a "well-known format" of protoc-gen-validate, like email -// or URI or IPv4. -// See https://github.com/envoyproxy/protoc-gen-validate/blob/930a67cf7ba4/README.md#strings -// for "well-known formats". - -message DeletePolicyResp { - Policy policy = 1; -} - message PurgeSubjectFromPoliciesReq { - // Q: Right now, this allows purging subject wildcards (like "user:*"). - // -- Do we want to restrict this to only complete subjects? - string subject = 1 - [(validate.rules).string.pattern = "^(?:team|user):(?:local|ldap|saml):(?:[^:*]+|[*])$|^(?:(?:team|user|token|service):)?[*]$|^token:[^:*]+$|^tls:service:(?:[^:*]+:)?(?:[^:*]+|[*])$"]; + // Q: Right now, this allows purging subject wildcards (like "user:*"). + // -- Do we want to restrict this to only complete subjects? + string subject = 1 + [(validate.rules).string.pattern = "^(?:team|user):(?:local|ldap|saml):(?:[^:*]+|[*])$|^(?:(?:team|user|token|service):)?[*]$|^token:[^:*]+$|^tls:service:(?:[^:*]+:)?(?:[^:*]+|[*])$"]; } message PurgeSubjectFromPoliciesResp { - repeated string ids = 1; // ids is IDs of modified policies + repeated string ids = 1; // ids is IDs of modified policies } message FilterAuthorizedPairsReq { @@ -126,8 +79,4 @@ service Authorization { rpc GetVersion (chef.automate.api.common.version.VersionInfoRequest) returns (chef.automate.api.common.version.VersionInfo) {}; rpc IsAuthorized (IsAuthorizedReq) returns (IsAuthorizedResp) {}; rpc FilterAuthorizedPairs (FilterAuthorizedPairsReq) returns (FilterAuthorizedPairsResp) {}; - rpc CreatePolicy (CreatePolicyReq) returns (CreatePolicyResp) {}; - rpc ListPolicies (ListPoliciesReq) returns (ListPoliciesResp) {}; - rpc DeletePolicy (DeletePolicyReq) returns (DeletePolicyResp) {}; - rpc PurgeSubjectFromPolicies (PurgeSubjectFromPoliciesReq) returns (PurgeSubjectFromPoliciesResp) {}; } diff --git a/api/interservice/authz/authz_test.go b/api/interservice/authz/authz_test.go index afe52c380c4..43461173f90 100644 --- a/api/interservice/authz/authz_test.go +++ b/api/interservice/authz/authz_test.go @@ -180,104 +180,6 @@ var ( } ) -func TestValidateCreatePolicyReq(t *testing.T) { - t.Run("resource", func(t *testing.T) { - cases := map[string]struct { - cases map[string]string - testFunc func(validatable) func(*testing.T) - }{ - "negative": {actionAndResourceTests.negative, expectFailure}, - "positive": {actionAndResourceTests.positive, expectSuccess}, - "variable": {actionAndResourceTests.variable, expectSuccess}, - "wildcard": {actionAndResourceTests.wildcards, expectSuccess}, - } - for class, test := range cases { - t.Run(class, func(t *testing.T) { - for name, tc := range test.cases { - t.Run(name, test.testFunc(&authz.CreatePolicyReq{ - Subjects: engine.Subject("team:local:admins"), - Resource: tc, - Action: "read", - })) - } - }) - } - }) - - t.Run("action", func(t *testing.T) { - cases := map[string]struct { - cases map[string]string - testFunc func(validatable) func(*testing.T) - }{ - "negative": {actionAndResourceTests.negative, expectFailure}, - "positive": {actionAndResourceTests.positive, expectSuccess}, - "wildcard": {actionAndResourceTests.wildcards, expectSuccess}, - } - for class, test := range cases { - t.Run(class, func(t *testing.T) { - for name, tc := range test.cases { - t.Run(name, test.testFunc(&authz.CreatePolicyReq{ - Subjects: engine.Subject("team:local:admins"), - Resource: "nodes:foo", - Action: tc, - })) - } - }) - } - }) - - t.Run("subject", func(t *testing.T) { - cases := map[string]struct { - cases map[string][]string - testFunc func(validatable) func(*testing.T) - }{ - "negative": {subjectsTests.negative, expectFailure}, - "positive": {subjectsTests.positive, expectSuccess}, - "wildcard": {subjectsTests.wildcards, expectSuccess}, - } - for class, test := range cases { - t.Run(class, func(t *testing.T) { - for name, tc := range test.cases { - t.Run(name, test.testFunc(&authz.CreatePolicyReq{ - Subjects: tc, - Resource: "nodes:foo", - Action: "read", - })) - } - }) - } - }) -} - -func TestValidateDeletePolicyReq(t *testing.T) { - negativeCases := map[string]string{ - "empty": "", - "not a UUIDv4": "IAmaUuidV4pleaseBelieveMe", - "same in length as a UUIDv4": "11111111-1111-1111-1111-111111111111", - } - positiveCases := map[string]string{ - "proper UUIDv4": "1d36c4ff-d0cb-4ad1-90ed-55a892a0d9c8", - "proper UUIDv4 with uppercase": "1D36C4FF-D0CB-4AD1-90ED-55A892A0D9C8", - "looks odd but is UUIDv4": "00000000-0000-4000-8000-000000000000", - } - - tests := map[string]struct { - cases map[string]string - testFunc func(validatable) func(*testing.T) - }{ - "negative": {negativeCases, expectFailure}, - "positive": {positiveCases, expectSuccess}, - } - - for class, test := range tests { - t.Run(class, func(t *testing.T) { - for name, tc := range test.cases { - t.Run(name, test.testFunc(&authz.DeletePolicyReq{Id: tc})) - } - }) - } -} - func TestValidateIsAuthorizedReq(t *testing.T) { // Note that wildcards are used only for defining policies, // not when checking authorization. Thus, it is useful to ensure @@ -436,32 +338,6 @@ func TestValidateFilterAuthorizedPairsReq(t *testing.T) { }) } -func TestValidatePurgeSubjectFromPolicies(t *testing.T) { - t.Run("subject", func(t *testing.T) { - cases := map[string]struct { - cases map[string][]string - testFunc func(validatable) func(*testing.T) - }{ - "negative": {subjectsTests.negative, expectFailure}, - "positive": {subjectsTests.positive, expectSuccess}, - "wildcard": {subjectsTests.wildcards, expectSuccess}, - } - for class, test := range cases { - t.Run(class, func(t *testing.T) { - for name, tc := range test.cases { - t.Run(name, func(t *testing.T) { - for _, sub := range tc { - t.Run(sub, test.testFunc(&authz.PurgeSubjectFromPoliciesReq{ - Subject: sub, - })) - } - }) - } - }) - } - }) -} - // HELPERS func expectFailure(req validatable) func(*testing.T) { diff --git a/api/interservice/authz/common/subject_purge.pb.go b/api/interservice/authz/common/subject_purge.pb.go index a003646af09..391f3f73ade 100644 --- a/api/interservice/authz/common/subject_purge.pb.go +++ b/api/interservice/authz/common/subject_purge.pb.go @@ -25,68 +25,6 @@ var _ = math.Inf // proto package needs to be updated. const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package -type ErrorShouldUseV1 struct { - XXX_NoUnkeyedLiteral struct{} `json:"-" toml:"-" mapstructure:"-,omitempty"` - XXX_unrecognized []byte `json:"-" toml:"-" mapstructure:"-,omitempty"` - XXX_sizecache int32 `json:"-" toml:"-" mapstructure:"-,omitempty"` -} - -func (m *ErrorShouldUseV1) Reset() { *m = ErrorShouldUseV1{} } -func (m *ErrorShouldUseV1) String() string { return proto.CompactTextString(m) } -func (*ErrorShouldUseV1) ProtoMessage() {} -func (*ErrorShouldUseV1) Descriptor() ([]byte, []int) { - return fileDescriptor_78588a1a247c8462, []int{0} -} - -func (m *ErrorShouldUseV1) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_ErrorShouldUseV1.Unmarshal(m, b) -} -func (m *ErrorShouldUseV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_ErrorShouldUseV1.Marshal(b, m, deterministic) -} -func (m *ErrorShouldUseV1) XXX_Merge(src proto.Message) { - xxx_messageInfo_ErrorShouldUseV1.Merge(m, src) -} -func (m *ErrorShouldUseV1) XXX_Size() int { - return xxx_messageInfo_ErrorShouldUseV1.Size(m) -} -func (m *ErrorShouldUseV1) XXX_DiscardUnknown() { - xxx_messageInfo_ErrorShouldUseV1.DiscardUnknown(m) -} - -var xxx_messageInfo_ErrorShouldUseV1 proto.InternalMessageInfo - -type ErrorShouldUseV2 struct { - XXX_NoUnkeyedLiteral struct{} `json:"-" toml:"-" mapstructure:"-,omitempty"` - XXX_unrecognized []byte `json:"-" toml:"-" mapstructure:"-,omitempty"` - XXX_sizecache int32 `json:"-" toml:"-" mapstructure:"-,omitempty"` -} - -func (m *ErrorShouldUseV2) Reset() { *m = ErrorShouldUseV2{} } -func (m *ErrorShouldUseV2) String() string { return proto.CompactTextString(m) } -func (*ErrorShouldUseV2) ProtoMessage() {} -func (*ErrorShouldUseV2) Descriptor() ([]byte, []int) { - return fileDescriptor_78588a1a247c8462, []int{1} -} - -func (m *ErrorShouldUseV2) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_ErrorShouldUseV2.Unmarshal(m, b) -} -func (m *ErrorShouldUseV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_ErrorShouldUseV2.Marshal(b, m, deterministic) -} -func (m *ErrorShouldUseV2) XXX_Merge(src proto.Message) { - xxx_messageInfo_ErrorShouldUseV2.Merge(m, src) -} -func (m *ErrorShouldUseV2) XXX_Size() int { - return xxx_messageInfo_ErrorShouldUseV2.Size(m) -} -func (m *ErrorShouldUseV2) XXX_DiscardUnknown() { - xxx_messageInfo_ErrorShouldUseV2.DiscardUnknown(m) -} - -var xxx_messageInfo_ErrorShouldUseV2 proto.InternalMessageInfo - type PurgeSubjectFromPoliciesReq struct { // Q: Right now, this allows purging subject wildcards (like "user:*"). // -- Do we want to restrict this to only complete subjects? @@ -100,7 +38,7 @@ func (m *PurgeSubjectFromPoliciesReq) Reset() { *m = PurgeSubjectFromPol func (m *PurgeSubjectFromPoliciesReq) String() string { return proto.CompactTextString(m) } func (*PurgeSubjectFromPoliciesReq) ProtoMessage() {} func (*PurgeSubjectFromPoliciesReq) Descriptor() ([]byte, []int) { - return fileDescriptor_78588a1a247c8462, []int{2} + return fileDescriptor_78588a1a247c8462, []int{0} } func (m *PurgeSubjectFromPoliciesReq) XXX_Unmarshal(b []byte) error { @@ -131,7 +69,7 @@ func (m *PurgeSubjectFromPoliciesReq) GetSubject() string { // PurgeSubjectFromPolicies() removes the passed subject from every policy, // IAM v1 _and_ IAM v2. We thus differentiate the returned "affected" arrays. type PurgeSubjectFromPoliciesResp struct { - PoliciesV1 []string `protobuf:"bytes,1,rep,name=policies_v1,json=policiesV1,proto3" json:"policies_v1,omitempty" toml:"policies_v1,omitempty" mapstructure:"policies_v1,omitempty"` + PoliciesV1 []string `protobuf:"bytes,1,rep,name=policies_v1,json=policiesV1,proto3" json:"policies_v1,omitempty" toml:"policies_v1,omitempty" mapstructure:"policies_v1,omitempty"` // Deprecated: Do not use. PoliciesV2 []string `protobuf:"bytes,2,rep,name=policies_v2,json=policiesV2,proto3" json:"policies_v2,omitempty" toml:"policies_v2,omitempty" mapstructure:"policies_v2,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-" toml:"-" mapstructure:"-,omitempty"` XXX_unrecognized []byte `json:"-" toml:"-" mapstructure:"-,omitempty"` @@ -142,7 +80,7 @@ func (m *PurgeSubjectFromPoliciesResp) Reset() { *m = PurgeSubjectFromPo func (m *PurgeSubjectFromPoliciesResp) String() string { return proto.CompactTextString(m) } func (*PurgeSubjectFromPoliciesResp) ProtoMessage() {} func (*PurgeSubjectFromPoliciesResp) Descriptor() ([]byte, []int) { - return fileDescriptor_78588a1a247c8462, []int{3} + return fileDescriptor_78588a1a247c8462, []int{1} } func (m *PurgeSubjectFromPoliciesResp) XXX_Unmarshal(b []byte) error { @@ -163,6 +101,7 @@ func (m *PurgeSubjectFromPoliciesResp) XXX_DiscardUnknown() { var xxx_messageInfo_PurgeSubjectFromPoliciesResp proto.InternalMessageInfo +// Deprecated: Do not use. func (m *PurgeSubjectFromPoliciesResp) GetPoliciesV1() []string { if m != nil { return m.PoliciesV1 @@ -178,8 +117,6 @@ func (m *PurgeSubjectFromPoliciesResp) GetPoliciesV2() []string { } func init() { - proto.RegisterType((*ErrorShouldUseV1)(nil), "chef.automate.domain.authz.common.ErrorShouldUseV1") - proto.RegisterType((*ErrorShouldUseV2)(nil), "chef.automate.domain.authz.common.ErrorShouldUseV2") proto.RegisterType((*PurgeSubjectFromPoliciesReq)(nil), "chef.automate.domain.authz.common.PurgeSubjectFromPoliciesReq") proto.RegisterType((*PurgeSubjectFromPoliciesResp)(nil), "chef.automate.domain.authz.common.PurgeSubjectFromPoliciesResp") } @@ -189,32 +126,31 @@ func init() { } var fileDescriptor_78588a1a247c8462 = []byte{ - // 390 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x92, 0x41, 0x6a, 0xdb, 0x40, - 0x14, 0x86, 0x3b, 0x35, 0xb4, 0x78, 0xda, 0x45, 0xd1, 0xa6, 0xc2, 0x2d, 0xd4, 0x15, 0x5e, 0x48, - 0x2e, 0x68, 0x90, 0x0a, 0xa5, 0x68, 0x51, 0x81, 0xa1, 0x5d, 0x1b, 0x9b, 0x7a, 0x51, 0x63, 0xbb, - 0x63, 0x69, 0x6a, 0x4d, 0x3b, 0xd2, 0xa8, 0x33, 0x23, 0x2f, 0xc2, 0x5c, 0x22, 0x10, 0xc8, 0xca, - 0x57, 0xc8, 0x3a, 0x64, 0x95, 0x63, 0xe4, 0x0a, 0xb9, 0x45, 0x90, 0x2c, 0x91, 0xc4, 0xc4, 0xce, - 0x22, 0x3b, 0xbd, 0x9f, 0xff, 0xfb, 0xdf, 0xd3, 0xbc, 0x07, 0x3d, 0x9c, 0x53, 0x44, 0x33, 0x45, - 0x84, 0x24, 0x62, 0x4d, 0x23, 0x82, 0x70, 0xa1, 0x92, 0x23, 0x14, 0xf1, 0x34, 0xe5, 0x19, 0x92, - 0xc5, 0xf2, 0x2f, 0x89, 0xd4, 0x22, 0x2f, 0xc4, 0x8a, 0xb8, 0xb9, 0xe0, 0x8a, 0x1b, 0x1f, 0xa3, - 0x84, 0xfc, 0x71, 0x71, 0xa1, 0x78, 0x8a, 0x15, 0x71, 0x63, 0x9e, 0x62, 0x9a, 0xb9, 0x15, 0xe6, - 0x6e, 0xb1, 0xce, 0xdb, 0x35, 0x66, 0x34, 0xc6, 0x8a, 0xa0, 0xe6, 0x63, 0xcb, 0x5a, 0x06, 0x7c, - 0xf3, 0x5d, 0x08, 0x2e, 0xc6, 0x09, 0x2f, 0x58, 0xfc, 0x53, 0x92, 0x89, 0xf7, 0x80, 0xe6, 0x5b, - 0x57, 0x00, 0xbe, 0x1b, 0x96, 0x3d, 0xc7, 0xdb, 0x01, 0x7e, 0x08, 0x9e, 0x0e, 0x39, 0xa3, 0x11, - 0x25, 0x72, 0x44, 0xfe, 0x1b, 0xe7, 0x00, 0xbe, 0xac, 0x67, 0x33, 0x41, 0x17, 0xd8, 0xed, 0xc1, - 0x06, 0x5c, 0x5c, 0x5f, 0xb6, 0x4e, 0x81, 0x38, 0x01, 0xfe, 0x31, 0x98, 0xdb, 0x61, 0xa0, 0x08, - 0x4e, 0x75, 0x21, 0x89, 0x70, 0x02, 0x3b, 0x0c, 0x18, 0x8f, 0x30, 0xd3, 0x2c, 0xc6, 0xb9, 0x96, - 0x38, 0x65, 0x95, 0x36, 0x9d, 0x07, 0xfd, 0xd9, 0x27, 0x3d, 0xed, 0xcf, 0x9c, 0x9e, 0x2e, 0x91, - 0xbb, 0x94, 0x56, 0xfc, 0x1f, 0xc9, 0x74, 0xfd, 0x2c, 0x4e, 0xe0, 0x84, 0xd3, 0xfe, 0xac, 0xa7, - 0xe7, 0x95, 0x5c, 0xa3, 0x65, 0xc9, 0x64, 0x50, 0x7b, 0x6e, 0x23, 0x03, 0x27, 0xdc, 0x89, 0x1f, - 0x35, 0xe3, 0x5a, 0xbf, 0xe1, 0xfb, 0xfd, 0x7f, 0x26, 0x73, 0xe3, 0x03, 0x7c, 0x95, 0xd7, 0xf5, - 0x62, 0xed, 0x99, 0xa0, 0xdb, 0xb2, 0xdb, 0x23, 0xd8, 0x48, 0x13, 0xef, 0xbe, 0xc1, 0x37, 0x9f, - 0xef, 0x18, 0x7c, 0xff, 0x0c, 0xc0, 0xd7, 0x75, 0x7a, 0xd5, 0xc9, 0xd8, 0x00, 0x68, 0xee, 0xeb, - 0x69, 0x7c, 0x73, 0x1f, 0xdd, 0xa7, 0x7b, 0x60, 0x15, 0x9d, 0xf0, 0x49, 0xbc, 0xcc, 0xad, 0x67, - 0x83, 0xaf, 0xbf, 0xbe, 0xac, 0xa8, 0x4a, 0x8a, 0x65, 0xe9, 0x47, 0x65, 0x1c, 0x6a, 0xe2, 0xd0, - 0xc1, 0xfb, 0x5c, 0xbe, 0xa8, 0xce, 0xea, 0xf3, 0x4d, 0x00, 0x00, 0x00, 0xff, 0xff, 0x62, 0x79, - 0x01, 0x84, 0xc7, 0x02, 0x00, 0x00, + // 371 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x92, 0xc1, 0x4a, 0xf3, 0x40, + 0x14, 0x85, 0xff, 0x69, 0xe1, 0x97, 0x8e, 0xae, 0xb2, 0x31, 0x54, 0xc1, 0x5a, 0xbb, 0x48, 0x2a, + 0x64, 0x68, 0x04, 0x91, 0x2c, 0x0c, 0x74, 0xe1, 0xba, 0x54, 0x70, 0x61, 0x69, 0xcb, 0x34, 0x19, + 0xdb, 0xd1, 0x24, 0x33, 0xce, 0x4c, 0xba, 0x90, 0x79, 0x09, 0x41, 0x70, 0xd5, 0x57, 0x70, 0x2d, + 0xae, 0x7c, 0x0c, 0x5f, 0xc1, 0xb7, 0x90, 0xa4, 0x09, 0x16, 0xa1, 0x75, 0xe1, 0x6e, 0xee, 0xe5, + 0x7c, 0xe7, 0xcc, 0xe5, 0x5e, 0xd8, 0xc1, 0x9c, 0x22, 0x9a, 0x28, 0x22, 0x24, 0x11, 0x73, 0x1a, + 0x10, 0x84, 0x53, 0x35, 0x7b, 0x40, 0x01, 0x8b, 0x63, 0x96, 0x20, 0x99, 0x4e, 0x6e, 0x49, 0xa0, + 0xc6, 0x3c, 0x15, 0x53, 0xe2, 0x70, 0xc1, 0x14, 0x33, 0x0e, 0x83, 0x19, 0xb9, 0x71, 0x70, 0xaa, + 0x58, 0x8c, 0x15, 0x71, 0x42, 0x16, 0x63, 0x9a, 0x38, 0x39, 0xe6, 0x2c, 0xb1, 0xfa, 0xee, 0x1c, + 0x47, 0x34, 0xc4, 0x8a, 0xa0, 0xf2, 0xb1, 0x64, 0x9b, 0x1f, 0x00, 0xee, 0xf5, 0x32, 0xaf, 0xcb, + 0xa5, 0xf1, 0x85, 0x60, 0x71, 0x8f, 0x45, 0x34, 0xa0, 0x44, 0xf6, 0xc9, 0xbd, 0xf1, 0x0a, 0xe0, + 0x56, 0x91, 0x69, 0x82, 0x06, 0xb0, 0x6a, 0xdd, 0x05, 0x78, 0xfb, 0x7c, 0xaf, 0x3e, 0x03, 0xf1, + 0x04, 0xdc, 0x47, 0x30, 0xb2, 0x7c, 0x4f, 0x11, 0x1c, 0xeb, 0x54, 0x12, 0x61, 0x7b, 0x96, 0xef, + 0x45, 0x2c, 0xc0, 0x91, 0x8e, 0x42, 0xcc, 0xb5, 0xc4, 0x71, 0x94, 0xf7, 0x06, 0x23, 0xaf, 0x3d, + 0x3c, 0xd6, 0x83, 0xf6, 0xd0, 0x6e, 0xe9, 0x0c, 0x59, 0xa5, 0xb4, 0x62, 0x77, 0x24, 0xd1, 0xc5, + 0xb8, 0xb6, 0x67, 0xfb, 0x83, 0xf6, 0xb0, 0xa5, 0x47, 0x79, 0xbb, 0x40, 0xb3, 0x32, 0x92, 0x5e, + 0xa1, 0xf9, 0xb6, 0xf4, 0x6c, 0xff, 0x87, 0x7d, 0xbf, 0xfc, 0x6e, 0x33, 0x84, 0xfb, 0xeb, 0x27, + 0x93, 0xdc, 0x38, 0x82, 0xdb, 0xbc, 0xa8, 0xc7, 0xf3, 0x8e, 0x09, 0x1a, 0x55, 0xab, 0xd6, 0xad, + 0x98, 0xa0, 0x0f, 0xcb, 0xf6, 0x55, 0xc7, 0x38, 0x58, 0x15, 0xb9, 0x66, 0x25, 0x13, 0xad, 0x08, + 0x5c, 0xf7, 0x05, 0xc0, 0x9d, 0x22, 0x21, 0x4f, 0x33, 0x16, 0x00, 0x9a, 0xeb, 0x72, 0x8d, 0x73, + 0xe7, 0xd7, 0x5d, 0x39, 0x1b, 0xd6, 0x51, 0xf7, 0xff, 0xc4, 0x4b, 0xde, 0xfc, 0xd7, 0x3d, 0xbb, + 0x3e, 0x9d, 0x52, 0x35, 0x4b, 0x27, 0x99, 0x1e, 0x65, 0x76, 0xa8, 0xb4, 0x43, 0x1b, 0x6f, 0x6f, + 0xf2, 0x3f, 0x3f, 0x99, 0x93, 0xaf, 0x00, 0x00, 0x00, 0xff, 0xff, 0xfb, 0x3d, 0x4e, 0x7f, 0xa3, + 0x02, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. diff --git a/api/interservice/authz/common/subject_purge.pb.validate.go b/api/interservice/authz/common/subject_purge.pb.validate.go index 7302621a1c3..8a4c3c6d350 100644 --- a/api/interservice/authz/common/subject_purge.pb.validate.go +++ b/api/interservice/authz/common/subject_purge.pb.validate.go @@ -33,136 +33,6 @@ var ( _ = ptypes.DynamicAny{} ) -// Validate checks the field values on ErrorShouldUseV1 with the rules defined -// in the proto definition for this message. If any rules are violated, an -// error is returned. -func (m *ErrorShouldUseV1) Validate() error { - if m == nil { - return nil - } - - return nil -} - -// ErrorShouldUseV1ValidationError is the validation error returned by -// ErrorShouldUseV1.Validate if the designated constraints aren't met. -type ErrorShouldUseV1ValidationError struct { - field string - reason string - cause error - key bool -} - -// Field function returns field value. -func (e ErrorShouldUseV1ValidationError) Field() string { return e.field } - -// Reason function returns reason value. -func (e ErrorShouldUseV1ValidationError) Reason() string { return e.reason } - -// Cause function returns cause value. -func (e ErrorShouldUseV1ValidationError) Cause() error { return e.cause } - -// Key function returns key value. -func (e ErrorShouldUseV1ValidationError) Key() bool { return e.key } - -// ErrorName returns error name. -func (e ErrorShouldUseV1ValidationError) ErrorName() string { return "ErrorShouldUseV1ValidationError" } - -// Error satisfies the builtin error interface -func (e ErrorShouldUseV1ValidationError) Error() string { - cause := "" - if e.cause != nil { - cause = fmt.Sprintf(" | caused by: %v", e.cause) - } - - key := "" - if e.key { - key = "key for " - } - - return fmt.Sprintf( - "invalid %sErrorShouldUseV1.%s: %s%s", - key, - e.field, - e.reason, - cause) -} - -var _ error = ErrorShouldUseV1ValidationError{} - -var _ interface { - Field() string - Reason() string - Key() bool - Cause() error - ErrorName() string -} = ErrorShouldUseV1ValidationError{} - -// Validate checks the field values on ErrorShouldUseV2 with the rules defined -// in the proto definition for this message. If any rules are violated, an -// error is returned. -func (m *ErrorShouldUseV2) Validate() error { - if m == nil { - return nil - } - - return nil -} - -// ErrorShouldUseV2ValidationError is the validation error returned by -// ErrorShouldUseV2.Validate if the designated constraints aren't met. -type ErrorShouldUseV2ValidationError struct { - field string - reason string - cause error - key bool -} - -// Field function returns field value. -func (e ErrorShouldUseV2ValidationError) Field() string { return e.field } - -// Reason function returns reason value. -func (e ErrorShouldUseV2ValidationError) Reason() string { return e.reason } - -// Cause function returns cause value. -func (e ErrorShouldUseV2ValidationError) Cause() error { return e.cause } - -// Key function returns key value. -func (e ErrorShouldUseV2ValidationError) Key() bool { return e.key } - -// ErrorName returns error name. -func (e ErrorShouldUseV2ValidationError) ErrorName() string { return "ErrorShouldUseV2ValidationError" } - -// Error satisfies the builtin error interface -func (e ErrorShouldUseV2ValidationError) Error() string { - cause := "" - if e.cause != nil { - cause = fmt.Sprintf(" | caused by: %v", e.cause) - } - - key := "" - if e.key { - key = "key for " - } - - return fmt.Sprintf( - "invalid %sErrorShouldUseV2.