* listing implementation pt 1
* validate list request
* register GRPC endpoint, pass the correct user UID and return folder identifiers not scopes
* uncomment code that was only commented out for testing
* fix tests
* remove unneeded changes
* remove unused import
* Update pkg/services/authz/rbac/service.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* refactor to improve efficiency
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* use variable names when logging
* adding tests for listing
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* AuthZ Service: Add caching
* split in functions
* Test getUserTeams
* Add tests to getUserBasicRole
* Test getUserPermissions
* Cache user identifiers
* fix test
* implement perm check with direct db access
* add tests
* more tests
* Update pkg/services/authz/rbac/service.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Update pkg/services/authz/rbac/service.go
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* allow fetching permissions for a user who is not a member of the org
* linting
* fix typo
---------
Co-authored-by: Gabriel MABILLE <gamab@users.noreply.github.com>
* Zanzana: Handle renderer service authorization requests
* only add context if render service is authorizing
* use group and resource from API definitions
* check prefix instead of full identity
* fix AddRenderContext
* remove unused type
* add service account to the schema
* sync managed permissions for service accounts
* sync SA basic roles
* sync SA roles
* Fix endless loop in reconciler while read openfga
* Initial streamed version of list
* instantiate openfga client to use StreamedListObjects
* Add config option for using streamed version
* Use caching
* fix cache init
* Fix hashing
* refactor
Remove create relation from generic resources.
We cant have a create relation to a resource because they don't exist yet. So
in oder to check create we either have to have that permissions on a folder or the namespace
* Zanzana: Search with list
* Allow to pass werb into list request
* split list search into 2 functions
* fix listing resources
* remove unused
* refactor
* remove unused function
* Add more logging to reconciler
* Fix search for users with access to all resources
* fix findFoldersZanzanaList
* search for folders as well by default
* refactor
* use compile for list and search
* remove list from client
* remove only from client
* remove list from interface
* run compile once
* refactor
* refactor
* add search tests
* fix tests
* Fix linter
* Move server init into server package
* map store name to id
* refactor model loading
* pass namespace into reconcilers and collectors
* refactor
* Extend authz server with Read and Write methods
* use new read/write in reconciler
* implement server side read and write
* Sync permissions for every org
* handle namespace in check and list
* split read and write
* provide conditions
* Fix client implementation
* fix nil conditions
* remove unused client code
* use lock for store access
* move type translators to common package
* fix folder collector
* fix store creation
* remove unused AuthorizationModelId
* fix server tests
* fix linter
* Remove collectors
* Remove zanzana search check, we need to rewrite that part to the new schema
* Only use generic resource schema and cleanup code we don't want to keep / need to re-write
* indexer integration tests WIP
* make protobuf
* Adds a few more integration test cases to cover the basics. Use Limit instead of Size param from SearchRequest.
* skip if testing.Short()
* adds test comments
* Rename to CheckObject
* Implement authz.AccessClient
* Move folder tree to reconciler and use new schema
* Move shared functionality to common package
* Add reconciler for managed permissions and resource translations
* Add support for folder resources
* Implement initial check with schema for generic resources
* Implement List and add tests
* Add namespace type and change to folder_resource name
* Handle namespace grants for typed resources
* Run tests as integration tests
* Add support for verb in list requests
* Rewrite zanzana collector to fetch all available pages
* Register access control as a background service
* If zanzana is enabled we run Syncs and start Reconciliation job
* Update pkg/services/authz/zanzana/client/client.go
Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
* Use server lock when doing performing reconciliation
Ieva
Gabriel MABILLE
Karl Persson
Alexander Zobnin
Ryan McKinley
Georges Chaudy
Zoltán Bedi
owensmallwood