feat: Added global app keys (#1142)

* feat: Added support for global app keys * feat: Added global app keys
tigrisdata-archive · May 6, 2023 · dd679a6 · dd679a6
1 parent 0b2533c
commit dd679a6
Show file tree

Hide file tree

Showing 12 changed files with 465 additions and 54 deletions.
diff --git a/api/proto b/api/proto
diff --git a/api/server/v1/tx.go b/api/server/v1/tx.go
@@ -72,6 +72,12 @@ const (
 	ListAppKeysMethodName        = apiMethodPrefix + "ListAppKeys"
 	RotateAppKeySecretMethodName = apiMethodPrefix + "RotateAppKeySecret"
 
+	CreateGlobalAppKeyMethodName       = apiMethodPrefix + "CreateGlobalAppKey"
+	UpdateGlobalAppKeyMethodName       = apiMethodPrefix + "UpdateGlobalAppKey"
+	DeleteGlobalAppKeyMethodName       = apiMethodPrefix + "DeleteGlobalAppKey"
+	ListGlobalAppKeysMethodName        = apiMethodPrefix + "ListGlobalAppKeys"
+	RotateGlobalAppKeySecretMethodName = apiMethodPrefix + "RotateGlobalAppKeySecret"
+
 	// Auth.
 	GetAccessTokenMethodName    = authMethodPrefix + "GetAccessToken"
 	CreateInvitationsMethodName = authMethodPrefix + "CreateInvitations"

diff --git a/server/middleware/authz.go b/server/middleware/authz.go
@@ -179,6 +179,11 @@ var (
 		api.DeleteAppKeyMethodName,
 		api.ListAppKeysMethodName,
 		api.RotateAppKeySecretMethodName,
+		api.CreateGlobalAppKeyMethodName,
+		api.UpdateGlobalAppKeyMethodName,
+		api.DeleteGlobalAppKeyMethodName,
+		api.ListGlobalAppKeysMethodName,
+		api.RotateGlobalAppKeySecretMethodName,
 		api.IndexCollection,
 		api.SearchIndexCollectionMethodName,
 

diff --git a/server/middleware/authz_test.go b/server/middleware/authz_test.go
@@ -52,6 +52,11 @@ func TestAuthzOwnerRole(t *testing.T) {
 	require.True(t, isAuthorized(api.DeleteAppKeyMethodName, ownerRoleName))
 	require.True(t, isAuthorized(api.ListAppKeysMethodName, ownerRoleName))
 	require.True(t, isAuthorized(api.RotateAppKeySecretMethodName, ownerRoleName))
+	require.True(t, isAuthorized(api.CreateGlobalAppKeyMethodName, ownerRoleName))
+	require.True(t, isAuthorized(api.UpdateGlobalAppKeyMethodName, ownerRoleName))
+	require.True(t, isAuthorized(api.DeleteGlobalAppKeyMethodName, ownerRoleName))
+	require.True(t, isAuthorized(api.ListGlobalAppKeysMethodName, ownerRoleName))
+	require.True(t, isAuthorized(api.RotateGlobalAppKeySecretMethodName, ownerRoleName))
 	require.True(t, isAuthorized(api.IndexCollection, ownerRoleName))
 	require.True(t, isAuthorized(api.SearchIndexCollectionMethodName, ownerRoleName))
 
@@ -185,6 +190,12 @@ func TestAuthzEditorRole(t *testing.T) {
 	require.False(t, isAuthorized(api.CreateNamespaceMethodName, editorRoleName))
 	require.False(t, isAuthorized(api.ListNamespacesMethodName, editorRoleName))
 	require.False(t, isAuthorized(api.DeleteNamespaceMethodName, editorRoleName))
+
+	require.False(t, isAuthorized(api.CreateGlobalAppKeyMethodName, editorRoleName))
+	require.False(t, isAuthorized(api.UpdateGlobalAppKeyMethodName, editorRoleName))
+	require.False(t, isAuthorized(api.DeleteGlobalAppKeyMethodName, editorRoleName))
+	require.False(t, isAuthorized(api.ListGlobalAppKeysMethodName, editorRoleName))
+	require.False(t, isAuthorized(api.RotateGlobalAppKeySecretMethodName, editorRoleName))
 }
 
 func TestAuthzReadOnlyRole(t *testing.T) {
@@ -253,4 +264,9 @@ func TestAuthzReadOnlyRole(t *testing.T) {
 	require.False(t, isAuthorized(api.CreateNamespaceMethodName, readOnlyRoleName))
 	require.False(t, isAuthorized(api.ListNamespacesMethodName, readOnlyRoleName))
 	require.False(t, isAuthorized(api.DeleteNamespaceMethodName, readOnlyRoleName))
+	require.False(t, isAuthorized(api.CreateGlobalAppKeyMethodName, readOnlyRoleName))
+	require.False(t, isAuthorized(api.UpdateGlobalAppKeyMethodName, readOnlyRoleName))
+	require.False(t, isAuthorized(api.DeleteGlobalAppKeyMethodName, readOnlyRoleName))
+	require.False(t, isAuthorized(api.ListGlobalAppKeysMethodName, readOnlyRoleName))
+	require.False(t, isAuthorized(api.RotateGlobalAppKeySecretMethodName, readOnlyRoleName))
 }
diff --git a/server/services/v1/api.go b/server/services/v1/api.go
@@ -47,6 +47,7 @@ const (
 	databasePathPattern    = fullProjectPath + "/database/*"
 	applicationPathPattern = fullProjectPath + "/apps/*"
 
