Compare commits
17 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 argoyle
|
46e1bd284c | ||
|
argoyle
|
16e5ad4f23 | ||
|
argoyle
|
f5c18e4515 | ||
|
argoyle
|
e3c79092c2 | ||
|
argoyle
|
7815c85c92 | ||
|
argoyle
|
de664d7a05 | ||
|
argoyle
|
67963fcdc1 | ||
|
argoyle
|
d3a504ca68 | ||
|
argoyle
|
233197999f | ||
|
argoyle
|
1ea2469c77 | ||
|
argoyle
|
775553c2d5 | ||
|
argoyle
|
4203f4474f | ||
|
argoyle
|
cc7de2e5a1 | ||
|
argoyle
|
f14aec80d9 | ||
|
argoyle
|
cbd358ba85 | ||
|
argoyle
|
df845a7b4b | ||
|
argoyle
|
d8f6785032 |
+6
-6
@@ -1,7 +1,7 @@
|
|||||||
include:
|
include:
|
||||||
- template: 'Workflows/MergeRequest-Pipelines.gitlab-ci.yml'
|
- template: 'Workflows/MergeRequest-Pipelines.gitlab-ci.yml'
|
||||||
|
|
||||||
image: golang:1.20.4
|
image: golang:1.21.5
|
||||||
|
|
||||||
stages:
|
stages:
|
||||||
- deps
|
- deps
|
||||||
@@ -42,7 +42,7 @@ test:
|
|||||||
|
|
||||||
vulnerabilities:
|
vulnerabilities:
|
||||||
stage: test
|
stage: test
|
||||||
image: golang:1.20.4
|
image: golang:1.21.5
|
||||||
script:
|
script:
|
||||||
- go install golang.org/x/vuln/cmd/govulncheck@latest
|
- go install golang.org/x/vuln/cmd/govulncheck@latest
|
||||||
- govulncheck ./...
|
- govulncheck ./...
|
||||||
@@ -53,10 +53,10 @@ prepare_release:
|
|||||||
before_script:
|
before_script:
|
||||||
- npm install -g conventional-changelog-cli
|
- npm install -g conventional-changelog-cli
|
||||||
script:
|
script:
|
||||||
- echo "DESCRIPTION=$(conventional-changelog -p conventionalcommits)" > variables.env
|
- conventional-changelog -p conventionalcommits > ./release.description
|
||||||
artifacts:
|
artifacts:
|
||||||
reports:
|
paths:
|
||||||
dotenv: variables.env
|
- release.description
|
||||||
rules:
|
rules:
|
||||||
- if: $CI_COMMIT_TAG
|
- if: $CI_COMMIT_TAG
|
||||||
|
|
||||||
@@ -70,6 +70,6 @@ release:
|
|||||||
- echo "Running release_job for $TAG"
|
- echo "Running release_job for $TAG"
|
||||||
release:
|
release:
|
||||||
tag_name: '$CI_COMMIT_TAG'
|
tag_name: '$CI_COMMIT_TAG'
|
||||||
description: '$DESCRIPTION'
|
description: ./release.description
|
||||||
rules:
|
rules:
|
||||||
- if: $CI_COMMIT_TAG
|
- if: $CI_COMMIT_TAG
|
||||||
|
|||||||
@@ -0,0 +1,2 @@
|
|||||||
|
run:
|
||||||
|
allow-parallel-runners: true
|
||||||
@@ -10,19 +10,15 @@ repos:
|
|||||||
args:
|
args:
|
||||||
- --allow-multiple-documents
|
- --allow-multiple-documents
|
||||||
- id: check-added-large-files
|
- id: check-added-large-files
|
||||||
- repo: https://github.com/jumanjihouse/pre-commit-hooks
|
|
||||||
rev: 3.0.0
|
|
||||||
hooks:
|
|
||||||
- id: markdownlint
|
|
||||||
- repo: https://gitlab.com/devopshq/gitlab-ci-linter
|
- repo: https://gitlab.com/devopshq/gitlab-ci-linter
|
||||||
rev: v1.0.3
|
rev: v1.0.5
|
||||||
hooks:
|
hooks:
|
||||||
- id: gitlab-ci-linter
|
- id: gitlab-ci-linter
|
||||||
args:
|
args:
|
||||||
- --project
|
- --project
|
||||||
- unboundsoftware/shiny/authz_client
|
- unboundsoftware/shiny/authz_client
|
||||||
- repo: https://github.com/alessandrojcm/commitlint-pre-commit-hook
|
- repo: https://github.com/alessandrojcm/commitlint-pre-commit-hook
|
||||||
rev: v9.3.0
|
rev: v9.5.0
|
||||||
hooks:
|
hooks:
|
||||||
- id: commitlint
|
- id: commitlint
|
||||||
stages: [ commit-msg ]
