fix: add resource creation logic to authz

canonical · Jul 16, 2024 · c8e3588 · c8e3588
1 parent a8fb9c3
commit c8e3588
Show file tree

Hide file tree

Showing 3 changed files with 82 additions and 1 deletion.
diff --git a/internal/authorization/resource_manager.go b/internal/authorization/resource_manager.go
@@ -0,0 +1,79 @@
+package authorization
+
+import (
+	"context"
+)
+
+func (a *Authorizer) createTuple(ctx context.Context, resourceID string) error {
+	user, ok := ctx.Value(USER_CTX).(*User)
+	if !ok {
+		// Should we panic?
+		return nil
+	}
+	go func() {
+		err := a.client.WriteTuple(context.Background(), "user:"+user.ID, CAN_VIEW, resourceID)
+		if err != nil {
+			a.logger.Errorf("Failed to create authorization tuple: %s", err)
+		}
+	}()
+	return nil
+}
+
+func (a *Authorizer) deleteTuple(ctx context.Context, resourceID string) error {
+	user, ok := ctx.Value(USER_CTX).(*User)
+	if !ok {
+		// Should we panic?
+		return nil
+	}
+	go func() {
+		err := a.client.DeleteTuple(context.Background(), "user:"+user.ID, CAN_VIEW, resourceID)
+		if err != nil {
+			a.logger.Errorf("Failed to create authorization tuple: %s", err)
+		}
+	}()
+	return nil
+}
+
+func (a *Authorizer) getResource(resourceID, resourceType string) string {
+	return resourceType + ":" + resourceID
+}
+
+func (a *Authorizer) CreateClient(ctx context.Context, clientID string) error {
+	return a.createTuple(ctx, a.getResource(clientID, CLIENT_TYPE))
+}
+
+func (a *Authorizer) DeleteClient(ctx context.Context, clientID string) error {
+	return a.deleteTuple(ctx, a.getResource(clientID, CLIENT_TYPE))
+}
+
+func (a *Authorizer) CreateIdentity(ctx context.Context, IdentityID string) error {
+	return a.createTuple(ctx, a.getResource(IdentityID, IDENTITY_TYPE))
+}
+
+func (a *Authorizer) DeleteIdentity(ctx context.Context, IdentityID string) error {
+	return a.deleteTuple(ctx, a.getResource(IdentityID, IDENTITY_TYPE))
+}
+
+func (a *Authorizer) CreateProvider(ctx context.Context, providerID string) error {
+	return a.createTuple(ctx, a.getResource(providerID, PROVIDER_TYPE))
+}
+
+func (a *Authorizer) DeleteProvider(ctx context.Context, providerID string) error {
+	return a.deleteTuple(ctx, a.getResource(providerID, PROVIDER_TYPE))
+}
+
+func (a *Authorizer) CreateRule(ctx context.Context, ruleID string) error {
+	return a.createTuple(ctx, a.getResource(ruleID, RULE_TYPE))
+}
+
+func (a *Authorizer) DeleteRule(ctx context.Context, ruleID string) error {
+	return a.deleteTuple(ctx, a.getResource(ruleID, RULE_TYPE))
+}
+
+func (a *Authorizer) CreateSchema(ctx context.Context, schemeID string) error {
+	return a.createTuple(ctx, a.getResource(schemeID, SCHEME_TYPE))
+}
+
+func (a *Authorizer) DeleteSchema(ctx context.Context, schemeID string) error {
+	return a.deleteTuple(ctx, a.getResource(schemeID, SCHEME_TYPE))
+}
diff --git a/internal/openfga/client.go b/internal/openfga/client.go
@@ -145,6 +145,9 @@ func (c *Client) WriteTuple(ctx context.Context, user, relation, object string)
 	ctx, span := c.tracer.Start(ctx, "openfga.Client.WriteTuple")
 	defer span.End()
 
+	ctx, cancel := context.WithTimeout(ctx, 5*time.Second)
+	defer cancel()
+
 	r := c.c.Write(ctx)
 	body := client.ClientWriteRequest{
 		Writes: []openfga.TupleKey{

diff --git a/pkg/web/interfaces.go b/pkg/web/interfaces.go
@@ -33,7 +33,6 @@ type OpenFGAClientInterface interface {
 type AuthorizerClientInterface interface {
 	ListObjects(context.Context, string, string, string) ([]string, error)
 	Check(context.Context, string, string, string, ...ofga.Tuple) (bool, error)
-	WriteTuple(ctx context.Context, user, relation, object string) error
 }
 
 type O11yConfigInterface interface {