Skip to content

Commit

Permalink
feat(rbac): backend part - store role description to the database (#1178
Browse files Browse the repository at this point in the history 
)

* fix(rbac): store role description to the database

Signed-off-by: Oleksandr Andriienko <[email protected]>

* fix(rbac): fix update description when role is without changes

Signed-off-by: Oleksandr Andriienko <[email protected]>

* fix(rbac): add more unit tests

Signed-off-by: Oleksandr Andriienko <[email protected]>

* fix(rbac): fix and optimize old migration scripts

Signed-off-by: Oleksandr Andriienko <[email protected]>

* fix(rbac): fix unit tests and migration scripts

Signed-off-by: Oleksandr Andriienko <[email protected]>

* fix(rbac): fix compilation after rebase to main branch

Signed-off-by: Oleksandr Andriienko <[email protected]>

* fix(rbac): fix migration scripts for sqlite

Signed-off-by: Oleksandr Andriienko <[email protected]>

---------

Signed-off-by: Oleksandr Andriienko <[email protected]>
  • Loading branch information
@AndrienkoAleksandr
AndrienkoAleksandr authored Feb 20, 2024
1 parent b826558 commit ec8b1c2
Show file tree
Hide file tree
Showing 15 changed files with 1,442 additions and 190 deletions.
47 changes: 27 additions & 20 deletions plugins/rbac-backend/migrations/20231212224526_migrations.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
*/
exports.up = async function up(knex) {
const casbinDoesExist = await knex.schema.hasTable('casbin_rule');
const policyMetadataDoesExist = await knex.schema.hasTable('policy-metadata');
let policies = [];
let groupPolicies = [];

Expand Down Expand Up @@ -34,26 +35,32 @@ exports.up = async function up(knex) {
});
}

await knex.schema
.createTable('policy-metadata', table => {
table.increments('id').primary();
table.string('policy').primary();
table.string('source');
})
.then(async () => {
for (const policy of policies) {
await knex
.table('policy-metadata')
.insert({ source: 'legacy', policy: policy });
}
})
.then(async () => {
for (const groupPolicy of groupPolicies) {
await knex
.table('policy-metadata')
.insert({ source: 'legacy', policy: groupPolicy });
}
});
if (!policyMetadataDoesExist) {
await knex.schema
.createTable('policy-metadata', table => {
table.increments('id').primary();
table.string('policy').primary();
table.string('source');
})
.then(async () => {
const metadata = [];
for (const policy of policies) {
metadata.push({ source: 'legacy', policy: policy });
}
if (metadata.length > 0) {
await knex.table('policy-metadata').insert(metadata);
}
})
.then(async () => {
const metadata = [];
for (const groupPolicy of groupPolicies) {
metadata.push({ source: 'legacy', policy: groupPolicy });
}
if (metadata.length > 0) {
await knex.table('policy-metadata').insert(metadata);
}
});
}
};

/**
Expand Down
47 changes: 21 additions & 26 deletions plugins/rbac-backend/migrations/20231221113214_migrations.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,44 +4,39 @@
*/
exports.up = async function up(knex) {
const casbinDoesExist = await knex.schema.hasTable('casbin_rule');
let groupPolicies = [];
const roleMetadataDoesExist = await knex.schema.hasTable('role-metadata');
const groupPolicies = new Set();

if (casbinDoesExist) {
groupPolicies = await knex
await knex
.select('*')
.from('casbin_rule')
.where('ptype', 'g')
.then(listGroupPolicies => {
const allGroupPolicies = [];
let rbacFlag = false;
for (const groupPolicy of listGroupPolicies) {
const { v1 } = groupPolicy;
if (v1 === 'role:default/rbac_admin') {
rbacFlag = true;
continue;
}
allGroupPolicies.push(v1);
groupPolicies.add(v1);
}
if (rbacFlag) {
allGroupPolicies.push('role:default/rbac_admin');
}
return allGroupPolicies;
});
}

await knex.schema
.createTable('role-metadata', table => {
table.increments('id').primary();
table.string('roleEntityRef').primary();
table.string('source');
})
.then(async () => {
for (const groupPolicy of groupPolicies) {
await knex
.table('role-metadata')
.insert({ source: 'legacy', roleEntityRef: groupPolicy });
}
});
if (!roleMetadataDoesExist) {
await knex.schema
.createTable('role-metadata', table => {
table.increments('id').primary();
table.string('roleEntityRef').primary();
table.string('source');
})
.then(async () => {
const metadata = [];
for (const groupPolicy of groupPolicies) {
metadata.push({ source: 'legacy', roleEntityRef: groupPolicy });
}
if (metadata.length > 0) {
await knex.table('role-metadata').insert(metadata);
}
});
}
};

/**
Expand Down
25 changes: 25 additions & 0 deletions plugins/rbac-backend/migrations/20240201144429_migrations.js
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
/**
* @param { import("knex").Knex } knex
* @returns { Promise<void> }
*/
exports.up = async function up(knex) {
const isRoleMetaDataExist = await knex.schema.hasTable('role-metadata');
if (isRoleMetaDataExist) {
await knex.schema.alterTable('role-metadata', table => {
table.string('description');
});
}
};

