Merge pull request #93 from jmelis/RHCLOUD-34169

RHCLOUD-34169 resource registration
project-kessel · Sep 11, 2024 · 99ec856 · 99ec856
2 parents 9310dac + affc77c
commit 99ec856
Show file tree

Hide file tree

Showing 10 changed files with 127 additions and 2 deletions.
diff --git a/data/host-service-account.json b/data/host-service-account.json
@@ -1,7 +1,7 @@
 {
   "rhelHost": {
     "metadata": {
-      "workspace": ""
+      "workspace": "workspace1"
     },
     "reporter_data": {
       "reporter_type": "OCM",

diff --git a/data/host.json b/data/host.json
@@ -2,7 +2,7 @@
   "rhelHost": {
     "metadata": {
       "resource_type": "rhel-host",
-      "workspace": ""
+      "workspace": "workspace1"
     },
     "reporter_data": {
       "reporter_type": "OCM",

diff --git a/deploy/schema.yaml b/deploy/schema.yaml
@@ -85,3 +85,7 @@ schema: |-
     permission disable = workspace->notifications_integration_disable
     permission enable = workspace->notifications_integration_enable
   }
+
+  definition hbi/rhel_host {
+    relation workspace: rbac/workspace
+  }
diff --git a/internal/authz/allow/allow.go b/internal/authz/allow/allow.go
@@ -31,3 +31,7 @@ func (a *AllowAllAuthz) CreateTuples(ctx context.Context, r *kessel.CreateTuples
 func (a *AllowAllAuthz) DeleteTuples(ctx context.Context, r *kessel.DeleteTuplesRequest) (*kessel.DeleteTuplesResponse, error) {
 	return &kessel.DeleteTuplesResponse{}, nil
 }
+
+func (a *AllowAllAuthz) SetWorkspace(ctx context.Context, local_resource_id, workspace, name, namespace string) (*kessel.CreateTuplesResponse, error) {
+	return &kessel.CreateTuplesResponse{}, nil
+}
diff --git a/internal/authz/api/authz-service.go b/internal/authz/api/authz-service.go
@@ -10,4 +10,5 @@ type Authorizer interface {
 	Check(context.Context, *kessel.CheckRequest) (*kessel.CheckResponse, error)
 	CreateTuples(context.Context, *kessel.CreateTuplesRequest) (*kessel.CreateTuplesResponse, error)
 	DeleteTuples(context.Context, *kessel.DeleteTuplesRequest) (*kessel.DeleteTuplesResponse, error)
+	SetWorkspace(context.Context, string, string, string, string) (*kessel.CreateTuplesResponse, error)
 }
diff --git a/internal/authz/kessel/kessel.go b/internal/authz/kessel/kessel.go
@@ -2,6 +2,8 @@ package kessel
 
 import (
 	"context"
+	"fmt"
+
 	"github.com/go-kratos/kratos/v2/log"
 	authzapi "github.com/project-kessel/inventory-api/internal/authz/api"
 	kessel "github.com/project-kessel/relations-api/api/kessel/relations/v1beta1"
@@ -69,3 +71,41 @@ func (a *KesselAuthz) DeleteTuples(ctx context.Context, r *kessel.DeleteTuplesRe
 	}
 	return a.TupleService.DeleteTuples(ctx, r, opts...)
 }
+
+func (a *KesselAuthz) SetWorkspace(ctx context.Context, local_resource_id, workspace, namespace, name string) (*kessel.CreateTuplesResponse, error) {
+	if workspace == "" {
+		return nil, fmt.Errorf("workspace is required")
+	}
+
+	// TODO: remove previous tuple for workspace
+
+	rels := []*kessel.Relationship{{
+		Resource: &kessel.ObjectReference{
+			Type: &kessel.ObjectType{
+				Name:      name,
+				Namespace: namespace,
+			},
+			Id: local_resource_id,
+		},
+		Relation: "workspace",
+		Subject: &kessel.SubjectReference{
+			Subject: &kessel.ObjectReference{
+				Type: &kessel.ObjectType{
+					Name:      "workspace",
+					Namespace: "rbac",
+				},
+				Id: workspace,
+			},
+		},
+	}}
+
+	response, err := a.CreateTuples(ctx, &kessel.CreateTuplesRequest{
+		Tuples: rels,
+	})
+
+	if err != nil {
+		return nil, err
+	}
+
+	return response, nil
+}
diff --git a/internal/data/hosts/hosts.go b/internal/data/hosts/hosts.go
@@ -49,6 +49,14 @@ func (r *hostsRepo) Save(ctx context.Context, model *biz.Host) (*biz.Host, error
 			return nil, err
 		}
 	}
+
+	if r.Authz != nil {
+		_, err := r.Authz.SetWorkspace(ctx, model.Metadata.Reporters[0].LocalResourceId, model.Metadata.Workspace, "hbi", "rhel_host")
+		if err != nil {
+			return nil, err
+		}
+	}
+
 	return model, nil
 }
 