%s: %s%s", - key, - e.field, - e.reason, - cause) -} - -var _ error = ErrorShouldUseV2ValidationError{} - -var _ interface { - Field() string - Reason() string - Key() bool - Cause() error - ErrorName() string -} = ErrorShouldUseV2ValidationError{} - // Validate checks the field values on PurgeSubjectFromPoliciesReq with the // rules defined in the proto definition for this message. If any rules are // violated, an error is returned. diff --git a/api/interservice/authz/common/subject_purge.proto b/api/interservice/authz/common/subject_purge.proto index ab4acadc50e..e02b1508b0f 100644 --- a/api/interservice/authz/common/subject_purge.proto +++ b/api/interservice/authz/common/subject_purge.proto @@ -5,9 +5,6 @@ import "validate/validate.proto"; package chef.automate.domain.authz.common; option go_package = "github.com/chef/automate/api/interservice/authz/common"; -message ErrorShouldUseV1 {}; -message ErrorShouldUseV2 {}; - message PurgeSubjectFromPoliciesReq { // Q: Right now, this allows purging subject wildcards (like "user:*"). // -- Do we want to restrict this to only complete subjects? @@ -18,7 +15,7 @@ message PurgeSubjectFromPoliciesReq { // PurgeSubjectFromPolicies() removes the passed subject from every policy, // IAM v1 _and_ IAM v2. We thus differentiate the returned "affected" arrays. message PurgeSubjectFromPoliciesResp { - repeated string policies_v1 = 1; + repeated string policies_v1 = 1 [deprecated = true]; repeated string policies_v2 = 2; } diff --git a/components/authz-service/README.md b/components/authz-service/README.md index 23800ba19e1..c3fad53fd4e 100644 --- a/components/authz-service/README.md +++ b/components/authz-service/README.md @@ -668,7 +668,7 @@ With those preliminaries, the following concise syntax gives you access to the P This endpoint lists all the policies currently in the policy store. ```bash -curl -sSkH "$TOKEN_ARG" $TARGET_HOST/auth/policies | jq . +curl -sSkH "$TOKEN_ARG" $TARGET_HOST/apis/iam/v2/policies | jq . ``` #### Introspect Permissions for Current User @@ -686,7 +686,7 @@ curl -sSkH "$TOKEN_ARG" $TARGET_HOST/auth/introspect | jq . This command executes an HTTP `POST` request. ```bash -curl -sSkH "$TOKEN_ARG" $TARGET_HOST/auth/policies --data "$(jo -p subjects=$(jo -a user:local:test@example.com) resource=auth:teams:* action=read version=v0)" | jq . +curl -sSkH "$TOKEN_ARG" $TARGET_HOST/apis/iam/v2/policies --data "$(jo -p subjects=$(jo -a user:local:test@example.com) resource=auth:teams:* action=read version=v0)" | jq . ``` #### Delete Policy @@ -695,7 +695,7 @@ Use "List Policies" above to find the unique identifier for the policy you wish and supply it here with an HTTP `DELETE` request. ```bash -curl -sSkH "$TOKEN_ARG" $TARGET_HOST/auth/policies/f4fd7963-21db-4b5b-a8df-aa688056ed9d --request DELETE | jq . +curl -sSkH "$TOKEN_ARG" $TARGET_HOST/apis/iam/v2/policies/f4fd7963-21db-4b5b-a8df-aa688056ed9d --request DELETE | jq . ``` ### Introspection (How to Query Permissions) diff --git a/components/authz-service/server/server.go b/components/authz-service/server/server.go index e93cf670f26..53dfb290e31 100644 --- a/components/authz-service/server/server.go +++ b/components/authz-service/server/server.go @@ -98,7 +98,7 @@ func NewGRPCServer(ctx context.Context, return nil, errors.Wrap(err, "could not initialize v2 policy server") } - subjectPurgeServer, err := v2.NewSubjectPurgeServer(ctx, l, v1Server, v2PolServer) + subjectPurgeServer, err := v2.NewSubjectPurgeServer(ctx, l, v2PolServer) if err != nil { return nil, errors.Wrap(err, "could not initialize subject purge server") } diff --git a/components/authz-service/server/v1/server.go b/components/authz-service/server/v1/server.go index 5121ae163b9..a43bbe6049b 100644 --- a/components/authz-service/server/v1/server.go +++ b/components/authz-service/server/v1/server.go @@ -3,10 +3,7 @@ package v1 import ( "context" "fmt" - "time" - "github.com/golang/protobuf/ptypes" - "github.com/golang/protobuf/ptypes/timestamp" "github.com/pkg/errors" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" @@ -16,7 +13,6 @@ import ( api_v2 "github.com/chef/automate/api/interservice/authz/v2" "github.com/chef/automate/components/authz-service/constants" "github.com/chef/automate/components/authz-service/engine" - storage_errors "github.com/chef/automate/components/authz-service/storage" "github.com/chef/automate/components/authz-service/storage/postgres/datamigration" "github.com/chef/automate/components/authz-service/storage/postgres/migration" storage "github.com/chef/automate/components/authz-service/storage/v1" @@ -159,143 +155,6 @@ func toEnginePairs(pairs []*authz.Pair) []engine.Pair { return ps } -// CreatePolicy allows the user to persist a policy that informs AuthZ rules. -func (s *Server) CreatePolicy( - ctx context.Context, - req *authz.CreatePolicyReq) (*authz.CreatePolicyResp, error) { - - var policy *storage.Policy - var err error - if policy, err = s.storage.StorePolicy(ctx, req.Action, req.Subjects, req.Resource, DefaultEffect); err != nil { - return nil, unexpectedError(err) - } - - if err = s.updateEngineStore(ctx); err != nil { - return nil, unexpectedError(err) - } - - pol, err := fromStorage(policy) - if err != nil { - return nil, unexpectedError(err) - } - return &authz.CreatePolicyResp{ - Policy: pol, - }, nil -} - -// ListPolicies returns a list of all policies from storage. -func (s *Server) ListPolicies( - ctx context.Context, - req *authz.ListPoliciesReq) (*authz.ListPoliciesResp, error) { - - var policies []*storage.Policy - var err error - if policies, err = s.storage.ListPolicies(ctx); err != nil { - return nil, unexpectedError(err) - } - - pols, err := fromStorageToList(policies) - if err != nil { - return nil, unexpectedError(err) - } - - return &authz.ListPoliciesResp{ - Policies: pols, - }, nil -} - -// DeletePolicy removes a policy from storage by id. -func (s *Server) DeletePolicy( - ctx context.Context, - req *authz.DeletePolicyReq) (*authz.DeletePolicyResp, error) { - - var policy *storage.Policy - var err error - if policy, err = s.storage.DeletePolicy(ctx, req.Id); err != nil { - switch err { - case storage_errors.ErrNotFound: - return nil, status.Errorf(codes.NotFound, "no policy with id %q found to delete", req.Id) - case storage_errors.ErrCannotDelete: - return nil, status.Errorf(codes.InvalidArgument, - "policy with id %q is marked as non-deletable and cannot be removed", req.Id) - } - return nil, unexpectedError(err) - } - - if err = s.updateEngineStore(ctx); err != nil { - return nil, unexpectedError(err) - } - - pol, err := fromStorage(policy) - if err != nil { - return nil, unexpectedError(err) - } - return &authz.DeletePolicyResp{ - Policy: pol, - }, nil -} - -func (s *Server) PurgeSubjectFromPolicies( - ctx context.Context, - req *authz.PurgeSubjectFromPoliciesReq) (*authz.PurgeSubjectFromPoliciesResp, error) { - policies, err := s.storage.PurgeSubjectFromPolicies(ctx, req.Subject) - if err != nil { - return nil, unexpectedError(err) - } - - err = s.updateEngineStore(ctx) - if err != nil { - return nil, unexpectedError(err) - } - - polIDs := make([]string, len(policies)) - for i := range policies { - polIDs[i] = policies[i].String() - } - - return &authz.PurgeSubjectFromPoliciesResp{Ids: polIDs}, nil -} - -func fromStorage(s *storage.Policy) (*authz.Policy, error) { - createdAt, err := ptypes.TimestampProto(s.CreatedAt) - if err != nil { - return nil, errors.Wrapf(err, "could not convert policy with ID %q from database.", s.ID) - } - - var updatedAt *timestamp.Timestamp - unset := time.Time{} - if s.UpdatedAt != unset { - updatedAt, err = ptypes.TimestampProto(s.UpdatedAt) - if err != nil { - return nil, errors.Wrapf(err, "could not convert policy with ID %q from database.", s.ID) - } - } - p := authz.Policy{ - Action: s.Action, - Id: s.ID.String(), - Resource: s.Resource, - Subjects: s.Subjects, - Effect: s.Effect, - CreatedAt: createdAt, - UpdatedAt: updatedAt, - } - return &p, nil -} - -func fromStorageToList(sl []*storage.Policy) ([]*authz.Policy, error) { - tl := make([]*authz.Policy, len(sl)) - - for i, policy := range sl { - pol, err := fromStorage(policy) - if err != nil { - return nil, err - } - tl[i] = pol - } - - return tl, nil -} - func unexpectedError(err error) error { return status.Error(codes.Internal, err.Error()) } diff --git a/components/authz-service/server/v1/server_test.go b/components/authz-service/server/v1/server_test.go index 2389e8a8fa6..48b97d5ea7d 100644 --- a/components/authz-service/server/v1/server_test.go +++ b/components/authz-service/server/v1/server_test.go @@ -6,11 +6,8 @@ import ( "errors" "net/url" "os" - "reflect" "testing" - "time" - "github.com/golang/protobuf/ptypes" grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -20,9 +17,7 @@ import ( "google.golang.org/grpc/reflection" "github.com/chef/automate/api/interservice/authz" - constants "github.com/chef/automate/components/authz-service/constants/v1" "github.com/chef/automate/components/authz-service/engine" - "github.com/chef/automate/components/authz-service/engine/opa" grpc_server "github.com/chef/automate/components/authz-service/server" server "github.com/chef/automate/components/authz-service/server/v1" "github.com/chef/automate/components/authz-service/storage/postgres/datamigration" @@ -50,23 +45,6 @@ CREATE SCHEMA public; GRANT ALL ON SCHEMA public TO postgres; GRANT ALL ON SCHEMA public TO public;` -// Some common, arbitrary policy definitions. -var req1 = &authz.CreatePolicyReq{ - Action: "actionone", - Subjects: []string{"user:local:subject1", "user:local:subject2"}, - Resource: "resource:1", -} -var req2 = &authz.CreatePolicyReq{ - Action: "actiontwo", - Subjects: []string{"team:local:team1"}, - Resource: "resource:two", -} -var req3 = &authz.CreatePolicyReq{ - Action: "actionthree", - Subjects: []string{"user:local:subject1", "user:local:subject2", "user:local:subject3", "user:local:subject4"}, - Resource: "resource:-3", -} - // ******************************** TEST SUITES ******************************** func setup(t *testing.T) map[string]authz.AuthorizationClient { @@ -226,328 +204,6 @@ func TestFilterAuthorizedPairs(t *testing.T) { } } -func TestCreatePolicy(t *testing.T) { - cls := setup(t) - for desc, cl := range cls { - t.Run(desc, func(t *testing.T) { - t.Run("successfully creates policy", func(t *testing.T) { - subjTests := map[string][]string{ - "single subject": {"user:local:subject1"}, - "multiple subjects": {"user:local:subject1", "user:local:subject2", "user:local:subject3"}, - "subject with long name": {"user:local:long-long-long-long-long-long-long-long-long-name-here"}, - "one-character long subject name": {"user:local:a"}, - } - for desc, tc := range subjTests { - t.Run("with valid action and "+desc, expectSuccess(cl, authz.CreatePolicyReq{ - Action: "action", - Subjects: tc, - Resource: "resource:1", - })) - } - - actTests := map[string]string{ - "single action": "one", - "action with long name": "longlonglonglonglonglonglonglonglongactionhere", - "shortest possible action": "a", - "wildcard action": "*", - } - for desc, tc := range actTests { - t.Run("with valid subject and "+desc, expectSuccess(cl, authz.CreatePolicyReq{ - Action: tc, - Subjects: []string{"user:local:subject1", "user:local:subject2"}, - Resource: "resource:1", - })) - } - - resTests := map[string]string{ - "short resource": "one", - "resource with long name": "longlonglonglonglonglonglonglonglongresourcehere", - "shortest possible resource": "a", - "wildcard resource": "*", - "wildcard resource with namespace": "foo:*", - "resource with variable": "foo:bar:${a2:username}", - "wildcard resource with variable": "foo:${a2:username}:*", - } - for desc, tc := range resTests { - t.Run("with valid subject and "+desc, expectSuccess(cl, authz.CreatePolicyReq{ - Action: "dothings", - Subjects: []string{"user:local:subject1", "user:local:subject2"}, - Resource: tc, - })) - } - }) - - t.Run("returns InvalidArgument", func(t *testing.T) { - tests := map[string]authz.CreatePolicyReq{ - "no subject submitted": { - Action: "action", - Subjects: []string{}, - Resource: "resource:1", - }, - "no action submitted": { - Action: "", - Subjects: []string{"user:local:subject1", "user:local:subject2", "user:local:subject3"}, - Resource: "resource:1", - }, - "no resource submitted": { - Action: "someaction", - Subjects: []string{"user:local:subject1", "user:local:subject2", "user:local:subject3"}, - Resource: "", - }, - } - for desc, tc := range tests { - t.Run(desc, expectFailureWithCode(cl, codes.InvalidArgument, tc)) - } - }) - }) - } -} - -func TestListPolicies(t *testing.T) { - ctx := context.Background() - cls := setup(t) - for desc, cl := range cls { - t.Run(desc, func(t *testing.T) { - t.Run("returns a list of policies", func(t *testing.T) { - tests := []struct { - policies []*authz.CreatePolicyReq - desc string - }{ - {[]*authz.CreatePolicyReq{req1, req2, req3}, "multiple policies"}, - {[]*authz.CreatePolicyReq{req3}, "a single policy"}, - {[]*authz.CreatePolicyReq{}, "no policies"}, - } - for _, test := range tests { - t.Run("for "+test.desc, func(t *testing.T) { - assertPolicyStoreLength(ctx, t, cl, 0) - policyResponses := generateTestPolicies(ctx, t, cl, test.policies) - - list, err := cl.ListPolicies(ctx, &authz.ListPoliciesReq{}) - - require.NoError(t, err) - require.NotNil(t, list) - assert.Equal(t, len(test.policies)+len(constants.DefaultPolicyIDs), len(list.Policies)) - for _, policy := range test.policies { - assert.True(t, listContainsPolicy(list.Policies, policy)) - } - - cleanupPolicies(ctx, t, cl, policyResponses) - }) - } - }) - }) - } -} - -func TestDeletePolicy(t *testing.T) { - ctx := context.Background() - cls := setup(t) - for desc, cl := range cls { - t.Run(desc, func(t *testing.T) { - t.Run("successfully deletes user created policies", func(t *testing.T) { - tests := []struct { - policies []*authz.CreatePolicyReq - desc string - }{ - {[]*authz.CreatePolicyReq{req1, req2, req3}, "multiple policies"}, - {[]*authz.CreatePolicyReq{req3}, "a single policy"}, - } - for _, test := range tests { - t.Run("when store contains "+test.desc, func(t *testing.T) { - assertPolicyStoreLength(ctx, t, cl, 0) - policyResponses := generateTestPolicies(ctx, t, cl, test.policies) - assertPolicyStoreLength(ctx, t, cl, len(test.policies)) - req := &authz.DeletePolicyReq{ - // TODO: nicer to pick a random one rather than always pick the first one - Id: policyResponses[0], - } - - resp, err := cl.DeletePolicy(ctx, req) - - assertPolicyStoreLength(ctx, t, cl, len(test.policies)-1) - require.NoError(t, err) - require.NotNil(t, resp) - assert.Equal(t, resp.Policy.Action, test.policies[0].Action) - assert.Equal(t, resp.Policy.Subjects, test.policies[0].Subjects) - assert.Equal(t, resp.Policy.Resource, test.policies[0].Resource) - - cleanupPoliciesExceptOne(ctx, t, cl, policyResponses, req.Id) - }) - } - }) - - t.Run("successfully deletes default policies", func(t *testing.T) { - for _, id := range constants.DeletablePolicyIDs { - - assertPolicyStoreLength(ctx, t, cl, 0) - - resp, err := cl.DeletePolicy(ctx, &authz.DeletePolicyReq{Id: id}) - - require.NoError(t, err) - require.NotNil(t, resp) - assertPolicyStoreLength(ctx, t, cl, -1) - - // Cleanup - // TODO (tc) Not gonna have the correct UUID after test executes, - // but is that ok for now? - policies, err := storage.DefaultPolicies() - require.NoError(t, err) - policy := policies[id] - _, err = cl.CreatePolicy(ctx, &authz.CreatePolicyReq{ - Action: policy.Action, - Subjects: policy.Subjects, - Resource: policy.Resource, - }) - require.NoError(t, err) - } - }) - - t.Run("fails to delete non-deletable policies", func(t *testing.T) { - for _, id := range constants.NonDeletablePolicyIDs { - assertPolicyStoreLength(ctx, t, cl, 0) - - resp, err := cl.DeletePolicy(ctx, &authz.DeletePolicyReq{Id: id}) - - require.Nil(t, resp) - grpctest.AssertCode(t, codes.InvalidArgument, err) - assertPolicyStoreLength(ctx, t, cl, 0) - } - }) - - t.Run("fails to delete the policy when the ID does not exist", func(t *testing.T) { - tests := []struct { - policies []*authz.CreatePolicyReq - desc string - }{ - {[]*authz.CreatePolicyReq{req1, req2, req3}, "multiple policies"}, - {[]*authz.CreatePolicyReq{req3}, "a single policy"}, - {[]*authz.CreatePolicyReq{}, "no policies"}, - } - for _, test := range tests { - t.Run("when store contains "+test.desc, func(t *testing.T) { - assertPolicyStoreLength(ctx, t, cl, 0) - testPolicies := []*authz.CreatePolicyReq{req1, req2, req3} - policyResponses := generateTestPolicies(ctx, t, cl, testPolicies) - assertPolicyStoreLength(ctx, t, cl, len(testPolicies)) - req := &authz.DeletePolicyReq{ - // Not a GUID that exists - Id: "97e01ea1-976e-4626-88c8-43345c5d934f", - } - - resp, err := cl.DeletePolicy(ctx, req) - - require.Nil(t, resp) - grpctest.AssertCode(t, codes.NotFound, err) - cleanupPolicies(ctx, t, cl, policyResponses) - }) - } - }) - - t.Run("returns InvalidArgument", func(t *testing.T) { - tests := map[string]authz.DeletePolicyReq{ - "no ID submitted": {}, - "submitted ID is no UUIDv4": {Id: "35bffbab-3a49-dd8a-94a1-9ea87ec5c3cc"}, - } - for desc, tc := range tests { - t.Run(desc, func(t *testing.T) { - resp, err := cl.DeletePolicy(ctx, &tc) - require.Nil(t, resp) - grpctest.AssertCode(t, codes.InvalidArgument, err) - }) - } - }) - }) - } -} - -func TestPurgeSubjectFromPolicies(t *testing.T) { - ctx := context.Background() - cls := setup(t) - for desc, cl := range cls { - t.Run(desc, func(t *testing.T) { - // set the stage: create some background noise policies - assertPolicyStoreLength(ctx, t, cl, 0) - testPolicies := []*authz.CreatePolicyReq{req1, req2, req3} - policyResponses := generateTestPolicies(ctx, t, cl, testPolicies) - defer cleanupPolicies(ctx, t, cl, policyResponses) - assertPolicyStoreLength(ctx, t, cl, len(testPolicies)) - - subjTests := map[string][][]string{ - "single subject": {{"user:local:purge"}}, - "multiple subjects (first)": {{"user:local:purge", "user:local:subject2", "user:local:subject3"}}, - "multiple subjects (last)": {{"user:local:subject0", "user:local:purge"}}, - "single subjects (multiple)": {{"user:local:purge"}, {"user:local:purge"}}, - "multiple subjects (first, multiple)": {{"user:local:purge"}, {"user:local:purge", "user:local:subject0"}}, - "multiple subjects (last, multiple)": {{"user:local:purge"}, {"user:local:subject0", "user:local:purge"}}, - } - for desc, tc := range subjTests { - t.Run("with existing matching policy having "+desc, func(t *testing.T) { - // save list response to compare non-affected policies below - listRespPre, err := cl.ListPolicies(ctx, &authz.ListPoliciesReq{}) - require.NoError(t, err) - - // arrange - var ids []string - for _, subs := range tc { - createResp, err := cl.CreatePolicy(ctx, &authz.CreatePolicyReq{ - Subjects: subs, - Action: "read", - Resource: "nodes:info", - }) - require.NoError(t, err) - ids = append(ids, createResp.Policy.Id) - } - - // act - resp, err := cl.PurgeSubjectFromPolicies(ctx, &authz.PurgeSubjectFromPoliciesReq{Subject: "user:local:purge"}) - require.NoError(t, err) - - // assert - assert.ElementsMatch(t, ids, resp.Ids) - - listResp, err := cl.ListPolicies(ctx, &authz.ListPoliciesReq{}) - require.NoError(t, err) - for _, pol := range listResp.Policies { - assert.NotContains(t, pol.Subjects, "user:local:purge") - - for i := range ids { - if pol.Id == ids[i] { - ts, err := ptypes.Timestamp(pol.GetUpdatedAt()) - require.NoError(t, err) - assert.WithinDuration(t, time.Now(), ts, time.Second) - } - } - } - - // Note: we don't allow creating unattached policies (yet), so to test - // that subject purging works OK with policies that are already - // unattached, we simply run it again. The "single subject" policy - // will be unattached when we reach this test. - resp, err = cl.PurgeSubjectFromPolicies(ctx, &authz.PurgeSubjectFromPoliciesReq{Subject: "user:local:purge"}) - require.NoError(t, err) - assert.Nil(t, resp.Ids) - - // compare pre-purge list response with post-purge list response - // first, we drop the policies we've created for purging their subject - cleanupPolicies(ctx, t, cl, ids) - // listing again, to not include the one we've just deleted - listResp, err = cl.ListPolicies(ctx, &authz.ListPoliciesReq{}) - require.NoError(t, err) - assert.ElementsMatch(t, listRespPre.Policies, listResp.Policies) - }) - } - - t.Run("non-deletable policies are skipped", func(t *testing.T) { - // Note: We cannot create a non-deletable policy from the API, so this - // test is using one of our non-deletable default policies. - resp, err := cl.PurgeSubjectFromPolicies(ctx, &authz.PurgeSubjectFromPoliciesReq{Subject: "team:local:admins"}) - require.NoError(t, err) - assert.Nil(t, resp.Ids) - }) - }) - } -} - func TestAuthzGRPCWithEngineError(t *testing.T) { ctx, cancel := context.WithCancel(context.Background()) defer cancel() @@ -585,249 +241,119 @@ func TestAuthzGRPCWithEngineError(t *testing.T) { // SetPolicies, and thus doesn't fit into this test suite. } -func TestAuthzGRPCWithStorageErrors(t *testing.T) { - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - conn, g, _ := newGRPCServer(ctx, t, mockStore.New(), useDefaultEngine, false) - defer g.Close() - cl := authz.NewAuthorizationClient(conn) - - t.Run("CreatePolicy", func(t *testing.T) { - req := &authz.CreatePolicyReq{ - Action: "notrelevant", - Subjects: []string{"user:local:not_relevant"}, - Resource: "foo:not_relevant", - } - - resp, err := cl.CreatePolicy(ctx, req) - require.Nil(t, resp) - grpctest.AssertCode(t, codes.Internal, err) - }) - - t.Run("DeletePolicy", func(t *testing.T) { - req := &authz.DeletePolicyReq{ - Id: "bce6666f-c130-42db-8f56-f52f42ae7418", // valid UUIDv4 - } - - resp, err := cl.DeletePolicy(ctx, req) - require.Nil(t, resp) - grpctest.AssertCode(t, codes.Internal, err) - }) - - t.Run("ListPolicies", func(t *testing.T) { - req := &authz.ListPoliciesReq{} - - resp, err := cl.ListPolicies(ctx, req) - require.Nil(t, resp) - grpctest.AssertCode(t, codes.Internal, err) - }) - - t.Run("PurgeSubjectFromPolicies", func(t *testing.T) { - _, err := cl.PurgeSubjectFromPolicies(ctx, - &authz.PurgeSubjectFromPoliciesReq{ - Subject: "team:local:admins1", - }) - grpctest.AssertCode(t, codes.Internal, err) - }) -} - -func TestAuthzGRPCInteractionWithTestEngineStore(t *testing.T) { - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - testRecordEngine := &testRecordEngine{} - l, err := logger.NewLogger("text", "warn") - require.NoError(t, err, "init logger for storage") - mem, err := memstore.New(l) - require.NoError(t, err, "init memstore server") - conn, g, _ := newGRPCServer(ctx, t, mem, testRecordEngine, true) - defer g.Close() - cl := authz.NewAuthorizationClient(conn) - - t.Run("CreatePolicy updates the engine", func(t *testing.T) { - tests := map[string][]*authz.CreatePolicyReq{ - "multiple policies": {req1, req2, req3}, - "a single policy": {req3}, - "no policies": {}, - } - for desc, testPolicies := range tests { - t.Run(desc, func(t *testing.T) { - // arrange + act: the action we're testing happens implicitly - policyResponses := generateTestPolicies(ctx, t, cl, testPolicies) - - // assert - // Note: The response and its qualities have been tested above -- here, - // we're interested in the interaction with the engine's store. - assertInterfaceMapLength(t, testRecordEngine.data, len(testPolicies), - "the numbers of both stores should match") - for _, req := range testPolicies { - assertInterfaceMapContainsPolicy(t, testRecordEngine.data, req) - } - cleanupPolicies(ctx, t, cl, policyResponses) - }) - } - }) - - t.Run("DeletePolicy updates the engine", func(t *testing.T) { - - testPolicies := []*authz.CreatePolicyReq{req1, req2, req3} - - tests := map[string][]int{ - "delete first policy": {0}, - "delete second policy": {1}, - "delete third policy": {2}, - "keep first policy": {1, 2}, - "keep second policy": {0, 2}, - "keep third policy": {0, 1}, - "delete all policies": {0, 1, 2}, - } - for desc, nums := range tests { - t.Run(desc, func(t *testing.T) { - // arrange - policyResponses := generateTestPolicies(ctx, t, cl, testPolicies) - targetIDs := []string{} - - // act - for i := range nums { - id := policyResponses[i] - targetIDs = append(targetIDs, id) - _, _ = cl.DeletePolicy(ctx, &authz.DeletePolicyReq{Id: id}) - } - - // assert - assertInterfaceMapLength(t, testRecordEngine.data, 3-len(nums), - "the numbers of both stores should match") - - // check that we have the policies that have not been deleted in the - // engine store - for i := 0; i < len(testPolicies); i++ { - isTarget := false - for n := range nums { - if i == n { - isTarget = true - } - } - if !isTarget { - assertInterfaceMapContainsPolicy(t, testRecordEngine.data, testPolicies[i]) - } - } - - cleanupPoliciesExceptList(ctx, t, cl, policyResponses, targetIDs) - }) - } - }) -} - // Note: the interesting tests around different policies, etc, happen in // engine/conformance/conformance_test.go // The tests here are only concerned with the interplay between the various // functionalities (policy store, engine store, authorized API) exposed via // the GRPC API. -func TestAuthzGRPCInteractionWithEngine(t *testing.T) { - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - l, err := logger.NewLogger("text", "warn") - if err != nil { - t.Fatalf("could not init logger: %s", err) - } - - opa, err := opa.New(ctx, l) - if err != nil { - t.Fatalf("could not init opa engine: %s", err) - } - mem, err := memstore.New(l) - require.NoError(t, err, "init memstore server") - conn, g, _ := newGRPCServer(ctx, t, mem, opa, true) - defer g.Close() - cl := authz.NewAuthorizationClient(conn) - - t.Run("IsAuthorized response changes when policies are changed", func(t *testing.T) { - reqQuery := - &authz.IsAuthorizedReq{ - Subjects: []string{"team:local:admins1"}, - Action: "read", - Resource: "auth:users", - } - // assert team is unauthorized prior to addition of policy - resp, err := cl.IsAuthorized(ctx, reqQuery) - require.NoError(t, err) - assert.False(t, resp.Authorized) - - // arrange + act (store gets updated implicitly) - policyReq := &authz.CreatePolicyReq{ - Action: "read", - Subjects: []string{"team:local:admins1", "team:local:admins2"}, - Resource: "auth:users", - } - testPolicies := []*authz.CreatePolicyReq{policyReq} - policyResponses := generateTestPolicies(ctx, t, cl, testPolicies) - - // assert team is now authorized - resp, err = cl.IsAuthorized(ctx, reqQuery) - require.NoError(t, err) - assert.True(t, resp.Authorized) - cleanupPolicies(ctx, t, cl, policyResponses) - }) - t.Run("IsAuthorized response changes when a subject is purged from policies", func(t *testing.T) { - // create a policy including the subject we'll purge - policyReq := &authz.CreatePolicyReq{ - Action: "read", - Subjects: []string{"team:local:admins1", "team:local:admins2"}, - Resource: "auth:users", - } - testPolicies := []*authz.CreatePolicyReq{policyReq} - policyResponses := generateTestPolicies(ctx, t, cl, testPolicies) - - // assert team is authorized prior to purging their subject - reqQuery := &authz.IsAuthorizedReq{ - Subjects: []string{"team:local:admins1"}, - Action: "read", - Resource: "auth:users", - } - isAuthorizedResp, err := cl.IsAuthorized(ctx, reqQuery) - require.NoError(t, err) - assert.True(t, isAuthorizedResp.Authorized) - - // arrange + act (store gets updated implicitly) - purgeReq := &authz.PurgeSubjectFromPoliciesReq{Subject: "team:local:admins1"} - resp, err := cl.PurgeSubjectFromPolicies(ctx, purgeReq) - require.NoError(t, err) - assert.Equal(t, policyResponses, resp.Ids) - - // assert team is now unauthorized - isAuthorizedResp, err = cl.IsAuthorized(ctx, reqQuery) - require.NoError(t, err) - assert.False(t, isAuthorizedResp.Authorized) - cleanupPolicies(ctx, t, cl, policyResponses) - }) - - t.Run("FilterAuthorizedPairs response changes when policies are changed", func(t *testing.T) { - - req := &authz.FilterAuthorizedPairsReq{ - Subjects: []string{"team:local:admins1"}, - Pairs: []*authz.Pair{{Action: "read", Resource: "auth:users"}}, - } - // assert team is unauthorized prior to addition of policy - resp, err := cl.FilterAuthorizedPairs(ctx, req) - require.NoError(t, err) - assert.Zero(t, len(resp.Pairs)) - - // arrange + act (store gets updated implicitly) - policyReq := &authz.CreatePolicyReq{ - Action: "read", - Subjects: []string{"team:local:admins1", "team:local:admins2"}, - Resource: "auth:users", - } - testPolicies := []*authz.CreatePolicyReq{policyReq} - policyResponses := generateTestPolicies(ctx, t, cl, testPolicies) - - // assert team is now authorized - resp, err = cl.FilterAuthorizedPairs(ctx, req) - require.NoError(t, err) - assert.Equal(t, 1, len(resp.Pairs)) - cleanupPolicies(ctx, t, cl, policyResponses) - }) -} +// TODO (tc): These tests will be re-written or deleted by AUTOMATE-2950 +// func TestAuthzGRPCInteractionWithEngine(t *testing.T) { +// ctx, cancel := context.WithCancel(context.Background()) +// defer cancel() +// l, err := logger.NewLogger("text", "warn") +// if err != nil { +// t.Fatalf("could not init logger: %s", err) +// } + +// opa, err := opa.New(ctx, l) +// if err != nil { +// t.Fatalf("could not init opa engine: %s", err) +// } +// mem, err := memstore.New(l) +// require.NoError(t, err, "init memstore server") +// conn, g, _ := newGRPCServer(ctx, t, mem, opa, true) +// defer g.Close() +// cl := authz.NewAuthorizationClient(conn) + +// t.Run("IsAuthorized response changes when policies are changed", func(t *testing.T) { +// reqQuery := +// &authz.IsAuthorizedReq{ +// Subjects: []string{"team:local:admins1"}, +// Action: "read", +// Resource: "auth:users", +// } +// // assert team is unauthorized prior to addition of policy +// resp, err := cl.IsAuthorized(ctx, reqQuery) +// require.NoError(t, err) +// assert.False(t, resp.Authorized) + +// // arrange + act (store gets updated implicitly) +// policyReq := &authz.CreatePolicyReq{ +// Action: "read", +// Subjects: []string{"team:local:admins1", "team:local:admins2"}, +// Resource: "auth:users", +// } +// testPolicies := []*authz.CreatePolicyReq{policyReq} +// policyResponses := generateTestPolicies(ctx, t, cl, testPolicies) + +// // assert team is now authorized +// resp, err = cl.IsAuthorized(ctx, reqQuery) +// require.NoError(t, err) +// assert.True(t, resp.Authorized) +// cleanupPolicies(ctx, t, cl, policyResponses) +// }) + +// t.Run("IsAuthorized response changes when a subject is purged from policies", func(t *testing.T) { +// // create a policy including the subject we'll purge +// policyReq := &authz.CreatePolicyReq{ +// Action: "read", +// Subjects: []string{"team:local:admins1", "team:local:admins2"}, +// Resource: "auth:users", +// } +// testPolicies := []*authz.CreatePolicyReq{policyReq} +// policyResponses := generateTestPolicies(ctx, t, cl, testPolicies) + +// // assert team is authorized prior to purging their subject +// reqQuery := &authz.IsAuthorizedReq{ +// Subjects: []string{"team:local:admins1"}, +// Action: "read", +// Resource: "auth:users", +// } +// isAuthorizedResp, err := cl.IsAuthorized(ctx, reqQuery) +// require.NoError(t, err) +// assert.True(t, isAuthorizedResp.Authorized) + +// // arrange + act (store gets updated implicitly) +// purgeReq := &authz.PurgeSubjectFromPoliciesReq{Subject: "team:local:admins1"} +// resp, err := cl.PurgeSubjectFromPolicies(ctx, purgeReq) +// require.NoError(t, err) +// assert.Equal(t, policyResponses, resp.Ids) + +// // assert team is now unauthorized +// isAuthorizedResp, err = cl.IsAuthorized(ctx, reqQuery) +// require.NoError(t, err) +// assert.False(t, isAuthorizedResp.Authorized) +// cleanupPolicies(ctx, t, cl, policyResponses) +// }) + +// t.Run("FilterAuthorizedPairs response changes when policies are changed", func(t *testing.T) { + +// req := &authz.FilterAuthorizedPairsReq{ +// Subjects: []string{"team:local:admins1"}, +// Pairs: []*authz.Pair{{Action: "read", Resource: "auth:users"}}, +// } +// // assert team is unauthorized prior to addition of policy +// resp, err := cl.FilterAuthorizedPairs(ctx, req) +// require.NoError(t, err) +// assert.Zero(t, len(resp.Pairs)) + +// // arrange + act (store gets updated implicitly) +// policyReq := &authz.CreatePolicyReq{ +// Action: "read", +// Subjects: []string{"team:local:admins1", "team:local:admins2"}, +// Resource: "auth:users", +// } +// testPolicies := []*authz.CreatePolicyReq{policyReq} +// policyResponses := generateTestPolicies(ctx, t, cl, testPolicies) + +// // assert team is now authorized +// resp, err = cl.FilterAuthorizedPairs(ctx, req) +// require.NoError(t, err) +// assert.Equal(t, 1, len(resp.Pairs)) +// cleanupPolicies(ctx, t, cl, policyResponses) +// }) +// } func TestHealthGRPC(t *testing.T) { ctx, cancel := context.WithCancel(context.Background()) @@ -913,107 +439,6 @@ func (tre *testRecordEngine) SetPolicies(_ context.Context, data map[string]inte return nil } -func cleanupPolicies(ctx context.Context, t *testing.T, cl authz.AuthorizationClient, ids []string) { - for _, id := range ids { - cleanupPolicy(ctx, t, cl, id) - } -} - -func cleanupPoliciesExceptOne(ctx context.Context, t *testing.T, cl authz.AuthorizationClient, ids []string, targetId string) { - cleanupPoliciesExceptList(ctx, t, cl, ids, []string{targetId}) -} - -func cleanupPoliciesExceptList(ctx context.Context, t *testing.T, cl authz.AuthorizationClient, ids []string, targetIds []string) { - for _, id := range ids { - if !stringutils.SliceContains(targetIds, id) { - cleanupPolicy(ctx, t, cl, id) - } - } -} - -func cleanupPolicy(ctx context.Context, t *testing.T, cl authz.AuthorizationClient, id string) { - t.Helper() - policyID := authz.DeletePolicyReq{Id: id} - _, err := cl.DeletePolicy(ctx, &policyID) - assert.NoError(t, err) -} - -func generateTestPolicies(ctx context.Context, t *testing.T, - cl authz.AuthorizationClient, policies []*authz.CreatePolicyReq) []string { - - t.Helper() - policyResponses := make([]string, len(policies)) - for i, req := range policies { - resp, err := cl.CreatePolicy(ctx, req) - if assert.NoError(t, err) { - policyResponses[i] = resp.Policy.Id - } - } - return policyResponses -} - -func subjectsEqual(as, bs []string) bool { - eq := true - for i := range as { - if as[i] != bs[i] { - eq = false - } - } - return eq -} - -func listContainsPolicy(policies []*authz.Policy, target *authz.CreatePolicyReq) bool { - for _, policy := range policies { - if target.Action == policy.Action && - subjectsEqual(target.Subjects, policy.Subjects) && - target.Resource == policy.Resource { - return true - } - } - return false -} - -// This is for checking the testRecordingEngine's data -func assertInterfaceMapContainsPolicy(t *testing.T, - data map[string]interface{}, target *authz.CreatePolicyReq) bool { - - t.Helper() - - targetDatum := map[string]interface{}{ - "action": target.Action, - "subjects": target.Subjects, - "resource": target.Resource, - } - for _, datum := range data { - if policy, ok := datum.(map[string]interface{}); assert.True(t, ok) { - if reflect.DeepEqual(policy, targetDatum) { - return true - } - } - } - return false -} - -// Note: `rest ...interface{}` allows passing extra arguments to the underlying -// assert.Equal call, for example a message (string), or a format string plus -// data (e.g. "should be bigger than 300: %d", 213) -func assertInterfaceMapLength(t *testing.T, data map[string]interface{}, length int, rest ...interface{}) { - t.Helper() - assert.Equal(t, length+len(constants.DefaultPolicyIDs)+len(server.SystemPolicies()), len(data), rest...) -} - -// Would not need this empty check if there was a way to ensure -// a clean slate upon starting each test. -func assertPolicyStoreLength( - ctx context.Context, t *testing.T, cl authz.AuthorizationClient, length int) { - - t.Helper() - emptyList, err := cl.ListPolicies(ctx, &authz.ListPoliciesReq{}) - require.NoError(t, err) - require.NotNil(t, emptyList) - assert.Equal(t, length+len(constants.DefaultPolicyIDs), len(emptyList.Policies)) -} - func newGRPCServer(ctx context.Context, t *testing.T, store storage.Storage, engine engine.V1Engine, initPolicies bool) ( *grpc.ClientConn, *grpctest.Server, *server.Server) { @@ -1061,42 +486,6 @@ func newGRPCServer(ctx context.Context, return conn, testServ, serv } -func expectSuccess(cl authz.AuthorizationClient, req authz.CreatePolicyReq) func(*testing.T) { - return func(t *testing.T) { - ctx := context.Background() - resp, err := cl.CreatePolicy(ctx, &req) - - // assert - require.NoError(t, err) - require.NotNil(t, resp) - assert.Equal(t, req.Action, resp.Policy.Action) - assert.Equal(t, req.Subjects, resp.Policy.Subjects) - assert.Equal(t, uuidLength, len(resp.Policy.Id)) - assert.Equal(t, req.Resource, resp.Policy.Resource) - assert.Equal(t, defaultEffect, resp.Policy.Effect) - ts, err := ptypes.Timestamp(resp.Policy.CreatedAt) - require.NoError(t, err) - assert.WithinDuration(t, time.Now(), ts, time.Second) - - cleanupPolicy(ctx, t, cl, resp.Policy.Id) - } -} - -func expectFailureWithCode(cl authz.AuthorizationClient, - code codes.Code, - req authz.CreatePolicyReq) func(*testing.T) { - return func(t *testing.T) { - ctx := context.Background() - resp, err := cl.CreatePolicy(ctx, &req) - if assert.Nil(t, resp) { - grpctest.AssertCode(t, code, err) - return - } - - cleanupPolicy(ctx, t, cl, resp.Policy.Id) - } -} - // TODO: refactor (copied for now, from postgres_test) func migrationConfigIfPGTestsToBeRun(l logger.Logger, migrationPath string) (*migration.Config, error) { customPGURL, pgURLPassed := os.LookupEnv("PG_URL") diff --git a/components/authz-service/server/v2/subject_purge.go b/components/authz-service/server/v2/subject_purge.go index e9579b7ea8a..03012c033ce 100644 --- a/components/authz-service/server/v2/subject_purge.go +++ b/components/authz-service/server/v2/subject_purge.go @@ -3,17 +3,11 @@ package v2 import ( "context" - api_v1 "github.com/chef/automate/api/interservice/authz" "github.com/chef/automate/api/interservice/authz/common" api_v2 "github.com/chef/automate/api/interservice/authz/v2" "github.com/chef/automate/lib/logger" ) -type v1SubjectPurger interface { - PurgeSubjectFromPolicies(context.Context, - *api_v1.PurgeSubjectFromPoliciesReq) (*api_v1.PurgeSubjectFromPoliciesResp, error) -} - type v2SubjectPurger interface { PurgeSubjectFromPolicies(context.Context, *api_v2.PurgeSubjectFromPoliciesReq) (*api_v2.PurgeSubjectFromPoliciesResp, error) @@ -21,31 +15,24 @@ type v2SubjectPurger interface { type purger struct { log logger.Logger - v1 v1SubjectPurger v2 v2SubjectPurger } func NewSubjectPurgeServer(_ context.Context, l logger.Logger, - v1 v1SubjectPurger, v2 v2SubjectPurger, ) (common.SubjectPurgeServer, error) { - return &purger{log: l, v1: v1, v2: v2}, nil + return &purger{log: l, v2: v2}, nil } func (p *purger) PurgeSubjectFromPolicies(ctx context.Context, req *common.PurgeSubjectFromPoliciesReq) (*common.PurgeSubjectFromPoliciesResp, error) { - v1Resp, err := p.v1.PurgeSubjectFromPolicies(ctx, (*api_v1.PurgeSubjectFromPoliciesReq)(req)) - if err != nil { - return nil, err - } v2Resp, err := p.v2.PurgeSubjectFromPolicies(ctx, (*api_v2.PurgeSubjectFromPoliciesReq)(req)) if err != nil { return nil, err } return &common.PurgeSubjectFromPoliciesResp{ - PoliciesV1: v1Resp.Ids, PoliciesV2: v2Resp.Ids, }, nil } diff --git a/components/authz-service/server/v2/subject_purge_test.go b/components/authz-service/server/v2/subject_purge_test.go index d7d003b600f..a5f7667fb0f 100644 --- a/components/authz-service/server/v2/subject_purge_test.go +++ b/components/authz-service/server/v2/subject_purge_test.go @@ -10,7 +10,6 @@ import ( "github.com/leanovate/gopter/prop" "github.com/stretchr/testify/assert" - api_v1 "github.com/chef/automate/api/interservice/authz" "github.com/chef/automate/api/interservice/authz/common" api_v2 "github.com/chef/automate/api/interservice/authz/v2" "github.com/chef/automate/components/authz-service/prng" @@ -18,23 +17,11 @@ import ( "github.com/chef/automate/lib/logger" ) -type vee1 struct { - expected string - returned []string -} type vee2 struct { expected string returned []string } -func (v *vee1) PurgeSubjectFromPolicies(_ context.Context, - req *api_v1.PurgeSubjectFromPoliciesReq) (*api_v1.PurgeSubjectFromPoliciesResp, error) { - if req.Subject != v.expected { - return nil, fmt.Errorf("v1: unexpected argument: %q (expected %q)", req.Subject, v.expected) - } - return &api_v1.PurgeSubjectFromPoliciesResp{Ids: v.returned}, nil -} - func (v *vee2) PurgeSubjectFromPolicies(_ context.Context, req *api_v2.PurgeSubjectFromPoliciesReq) (*api_v2.PurgeSubjectFromPoliciesResp, error) { if req.Subject != v.expected { @@ -51,9 +38,8 @@ func TestCommonSubjectPurgeService(t *testing.T) { l := logger.NewTestLogger() properties.Property("calls both with subject, returns output", prop.ForAll( - func(sub string, v1Pols, v2Pols []string) bool { + func(sub string, v2Pols []string) bool { s, err := v2.NewSubjectPurgeServer(ctx, l, - &vee1{expected: sub, returned: v1Pols}, &vee2{expected: sub, returned: v2Pols}) if err != nil { return false @@ -63,12 +49,10 @@ func TestCommonSubjectPurgeService(t *testing.T) { if err != nil { return false } - return assert.ElementsMatch(t, v1Pols, resp.PoliciesV1) && - assert.ElementsMatch(t, v2Pols, resp.PoliciesV2) + return assert.ElementsMatch(t, v2Pols, resp.PoliciesV2) }, gen.Identifier(), gen.SliceOf(gen.Identifier()), - gen.SliceOf(gen.Identifier()), )) properties.TestingRun(t) diff --git a/components/automate-cli/cmd/chef-automate/iam.go b/components/automate-cli/cmd/chef-automate/iam.go index f46478b1282..6165caac7fc 100644 --- a/components/automate-cli/cmd/chef-automate/iam.go +++ b/components/automate-cli/cmd/chef-automate/iam.go @@ -218,9 +218,6 @@ func runRestoreDefaultAdminAccessAdminCmd(cmd *cobra.Command, args []string) err return nil } -const adminTokenIAMPreconditionError = "`chef-automate iam token create NAME --admin` is an IAM v2 command.\n" + - "For v1 use `chef-automate admin-token`.\n" - func runCreateTokenCmd(cmd *cobra.Command, args []string) error { name := args[0] @@ -252,14 +249,6 @@ func runCreateTokenCmd(cmd *cobra.Command, args []string) error { } if iamCmdFlags.adminToken { - resp, err := apiClient.PoliciesClient().GetPolicyVersion(ctx, &iam_req.GetPolicyVersionReq{}) - if err != nil { - return status.Wrap(err, status.APIError, "Failed to retrieve IAM version") - } - if resp.Version.Major == iam_common.Version_V1 { - return status.New(status.APIError, adminTokenIAMPreconditionError) - } - member := fmt.Sprintf("token:%s", tokenResp.Token.Id) _, err = apiClient.PoliciesClient().AddPolicyMembers(ctx, &iam_req.AddPolicyMembersReq{ Id: v2_constants.AdminPolicyID, diff --git a/components/automate-cli/cmd/chef-automate/token.go b/components/automate-cli/cmd/chef-automate/token.go deleted file mode 100644 index 87750da2faf..00000000000 --- a/components/automate-cli/cmd/chef-automate/token.go +++ /dev/null @@ -1,78 +0,0 @@ -package main - -import ( - "context" - - "github.com/spf13/cobra" - - api "github.com/chef/automate/api/interservice/deployment" - "github.com/chef/automate/components/automate-cli/pkg/client/apiclient" - "github.com/chef/automate/components/automate-cli/pkg/status" - "github.com/chef/automate/components/automate-deployment/pkg/client" - policies_common "github.com/chef/automate/components/automate-gateway/api/iam/v2/common" - policies_req "github.com/chef/automate/components/automate-gateway/api/iam/v2/request" -) - -func init() { - RootCmd.AddCommand(adminTokenCmd) -} - -var adminTokenCmd = &cobra.Command{ - Use: "admin-token", - Short: "generate an admin token for use against the Automate API", - Long: ` -Generate an admin token for use against the Automate API. - -You can pass token with the "api-token" header. For example, you could query -for all existing auth policies with curl: - - curl -H "api-token: " /api/v0/auth/policies - -The admin API token has access to the entire Automate API. With great power -comes great responsibility. Keep it secret, keep it safe.`, - RunE: runGenerateTokenCmd, -} - -const tokenCmdIAMPreconditionError = "`chef-automate admin-token` is an IAM v1 command.\n" + - "For v2 use `chef-automate iam token create NAME --admin`.\n" - -func runGenerateTokenCmd(cmd *cobra.Command, args []string) error { - ctx := context.Background() - apiClient, err := apiclient.OpenConnection(ctx) - if err != nil { - return err - } - resp, err := apiClient.PoliciesClient().GetPolicyVersion(ctx, &policies_req.GetPolicyVersionReq{}) - if err != nil { - return status.Wrap(err, status.APIError, "Failed to verify IAM version") - } - if resp.Version.Major == policies_common.Version_V2 { - return status.New(status.APIError, tokenCmdIAMPreconditionError) - } - - connection, err := client.Connection(client.DefaultClientTimeout) - if err != nil { - return err - } - - req := &api.GenerateAdminTokenRequest{ - Description: "This token was generated by the chef-automate CLI tool. " + - "It has admin level access on the entire Automate API.", - } - - tokenResp, err := connection.GenerateAdminToken(ctx, req) - if err != nil { - return status.Wrap( - err, - status.DeploymentServiceCallError, - "Request to generate admin token failed", - ) - } - - status.GlobalResult = struct { - Token string `json:"admin_token"` - }{Token: tokenResp.ApiToken} - - writer.Println(tokenResp.ApiToken) - return nil -} diff --git a/components/automate-cli/pkg/adminmgmt/adminmgmt_test.go b/components/automate-cli/pkg/adminmgmt/adminmgmt_test.go index 6ccdc8f101b..b5402e10b40 100644 --- a/components/automate-cli/pkg/adminmgmt/adminmgmt_test.go +++ b/components/automate-cli/pkg/adminmgmt/adminmgmt_test.go @@ -13,8 +13,6 @@ import ( authz_constants "github.com/chef/automate/components/authz-service/constants" "github.com/chef/automate/components/automate-cli/pkg/adminmgmt" "github.com/chef/automate/components/automate-cli/pkg/client/mock" - authz_req "github.com/chef/automate/components/automate-gateway/api/authz/request" - authz_resp "github.com/chef/automate/components/automate-gateway/api/authz/response" iam_common "github.com/chef/automate/components/automate-gateway/api/iam/v2/common" iam_req "github.com/chef/automate/components/automate-gateway/api/iam/v2/request" iam_resp "github.com/chef/automate/components/automate-gateway/api/iam/v2/response" @@ -385,12 +383,3 @@ func createTeamCallUnexpected( context.Context, *iam_req.CreateTeamReq) (*iam_resp.CreateTeamResp, error) { return nil, errors.New("unexpected call") } - -func createDefaultAdminPolicy(_ context.Context, req *authz_req.CreatePolicyReq) (*authz_resp.CreatePolicyResp, error) { - if req.Action != "*" || req.Resource != "*" || len(req.Subjects) != 1 || - req.Subjects[0] != authz_constants.LocalAdminsTeamSubject { - return nil, errors.New("unexpected arguments") - } - // We don't care about content of response, just that no error was returned. - return &authz_resp.CreatePolicyResp{}, nil -} diff --git a/components/automate-gateway/api/authz/authz.pb.go b/components/automate-gateway/api/authz/authz.pb.go index 4c69c3fe2d9..fc15ec4091d 100644 --- a/components/automate-gateway/api/authz/authz.pb.go +++ b/components/automate-gateway/api/authz/authz.pb.go @@ -6,7 +6,7 @@ package authz import ( context "context" fmt "fmt" - version "github.com/chef/automate/api/external/common/version" + _ "github.com/chef/automate/api/external/common/version" request "github.com/chef/automate/components/automate-gateway/api/authz/request" response "github.com/chef/automate/components/automate-gateway/api/authz/response" _ "github.com/chef/automate/components/automate-grpc/protoc-gen-policy/api" @@ -35,51 +35,35 @@ func init() { } var fileDescriptor_b890cb1282e7b3dd = []byte{ - // 696 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x95, 0x41, 0x6f, 0xd3, 0x3c, - 0x18, 0xc7, 0x95, 0xbd, 0xaf, 0xa6, 0x57, 0x56, 0xdb, 0xb7, 0x78, 0x6b, 0x67, 0x0a, 0x08, 0x11, - 0xb8, 0x30, 0xa9, 0xc9, 0x36, 0xb8, 0x90, 0x03, 0xda, 0x00, 0x09, 0x4d, 0xe2, 0x30, 0x0d, 0x89, - 0x03, 0x42, 0x9a, 0xb2, 0xec, 0x59, 0x6b, 0x29, 0x89, 0xb3, 0xd8, 0x1d, 0xdb, 0xd0, 0x0e, 0x84, - 0x0b, 0xea, 0x95, 0xcf, 0xe2, 0x2f, 0x02, 0x1f, 0x80, 0x0b, 0x5c, 0x38, 0x20, 0x3e, 0x02, 0xb2, - 0x9d, 0x36, 0x4d, 0xbb, 0xad, 0xed, 0x2e, 0xad, 0xea, 0xe7, 0xff, 0x77, 0x9f, 0xdf, 0xf3, 0xb7, - 0x65, 0xb4, 0x1e, 0xb0, 0x28, 0x61, 0x31, 0xc4, 0x82, 0xbb, 0x7e, 0x4f, 0xb0, 0xc8, 0x17, 0xd0, - 0xee, 0xf8, 0x02, 0xde, 0xfb, 0xa7, 0xae, 0x9f, 0x50, 0xb5, 0xd8, 0x3d, 0x33, 0x9f, 0x4e, 0x92, - 0x32, 0xc1, 0xf0, 0x4a, 0xd0, 0x85, 0x43, 0x67, 0x20, 0x76, 0xfc, 0x84, 0x3a, 0xba, 0xdc, 0xba, - 0xdd, 0x61, 0xac, 0x13, 0x82, 0xb1, 0xc5, 0x31, 0x13, 0xbe, 0xa0, 0x2c, 0xe6, 0xc6, 0xd6, 0x7a, - 0xa8, 0x96, 0xe1, 0x44, 0x40, 0x1a, 0xfb, 0xa1, 0x1b, 0xb0, 0x28, 0x62, 0xb1, 0x7b, 0x0c, 0x29, - 0xa7, 0xc5, 0x77, 0x2e, 0x7d, 0x32, 0x5b, 0x53, 0x29, 0x1c, 0xf5, 0x80, 0x8b, 0xd1, 0xe6, 0x5a, - 0xde, 0xac, 0x56, 0x9e, 0xb0, 0x98, 0x43, 0xc9, 0xbb, 0x79, 0xa1, 0x37, 0x4d, 0x02, 0x57, 0xd7, - 0x83, 0x76, 0x07, 0xe2, 0x76, 0xc2, 0x42, 0x1a, 0x9c, 0x5e, 0xc2, 0x38, 0xcf, 0x0e, 0xd4, 0x8f, - 0x26, 0x77, 0xd8, 0xf8, 0x54, 0x45, 0xd5, 0xad, 0x9e, 0xe8, 0xb2, 0x94, 0x9e, 0xe9, 0x02, 0xfe, - 0x63, 0x21, 0xf4, 0x12, 0xc4, 0x1b, 0x33, 0x21, 0xfc, 0xd8, 0x99, 0x1c, 0xbf, 0x19, 0xa6, 0x33, - 0x18, 0x62, 0x2e, 0xdd, 0x8e, 0x0f, 0xd9, 0xae, 0x19, 0x51, 0xab, 0x3d, 0x97, 0xcb, 0x3e, 0xcf, - 0x24, 0x69, 0xa2, 0x65, 0x0e, 0xe9, 0x31, 0x0d, 0x60, 0x8f, 0xc6, 0x87, 0xcc, 0xcb, 0x75, 0x99, - 0x24, 0x8b, 0xf8, 0xdf, 0x14, 0xfc, 0x83, 0xbe, 0x24, 0x04, 0x35, 0xf9, 0x29, 0x17, 0x10, 0x79, - 0xb9, 0x74, 0xa0, 0xea, 0x4b, 0x72, 0x0b, 0xdf, 0x2c, 0xd7, 0xf2, 0x3f, 0xf0, 0x3a, 0x20, 0xb2, - 0x6f, 0x3f, 0xbe, 0x2c, 0x10, 0xdc, 0xd4, 0xe3, 0x77, 0xf5, 0x40, 0x28, 0xf0, 0xc1, 0x29, 0xc0, - 0xdf, 0x2d, 0x54, 0x79, 0x9e, 0x82, 0x2f, 0x60, 0x47, 0xcf, 0x0a, 0xaf, 0x39, 0x97, 0x9c, 0x39, - 0x27, 0x3f, 0x03, 0xce, 0xa8, 0x7c, 0x17, 0x8e, 0x5a, 0x1b, 0x57, 0x38, 0x4c, 0xf4, 0x63, 0x16, - 0x9e, 0xd8, 0x34, 0x93, 0xe4, 0x7f, 0x54, 0x55, 0x32, 0x6f, 0xd0, 0x53, 0x26, 0xc9, 0x7f, 0x78, - 0x31, 0xd0, 0xd2, 0xbe, 0x24, 0x35, 0x54, 0xa1, 0x7e, 0x34, 0xac, 0xf6, 0x25, 0x69, 0xe0, 0xa5, - 0xd1, 0x15, 0xcf, 0x48, 0x35, 0x60, 0xdd, 0xae, 0x95, 0x01, 0xf5, 0xea, 0x3f, 0x9e, 0xb5, 0x8a, - 0xbf, 0x5a, 0xa8, 0xf2, 0x8a, 0x72, 0xb1, 0x93, 0x57, 0x66, 0x20, 0x1c, 0x95, 0xcf, 0x48, 0x58, - 0xb6, 0xf0, 0xc4, 0x7e, 0x77, 0x31, 0x61, 0x11, 0xe8, 0x24, 0xdf, 0x12, 0xbe, 0x51, 0xe2, 0x0b, - 0x29, 0x37, 0xf1, 0xd5, 0xf1, 0x18, 0x1d, 0xfe, 0x69, 0xa1, 0xca, 0x0b, 0x08, 0x61, 0x8e, 0xd8, - 0x46, 0xe5, 0x33, 0x42, 0x95, 0x2d, 0x3c, 0xb1, 0x59, 0x26, 0xc9, 0x32, 0xc2, 0x25, 0x28, 0xef, - 0x03, 0x3d, 0x38, 0x37, 0xd9, 0x1d, 0x68, 0xbd, 0x22, 0x41, 0x65, 0x12, 0x25, 0xb9, 0x20, 0x40, - 0xa3, 0xd7, 0x88, 0x8d, 0xd5, 0xa5, 0xb1, 0x13, 0xaa, 0x3c, 0xf8, 0xb7, 0x85, 0xaa, 0xdb, 0xb1, - 0x48, 0x19, 0x4f, 0x20, 0x10, 0x5b, 0x61, 0x88, 0xd7, 0xa7, 0x82, 0x96, 0xf4, 0x8a, 0x74, 0x6d, - 0x3a, 0x69, 0xe1, 0xd1, 0x9c, 0x27, 0x99, 0x24, 0xf7, 0xd1, 0x3d, 0x25, 0xda, 0xa3, 0xc3, 0x92, - 0xba, 0x51, 0xc5, 0xaf, 0x3d, 0x3f, 0x0c, 0x4b, 0x81, 0xd6, 0x51, 0x4d, 0xd1, 0x15, 0x8a, 0xbe, - 0x24, 0x2b, 0xb8, 0x51, 0x5e, 0x53, 0x57, 0x72, 0x2b, 0x0c, 0x35, 0x33, 0xc6, 0x75, 0xc3, 0x5c, - 0x94, 0xf1, 0xc7, 0x05, 0x54, 0x2b, 0x9a, 0x79, 0xcd, 0x22, 0xc0, 0x1b, 0x73, 0x10, 0x2b, 0xc3, - 0xf5, 0x90, 0x3f, 0x5b, 0x99, 0x24, 0x0f, 0x90, 0x7d, 0x35, 0x33, 0x67, 0x11, 0x4c, 0x85, 0x26, - 0xb8, 0x39, 0x09, 0xad, 0x3a, 0xd3, 0xd4, 0x2b, 0x76, 0x63, 0x9c, 0xda, 0x6c, 0x3b, 0xbc, 0xb1, - 0xbf, 0x2c, 0x84, 0x8a, 0xee, 0xb0, 0x33, 0x07, 0xff, 0xf5, 0xd8, 0xcf, 0x32, 0x49, 0xee, 0xa2, - 0x3b, 0x57, 0xa2, 0x4f, 0xa5, 0x5e, 0xc6, 0x78, 0x92, 0xda, 0xe4, 0x6c, 0x4f, 0xe4, 0x3c, 0x84, - 0x7d, 0xb6, 0xf9, 0xf6, 0x69, 0x87, 0x8a, 0x6e, 0x6f, 0x5f, 0x3d, 0x12, 0xae, 0xea, 0x7c, 0xf8, - 0x9c, 0xb9, 0x33, 0x3d, 0xb0, 0xfb, 0x8b, 0xfa, 0x39, 0x7b, 0xf4, 0x37, 0x00, 0x00, 0xff, 0xff, - 0x10, 0x95, 0xd1, 0x8e, 0x60, 0x08, 0x00, 0x00, + // 437 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x93, 0xb1, 0x6e, 0x14, 0x31, + 0x10, 0x86, 0x75, 0x01, 0x52, 0x58, 0x4a, 0x14, 0x59, 0x84, 0x5b, 0x9d, 0x40, 0x88, 0x83, 0x06, + 0xa4, 0xb3, 0x49, 0xa8, 0xd8, 0x02, 0x25, 0x74, 0xb4, 0xa1, 0xa3, 0x89, 0x1c, 0x33, 0xec, 0x5a, + 0x5a, 0x7b, 0x1c, 0xdb, 0x0b, 0xc9, 0x75, 0x6c, 0x85, 0xd2, 0xf2, 0x2c, 0xfb, 0x24, 0xbc, 0x02, + 0x15, 0x05, 0x12, 0x6f, 0x80, 0xbc, 0x1b, 0x6e, 0xef, 0xd8, 0xe4, 0x72, 0x97, 0xe6, 0x4e, 0x3b, + 0xff, 0xfc, 0xa3, 0xff, 0xf3, 0x68, 0xc8, 0x9e, 0x44, 0x6d, 0xd1, 0x80, 0x09, 0x9e, 0x8b, 0x32, + 0xa0, 0x16, 0x01, 0x26, 0x99, 0x08, 0xf0, 0x45, 0x9c, 0x73, 0x61, 0x55, 0x2c, 0xe6, 0xd3, 0xf6, + 0x97, 0x59, 0x87, 0x01, 0xe9, 0x50, 0xe6, 0xf0, 0x89, 0xfd, 0x6b, 0x66, 0xc2, 0x2a, 0xd6, 0xc8, + 0xa3, 0x87, 0x19, 0x62, 0x56, 0x40, 0x6b, 0x33, 0x06, 0x83, 0x08, 0x0a, 0x8d, 0x6f, 0x6d, 0xa3, + 0xe7, 0xb1, 0x0c, 0x67, 0x01, 0x9c, 0x11, 0x05, 0x97, 0xa8, 0x35, 0x1a, 0xfe, 0x19, 0x9c, 0x57, + 0xdd, 0xff, 0x65, 0xeb, 0xeb, 0xd5, 0x42, 0x39, 0x38, 0x2d, 0xc1, 0x87, 0xf9, 0x70, 0xa3, 0x74, + 0x55, 0xab, 0xb7, 0x68, 0x3c, 0x2c, 0x78, 0x0f, 0xae, 0xf4, 0x3a, 0x2b, 0x79, 0xa3, 0xcb, 0x49, + 0x06, 0x66, 0x62, 0xb1, 0x50, 0xf2, 0xfc, 0x1a, 0xc6, 0x75, 0x26, 0x28, 0xa1, 0xfb, 0x13, 0xf6, + 0xff, 0xdc, 0x23, 0x5b, 0x87, 0x65, 0xc8, 0xd1, 0xa9, 0x69, 0x23, 0xd0, 0xdf, 0x03, 0xb2, 0xf5, + 0xce, 0x04, 0x87, 0xde, 0x82, 0x0c, 0x87, 0x45, 0x41, 0xf7, 0xd8, 0x35, 0x1b, 0x60, 0x97, 0x2f, + 0xc2, 0x16, 0xfa, 0x8f, 0xe0, 0x74, 0xf4, 0x72, 0x89, 0xa5, 0x7d, 0x89, 0x39, 0xcf, 0x11, 0x78, + 0x3b, 0x3e, 0xab, 0xea, 0xe4, 0x29, 0x79, 0x12, 0x9b, 0x8e, 0xd5, 0x4c, 0x52, 0x68, 0xd2, 0xee, + 0xeb, 0x58, 0x14, 0x45, 0x55, 0x27, 0x9b, 0xf4, 0xae, 0x03, 0xf1, 0xf1, 0xa2, 0x4e, 0x76, 0xc8, + 0xb6, 0x12, 0x7a, 0xae, 0xe3, 0xa2, 0x4e, 0x86, 0x74, 0x77, 0xb1, 0x96, 0x66, 0x10, 0x63, 0x55, + 0x3f, 0x7e, 0x7e, 0xdf, 0xa0, 0x74, 0xa7, 0x59, 0x01, 0xef, 0x64, 0xfa, 0x75, 0x83, 0x6c, 0x77, + 0x61, 0xde, 0xa3, 0x06, 0xba, 0xbf, 0x06, 0x71, 0x34, 0xdc, 0x0e, 0xf9, 0xdb, 0xa0, 0xaa, 0x93, + 0x67, 0x64, 0xbc, 0x9c, 0xd9, 0xa3, 0x86, 0x1b, 0xa1, 0x13, 0xfa, 0xa0, 0x0f, 0x1d, 0x93, 0x35, + 0xd4, 0xc3, 0xf1, 0xee, 0xff, 0xd4, 0xed, 0xd8, 0x28, 0xde, 0x49, 0x07, 0x2f, 0xe8, 0xaf, 0x01, + 0x21, 0x5d, 0x3a, 0xca, 0xd6, 0xe0, 0xbf, 0x1d, 0xfb, 0xb4, 0xaa, 0x93, 0xc7, 0xe4, 0xd1, 0x52, + 0xf4, 0x1b, 0xa9, 0xef, 0x53, 0xda, 0xa7, 0x6e, 0xf7, 0x3c, 0xee, 0xed, 0x79, 0x06, 0xfb, 0xf6, + 0xe0, 0xc3, 0x9b, 0x4c, 0x85, 0xbc, 0x3c, 0x61, 0x12, 0x35, 0x8f, 0xc9, 0x67, 0xc7, 0xc3, 0x57, + 0x3a, 0xe7, 0x93, 0xcd, 0xe6, 0x78, 0x5e, 0xfd, 0x0d, 0x00, 0x00, 0xff, 0xff, 0x13, 0x4c, 0xa3, + 0xb4, 0xce, 0x04, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -94,10 +78,6 @@ const _ = grpc.SupportPackageIsVersion6 // // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. type AuthorizationClient interface { - GetVersion(ctx context.Context, in *version.VersionInfoRequest, opts ...grpc.CallOption) (*version.VersionInfo, error) - CreatePolicy(ctx context.Context, in *request.CreatePolicyReq, opts ...grpc.CallOption) (*response.CreatePolicyResp, error) - ListPolicies(ctx context.Context, in *request.ListPoliciesReq, opts ...grpc.CallOption) (*response.ListPoliciesResp, error) - DeletePolicy(ctx context.Context, in *request.DeletePolicyReq, opts ...grpc.CallOption) (*response.DeletePolicyResp, error) IntrospectAll(ctx context.Context, in *request.IntrospectAllReq, opts ...grpc.CallOption) (*response.IntrospectResp, error) IntrospectSome(ctx context.Context, in *request.IntrospectSomeReq, opts ...grpc.CallOption) (*response.IntrospectResp, error) Introspect(ctx context.Context, in *request.IntrospectReq, opts ...grpc.CallOption) (*response.IntrospectResp, error) @@ -111,42 +91,6 @@ func NewAuthorizationClient(cc grpc.ClientConnInterface) AuthorizationClient { return &authorizationClient{cc} } -func (c *authorizationClient) GetVersion(ctx context.Context, in *version.VersionInfoRequest, opts ...grpc.CallOption) (*version.VersionInfo, error) { - out := new(version.VersionInfo) - err := c.cc.Invoke(ctx, "/chef.automate.api.authz.Authorization/GetVersion", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *authorizationClient) CreatePolicy(ctx context.Context, in *request.CreatePolicyReq, opts ...grpc.CallOption) (*response.CreatePolicyResp, error) { - out := new(response.CreatePolicyResp) - err := c.cc.Invoke(ctx, "/chef.automate.api.authz.Authorization/CreatePolicy", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *authorizationClient) ListPolicies(ctx context.Context, in *request.ListPoliciesReq, opts ...grpc.CallOption) (*response.ListPoliciesResp, error) { - out := new(response.ListPoliciesResp) - err := c.cc.Invoke(ctx, "/chef.automate.api.authz.Authorization/ListPolicies", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *authorizationClient) DeletePolicy(ctx context.Context, in *request.DeletePolicyReq, opts ...grpc.CallOption) (*response.DeletePolicyResp, error) { - out := new(response.DeletePolicyResp) - err := c.cc.Invoke(ctx, "/chef.automate.api.authz.Authorization/DeletePolicy", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - func (c *authorizationClient) IntrospectAll(ctx context.Context, in *request.IntrospectAllReq, opts ...grpc.CallOption) (*response.IntrospectResp, error) { out := new(response.IntrospectResp) err := c.cc.Invoke(ctx, "/chef.automate.api.authz.Authorization/IntrospectAll", in, out, opts...) @@ -176,10 +120,6 @@ func (c *authorizationClient) Introspect(ctx context.Context, in *request.Intros // AuthorizationServer is the server API for Authorization service. type AuthorizationServer interface { - GetVersion(context.Context, *version.VersionInfoRequest) (*version.VersionInfo, error) - CreatePolicy(context.Context, *request.CreatePolicyReq) (*response.CreatePolicyResp, error) - ListPolicies(context.Context, *request.ListPoliciesReq) (*response.ListPoliciesResp, error) - DeletePolicy(context.Context, *request.DeletePolicyReq) (*response.DeletePolicyResp, error) IntrospectAll(context.Context, *request.IntrospectAllReq) (*response.IntrospectResp, error) IntrospectSome(context.Context, *request.IntrospectSomeReq) (*response.IntrospectResp, error) Introspect(context.Context, *request.IntrospectReq) (*response.IntrospectResp, error) @@ -189,18 +129,6 @@ type AuthorizationServer interface { type UnimplementedAuthorizationServer struct { } -func (*UnimplementedAuthorizationServer) GetVersion(ctx context.Context, req *version.VersionInfoRequest) (*version.VersionInfo, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetVersion not implemented") -} -func (*UnimplementedAuthorizationServer) CreatePolicy(ctx context.Context, req *request.CreatePolicyReq) (*response.CreatePolicyResp, error) { - return nil, status.Errorf(codes.Unimplemented, "method CreatePolicy not implemented") -} -func (*UnimplementedAuthorizationServer) ListPolicies(ctx context.Context, req *request.ListPoliciesReq) (*response.ListPoliciesResp, error) { - return nil, status.Errorf(codes.Unimplemented, "method ListPolicies not implemented") -} -func (*UnimplementedAuthorizationServer) DeletePolicy(ctx context.Context, req *request.DeletePolicyReq) (*response.DeletePolicyResp, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeletePolicy not implemented") -} func (*UnimplementedAuthorizationServer) IntrospectAll(ctx context.Context, req *request.IntrospectAllReq) (*response.IntrospectResp, error) { return nil, status.Errorf(codes.Unimplemented, "method IntrospectAll not implemented") } @@ -215,78 +143,6 @@ func RegisterAuthorizationServer(s *grpc.Server, srv AuthorizationServer) { s.RegisterService(&_Authorization_serviceDesc, srv) } -func _Authorization_GetVersion_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(version.VersionInfoRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(AuthorizationServer).GetVersion(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/chef.automate.api.authz.Authorization/GetVersion", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthorizationServer).GetVersion(ctx, req.