diff --git a/.studio/common b/.studio/common index b0a81f03747..fea07b338fe 100644 --- a/.studio/common +++ b/.studio/common @@ -25,6 +25,7 @@ function compile_client_mocks() { pushd /src/api/interservice || return 1 mockgen_debug -source event/event.pb.go -destination event/event.pb.client_mock.go -package event -self_package github.com/chef/automate/api/interservice/event mockgen_debug -source authz/project.pb.go -destination authz/project.pb.client_mock.go -package authz -self_package github.com/chef/automate/api/interservice/authz + mockgen_debug -source authz/policy.pb.go -destination authz/policy.pb.client_mock.go -package authz -self_package github.com/chef/automate/api/interservice/authz mockgen_debug -source authz/authz.pb.go -destination authz/authz.pb.client_mock.go -package authz -self_package github.com/chef/automate/api/interservice/authz mockgen_debug -source authn/authenticate.pb.go -destination authn/authenticate.pb.client_mock.go -package authn -self_package github.com/chef/automate/api/interservice/authn mockgen_debug -source compliance/ingest/ingest/compliance.pb.go -destination compliance/ingest/ingest/compliance.pb.client_mock.go -package ingest -self_package github.com/chef/automate/api/interservice/compliance/ingest/ingest diff --git a/api/interservice/authz/policy.pb.client_mock.go b/api/interservice/authz/policy.pb.client_mock.go new file mode 100644 index 00000000000..1fc8bbc25a7 --- /dev/null +++ b/api/interservice/authz/policy.pb.client_mock.go @@ -0,0 +1,618 @@ +// Code generated by MockGen. DO NOT EDIT. +// Source: authz/policy.pb.go + +// Package authz is a generated GoMock package. +package authz + +import ( + context "context" + gomock "github.com/golang/mock/gomock" + grpc "google.golang.org/grpc" + reflect "reflect" +) + +// MockPoliciesServiceClient is a mock of PoliciesServiceClient interface +type MockPoliciesServiceClient struct { + ctrl *gomock.Controller + recorder *MockPoliciesServiceClientMockRecorder +} + +// MockPoliciesServiceClientMockRecorder is the mock recorder for MockPoliciesServiceClient +type MockPoliciesServiceClientMockRecorder struct { + mock *MockPoliciesServiceClient +} + +// NewMockPoliciesServiceClient creates a new mock instance +func NewMockPoliciesServiceClient(ctrl *gomock.Controller) *MockPoliciesServiceClient { + mock := &MockPoliciesServiceClient{ctrl: ctrl} + mock.recorder = &MockPoliciesServiceClientMockRecorder{mock} + return mock +} + +// EXPECT returns an object that allows the caller to indicate expected use +func (m *MockPoliciesServiceClient) EXPECT() *MockPoliciesServiceClientMockRecorder { + return m.recorder +} + +// ReplacePolicyMembers mocks base method +func (m *MockPoliciesServiceClient) ReplacePolicyMembers(ctx context.Context, in *ReplacePolicyMembersReq, opts ...grpc.CallOption) (*ReplacePolicyMembersResp, error) { + m.ctrl.T.Helper() + varargs := []interface{}{ctx, in} + for _, a := range opts { + varargs = append(varargs, a) + } + ret := m.ctrl.Call(m, "ReplacePolicyMembers", varargs...) + ret0, _ := ret[0].(*ReplacePolicyMembersResp) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// ReplacePolicyMembers indicates an expected call of ReplacePolicyMembers +func (mr *MockPoliciesServiceClientMockRecorder) ReplacePolicyMembers(ctx, in interface{}, opts ...interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + varargs := append([]interface{}{ctx, in}, opts...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ReplacePolicyMembers", reflect.TypeOf((*MockPoliciesServiceClient)(nil).ReplacePolicyMembers), varargs...) +} + +// CreatePolicy mocks base method +func (m *MockPoliciesServiceClient) CreatePolicy(ctx context.Context, in *CreatePolicyReq, opts ...grpc.CallOption) (*Policy, error) { + m.ctrl.T.Helper() + varargs := []interface{}{ctx, in} + for _, a := range opts { + varargs = append(varargs, a) + } + ret := m.ctrl.Call(m, "CreatePolicy", varargs...) + ret0, _ := ret[0].(*Policy) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// CreatePolicy indicates an expected call of CreatePolicy +func (mr *MockPoliciesServiceClientMockRecorder) CreatePolicy(ctx, in interface{}, opts ...interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + varargs := append([]interface{}{ctx, in}, opts...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CreatePolicy", reflect.TypeOf((*MockPoliciesServiceClient)(nil).CreatePolicy), varargs...) +} + +// DeletePolicy mocks base method +func (m *MockPoliciesServiceClient) DeletePolicy(ctx context.Context, in *DeletePolicyReq, opts ...grpc.CallOption) (*DeletePolicyResp, error) { + m.ctrl.T.Helper() + varargs := []interface{}{ctx, in} + for _, a := range opts { + varargs = append(varargs, a) + } + ret := m.ctrl.Call(m, "DeletePolicy", varargs...) + ret0, _ := ret[0].(*DeletePolicyResp) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// DeletePolicy indicates an expected call of DeletePolicy +func (mr *MockPoliciesServiceClientMockRecorder) DeletePolicy(ctx, in interface{}, opts ...interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + varargs := append([]interface{}{ctx, in}, opts...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DeletePolicy", reflect.TypeOf((*MockPoliciesServiceClient)(nil).DeletePolicy), varargs...) +} + +// ListPolicies mocks base method +func (m *MockPoliciesServiceClient) ListPolicies(ctx context.Context, in *ListPoliciesReq, opts ...grpc.CallOption) (*ListPoliciesResp, error) { + m.ctrl.T.Helper() + varargs := []interface{}{ctx, in} + for _, a := range opts { + varargs = append(varargs, a) + } + ret := m.ctrl.Call(m, "ListPolicies", varargs...) + ret0, _ := ret[0].(*ListPoliciesResp) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// ListPolicies indicates an expected call of ListPolicies +func (mr *MockPoliciesServiceClientMockRecorder) ListPolicies(ctx, in interface{}, opts ...interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + varargs := append([]interface{}{ctx, in}, opts...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListPolicies", reflect.TypeOf((*MockPoliciesServiceClient)(nil).ListPolicies), varargs...) +} + +// GetPolicy mocks base method +func (m *MockPoliciesServiceClient) GetPolicy(ctx context.Context, in *GetPolicyReq, opts ...grpc.CallOption) (*Policy, error) { + m.ctrl.T.Helper() + varargs := []interface{}{ctx, in} + for _, a := range opts { + varargs = append(varargs, a) + } + ret := m.ctrl.Call(m, "GetPolicy", varargs...) + ret0, _ := ret[0].(*Policy) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// GetPolicy indicates an expected call of GetPolicy +func (mr *MockPoliciesServiceClientMockRecorder) GetPolicy(ctx, in interface{}, opts ...interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + varargs := append([]interface{}{ctx, in}, opts...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetPolicy", reflect.TypeOf((*MockPoliciesServiceClient)(nil).GetPolicy), varargs...) +} + +// UpdatePolicy mocks base method +func (m *MockPoliciesServiceClient) UpdatePolicy(ctx context.Context, in *UpdatePolicyReq, opts ...grpc.CallOption) (*Policy, error) { + m.ctrl.T.Helper() + varargs := []interface{}{ctx, in} + for _, a := range opts { + varargs = append(varargs, a) + } + ret := m.ctrl.Call(m, "UpdatePolicy", varargs...) + ret0, _ := ret[0].(*Policy) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// UpdatePolicy indicates an expected call of UpdatePolicy +func (mr *MockPoliciesServiceClientMockRecorder) UpdatePolicy(ctx, in interface{}, opts ...interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + varargs := append([]interface{}{ctx, in}, opts...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "UpdatePolicy", reflect.TypeOf((*MockPoliciesServiceClient)(nil).UpdatePolicy), varargs...) +} + +// GetPolicyVersion mocks base method +func (m *MockPoliciesServiceClient) GetPolicyVersion(ctx context.Context, in *GetPolicyVersionReq, opts ...grpc.CallOption) (*GetPolicyVersionResp, error) { + m.ctrl.T.Helper() + varargs := []interface{}{ctx, in} + for _, a := range opts { + varargs = append(varargs, a) + } + ret := m.ctrl.Call(m, "GetPolicyVersion", varargs...) + ret0, _ := ret[0].(*GetPolicyVersionResp) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// GetPolicyVersion indicates an expected call of GetPolicyVersion +func (mr *MockPoliciesServiceClientMockRecorder) GetPolicyVersion(ctx, in interface{}, opts ...interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + varargs := append([]interface{}{ctx, in}, opts...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetPolicyVersion", reflect.TypeOf((*MockPoliciesServiceClient)(nil).GetPolicyVersion), varargs...) +} + +// CreateRole mocks base method +func (m *MockPoliciesServiceClient) CreateRole(ctx context.Context, in *CreateRoleReq, opts ...grpc.CallOption) (*Role, error) { + m.ctrl.T.Helper() + varargs := []interface{}{ctx, in} + for _, a := range opts { + varargs = append(varargs, a) + } + ret := m.ctrl.Call(m, "CreateRole", varargs...) + ret0, _ := ret[0].(*Role) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// CreateRole indicates an expected call of CreateRole +func (mr *MockPoliciesServiceClientMockRecorder) CreateRole(ctx, in interface{}, opts ...interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + varargs := append([]interface{}{ctx, in}, opts...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CreateRole", reflect.TypeOf((*MockPoliciesServiceClient)(nil).CreateRole), varargs...) +} + +// ListRoles mocks base method +func (m *MockPoliciesServiceClient) ListRoles(ctx context.Context, in *ListRolesReq, opts ...grpc.CallOption) (*ListRolesResp, error) { + m.ctrl.T.Helper() + varargs := []interface{}{ctx, in} + for _, a := range opts { + varargs = append(varargs, a) + } + ret := m.ctrl.Call(m, "ListRoles", varargs...) + ret0, _ := ret[0].(*ListRolesResp) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// ListRoles indicates an expected call of ListRoles +func (mr *MockPoliciesServiceClientMockRecorder) ListRoles(ctx, in interface{}, opts ...interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + varargs := append([]interface{}{ctx, in}, opts...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListRoles", reflect.TypeOf((*MockPoliciesServiceClient)(nil).ListRoles), varargs...) +} + +// GetRole mocks base method +func (m *MockPoliciesServiceClient) GetRole(ctx context.Context, in *GetRoleReq, opts ...grpc.CallOption) (*Role, error) { + m.ctrl.T.Helper() + varargs := []interface{}{ctx, in} + for _, a := range opts { + varargs = append(varargs, a) + } + ret := m.ctrl.Call(m, "GetRole", varargs...) + ret0, _ := ret[0].(*Role) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// GetRole indicates an expected call of GetRole +func (mr *MockPoliciesServiceClientMockRecorder) GetRole(ctx, in interface{}, opts ...interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + varargs := append([]interface{}{ctx, in}, opts...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetRole", reflect.TypeOf((*MockPoliciesServiceClient)(nil).GetRole), varargs...) +} + +// DeleteRole mocks base method +func (m *MockPoliciesServiceClient) DeleteRole(ctx context.Context, in *DeleteRoleReq, opts ...grpc.CallOption) (*DeleteRoleResp, error) { + m.ctrl.T.Helper() + varargs := []interface{}{ctx, in} + for _, a := range opts { + varargs = append(varargs, a) + } + ret := m.ctrl.Call(m, "DeleteRole", varargs...) + ret0, _ := ret[0].(*DeleteRoleResp) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// DeleteRole indicates an expected call of DeleteRole +func (mr *MockPoliciesServiceClientMockRecorder) DeleteRole(ctx, in interface{}, opts ...interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + varargs := append([]interface{}{ctx, in}, opts...