Migrate User permissions for admin and non-admin (#6804)

* Migrate User permissions for admin and non-admin Signed-off-by: Yashvi Jain <Yashvi.jain@progress.com> * Migrate User permissions for admin and non-admin Signed-off-by: Yashvi Jain <Yashvi.jain@progress.com> * Fixing code smells for migrate user permissions function Signed-off-by: Yashvi Jain <Yashvi.jain@progress.com>
chef · Mar 24, 2022 · 59eb2d8 · 59eb2d8
1 parent 7fd8f9b
commit 59eb2d8
Show file tree

Hide file tree

Showing 13 changed files with 1,465 additions and 631 deletions.
diff --git a/.studio/common b/.studio/common
@@ -25,6 +25,7 @@ function compile_client_mocks() {
     pushd /src/api/interservice || return 1
       mockgen_debug -source event/event.pb.go -destination event/event.pb.client_mock.go -package event -self_package github.com/chef/automate/api/interservice/event
       mockgen_debug -source authz/project.pb.go -destination authz/project.pb.client_mock.go -package authz -self_package github.com/chef/automate/api/interservice/authz
+      mockgen_debug -source authz/policy.pb.go -destination authz/policy.pb.client_mock.go -package authz -self_package github.com/chef/automate/api/interservice/authz
       mockgen_debug -source authz/authz.pb.go -destination authz/authz.pb.client_mock.go -package authz -self_package github.com/chef/automate/api/interservice/authz
       mockgen_debug -source authn/authenticate.pb.go -destination authn/authenticate.pb.client_mock.go -package authn -self_package github.com/chef/automate/api/interservice/authn
       mockgen_debug -source compliance/ingest/ingest/compliance.pb.go -destination compliance/ingest/ingest/compliance.pb.client_mock.go -package ingest -self_package github.com/chef/automate/api/interservice/compliance/ingest/ingest

diff --git a/api/interservice/authz/policy.pb.client_mock.go b/api/interservice/authz/policy.pb.client_mock.go
diff --git a/components/infra-proxy-service/cmd/infra-proxy-service/commands/serve.go b/components/infra-proxy-service/cmd/infra-proxy-service/commands/serve.go
@@ -88,7 +88,10 @@ func serve(cmd *cobra.Command, args []string) {
 	}
 	authzClient := authz.NewAuthorizationServiceClient(authzConn)
 
-	authzProjectClient := authz.NewProjectsServiceClient(authzConn)
+	authzServiceClients := service.AuthzServiceClients{
+		AuthzPolicyClient:  authz.NewPoliciesServiceClient(authzConn),
+		AuthzProjectClient: authz.NewProjectsServiceClient(authzConn),
+	}
 
 	if cfg.SecretsAddress == "" {
 		fail(errors.New("missing required config secrets_address"))
@@ -109,7 +112,7 @@ func serve(cmd *cobra.Command, args []string) {
 	//Local user service client
 	localUserClient := local_user.NewUsersMgmtServiceClient(localUserConn)
 
-	service, err := service.Start(l, migrationConfig, connFactory, secretsClient, authzClient, authzProjectClient, localUserClient)
+	service, err := service.Start(l, migrationConfig, connFactory, secretsClient, authzClient, localUserClient, authzServiceClients)
 	if err != nil {
 		fail(errors.Wrap(err, "could not initialize storage"))
 	}

diff --git a/components/infra-proxy-service/config/service.go b/components/infra-proxy-service/config/service.go
@@ -89,7 +89,10 @@ func ConfigFromViper(configFile string) (*service.Service, error) {
 	}
 	authzClient := authz.NewAuthorizationServiceClient(authzConn)
 
-	authzProjectClient := authz.NewProjectsServiceClient(authzConn)
+	authzServiceClients := service.AuthzServiceClients{
+		AuthzPolicyClient:  authz.NewPoliciesServiceClient(authzConn),
+		AuthzProjectClient: authz.NewProjectsServiceClient(authzConn),
+	}
 
 	if cfg.SecretsAddress == "" {
 		fail(errors.New("missing required config secrets_address"))
@@ -110,7 +113,7 @@ func ConfigFromViper(configFile string) (*service.Service, error) {
 	//Local user service client
 	localUserClient := local_user.NewUsersMgmtServiceClient(localUserConn)
 
-	service, err := service.Start(l, migrationConfig, connFactory, secretsClient, authzClient, authzProjectClient, localUserClient)
+	service, err := service.Start(l, migrationConfig, connFactory, secretsClient, authzClient, localUserClient, authzServiceClients)
 	if err != nil {
 		fail(errors.Wrap(err, "could not initialize storage"))
 	}

diff --git a/components/infra-proxy-service/migrations/migrations.go b/components/infra-proxy-service/migrations/migrations.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"context"
 	"fmt"
+	"google.golang.org/grpc/metadata"
 	"io"
 	"os"
 	"path"
@@ -319,14 +320,14 @@ func (s *MigrationServer) ConfirmPreview(ctx context.Context, req *request.Confi
 	// if err != nil {
 	// 	return nil, err
 	// }
-
+	md, _ := metadata.FromIncomingContext(ctx)
 	migrationStage, err := s.service.Migration.GetMigrationStage(ctx, req.MigrationId)
 	if err != nil {
 		return nil, err
 	}
 
