CSS-9389 Implement the EntitlementsService interface

[SimoneDutto]

Description

Add entitlements Api.
Atm it is done via a static variables declaration.

Fixes JIRA/GitHub issue number

Engineering checklist

Check only items that apply

• Documentation updated
• Covered by unit tests
• [] Covered by integration tests

Test instructions

Notes for code reviewers

[github-actions]

⚠️ This PR contains unsigned commits. To get your PR merged, please sign those commits (git rebase --exec 'git commit -S --amend --no-edit -n' @{upstream}) and force push them to this branch (git push --force-with-lease).

If you're new to commit signing, there are different ways to set it up:

Sign commits with gpg

Follow the steps below to set up commit signing with gpg:

1. Generate a GPG key
2. Add the GPG key to your GitHub account
3. Configure git to use your GPG key for commit signing

Sign commits with ssh-agent

Follow the steps below to set up commit signing with ssh-agent:

1. Generate an SSH key and add it to ssh-agent
2. Add the SSH key to your GitHub account
3. Configure git to use your SSH key for commit signing

Sign commits with 1Password

You can also sign commits using 1Password, which lets you sign commits with biometrics without the signing key leaving the local 1Password process.

Learn how to use 1Password to sign your commits.

[ale8k]

lgtm

[kian99]

I don't think we should be adding this test in here, otherwise we might start to test all our HTTP endpoints in here which is probably not what we want.
@ale8k @babakks @alesstimec What do you guys think about this?
In other packages like internal/jimmjwx/ we create a JIMM service by calling jimm.NewService. Should service layer tests exist here (in service_test.go) or in the package internal/rebac_admin?

[babakks]

@SimoneDutto Yeah, please remove this test.

@kian99 I agree. We already have a test for ReBAC Admin API in service_test.go but that's just for the sake of composition and to make sure we're correctly enabling the API.

Other endpoints should be tested inside the rebac_admin package. Also, I think we shouldn't test against the HTTP endpoints (i.e., calling /entitlements directly) because that's the responsibility of the rebac-admin-ui-handlers library (and we should know as little as possible about the HTTP API endpoints in JIMM). So, we can safely assume the library works as expected.

Generally, in the rebac_admin package tests we should just call the methods (like EntitlementsService.RawEntitlements) directly and assert the returned value against an expected value. However, in our static implementation of EntitlementsService interface, I don't see a point of having tests only to assert against a the same static values.

[babakks]

Thanks for this. Just a few comments.

[babakks]

This should be removed. Generally, let's remove all entitlements that has a receiver other than user, user:*, or group#member.

[babakks]

This should be removed.

[babakks]

This should be removed.

[babakks]

@SimoneDutto Yeah, please remove this test.

@kian99 I agree. We already have a test for ReBAC Admin API in service_test.go but that's just for the sake of composition and to make sure we're correctly enabling the API.

Other endpoints should be tested inside the rebac_admin package. Also, I think we shouldn't test against the HTTP endpoints (i.e., calling /entitlements directly) because that's the responsibility of the rebac-admin-ui-handlers library (and we should know as little as possible about the HTTP API endpoints in JIMM). So, we can safely assume the library works as expected.

Generally, in the rebac_admin package tests we should just call the methods (like EntitlementsService.RawEntitlements) directly and assert the returned value against an expected value. However, in our static implementation of EntitlementsService interface, I don't see a point of having tests only to assert against a the same static values.

[babakks]

To make things simpler I'd move this static slice to the entitlements.go file.