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DeleteRole", reflect.TypeOf((*MockPoliciesServiceClient)(nil).DeleteRole), varargs...) +} + +// UpdateRole mocks base method +func (m *MockPoliciesServiceClient) UpdateRole(ctx context.Context, in *UpdateRoleReq, opts ...grpc.CallOption) (*Role, error) { + m.ctrl.T.Helper() + varargs := []interface{}{ctx, in} + for _, a := range opts { + varargs = append(varargs, a) + } + ret := m.ctrl.Call(m, "UpdateRole", varargs...) + ret0, _ := ret[0].(*Role) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// UpdateRole indicates an expected call of UpdateRole +func (mr *MockPoliciesServiceClientMockRecorder) UpdateRole(ctx, in interface{}, opts ...interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + varargs := append([]interface{}{ctx, in}, opts...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "UpdateRole", reflect.TypeOf((*MockPoliciesServiceClient)(nil).UpdateRole), varargs...) +} + +// ListPolicyMembers mocks base method +func (m *MockPoliciesServiceClient) ListPolicyMembers(ctx context.Context, in *ListPolicyMembersReq, opts ...grpc.CallOption) (*ListPolicyMembersResp, error) { + m.ctrl.T.Helper() + varargs := []interface{}{ctx, in} + for _, a := range opts { + varargs = append(varargs, a) + } + ret := m.ctrl.Call(m, "ListPolicyMembers", varargs...) + ret0, _ := ret[0].(*ListPolicyMembersResp) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// ListPolicyMembers indicates an expected call of ListPolicyMembers +func (mr *MockPoliciesServiceClientMockRecorder) ListPolicyMembers(ctx, in interface{}, opts ...interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + varargs := append([]interface{}{ctx, in}, opts...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListPolicyMembers", reflect.TypeOf((*MockPoliciesServiceClient)(nil).ListPolicyMembers), varargs...) +} + +// RemovePolicyMembers mocks base method +func (m *MockPoliciesServiceClient) RemovePolicyMembers(ctx context.Context, in *RemovePolicyMembersReq, opts ...grpc.CallOption) (*RemovePolicyMembersResp, error) { + m.ctrl.T.Helper() + varargs := []interface{}{ctx, in} + for _, a := range opts { + varargs = append(varargs, a) + } + ret := m.ctrl.Call(m, "RemovePolicyMembers", varargs...) + ret0, _ := ret[0].(*RemovePolicyMembersResp) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// RemovePolicyMembers indicates an expected call of RemovePolicyMembers +func (mr *MockPoliciesServiceClientMockRecorder) RemovePolicyMembers(ctx, in interface{}, opts ...interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + varargs := append([]interface{}{ctx, in}, opts...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "RemovePolicyMembers", reflect.TypeOf((*MockPoliciesServiceClient)(nil).RemovePolicyMembers), varargs...) +} + +// AddPolicyMembers mocks base method +func (m *MockPoliciesServiceClient) AddPolicyMembers(ctx context.Context, in *AddPolicyMembersReq, opts ...grpc.CallOption) (*AddPolicyMembersResp, error) { + m.ctrl.T.Helper() + varargs := []interface{}{ctx, in} + for _, a := range opts { + varargs = append(varargs, a) + } + ret := m.ctrl.Call(m, "AddPolicyMembers", varargs...) + ret0, _ := ret[0].(*AddPolicyMembersResp) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// AddPolicyMembers indicates an expected call of AddPolicyMembers +func (mr *MockPoliciesServiceClientMockRecorder) AddPolicyMembers(ctx, in interface{}, opts ...interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + varargs := append([]interface{}{ctx, in}, opts...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AddPolicyMembers", reflect.TypeOf((*MockPoliciesServiceClient)(nil).AddPolicyMembers), varargs...) +} + +// PurgeSubjectFromPolicies mocks base method +func (m *MockPoliciesServiceClient) PurgeSubjectFromPolicies(ctx context.Context, in *PurgeSubjectFromPoliciesReq, opts ...grpc.CallOption) (*PurgeSubjectFromPoliciesResp, error) { + m.ctrl.T.Helper() + varargs := []interface{}{ctx, in} + for _, a := range opts { + varargs = append(varargs, a) + } + ret := m.ctrl.Call(m, "PurgeSubjectFromPolicies", varargs...) + ret0, _ := ret[0].(*PurgeSubjectFromPoliciesResp) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// PurgeSubjectFromPolicies indicates an expected call of PurgeSubjectFromPolicies +func (mr *MockPoliciesServiceClientMockRecorder) PurgeSubjectFromPolicies(ctx, in interface{}, opts ...interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + varargs := append([]interface{}{ctx, in}, opts...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "PurgeSubjectFromPolicies", reflect.TypeOf((*MockPoliciesServiceClient)(nil).PurgeSubjectFromPolicies), varargs...) +} + +// MockPoliciesServiceServer is a mock of PoliciesServiceServer interface +type MockPoliciesServiceServer struct { + ctrl *gomock.Controller + recorder *MockPoliciesServiceServerMockRecorder +} + +// MockPoliciesServiceServerMockRecorder is the mock recorder for MockPoliciesServiceServer +type MockPoliciesServiceServerMockRecorder struct { + mock *MockPoliciesServiceServer +} + +// NewMockPoliciesServiceServer creates a new mock instance +func NewMockPoliciesServiceServer(ctrl *gomock.Controller) *MockPoliciesServiceServer { + mock := &MockPoliciesServiceServer{ctrl: ctrl} + mock.recorder = &MockPoliciesServiceServerMockRecorder{mock} + return mock +} + +// EXPECT returns an object that allows the caller to indicate expected use +func (m *MockPoliciesServiceServer) EXPECT() *MockPoliciesServiceServerMockRecorder { + return m.recorder +} + +// ReplacePolicyMembers mocks base method +func (m *MockPoliciesServiceServer) ReplacePolicyMembers(arg0 context.Context, arg1 *ReplacePolicyMembersReq) (*ReplacePolicyMembersResp, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "ReplacePolicyMembers", arg0, arg1) + ret0, _ := ret[0].(*ReplacePolicyMembersResp) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// ReplacePolicyMembers indicates an expected call of ReplacePolicyMembers +func (mr *MockPoliciesServiceServerMockRecorder) ReplacePolicyMembers(arg0, arg1 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ReplacePolicyMembers", reflect.TypeOf((*MockPoliciesServiceServer)(nil).ReplacePolicyMembers), arg0, arg1) +} + +// CreatePolicy mocks base method +func (m *MockPoliciesServiceServer) CreatePolicy(arg0 context.Context, arg1 *CreatePolicyReq) (*Policy, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "CreatePolicy", arg0, arg1) + ret0, _ := ret[0].(*Policy) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// CreatePolicy indicates an expected call of CreatePolicy +func (mr *MockPoliciesServiceServerMockRecorder) CreatePolicy(arg0, arg1 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CreatePolicy", reflect.TypeOf((*MockPoliciesServiceServer)(nil).CreatePolicy), arg0, arg1) +} + +// DeletePolicy mocks base method +func (m *MockPoliciesServiceServer) DeletePolicy(arg0 context.Context, arg1 *DeletePolicyReq) (*DeletePolicyResp, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "DeletePolicy", arg0, arg1) + ret0, _ := ret[0].(*DeletePolicyResp) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// DeletePolicy indicates an expected call of DeletePolicy +func (mr *MockPoliciesServiceServerMockRecorder) DeletePolicy(arg0, arg1 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DeletePolicy", reflect.TypeOf((*MockPoliciesServiceServer)(nil).DeletePolicy), arg0, arg1) +} + +// ListPolicies mocks base method +func (m *MockPoliciesServiceServer) ListPolicies(arg0 context.Context, arg1 *ListPoliciesReq) (*ListPoliciesResp, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "ListPolicies", arg0, arg1) + ret0, _ := ret[0].(*ListPoliciesResp) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// ListPolicies indicates an expected call of ListPolicies +func (mr *MockPoliciesServiceServerMockRecorder) ListPolicies(arg0, arg1 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListPolicies", reflect.TypeOf((*MockPoliciesServiceServer)(nil).ListPolicies), arg0, arg1) +} + +// GetPolicy mocks base method +func (m *MockPoliciesServiceServer) GetPolicy(arg0 context.Context, arg1 *GetPolicyReq) (*Policy, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "GetPolicy", arg0, arg1) + ret0, _ := ret[0].(*Policy) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// GetPolicy indicates an expected call of GetPolicy +func (mr *MockPoliciesServiceServerMockRecorder) GetPolicy(arg0, arg1 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetPolicy", reflect.TypeOf((*MockPoliciesServiceServer)(nil).GetPolicy), arg0, arg1) +} + +// UpdatePolicy mocks base method +func (m *MockPoliciesServiceServer) UpdatePolicy(arg0 context.Context, arg1 *UpdatePolicyReq) (*Policy, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "UpdatePolicy", arg0, arg1) + ret0, _ := ret[0].(*Policy) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// UpdatePolicy indicates an expected call of UpdatePolicy +func (mr *MockPoliciesServiceServerMockRecorder) UpdatePolicy(arg0, arg1 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "UpdatePolicy", reflect.TypeOf((*MockPoliciesServiceServer)(nil).UpdatePolicy), arg0, arg1) +} + +// GetPolicyVersion mocks base method +func (m *MockPoliciesServiceServer) GetPolicyVersion(arg0 context.Context, arg1 *GetPolicyVersionReq) (*GetPolicyVersionResp, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "GetPolicyVersion", arg0, arg1) + ret0, _ := ret[0].(*GetPolicyVersionResp) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// GetPolicyVersion indicates an expected call of GetPolicyVersion +func (mr *MockPoliciesServiceServerMockRecorder) GetPolicyVersion(arg0, arg1 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetPolicyVersion", reflect.TypeOf((*MockPoliciesServiceServer)(nil).GetPolicyVersion), arg0, arg1) +} + +// CreateRole mocks base method +func (m *MockPoliciesServiceServer) CreateRole(arg0 context.Context, arg1 *CreateRoleReq) (*Role, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "CreateRole", arg0, arg1) + ret0, _ := ret[0].(*Role) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// CreateRole indicates an expected call of CreateRole +func (mr *MockPoliciesServiceServerMockRecorder) CreateRole(arg0, arg1 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CreateRole", reflect.TypeOf((*MockPoliciesServiceServer)(nil).CreateRole), arg0, arg1) +} + +// ListRoles mocks base method +func (m *MockPoliciesServiceServer) ListRoles(arg0 context.Context, arg1 *ListRolesReq) (*ListRolesResp, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "ListRoles", arg0, arg1) + ret0, _ := ret[0].(*ListRolesResp) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// ListRoles indicates an expected call of ListRoles +func (mr *MockPoliciesServiceServerMockRecorder) ListRoles(arg0, arg1 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListRoles", reflect.TypeOf((*MockPoliciesServiceServer)(nil).ListRoles), arg0, arg1) +} + +// GetRole mocks base method +func (m *MockPoliciesServiceServer) GetRole(arg0 context.Context, arg1 *GetRoleReq) (*Role, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "GetRole", arg0, arg1) + ret0, _ := ret[0].(*Role) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// GetRole indicates an expected call of GetRole +func (mr *MockPoliciesServiceServerMockRecorder) GetRole(arg0, arg1 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetRole", reflect.TypeOf((*MockPoliciesServiceServer)(nil).GetRole), arg0, arg1) +} + +// DeleteRole mocks base method +func (m *MockPoliciesServiceServer) DeleteRole(arg0 context.Context, arg1 *DeleteRoleReq) (*DeleteRoleResp, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "DeleteRole", arg0, arg1) + ret0, _ := ret[0].