|
stages: [ commit-msg ]
|
||||||
@@ -39,5 +35,8 @@ repos:
|
|||||||
rev: v0.0.1
|
rev: v0.0.1
|
||||||
hooks:
|
hooks:
|
||||||
- id: go-test
|
- id: go-test
|
||||||
- id: golangci-lint
|
|
||||||
- id: gofumpt
|
- id: gofumpt
|
||||||
|
- repo: https://github.com/golangci/golangci-lint
|
||||||
|
rev: v1.54.2
|
||||||
|
hooks:
|
||||||
|
- id: golangci-lint
|
||||||
|
|||||||
@@ -6,6 +6,7 @@ import (
|
|||||||
"io"
|
"io"
|
||||||
"net/http"
|
"net/http"
|
||||||
"reflect"
|
"reflect"
|
||||||
|
"sync"
|
||||||
|
|
||||||
"github.com/sparetimecoders/goamqp"
|
"github.com/sparetimecoders/goamqp"
|
||||||
)
|
)
|
||||||
@@ -23,6 +24,7 @@ type CompanyPrivileges struct {
|
|||||||
|
|
||||||
// PrivilegeHandler processes PrivilegeAdded-events and fetches the initial set of privileges from an authz-service
|
// PrivilegeHandler processes PrivilegeAdded-events and fetches the initial set of privileges from an authz-service
|
||||||
type PrivilegeHandler struct {
|
type PrivilegeHandler struct {
|
||||||
|
*sync.RWMutex
|
||||||
client *http.Client
|
client *http.Client
|
||||||
baseURL string
|
baseURL string
|
||||||
privileges map[string]map[string]*CompanyPrivileges
|
privileges map[string]map[string]*CompanyPrivileges
|
||||||
@@ -41,6 +43,7 @@ func WithBaseURL(url string) OptsFunc {
|
|||||||
// New creates a new PrivilegeHandler. Pass OptsFuncs to configure.
|
// New creates a new PrivilegeHandler. Pass OptsFuncs to configure.
|
||||||
func New(opts ...OptsFunc) *PrivilegeHandler {
|
func New(opts ...OptsFunc) *PrivilegeHandler {
|
||||||
handler := &PrivilegeHandler{
|
handler := &PrivilegeHandler{
|
||||||
|
RWMutex: &sync.RWMutex{},
|
||||||
client: &http.Client{},
|
client: &http.Client{},
|
||||||
baseURL: "http://authz-service",
|
baseURL: "http://authz-service",
|
||||||
privileges: map[string]map[string]*CompanyPrivileges{},
|
privileges: map[string]map[string]*CompanyPrivileges{},
|
||||||
@@ -63,6 +66,8 @@ func (h *PrivilegeHandler) Fetch() error {
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
h.RLock()
|
||||||
|
defer h.RUnlock()
|
||||||
err = json.Unmarshal(buff, &h.privileges)
|
err = json.Unmarshal(buff, &h.privileges)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
@@ -77,6 +82,8 @@ func (h *PrivilegeHandler) Process(msg interface{}, _ goamqp.Headers) (interface
|
|||||||
if priv, exists := h.privileges[ev.Email]; exists {
|
if priv, exists := h.privileges[ev.Email]; exists {
|
||||||
priv[ev.CompanyID] = &CompanyPrivileges{}
|
priv[ev.CompanyID] = &CompanyPrivileges{}
|
||||||
} else {
|
} else {
|
||||||
|
h.Lock()
|
||||||
|
defer h.Unlock()
|
||||||
h.privileges[ev.Email] = map[string]*CompanyPrivileges{
|
h.privileges[ev.Email] = map[string]*CompanyPrivileges{
|
||||||
ev.CompanyID: {},
|
ev.CompanyID: {},
|
||||||
}
|
}
|
||||||
@@ -84,13 +91,19 @@ func (h *PrivilegeHandler) Process(msg interface{}, _ goamqp.Headers) (interface
|
|||||||
return nil, nil
|
return nil, nil
|
||||||
case *UserRemoved:
|
case *UserRemoved:
|
||||||
if priv, exists := h.privileges[ev.Email]; exists {
|
if priv, exists := h.privileges[ev.Email]; exists {
|
||||||
|
h.Lock()
|
||||||
|
defer h.Unlock()
|
||||||
delete(priv, ev.CompanyID)
|
delete(priv, ev.CompanyID)
|
||||||
}
|
}
|
||||||
return nil, nil