(*version.VersionInfoRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _Authorization_CreatePolicy_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(request.CreatePolicyReq) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(AuthorizationServer).CreatePolicy(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/chef.automate.api.authz.Authorization/CreatePolicy", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthorizationServer).CreatePolicy(ctx, req.(*request.CreatePolicyReq)) - } - return interceptor(ctx, in, info, handler) -} - -func _Authorization_ListPolicies_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(request.ListPoliciesReq) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(AuthorizationServer).ListPolicies(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/chef.automate.api.authz.Authorization/ListPolicies", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthorizationServer).ListPolicies(ctx, req.(*request.ListPoliciesReq)) - } - return interceptor(ctx, in, info, handler) -} - -func _Authorization_DeletePolicy_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(request.DeletePolicyReq) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(AuthorizationServer).DeletePolicy(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/chef.automate.api.authz.Authorization/DeletePolicy", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(AuthorizationServer).DeletePolicy(ctx, req.(*request.DeletePolicyReq)) - } - return interceptor(ctx, in, info, handler) -} - func _Authorization_IntrospectAll_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(request.IntrospectAllReq) if err := dec(in); err != nil { @@ -345,22 +201,6 @@ var _Authorization_serviceDesc = grpc.ServiceDesc{ ServiceName: "chef.automate.api.authz.Authorization", HandlerType: (*AuthorizationServer)(nil), Methods: []grpc.MethodDesc{ - { - MethodName: "GetVersion", - Handler: _Authorization_GetVersion_Handler, - }, - { - MethodName: "CreatePolicy", - Handler: _Authorization_CreatePolicy_Handler, - }, - { - MethodName: "ListPolicies", - Handler: _Authorization_ListPolicies_Handler, - }, - { - MethodName: "DeletePolicy", - Handler: _Authorization_DeletePolicy_Handler, - }, { MethodName: "IntrospectAll", Handler: _Authorization_IntrospectAll_Handler, diff --git a/components/automate-gateway/api/authz/authz.pb.gw.go b/components/automate-gateway/api/authz/authz.pb.gw.go index 6d98e270ec8..47941f780ab 100644 --- a/components/automate-gateway/api/authz/authz.pb.gw.go +++ b/components/automate-gateway/api/authz/authz.pb.gw.go @@ -13,7 +13,6 @@ import ( "io" "net/http" - "github.com/chef/automate/api/external/common/version" "github.com/chef/automate/components/automate-gateway/api/authz/request" "github.com/golang/protobuf/descriptor" "github.com/golang/protobuf/proto" @@ -33,130 +32,6 @@ var _ = runtime.String var _ = utilities.NewDoubleArray var _ = descriptor.ForMessage -func request_Authorization_GetVersion_0(ctx context.Context, marshaler runtime.Marshaler, client AuthorizationClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { - var protoReq version.VersionInfoRequest - var metadata runtime.ServerMetadata - - msg, err := client.GetVersion(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) - return msg, metadata, err - -} - -func local_request_Authorization_GetVersion_0(ctx context.Context, marshaler runtime.Marshaler, server AuthorizationServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { - var protoReq version.VersionInfoRequest - var metadata runtime.ServerMetadata - - msg, err := server.GetVersion(ctx, &protoReq) - return msg, metadata, err - -} - -func request_Authorization_CreatePolicy_0(ctx context.Context, marshaler runtime.Marshaler, client AuthorizationClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { - var protoReq request.CreatePolicyReq - var metadata runtime.ServerMetadata - - newReader, berr := utilities.IOReaderFactory(req.Body) - if berr != nil { - return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr) - } - if err := marshaler.NewDecoder(newReader()).Decode(&protoReq); err != nil && err != io.EOF { - return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) - } - - msg, err := client.CreatePolicy(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) - return msg, metadata, err - -} - -func local_request_Authorization_CreatePolicy_0(ctx context.Context, marshaler runtime.Marshaler, server AuthorizationServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { - var protoReq request.CreatePolicyReq - var metadata runtime.ServerMetadata - - newReader, berr := utilities.IOReaderFactory(req.Body) - if berr != nil { - return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", berr) - } - if err := marshaler.NewDecoder(newReader()).Decode(&protoReq); err != nil && err != io.EOF { - return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) - } - - msg, err := server.CreatePolicy(ctx, &protoReq) - return msg, metadata, err - -} - -func request_Authorization_ListPolicies_0(ctx context.Context, marshaler runtime.Marshaler, client AuthorizationClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { - var protoReq request.ListPoliciesReq - var metadata runtime.ServerMetadata - - msg, err := client.ListPolicies(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) - return msg, metadata, err - -} - -func local_request_Authorization_ListPolicies_0(ctx context.Context, marshaler runtime.Marshaler, server AuthorizationServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { - var protoReq request.ListPoliciesReq - var metadata runtime.ServerMetadata - - msg, err := server.ListPolicies(ctx, &protoReq) - return msg, metadata, err - -} - -func request_Authorization_DeletePolicy_0(ctx context.Context, marshaler runtime.Marshaler, client AuthorizationClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { - var protoReq request.DeletePolicyReq - var metadata runtime.ServerMetadata - - var ( - val string - ok bool - err error - _ = err - ) - - val, ok = pathParams["id"] - if !ok { - return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "id") - } - - protoReq.Id, err = runtime.String(val) - - if err != nil { - return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "id", err) - } - - msg, err := client.DeletePolicy(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) - return msg, metadata, err - -} - -func local_request_Authorization_DeletePolicy_0(ctx context.Context, marshaler runtime.Marshaler, server AuthorizationServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { - var protoReq request.DeletePolicyReq - var metadata runtime.ServerMetadata - - var ( - val string - ok bool - err error - _ = err - ) - - val, ok = pathParams["id"] - if !ok { - return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "id") - } - - protoReq.Id, err = runtime.String(val) - - if err != nil { - return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "id", err) - } - - msg, err := server.DeletePolicy(ctx, &protoReq) - return msg, metadata, err - -} - func request_Authorization_IntrospectAll_0(ctx context.Context, marshaler runtime.Marshaler, client AuthorizationClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { var protoReq request.IntrospectAllReq var metadata runtime.ServerMetadata @@ -248,86 +123,6 @@ func local_request_Authorization_Introspect_0(ctx context.Context, marshaler run // StreamingRPC :currently unsupported pending https://github.com/grpc/grpc-go/issues/906. func RegisterAuthorizationHandlerServer(ctx context.Context, mux *runtime.ServeMux, server AuthorizationServer) error { - mux.Handle("GET", pattern_Authorization_GetVersion_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { - ctx, cancel := context.WithCancel(req.Context()) - defer cancel() - inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) - rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req) - if err != nil { - runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) - return - } - resp, md, err := local_request_Authorization_GetVersion_0(rctx, inboundMarshaler, server, req, pathParams) - ctx = runtime.NewServerMetadataContext(ctx, md) - if err != nil { - runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) - return - } - - forward_Authorization_GetVersion_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) - - }) - - mux.Handle("POST", pattern_Authorization_CreatePolicy_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { - ctx, cancel := context.WithCancel(req.Context()) - defer cancel() - inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) - rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req) - if err != nil { - runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) - return - } - resp, md, err := local_request_Authorization_CreatePolicy_0(rctx, inboundMarshaler, server, req, pathParams) - ctx = runtime.NewServerMetadataContext(ctx, md) - if err != nil { - runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) - return - } - - forward_Authorization_CreatePolicy_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) - - }) - - mux.Handle("GET", pattern_Authorization_ListPolicies_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { - ctx, cancel := context.WithCancel(req.Context()) - defer cancel() - inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) - rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req) - if err != nil { - runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) - return - } - resp, md, err := local_request_Authorization_ListPolicies_0(rctx, inboundMarshaler, server, req, pathParams) - ctx = runtime.NewServerMetadataContext(ctx, md) - if err != nil { - runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) - return - } - - forward_Authorization_ListPolicies_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) - - }) - - mux.Handle("DELETE", pattern_Authorization_DeletePolicy_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { - ctx, cancel := context.WithCancel(req.Context()) - defer cancel() - inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) - rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req) - if err != nil { - runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) - return - } - resp, md, err := local_request_Authorization_DeletePolicy_0(rctx, inboundMarshaler, server, req, pathParams) - ctx = runtime.NewServerMetadataContext(ctx, md) - if err != nil { - runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) - return - } - - forward_Authorization_DeletePolicy_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) - - }) - mux.Handle("GET", pattern_Authorization_IntrospectAll_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { ctx, cancel := context.WithCancel(req.Context()) defer cancel() @@ -429,86 +224,6 @@ func RegisterAuthorizationHandler(ctx context.Context, mux *runtime.ServeMux, co // "AuthorizationClient" to call the correct interceptors. func RegisterAuthorizationHandlerClient(ctx context.Context, mux *runtime.ServeMux, client AuthorizationClient) error { - mux.Handle("GET", pattern_Authorization_GetVersion_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { - ctx, cancel := context.WithCancel(req.Context()) - defer cancel() - inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) - rctx, err := runtime.AnnotateContext(ctx, mux, req) - if err != nil { - runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) - return - } - resp, md, err := request_Authorization_GetVersion_0(rctx, inboundMarshaler, client, req, pathParams) - ctx = runtime.NewServerMetadataContext(ctx, md) - if err != nil { - runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) - return - } - - forward_Authorization_GetVersion_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) - - }) - - mux.Handle("POST", pattern_Authorization_CreatePolicy_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { - ctx, cancel := context.WithCancel(req.Context()) - defer cancel() - inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) - rctx, err := runtime.AnnotateContext(ctx, mux, req) - if err != nil { - runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) - return - } - resp, md, err := request_Authorization_CreatePolicy_0(rctx, inboundMarshaler, client, req, pathParams) - ctx = runtime.NewServerMetadataContext(ctx, md) - if err != nil { - runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) - return - } - - forward_Authorization_CreatePolicy_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) - - }) - - mux.Handle("GET", pattern_Authorization_ListPolicies_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { - ctx, cancel := context.WithCancel(req.Context()) - defer cancel() - inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) - rctx, err := runtime.AnnotateContext(ctx, mux, req) - if err != nil { - runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) - return - } - resp, md, err := request_Authorization_ListPolicies_0(rctx, inboundMarshaler, client, req, pathParams) - ctx = runtime.NewServerMetadataContext(ctx, md) - if err != nil { - runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) - return - } - - forward_Authorization_ListPolicies_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) - - }) - - mux.Handle("DELETE", pattern_Authorization_DeletePolicy_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { - ctx, cancel := context.WithCancel(req.Context()) - defer cancel() - inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) - rctx, err := runtime.AnnotateContext(ctx, mux, req) - if err != nil { - runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) - return - } - resp, md, err := request_Authorization_DeletePolicy_0(rctx, inboundMarshaler, client, req, pathParams) - ctx = runtime.NewServerMetadataContext(ctx, md) - if err != nil { - runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) - return - } - - forward_Authorization_DeletePolicy_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) - - }) - mux.Handle("GET", pattern_Authorization_IntrospectAll_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { ctx, cancel := context.WithCancel(req.Context()) defer cancel() @@ -573,14 +288,6 @@ func RegisterAuthorizationHandlerClient(ctx context.Context, mux *runtime.ServeM } var ( - pattern_Authorization_GetVersion_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"auth", "policies", "version"}, "", runtime.AssumeColonVerbOpt(true))) - - pattern_Authorization_CreatePolicy_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1}, []string{"auth", "policies"}, "", runtime.AssumeColonVerbOpt(true))) - - pattern_Authorization_ListPolicies_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1}, []string{"auth", "policies"}, "", runtime.AssumeColonVerbOpt(true))) - - pattern_Authorization_DeletePolicy_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 1, 0, 4, 1, 5, 2}, []string{"auth", "policies", "id"}, "", runtime.AssumeColonVerbOpt(true))) - pattern_Authorization_IntrospectAll_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1}, []string{"auth", "introspect"}, "", runtime.AssumeColonVerbOpt(true))) pattern_Authorization_IntrospectSome_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1}, []string{"auth", "introspect_some"}, "", runtime.AssumeColonVerbOpt(true))) @@ -589,14 +296,6 @@ var ( ) var ( - forward_Authorization_GetVersion_0 = runtime.ForwardResponseMessage - - forward_Authorization_CreatePolicy_0 = runtime.ForwardResponseMessage - - forward_Authorization_ListPolicies_0 = runtime.ForwardResponseMessage - - forward_Authorization_DeletePolicy_0 = runtime.ForwardResponseMessage - forward_Authorization_IntrospectAll_0 = runtime.ForwardResponseMessage forward_Authorization_IntrospectSome_0 = runtime.ForwardResponseMessage diff --git a/components/automate-gateway/api/authz/authz.pb.mock.go b/components/automate-gateway/api/authz/authz.pb.mock.go index d7fc0b45a56..5c81d673b5e 100644 --- a/components/automate-gateway/api/authz/authz.pb.mock.go +++ b/components/automate-gateway/api/authz/authz.pb.mock.go @@ -6,7 +6,6 @@ package authz import ( "context" - version "github.com/chef/automate/api/external/common/version" request "github.com/chef/automate/components/automate-gateway/api/authz/request" response "github.com/chef/automate/components/automate-gateway/api/authz/response" "google.golang.org/grpc/codes" @@ -32,63 +31,11 @@ func NewAuthorizationServerMockWithoutValidation() *AuthorizationServerMock { // methods with "not implemented" returns type AuthorizationServerMock struct { validateRequests bool - GetVersionFunc func(context.Context, *version.VersionInfoRequest) (*version.VersionInfo, error) - CreatePolicyFunc func(context.Context, *request.CreatePolicyReq) (*response.CreatePolicyResp, error) - ListPoliciesFunc func(context.Context, *request.ListPoliciesReq) (*response.ListPoliciesResp, error) - DeletePolicyFunc func(context.Context, *request.DeletePolicyReq) (*response.DeletePolicyResp, error) IntrospectAllFunc func(context.Context, *request.IntrospectAllReq) (*response.IntrospectResp, error) IntrospectSomeFunc func(context.Context, *request.IntrospectSomeReq) (*response.IntrospectResp, error) IntrospectFunc func(context.Context, *request.IntrospectReq) (*response.IntrospectResp, error) } -func (m *AuthorizationServerMock) GetVersion(ctx context.Context, req *version.VersionInfoRequest) (*version.VersionInfo, error) { - if msg, ok := interface{}(req).