/**
* @param { import("knex").Knex } knex
* @returns { Promise<void> }
*/
exports.down = async function down(knex) {
const isRoleMetaDataExist = await knex.schema.hasTable('role-metadata');
if (isRoleMetaDataExist) {
await knex.schema.alterTable('role-metadata', table => {
table.dropColumn('description');
});
}
};
11 changes: 11 additions & 0 deletions plugins/rbac-backend/src/database/policy-metadata-storage.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,17 @@ describe('policy-metadata-db-table', () => {
}),
migrations: { skip: false },
};
await knex.schema.createTable('casbin_rule', table => {
table.increments('id').primary();
table.string('ptype');
table.string('v0');
table.string('v1');
table.string('v2');
table.string('v3');
table.string('v4');
table.string('v5');
table.string('v6');
});
await migrate(databaseManagerMock);
return {
knex,
Expand Down
56 changes: 43 additions & 13 deletions plugins/rbac-backend/src/database/role-metadata.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,17 @@ describe('role-metadata-db-table', () => {
}),
migrations: { skip: false },
};
await knex.schema.createTable('casbin_rule', table => {
table.increments('id').primary();
table.string('ptype');
table.string('v0');
table.string('v1');
table.string('v2');
table.string('v3');
table.string('v4');
table.string('v5');
table.string('v6');
});
await migrate(databaseManagerMock);
return {
knex,
Expand Down Expand Up @@ -69,7 +80,12 @@ describe('role-metadata-db-table', () => {
trx,
);
await trx.commit();
expect(roleMetadata).toEqual({ source: 'rest' });
expect(roleMetadata).toEqual({
description: null,
id: 1,
roleEntityRef: 'role:default/some-super-important-role',
source: 'rest',
});
} catch (err) {
await trx.rollback();
throw err;
Expand All @@ -88,8 +104,10 @@ describe('role-metadata-db-table', () => {
let id;
try {
id = await db.createRoleMetadata(
{ source: 'configuration' },
'role:default/some-super-important-role',
{
source: 'configuration',
roleEntityRef: 'role:default/some-super-important-role',
},
trx,
);
await trx.commit();
Expand All @@ -105,6 +123,7 @@ describe('role-metadata-db-table', () => {
expect(metadata.length).toEqual(1);
expect(metadata[0]).toEqual({
roleEntityRef: 'role:default/some-super-important-role',
description: null,
id: 1,
source: 'configuration',
});
Expand All @@ -125,8 +144,11 @@ describe('role-metadata-db-table', () => {
await expect(async () => {
try {
await db.createRoleMetadata(
{ source: 'configuration' },
'role:default/some-super-important-role',
{
source: 'configuration',
roleEntityRef: 'role:default/some-super-important-role',
},

trx,
);
await trx.commit();
Expand All @@ -151,12 +173,14 @@ describe('role-metadata-db-table', () => {

await expect(
db.createRoleMetadata(
{ source: 'configuration' },
'role:default/some-super-important-role',
{
source: 'configuration',
roleEntityRef: 'role:default/some-super-important-role',
},
trx,
),
).rejects.toThrow(
`Failed to create the role metadata: '{"roleEntityRef":"role:default/some-super-important-role","source":"configuration"}'.`,
`Failed to create the role metadata: '{"source":"configuration","roleEntityRef":"role:default/some-super-important-role"}'.`,
);
});

Expand All @@ -172,8 +196,10 @@ describe('role-metadata-db-table', () => {
const trx = await knex.transaction();
try {
await db.createRoleMetadata(
{ source: 'configuration' },
'role:default/some-super-important-role',
{
source: 'configuration',
roleEntityRef: 'role:default/some-super-important-role',
},
trx,
);
await trx.commit();
Expand All @@ -182,7 +208,7 @@ describe('role-metadata-db-table', () => {
throw err;
}
}).rejects.toThrow(
`Failed to create the role metadata: '{"roleEntityRef":"role:default/some-super-important-role","source":"configuration"}'.`,
`Failed to create the role metadata: '{"source":"configuration","roleEntityRef":"role:default/some-super-important-role"}'.`,
);
});

Expand All @@ -200,8 +226,10 @@ describe('role-metadata-db-table', () => {
const trx = await knex.transaction();
try {
await db.createRoleMetadata(
{ source: 'configuration' },
'role:default/some-super-important-role',
{
source: 'configuration',
roleEntityRef: 'role:default/some-super-important-role',
},
trx,
);
await trx.commit();
Expand Down Expand Up @@ -246,6 +274,7 @@ describe('role-metadata-db-table', () => {
);
expect(metadata.length).toEqual(1);
expect(metadata[0]).toEqual({
description: null,
source: 'rest',
roleEntityRef: 'role:default/some-super-important-role',
id: 1,
Expand Down Expand Up @@ -315,6 +344,7 @@ describe('role-metadata-db-table', () => {
);
expect(metadata.length).toEqual(1);
expect(metadata[0]).toEqual({
description: null,
source: 'configuration',
roleEntityRef: 'role:default/important-role',
id: 1,
Expand Down
Loading

0 comments on commit ec8b1c2

Please sign in to comment.