Skip to content

Commit

Permalink
incusd/auth/openfga: Update for OpenFGA 0.3.1
Browse files Browse the repository at this point in the history 
Signed-off-by: Stéphane Graber <[email protected]>
  • Loading branch information
@stgraber
stgraber committed Dec 19, 2023
1 parent f614d0d commit 361e500
Showing 1 changed file with 28 additions and 28 deletions.
56 changes: 28 additions & 28 deletions internal/server/auth/driver_openfga.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -384,7 +384,7 @@ func (f *fga) AddProject(ctx context.Context, _ int64, projectName string) error

func (f *fga) DeleteProject(ctx context.Context, _ int64, projectName string) error {
// Only empty projects can be deleted, so we don't need to worry about any tuples with this project as a parent.
deletions := []client.ClientTupleKey{
deletions := []client.ClientTupleKeyWithoutCondition{
{
// Remove the default profile
User: ObjectProject(projectName).String(),
Expand Down Expand Up @@ -416,7 +416,7 @@ func (f *fga) RenameProject(ctx context.Context, _ int64, oldName string, newNam
}

// Only empty projects can be renamed, so we don't need to worry about any tuples with this project as a parent.
deletions := []client.ClientTupleKey{
deletions := []client.ClientTupleKeyWithoutCondition{
{
// Remove the default profile
User: ObjectProject(oldName).String(),
Expand Down Expand Up @@ -448,7 +448,7 @@ func (f *fga) AddCertificate(ctx context.Context, fingerprint string) error {

// DeleteCertificate is a no-op.
func (f *fga) DeleteCertificate(ctx context.Context, fingerprint string) error {
deletions := []client.ClientTupleKey{
deletions := []client.ClientTupleKeyWithoutCondition{
{
User: ObjectServer().String(),
Relation: relationServer,
Expand All @@ -474,7 +474,7 @@ func (f *fga) AddStoragePool(ctx context.Context, storagePoolName string) error

// DeleteStoragePool is a no-op.
func (f *fga) DeleteStoragePool(ctx context.Context, storagePoolName string) error {
deletions := []client.ClientTupleKey{
deletions := []client.ClientTupleKeyWithoutCondition{
{
User: ObjectServer().String(),
Relation: relationServer,
Expand All @@ -500,7 +500,7 @@ func (f *fga) AddImage(ctx context.Context, projectName string, fingerprint stri

// DeleteImage is a no-op.
func (f *fga) DeleteImage(ctx context.Context, projectName string, fingerprint string) error {
deletions := []client.ClientTupleKey{
deletions := []client.ClientTupleKeyWithoutCondition{
{
User: ObjectProject(projectName).String(),
Relation: relationProject,
Expand All @@ -526,7 +526,7 @@ func (f *fga) AddImageAlias(ctx context.Context, projectName string, imageAliasN

// DeleteImageAlias is a no-op.
func (f *fga) DeleteImageAlias(ctx context.Context, projectName string, imageAliasName string) error {
deletions := []client.ClientTupleKey{
deletions := []client.ClientTupleKeyWithoutCondition{
{
User: ObjectProject(projectName).String(),
Relation: relationProject,
Expand All @@ -547,7 +547,7 @@ func (f *fga) RenameImageAlias(ctx context.Context, projectName string, oldAlias
},
}

deletions := []client.ClientTupleKey{
deletions := []client.ClientTupleKeyWithoutCondition{
{
User: ObjectProject(projectName).String(),
Relation: relationProject,
Expand All @@ -573,7 +573,7 @@ func (f *fga) AddInstance(ctx context.Context, projectName string, instanceName

// DeleteInstance is a no-op.
func (f *fga) DeleteInstance(ctx context.Context, projectName string, instanceName string) error {
deletions := []client.ClientTupleKey{
deletions := []client.ClientTupleKeyWithoutCondition{
{
User: ObjectProject(projectName).String(),
Relation: relationProject,
Expand All @@ -594,7 +594,7 @@ func (f *fga) RenameInstance(ctx context.Context, projectName string, oldInstanc
},
}

deletions := []client.ClientTupleKey{
deletions := []client.ClientTupleKeyWithoutCondition{
{
User: ObjectProject(projectName).String(),
Relation: relationProject,
Expand All @@ -620,7 +620,7 @@ func (f *fga) AddNetwork(ctx context.Context, projectName string, networkName st

// DeleteNetwork is a no-op.
func (f *fga) DeleteNetwork(ctx context.Context, projectName string, networkName string) error {
deletions := []client.ClientTupleKey{
deletions := []client.ClientTupleKeyWithoutCondition{
{
User: ObjectProject(projectName).String(),
Relation: relationProject,
Expand All @@ -641,7 +641,7 @@ func (f *fga) RenameNetwork(ctx context.Context, projectName string, oldNetworkN
},
}

deletions := []client.ClientTupleKey{
deletions := []client.ClientTupleKeyWithoutCondition{
{
User: ObjectProject(projectName).String(),
Relation: relationProject,
Expand All @@ -667,7 +667,7 @@ func (f *fga) AddNetworkZone(ctx context.Context, projectName string, networkZon

// DeleteNetworkZone is a no-op.
func (f *fga) DeleteNetworkZone(ctx context.Context, projectName string, networkZoneName string) error {
deletions := []client.ClientTupleKey{
deletions := []client.ClientTupleKeyWithoutCondition{
{
User: ObjectProject(projectName).String(),
Relation: relationProject,
Expand All @@ -693,7 +693,7 @@ func (f *fga) AddNetworkACL(ctx context.Context, projectName string, networkACLN