(interface{ Validate() error }); m.validateRequests && ok { - if err := msg.Validate(); err != nil { - return nil, status.Error(codes.InvalidArgument, err.Error()) - } - } - if f := m.GetVersionFunc; f != nil { - return f(ctx, req) - } - return nil, status.Error(codes.Internal, "mock: 'GetVersion' not implemented") -} - -func (m *AuthorizationServerMock) CreatePolicy(ctx context.Context, req *request.CreatePolicyReq) (*response.CreatePolicyResp, error) { - if msg, ok := interface{}(req).(interface{ Validate() error }); m.validateRequests && ok { - if err := msg.Validate(); err != nil { - return nil, status.Error(codes.InvalidArgument, err.Error()) - } - } - if f := m.CreatePolicyFunc; f != nil { - return f(ctx, req) - } - return nil, status.Error(codes.Internal, "mock: 'CreatePolicy' not implemented") -} - -func (m *AuthorizationServerMock) ListPolicies(ctx context.Context, req *request.ListPoliciesReq) (*response.ListPoliciesResp, error) { - if msg, ok := interface{}(req).(interface{ Validate() error }); m.validateRequests && ok { - if err := msg.Validate(); err != nil { - return nil, status.Error(codes.InvalidArgument, err.Error()) - } - } - if f := m.ListPoliciesFunc; f != nil { - return f(ctx, req) - } - return nil, status.Error(codes.Internal, "mock: 'ListPolicies' not implemented") -} - -func (m *AuthorizationServerMock) DeletePolicy(ctx context.Context, req *request.DeletePolicyReq) (*response.DeletePolicyResp, error) { - if msg, ok := interface{}(req).(interface{ Validate() error }); m.validateRequests && ok { - if err := msg.Validate(); err != nil { - return nil, status.Error(codes.InvalidArgument, err.Error()) - } - } - if f := m.DeletePolicyFunc; f != nil { - return f(ctx, req) - } - return nil, status.Error(codes.Internal, "mock: 'DeletePolicy' not implemented") -} - func (m *AuthorizationServerMock) IntrospectAll(ctx context.Context, req *request.IntrospectAllReq) (*response.IntrospectResp, error) { if msg, ok := interface{}(req).(interface{ Validate() error }); m.validateRequests && ok { if err := msg.Validate(); err != nil { @@ -127,10 +74,6 @@ func (m *AuthorizationServerMock) Introspect(ctx context.Context, req *request.I // Reset resets all overridden functions func (m *AuthorizationServerMock) Reset() { - m.GetVersionFunc = nil - m.CreatePolicyFunc = nil - m.ListPoliciesFunc = nil - m.DeletePolicyFunc = nil m.IntrospectAllFunc = nil m.IntrospectSomeFunc = nil m.IntrospectFunc = nil diff --git a/components/automate-gateway/api/authz/authz.pb.policy-v1.go b/components/automate-gateway/api/authz/authz.pb.policy-v1.go index 7018641fb89..cde06616bd2 100644 --- a/components/automate-gateway/api/authz/authz.pb.policy-v1.go +++ b/components/automate-gateway/api/authz/authz.pb.policy-v1.go @@ -9,40 +9,6 @@ import ( ) func init() { - policy.MapMethodTo("/chef.automate.api.authz.Authorization/GetVersion", "service_info:version", "read", "GET", "/auth/policies/version", func(unexpandedResource string, input interface{}) string { - return unexpandedResource - }) - policy.MapMethodTo("/chef.automate.api.authz.Authorization/CreatePolicy", "auth:policies", "create", "POST", "/auth/policies", func(unexpandedResource string, input interface{}) string { - if m, ok := input.(*request.CreatePolicyReq); ok { - return policy.ExpandParameterizedResource(unexpandedResource, func(want string) string { - switch want { - case "action": - return m.Action - case "resource": - return m.Resource - default: - return "" - } - }) - } - return "" - }) - policy.MapMethodTo("/chef.automate.api.authz.Authorization/ListPolicies", "auth:policies", "read", "GET", "/auth/policies", func(unexpandedResource string, input interface{}) string { - return unexpandedResource - }) - policy.MapMethodTo("/chef.automate.api.authz.Authorization/DeletePolicy", "auth:policies:{id}", "delete", "DELETE", "/auth/policies/{id}", func(unexpandedResource string, input interface{}) string { - if m, ok := input.(*request.DeletePolicyReq); ok { - return policy.ExpandParameterizedResource(unexpandedResource, func(want string) string { - switch want { - case "id": - return m.Id - default: - return "" - } - }) - } - return "" - }) policy.MapMethodTo("/chef.automate.api.authz.Authorization/IntrospectAll", "auth_introspection:introspect_all", "read", "GET", "/auth/introspect", func(unexpandedResource string, input interface{}) string { return unexpandedResource }) diff --git a/components/automate-gateway/api/authz/authz.pb.policy-v2.go b/components/automate-gateway/api/authz/authz.pb.policy-v2.go index 7eca2b2f37b..ae559c3c614 100644 --- a/components/automate-gateway/api/authz/authz.pb.policy-v2.go +++ b/components/automate-gateway/api/authz/authz.pb.policy-v2.go @@ -9,40 +9,6 @@ import ( ) func init() { - policyv2.MapMethodTo("/chef.automate.api.authz.Authorization/GetVersion", "system:service:version", "system:serviceVersion:get", "GET", "/auth/policies/version", func(unexpandedResource string, input interface{}) string { - return unexpandedResource - }) - policyv2.MapMethodTo("/chef.automate.api.authz.Authorization/CreatePolicy", "iam:policies", "iam:policies:create", "POST", "/auth/policies", func(unexpandedResource string, input interface{}) string { - if m, ok := input.(*request.CreatePolicyReq); ok { - return policyv2.ExpandParameterizedResource(unexpandedResource, func(want string) string { - switch want { - case "action": - return m.Action - case "resource": - return m.Resource - default: - return "" - } - }) - } - return "" - }) - policyv2.MapMethodTo("/chef.automate.api.authz.Authorization/ListPolicies", "iam:policies", "iam:policies:list", "GET", "/auth/policies", func(unexpandedResource string, input interface{}) string { - return unexpandedResource - }) - policyv2.MapMethodTo("/chef.automate.api.authz.Authorization/DeletePolicy", "iam:policies:{id}", "iam:policies:delete", "DELETE", "/auth/policies/{id}", func(unexpandedResource string, input interface{}) string { - if m, ok := input.(*request.DeletePolicyReq); ok { - return policyv2.ExpandParameterizedResource(unexpandedResource, func(want string) string { - switch want { - case "id": - return m.Id - default: - return "" - } - }) - } - return "" - }) policyv2.MapMethodTo("/chef.automate.api.authz.Authorization/IntrospectAll", "iam:introspect", "iam:introspect:getAll", "GET", "/auth/introspect", func(unexpandedResource string, input interface{}) string { return unexpandedResource }) diff --git a/components/automate-gateway/api/authz/authz.proto b/components/automate-gateway/api/authz/authz.proto index 5e4c235f9a9..d589fb5e219 100644 --- a/components/automate-gateway/api/authz/authz.proto +++ b/components/automate-gateway/api/authz/authz.proto @@ -14,35 +14,6 @@ import "components/automate-grpc/protoc-gen-policy/api/annotations.proto"; // for option (chef.automate.api.iam.policy) import "components/automate-grpc/protoc-gen-policy/iam/annotations.proto"; service Authorization { - rpc GetVersion (common.version.VersionInfoRequest) returns (common.version.VersionInfo) { - option (google.api.http).get = "/auth/policies/version"; - option (chef.automate.api.policy).resource = "service_info:version"; - option (chef.automate.api.policy).action = "read"; - option (chef.automate.api.iam.policy).resource = "system:service:version"; - option (chef.automate.api.iam.policy).action = "system:serviceVersion:get"; - }; - rpc CreatePolicy (authz.request.CreatePolicyReq) returns (authz.response.CreatePolicyResp) { - option (google.api.http).post = "/auth/policies"; - option (google.api.http).body = "*"; - option (chef.automate.api.policy).resource = "auth:policies"; - option (chef.automate.api.policy).action = "create"; - option (chef.automate.api.iam.policy).resource = "iam:policies"; - option (chef.automate.api.iam.policy).action = "iam:policies:create"; - }; - rpc ListPolicies (authz.request.ListPoliciesReq) returns (authz.response.ListPoliciesResp) { - option (google.api.http).get = "/auth/policies"; - option (chef.automate.api.policy).resource = "auth:policies"; - option (chef.automate.api.policy).action = "read"; - option (chef.automate.api.iam.policy).resource = "iam:policies"; - option (chef.automate.api.iam.policy).action = "iam:policies:list"; - }; - rpc DeletePolicy (authz.request.DeletePolicyReq) returns (authz.response.DeletePolicyResp) { - option (google.api.http).delete = "/auth/policies/{id}"; - option (chef.automate.api.policy).resource = "auth:policies:{id}"; - option (chef.automate.api.policy).action = "delete"; - option (chef.automate.api.iam.policy).resource = "iam:policies:{id}"; - option (chef.automate.api.iam.policy).action = "iam:policies:delete"; - }; rpc IntrospectAll (authz.request.IntrospectAllReq) returns (authz.response.IntrospectResp) { option (google.api.http).get = "/auth/introspect"; option (chef.automate.api.policy).resource = "auth_introspection:introspect_all"; diff --git a/components/automate-gateway/api/authz/authz.swagger.json b/components/automate-gateway/api/authz/authz.swagger.json index 1d944ac0854..667fb4766d2 100644 --- a/components/automate-gateway/api/authz/authz.swagger.json +++ b/components/automate-gateway/api/authz/authz.swagger.json @@ -76,106 +76,9 @@ "Authorization" ] } - }, - "/auth/policies": { - "get": { - "operationId": "ListPolicies", - "responses": { - "200": { - "description": "A successful response.", - "schema": { - "$ref": "#/definitions/chef.automate.api.authz.response.ListPoliciesResp" - } - } - }, - "tags": [ - "Authorization" - ] - }, - "post": { - "operationId": "CreatePolicy", - "responses": { - "200": { - "description": "A successful response.", - "schema": { - "$ref": "#/definitions/chef.automate.api.authz.response.CreatePolicyResp" - } - } - }, - "parameters": [ - { - "name": "body", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/chef.automate.api.authz.request.CreatePolicyReq" - } - } - ], - "tags": [ - "Authorization" - ] - } - }, - "/auth/policies/version": { - "get": { - "operationId": "GetVersion", - "responses": { - "200": { - "description": "A successful response.", - "schema": { - "$ref": "#/definitions/chef.automate.api.common.version.VersionInfo" - } - } - }, - "tags": [ - "Authorization" - ] - } - }, - "/auth/policies/{id}": { - "delete": { - "operationId": "DeletePolicy", - "responses": { - "200": { - "description": "A successful response.", - "schema": { - "$ref": "#/definitions/chef.automate.api.authz.response.DeletePolicyResp" - } - } - }, - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "type": "string" - } - ], - "tags": [ - "Authorization" - ] - } } }, "definitions": { - "chef.automate.api.authz.request.CreatePolicyReq": { - "type": "object", - "properties": { - "action": { - "type": "string" - }, - "subjects": { - "type": "array", - "items": { - "type": "string" - } - }, - "resource": { - "type": "string" - } - } - }, "chef.automate.api.authz.request.IntrospectReq": { "type": "object", "properties": { @@ -201,69 +104,6 @@ } } }, - "chef.automate.api.authz.response.CreatePolicyResp": { - "type": "object", - "properties": { - "action": { - "type": "string" - }, - "subjects": { - "type": "array", - "items": { - "type": "string" - } - }, - "id": { - "type": "string" - }, - "resource": { - "type": "string" - }, - "effect": { - "type": "string" - }, - "created_at": { - "type": "string", - "format": "date-time" - }, - "updated_at": { - "type": "string", - "format": "date-time" - } - }, - "description": "We aren't using a Policy message here since we want to\nreturn a flat object via our external HTTP API." - }, - "chef.automate.api.authz.response.DeletePolicyResp": { - "type": "object", - "properties": { - "action": { - "type": "string" - }, - "subjects": { - "type": "array", - "items": { - "type": "string" - } - }, - "id": { - "type": "string" - }, - "resource": { - "type": "string" - }, - "effect": { - "type": "string" - }, - "created_at": { - "type": "string", - "format": "date-time" - }, - "updated_at": { - "type": "string", - "format": "date-time" - } - } - }, "chef.automate.api.authz.response.IntrospectResp": { "type": "object", "properties": { @@ -275,17 +115,6 @@ } } }, - "chef.automate.api.authz.response.ListPoliciesResp": { - "type": "object", - "properties": { - "policies": { - "type": "array", - "items": { - "$ref": "#/definitions/chef.automate.api.authz.response.Policy" - } - } - } - }, "chef.automate.api.authz.response.MethodsAllowed": { "type": "object", "properties": { @@ -310,54 +139,6 @@ "format": "boolean" } } - }, - "chef.automate.api.authz.response.Policy": { - "type": "object", - "properties": { - "action": { - "type": "string" - }, - "subjects": { - "type": "array", - "items": { - "type": "string" - } - }, - "id": { - "type": "string" - }, - "resource": { - "type": "string" - }, - "effect": { - "type": "string" - }, - "created_at": { - "type": "string", - "format": "date-time" - }, - "updated_at": { - "type": "string", - "format": "date-time" - } - } - }, - "chef.automate.api.common.version.VersionInfo": { - "type": "object", - "properties": { - "name": { - "type": "string" - }, - "version": { - "type": "string" - }, - "sha": { - "type": "string" - }, - "built": { - "type": "string" - } - } } } } diff --git a/components/automate-gateway/api/authz/request/authz.pb.go b/components/automate-gateway/api/authz/request/authz.pb.go index 9b4d90fdc0a..56fd7a0e04f 100644 --- a/components/automate-gateway/api/authz/request/authz.pb.go +++ b/components/automate-gateway/api/authz/request/authz.pb.go @@ -20,186 +20,6 @@ var _ = math.Inf // proto package needs to be updated. const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package -type IsAuthorizedReq struct { - Subject string `protobuf:"bytes,1,opt,name=subject,proto3" json:"subject,omitempty"` - Resource string `protobuf:"bytes,2,opt,name=resource,proto3" json:"resource,omitempty"` - Action string `protobuf:"bytes,3,opt,name=action,proto3" json:"action,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *IsAuthorizedReq) Reset() { *m = IsAuthorizedReq{} } -func (m *IsAuthorizedReq) String() string { return proto.CompactTextString(m) } -func (*IsAuthorizedReq) ProtoMessage() {} -func (*IsAuthorizedReq) Descriptor() ([]byte, []int) { - return fileDescriptor_fa62939b9d22bb69, []int{0} -} - -func (m *IsAuthorizedReq) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_IsAuthorizedReq.Unmarshal(m, b) -} -func (m *IsAuthorizedReq) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_IsAuthorizedReq.Marshal(b, m, deterministic) -} -func (m *IsAuthorizedReq) XXX_Merge(src proto.Message) { - xxx_messageInfo_IsAuthorizedReq.Merge(m, src) -} -func (m *IsAuthorizedReq) XXX_Size() int { - return xxx_messageInfo_IsAuthorizedReq.Size(m) -} -func (m *IsAuthorizedReq) XXX_DiscardUnknown() { - xxx_messageInfo_IsAuthorizedReq.DiscardUnknown(m) -} - -var xxx_messageInfo_IsAuthorizedReq proto.InternalMessageInfo - -func (m *IsAuthorizedReq) GetSubject() string { - if m != nil { - return m.Subject - } - return "" -} - -func (m *IsAuthorizedReq) GetResource() string { - if m != nil { - return m.Resource - } - return "" -} - -func (m *IsAuthorizedReq) GetAction() string { - if m != nil { - return m.Action - } - return "" -} - -type CreatePolicyReq struct { - Action string `protobuf:"bytes,2,opt,name=action,proto3" json:"action,omitempty"` - Subjects []string `protobuf:"bytes,3,rep,name=subjects,proto3" json:"subjects,omitempty"` - Resource string `protobuf:"bytes,4,opt,name=resource,proto3" json:"resource,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *CreatePolicyReq) Reset() { *m = CreatePolicyReq{} } -func (m *CreatePolicyReq) String() string { return proto.CompactTextString(m) } -func (*CreatePolicyReq) ProtoMessage() {} -func (*CreatePolicyReq) Descriptor() ([]byte, []int) { - return fileDescriptor_fa62939b9d22bb69, []int{1} -} - -func (m *CreatePolicyReq) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_CreatePolicyReq.Unmarshal(m, b) -} -func (m *CreatePolicyReq) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_CreatePolicyReq.Marshal(b, m, deterministic) -} -func (m *CreatePolicyReq) XXX_Merge(src proto.Message) { - xxx_messageInfo_CreatePolicyReq.Merge(m, src) -} -func (m *CreatePolicyReq) XXX_Size() int { - return xxx_messageInfo_CreatePolicyReq.Size(m) -} -func (m *CreatePolicyReq) XXX_DiscardUnknown() { - xxx_messageInfo_CreatePolicyReq.DiscardUnknown(m) -} - -var xxx_messageInfo_CreatePolicyReq proto.InternalMessageInfo - -func (m *CreatePolicyReq) GetAction() string { - if m != nil { - return m.Action - } - return "" -} - -func (m *CreatePolicyReq) GetSubjects() []string { - if m != nil { - return m.Subjects - } - return nil -} - -func (m *CreatePolicyReq) GetResource() string { - if m != nil { - return m.Resource - } - return "" -} - -type ListPoliciesReq struct { - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *ListPoliciesReq) Reset() { *m = ListPoliciesReq{} } -func (m *ListPoliciesReq) String() string { return proto.CompactTextString(m) } -func (*ListPoliciesReq) ProtoMessage() {} -func (*ListPoliciesReq) Descriptor() ([]byte, []int) { - return fileDescriptor_fa62939b9d22bb69, []int{2} -} - -func (m *ListPoliciesReq) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_ListPoliciesReq.Unmarshal(m, b) -} -func (m *ListPoliciesReq) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_ListPoliciesReq.Marshal(b, m, deterministic) -} -func (m *ListPoliciesReq) XXX_Merge(src proto.Message) { - xxx_messageInfo_ListPoliciesReq.Merge(m, src) -} -func (m *ListPoliciesReq) XXX_Size() int { - return xxx_messageInfo_ListPoliciesReq.Size(m) -} -func (m *ListPoliciesReq) XXX_DiscardUnknown() { - xxx_messageInfo_ListPoliciesReq.DiscardUnknown(m) -} - -var xxx_messageInfo_ListPoliciesReq proto.InternalMessageInfo - -type DeletePolicyReq struct { - Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *DeletePolicyReq) Reset() { *m = DeletePolicyReq{} } -func (m *DeletePolicyReq) String() string { return proto.CompactTextString(m) } -func (*DeletePolicyReq) ProtoMessage() {} -func (*DeletePolicyReq) Descriptor() ([]byte, []int) { - return fileDescriptor_fa62939b9d22bb69, []int{3} -} - -func (m *DeletePolicyReq) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_DeletePolicyReq.Unmarshal(m, b) -} -func (m *DeletePolicyReq) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_DeletePolicyReq.Marshal(b, m, deterministic) -} -func (m *DeletePolicyReq) XXX_Merge(src proto.Message) { - xxx_messageInfo_DeletePolicyReq.Merge(m, src) -} -func (m *DeletePolicyReq) XXX_Size() int { - return xxx_messageInfo_DeletePolicyReq.Size(m) -} -func (m *DeletePolicyReq) XXX_DiscardUnknown() { - xxx_messageInfo_DeletePolicyReq.DiscardUnknown(m) -} - -var xxx_messageInfo_DeletePolicyReq proto.InternalMessageInfo - -func (m *DeletePolicyReq) GetId() string { - if