 	// call pipeline function to trigger the phase 2 pipeline
-	go s.phaseTwoPipeline.Run(migrationStage.StagedData, s.service)
+	go s.phaseTwoPipeline.Run(md, migrationStage.StagedData, s.service)
 
 	return &response.ConfirmPreview{
 		MigrationId: req.MigrationId,

diff --git a/components/infra-proxy-service/migrations/pipeline/phaseonemigration.go b/components/infra-proxy-service/migrations/pipeline/phaseonemigration.go
@@ -42,7 +42,7 @@ func unzipSrc(result <-chan PipelineData, service *service.Service) <-chan Pipel
 				res.Done <- err
 				continue
 			}
-			result, err := Unzip(res.Ctx, res.Result)
+			result, err := Unzip(res.Result)
 			if err != nil {
 				log.Errorf("Failed to unzip the file for migration ID: %s :%s", res.Result.Meta.MigrationID, err)
 				// Failed Unzip pipeline

diff --git a/components/infra-proxy-service/migrations/pipeline/phasetwomigration.go b/components/infra-proxy-service/migrations/pipeline/phasetwomigration.go
@@ -2,6 +2,7 @@ package pipeline
 
 import (
 	"context"
+	"google.golang.org/grpc/metadata"
 
 	"github.com/chef/automate/components/infra-proxy-service/service"
 	log "github.com/sirupsen/logrus"
@@ -186,26 +187,46 @@ func populateOrgsUsersAssociation(result <-chan PipelineData, service *service.S
 }
 
 // PopulateMembersPolicy returns PhaseTwoPipelineProcessor
-func PopulateMembersPolicy() PhaseTwoPipelineProcessor {
+func PopulateMembersPolicy(service *service.Service) PhaseTwoPipelineProcessor {
 	return func(result <-chan PipelineData) <-chan PipelineData {
-		return populateMembersPolicy(result)
+		return populateMembersPolicy(result, service)
 	}
 }
 
-func populateMembersPolicy(result <-chan PipelineData) <-chan PipelineData {
-	log.Info("Starting PopulateMembersPolicy routine")
+func populateMembersPolicy(result <-chan PipelineData, service *service.Service) <-chan PipelineData {
+	log.Info("Starting to migrate_permission pipeline")
 	out := make(chan PipelineData, 100)
 
 	go func() {
 		for res := range result {
-			log.Info("Processing to populateMembersPolicy...")
+			log.Info("Processing to populate orgs users association...")
+			_, err := service.Migration.StartPermissionMigration(res.Ctx, res.Result.Meta.MigrationID, res.Result.Meta.ServerID)
+			if err != nil {
+				log.Errorf("Failed to update start 'StartPermissionMigration' status in DB for migration id: %s :%s", res.Result.Meta.MigrationID, err.Error())
+				res.Done <- err
+				continue
+			}
+			result, err := MigrateUsersPermissions(res.Ctx, service.AuthzPolicyClient, res.Result)
+			if err != nil {
+				log.Errorf("Failed to migrate org users association for migration id: %s :%s", res.Result.Meta.MigrationID, err.Error())
+				_, _ = service.Migration.FailedPermissionMigration(res.Ctx, res.Result.Meta.MigrationID, res.Result.Meta.ServerID, err.Error(), result.ParsedResult.OrgsUsersAssociationsCount.Succeeded, result.ParsedResult.OrgsUsersAssociationsCount.Skipped, result.ParsedResult.OrgsUsersAssociationsCount.Failed)
+				res.Done <- err
+				continue
+			}
+			_, err = service.Migration.CompletePermissionMigration(res.Ctx, res.Result.Meta.MigrationID, res.Result.Meta.ServerID, result.ParsedResult.OrgsUsersAssociationsCount.Succeeded, result.ParsedResult.OrgsUsersAssociationsCount.Skipped, result.ParsedResult.OrgsUsersAssociationsCount.Failed)
+			if err != nil {
+				log.Errorf("Failed to update 'CompletePermissionMigration' status in DB for migration id: %s :%s", res.Result.Meta.MigrationID, err.Error())
+				res.Done <- err
+				continue
+			}
+			res.Result = result
 			select {
 			case out <- res:
 			case <-res.Ctx.Done():
 				res.Done <- nil
 			}
 		}
-		log.Info("Closing PopulateMembersPolicy routine")
+		log.Info("Closing migrate_user_permissions pipeline")
 		close(out)
 	}()
 	return out
@@ -232,13 +253,15 @@ func SetupPhaseTwoPipeline(service *service.Service) PhaseTwoPipeline {
 		PopulateOrgsSrc(service),
 		PopulateUsersSrc(service),
 		PopulateOrgsUsersAssociationSrc(service),
-		// PopulateMembersPolicy(),
+		PopulateMembersPolicy(service),
 	)
 	return PhaseTwoPipeline{in: c}
 }
 
-func (p *PhaseTwoPipeline) Run(result pipeline.Result, service *service.Service) {
+func (p *PhaseTwoPipeline) Run(md metadata.MD, result pipeline.Result, service *service.Service) {
 	ctx, cancel := context.WithCancel(context.Background())
+	//Adding metadata for authentication
+	ctx = metadata.NewIncomingContext(ctx, md)
 	defer cancel()
 	done := make(chan error)
 	select {