(*DeleteRoleResp) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// DeleteRole indicates an expected call of DeleteRole +func (mr *MockPoliciesServiceServerMockRecorder) DeleteRole(arg0, arg1 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DeleteRole", reflect.TypeOf((*MockPoliciesServiceServer)(nil).DeleteRole), arg0, arg1) +} + +// UpdateRole mocks base method +func (m *MockPoliciesServiceServer) UpdateRole(arg0 context.Context, arg1 *UpdateRoleReq) (*Role, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "UpdateRole", arg0, arg1) + ret0, _ := ret[0].(*Role) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// UpdateRole indicates an expected call of UpdateRole +func (mr *MockPoliciesServiceServerMockRecorder) UpdateRole(arg0, arg1 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "UpdateRole", reflect.TypeOf((*MockPoliciesServiceServer)(nil).UpdateRole), arg0, arg1) +} + +// ListPolicyMembers mocks base method +func (m *MockPoliciesServiceServer) ListPolicyMembers(arg0 context.Context, arg1 *ListPolicyMembersReq) (*ListPolicyMembersResp, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "ListPolicyMembers", arg0, arg1) + ret0, _ := ret[0].(*ListPolicyMembersResp) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// ListPolicyMembers indicates an expected call of ListPolicyMembers +func (mr *MockPoliciesServiceServerMockRecorder) ListPolicyMembers(arg0, arg1 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListPolicyMembers", reflect.TypeOf((*MockPoliciesServiceServer)(nil).ListPolicyMembers), arg0, arg1) +} + +// RemovePolicyMembers mocks base method +func (m *MockPoliciesServiceServer) RemovePolicyMembers(arg0 context.Context, arg1 *RemovePolicyMembersReq) (*RemovePolicyMembersResp, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "RemovePolicyMembers", arg0, arg1) + ret0, _ := ret[0].(*RemovePolicyMembersResp) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// RemovePolicyMembers indicates an expected call of RemovePolicyMembers +func (mr *MockPoliciesServiceServerMockRecorder) RemovePolicyMembers(arg0, arg1 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "RemovePolicyMembers", reflect.TypeOf((*MockPoliciesServiceServer)(nil).RemovePolicyMembers), arg0, arg1) +} + +// AddPolicyMembers mocks base method +func (m *MockPoliciesServiceServer) AddPolicyMembers(arg0 context.Context, arg1 *AddPolicyMembersReq) (*AddPolicyMembersResp, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "AddPolicyMembers", arg0, arg1) + ret0, _ := ret[0].(*AddPolicyMembersResp) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// AddPolicyMembers indicates an expected call of AddPolicyMembers +func (mr *MockPoliciesServiceServerMockRecorder) AddPolicyMembers(arg0, arg1 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AddPolicyMembers", reflect.TypeOf((*MockPoliciesServiceServer)(nil).AddPolicyMembers), arg0, arg1) +} + +// PurgeSubjectFromPolicies mocks base method +func (m *MockPoliciesServiceServer) PurgeSubjectFromPolicies(arg0 context.Context, arg1 *PurgeSubjectFromPoliciesReq) (*PurgeSubjectFromPoliciesResp, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "PurgeSubjectFromPolicies", arg0, arg1) + ret0, _ := ret[0].(*PurgeSubjectFromPoliciesResp) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// PurgeSubjectFromPolicies indicates an expected call of PurgeSubjectFromPolicies +func (mr *MockPoliciesServiceServerMockRecorder) PurgeSubjectFromPolicies(arg0, arg1 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "PurgeSubjectFromPolicies", reflect.TypeOf((*MockPoliciesServiceServer)(nil).PurgeSubjectFromPolicies), arg0, arg1) +} diff --git a/components/infra-proxy-service/cmd/infra-proxy-service/commands/serve.go b/components/infra-proxy-service/cmd/infra-proxy-service/commands/serve.go index 424e6d2374e..cecfc95cd55 100644 --- a/components/infra-proxy-service/cmd/infra-proxy-service/commands/serve.go +++ b/components/infra-proxy-service/cmd/infra-proxy-service/commands/serve.go @@ -88,7 +88,10 @@ func serve(cmd *cobra.Command, args []string) { } authzClient := authz.NewAuthorizationServiceClient(authzConn) - authzProjectClient := authz.NewProjectsServiceClient(authzConn) + authzServiceClients := service.AuthzServiceClients{ + AuthzPolicyClient: authz.NewPoliciesServiceClient(authzConn), + AuthzProjectClient: authz.NewProjectsServiceClient(authzConn), + } if cfg.SecretsAddress == "" { fail(errors.New("missing required config secrets_address")) @@ -109,7 +112,7 @@ func serve(cmd *cobra.Command, args []string) { //Local user service client localUserClient := local_user.NewUsersMgmtServiceClient(localUserConn) - service, err := service.Start(l, migrationConfig, connFactory, secretsClient, authzClient, authzProjectClient, localUserClient) + service, err := service.Start(l, migrationConfig, connFactory, secretsClient, authzClient, localUserClient, authzServiceClients) if err != nil { fail(errors.Wrap(err, "could not initialize storage")) } diff --git a/components/infra-proxy-service/config/service.go b/components/infra-proxy-service/config/service.go index a87d79384e1..3f3c9d34324 100644 --- a/components/infra-proxy-service/config/service.go +++ b/components/infra-proxy-service/config/service.go @@ -89,7 +89,10 @@ func ConfigFromViper(configFile string) (*service.Service, error) { } authzClient := authz.NewAuthorizationServiceClient(authzConn) - authzProjectClient := authz.NewProjectsServiceClient(authzConn) + authzServiceClients := service.AuthzServiceClients{ + AuthzPolicyClient: authz.NewPoliciesServiceClient(authzConn), + AuthzProjectClient: authz.NewProjectsServiceClient(authzConn), + } if cfg.SecretsAddress == "" { fail(errors.New("missing required config secrets_address")) @@ -110,7 +113,7 @@ func ConfigFromViper(configFile string) (*service.Service, error) { //Local user service client localUserClient := local_user.NewUsersMgmtServiceClient(localUserConn) - service, err := service.Start(l, migrationConfig, connFactory, secretsClient, authzClient, authzProjectClient, localUserClient) + service, err := service.Start(l, migrationConfig, connFactory, secretsClient, authzClient, localUserClient, authzServiceClients) if err != nil { fail(errors.Wrap(err, "could not initialize storage")) } diff --git a/components/infra-proxy-service/migrations/migrations.go b/components/infra-proxy-service/migrations/migrations.go index 840f6d4f03a..0cfc482ef49 100644 --- a/components/infra-proxy-service/migrations/migrations.go +++ b/components/infra-proxy-service/migrations/migrations.go @@ -4,6 +4,7 @@ import ( "bytes" "context" "fmt" + "google.golang.org/grpc/metadata" "io" "os" "path" @@ -319,14 +320,14 @@ func (s *MigrationServer) ConfirmPreview(ctx context.Context, req *request.Confi // if err != nil { // return nil, err // } - + md, _ := metadata.FromIncomingContext(ctx) migrationStage, err := s.service.Migration.GetMigrationStage(ctx, req.MigrationId) if err != nil { return nil, err } // call pipeline function to trigger the phase 2 pipeline - go s.phaseTwoPipeline.Run(migrationStage.StagedData, s.service) + go s.phaseTwoPipeline.Run(md, migrationStage.StagedData, s.service) return &response.ConfirmPreview{ MigrationId: req.MigrationId, diff --git a/components/infra-proxy-service/migrations/pipeline/phaseonemigration.go b/components/infra-proxy-service/migrations/pipeline/phaseonemigration.go index fbe6dd29cee..2cb281d59e8 100644 --- a/components/infra-proxy-service/migrations/pipeline/phaseonemigration.go +++ b/components/infra-proxy-service/migrations/pipeline/phaseonemigration.go @@ -42,7 +42,7 @@ func unzipSrc(result <-chan PipelineData, service *service.Service) <-chan Pipel res.Done <- err continue } - result, err := Unzip(res.Ctx, res.Result) + result, err := Unzip(res.Result) if err != nil { log.Errorf("Failed to unzip the file for migration ID: %s :%s", res.Result.Meta.MigrationID, err) // Failed Unzip pipeline diff --git a/components/infra-proxy-service/migrations/pipeline/phasetwomigration.go b/components/infra-proxy-service/migrations/pipeline/phasetwomigration.go index 7b54a9460cd..12de352e186 100644 --- a/components/infra-proxy-service/migrations/pipeline/phasetwomigration.go +++ b/components/infra-proxy-service/migrations/pipeline/phasetwomigration.go @@ -2,6 +2,7 @@ package pipeline import ( "context" + "google.golang.org/grpc/metadata" "github.com/chef/automate/components/infra-proxy-service/service" log "github.com/sirupsen/logrus" @@ -186,26 +187,46 @@ func populateOrgsUsersAssociation(result <-chan PipelineData, service *service.S } // PopulateMembersPolicy returns PhaseTwoPipelineProcessor -func PopulateMembersPolicy() PhaseTwoPipelineProcessor { +func PopulateMembersPolicy(service *service.Service) PhaseTwoPipelineProcessor { return func(result <-chan PipelineData) <-chan PipelineData { - return populateMembersPolicy(result) + return populateMembersPolicy(result, service) } } -func populateMembersPolicy(result <-chan PipelineData) <-chan PipelineData { - log.Info("Starting PopulateMembersPolicy routine") +func populateMembersPolicy(result <-chan PipelineData, service *service.Service) <-chan PipelineData { + log.Info("Starting to migrate_permission pipeline") out := make(chan PipelineData, 100) go func() { for res := range result { - log.Info("Processing to populateMembersPolicy...") + log.Info("Processing to populate orgs users association...") + _, err := service.Migration.StartPermissionMigration(res.Ctx, res.Result.Meta.MigrationID, res.Result.Meta.ServerID) + if err != nil { + log.Errorf("Failed to update start 'StartPermissionMigration' status in DB for migration id: %s :%s", res.Result.Meta.MigrationID, err.Error()) + res.Done <- err + continue + } + result, err := MigrateUsersPermissions(res.Ctx, service.AuthzPolicyClient, res.Result) + if err != nil { + log.Errorf("Failed to migrate org users association for migration id: %s :%s", res.Result.Meta.MigrationID, err.Error()) + _, _ = service.Migration.FailedPermissionMigration(res.Ctx, res.Result.Meta.MigrationID, res.Result.Meta.ServerID, err.Error(), result.ParsedResult.OrgsUsersAssociationsCount.Succeeded, result.ParsedResult.OrgsUsersAssociationsCount.Skipped, result.ParsedResult.OrgsUsersAssociationsCount.Failed) + res.Done <- err + continue + } + _, err = service.Migration.CompletePermissionMigration(res.Ctx, res.Result.Meta.MigrationID, res.Result.Meta.ServerID, result.ParsedResult.OrgsUsersAssociationsCount.Succeeded, result.ParsedResult.OrgsUsersAssociationsCount.Skipped, result.ParsedResult.OrgsUsersAssociationsCount.Failed) + if err != nil { + log.Errorf("Failed to update 'CompletePermissionMigration' status in DB for migration id: %s :%s", res.Result.Meta.MigrationID, err.Error()) + res.Done <- err + continue + } + res.Result = result select { case out <- res: case <-res.Ctx.Done(): res.Done <- nil } } - log.Info("Closing PopulateMembersPolicy routine") + log.Info("Closing migrate_user_permissions pipeline") close(out) }() return out @@ -232,13 +253,15 @@ func SetupPhaseTwoPipeline(service *service.Service) PhaseTwoPipeline { PopulateOrgsSrc(service), PopulateUsersSrc(service), PopulateOrgsUsersAssociationSrc(service), - // PopulateMembersPolicy(), + PopulateMembersPolicy(service), ) return PhaseTwoPipeline{in: c} } -func (p *PhaseTwoPipeline) Run(result pipeline.Result, service *service.Service) { +func (p *PhaseTwoPipeline) Run(md metadata.MD, result pipeline.Result, service *service.Service) { ctx, cancel := context.WithCancel(context.Background()) + //Adding metadata for authentication + ctx = metadata.NewIncomingContext(ctx, md) defer cancel() done := make(chan error) select { diff --git a/components/infra-proxy-service/migrations/pipeline/utility.go b/components/infra-proxy-service/migrations/pipeline/utility.go index 