|
return nil, nil
|
||||||
case *PrivilegeAdded:
|
case *PrivilegeAdded:
|
||||||
|
h.Lock()
|
||||||
|
defer h.Unlock()
|
||||||
h.setPrivileges(ev.Email, ev.CompanyID, ev.Privilege, true)
|
h.setPrivileges(ev.Email, ev.CompanyID, ev.Privilege, true)
|
||||||
return nil, nil
|
return nil, nil
|
||||||
case *PrivilegeRemoved:
|
case *PrivilegeRemoved:
|
||||||
|
h.Lock()
|
||||||
|
defer h.Unlock()
|
||||||
h.setPrivileges(ev.Email, ev.CompanyID, ev.Privilege, false)
|
h.setPrivileges(ev.Email, ev.CompanyID, ev.Privilege, false)
|
||||||
return nil, nil
|
return nil, nil
|
||||||
default:
|
default:
|
||||||
@@ -130,6 +143,8 @@ func (h *PrivilegeHandler) setPrivileges(email, companyId string, privilege Priv
|
|||||||
|
|
||||||
// CompaniesByUser return a slice of company ids matching the provided email and predicate func
|
// CompaniesByUser return a slice of company ids matching the provided email and predicate func
|
||||||
func (h *PrivilegeHandler) CompaniesByUser(email string, predicate func(privileges CompanyPrivileges) bool) []string {
|
func (h *PrivilegeHandler) CompaniesByUser(email string, predicate func(privileges CompanyPrivileges) bool) []string {
|
||||||
|
h.RLock()
|
||||||
|
defer h.RUnlock()
|
||||||
var result []string
|
var result []string
|
||||||
if p, exists := h.privileges[email]; exists {
|
if p, exists := h.privileges[email]; exists {
|
||||||
for k, v := range p {
|
for k, v := range p {
|
||||||
@@ -143,6 +158,8 @@ func (h *PrivilegeHandler) CompaniesByUser(email string, predicate func(privileg
|
|||||||
|
|
||||||
// IsAllowed return true if the provided predicate return true for the privileges matching the provided email and companyID, return false otherwise
|
// IsAllowed return true if the provided predicate return true for the privileges matching the provided email and companyID, return false otherwise
|
||||||
func (h *PrivilegeHandler) IsAllowed(email, companyID string, predicate func(privileges CompanyPrivileges) bool) bool {
|
func (h *PrivilegeHandler) IsAllowed(email, companyID string, predicate func(privileges CompanyPrivileges) bool) bool {
|
||||||
|
h.RLock()
|
||||||
|
defer h.RUnlock()
|
||||||
if p, exists := h.privileges[email]; exists {
|
if p, exists := h.privileges[email]; exists {
|
||||||
if v, exists := p[companyID]; exists {
|
if v, exists := p[companyID]; exists {
|
||||||
return predicate(*v)
|
return predicate(*v)
|
||||||
|
|||||||
@@ -1,17 +1,17 @@
|
|||||||
module gitlab.com/unboundsoftware/shiny/authz_client
|
module gitlab.com/unboundsoftware/shiny/authz_client
|
||||||
|
|
||||||
go 1.19
|
go 1.21
|
||||||
|
|
||||||
require (
|
require (
|
||||||
github.com/sparetimecoders/goamqp v0.1.4
|
github.com/sparetimecoders/goamqp v0.2.1
|
||||||
github.com/stretchr/testify v1.8.2
|
github.com/stretchr/testify v1.8.4
|
||||||
)
|
)
|
||||||
|
|
||||||
require (
|
require (
|
||||||
github.com/davecgh/go-spew v1.1.1 // indirect
|
github.com/davecgh/go-spew v1.1.1 // indirect
|
||||||
github.com/google/uuid v1.3.0 // indirect
|
github.com/google/uuid v1.5.0 // indirect
|
||||||
github.com/pkg/errors v0.9.1 // indirect
|
github.com/pkg/errors v0.9.1 // indirect
|
||||||
github.com/pmezard/go-difflib v1.0.0 // indirect
|
github.com/pmezard/go-difflib v1.0.0 // indirect