+	appsPath    = "/apps/*"
 	infoPath    = "/info"
 	metricsPath = "/metrics"
 )
@@ -140,6 +141,9 @@ func (s *apiService) RegisterHTTP(router chi.Router, inproc *inprocgrpc.Channel)
 	router.HandleFunc(apiPathPrefix+infoPath, func(w http.ResponseWriter, r *http.Request) {
 		mux.ServeHTTP(w, r)
 	})
+	router.HandleFunc(apiPathPrefix+appsPath, func(w http.ResponseWriter, r *http.Request) {
+		mux.ServeHTTP(w, r)
+	})
 
 	if config.DefaultConfig.Metrics.Enabled {
 		router.Handle(metricsPath, metrics.Reporter.HTTPHandler())
@@ -632,3 +636,23 @@ func (s *apiService) ListAppKeys(ctx context.Context, req *api.ListAppKeysReques
 func (s *apiService) RotateAppKeySecret(ctx context.Context, req *api.RotateAppKeyRequest) (*api.RotateAppKeyResponse, error) {
 	return s.authProvider.RotateAppKey(ctx, req)
 }
+
+func (s *apiService) CreateGlobalAppKey(ctx context.Context, req *api.CreateGlobalAppKeyRequest) (*api.CreateGlobalAppKeyResponse, error) {
+	return s.authProvider.CreateGlobalAppKey(ctx, req)
+}
+
+func (s *apiService) UpdateGlobalAppKey(ctx context.Context, req *api.UpdateGlobalAppKeyRequest) (*api.UpdateGlobalAppKeyResponse, error) {
+	return s.authProvider.UpdateGlobalAppKey(ctx, req)
+}
+
+func (s *apiService) DeleteGlobalAppKey(ctx context.Context, req *api.DeleteGlobalAppKeyRequest) (*api.DeleteGlobalAppKeyResponse, error) {
+	return s.authProvider.DeleteGlobalAppKey(ctx, req)
+}
+
+func (s *apiService) ListGlobalAppKeys(ctx context.Context, req *api.ListGlobalAppKeysRequest) (*api.ListGlobalAppKeysResponse, error) {
+	return s.authProvider.ListGlobalAppKeys(ctx, req)
+}
+
+func (s *apiService) RotateGlobalAppKeySecret(ctx context.Context, req *api.RotateGlobalAppKeySecretRequest) (*api.RotateGlobalAppKeySecretResponse, error) {
+	return s.authProvider.RotateGlobalAppKeySecret(ctx, req)
+}
diff --git a/server/services/v1/auth/auth0.go b/server/services/v1/auth/auth0.go
@@ -308,6 +308,26 @@ func (a *auth0) DeleteAppKeys(ctx context.Context, project string) error {
 	return nil
 }
 
+func (*auth0) CreateGlobalAppKey(_ context.Context, _ *api.CreateGlobalAppKeyRequest) (*api.CreateGlobalAppKeyResponse, error) {
+	return nil, errors.Internal("auth0 implementation doesn't support it")
+}
+
+func (*auth0) UpdateGlobalAppKey(_ context.Context, _ *api.UpdateGlobalAppKeyRequest) (*api.UpdateGlobalAppKeyResponse, error) {
+	return nil, errors.Internal("auth0 implementation doesn't support it")
+}
+
+func (*auth0) RotateGlobalAppKeySecret(_ context.Context, _ *api.RotateGlobalAppKeySecretRequest) (*api.RotateGlobalAppKeySecretResponse, error) {
+	return nil, errors.Internal("auth0 implementation doesn't support it")
+}
+
+func (*auth0) DeleteGlobalAppKey(_ context.Context, _ *api.DeleteGlobalAppKeyRequest) (*api.DeleteGlobalAppKeyResponse, error) {
+	return nil, errors.Internal("auth0 implementation doesn't support it")
+}
+
+func (*auth0) ListGlobalAppKeys(_ context.Context, _ *api.ListGlobalAppKeysRequest) (*api.ListGlobalAppKeysResponse, error) {
+	return nil, errors.Internal("auth0 implementation doesn't support it")
+}
+
 func validateOwnershipAuth0(ctx context.Context, operationName string, appId string, a *auth0) (*management.Client, string, error) {
 	client, err := a.Management.Client.Read(appId)
 	if err != nil {