m != nil { - return m.Id - } - return "" -} - type IntrospectAllReq struct { XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` @@ -210,7 +30,7 @@ func (m *IntrospectAllReq) Reset() { *m = IntrospectAllReq{} } func (m *IntrospectAllReq) String() string { return proto.CompactTextString(m) } func (*IntrospectAllReq) ProtoMessage() {} func (*IntrospectAllReq) Descriptor() ([]byte, []int) { - return fileDescriptor_fa62939b9d22bb69, []int{4} + return fileDescriptor_fa62939b9d22bb69, []int{0} } func (m *IntrospectAllReq) XXX_Unmarshal(b []byte) error { @@ -242,7 +62,7 @@ func (m *IntrospectSomeReq) Reset() { *m = IntrospectSomeReq{} } func (m *IntrospectSomeReq) String() string { return proto.CompactTextString(m) } func (*IntrospectSomeReq) ProtoMessage() {} func (*IntrospectSomeReq) Descriptor() ([]byte, []int) { - return fileDescriptor_fa62939b9d22bb69, []int{5} + return fileDescriptor_fa62939b9d22bb69, []int{1} } func (m *IntrospectSomeReq) XXX_Unmarshal(b []byte) error { @@ -282,7 +102,7 @@ func (m *IntrospectReq) Reset() { *m = IntrospectReq{} } func (m *IntrospectReq) String() string { return proto.CompactTextString(m) } func (*IntrospectReq) ProtoMessage() {} func (*IntrospectReq) Descriptor() ([]byte, []int) { - return fileDescriptor_fa62939b9d22bb69, []int{6} + return fileDescriptor_fa62939b9d22bb69, []int{2} } func (m *IntrospectReq) XXX_Unmarshal(b []byte) error { @@ -318,10 +138,6 @@ func (m *IntrospectReq) GetParameters() []string { } func init() { - proto.RegisterType((*IsAuthorizedReq)(nil), "chef.automate.api.authz.request.IsAuthorizedReq") - proto.RegisterType((*CreatePolicyReq)(nil), "chef.automate.api.authz.request.CreatePolicyReq") - proto.RegisterType((*ListPoliciesReq)(nil), "chef.automate.api.authz.request.ListPoliciesReq") - proto.RegisterType((*DeletePolicyReq)(nil), "chef.automate.api.authz.request.DeletePolicyReq") proto.RegisterType((*IntrospectAllReq)(nil), "chef.automate.api.authz.request.IntrospectAllReq") proto.RegisterType((*IntrospectSomeReq)(nil), "chef.automate.api.authz.request.IntrospectSomeReq") proto.RegisterType((*IntrospectReq)(nil), "chef.automate.api.authz.request.IntrospectReq") @@ -332,26 +148,19 @@ func init() { } var fileDescriptor_fa62939b9d22bb69 = []byte{ - // 323 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x91, 0x3f, 0x4f, 0xc3, 0x30, - 0x10, 0xc5, 0xd5, 0xb4, 0x14, 0x38, 0x09, 0x42, 0x2d, 0x84, 0x2c, 0x06, 0x28, 0x99, 0x60, 0x20, - 0x19, 0x98, 0x18, 0x4b, 0x11, 0xa2, 0x12, 0x03, 0x2a, 0x1b, 0x0b, 0x72, 0xdd, 0xa3, 0x31, 0x4a, - 0x62, 0xd7, 0xbe, 0x08, 0xb5, 0x9f, 0x1e, 0xd9, 0x4d, 0xff, 0x8d, 0x6c, 0x79, 0x77, 0xef, 0xdd, - 0x2f, 0xd6, 0x83, 0x47, 0xa9, 0x4b, 0xa3, 0x2b, 0xac, 0xc8, 0x65, 0xa2, 0x26, 0x5d, 0x0a, 0xc2, - 0xfb, 0x99, 0x20, 0xfc, 0x15, 0x8b, 0x4c, 0x18, 0xe5, 0x87, 0xf9, 0x32, 0xb3, 0x38, 0xaf, 0xd1, - 0xd1, 0x4a, 0xa5, 0xc6, 0x6a, 0xd2, 0xec, 0x5a, 0xe6, 0xf8, 0x9d, 0xae, 0x43, 0xa9, 0x30, 0x2a, - 0x5d, 0xad, 0x1b, 0x73, 0xf2, 0x05, 0xf1, 0xc8, 0x0d, 0x6a, 0xca, 0xb5, 0x55, 0x4b, 0x9c, 0x8e, - 0x71, 0xce, 0x38, 0x1c, 0xba, 0x7a, 0xf2, 0x83, 0x92, 0x78, 0xab, 0xdf, 0xba, 0x3d, 0x1e, 0xaf, - 0x25, 0xbb, 0x84, 0x23, 0x8b, 0x4e, 0xd7, 0x56, 0x22, 0x8f, 0xc2, 0x6a, 0xa3, 0xd9, 0x05, 0x74, - 0x85, 0x24, 0xa5, 0x2b, 0xde, 0x0e, 0x9b, 0x46, 0x25, 0x02, 0xe2, 0xa1, 0x45, 0x41, 0xf8, 0xae, - 0x0b, 0x25, 0x17, 0x1e, 0xb0, 0xb5, 0x46, 0xbb, 0x56, 0x7f, 0xbe, 0x21, 0x39, 0xde, 0xee, 0xb7, - 0xfd, 0xf9, 0xb5, 0xde, 0x43, 0x77, 0xf6, 0xd1, 0x49, 0x0f, 0xe2, 0x37, 0xe5, 0x28, 0x00, 0x14, - 0xba, 0x31, 0xce, 0x93, 0x1b, 0x88, 0x9f, 0xb1, 0xc0, 0x5d, 0xea, 0x29, 0x44, 0x6a, 0xda, 0xbc, - 0x28, 0x52, 0xd3, 0x84, 0xc1, 0xd9, 0xa8, 0x22, 0xab, 0x9d, 0x41, 0x49, 0x83, 0xa2, 0xf0, 0xb1, - 0x3b, 0xe8, 0x6d, 0x67, 0x1f, 0xba, 0x44, 0x1f, 0x3c, 0x87, 0x03, 0x23, 0x28, 0x77, 0xbc, 0x15, - 0xfe, 0x69, 0x25, 0x92, 0x21, 0x9c, 0x6c, 0xad, 0xde, 0xc6, 0xa0, 0xe3, 0x37, 0x0d, 0x21, 0x7c, - 0xb3, 0x2b, 0x00, 0x23, 0xac, 0x28, 0x91, 0xd0, 0x3a, 0x1e, 0x85, 0xfc, 0xce, 0xe4, 0xe9, 0xf5, - 0xf3, 0x65, 0xa6, 0x28, 0xaf, 0x27, 0xa9, 0xd4, 0x65, 0xe6, 0xbb, 0xda, 0x14, 0x9c, 0xfd, 0xab, - 0xf4, 0x49, 0x37, 0xf4, 0xfd, 0xf0, 0x17, 0x00, 0x00, 0xff, 0xff, 0x50, 0xd0, 0xd9, 0x1a, 0x2c, - 0x02, 0x00, 0x00, + // 210 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x8f, 0xbf, 0x4b, 0xc5, 0x30, + 0x10, 0xc7, 0xa9, 0xbf, 0xe0, 0x1d, 0x08, 0x1a, 0x1c, 0x3a, 0xe9, 0xa3, 0xd3, 0x73, 0x30, 0x19, + 0x9c, 0x1c, 0x55, 0x10, 0x5d, 0xe3, 0xe6, 0x76, 0x2f, 0x9c, 0x2f, 0x85, 0xa6, 0x97, 0x26, 0x57, + 0x44, 0xff, 0x7a, 0x49, 0xab, 0xd6, 0xf5, 0x6d, 0xf7, 0xfd, 0x05, 0xf7, 0x81, 0x3b, 0xc7, 0x21, + 0x72, 0x4f, 0xbd, 0x64, 0x83, 0xa3, 0x70, 0x40, 0xa1, 0x9b, 0x1d, 0x0a, 0x7d, 0xe0, 0xa7, 0xc1, + 0xd8, 0x16, 0xd3, 0x7f, 0x99, 0x44, 0xc3, 0x48, 0x59, 0x66, 0xa5, 0x63, 0x62, 0x61, 0x75, 0xe5, + 0x3c, 0xbd, 0xeb, 0xdf, 0x91, 0xc6, 0xd8, 0xea, 0x39, 0xfe, 0x29, 0x37, 0x0a, 0xce, 0x5e, 0x7a, + 0x49, 0x9c, 0x23, 0x39, 0xb9, 0xef, 0x3a, 0x4b, 0x43, 0x73, 0x0d, 0xe7, 0x8b, 0xf7, 0xca, 0x81, + 0x2c, 0x0d, 0xea, 0x02, 0x8e, 0x23, 0x8a, 0xcf, 0x75, 0xb5, 0x3e, 0xdc, 0xac, 0xec, 0x2c, 0x9a, + 0x47, 0x38, 0x5d, 0xaa, 0xa5, 0xa6, 0xe0, 0xa8, 0x24, 0x75, 0xb5, 0xae, 0x36, 0x2b, 0x3b, 0xdd, + 0xea, 0x12, 0x20, 0x62, 0xc2, 0x40, 0x42, 0x29, 0xd7, 0x07, 0xd3, 0xfe, 0x9f, 0xf3, 0xf0, 0xfc, + 0xf6, 0xb4, 0x6b, 0xc5, 0x8f, 0x5b, 0xed, 0x38, 0x98, 0xf2, 0xf1, 0x1f, 0xa6, 0xd9, 0x0b, 0x7d, + 0x7b, 0x32, 0x51, 0xdf, 0x7e, 0x07, 0x00, 0x00, 0xff, 0xff, 0xf9, 0xf3, 0xd3, 0x1b, 0x32, 0x01, + 0x00, 0x00, } diff --git a/components/automate-gateway/api/authz/request/authz.proto b/components/automate-gateway/api/authz/request/authz.proto index fd6c62a9314..bd762cc4705 100644 --- a/components/automate-gateway/api/authz/request/authz.proto +++ b/components/automate-gateway/api/authz/request/authz.proto @@ -3,26 +3,6 @@ syntax = "proto3"; package chef.automate.api.authz.request; option go_package = "github.com/chef/automate/components/automate-gateway/api/authz/request"; -message IsAuthorizedReq { - string subject = 1; - string resource = 2; - string action = 3; -} - -message CreatePolicyReq { - string action = 2; - repeated string subjects = 3; - string resource = 4; -} - -message ListPoliciesReq { - -} - -message DeletePolicyReq { - string id = 1; -} - message IntrospectAllReq { } diff --git a/components/automate-gateway/api/authz/response/authz.pb.go b/components/automate-gateway/api/authz/response/authz.pb.go index 3c2e0773631..55967d12883 100644 --- a/components/automate-gateway/api/authz/response/authz.pb.go +++ b/components/automate-gateway/api/authz/response/authz.pb.go @@ -6,7 +6,7 @@ package response import ( fmt "fmt" proto "github.com/golang/protobuf/proto" - timestamp "github.com/golang/protobuf/ptypes/timestamp" + _ "github.com/golang/protobuf/ptypes/timestamp" math "math" ) @@ -21,347 +21,6 @@ var _ = math.Inf // proto package needs to be updated. const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package -type Policy struct { - Action string `protobuf:"bytes,1,opt,name=action,proto3" json:"action,omitempty"` - Subjects []string `protobuf:"bytes,2,rep,name=subjects,proto3" json:"subjects,omitempty"` - Id string `protobuf:"bytes,3,opt,name=id,proto3" json:"id,omitempty"` - Resource string `protobuf:"bytes,4,opt,name=resource,proto3" json:"resource,omitempty"` - Effect string `protobuf:"bytes,5,opt,name=effect,proto3" json:"effect,omitempty"` - CreatedAt *timestamp.Timestamp `protobuf:"bytes,6,opt,name=created_at,json=createdAt,proto3" json:"created_at,omitempty"` - UpdatedAt *timestamp.Timestamp `protobuf:"bytes,7,opt,name=updated_at,json=updatedAt,proto3" json:"updated_at,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *Policy) Reset() { *m = Policy{} } -func (m *Policy) String() string { return proto.CompactTextString(m) } -func (*Policy) ProtoMessage() {} -func (*Policy) Descriptor() ([]byte, []int) { - return fileDescriptor_092a1df9479473e5, []int{0} -} - -func (m *Policy) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_Policy.Unmarshal(m, b) -} -func (m *Policy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_Policy.Marshal(b, m, deterministic) -} -func (m *Policy) XXX_Merge(src proto.Message) { - xxx_messageInfo_Policy.Merge(m, src) -} -func (m *Policy) XXX_Size() int { - return xxx_messageInfo_Policy.Size(m) -} -func (m *Policy) XXX_DiscardUnknown() { - xxx_messageInfo_Policy.DiscardUnknown(m) -} - -var xxx_messageInfo_Policy proto.InternalMessageInfo - -func (m *Policy) GetAction() string { - if m != nil { - return m.Action - } - return "" -} - -func (m *Policy) GetSubjects() []string { - if m != nil { - return m.Subjects - } - return nil -} - -func (m *Policy) GetId() string { - if m != nil { - return m.Id - } - return "" -} - -func (m *Policy) GetResource() string { - if m != nil { - return m.Resource - } - return "" -} - -func (m *Policy) GetEffect() string { - if m != nil { - return m.Effect - } - return "" -} - -func (m *Policy) GetCreatedAt() *timestamp.Timestamp { - if m != nil { - return m.CreatedAt - } - return nil -} - -func (m *Policy) GetUpdatedAt() *timestamp.Timestamp { - if m != nil { - return m.UpdatedAt - } - return nil -} - -type IsAuthorizedResp struct { - Authorized bool `protobuf:"varint,1,opt,name=authorized,proto3" json:"authorized,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *IsAuthorizedResp) Reset() { *m = IsAuthorizedResp{} } -func (m *IsAuthorizedResp) String() string { return proto.CompactTextString(m) } -func (*IsAuthorizedResp) ProtoMessage() {} -func (*IsAuthorizedResp) Descriptor() ([]byte, []int) { - return fileDescriptor_092a1df9479473e5, []int{1} -} - -func (m *IsAuthorizedResp) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_IsAuthorizedResp.Unmarshal(m, b) -} -func (m *IsAuthorizedResp) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_IsAuthorizedResp.Marshal(b, m, deterministic) -} -func (m *IsAuthorizedResp) XXX_Merge(src proto.Message) { - xxx_messageInfo_IsAuthorizedResp.Merge(m, src) -} -func (m *IsAuthorizedResp) XXX_Size() int { - return xxx_messageInfo_IsAuthorizedResp.Size(m) -} -func (m *IsAuthorizedResp) XXX_DiscardUnknown() { - xxx_messageInfo_IsAuthorizedResp.DiscardUnknown(m) -} - -var xxx_messageInfo_IsAuthorizedResp proto.InternalMessageInfo - -func (m *IsAuthorizedResp) GetAuthorized() bool { - if m != nil { - return m.Authorized - } - return false -} - -// We aren't using a Policy message here since we want to -// return a flat object via our external HTTP API. -type CreatePolicyResp struct { - Action string `protobuf:"bytes,1,opt,name=action,proto3" json:"action,omitempty"` - Subjects []string `protobuf:"bytes,2,rep,name=subjects,proto3" json:"subjects,omitempty"` - Id string `protobuf:"bytes,3,opt,name=id,proto3" json:"id,omitempty"` - Resource string `protobuf:"bytes,4,opt,name=resource,proto3" json:"resource,omitempty"` - Effect string `protobuf:"bytes,5,opt,name=effect,proto3" json:"effect,omitempty"` - CreatedAt *timestamp.Timestamp `protobuf:"bytes,6,opt,name=created_at,json=createdAt,proto3" json:"created_at,omitempty"` - UpdatedAt *timestamp.Timestamp `protobuf:"bytes,7,opt,name=updated_at,json=updatedAt,proto3" json:"updated_at,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *CreatePolicyResp) Reset() { *m = CreatePolicyResp{} } -func (m *CreatePolicyResp) String() string { return proto.CompactTextString(m) } -func (*CreatePolicyResp) ProtoMessage() {} -func (*CreatePolicyResp) Descriptor() ([]byte, []int) { - return fileDescriptor_092a1df9479473e5, []int{2} -} - -func (m *CreatePolicyResp) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_CreatePolicyResp.Unmarshal(m, b) -} -func (m *CreatePolicyResp) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_CreatePolicyResp.Marshal(b, m, deterministic) -} -func (m *CreatePolicyResp) XXX_Merge(src proto.Message) { - xxx_messageInfo_CreatePolicyResp.Merge(m, src) -} -func (m *CreatePolicyResp) XXX_Size() int { - return xxx_messageInfo_CreatePolicyResp.Size(m) -} -func (m *CreatePolicyResp) XXX_DiscardUnknown() { - xxx_messageInfo_CreatePolicyResp.DiscardUnknown(m) -} - -var xxx_messageInfo_CreatePolicyResp proto.InternalMessageInfo - -func (m *CreatePolicyResp) GetAction() string { - if m != nil { - return m.Action - } - return "" -} - -func (m *CreatePolicyResp) GetSubjects() []string { - if m != nil { - return m.Subjects - } - return nil -} - -func (m *CreatePolicyResp) GetId() string { - if m != nil { - return m.Id - } - return "" -} - -func (m *CreatePolicyResp) GetResource() string { - if m != nil { - return m.Resource - } - return "" -} - -func (m *CreatePolicyResp) GetEffect() string { - if m != nil { - return m.Effect - } - return "" -} - -func (m *CreatePolicyResp) GetCreatedAt() *timestamp.Timestamp { - if m != nil { - return m.CreatedAt - } - return nil -} - -func (m *CreatePolicyResp) GetUpdatedAt() *timestamp.Timestamp { - if m != nil { - return m.UpdatedAt - } - return nil -} - -type ListPoliciesResp struct { - Policies []*Policy `protobuf:"bytes,1,rep,name=policies,proto3" json:"policies,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *ListPoliciesResp) Reset() { *m = ListPoliciesResp{} } -func (m *ListPoliciesResp) String() string { return proto.CompactTextString(m) } -func (*ListPoliciesResp) ProtoMessage() {} -func (*ListPoliciesResp) Descriptor() ([]byte, []int) { - return fileDescriptor_092a1df9479473e5, []int{3} -} - -func (m *ListPoliciesResp) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_ListPoliciesResp.Unmarshal(m, b) -} -func (m *ListPoliciesResp) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_ListPoliciesResp.Marshal(b, m, deterministic) -} -func (m *ListPoliciesResp) XXX_Merge(src proto.Message) { - xxx_messageInfo_ListPoliciesResp.Merge(m, src) -} -func (m *ListPoliciesResp) XXX_Size() int { - return xxx_messageInfo_ListPoliciesResp.Size(m) -} -func (m *ListPoliciesResp) XXX_DiscardUnknown() { - xxx_messageInfo_ListPoliciesResp.DiscardUnknown(m) -} - -var xxx_messageInfo_ListPoliciesResp proto.InternalMessageInfo - -func (m *ListPoliciesResp) GetPolicies() []*Policy { - if m != nil { - return m.Policies - } - return nil -} - -type DeletePolicyResp struct { - Action string `protobuf:"bytes,1,opt,name=action,proto3" json:"action,omitempty"` - Subjects []string `protobuf:"bytes,2,rep,name=subjects,proto3" json:"subjects,omitempty"` - Id string `protobuf:"bytes,3,opt,name=id,proto3" json:"id,omitempty"` - Resource string `protobuf:"bytes,4,opt,name=resource,proto3" json:"resource,omitempty"` - Effect string `protobuf:"bytes,5,opt,name=effect,proto3" json:"effect,omitempty"` - CreatedAt *timestamp.Timestamp `protobuf:"bytes,6,opt,name=created_at,json=createdAt,proto3" json:"created_at,omitempty"` - UpdatedAt *timestamp.Timestamp `protobuf:"bytes,7,opt,name=updated_at,json=updatedAt,proto3" json:"updated_at,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *DeletePolicyResp) Reset() { *m = DeletePolicyResp{} } -func (m *DeletePolicyResp) String() string { return proto.CompactTextString(m) } -func (*DeletePolicyResp) ProtoMessage() {} -func (*DeletePolicyResp) Descriptor() ([]byte, []int) { - return fileDescriptor_092a1df9479473e5, []int{4} -} - -func (m *DeletePolicyResp) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_DeletePolicyResp.Unmarshal(m, b) -} -func (m *DeletePolicyResp) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_DeletePolicyResp.Marshal(b, m, deterministic) -} -func (m *DeletePolicyResp) XXX_Merge(src proto.Message) { - xxx_messageInfo_DeletePolicyResp.Merge(m, src) -} -func (m *DeletePolicyResp) XXX_Size() int { - return xxx_messageInfo_DeletePolicyResp.Size(m) -} -func (m *DeletePolicyResp) XXX_DiscardUnknown() { - xxx_messageInfo_DeletePolicyResp.DiscardUnknown(m) -} - -var xxx_messageInfo_DeletePolicyResp proto.InternalMessageInfo - -func (m *DeletePolicyResp) GetAction() string { - if m != nil { - return m.Action - } - return "" -} - -func (m *DeletePolicyResp) GetSubjects() []string { - if m != nil { - return m.Subjects - } - return nil -} - -func (m *DeletePolicyResp) GetId() string { - if m != nil { - return m.Id - } - return "" -} - -func (m *DeletePolicyResp) GetResource() string { - if m != nil { - return m.Resource - } - return "" -} - -func (m *DeletePolicyResp) GetEffect() string { - if m != nil { - return m.Effect - } - return "" -} - -func (m *DeletePolicyResp) GetCreatedAt() *timestamp.Timestamp { - if m != nil { - return m.CreatedAt - } - return nil -} - -func (m *DeletePolicyResp) GetUpdatedAt() *timestamp.Timestamp { - if m != nil { - return m.UpdatedAt - } - return nil -} - type MethodsAllowed struct { Get bool `protobuf:"varint,1,opt,name=get,proto3" json:"get,omitempty"` Put bool `protobuf:"varint,2,opt,name=put,proto3" json:"put,omitempty"` @@ -377,7 +36,7 @@ func (m *MethodsAllowed) Reset() { *m = MethodsAllowed{} } func (m *MethodsAllowed) String() string { return proto.CompactTextString(m) } func (*MethodsAllowed) ProtoMessage() {} func (*MethodsAllowed) Descriptor() ([]byte, []int) { - return fileDescriptor_092a1df9479473e5, []int{5} + return fileDescriptor_092a1df9479473e5, []int{0} } func (m *MethodsAllowed) XXX_Unmarshal(b []byte) error { @@ -444,7 +103,7 @@ func (m *IntrospectResp) Reset() { *m = IntrospectResp{} } func (m *IntrospectResp) String() string { return proto.CompactTextString(m) } func (*IntrospectResp) ProtoMessage() {} func (*IntrospectResp) Descriptor() ([]byte, []int) { - return fileDescriptor_092a1df9479473e5, []int{6} + return fileDescriptor_092a1df9479473e5, []int{1} } func (m *IntrospectResp) XXX_Unmarshal(b []byte) error { @@ -473,11 +132,6 @@ func (m *IntrospectResp) GetEndpoints() map[string]*MethodsAllowed { } func init() { - proto.RegisterType((*Policy)(nil), "chef.automate.api.authz.response.Policy") - proto.RegisterType((*IsAuthorizedResp)(nil), "chef.automate.api.authz.response.IsAuthorizedResp") - proto.RegisterType((*CreatePolicyResp)(nil), "chef.automate.api.authz.response.CreatePolicyResp") - proto.RegisterType((*ListPoliciesResp)(nil), "chef.automate.api.authz.response.ListPoliciesResp") - proto.RegisterType((*DeletePolicyResp)(nil), "chef.automate.api.authz.response.DeletePolicyResp") proto.RegisterType((*MethodsAllowed)(nil), "chef.automate.api.authz.response.MethodsAllowed") proto.RegisterType((*IntrospectResp)(nil), "chef.automate.api.authz.response.IntrospectResp") proto.RegisterMapType((map[string]*MethodsAllowed)(nil), "chef.automate.api.authz.response.IntrospectResp.EndpointsEntry") @@ -488,37 +142,25 @@ func init() { } var fileDescriptor_092a1df9479473e5 = []byte{ - // 505 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe4, 0x54, 0x41, 0x8b, 0x13, 0x31, - 0x14, 0x66, 0xa6, 0xdb, 0x3a, 0x7d, 0x85, 0x52, 0x82, 0xc8, 0xd0, 0x83, 0x96, 0x9e, 0x7a, 0x31, - 0x23, 0xf5, 0xa2, 0x7b, 0x91, 0xea, 0xae, 0x52, 0x50, 0x90, 0xc1, 0x83, 0x08, 0x22, 0x69, 0xe6, - 0xb5, 0x13, 0x9d, 0x4e, 0xc2, 0xe4, 0xcd, 0x2e, 0xdd, 0x93, 0xff, 0xd4, 0x7f, 0xe1, 0x59, 0x26, - 0x99, 0xa9, 0xf6, 0x54, 0x3c, 0xef, 0x2d, 0xdf, 0xcb, 0xfb, 0xbe, 0xe4, 0xfb, 0x5e, 0x08, 0x5c, - 0x4a, 0xbd, 0x37, 0xba, 0xc4, 0x92, 0x6c, 0x22, 0x6a, 0xd2, 0x7b, 0x41, 0xf8, 0x74, 0x27, 0x08, - 0x6f, 0xc5, 0x21, 0x11, 0x46, 0x35, 0xc5, 0xfc, 0x2e, 0xa9, 0xd0, 0x1a, 0x5d, 0x5a, 0xf4, 0x90, - 0x9b, 0x4a, 0x93, 0x66, 0x33, 0x99, 0xe3, 0x96, 0x77, 0x2c, 0x2e, 0x8c, 0xe2, 0x7e, 0xbb, 0xeb, - 0x9e, 0x3e, 0xd9, 0x69, 