Skip to content

feat: added api for getting list of all default rbac roles #3344

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
May 4, 2023
Merged

feat: added api for getting list of all default rbac roles #3344

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e3e68c5
added api for getting list of all default roles
kartik-579 May 4, 2023
cc12d8e
added router, resthandler, service
kartik-579 May 4, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 7 additions & 1 deletion api/router/router.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,7 @@ type MuxRouter struct {
userTerminalAccessRouter terminal2.UserTerminalAccessRouter
ciStatusUpdateCron cron.CiStatusUpdateCron
appGroupingRouter AppGroupingRouter
rbacRoleRouter user.RbacRoleRouter
}

func NewMuxRouter(logger *zap.SugaredLogger, HelmRouter PipelineTriggerRouter, PipelineConfigRouter PipelineConfigRouter,
Expand Down Expand Up @@ -146,7 +147,8 @@ func NewMuxRouter(logger *zap.SugaredLogger, HelmRouter PipelineTriggerRouter, P
helmApplicationStatusUpdateHandler cron.CdApplicationStatusUpdateHandler, k8sCapacityRouter k8s.K8sCapacityRouter,
webhookHelmRouter webhookHelm.WebhookHelmRouter, globalCMCSRouter GlobalCMCSRouter,
userTerminalAccessRouter terminal2.UserTerminalAccessRouter,
jobRouter JobRouter, ciStatusUpdateCron cron.CiStatusUpdateCron, appGroupingRouter AppGroupingRouter) *MuxRouter {
jobRouter JobRouter, ciStatusUpdateCron cron.CiStatusUpdateCron, appGroupingRouter AppGroupingRouter,
rbacRoleRouter user.RbacRoleRouter) *MuxRouter {
r := &MuxRouter{
Router: mux.NewRouter(),
HelmRouter: HelmRouter,
Expand Down Expand Up @@ -215,6 +217,7 @@ func NewMuxRouter(logger *zap.SugaredLogger, HelmRouter PipelineTriggerRouter, P
ciStatusUpdateCron: ciStatusUpdateCron,
JobRouter: jobRouter,
appGroupingRouter: appGroupingRouter,
rbacRoleRouter: rbacRoleRouter,
}
return r
}
Expand Down Expand Up @@ -422,4 +425,7 @@ func (r MuxRouter) Init() {

userTerminalAccessRouter := r.Router.PathPrefix("/orchestrator/user/terminal").Subrouter()
r.userTerminalAccessRouter.InitTerminalAccessRouter(userTerminalAccessRouter)

rbacRoleRouter := r.Router.PathPrefix("/orchestrator/rbac/role").Subrouter()
r.rbacRoleRouter.InitRbacRoleRouter(rbacRoleRouter)
}
58 changes: 58 additions & 0 deletions api/user/RbacRoleRestHandler.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
package user

import (
"errors"
"github.com/devtron-labs/devtron/api/restHandler/common"
"github.com/devtron-labs/devtron/pkg/user"
"github.com/devtron-labs/devtron/pkg/user/casbin"
"go.uber.org/zap"
"gopkg.in/go-playground/validator.v9"
"net/http"
)

type RbacRoleRestHandler interface {
GetAllDefaultRoles(w http.ResponseWriter, r *http.Request)
}

type RbacRoleRestHandlerImpl struct {
logger *zap.SugaredLogger
validator *validator.Validate
rbacRoleService user.RbacRoleService
userService user.UserService
enforcer casbin.Enforcer
}

func NewRbacRoleHandlerImpl(logger *zap.SugaredLogger,
validator *validator.Validate, rbacRoleService user.RbacRoleService,
userService user.UserService, enforcer casbin.Enforcer) *RbacRoleRestHandlerImpl {
rbacRoleRestHandlerImpl := &RbacRoleRestHandlerImpl{
logger: logger,
validator: validator,
rbacRoleService: rbacRoleService,
userService: userService,
enforcer: enforcer,
}
return rbacRoleRestHandlerImpl
}

func (handler *RbacRoleRestHandlerImpl) GetAllDefaultRoles(w http.ResponseWriter, r *http.Request) {
userId, err := handler.userService.GetLoggedInUser(r)
if userId == 0 || err != nil {
common.WriteJsonResp(w, err, "Unauthorized User", http.StatusUnauthorized)
return
}
handler.logger.Debugw("request payload, GetAllDefaultRoles")
// RBAC enforcer applying
token := r.Header.Get("token")
if ok := handler.enforcer.Enforce(token, casbin.ResourceUser, casbin.ActionGet, "*"); !ok {
common.WriteJsonResp(w, errors.New("unauthorized"), nil, http.StatusForbidden)
return
}
roles, err := handler.rbacRoleService.GetAllDefaultRoles()
if err != nil {
handler.logger.Errorw("service error, GetAllDefaultRoles", "err", err)
common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
return
}
common.WriteJsonResp(w, nil, roles, http.StatusOK)
}
32 changes: 32 additions & 0 deletions api/user/RbacRoleRouter.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
package user

import (
"github.com/gorilla/mux"
"go.uber.org/zap"
"gopkg.in/go-playground/validator.v9"
)

type RbacRoleRouter interface {
InitRbacRoleRouter(rbacRoleRouter *mux.Router)
}

type RbacRoleRouterImpl struct {
logger *zap.SugaredLogger
validator *validator.Validate
rbacRoleRestHandler RbacRoleRestHandler
}

func NewRbacRoleRouterImpl(logger *zap.SugaredLogger,
validator *validator.Validate, rbacRoleRestHandler RbacRoleRestHandler) *RbacRoleRouterImpl {
rbacRoleRouterImpl := &RbacRoleRouterImpl{
logger: logger,
validator: validator,
rbacRoleRestHandler: rbacRoleRestHandler,
}
return rbacRoleRouterImpl
}

func (router RbacRoleRouterImpl) InitRbacRoleRouter(rbacRoleRouter *mux.Router) {
rbacRoleRouter.Path("").
HandlerFunc(router.rbacRoleRestHandler.GetAllDefaultRoles).Methods("GET")
}
7 changes: 7 additions & 0 deletions api/user/wire_user.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,4 +55,11 @@ var UserWireSet = wire.NewSet(
wire.Bind(new(repository.RbacRoleDataRepository), new(*repository.RbacRoleDataRepositoryImpl)),
repository.NewRbacDataCacheFactoryImpl,
wire.Bind(new(repository.RbacDataCacheFactory), new(*repository.RbacDataCacheFactoryImpl)),