831204db339..fa04eecdc11 100644 --- a/components/infra-proxy-service/migrations/pipeline/utility.go +++ b/components/infra-proxy-service/migrations/pipeline/utility.go @@ -1,20 +1,10 @@ package pipeline import ( - "archive/zip" "context" - "encoding/json" "fmt" - - "errors" - "io" - "os" - "path" - "path/filepath" - - "github.com/chef/automate/api/interservice/local_user" - "github.com/chef/automate/api/interservice/authz" + "github.com/chef/automate/api/interservice/local_user" "github.com/chef/automate/components/infra-proxy-service/pipeline" "github.com/chef/automate/components/infra-proxy-service/storage" log "github.com/sirupsen/logrus" @@ -89,600 +79,6 @@ func createProjectFromOrgIdAndServerID(ctx context.Context, serverId string, org return []string{projectID.Project.Name}, nil } -func ParseOrgs(ctx context.Context, st storage.Storage, mst storage.MigrationStorage, result pipeline.Result) (pipeline.Result, error) { - var err error - log.Info("Starting with organization parsing phase for migration id: ", result.Meta.MigrationID) - - orgPath := path.Join(result.Meta.UnzipFolder, "organizations") - folder, err := os.Open(orgPath) - if err != nil { - log.Errorf("Failed to open the folder for the file path %s : %s", orgPath, err.Error()) - return result, err - } - - orgNames, err := folder.Readdir(0) - if err != nil { - log.Errorf("Failed to read the files for the file path %s : %s", orgPath, err.Error()) - return result, err - } - _ = folder.Close() - orgsPresentInDB, err := st.GetOrgs(ctx, result.Meta.ServerID) - if err != nil { - log.Errorf("Failed to read orgs from database for %s:%s", result.Meta.ServerID, err.Error()) - return result, err - } - - result.ParsedResult.Orgs = append(result.ParsedResult.Orgs, insertOrUpdateOrg(orgNames, orgsPresentInDB, orgPath)...) - - result.ParsedResult.Orgs = append(result.ParsedResult.Orgs, deleteOrgsIfNotPresentInCurrentFile(orgNames, orgsPresentInDB)...) - - log.Info("Successfully completed the organization parsing phase for migration id: ", result.Meta.MigrationID) - return result, nil - -} - -//CreatePreview Stores the staged data in db -func CreatePreview(ctx context.Context, st storage.Storage, mst storage.MigrationStorage, result pipeline.Result) (pipeline.Result, error) { - log.Info("Starting with create preview phase for migration id: ", result.Meta.MigrationID) - - resultByte, err := json.Marshal(result) - if err != nil { - log.Errorf("Failed to marshal the staged data for the migration id %s : %s", result.Meta.MigrationID, err.Error()) - return result, err - } - - _, err = mst.StoreMigrationStage(ctx, result.Meta.MigrationID, resultByte) - if err != nil { - log.Errorf("Failed to store the staged data %s : %s ", result.Meta.MigrationID, err.Error()) - return result, err - } - log.Info("Successfully completed the create preview phase for migration id: ", result.Meta.MigrationID) - - return result, nil -} - -func createDatabaseOrgsMap(orgs []storage.Org) map[string]string { - orgMap := make(map[string]string) - for _, s := range orgs { - orgMap[s.ID] = s.Name - //Values for comparison - } - return orgMap -} - -func createFileOrgsMap(orgs []os.FileInfo) map[string]string { - orgMap := make(map[string]string) - for _, s := range orgs { - if s.IsDir() { - orgMap[s.Name()] = "" - //No value required for comparison - } - } - return orgMap -} - -func insertOrUpdateOrg(orgsInFiles []os.FileInfo, orgsInDB []storage.Org, orgPath string) []pipeline.Org { - var orgList []pipeline.Org - orgDatabaseMap := createDatabaseOrgsMap(orgsInDB) - var orgJson pipeline.OrgJson - log.Info("Comparing the organization from database and backup file for insert,update and skip action") - //For insert, update and skip action - for _, org := range orgsInFiles { - if org.IsDir() { - orgInfo, valuePresent := orgDatabaseMap[org.Name()] - orgJson = openOrgFolder(org, orgPath) - if valuePresent { - if orgJson.FullName != orgInfo { - //Update org in the result actions - orgList = append(orgList, createOrgStructForAction(orgJson.Name, orgJson.FullName, pipeline.Update)) - } else { - //Skip org action if full names are not equal - orgList = append(orgList, createOrgStructForAction(orgJson.Name, orgJson.FullName, pipeline.Skip)) - - } - } else { - //Insert org action if not present in database - orgList = append(orgList, createOrgStructForAction(orgJson.Name, orgJson.FullName, pipeline.Insert)) - } - } - } - log.Info("Completed comparing the organization from database and backup file for insert,update and skip action") - return orgList -} - -func deleteOrgsIfNotPresentInCurrentFile(orgsInFiles []os.FileInfo, orgsInDB []storage.Org) []pipeline.Org { - var orgList []pipeline.Org - orgFilesMap := createFileOrgsMap(orgsInFiles) - log.Info("Comparing the organization from database and backup file for delete action") - //For delete action by comparing database orgs with file orgs - for _, org := range orgsInDB { - _, valuePresent := orgFilesMap[org.ID] - if !valuePresent { - orgList = append(orgList, createOrgStructForAction(org.ID, org.Name, pipeline.Delete)) - } - } - log.Info("Completed comparing the organization from database and backup file for delete action") - return orgList -} - -func openOrgFolder(org os.FileInfo, fileLocation string) pipeline.OrgJson { - var orgJson pipeline.OrgJson - jsonPath := path.Join(fileLocation, org.Name(), "org.json") - jsonFile, err := os.Open(jsonPath) - // if we os.Open returns an error then handle it - if err != nil { - fmt.Println(err) - } - log.Info("Successfully opened the file at location", jsonPath) - defer func() { - _ = jsonFile.Close() - }() - // defer the closing of our jsonFile so that we can parse it later on - _ = json.NewDecoder(jsonFile).Decode(&orgJson) - return orgJson -} - -func createOrgStructForAction(orgId string, orgName string, ops pipeline.ActionOps) pipeline.Org { - return pipeline.Org{ - Name: orgId, - FullName: orgName, - ActionOps: ops, - } -} - -// Unzip will decompress a zip file and sets the UnzipFolder -func Unzip(ctx context.Context, result pipeline.Result) (pipeline.Result, error) { - - var fpath string - - reader, err := zip.OpenReader(result.Meta.ZipFile) - if err != nil { - log.Errorf("cannot open reader migration id: %s, %s", result.Meta.MigrationID, err.Error()) - return result, err - } - - for _, file := range reader.File { - - fpath = filepath.Join(filepath.Dir(result.Meta.ZipFile), file.Name) - - if file.FileInfo().IsDir() { - err = os.MkdirAll(fpath, os.ModePerm) - if err != nil { - log.Errorf("cannot create dir for migration id: %s, %s", result.Meta.MigrationID, err.Error()) - } - continue - } - - // Creating the files in the target directory - if err = os.MkdirAll(filepath.Dir(fpath), os.ModePerm); err != nil { - log.Errorf("cannot create directory for migration id: %s, %s", result.Meta.MigrationID, err.Error()) - return result, err - } - - // The created file will be stored in - // outFile with permissions to write &/or truncate - outFile, err := os.OpenFile(fpath, - os.O_WRONLY|os.O_CREATE|os.O_TRUNC, - file.Mode()) - if err != nil { - log.Errorf("cannot create a file for migration id: %s, %s", result.Meta.MigrationID, err.Error()) - return result, err - } - - readClose, err := file.Open() - if err != nil { - log.Errorf("cannot open file for migration id: %s, %s", result.Meta.MigrationID, err.Error()) - return result, err - } - - _, err = io.Copy(outFile, readClose) - if err != nil { - log.Errorf("cannot copy file for migration id: %s, %s", result.Meta.MigrationID, err.Error()) - return result, err - } - _ = outFile.Close() - _ = readClose.Close() - - } - - result.Meta.UnzipFolder = filepath.Dir(fpath) - _ = reader.Close() - - return result, nil -} - -func ValidateZip(ctx context.Context, st storage.Storage, mst storage.MigrationStorage, result pipeline.Result) (pipeline.Result, error) { - var err error - foundOrg := false - // Find under unzip folder where org folder exists - if err := filepath.Walk(result.Meta.UnzipFolder, func(path string, f os.FileInfo, err error) error { - - // check if base path is `organizations` - if filepath.Base(path) == "organizations" { - // reassign unzipFolder - foundOrg = true - result.Meta.UnzipFolder = filepath.Dir(path) - } - return nil - }); err != nil { - log.Errorf("Failed to find organizations folder for migration id %s : %s", result.Meta.MigrationID, err.Error()) - return result, err - } - if !foundOrg { - return result, errors.New("cannot find organizations folder") - } - // Check if the reassigned unzip folder contains key_dump.json - _, err = os.Stat(result.Meta.UnzipFolder + "/key_dump.json") - if err != nil { - log.Errorf("Failed to validate unzip folder for migration id %s : %s", result.Meta.MigrationID, err.Error()) - return result, err - } - - result.Meta.IsValid = true - return result, nil -} - -// ParseOrgUserAssociation sync the automate org users with chef server org users -func ParseOrgUserAssociation(ctx context.Context, st storage.Storage, result pipeline.Result) (pipeline.Result, error) { - log.Info("Starting with the parsing org user association for migration id :", result.Meta.MigrationID) - var orgUserAssociations []pipeline.OrgsUsersAssociations - var err error - orgUserAssociations, err = getActionForOrgUsers(ctx, st, result) - if err != nil { - log.Errorf("Unable to parse org user association for migration id : %s : %s", result.Meta.MigrationID, err.Error()) - return result, err - } - result.ParsedResult.OrgsUsers = append(result.ParsedResult.OrgsUsers, orgUserAssociations...) - log.Info("Completed with the parsing org user association for migration id :", result.Meta.MigrationID) - return result, nil -} - -func getActionForOrgUsers(ctx context.Context, st storage.Storage, result pipeline.Result) ([]pipeline.OrgsUsersAssociations, error) { - orgUserAssociations := make([]pipeline.OrgsUsersAssociations, 0) - orgPath := path.Join(result.Meta.UnzipFolder, "organizations") - for _, org := range result.ParsedResult.Orgs { - var userAssociations []pipeline.UserAssociation - log.Info("Getting actions for org id", org.Name) - var chefServerOrgUsers []pipeline.UserAssociation - // check whether org directory exist or not - if _, err := os.Stat(path.Join(orgPath, org.Name)); !os.IsNotExist(err) { - chefServerOrgUsers, err = getChefServerOrgUsers(org.Name, orgPath) - if err != nil { - log.Errorf("Unable to get the chef server organization users %s ", err) - return nil, err - } - } - if org.ActionOps == pipeline.Insert { - userAssociations = append(userAssociations, createInsertUserAssociation(chefServerOrgUsers)...) - orgUserAssociations = append(orgUserAssociations, pipeline.OrgsUsersAssociations{OrgName: org, Users: userAssociations}) - continue - } - orgUsersInDb, err := st.GetAutomateOrgUsers(ctx, org.Name) - if err != nil { - log.Errorf("Unable to fetch automate Users for org %s : %s", org.Name, err.Error()) - return nil, err - } - if org.ActionOps == pipeline.Delete { - userAssociations = append(userAssociations, createDeleteUserAssociation(orgUsersInDb)...) - } else { - userAssociations = append(userAssociations, insertOrUpdateActionForOrgUsers(orgUsersInDb, chefServerOrgUsers)...) - userAssociations = append(userAssociations, deleteActionForOrgUses(orgUsersInDb, chefServerOrgUsers)...) - } - orgUserAssociations = append(orgUserAssociations, pipeline.OrgsUsersAssociations{OrgName: org, Users: userAssociations}) - } - return orgUserAssociations, nil -} - -func createInsertUserAssociation(chefServerOrgUsers []pipeline.UserAssociation) []pipeline.UserAssociation { - userAssociation := make([]pipeline.UserAssociation, 0) - for _, user := range chefServerOrgUsers { - userAssociation = append(userAssociation, pipeline.UserAssociation{Username: user.Username, IsAdmin: