Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add login manager #1506

Open
wants to merge 3 commits into
base: v3
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion cmd/jimmsrv/service/service.go
Original file line number Diff line number Diff line change
Expand Up @@ -433,7 +433,7 @@ func NewService(ctx context.Context, p Params) (*Service, error) {
return nil, errors.E(op, err)
}

s.mux.Mount("/rebac", middleware.AuthenticateRebac("/rebac", rebacBackend.Handler(""), s.jimm))
s.mux.Mount("/rebac", middleware.AuthenticateRebac("/rebac", rebacBackend.Handler(""), s.jimm.LoginManager()))

mountHandler(
"/debug",
Expand Down
104 changes: 0 additions & 104 deletions internal/jimm/admin.go

This file was deleted.

108 changes: 0 additions & 108 deletions internal/jimm/admin_test.go

This file was deleted.

8 changes: 0 additions & 8 deletions internal/jimm/export_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -50,14 +50,6 @@ func (j *JIMM) ParseAndValidateTag(ctx context.Context, key string) (*ofganames.
return j.parseAndValidateTag(ctx, key)
}

func (j *JIMM) GetUser(ctx context.Context, identifier string) (*openfga.User, error) {
return j.getUser(ctx, identifier)
}

func (j *JIMM) UpdateUserLastLogin(ctx context.Context, identifier string) error {
return j.updateUserLastLogin(ctx, identifier)
}

func (j *JIMM) EveryoneUser() *openfga.User {
return j.everyoneUser()
}
65 changes: 0 additions & 65 deletions internal/jimm/identity.go

This file was deleted.

5 changes: 5 additions & 0 deletions internal/jimm/identity/export_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
// Copyright 2024 Canonical.
package identity

// Identity is a type alias to export identityManager for use in tests.
type IdentityManager = identityManager
82 changes: 82 additions & 0 deletions internal/jimm/identity/identity.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@
// Copyright 2024 Canonical.
package identity

import (
"context"

"github.com/canonical/jimm/v3/internal/common/pagination"
"github.com/canonical/jimm/v3/internal/db"
"github.com/canonical/jimm/v3/internal/dbmodel"
"github.com/canonical/jimm/v3/internal/errors"
"github.com/canonical/jimm/v3/internal/openfga"
)

// identityManager provides a means to manage identities within JIMM.
type identityManager struct {
store *db.Database
authSvc *openfga.OFGAClient
}

// NewIdentityManager returns a new identityManager that persists the roles in the provided store.
func NewIdentityManager(store *db.Database, authSvc *openfga.OFGAClient) (*identityManager, error) {
if store == nil {
return nil, errors.E("identity store cannot be nil")
}
if authSvc == nil {
return nil, errors.E("identity authorisation service cannot be nil")
}
return &identityManager{store, authSvc}, nil
}

// FetchIdentity fetches the user specified by the username and returns the user if it is found.
// Or error "record not found".
func (j *identityManager) FetchIdentity(ctx context.Context, id string) (*openfga.User, error) {
const op = errors.Op("jimm.FetchIdentity")

identity, err := dbmodel.NewIdentity(id)
if err != nil {
return nil, errors.E(op, err)
}

if err := j.store.FetchIdentity(ctx, identity); err != nil {
return nil, err
}
u := openfga.NewUser(identity, j.authSvc)

return u, nil
}

// ListIdentities lists a page of users in our database and parse them into openfga entities.
// `match` will filter the list for fuzzy find on identity name.
func (j *identityManager) ListIdentities(ctx context.Context, user *openfga.User, pagination pagination.LimitOffsetPagination, match string) ([]openfga.User, error) {
const op = errors.Op("jimm.ListIdentities")

if !user.JimmAdmin {
return nil, errors.E(op, errors.CodeUnauthorized, "unauthorized")
}
identities, err := j.store.ListIdentities(ctx, pagination.Limit(), pagination.Offset(), match)
var users []openfga.User

for _, id := range identities {
users = append(users, *openfga.NewUser(&id, j.authSvc))
}
if err != nil {
return nil, errors.E(op, err)
}
return users, nil
}

// CountIdentities returns the count of all the identities in our database.
func (j *identityManager) CountIdentities(ctx context.Context, user *openfga.User) (int, error) {
const op = errors.Op("jimm.CountIdentities")

if !user.JimmAdmin {
return 0, errors.E(op, errors.CodeUnauthorized, "unauthorized")
}

count, err := j.store.CountIdentities(ctx)
if err != nil {
return 0, errors.E(op, err)
}
return count, nil
}
Loading
Loading