// DeleteNetworkACL is a no-op.
func (f *fga) DeleteNetworkACL(ctx context.Context, projectName string, networkACLName string) error {
deletions := []client.ClientTupleKey{
deletions := []client.ClientTupleKeyWithoutCondition{
{
User: ObjectProject(projectName).String(),
Relation: relationProject,
Expand All @@ -714,7 +714,7 @@ func (f *fga) RenameNetworkACL(ctx context.Context, projectName string, oldNetwo
},
}

deletions := []client.ClientTupleKey{
deletions := []client.ClientTupleKeyWithoutCondition{
{
User: ObjectProject(projectName).String(),
Relation: relationProject,
Expand All @@ -740,15 +740,15 @@ func (f *fga) AddProfile(ctx context.Context, projectName string, profileName st

// DeleteProfile is a no-op.
func (f *fga) DeleteProfile(ctx context.Context, projectName string, profileName string) error {
deletes := []client.ClientTupleKey{
deletions := []client.ClientTupleKeyWithoutCondition{
{
User: ObjectProject(projectName).String(),
Relation: relationProject,
Object: ObjectProfile(projectName, profileName).String(),
},
}

return f.updateTuples(ctx, nil, deletes)
return f.updateTuples(ctx, nil, deletions)
}

// RenameProfile is a no-op.
Expand All @@ -761,15 +761,15 @@ func (f *fga) RenameProfile(ctx context.Context, projectName string, oldProfileN
},
}

deletes := []client.ClientTupleKey{
deletions := []client.ClientTupleKeyWithoutCondition{
{
User: ObjectProject(projectName).String(),
Relation: relationProject,
Object: ObjectProfile(projectName, oldProfileName).String(),
},
}

return f.updateTuples(ctx, writes, deletes)
return f.updateTuples(ctx, writes, deletions)
}

// AddStoragePoolVolume is a no-op.
Expand All @@ -787,7 +787,7 @@ func (f *fga) AddStoragePoolVolume(ctx context.Context, projectName string, stor

// DeleteStoragePoolVolume is a no-op.
func (f *fga) DeleteStoragePoolVolume(ctx context.Context, projectName string, storagePoolName string, storageVolumeType string, storageVolumeName string, storageVolumeLocation string) error {
deletions := []client.ClientTupleKey{
deletions := []client.ClientTupleKeyWithoutCondition{
{
User: ObjectProject(projectName).String(),
Relation: relationProject,
Expand All @@ -808,7 +808,7 @@ func (f *fga) RenameStoragePoolVolume(ctx context.Context, projectName string, s
},
}

deletions := []client.ClientTupleKey{
deletions := []client.ClientTupleKeyWithoutCondition{
{
User: ObjectProject(projectName).String(),
Relation: relationProject,
Expand All @@ -834,7 +834,7 @@ func (f *fga) AddStorageBucket(ctx context.Context, projectName string, storageP

// DeleteStorageBucket is a no-op.
func (f *fga) DeleteStorageBucket(ctx context.Context, projectName string, storagePoolName string, storageBucketName string, storageBucketLocation string) error {
deletions := []client.ClientTupleKey{
deletions := []client.ClientTupleKeyWithoutCondition{
{
User: ObjectProject(projectName).String(),
Relation: relationProject,
Expand All @@ -845,7 +845,7 @@ func (f *fga) DeleteStorageBucket(ctx context.Context, projectName string, stora
return f.updateTuples(ctx, nil, deletions)
}

func (f *fga) updateTuples(ctx context.Context, writes []client.ClientTupleKey, deletions []client.ClientTupleKey) error {
func (f *fga) updateTuples(ctx context.Context, writes []client.ClientTupleKey, deletions []client.ClientTupleKeyWithoutCondition) error {
// If offline, skip updating as a full sync will happen after connection.
if !f.online {
return nil
Expand All @@ -870,15 +870,15 @@ func (f *fga) updateTuples(ctx context.Context, writes []client.ClientTupleKey,
body := client.ClientWriteRequest{}

if writes != nil {
body.Writes = &writes
body.Writes = writes
} else {
body.Writes = &[]client.ClientTupleKey{}
body.Writes = []client.ClientTupleKey{}
}

if deletions != nil {
body.Deletes = &deletions
body.Deletes = deletions
} else {
body.Deletes = &[]client.ClientTupleKey{}
body.Deletes = []openfga.TupleKeyWithoutCondition{}
}

clientWriteResponse, err := f.client.Write(ctx).Options(opts).Body(body).Execute()
Expand Down Expand Up @@ -938,7 +938,7 @@ func (f *fga) projectObjects(ctx context.Context, projectName string) ([]string,

func (f *fga) syncResources(ctx context.Context, resources Resources) error {
var writes []client.ClientTupleKey
var deletions []client.ClientTupleKey
var deletions []client.ClientTupleKeyWithoutCondition

// Check if the type-bound public access is set.
resp, err := f.client.Check(ctx).Options(client.ClientCheckOptions{AuthorizationModelId: openfga.PtrString(f.authModelID)}).Body(client.ClientCheckRequest{
Expand Down Expand Up @@ -990,7 +990,7 @@ func (f *fga) syncResources(ctx context.Context, resources Resources) error {
user = ObjectProject(remoteObject.Project()).String()
}

deletions = append(deletions, client.ClientTupleKey{
deletions = append(deletions, client.ClientTupleKeyWithoutCondition{
User: user,
Relation: relation,
Object: remoteObject.String(),
Expand Down

0 comments on commit 361e500

Please sign in to comment.