Add ReBAC API (#27)

* Impicit Grants wrappers * Relationship tuple wrappers * Resource Instance wrappers * Resource relations wrappers * Resource roles wrappers
permitio · Dec 4, 2023 · 6124a87 · 6124a87
1 parent 67ff3ba
commit 6124a87
Show file tree

Hide file tree

Showing 43 changed files with 9,246 additions and 639 deletions.
diff --git a/pkg/api/api.go b/pkg/api/api.go
@@ -57,19 +57,24 @@ type PermitApiClient struct {
 	config               *config.PermitConfig
 	logger               *zap.Logger
 	client               *openapi.APIClient
-	Tenants              *Tenants
+	ConditionSets        *ConditionSets
+	Elements             *Elements
 	Environments         *Environments
+	ImplicitGrants       *ImplicitGrants
 	Projects             *Projects
-	ResourceActions      *ResourceActions
-	ResourceActionGroups *ResourceActionGroups
 	ProxyConfigs         *ProxyConfigs
+	RelationshipTuples   *RelationshipTuples
+	ResourceActionGroups *ResourceActionGroups
+	ResourceActions      *ResourceActions
 	ResourceAttributes   *ResourceAttributes
+	ResourceInstances    *ResourceInstances
+	ResourceRelations    *ResourceRelations
+	ResourceRoles        *ResourceRoles
 	Resources            *Resources
+	RoleAssignments      *RoleAssignments
 	Roles                *Roles
+	Tenants              *Tenants
 	Users                *Users
-	Elements             *Elements
-	RoleAssignments      *RoleAssignments
-	ConditionSets        *ConditionSets
 }
 