0xbd, 0x2b, 0x30, 0x71, 0xfd, 0x9b, 0x7a, 0x9b, 0x90, 0xda, 0xa3, 0x25, - 0xb1, 0x37, 0x5e, 0x62, 0xfe, 0x3b, 0x80, 0xc1, 0x47, 0x5d, 0x28, 0x79, 0x60, 0x8f, 0x60, 0x20, - 0x24, 0x29, 0x5d, 0xc6, 0xc1, 0x2c, 0x58, 0x0c, 0xd3, 0x16, 0xb1, 0x29, 0x44, 0xb6, 0xde, 0x7c, - 0x47, 0x49, 0x36, 0x0e, 0x67, 0xbd, 0xc5, 0x30, 0x3d, 0x62, 0x36, 0x86, 0x50, 0x65, 0x71, 0xcf, - 0xf5, 0x87, 0x2a, 0x6b, 0x7a, 0x2b, 0xb4, 0xba, 0xae, 0x24, 0xc6, 0x17, 0xae, 0x7a, 0xc4, 0x8d, - 0x3e, 0x6e, 0xb7, 0x28, 0x29, 0xee, 0x7b, 0x7d, 0x8f, 0xd8, 0x4b, 0x00, 0x59, 0xa1, 0x20, 0xcc, - 0xbe, 0x09, 0x8a, 0x07, 0xb3, 0x60, 0x31, 0x5a, 0x4e, 0xb9, 0xbf, 0x38, 0xef, 0x2e, 0xce, 0x3f, - 0x75, 0x17, 0x4f, 0x87, 0x6d, 0xf7, 0xca, 0x51, 0x6b, 0x93, 0x75, 0xd4, 0x07, 0xe7, 0xa9, 0x6d, - 0xf7, 0x8a, 0xe6, 0x4b, 0x98, 0xac, 0xed, 0xaa, 0xa6, 0x5c, 0x57, 0xea, 0x0e, 0xb3, 0x14, 0xad, - 0x61, 0x8f, 0x01, 0xc4, 0xb1, 0xe2, 0x52, 0x88, 0xd2, 0x7f, 0x2a, 0xf3, 0x9f, 0x21, 0x4c, 0xde, - 0xb8, 0xc3, 0x7d, 0x64, 0x8e, 0x74, 0xbf, 0x62, 0xfb, 0x0c, 0x93, 0xf7, 0xca, 0x92, 0xf3, 0xaf, - 0xd0, 0xba, 0x04, 0xae, 0x20, 0x32, 0x2d, 0x8e, 0x83, 0x59, 0x6f, 0x31, 0x5a, 0x2e, 0xf8, 0xb9, - 0x97, 0xc9, 0xdb, 0x04, 0x8f, 0x4c, 0x17, 0xee, 0x15, 0x16, 0x78, 0x8f, 0xc3, 0xbd, 0x81, 0xf1, - 0x07, 0xa4, 0x5c, 0x67, 0x76, 0x55, 0x14, 0xfa, 0x16, 0x33, 0x36, 0x81, 0xde, 0x0e, 0xa9, 0x7d, - 0x8a, 0xcd, 0xb2, 0xa9, 0x98, 0x9a, 0xe2, 0xd0, 0x57, 0x4c, 0x4d, 0x8c, 0xc1, 0x85, 0xd1, 0x96, - 0x9c, 0xe3, 0x28, 0x75, 0xeb, 0xc6, 0x57, 0xe6, 0xb2, 0x74, 0x8e, 0xa3, 0xb4, 0x45, 0xec, 0x21, - 0xf4, 0x8d, 0x20, 0x99, 0x3b, 0xbb, 0x51, 0xea, 0xc1, 0xfc, 0x57, 0x00, 0xe3, 0x75, 0x49, 0x95, - 0xb6, 0x06, 0x25, 0xb9, 0xe0, 0xbf, 0xc2, 0x10, 0xcb, 0xcc, 0x68, 0x55, 0x52, 0x37, 0xd4, 0x57, - 0xe7, 0x87, 0x7a, 0x2a, 0xc2, 0xaf, 0x3b, 0x85, 0xeb, 0x92, 0xaa, 0x43, 0xfa, 0x57, 0x71, 0x5a, - 0xc2, 0xf8, 0x74, 0xb3, 0xf1, 0xf5, 0x03, 0x0f, 0xed, 0x98, 0x9b, 0x25, 0x7b, 0x0b, 0xfd, 0x1b, - 0x51, 0xd4, 0xe8, 0xbc, 0x8e, 0x96, 0xcf, 0xce, 0x1f, 0x7f, 0x1a, 0x5e, 0xea, 0xe9, 0x97, 0xe1, - 0x8b, 0xe0, 0xf5, 0xfa, 0xcb, 0xbb, 0x9d, 0xa2, 0xbc, 0xde, 0x70, 0xa9, 0xf7, 0x49, 0x23, 0x74, - 0xfc, 0x6c, 0x93, 0xff, 0xfb, 0x80, 0x37, 0x03, 0x37, 0xc3, 0xe7, 0x7f, 0x02, 0x00, 0x00, 0xff, - 0xff, 0x86, 0x17, 0xc6, 0x17, 0xb9, 0x05, 0x00, 0x00, + // 318 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x91, 0x4f, 0x4b, 0xf3, 0x40, + 0x10, 0xc6, 0x49, 0xff, 0xf1, 0x76, 0x0b, 0xe5, 0x65, 0x11, 0x09, 0xbd, 0x58, 0x7a, 0xea, 0xc5, + 0x5d, 0xa9, 0x17, 0xe9, 0x45, 0x14, 0xaa, 0xf4, 0xe0, 0x25, 0x47, 0xc1, 0xc3, 0x36, 0x99, 0x26, + 0xc1, 0x64, 0x67, 0xc8, 0x4e, 0x5a, 0xea, 0x97, 0xf5, 0xab, 0x48, 0x36, 0x56, 0xe9, 0xa9, 0x78, + 0x9b, 0xf9, 0xcd, 0xcc, 0xb3, 0x3c, 0xfb, 0x88, 0x65, 0x8c, 0x25, 0xa1, 0x05, 0xcb, 0x4e, 0x9b, + 0x9a, 0xb1, 0x34, 0x0c, 0xd7, 0xa9, 0x61, 0xd8, 0x9b, 0x83, 0x36, 0x94, 0x37, 0x30, 0xfb, 0xd0, + 0x15, 0x38, 0x42, 0xeb, 0xa0, 0x6d, 0x15, 0x55, 0xc8, 0x28, 0xa7, 0x71, 0x06, 0x5b, 0x75, 0xbc, + 0x52, 0x86, 0x72, 0xd5, 0x8e, 0x8f, 0xdb, 0x93, 0xab, 0x14, 0x31, 0x2d, 0x40, 0xfb, 0xfd, 0x4d, + 0xbd, 0xd5, 0x9c, 0x97, 0xe0, 0xd8, 0x94, 0xd4, 0x4a, 0xcc, 0x76, 0x62, 0xfc, 0x02, 0x9c, 0x61, + 0xe2, 0x1e, 0x8a, 0x02, 0xf7, 0x90, 0xc8, 0xff, 0xa2, 0x9b, 0x02, 0x87, 0xc1, 0x34, 0x98, 0xff, + 0x8b, 0x9a, 0xb2, 0x21, 0x54, 0x73, 0xd8, 0x69, 0x09, 0xd5, 0x2c, 0xa5, 0xe8, 0x11, 0x3a, 0x0e, + 0xbb, 0x1e, 0xf9, 0x5a, 0x5e, 0x8a, 0x41, 0x02, 0x05, 0x30, 0x84, 0x3d, 0x4f, 0xbf, 0x3b, 0x79, + 0x21, 0xfa, 0x64, 0x38, 0xce, 0xc2, 0xbe, 0xc7, 0x6d, 0x33, 0xfb, 0x0c, 0xc4, 0x78, 0x6d, 0xb9, + 0x42, 0x47, 0x10, 0x73, 0x04, 0x8e, 0xe4, 0x9b, 0x18, 0x82, 0x4d, 0x08, 0x73, 0xcb, 0x2e, 0x0c, + 0xa6, 0xdd, 0xf9, 0x68, 0x71, 0xaf, 0xce, 0x39, 0x54, 0xa7, 0x22, 0x6a, 0x75, 0x54, 0x58, 0x59, + 0xae, 0x0e, 0xd1, 0xaf, 0xe2, 0xc4, 0x8a, 0xf1, 0xe9, 0xb0, 0xf1, 0xf5, 0x0e, 0x07, 0xef, 0x74, + 0x18, 0x35, 0xa5, 0x7c, 0x12, 0xfd, 0x9d, 0x29, 0x6a, 0xf0, 0x5e, 0x47, 0x8b, 0x9b, 0xf3, 0xcf, + 0x9f, 0x7e, 0x5e, 0xd4, 0x9e, 0x2f, 0x3b, 0x77, 0xc1, 0xe3, 0xfa, 0xf5, 0x39, 0xcd, 0x39, 0xab, + 0x37, 0x2a, 0xc6, 0x52, 0x37, 0x42, 0x3f, 0xf9, 0xea, 0xbf, 0x65, 0xbe, 0x19, 0xf8, 0xac, 0x6e, + 0xbf, 0x02, 0x00, 0x00, 0xff, 0xff, 0xd2, 0xc0, 0xee, 0xb7, 0x2c, 0x02, 0x00, 0x00, } diff --git a/components/automate-gateway/api/authz/response/authz.proto b/components/automate-gateway/api/authz/response/authz.proto index ada05934eb6..578736404ed 100644 --- a/components/automate-gateway/api/authz/response/authz.proto +++ b/components/automate-gateway/api/authz/response/authz.proto @@ -5,46 +5,6 @@ import "google/protobuf/timestamp.proto"; package chef.automate.api.authz.response; option go_package = "github.com/chef/automate/components/automate-gateway/api/authz/response"; -message Policy { - string action = 1; - repeated string subjects = 2; - string id = 3; - string resource = 4; - string effect = 5; - google.protobuf.Timestamp created_at = 6; - google.protobuf.Timestamp updated_at = 7; -} - -message IsAuthorizedResp { - bool authorized = 1; -} - -// We aren't using a Policy message here since we want to -// return a flat object via our external HTTP API. -message CreatePolicyResp { - string action = 1; - repeated string subjects = 2; - string id = 3; - string resource = 4; - string effect = 5; - google.protobuf.Timestamp created_at = 6; - google.protobuf.Timestamp updated_at = 7; -} - -message ListPoliciesResp { - repeated Policy policies = 1; -} - -message DeletePolicyResp { - string action = 1; - repeated string subjects = 2; - string id = 3; - string resource = 4; - string effect = 5; - google.protobuf.Timestamp created_at = 6; - google.protobuf.Timestamp updated_at = 7; -} - message MethodsAllowed { bool get = 1; bool put = 2; diff --git a/components/automate-gateway/api/authz_authz.pb.swagger.go b/components/automate-gateway/api/authz_authz.pb.swagger.go index 7e49de99892..d8f10a75231 100644 --- a/components/automate-gateway/api/authz_authz.pb.swagger.go +++ b/components/automate-gateway/api/authz_authz.pb.swagger.go @@ -79,106 +79,9 @@ func init() { "Authorization" ] } - }, - "/auth/policies": { - "get": { - "operationId": "ListPolicies", - "responses": { - "200": { - "description": "A successful response.", - "schema": { - "$ref": "#/definitions/chef.automate.api.authz.response.ListPoliciesResp" - } - } - }, - "tags": [ - "Authorization" - ] - }, - "post": { - "operationId": "CreatePolicy", - "responses": { - "200": { - "description": "A successful response.", - "schema": { - "$ref": "#/definitions/chef.automate.api.authz.response.CreatePolicyResp" - } - } - }, - "parameters": [ - { - "name": "body", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/chef.automate.api.authz.request.CreatePolicyReq" - } - } - ], - "tags": [ - "Authorization" - ] - } - }, - "/auth/policies/version": { - "get": { - "operationId": "GetVersion", - "responses": { - "200": { - "description": "A successful response.", - "schema": { - "$ref": "#/definitions/chef.automate.api.common.version.VersionInfo" - } - } - }, - "tags": [ - "Authorization" - ] - } - }, - "/auth/policies/{id}": { - "delete": { - "operationId": "DeletePolicy", - "responses": { - "200": { - "description": "A successful response.", - "schema": { - "$ref": "#/definitions/chef.automate.api.authz.response.DeletePolicyResp" - } - } - }, - "parameters": [ - { - "name": "id", - "in": "path", - "required": true, - "type": "string" - } - ], - "tags": [ - "Authorization" - ] - } } }, "definitions": { - "chef.automate.api.authz.request.CreatePolicyReq": { - "type": "object", - "properties": { - "action": { - "type": "string" - }, - "subjects": { - "type": "array", - "items": { - "type": "string" - } - }, - "resource": { - "type": "string" - } - } - }, "chef.automate.api.authz.request.IntrospectReq": { "type": "object", "properties": { @@ -204,69 +107,6 @@ func init() { } } }, - "chef.automate.api.authz.response.CreatePolicyResp": { - "type": "object", - "properties": { - "action": { - "type": "string" - }, - "subjects": { - "type": "array", - "items": { - "type": "string" - } - }, - "id": { - "type": "string" - }, - "resource": { - "type": "string" - }, - "effect": { - "type": "string" - }, - "created_at": { - "type": "string", - "format": "date-time" - }, - "updated_at": { - "type": "string", - "format": "date-time" - } - }, - "description": "We aren't using a Policy message here since we want to\nreturn a flat object via our external HTTP API." - }, - "chef.automate.api.authz.response.DeletePolicyResp": { - "type": "object", - "properties": { - "action": { - "type": "string" - }, - "subjects": { - "type": "array", - "items": { - "type": "string" - } - }, - "id": { - "type": "string" - }, - "resource": { - "type": "string" - }, - "effect": { - "type": "string" - }, - "created_at": { - "type": "string", - "format": "date-time" - }, - "updated_at": { - "type": "string", - "format": "date-time" - } - } - }, "chef.automate.api.authz.response.IntrospectResp": { "type": "object", "properties": { @@ -278,17 +118,6 @@ func init() { } } }, - "chef.automate.api.authz.response.ListPoliciesResp": { - "type": "object", - "properties": { - "policies": { - "type": "array", - "items": { - "$ref": "#/definitions/chef.automate.api.authz.response.Policy" - } - } - } - }, "chef.automate.api.authz.response.MethodsAllowed": { "type": "object", "properties": { @@ -313,54 +142,6 @@ func init() { "format": "boolean" } } - }, - "chef.automate.api.authz.response.Policy": { - "type": "object", - "properties": { - "action": { - "type": "string" - }, - "subjects": { - "type": "array", - "items": { - "type": "string" - } - }, - "id": { - "type": "string" - }, - "resource": { - "type": "string" - }, - "effect": { - "type": "string" - }, - "created_at": { - "type": "string", - "format": "date-time" - }, - "updated_at": { - "type": "string", - "format": "date-time" - } - } - }, - "chef.automate.api.common.version.VersionInfo": { - "type": "object", - "properties": { - "name": { - "type": "string" - }, - "version": { - "type": "string" - }, - "sha": { - "type": "string" - }, - "built": { - "type": "string" - } - } } } } diff --git a/components/automate-gateway/handler/authz.go b/components/automate-gateway/handler/authz.go index 9f6833c9685..9c1dbd50b93 100644 --- a/components/automate-gateway/handler/authz.go +++ b/components/automate-gateway/handler/authz.go @@ -55,58 +55,6 @@ func (a *AuthzServer) GetVersion(ctx context.Context, _ *version.VersionInfoRequ return res, nil } -// CreatePolicy creates a new policy in authz-service. -// No longer used: This is V1 -func (a *AuthzServer) CreatePolicy(ctx context.Context, - gwReq *gwAuthzReq.CreatePolicyReq) (*gwAuthzRes.CreatePolicyResp, error) { - // we want a user's permissions to be a union of their allowed policies - // so only "allow" policies can be created - domainReq := &authz.CreatePolicyReq{ - Subjects: gwReq.GetSubjects(), - Action: gwReq.GetAction(), - Resource: gwReq.GetResource(), - } - domainRes, err := a.client.CreatePolicy(ctx, domainReq) - if err != nil { - return nil, err - } - - // field names are the same, so we can cast this - return (*gwAuthzRes.CreatePolicyResp)(domainPolicyToGatewayPolicy(domainRes.Policy)), nil -} - -// ListPolicies returns an array of all policy objects -// that currently exist in authz-service. -// No longer used: This is V1 -func (a *AuthzServer) ListPolicies(ctx context.Context, - gwReq *gwAuthzReq.ListPoliciesReq) (*gwAuthzRes.ListPoliciesResp, error) { - domainReq := &authz.ListPoliciesReq{} - domainRes, err := a.client.ListPolicies(ctx, domainReq) - if err != nil { - return nil, err - } - - gwRes := gwAuthzRes.ListPoliciesResp{} - for _, pol := range domainRes.GetPolicies() { - gwRes.Policies = append(gwRes.Policies, domainPolicyToGatewayPolicy(pol)) - } - - return &gwRes, nil -} - -// DeletePolicy removes a policy from authz-service by id. -// No longer used: This is V1 -func (a *AuthzServer) DeletePolicy(ctx context.Context, - gwReq *gwAuthzReq.DeletePolicyReq) (*gwAuthzRes.DeletePolicyResp, error) { - - domainRes, err := a.client.DeletePolicy(ctx, (*authz.DeletePolicyReq)(gwReq)) - if err != nil { - return nil, err - } - - return (*gwAuthzRes.DeletePolicyResp)(domainPolicyToGatewayPolicy(domainRes.Policy)), nil -} - // IntrospectAll returns a list of all HTTP endpoints the requestor has access to and, // for each endpoint, a map of the supported HTTP methods with a Boolean status // indicating allowed or denied. @@ -298,10 +246,6 @@ func (a *AuthzServer) getAllowedMap( return endpointMap, nil } -func domainPolicyToGatewayPolicy(pol *authz.Policy) *gwAuthzRes.Policy { - return (*gwAuthzRes.Policy)(pol) -} - func logIntrospectionDetails(log *logrus.Entry, pairMap map[pairs.Pair][]string) { resources := make(map[string]interface{}, len(pairMap)) for pair := range pairMap { diff --git a/components/automate-gateway/handler/authz_test.go b/components/automate-gateway/handler/authz_test.go index ef0eb83f6b5..27bff26b69d 100644 --- a/components/automate-gateway/handler/authz_test.go +++ b/components/automate-gateway/handler/authz_test.go @@ -26,9 +26,11 @@ import ( // Here in this testbed, that automatically includes less than 40 endpoints // (primarily nodes, notifications, and secrets at the time of writing). _ "github.com/chef/automate/api/external/cfgmgmt" + _ "github.com/chef/automate/api/external/compliance/profiles" _ "github.com/chef/automate/api/external/ingest" _ "github.com/chef/automate/components/automate-gateway/api/authz" - _ "github.com/chef/automate/api/external/compliance/profiles" + _ "github.com/chef/automate/components/automate-gateway/api/iam/v2" + _ "github.com/chef/automate/components/automate-gateway/api/notifications" ) func TestIntrospectAll(t *testing.T) { @@ -44,26 +46,26 @@ func TestIntrospectAll(t *testing.T) { }{ "one response pair, mapped": { &authz.FilterAuthorizedPairsResp{Pairs: []*authz.Pair{ - {Resource: "iam:policies", Action: "iam:policies:create"}, + {Resource: "notifications:rules", Action: "notifications:notifyRules:create"}, }}, - map[string]*response.MethodsAllowed{"/auth/policies": &response.MethodsAllowed{Post: true}}, + map[string]*response.MethodsAllowed{"/notifications/rules": &response.MethodsAllowed{Post: true}}, }, "two response pairs, both mapped": { &authz.FilterAuthorizedPairsResp{Pairs: []*authz.Pair{ - {Resource: "iam:policies", Action: "iam:policies:create"}, + {Resource: "notifications:rules", Action: "notifications:notifyRules:create"}, {Resource: "iam:introspect", Action: "iam:introspect:getAll"}, }}, map[string]*response.MethodsAllowed{ - "/auth/introspect": &response.MethodsAllowed{Get: true}, - "/auth/policies": &response.MethodsAllowed{Post: true}, + "/auth/introspect": &response.MethodsAllowed{Get: true}, + "/notifications/rules": &response.MethodsAllowed{Post: true}, }, }, "two response pairs, both mapped, one with holes": { &authz.FilterAuthorizedPairsResp{Pairs: []*authz.Pair{ - {Resource: "iam:policies", Action: "iam:policies:create"}, - {Resource: "iam:policies:{id}", Action: "iam:policies:delete"}, + {Resource: "notifications:rules", Action: "notifications:notifyRules:create"}, + {Resource: "notifications:rules:id}", Action: "notifications:notifyRules:delete"}, }}, - map[string]*response.MethodsAllowed{"/auth/policies": {Post: true}}, + map[string]*response.MethodsAllowed{"/notifications/rules": {Post: true}}, }, } @@ -114,39 +116,39 @@ func TestIntrospectSome(t *testing.T) { }, "ONE response pair, from two requested with one an INVALID path": { &authz.FilterAuthorizedPairsResp{Pairs: []*authz.Pair{ - {Resource: "iam:policies", Action: "iam:policies:create"}, + {Resource: "notifications:rules", Action: "notifications:notifyRules:create"}, }}, &request.IntrospectSomeReq{Paths: []string{ "/foo/bar", - "/auth/policies", + "/notifications/rules", }}, - map[string]*response.MethodsAllowed{"/auth/policies": {Post: true}}, + map[string]*response.MethodsAllowed{"/notifications/rules": {Post: true}}, }, "TWO response pairs, from two requested with one a DISALLOWED path": { &authz.FilterAuthorizedPairsResp{Pairs: []*authz.Pair{ {Resource: "system:service:version", Action: "system:serviceVersion:get"}, }}, &request.IntrospectSomeReq{Paths: []string{ - "/auth/policies", - "/auth/policies/version", + "/notifications/rules", + "/notifications/version", }}, map[string]*response.MethodsAllowed{ - "/auth/policies": {Get: false, Post: false, Put: false, Delete: false, Patch: false}, - "/auth/policies/version": {Get: true, Post: false, Put: false, Delete: false, Patch: false}, + "/notifications/rules": {Get: false, Post: false, Put: false, Delete: false, Patch: false}, + "/notifications/version": {Get: true, Post: false, Put: false, Delete: false, Patch: false}, }, }, "two response pairs, from two requested": { &authz.FilterAuthorizedPairsResp{Pairs: []*authz.Pair{ - {Resource: "iam:policies", Action: "iam:policies:create"}, + {Resource: "notifications:rules", Action: "notifications:notifyRules:create"}, {Resource: "iam:introspect", Action: "iam:introspect:getAll"}, }}, &request.IntrospectSomeReq{Paths: []string{ "/auth/introspect", - "/auth/policies", + "/notifications/rules", }}, map[string]*response.MethodsAllowed{ - "/auth/introspect": {Get: true}, - "/auth/policies": {Post: true}, + "/auth/introspect": {Get: true}, + "/notifications/rules": {Post: true}, }, }, } @@ -189,8 +191,8 @@ func TestIntrospect(t *testing.T) { &authz.FilterAuthorizedPairsResp{Pairs: []*authz.Pair{ {Resource: "iam:policies:f33a996c-b4e8-4328-9730-90f4b351fa6e", Action: "iam:policies:delete"}, }}, - &request.IntrospectReq{Path: "/auth/policies/f33a996c-b4e8-4328-9730-90f4b351fa6e"}, - map[string]*response.MethodsAllowed{"/auth/policies/f33a996c-b4e8-4328-9730-90f4b351fa6e": &response.MethodsAllowed{Delete: true}}, + &request.IntrospectReq{Path: "/iam/v2/policies/f33a996c-b4e8-4328-9730-90f4b351fa6e"}, + map[string]*response.MethodsAllowed{"/iam/v2/policies/f33a996c-b4e8-4328-9730-90f4b351fa6e": &response.MethodsAllowed{Delete: true}}, }, "response pair matching the request with param in POST body": { &authz.FilterAuthorizedPairsResp{Pairs: []*authz.Pair{ diff --git a/components/automate-ui/src/app/entities/userperms/README.md b/components/automate-ui/src/app/entities/userperms/README.md index c600c2519f4..ac61fb665dd 100644 --- a/components/automate-ui/src/app/entities/userperms/README.md +++ b/components/automate-ui/src/app/entities/userperms/README.md @@ -46,7 +46,7 @@ Example: { "endpoints": { "/iam/v2/tokens": { "delete": false, "get": true, "post": true, "put": false }, - "/auth/policies": { "delete": false, "get": true, "post": true, "put": false }, + "/iam/v2/policies": { "delete": false, "get": true, "post": true, "put": false }, "/cfgmgmt/stats/run_counts": { "delete": false, "get": true, "post": false, "put": false }, "/cfgmgmt/suggestions": { "delete": false, "get": true, "post": false, "put": false }, "/cfgmgmt/version": { "delete": false, "get": true, "post": false, "put": false } diff --git a/inspec/a2-api-smoke/controls/base.rb b/inspec/a2-api-smoke/controls/base.rb index b14355fe228..5271a6239dc 100644 --- a/inspec/a2-api-smoke/controls/base.rb +++ b/inspec/a2-api-smoke/controls/base.rb @@ -11,7 +11,7 @@ }, }, 'authz-service': { - path: '/api/v0/auth/policies/version', + path: '/apis/iam/v2/policy_version', response_match: { name: 'authz-service' },