user.IsAdmin, ActionOps: pipeline.Insert}) - } - return userAssociation -} - -func createDeleteUserAssociation(orgUsersInDb []storage.OrgUser) []pipeline.UserAssociation { - userAssociation := make([]pipeline.UserAssociation, 0) - for _, user := range orgUsersInDb { - userAssociation = append(userAssociation, pipeline.UserAssociation{Username: user.InfraServerUsername, IsAdmin: user.IsAdmin, ActionOps: pipeline.Delete}) - } - return userAssociation -} - -func insertOrUpdateActionForOrgUsers(orgUsers []storage.OrgUser, chefServerOrgUsers []pipeline.UserAssociation) []pipeline.UserAssociation { - var userAssociation []pipeline.UserAssociation - orgUserMapDB := createMapForOrgUsersInDB(orgUsers) - for _, user := range chefServerOrgUsers { - isAdmin, valuePresent := orgUserMapDB[user.Username] - if valuePresent { - //check for the org admins - if user.IsAdmin != isAdmin { - userAssociation = append(userAssociation, pipeline.UserAssociation{Username: user.Username, IsAdmin: user.IsAdmin, ActionOps: pipeline.Update}) - } else { - userAssociation = append(userAssociation, pipeline.UserAssociation{Username: user.Username, IsAdmin: user.IsAdmin, ActionOps: pipeline.Skip}) - } - } else { - userAssociation = append(userAssociation, pipeline.UserAssociation{Username: user.Username, IsAdmin: user.IsAdmin, ActionOps: pipeline.Insert}) - } - } - return userAssociation -} - -func deleteActionForOrgUses(orgUsers []storage.OrgUser, chefServerOrgUsers []pipeline.UserAssociation) []pipeline.UserAssociation { - var userAssociation []pipeline.UserAssociation - orgUserJsonMap := createMapForOrgUsersInJson(chefServerOrgUsers) - for _, user := range orgUsers { - _, valuePresent := orgUserJsonMap[user.InfraServerUsername] - if !valuePresent { - userAssociation = append(userAssociation, pipeline.UserAssociation{Username: user.InfraServerUsername, IsAdmin: user.IsAdmin, ActionOps: pipeline.Delete}) - } - } - - return userAssociation -} - -func createMapForOrgUsersInDB(orgUsers []storage.OrgUser) map[string]bool { - orgUsersMap := make(map[string]bool) - for _, s := range orgUsers { - orgUsersMap[s.InfraServerUsername] = s.IsAdmin - } - return orgUsersMap -} - -func createMapForOrgUsersInJson(chefServerOrgUsers []pipeline.UserAssociation) map[string]string { - orgUsersMap := make(map[string]string) - for _, user := range chefServerOrgUsers { - orgUsersMap[user.Username] = "" - } - return orgUsersMap -} - -// getChefServerOrgUsers returns the chef server organization users from backup file -func getChefServerOrgUsers(orgName, fileLocation string) ([]pipeline.UserAssociation, error) { - orgUsers := make([]pipeline.UserAssociation, 0) - - members, err := getOrgMembers(orgName, fileLocation) - if err != nil { - log.Errorf("Unable to get organization members %s", err) - return nil, err - } - admins, err := getOrgAdmins(orgName, fileLocation) - if err != nil { - log.Errorf("Unable to get organization admins %s", err) - return nil, err - } - orgAdminMap := createMapForOrgAdminsInJson(admins) - for _, member := range members { - orgUser := pipeline.UserAssociation{} - if member.User.Username == "pivotal" { - continue - } - orgUser.Username = member.User.Username - _, valuePresent := orgAdminMap[member.User.Username] - if valuePresent { - orgUser.IsAdmin = true - } - orgUsers = append(orgUsers, orgUser) - } - return orgUsers, nil -} - -// getOrgMembers Get the data of members.json -func getOrgMembers(orgName, fileLocation string) ([]pipeline.MembersJson, error) { - var orgMembers []pipeline.MembersJson - usersJsonPath := path.Join(fileLocation, orgName, "members.json") - usersjsonFile, err := os.Open(usersJsonPath) - // if we os.Open returns an error then handle it - if err != nil { - log.Errorf("Unable to open org members file at the location : %s", usersJsonPath) - return nil, err - } - log.Info("Successfully opened the org members file at location", usersJsonPath) - // defer the closing of our jsonFile so that we can parse it later on - defer func() { - _ = usersjsonFile.Close() - }() - err = json.NewDecoder(usersjsonFile).Decode(&orgMembers) - if err != nil { - log.Errorf("Unable to decode the org members file %s %s", usersJsonPath, err) - return nil, err - } - return orgMembers, nil -} - -// getOrgAdmins Get the data of admins.json -func getOrgAdmins(orgName, fileLocation string) (pipeline.AdminsJson, error) { - var orgAdmins pipeline.AdminsJson - adminJsonPath := path.Join(fileLocation, orgName, "groups", "admins.json") - jsonFile, err := os.Open(adminJsonPath) - // if we os.Open returns an error then handle it - if err != nil { - log.Errorf("Unable to open org admins file at the location : %s %s", adminJsonPath, err) - return pipeline.AdminsJson{}, err - } - log.Info("Successfully opened the org admins file at location", adminJsonPath) - // defer the closing of our jsonFile so that we can parse it later on - defer func() { - _ = jsonFile.Close() - }() - err = json.NewDecoder(jsonFile).Decode(&orgAdmins) - if err != nil { - log.Errorf("Unable to decode the org admins file %s %s", adminJsonPath, err) - return pipeline.AdminsJson{}, err - } - return orgAdmins, nil -} - -func createMapForOrgAdminsInJson(adminsJson pipeline.AdminsJson) map[string]string { - orgAdminsMap := make(map[string]string) - for _, username := range adminsJson.Users { - orgAdminsMap[username] = "" - } - return orgAdminsMap - -} - -//GetUsersForBackup get all the users details from back up file -func GetUsersForBackup(ctx context.Context, st storage.Storage, localUserClient local_user.UsersMgmtServiceClient, result pipeline.Result) (pipeline.Result, error) { - log.Info("starting with user parsing phase for migration id: ", result.Meta.MigrationID) - - file := path.Join(result.Meta.UnzipFolder, "key_dump.json") - var keyDumps []pipeline.KeyDump - - keyDumpFile, err := os.Open(file) - if err != nil { - log.Errorf("failed to open keydump file for user parsing for the migration id: %s : %s", result.Meta.MigrationID, err.Error()) - return result, err - } - - if err = json.NewDecoder(keyDumpFile).Decode(&keyDumps); err != nil { - log.Errorf("failed to decode keydump json for the migration id: %s : %s", result.Meta.MigrationID, err.Error()) - return result, err - } - - serverUsers := keyDumpTOUser(keyDumps) - automateUsers, err := st.GetAutomateInfraServerUsers(ctx, result.Meta.ServerID) - if err != nil { - log.Errorf("failed to get users form db for user parsing for the migration id: %s : %s", result.Meta.MigrationID, err.Error()) - return result, err - } - - var mappedUsers []pipeline.User - - mappedUsers = append(mappedUsers, deleteUser(serverUsers, automateUsers)...) - mappedUsers = append(mappedUsers, insertUpdateSkipUser(ctx, serverUsers, automateUsers, localUserClient)...) - - result.ParsedResult.Users = mappedUsers - return result, nil -} - -// Clean serialized_object and Populate Users struct -func keyDumpTOUser(keyDump []pipeline.KeyDump) []pipeline.User { - users := make([]pipeline.User, 0) - for _, kd := range keyDump { - sec := map[string]string{} - if err := json.Unmarshal([]byte(kd.SerializedObject), &sec); err != nil { - log.Errorf("failed to parse user's first, middle and last name: %s", err.Error()) - } - user := &pipeline.User{ - Username: kd.Username, - Email: kd.Email, - DisplayName: sec["display_name"], - FirstName: sec["first_name"], - LastName: sec["last_name"], - MiddleName: sec["middle_name"], - HashPassword: kd.HashedPassword, - } - user.SetConnector(kd.ExternalAuthenticationUID) - user.SetAutomateUsername(kd.ExternalAuthenticationUID) - - users = append(users, *user) - } - return users -} - -func automateMap(automateUser []storage.User) map[string]storage.User { - automateMap := map[string]storage.User{} - for _, aUser := range automateUser { - automateMap[aUser.InfraServerUsername] = aUser - } - return automateMap -} - -func serverMap(server []pipeline.User) map[string]pipeline.User { - serverMap := map[string]pipeline.User{} - for _, sUser := range server { - serverMap[sUser.Username] = sUser - } - return serverMap -} - -func insertUpdateSkipUser(ctx context.Context, serverUser []pipeline.User, automateUser []storage.User, localUserClient local_user.UsersMgmtServiceClient) []pipeline.User { - var parsedUsers []pipeline.User - autoMap := automateMap(automateUser) - for _, sUser := range serverUser { - if _, ok := autoMap[sUser.Username]; ok { - emptyVal := pipeline.User{} - returnedVal := skipOrUpdate(autoMap, sUser) - if returnedVal != emptyVal { - parsedUsers = append(parsedUsers, returnedVal) - } - } else { - if sUser.Username == "pivotal" { - continue - } else { - if sUser.Connector == pipeline.Local { - userExists := checkUserExist(ctx, localUserClient, sUser) - sUser.IsConflicting = userExists - } - sUser.ActionOps = pipeline.Insert - parsedUsers = append(parsedUsers, sUser) - } - - } - - } - - return parsedUsers -} -func skipOrUpdate(autoMap map[string]storage.User, sUser pipeline.User) pipeline.User { - if autoMap[sUser.Username].InfraServerUsername == sUser.Username { - if autoMap[sUser.Username].InfraServerUsername == sUser.Username && autoMap[sUser.Username].Email == sUser.Email && - autoMap[sUser.Username].DisplayName == sUser.DisplayName && autoMap[sUser.Username].FirstName == sUser.FirstName && - autoMap[sUser.Username].LastName == sUser.LastName && autoMap[sUser.Username].MiddleName == sUser.MiddleName { - sUser.ActionOps = pipeline.Skip - return sUser - - } else { - sUser.ActionOps = pipeline.Update - return sUser - } - } - return pipeline.User{} -} - -func deleteUser(serverUser []pipeline.User, automateUser []storage.User) []pipeline.User { - var parsedUsers []pipeline.User - serverMap := serverMap(serverUser) - for _, aUser := range automateUser { - if _, ok := serverMap[aUser.InfraServerUsername]; !ok { - parsedUsers = append(parsedUsers, pipeline.User{ - Username: aUser.InfraServerUsername, - ActionOps: pipeline.Delete, - }) - } - - } - - return parsedUsers -} - -//checkUserExist check user exists in the local automate or not -func checkUserExist(ctx context.Context, localUserClient local_user.UsersMgmtServiceClient, user pipeline.User) bool { - _, err := localUserClient.GetUser(ctx, &local_user.Email{Email: user.AutomateUsername}) - if err != nil { - log.Errorf(err.Error()) - log.Errorf("Unable to fetch user") - return false - } - return true -} - -func createLocalUser(ctx context.Context, localUserClient local_user.UsersMgmtServiceClient, user pipeline.User) error { - _, err := localUserClient.CreateUser(ctx, &local_user.CreateUserReq{ - Name: user.DisplayName, - Id: user.AutomateUsername, - Password: user.HashPassword, - Email: user.AutomateUsername, - IsHashed: true, - }) - if err != nil { - log.Errorf("Unable to create user in Automate for user : %s with error %s", user.AutomateUsername, err.Error()) - return err - } - return nil -} - // StoreOrgsUsersAssociation populate the users association with orgs based on the actions func StoreOrgsUsersAssociation(ctx context.Context, st storage.Storage, result pipeline.Result) (pipeline.Result, error) { log.Info("Starting with the storing org user association for migration id :", result.Meta.MigrationID) @@ -715,10 +111,10 @@ func StoreOrgsUsersAssociation(ctx context.Context, st storage.Storage, result p return result, nil } -func createMapForUsers(users []pipeline.User) map[string]string { - usersMap := make(map[string]string) +func createMapForUsers(users []pipeline.User) map[string]pipeline.User { + usersMap := make(map[string]pipeline.User) for _, user := range users { - usersMap[user.Username] = "" + usersMap[user.Username] = user } return usersMap } @@ -798,3 +194,89 @@ func StoreUser(ctx context.Context, st storage.Storage, user pipeline.User, serv } return actionTaken, err } + +//Populating