NewRbacRoleRouterImpl,
wire.Bind(new(RbacRoleRouter), new(*RbacRoleRouterImpl)),
NewRbacRoleHandlerImpl,
wire.Bind(new(RbacRoleRestHandler), new(*RbacRoleRestHandlerImpl)),
user.NewRbacRoleServiceImpl,
wire.Bind(new(user.RbacRoleService), new(*user.RbacRoleServiceImpl)),
)
6 changes: 5 additions & 1 deletion cmd/external-app/router.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@ type MuxRouter struct {
userTerminalAccessRouter terminal.UserTerminalAccessRouter
attributesRouter router.AttributesRouter
appRouter router.AppRouter
rbacRoleRouter user.RbacRoleRouter
}

func NewMuxRouter(
Expand Down Expand Up @@ -86,6 +87,7 @@ func NewMuxRouter(
userTerminalAccessRouter terminal.UserTerminalAccessRouter,
attributesRouter router.AttributesRouter,
appRouter router.AppRouter,
rbacRoleRouter user.RbacRoleRouter,
) *MuxRouter {
r := &MuxRouter{
Router: mux.NewRouter(),
Expand Down Expand Up @@ -116,6 +118,7 @@ func NewMuxRouter(
userTerminalAccessRouter: userTerminalAccessRouter,
attributesRouter: attributesRouter,
appRouter: appRouter,
rbacRoleRouter: rbacRoleRouter,
}
return r
}
Expand Down Expand Up @@ -157,7 +160,8 @@ func (r *MuxRouter) Init() {
r.UserAuthRouter.InitUserAuthRouter(rootRouter)
userRouter := baseRouter.PathPrefix("/user").Subrouter()
r.userRouter.InitUserRouter(userRouter)

rbacRoleRouter := baseRouter.PathPrefix("/rbac/role").Subrouter()
r.rbacRoleRouter.InitRbacRoleRouter(rbacRoleRouter)
clusterRouter := baseRouter.PathPrefix("/cluster").Subrouter()
r.clusterRouter.InitClusterRouter(clusterRouter)

Expand Down
5 changes: 4 additions & 1 deletion cmd/external-app/wire_gen.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

47 changes: 47 additions & 0 deletions pkg/user/RbacRoleService.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
package user

import (
"github.com/devtron-labs/devtron/pkg/user/bean"
"github.com/devtron-labs/devtron/pkg/user/repository"
"go.uber.org/zap"
)

type RbacRoleService interface {
GetAllDefaultRoles() ([]*bean.RbacRoleDto, error)
}

type RbacRoleServiceImpl struct {
logger *zap.SugaredLogger
rbacRoleDataRepository repository.RbacRoleDataRepository
}

func NewRbacRoleServiceImpl(logger *zap.SugaredLogger,
rbacRoleDataRepository repository.RbacRoleDataRepository) *RbacRoleServiceImpl {
return &RbacRoleServiceImpl{
logger: logger,
rbacRoleDataRepository: rbacRoleDataRepository,
}
}
func (impl *RbacRoleServiceImpl) GetAllDefaultRoles() ([]*bean.RbacRoleDto, error) {
//getting all roles from default data repository
defaultRoles, err := impl.rbacRoleDataRepository.GetRoleDataForAllRoles()
if err != nil {
impl.logger.Errorw("error in getting all default roles data", "err", err)
return nil, err
}
defaultRolesResp := make([]*bean.RbacRoleDto, 0, len(defaultRoles))
for _, defaultRole := range defaultRoles {
defaultRoleResp := &bean.RbacRoleDto{
Id: defaultRole.Id,
RoleName: defaultRole.Role,
RoleDisplayName: defaultRole.RoleDisplayName,
RoleDescription: defaultRole.RoleDescription,
RbacPolicyEntityGroupDto: &bean.RbacPolicyEntityGroupDto{
Entity: defaultRole.Entity,
AccessType: defaultRole.AccessType,
},
}
defaultRolesResp = append(defaultRolesResp, defaultRoleResp)
}
return defaultRolesResp, nil
}
13 changes: 13 additions & 0 deletions pkg/user/bean/bean.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,3 +31,16 @@ const (
EMPTY_ROLEFILTER_ENTRY_PLACEHOLDER = "NONE"
RoleNotFoundStatusPrefix = "role not fount for any given filter: "
)

type RbacRoleDto struct {
Id int `json:"id"` // id of the default role
RoleName string `json:"roleName"`
RoleDisplayName string `json:"roleDisplayName"`
RoleDescription string `json:"roleDescription"`
*RbacPolicyEntityGroupDto
}

type RbacPolicyEntityGroupDto struct {
Entity string `json:"entity" validate:"oneof=apps cluster chart-group"`
AccessType string `json:"accessType,omitempty"`
}
5 changes: 4 additions & 1 deletion wire_gen.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.