|
||||||
github.com/rabbitmq/amqp091-go v1.8.1 // indirect
|
github.com/rabbitmq/amqp091-go v1.9.0 // indirect
|
||||||
gopkg.in/yaml.v3 v3.0.1 // indirect
|
gopkg.in/yaml.v3 v3.0.1 // indirect
|
||||||
)
|
)
|
||||||
|
|||||||
@@ -1,8 +1,8 @@
|
|||||||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||||
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
||||||
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||||
github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
|
github.com/google/uuid v1.5.0 h1:1p67kYwdtXjb0gL0BPiP1Av9wiZPo5A8z2cWkTZ+eyU=
|
||||||
github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
|
github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
|
||||||
github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
|
github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
|
||||||
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
|
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
|
||||||
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
|
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
|
||||||
@@ -12,17 +12,16 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
|
|||||||
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
|
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
|
||||||
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
||||||
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
||||||
github.com/rabbitmq/amqp091-go v1.8.1 h1:RejT1SBUim5doqcL6s7iN6SBmsQqyTgXb1xMlH0h1hA=
|
github.com/rabbitmq/amqp091-go v1.9.0 h1:qrQtyzB4H8BQgEuJwhmVQqVHB9O4+MNDJCCAcpc3Aoo=
|
||||||
github.com/rabbitmq/amqp091-go v1.8.1/go.mod h1:+jPrT9iY2eLjRaMSRHUhc3z14E/l85kv/f+6luSD3pc=
|
github.com/rabbitmq/amqp091-go v1.9.0/go.mod h1:+jPrT9iY2eLjRaMSRHUhc3z14E/l85kv/f+6luSD3pc=
|
||||||
github.com/sparetimecoders/goamqp v0.1.4 h1:zNvnCJYb5vraMx+OJCCuPIaXP8ub3Et15ff8ylZrPkY=
|
github.com/sparetimecoders/goamqp v0.2.1 h1:zW1zL3xzjzVx3+ftJtvBwDKAdI9mCM8a3mcGbwAAezc=
|
||||||
github.com/sparetimecoders/goamqp v0.1.4/go.mod h1:WUJIWrbwl6rWxbfQTsy/doY7yHQL55L7M89k7ry6ouU=
|
github.com/sparetimecoders/goamqp v0.2.1/go.mod h1:/kywWTiRX6EjLKG4eKmoO3l6byh4ycyeYjOx7csf3z4=
|
||||||
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
|
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
|
||||||
github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
|
github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
|
||||||
github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
|
|
||||||
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
||||||
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
|
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
|
||||||
github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
|
github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
|
||||||
github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
|
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
|
||||||
go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
|
go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
|
||||||
go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4=
|
go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4=
|
||||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||||
|
|||||||
Reference in New Issue
Block a user