User permissions for admin and non-admin members +func MigrateUsersPermissions(ctx context.Context, authzPolicyClient authz.PoliciesServiceClient, result pipeline.Result) (pipeline.Result, error) { + log.Info("Starting with the migrating user permissions for migration id :", result.Meta.MigrationID) + var err error + var totalUsers int64 + selectedUsersMap := createMapForUsers(result.ParsedResult.Users) + for _, orgUsers := range result.ParsedResult.OrgsUsers { + for _, orgUserAssociation := range orgUsers.Users { + if _, keyPresent := selectedUsersMap[orgUserAssociation.Username]; keyPresent { + totalUsers++ + if orgUserAssociation.ActionOps == pipeline.Skip { + result.ParsedResult.UserPermission.Skipped++ + continue + } + err, _ = MigrateUserPermission(ctx, orgUsers.OrgName, selectedUsersMap[orgUserAssociation.Username], orgUserAssociation, authzPolicyClient, result.Meta.ServerID) + if err != nil { + log.Errorf("Failed to migrate user permissions for org user %s of org %s for migration id %s : %s", orgUserAssociation.Username, orgUsers.OrgName.Name, result.Meta.MigrationID, err.Error()) + result.ParsedResult.UserPermission.Failed++ + continue + } + result.ParsedResult.UserPermission.Succeeded++ + } + } + } + if totalUsers == result.ParsedResult.UserPermission.Failed { + return result, err + } + log.Info("Completed with the migrating user permission for migration id :", result.Meta.MigrationID) + return result, nil +} + +func MigrateUserPermission(ctx context.Context, org pipeline.Org, user pipeline.User, orgUserAssociation pipeline.UserAssociation, authzPolicyClient authz.PoliciesServiceClient, serverId string) (error, pipeline.ActionOps) { + var actionTaken pipeline.ActionOps + var err error + switch actionTaken = orgUserAssociation.ActionOps; orgUserAssociation.ActionOps { + case pipeline.Insert: + err = addUserToPolicy(ctx, org, user, orgUserAssociation.IsAdmin, authzPolicyClient, serverId) + case pipeline.Delete: + err = removePolicyFromUser(ctx, org, user, orgUserAssociation.IsAdmin, authzPolicyClient, serverId) + case pipeline.Update: + err = addUserToPolicy(ctx, org, user, orgUserAssociation.IsAdmin, authzPolicyClient, serverId) + if err == nil { + err = removePolicyFromUser(ctx, org, user, !orgUserAssociation.IsAdmin, authzPolicyClient, serverId) + } + default: + } + return err, actionTaken +} + +func addUserToPolicy(ctx context.Context, org pipeline.Org, user pipeline.User, isAdmin bool, authzPolicyClient authz.PoliciesServiceClient, serverId string) error { + log.Info("Adding policy for the user", user.AutomateUsername) + policyId := getPolicyId(isAdmin, org, serverId) + member := fmt.Sprintf("user:%s:%s", user.Connector, user.AutomateUsername) + members := []string{member} + createPolicyRequest := &authz.AddPolicyMembersReq{Id: policyId, Members: members} + _, err := authzPolicyClient.AddPolicyMembers(ctx, createPolicyRequest) + if err != nil { + log.Errorf("Unable to add policy for the username %s", user.AutomateUsername) + return err + } + return nil +} + +func removePolicyFromUser(ctx context.Context, org pipeline.Org, user pipeline.User, isAdmin bool, authzPolicyClient authz.PoliciesServiceClient, serverId string) error { + log.Info("Deleting policy for the user", user.AutomateUsername) + policyId := getPolicyId(isAdmin, org, serverId) + member := fmt.Sprintf("user:%s:%s", user.Connector, user.AutomateUsername) + removePolicyRequest := &authz.RemovePolicyMembersReq{Id: policyId, Members: []string{member}} + _, err := authzPolicyClient.RemovePolicyMembers(ctx, removePolicyRequest) + if err != nil { + log.Errorf("Unable to delete policy for the username %s", user.AutomateUsername) + return err + } + return nil +} + +func getPolicyId(isAdmin bool, org pipeline.Org, serverId string) string { + var policyId string + if isAdmin { + policyId = fmt.Sprintf("%s_%s-%s", serverId, org.Name, "project-owners") + } else { + policyId = fmt.Sprintf("%s_%s-%s", serverId, org.Name, "project-editors") + } + return policyId +} diff --git a/components/infra-proxy-service/migrations/pipeline/utility_phase_one.go b/components/infra-proxy-service/migrations/pipeline/utility_phase_one.go new file mode 100644 index 00000000000..75977259962 --- /dev/null +++ b/components/infra-proxy-service/migrations/pipeline/utility_phase_one.go @@ -0,0 +1,611 @@ +package pipeline + +import ( + "archive/zip" + "context" + "encoding/json" + "fmt" + "github.com/chef/automate/api/interservice/local_user" + "github.com/chef/automate/components/infra-proxy-service/pipeline" + "github.com/chef/automate/components/infra-proxy-service/storage" + "github.com/pkg/errors" + log "github.com/sirupsen/logrus" + "io" + "os" + "path" + "path/filepath" +) + +func ParseOrgs(ctx context.Context, st storage.Storage, mst storage.MigrationStorage, result pipeline.Result) (pipeline.Result, error) { + var err error + log.Info("Starting with organization parsing phase for migration id: ", result.Meta.MigrationID) + + orgPath := path.Join(result.Meta.UnzipFolder, "organizations") + folder, err := os.Open(orgPath) + if err != nil { + log.Errorf("Failed to open the folder for the file path %s : %s", orgPath, err.Error()) + return result, err + } + + orgNames, err := folder.Readdir(0) + if err != nil { + log.Errorf("Failed to read the files for the file path %s : %s", orgPath, err.Error()) + return result, err + } + _ = folder.Close() + orgsPresentInDB, err := st.GetOrgs(ctx, result.Meta.ServerID) + if err != nil { + log.Errorf("Failed to read orgs from database for %s:%s", result.Meta.ServerID, err.Error()) + return result, err + } + + result.ParsedResult.Orgs = append(result.ParsedResult.Orgs, insertOrUpdateOrg(orgNames, orgsPresentInDB, orgPath)...) + + result.ParsedResult.Orgs = append(result.ParsedResult.Orgs, deleteOrgsIfNotPresentInCurrentFile(orgNames, orgsPresentInDB)...) + + log.Info("Successfully completed the organization parsing phase for migration id: ", result.Meta.MigrationID) + return result, nil + +} + +//CreatePreview Stores the staged data in db +func CreatePreview(ctx context.Context, st storage.Storage, mst storage.MigrationStorage, result pipeline.Result) (pipeline.Result, error) { + log.Info("Starting with create preview phase for migration id: ", result.Meta.MigrationID) + + resultByte, err := json.Marshal(result) + if err != nil { + log.Errorf("Failed to marshal the staged data for the migration id %s : %s", result.Meta.MigrationID, err.Error()) + return result, err + } + + _, err = mst.StoreMigrationStage(ctx, result.Meta.MigrationID, resultByte) + if err != nil { + log.Errorf("Failed to store the staged data %s : %s ", result.Meta.MigrationID, err.Error()) + return result, err + } + log.Info("Successfully completed the create preview phase for migration id: ", result.Meta.MigrationID) + + return result, nil +} + +func createDatabaseOrgsMap(orgs []storage.Org) map[string]string { + orgMap := make(map[string]string) + for _, s := range orgs { + orgMap[s.ID] = s.Name + //Values for comparison + } + return orgMap +} + +func createFileOrgsMap(orgs []os.FileInfo) map[string]string { + orgMap := make(map[string]string) + for _, s := range orgs { + if s.IsDir() { + orgMap[s.Name()] = "" + //No value required for comparison + } + } + return orgMap +} + +func insertOrUpdateOrg(orgsInFiles []os.FileInfo, orgsInDB []storage.Org, orgPath string) []pipeline.Org { + var orgList []pipeline.Org + orgDatabaseMap := createDatabaseOrgsMap(orgsInDB) + var orgJson pipeline.OrgJson + log.Info("Comparing the organization from database and backup file for insert,update and skip action") + //For insert, update and skip action + for _, org := range orgsInFiles { + if org.IsDir() { + orgInfo, valuePresent := orgDatabaseMap[org.Name()] + orgJson = openOrgFolder(org, orgPath) + if valuePresent { + if orgJson.FullName != orgInfo { + //Update org in the result actions + orgList = append(orgList, createOrgStructForAction(orgJson.Name, orgJson.FullName, pipeline.Update)) + } else { + //Skip org action if full names are not equal + orgList = append(orgList, createOrgStructForAction(orgJson.Name, orgJson.FullName, pipeline.Skip)) + + } + } else { + //Insert org action if not present in database + orgList = append(orgList, createOrgStructForAction(orgJson.Name, orgJson.FullName, pipeline.Insert)) + } + } + } + log.Info("Completed comparing the organization from database and backup file for insert,update and skip action") + return orgList +} + +func deleteOrgsIfNotPresentInCurrentFile(orgsInFiles []os.FileInfo, orgsInDB []storage.Org) []pipeline.Org { + var orgList []pipeline.Org + orgFilesMap := createFileOrgsMap(orgsInFiles) + log.Info("Comparing the organization from database and backup file for delete action") + //For delete action by comparing database orgs with file orgs + for _, org := range orgsInDB { + _, valuePresent := orgFilesMap[org.ID] + if !valuePresent { + orgList = append(orgList, createOrgStructForAction(org.ID, org.Name, pipeline.Delete)) + } + } + log.Info("Completed comparing the organization from database and backup file for delete action") + return orgList +} + +func openOrgFolder(org os.FileInfo, fileLocation string) pipeline.OrgJson { + var orgJson pipeline.OrgJson + jsonPath := path.Join(fileLocation, org.Name(), "org.json") + jsonFile, err := os.Open(jsonPath) + // if we os.Open returns an error then handle it + if err != nil { + fmt.Println(err) + } + log.Info("Successfully opened the file at location", jsonPath) + defer func() { + _ = jsonFile.Close() + }() + // defer the closing of our jsonFile so that we can parse it later on + _ = json.NewDecoder(jsonFile).Decode(&orgJson) + return orgJson +} + +func createOrgStructForAction(orgId string, orgName string, ops pipeline.ActionOps) pipeline.Org { + return pipeline.Org{ + Name: orgId, + FullName: orgName, + ActionOps: ops, + } +} + +// Unzip will decompress a zip file and sets the UnzipFolder +func Unzip(result pipeline.Result) (pipeline.Result, error) { + + var fpath string + + reader, err := zip.OpenReader(result.Meta.ZipFile) + if err != nil { + log.Errorf("cannot open reader migration id: %s, %s", result.Meta.MigrationID, err.Error()) + return result, err + } + + for _, file := range reader.File { + + fpath = filepath.Join(filepath.Dir(result.Meta.ZipFile), file.Name) + + if file.FileInfo().IsDir() { + err = os.MkdirAll(fpath, os.ModePerm) + if err != nil { + log.Errorf("cannot create dir for migration id: %s, %s", result.Meta.MigrationID, err.Error()) + } + continue + } + + // Creating the files in the target directory + if err = os.MkdirAll(filepath.Dir(fpath), os.ModePerm); err != nil { + log.Errorf("cannot create directory for migration id: %s, %s", result.Meta.MigrationID, err.Error()) + return result, err + } + + // The created file will be stored in + // outFile with permissions to write &/or truncate + outFile, err := os.OpenFile(fpath, + os.O_WRONLY|os.O_CREATE|os.O_TRUNC, + file.Mode()) + if err != nil { + log.Errorf("cannot create a file for migration id: %s, %s", result.Meta.MigrationID, err.Error()) + return result, err + } + + readClose, err := file.Open() + if err != nil { + log.Errorf("cannot open file for migration id: %s, %s", result.Meta.MigrationID, err.Error()) + return result, err + } + + _, err = io.Copy(outFile, readClose) + if err != nil { + log.Errorf("cannot copy file for migration id: %s, %s", result.Meta.MigrationID, err.Error()) + return result, err + } + _ = outFile.Close() + _ = readClose.Close() + + } + + result.Meta.UnzipFolder = filepath.Dir(fpath) + _ = reader.Close() + + return result, nil +} + +func ValidateZip(result pipeline.Result) (pipeline.Result, error) { + var err error + foundOrg := false + // Find under unzip folder where org folder exists + if err := filepath.Walk(result.Meta.UnzipFolder, func(path string, f os.FileInfo, err error) error { + + // check if base path is `organizations` + if filepath.Base(path) == "organizations" { + // reassign unzipFolder + foundOrg = true + result.Meta.UnzipFolder = filepath.Dir(path) + } + return nil + }); err != nil { + log.Errorf("Failed to find organizations folder for migration id %s : %s", result.Meta.MigrationID, err.Error()) + return result, err + } + if !foundOrg { + return result, errors.New("cannot find organizations folder") + } + // Check if the reassigned unzip folder contains key_dump.json + _, err = os.Stat(result.Meta.UnzipFolder + "/key_dump.json") + if err != nil { + log.Errorf("Failed to validate unzip folder for migration id %s : %s", result.Meta.MigrationID, err.Error()) + return result, err + } + + result.Meta.IsValid = true + return result, nil +} + +// ParseOrgUserAssociation sync the automate org users with chef server org users +func ParseOrgUserAssociation(ctx context.Context, st storage.Storage, result pipeline.Result) (pipeline.Result, error) { + log.Info("Starting with the parsing org user association for migration id :", result.Meta.MigrationID) + var orgUserAssociations []pipeline.OrgsUsersAssociations + var err error + orgUserAssociations, err = getActionForOrgUsers(ctx, st, result) + if err != nil { + log.Errorf("Unable to parse org user association for migration id : %s : %s", result.Meta.MigrationID, err.Error()) + return result, err + } + result.ParsedResult.OrgsUsers = append(result.ParsedResult.OrgsUsers, orgUserAssociations...) + log.Info("Completed with the parsing org user association for migration id :", result.Meta.MigrationID) + return result, nil +} + +func getActionForOrgUsers(ctx context.Context, st storage.Storage, result pipeline.Result) ([]pipeline.OrgsUsersAssociations, error) { + orgUserAssociations := make([]pipeline.OrgsUsersAssociations, 0) + orgPath := path.Join(result.Meta.UnzipFolder, "organizations") + for _, org := range result.ParsedResult.Orgs { + var userAssociations []pipeline.UserAssociation + log.Info("Getting actions for org id", org.Name) + var chefServerOrgUsers []pipeline.UserAssociation + // check whether org directory exist or not + if _, err := os.Stat(path.Join(orgPath, org.Name)); !os.IsNotExist(err) { + chefServerOrgUsers, err = getChefServerOrgUsers(org.Name, orgPath) + if err != nil { + log.Errorf("Unable to get the chef server organization users %s ", err) + return nil, err + } + } + if org.ActionOps == pipeline.Insert { + userAssociations = append(userAssociations, createInsertUserAssociation(chefServerOrgUsers)...) + orgUserAssociations = append(orgUserAssociations, pipeline.OrgsUsersAssociations{OrgName: org, Users: userAssociations}) + continue + } + orgUsersInDb, err := st.GetAutomateOrgUsers(ctx, org.Name) + if err != nil { + log.Errorf("Unable to fetch automate Users for org %s : %s", org.Name, err.Error()) + return nil, err + } + if org.ActionOps == pipeline.Delete { + userAssociations = append(userAssociations, createDeleteUserAssociation(orgUsersInDb)...) + } else { + userAssociations = append(userAssociations, insertOrUpdateActionForOrgUsers(orgUsersInDb, chefServerOrgUsers)...) + userAssociations = append(userAssociations, deleteActionForOrgUses(orgUsersInDb, chefServerOrgUsers)...) + } + orgUserAssociations = append(orgUserAssociations, pipeline.OrgsUsersAssociations{OrgName: org, Users: userAssociations}) + } + return orgUserAssociations, nil +} + +func createInsertUserAssociation(chefServerOrgUsers []pipeline.UserAssociation) []pipeline.UserAssociation { + userAssociation := make([]pipeline.UserAssociation, 0) + for _, user := range chefServerOrgUsers { + userAssociation = append(userAssociation, pipeline.UserAssociation{Username: user.Username, IsAdmin: user.IsAdmin, ActionOps: pipeline.Insert}) + } + return userAssociation +} + +func createDeleteUserAssociation(orgUsersInDb []storage.OrgUser) []pipeline.UserAssociation { + userAssociation := make([]pipeline.UserAssociation, 0) + for _, user := range orgUsersInDb { + userAssociation = append(userAssociation, pipeline.UserAssociation{Username: user.InfraServerUsername, IsAdmin: user.IsAdmin, ActionOps: pipeline.Delete}) + } + return userAssociation +} + +func insertOrUpdateActionForOrgUsers(orgUsers []storage.OrgUser, chefServerOrgUsers []pipeline.UserAssociation) []pipeline.UserAssociation { + var userAssociation []pipeline.UserAssociation + orgUserMapDB := createMapForOrgUsersInDB(orgUsers) + for _, user := range chefServerOrgUsers { + isAdmin, valuePresent := orgUserMapDB[user.Username] + if valuePresent { + //check for the org admins + if user.IsAdmin != isAdmin { + userAssociation = append(userAssociation, pipeline.UserAssociation{Username: user.Username, IsAdmin: user.IsAdmin, ActionOps: pipeline.Update}) + } else { + userAssociation = append(userAssociation, pipeline.UserAssociation{Username: user.Username, IsAdmin: user.IsAdmin, ActionOps: pipeline.Skip}) + } + } else { + userAssociation = append(userAssociation, pipeline.UserAssociation{Username: user.Username, IsAdmin: user.IsAdmin, ActionOps: pipeline.Insert}) + } + } + return userAssociation +} + +func deleteActionForOrgUses(orgUsers []storage.OrgUser, chefServerOrgUsers []pipeline.UserAssociation) []pipeline.UserAssociation { + var userAssociation []pipeline.UserAssociation + orgUserJsonMap := createMapForOrgUsersInJson(chefServerOrgUsers) + for _, user := range orgUsers { + _, valuePresent := orgUserJsonMap[user.InfraServerUsername] + if !valuePresent { + userAssociation = append(userAssociation, pipeline.UserAssociation{Username: user.InfraServerUsername, IsAdmin: user.IsAdmin, ActionOps: pipeline.Delete}) + } + } + + return userAssociation +} + +func createMapForOrgUsersInDB(orgUsers []storage.OrgUser) map[string]bool { + orgUsersMap := make(map[string]bool) + for _, s := range orgUsers { + orgUsersMap[s.InfraServerUsername] = s.IsAdmin + } + return orgUsersMap +} + +func createMapForOrgUsersInJson(chefServerOrgUsers []pipeline.UserAssociation) map[string]string { + orgUsersMap := make(map[string]string) + for _, user := range chefServerOrgUsers { + orgUsersMap[user.Username] = "" + } + return orgUsersMap +} + +// getChefServerOrgUsers returns the chef server organization users from backup file +func getChefServerOrgUsers(orgName, fileLocation string) ([]pipeline.UserAssociation, error) { + orgUsers := make([]pipeline.UserAssociation, 0) + + members, err := getOrgMembers(orgName, fileLocation) + if err != nil { + log.Errorf("Unable to get organization members %s", err) + return nil, err + } + admins, err := getOrgAdmins(orgName, fileLocation) + if err != nil { + log.Errorf("Unable to get organization admins %s", err) + return nil, err + } + orgAdminMap := createMapForOrgAdminsInJson(admins) + for _, member := range members { + orgUser := pipeline.UserAssociation{} + if member.User.Username == "pivotal" { + continue + } + orgUser.Username = member.User.Username + _, valuePresent := orgAdminMap[member.User.Username] + if valuePresent { + orgUser.IsAdmin = true + } + orgUsers = append(orgUsers, orgUser) + } + return orgUsers, nil +} + +// getOrgMembers Get the data of members.json +func getOrgMembers(orgName, fileLocation string) ([]pipeline.MembersJson, error) { + var orgMembers []pipeline.MembersJson + usersJsonPath := path.Join(fileLocation, orgName, "members.json") + usersjsonFile, err := os.Open(usersJsonPath) + // if we os.Open returns an error then handle it + if err != nil { + log.Errorf("Unable to open org members file at the location : %s", usersJsonPath) + return nil, err + } + log.Info("Successfully opened the org members file at location", usersJsonPath) + // defer the closing of our jsonFile so that we can parse it later on + defer func() { + _ = usersjsonFile.Close() + }() + err = json.NewDecoder(usersjsonFile).Decode(&orgMembers) + if err != nil { + log.Errorf("Unable to decode the org members file %s %s", usersJsonPath, err) + return nil, err + } + return orgMembers, nil +} + +// getOrgAdmins Get the data of admins.json +func getOrgAdmins(orgName, fileLocation string) (pipeline.AdminsJson, error) { + var orgAdmins pipeline.AdminsJson + adminJsonPath := path.Join(fileLocation, orgName, "groups", "admins.json") + jsonFile, err := os.Open(adminJsonPath) + // if we os.Open returns an error then handle it + if err != nil { + log.Errorf("Unable to open org admins file at the location : %s %s", adminJsonPath, err) + return pipeline.AdminsJson{}, err + } + log.Info("Successfully opened the org admins file at location", adminJsonPath) + // defer the closing of our jsonFile so that we can parse it later on + defer func() { + _ = jsonFile.Close() + }() + err = json.NewDecoder(jsonFile).Decode(&orgAdmins) + if err != nil { + log.Errorf("Unable to decode the org admins file %s %s", adminJsonPath, err) + return pipeline.AdminsJson{}, err + } + return orgAdmins, nil +} + +func createMapForOrgAdminsInJson(adminsJson pipeline.AdminsJson) map[string]string { + orgAdminsMap := make(map[string]string) + for _, username := range adminsJson.Users { + orgAdminsMap[username] = "" + } + return orgAdminsMap + +} + +//GetUsersForBackup get all the users details from back up file +func GetUsersForBackup(ctx context.Context, st storage.Storage, localUserClient local_user.UsersMgmtServiceClient, result pipeline.Result) (pipeline.Result, error) { + log.Info("starting with user parsing phase for migration id: ", result.Meta.MigrationID) + + file := path.Join(result.Meta.UnzipFolder, "key_dump.json") + var keyDumps []pipeline.KeyDump + + keyDumpFile, err := os.Open(file) + if err != nil { + log.Errorf("failed to open keydump file for user parsing for the migration id: %s : %s", result.Meta.MigrationID, err.Error()) + return result, err + } + + if err = json.NewDecoder(keyDumpFile).Decode(&keyDumps); err != nil { + log.Errorf("failed to decode keydump json for the migration id: %s : %s", result.Meta.MigrationID, err.Error()) + return result, err + } + + serverUsers := keyDumpTOUser(keyDumps) + automateUsers, err := st.GetAutomateInfraServerUsers(ctx, result.Meta.ServerID) + if err != nil { + log.Errorf("failed to get users form db for user parsing for the migration id: %s : %s", result.Meta.MigrationID, err.Error()) + return result, err + } + + var mappedUsers []pipeline.User + + mappedUsers = append(mappedUsers, deleteUser(serverUsers, automateUsers)...) + mappedUsers = append(mappedUsers, insertUpdateSkipUser(ctx, serverUsers, automateUsers, localUserClient)...) + + result.ParsedResult.Users = mappedUsers + return result, nil +} + +// Clean serialized_object and Populate Users struct +func keyDumpTOUser(keyDump []pipeline.KeyDump) []pipeline.User { + users := make([]pipeline.User, 0) + for _, kd := range keyDump { + sec := map[string]string{} + if err := json.Unmarshal([]byte(kd.SerializedObject), &sec); err != nil { + log.Errorf("failed to parse user's first, middle and last name: %s", err.Error()) + } + user := &pipeline.User{ + Username: kd.Username, + Email: kd.Email, + DisplayName: sec["display_name"], + FirstName: sec["first_name"], + LastName: sec["last_name"], + MiddleName: sec["middle_name"], + HashPassword: kd.HashedPassword, + } + user.SetConnector(kd.ExternalAuthenticationUID) + user.SetAutomateUsername(kd.ExternalAuthenticationUID) + + users = append(users, *user) + } + return users +} + +func automateMap(automateUser []storage.User) map[string]storage.User { + automateMap := map[string]storage.User{} + for _, aUser := range automateUser { + automateMap[aUser.InfraServerUsername] = aUser + } + return automateMap +} + +func serverMap(server []pipeline.User) map[string]pipeline.User { + serverMap := map[string]pipeline.User{} + for _, sUser := range server { + serverMap[sUser.Username] = sUser + } + return serverMap +} + +func insertUpdateSkipUser(ctx context.Context, serverUser []pipeline.User, automateUser []storage.User, localUserClient local_user.UsersMgmtServiceClient) []pipeline.User { + var parsedUsers []pipeline.User + autoMap := automateMap(automateUser) + for _, sUser := range serverUser { + if _, ok := autoMap[sUser.Username]; ok { + emptyVal := pipeline.User{} + returnedVal := skipOrUpdate(autoMap, sUser) + if returnedVal != emptyVal { + parsedUsers = append(parsedUsers, returnedVal) + } + } else { + if sUser.Username == "pivotal" { + continue + } else { + if sUser.Connector == pipeline.Local { + userExists := checkUserExist(ctx, localUserClient, sUser) + sUser.IsConflicting = userExists + } + sUser.ActionOps = pipeline.Insert + parsedUsers = append(parsedUsers, sUser) + } + + } + + } + + return parsedUsers +} +func skipOrUpdate(autoMap map[string]storage.User, sUser pipeline.User) pipeline.User { + if autoMap[sUser.Username].InfraServerUsername == sUser.Username { + if autoMap[sUser.Username].InfraServerUsername == sUser.Username && autoMap[sUser.Username].Email == sUser.Email && + autoMap[sUser.Username].DisplayName == sUser.DisplayName && autoMap[sUser.Username].FirstName == sUser.FirstName && + autoMap[sUser.Username].LastName == sUser.LastName && autoMap[sUser.Username].MiddleName == sUser.MiddleName { + sUser.ActionOps = pipeline.Skip + return sUser + + } else { + sUser.ActionOps = pipeline.Update + return sUser + } + } + return pipeline.User{} +} + +func deleteUser(serverUser []pipeline.User, automateUser []storage.User) []pipeline.User { + var parsedUsers []pipeline.User + serverMap := serverMap(serverUser) + for _, aUser := range automateUser { + if _, ok := serverMap[aUser.InfraServerUsername]; !ok { + parsedUsers = append(parsedUsers, pipeline.User{ + Username: aUser.InfraServerUsername, + ActionOps: pipeline.Delete, + }) + } + + } + + return parsedUsers +} + +//checkUserExist check user exists in the local automate or not +func checkUserExist(ctx context.Context, localUserClient local_user.UsersMgmtServiceClient, user pipeline.User) bool { + _, err := localUserClient.GetUser(ctx, &local_user.Email{Email: user.AutomateUsername}) + if err != nil { + log.Errorf(err.Error()) + log.Errorf("Unable to fetch user") + return false + } + return true +} + +func createLocalUser(ctx context.Context, localUserClient local_user.UsersMgmtServiceClient, user pipeline.User) error { + _, err := localUserClient.CreateUser(ctx, &local_user.CreateUserReq{ + Name: user.DisplayName, + Id: user.AutomateUsername, + Password: user.HashPassword, + Email: user.AutomateUsername, + IsHashed: true, + }) + if err != nil { + log.Errorf("Unable to create user in Automate for user : %s with error %s", user.AutomateUsername, err.Error()) + return err + } + return nil +} diff --git a/components/infra-proxy-service/migrations/pipeline/utility_test.go b/components/infra-proxy-service/migrations/pipeline/utility_test.go index 20c4fbf773b..bf896b233eb 100644 --- a/components/infra-proxy-service/migrations/pipeline/utility_test.go +++ b/components/infra-proxy-service/migrations/pipeline/utility_test.go @@ -2,6 +2,7 @@ package pipeline import ( "context" + "fmt" "reflect" "testing" @@ -210,7 +211,7 @@ func TestValidateZip(t *testing.T) { for _, ar := range arg { t.Run(ar.name, func(t *testing.T) { - res, err := ValidateZip(ar.ctx, ar.st, ar.mst, ar.result) + res, err := ValidateZip(ar.result) if err != nil { require.Equal(t, err.Error(), ar.requiredErr.Error()) } else { @@ -466,3 +467,78 @@ func TestStoreUser(t *testing.T) { } } + +func TestStoreUserPermission(t *testing.T) { + type args struct { + ctx context.Context + st storage.Storage + serverID string + orgUserAssociation pipeline.UserAssociation + org pipeline.Org + user pipeline.User + authzClient *authz.MockPoliciesServiceClient + NeedError bool + } + tests := []struct { + name string + args args + want error + want1 pipeline.ActionOps + }{ + {name: "Test Insert User permission for local user", + args: args{ctx: context.Background(), + st: &testDB.TestDB{}, serverID: "server1", + org: pipeline.Org{Name: "org1", FullName: "org1"}, + orgUserAssociation: pipeline.UserAssociation{Username: "user1", IsAdmin: false, ActionOps: pipeline.Insert}, user: pipeline.User{Username: "test1234", AutomateUsername: "123456", Connector: pipeline.Local}, authzClient: authz.NewMockPoliciesServiceClient(gomock.NewController(t))}, want: nil, want1: pipeline.Insert}, + {name: "Test Delete User permission for local user", + args: args{ctx: context.Background(), + st: &testDB.TestDB{}, serverID: "server1", + org: pipeline.Org{Name: "org1", FullName: "org1"}, + orgUserAssociation: pipeline.UserAssociation{Username: "user1", IsAdmin: false, ActionOps: pipeline.Delete}, user: pipeline.User{Username: "test1234", AutomateUsername: "123456", Connector: pipeline.Local}, authzClient: authz.NewMockPoliciesServiceClient(gomock.NewController(t))}, want: nil, want1: pipeline.Delete}, + {name: "Test Update User permission for local user", + args: args{ctx: context.Background(), + st: &testDB.TestDB{}, serverID: "server1", + org: pipeline.Org{Name: "org1", FullName: "org1"}, + orgUserAssociation: pipeline.UserAssociation{Username: "user1", IsAdmin: true, ActionOps: pipeline.Update}, user: pipeline.User{Username: "test1234", AutomateUsername: "123456", Connector: pipeline.Local}, authzClient: authz.NewMockPoliciesServiceClient(gomock.NewController(t))}, want: nil, want1: pipeline.Update}, + {name: "Test Insert User permission for ldap user", + args: args{ctx: context.Background(), + st: &testDB.TestDB{}, serverID: "server1", + org: pipeline.Org{Name: "org1", FullName: "org1"}, + orgUserAssociation: pipeline.UserAssociation{Username: "user1", IsAdmin: true, ActionOps: pipeline.Update}, user: pipeline.User{Username: "test1234", AutomateUsername: "123456", Connector: pipeline.LDAP}, authzClient: authz.NewMockPoliciesServiceClient(gomock.NewController(t))}, want: nil, want1: pipeline.Update}, + {name: "Test Error from User permission service for local user", + args: args{ctx: context.Background(), + st: &testDB.TestDB{}, serverID: "server1", + org: pipeline.Org{Name: "org1", FullName: "org1"}, + orgUserAssociation: pipeline.UserAssociation{Username: "user1", IsAdmin: true, ActionOps: pipeline.Insert}, + user: pipeline.User{Username: "test1234", AutomateUsername: "123456", Connector: pipeline.LDAP}, + authzClient: authz.NewMockPoliciesServiceClient(gomock.NewController(t)), NeedError: true}, + want: errors.New("Already exists"), want1: pipeline.Insert}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + memebers := []string{fmt.Sprintf("user:%s:%s", tt.args.user.Connector, tt.args.user.AutomateUsername)} + tt.args.authzClient.EXPECT().AddPolicyMembers(tt.args.ctx, gomock.Any()).Return(&authz.AddPolicyMembersResp{ + Members: memebers, + }, nil) + tt.args.authzClient.EXPECT().RemovePolicyMembers(tt.args.ctx, gomock.Any()).Return(&authz.RemovePolicyMembersResp{ + Members: memebers, + }, nil) + if tt.args.NeedError { + tt.args.authzClient.EXPECT().AddPolicyMembers(tt.args.ctx, gomock.Any()).Return(&authz.AddPolicyMembersResp{ + Members: memebers, + }, errors.New("Already exists")) + tt.args.authzClient.EXPECT().RemovePolicyMembers(tt.args.ctx, gomock.Any()).Return(&authz.RemovePolicyMembersResp{ + Members: memebers, + }, errors.New("No Policy exists")) + } + got, got1 := MigrateUserPermission(tt.args.ctx, tt.args.org, tt.args.user, tt.args.orgUserAssociation, tt.args.authzClient, tt.args.serverID) + if got != nil && got.Error() != tt.want.Error() { + t.Errorf("storeOrgUserAssociation() got = %v, want %v", got, tt.want) + } + if got1 != tt.want1 { + t.Errorf("storeOrgUserAssociation() got1 = %v, want %v", got1, tt.want1) + } + }) + + } +} diff --git a/components/infra-proxy-service/pipeline/models.go b/components/infra-proxy-service/pipeline/models.go index b9c2b6b5f87..2a50b1637bc 100644 --- a/components/infra-proxy-service/pipeline/models.go +++ b/components/infra-proxy-service/pipeline/models.go @@ -10,8 +10,8 @@ const ( ) const ( - Local = "LOCAL" - LDAP = "LDAP" + Local = "local" + LDAP = "ldap" ) // @@ -67,6 +67,9 @@ type ParsedResult struct { //Counts for total,skipped and failed orgs users associations OrgsUsersAssociationsCount Counts `json:"orgs_users_associations_count"` + + //Counts for total,skipped and failed User permission migration + UserPermission Counts `json:"users_permissions_count"` } // OrgsUsersAssociations @@ -121,6 +124,9 @@ type Org struct { //Counts for total,skipped and failed Counts Counts `json:"counts"` + + //Project for user association + Project string `json:"project"` } type User struct { diff --git a/components/infra-proxy-service/service/service.go b/components/infra-proxy-service/service/service.go index 2299c8a41dd..711adafae1f 100644 --- a/components/infra-proxy-service/service/service.go +++ b/components/infra-proxy-service/service/service.go @@ -25,13 +25,19 @@ type Service struct { Storage storage.Storage Migration storage.MigrationStorage Secrets secrets.SecretsServiceClient - AuthzProjectClient authz.ProjectsServiceClient LocalUser local_user.UsersMgmtServiceClient + AuthzProjectClient authz.ProjectsServiceClient + AuthzPolicyClient authz.PoliciesServiceClient +} + +type AuthzServiceClients struct { + AuthzProjectClient authz.ProjectsServiceClient + AuthzPolicyClient authz.PoliciesServiceClient } // Start returns an instance of Service that connects to a postgres storage backend. func Start(l logger.Logger, migrationsConfig migration.Config, connFactory *secureconn.Factory, secretsClient secrets.SecretsServiceClient, - authzClient authz.AuthorizationServiceClient, authzProjectClient authz.ProjectsServiceClient, localUserClient local_user.UsersMgmtServiceClient) (*Service, error) { + authzClient authz.AuthorizationServiceClient, localUserClient local_user.UsersMgmtServiceClient, authzServiceClients AuthzServiceClients) (*Service, error) { p, pObj, err := postgres.New(l, migrationsConfig, authzClient) if err != nil { return nil, err @@ -42,8 +48,9 @@ func Start(l logger.Logger, migrationsConfig migration.Config, connFactory *secu Storage: p, Migration: pObj, Secrets: secretsClient, - AuthzProjectClient: authzProjectClient, + AuthzProjectClient: authzServiceClients.AuthzProjectClient, LocalUser: localUserClient, + AuthzPolicyClient: authzServiceClients.AuthzPolicyClient, }, nil } diff --git a/components/infra-proxy-service/test/test.go b/components/infra-proxy-service/test/test.go index 0c2d80fd60c..7e4020590ba 100644 --- a/components/infra-proxy-service/test/test.go +++ b/components/infra-proxy-service/test/test.go @@ -113,7 +113,10 @@ func SetupInfraProxyService(ctx context.Context, authzClient := authz.NewAuthorizationServiceClient(authzConn) - authzProjectClient := authz.NewProjectsServiceClient(authzConn) + authzServiceClients := service.AuthzServiceClients{ + AuthzPolicyClient: authz.NewMockPoliciesServiceClient(gomock.NewController(t)), + AuthzProjectClient: authz.NewMockProjectsServiceClient(gomock.NewController(t)), + } secretsClient := secrets.NewMockSecretsServiceClient(gomock.NewController(t)) @@ -125,7 +128,7 @@ func SetupInfraProxyService(ctx context.Context, localUserClient := local_users_api.NewMockUsersMgmtServiceClient(gomock.NewController(t)) - serviceRef, err := service.Start(l, *migrationConfig, connFactory, secretsClient, authzClient, authzProjectClient, localUserClient) + serviceRef, err := service.Start(l, *migrationConfig, connFactory, secretsClient, authzClient, localUserClient, authzServiceClients) if err != nil { t.Fatalf("could not create server: %s", err)