chore: remove permission sync job

* make updated_by on persmission optional * remove casbin rule model
flanksource · Sep 24, 2024 · 5697406 · 5697406
1 parent 7d875bf
commit 5697406
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 93 deletions.
diff --git a/job/permission.go b/job/permission.go
diff --git a/models/permission.go b/models/permission.go
@@ -8,58 +8,54 @@ import (
 	"github.com/google/uuid"
 )
 
-type CasbinRule struct {
-	ID    int64  `gorm:"primaryKey;autoIncrement"`
-	PType string `json:"ptype"`
-	V0    string `json:"v0"`
-	V1    string `json:"v1"`
-	V2    string `json:"v2"`
-	V3    string `json:"v3"`
-	V4    string `json:"v4"`
-	V5    string `json:"v5"`
-}
-
 type Permission struct {
-	ID          uuid.UUID  `json:"id" gorm:"default:generate_ulid()"`
-	Action      string     `json:"action"`
-	CanaryID    *uuid.UUID `json:"canary_id,omitempty"`
-	ComponentID *uuid.UUID `json:"component_id,omitempty"`
-	ConfigID    *uuid.UUID `json:"config_id,omitempty"`
-	CreatedAt   time.Time  `json:"created_at"`
-	CreatedBy   uuid.UUID  `json:"created_by"`
-	Deny        bool       `json:"deny"`
-	Description string     `json:"description"`
-	PersonID    *uuid.UUID `json:"person_id,omitempty"`
-	PlaybookID  *uuid.UUID `json:"playbook_id,omitempty"`
-	TeamID      *uuid.UUID `json:"team_id,omitempty"`
-	Until       *time.Time `json:"until"`
-	UpdatedAt   *time.Time `json:"updated_at"`
-	UpdatedBy   *uuid.UUID `json:"updated_by"`
+	ID           uuid.UUID  `json:"id" gorm:"default:generate_ulid()"`
+	Action       string     `json:"action"`
+	ConnectionID *uuid.UUID `json:"connection_id,omitempty"`
+	CanaryID     *uuid.UUID `json:"canary_id,omitempty"`
+	ComponentID  *uuid.UUID `json:"component_id,omitempty"`
+	ConfigID     *uuid.UUID `json:"config_id,omitempty"`
+	CreatedAt    time.Time  `json:"created_at"`
+	CreatedBy    uuid.UUID  `json:"created_by"`
+	Deny         bool       `json:"deny"`
+	Description  string     `json:"description"`
+	PersonID     *uuid.UUID `json:"person_id,omitempty"`
+	PlaybookID   *uuid.UUID `json:"playbook_id,omitempty"`
+	TeamID       *uuid.UUID `json:"team_id,omitempty"`
+	Until        *time.Time `json:"until"`
+	UpdatedAt    *time.Time `json:"updated_at"`
+	UpdatedBy    *uuid.UUID `json:"updated_by"`
 }
 
 func (t *Permission) Principal() string {
-	var rule []string
-
 	if t.PersonID != nil {
-		rule = append(rule, fmt.Sprintf("r.sub.id == %s", t.PersonID.String()))
-	} else if t.TeamID != nil {
-		rule = append(rule, fmt.Sprintf("r.sub.id == %s", t.TeamID.String()))
+		return t.PersonID.String()
+	}
+
+	if t.TeamID != nil {
+		return t.TeamID.String()
 	}
 
+	return ""
+}
+
+func (t *Permission) Condition() string {
+	var rule []string
+
 	if t.ComponentID != nil {
-		rule = append(rule, fmt.Sprintf("r.component.id == %s", t.ComponentID.String()))
+		rule = append(rule, fmt.Sprintf("r.obj.component.id == %q", t.ComponentID.String()))
 	}
 
 	if t.ConfigID != nil {
-		rule = append(rule, fmt.Sprintf("r.config.id == %s", t.ConfigID.String()))
+		rule = append(rule, fmt.Sprintf("r.obj.config.id == %q", t.ConfigID.String()))
 	}
 
 	if t.CanaryID != nil {
-		rule = append(rule, fmt.Sprintf("r.canary.id == %s", t.CanaryID.String()))
+		rule = append(rule, fmt.Sprintf("r.obj.canary.id == %q", t.CanaryID.String()))
 	}
 
 	if t.PlaybookID != nil {
-		rule = append(rule, fmt.Sprintf("r.playbook.id == %s", t.PlaybookID.String()))
+		rule = append(rule, fmt.Sprintf("r.obj.playbook.id == %q", t.PlaybookID.String()))
 	}
 
 	return strings.Join(rule, " && ")

diff --git a/models/permission_test.go b/models/permission_test.go
@@ -7,42 +7,26 @@ import (
 	"github.com/samber/lo"
 )
 
-func TestPermission_Principal(t *testing.T) {
+func TestPermission_Condition(t *testing.T) {
 	tests := []struct {
 		name     string
 		perm     Permission
 		expected string
 	}{
 		{
-			name: "PersonID only",
+			name: "single",
 			perm: Permission{
-				PersonID: lo.ToPtr(uuid.MustParse("11111111-1111-1111-1111-111111111111")),
+				PlaybookID: lo.ToPtr(uuid.MustParse("33333333-3333-3333-3333-333333333333")),
 			},
-			expected: "r.sub.id == 11111111-1111-1111-1111-111111111111",
-		},
-		{
-			name: "TeamID only",
-			perm: Permission{
-				TeamID: lo.ToPtr(uuid.MustParse("22222222-2222-2222-2222-222222222222")),
-			},
-			expected: "r.sub.id == 22222222-2222-2222-2222-222222222222",
-		},
-		{
-			name: "Multiple fields",
-			perm: Permission{
-				PersonID: lo.ToPtr(uuid.MustParse("33333333-3333-3333-3333-333333333333")),
-				ConfigID: lo.ToPtr(uuid.MustParse("55555555-5555-5555-5555-555555555555")),
-			},
-			expected: "r.sub.id == 33333333-3333-3333-3333-333333333333 && r.config.id == 55555555-5555-5555-5555-555555555555",
+			expected: `r.obj.playbook.id == "33333333-3333-3333-3333-333333333333"`,
 		},
 		{
 			name: "Multiple fields II",
 			perm: Permission{
-				PersonID:   lo.ToPtr(uuid.MustParse("66666666-6666-6666-6666-666666666666")),
 				ConfigID:   lo.ToPtr(uuid.MustParse("88888888-8888-8888-8888-888888888888")),
 				PlaybookID: lo.ToPtr(uuid.MustParse("aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa")),
 			},
-			expected: "r.sub.id == 66666666-6666-6666-6666-666666666666 && r.config.id == 88888888-8888-8888-8888-888888888888 && r.playbook.id == aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa",
+			expected: `r.obj.config.id == "88888888-8888-8888-8888-888888888888" && r.obj.playbook.id == "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa"`,
 		},
 		{
 			name:     "No fields set",
@@ -53,7 +37,7 @@ func TestPermission_Principal(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			result := tt.perm.Principal()
+			result := tt.perm.Condition()
 			if tt.expected != result {
 				t.Errorf("Expected %s, got %s", tt.expected, result)
 			}

diff --git a/schema/permissions.hcl b/schema/permissions.hcl
@@ -58,8 +58,9 @@ table "permissions" {
     null = true
     type = uuid
   }
+
   column "updated_by" {
-    null = false
+    null = true
     type = uuid
   }