@@ -73,6 +81,14 @@ func (r *hostsRepo) Update(ctx context.Context, model *biz.Host, id string) (*bi
 			return nil, err
 		}
 	}
+
+	if r.Authz != nil {
+		_, err := r.Authz.SetWorkspace(ctx, model.Metadata.Reporters[0].LocalResourceId, model.Metadata.Workspace, "hbi", "rhel_host")
+		if err != nil {
+			return nil, err
+		}
+	}
+
 	return model, nil
 }
 
@@ -96,6 +112,9 @@ func (r *hostsRepo) Delete(ctx context.Context, id string) error {
 			return err
 		}
 	}
+
+	// TODO: delete the workspace tuple
+
 	return nil
 }
 

diff --git a/internal/data/k8sclusters/k8sclusters.go b/internal/data/k8sclusters/k8sclusters.go
@@ -46,6 +46,14 @@ func (r *k8sclustersRepo) Save(ctx context.Context, model *biz.K8SCluster) (*biz
 			return nil, err
 		}
 	}
+
+	if r.Authz != nil {
+		_, err := r.Authz.SetWorkspace(ctx, model.Metadata.Reporters[0].LocalResourceId, model.Metadata.Workspace, "acm", "k8scluster")
+		if err != nil {
+			return nil, err
+		}
+	}
+
 	return model, nil
 }
 
@@ -71,6 +79,14 @@ func (r *k8sclustersRepo) Update(ctx context.Context, model *biz.K8SCluster, id
 			return nil, err
 		}
 	}
+
+	if r.Authz != nil {
+		_, err := r.Authz.SetWorkspace(ctx, model.Metadata.Reporters[0].LocalResourceId, model.Metadata.Workspace, "acm", "k8scluster")
+		if err != nil {
+			return nil, err
+		}
+	}
+
 	return model, nil
 }
 
@@ -94,6 +110,9 @@ func (r *k8sclustersRepo) Delete(ctx context.Context, id string) error {
 			return err
 		}
 	}
+
+	// TODO: delete the workspace tuple
+
 	return nil
 }
 

diff --git a/internal/data/k8spolicies/k8spolicies.go b/internal/data/k8spolicies/k8spolicies.go
@@ -49,6 +49,14 @@ func (r *k8spoliciesRepo) Save(ctx context.Context, model *biz.K8sPolicy) (*biz.
 			return nil, err
 		}
 	}
+
+	if r.Authz != nil {
+		_, err := r.Authz.SetWorkspace(ctx, model.Metadata.Reporters[0].LocalResourceId, model.Metadata.Workspace, "acm", "k8spolicy")
+		if err != nil {
+			return nil, err
+		}
+	}
+
 	return model, nil
 }
 
@@ -74,6 +82,14 @@ func (r *k8spoliciesRepo) Update(ctx context.Context, model *biz.K8sPolicy, id s
 			return nil, err
 		}
 	}
+
+	if r.Authz != nil {
+		_, err := r.Authz.SetWorkspace(ctx, model.Metadata.Reporters[0].LocalResourceId, model.Metadata.Workspace, "acm", "k8spolicy")
+		if err != nil {
+			return nil, err
+		}
+	}
+
 	return model, nil
 }
 
@@ -97,6 +113,9 @@ func (r *k8spoliciesRepo) Delete(ctx context.Context, id string) error {
 			return err
 		}
 	}
+
+	// TODO: delete the workspace tuple
+
 	return nil
 }
 

diff --git a/internal/data/notificationsintegrations/notificationsintegrations.go b/internal/data/notificationsintegrations/notificationsintegrations.go
@@ -49,6 +49,14 @@ func (r *notificationsintegrationsRepo) Save(ctx context.Context, model *biz.Not
 			return nil, err
 		}
 	}
+
+	if r.Authz != nil {
+		_, err := r.Authz.SetWorkspace(ctx, model.Metadata.Reporters[0].LocalResourceId, model.Metadata.Workspace, "notifications", "integration")
+		if err != nil {
+			return nil, err
+		}
+	}
+
 	return model, nil
 }
 
@@ -73,6 +81,14 @@ func (r *notificationsintegrationsRepo) Update(ctx context.Context, model *biz.N
 			return nil, err
 		}
 	}
+
+	if r.Authz != nil {
+		_, err := r.Authz.SetWorkspace(ctx, model.Metadata.Reporters[0].LocalResourceId, model.Metadata.Workspace, "notifications", "integration")
+		if err != nil {
+			return nil, err
+		}
+	}
+
 	return model, nil
 }
 
@@ -96,6 +112,9 @@ func (r *notificationsintegrationsRepo) Delete(ctx context.Context, id string) e
 			return err
 		}
 	}
+
+	// TODO: delete the workspace tuple
+
 	return nil
 }