 func (p *PermitApiClient) SetContext(ctx context.Context, project string, environment string) {
@@ -87,23 +92,27 @@ func NewPermitApiClient(ctx context.Context, config *config.PermitConfig) *Permi
 	clientConfig.AddDefaultHeader("Authorization", "Bearer "+config.GetToken())
 	clientConfig.HTTPClient = config.GetHTTPClient()
 	client := openapi.NewAPIClient(clientConfig)
-	userApi := NewUsersApi(client, config)
 	return &PermitApiClient{
 		config:               config,
 		logger:               config.Logger,
 		client:               client,
-		Tenants:              NewTenantsApi(client, config),
+		ConditionSets:        NewConditionSetsApi(client, config),
+		Elements:             NewElementsApi(client, config),
 		Environments:         NewEnvironmentsApi(client, config),
+		ImplicitGrants:       NewImplicitGrantsApi(client, config),
 		Projects:             NewProjectsApi(client, config),
-		ResourceActions:      NewResourceActionsApi(client, config),
+		ProxyConfigs:         NewProxyConfigsApi(client, config),
+		RelationshipTuples:   NewRelationshipTuplesApi(client, config),
 		ResourceActionGroups: NewResourceActionGroupsApi(client, config),
+		ResourceActions:      NewResourceActionsApi(client, config),
 		ResourceAttributes:   NewResourceAttributesApi(client, config),
-		ProxyConfigs:         NewProxyConfigsApi(client, config),
+		ResourceInstances:    NewResourceInstancesApi(client, config),
+		ResourceRelations:    NewResourceRelationsApi(client, config),
+		ResourceRoles:        NewResourceRolesApi(client, config),
 		Resources:            NewResourcesApi(client, config),
-		Roles:                NewRolesApi(client, config),
-		Users:                userApi,
-		Elements:             NewElementsApi(client, config),
 		RoleAssignments:      NewRoleAssignmentsApi(client, config),
-		ConditionSets:        NewConditionSetsApi(client, config),
+		Roles:                NewRolesApi(client, config),
+		Tenants:              NewTenantsApi(client, config),
+		Users:                NewUsersApi(client, config),
 	}
 }
diff --git a/pkg/api/implicitGrants.go b/pkg/api/implicitGrants.go
@@ -0,0 +1,114 @@
+package api
+
+import (
+	"context"
+	"github.com/permitio/permit-golang/pkg/config"
+	"github.com/permitio/permit-golang/pkg/errors"
+	"github.com/permitio/permit-golang/pkg/models"
+	"github.com/permitio/permit-golang/pkg/openapi"
+	"go.uber.org/zap"
+)
+
+type ImplicitGrants struct {
+	permitBaseApi
+}
+
+func NewImplicitGrantsApi(client *openapi.APIClient, config *config.PermitConfig) *ImplicitGrants {
+	return &ImplicitGrants{
+		permitBaseApi{
+			client: client,
+			config: config,
+			logger: config.Logger,
+		},
+	}
+}
+
+func (r *ImplicitGrants) Create(
+	ctx context.Context,
+	resourceId string,
+	roleId string,
+	derivedRuleCreate models.DerivedRoleRuleCreate,
+) (*models.DerivedRoleRuleRead, error) {
+	err := r.lazyLoadPermitContext(ctx)
+
+	if err != nil {
+		r.logger.Error("", zap.Error(err))
+		return nil, err
+	}
+
+	derivedRoleRead, httpRes, err := r.client.ImplicitGrantsApi.CreateImplicitGrant(ctx,
+		r.config.Context.GetProject(),
+		r.config.Context.GetEnvironment(),
+		resourceId,
+		roleId,
+	).DerivedRoleRuleCreate(derivedRuleCreate).Execute()
+
+	err = errors.HttpErrorHandle(err, httpRes)
+
+	if err != nil {
+		r.logger.Error("error creating derived role", zap.Error(err))
+		return nil, err
+	}
+
+	return derivedRoleRead, nil
+}
+
+func (r *ImplicitGrants) Delete(
+	ctx context.Context,
+	roleId string,
+	resourceId string,
+	derivedRoleRuleDelete models.DerivedRoleRuleDelete,
+) error {
+	err := r.lazyLoadPermitContext(ctx)
+
+	if err != nil {
+		r.logger.Error("", zap.Error(err))
+		return err
+	}
+
+	httpRes, err := r.client.ImplicitGrantsApi.DeleteImplicitGrant(ctx,
+		r.config.Context.GetProject(),
+		r.config.Context.GetEnvironment(),
+		resourceId,
+		roleId,
+	).DerivedRoleRuleDelete(derivedRoleRuleDelete).Execute()
+
+	err = errors.HttpErrorHandle(err, httpRes)
+
+	if err != nil {
+		r.logger.Error("error deleting derived role", zap.Error(err))
+		return err
+	}
+
+	return nil
+}
+
+func (r *ImplicitGrants) UpdateConditions(
+	ctx context.Context,
+	resourceId string,
+	roleId string,
+	roleDerivationSettings models.PermitBackendSchemasSchemaDerivedRoleRuleDerivationSettings,
+) (*models.PermitBackendSchemasSchemaDerivedRoleRuleDerivationSettings, error) {
+	err := r.lazyLoadPermitContext(ctx)
+
+	if err != nil {
+		r.logger.Error("", zap.Error(err))
+		return nil, err
+	}
+
+	updatedSettings, httpRes, err := r.client.ImplicitGrantsApi.UpdateImplicitGrantsConditions(ctx,
+		r.config.Context.GetProject(),
+		r.config.Context.GetEnvironment(),
+		resourceId,
+		roleId,
+	).PermitBackendSchemasSchemaDerivedRoleRuleDerivationSettings(roleDerivationSettings).Execute()
+
+	err = errors.HttpErrorHandle(err, httpRes)
+
+	if err != nil {
+		r.logger.Error("error updating derived role", zap.Error(err))
+		return nil, err
+	}
+
+	return updatedSettings, nil
+}
diff --git a/pkg/api/relationshipTuples.go b/pkg/api/relationshipTuples.go
@@ -0,0 +1,213 @@
+package api
+
+import (
+	"context"
+	"github.com/permitio/permit-golang/pkg/config"
+	"github.com/permitio/permit-golang/pkg/errors"
+	"github.com/permitio/permit-golang/pkg/models"
+	"github.com/permitio/permit-golang/pkg/openapi"
+	"go.uber.org/zap"
+)
+
+type RelationshipTuples struct {
+	permitBaseApi
+}
+
+func NewRelationshipTuplesApi(client *openapi.APIClient, config *config.PermitConfig) *RelationshipTuples {
+	return &RelationshipTuples{
+		permitBaseApi{
+			client: client,
+			config: config,
+			logger: config.Logger,
+		},
+	}
+}
+
+func (r *RelationshipTuples) Create(
+	ctx context.Context,
+	relationshipTupleCreate models.RelationshipTupleCreate,
+) (*models.RelationshipTupleRead, error) {
+	err := r.lazyLoadPermitContext(ctx)
+
+	if err != nil {
+		r.logger.Error("", zap.Error(err))
+		return nil, err
+	}
+
+	relTuple, httpRes, err := r.client.RelationshipTuplesApi.CreateRelationshipTuple(ctx,
+		r.config.Context.GetProject(),
+		r.config.Context.GetEnvironment(),
+	).RelationshipTupleCreate(relationshipTupleCreate).Execute()
+
+	err = errors.HttpErrorHandle(err, httpRes)
+
+	if err != nil {
+		r.logger.Error("error creating relationship tuple", zap.Error(err))
+		return nil, err
+	}
+
+	return relTuple, nil
+}
+
+func (r *RelationshipTuples) Delete(
+	ctx context.Context,
+	relationshipTupleDelete models.RelationshipTupleDelete,
+) error {
+	err := r.lazyLoadPermitContext(ctx)
+
+	if err != nil {
+		r.logger.Error("", zap.Error(err))
+		return err
+	}
+
+	httpRes, err := r.client.RelationshipTuplesApi.DeleteRelationshipTuple(ctx,
+		r.config.Context.GetProject(),
+		r.config.Context.GetEnvironment(),
+	).RelationshipTupleDelete(relationshipTupleDelete).Execute()
+
+	err = errors.HttpErrorHandle(err, httpRes)
+
+	if err != nil {
+		r.logger.Error("error deleting relationship tuple", zap.Error(err))
+		return err
+	}
+
+	return nil
+}
+
+func (r *RelationshipTuples) List(
+	ctx context.Context,
+	page int,
+	perPage int,
+	tenantFilter string,
+	subjectFilter string,
+	relationFilter string,
+	objectFilter string,
+) (*[]models.RelationshipTupleRead, error) {
+	return r.list(ctx, page, perPage, tenantFilter, subjectFilter, relationFilter, objectFilter, false)
+}
+
+func (r *RelationshipTuples) ListDetailed(
+	ctx context.Context,
+	page int,
+	perPage int,
+	tenantFilter string,
+	subjectFilter string,
+	relationFilter string,
+	objectFilter string,
+) (*[]models.RelationshipTupleRead, error) {
+	return r.list(ctx, page, perPage, tenantFilter, subjectFilter, relationFilter, objectFilter, true)
+}
+
+func (r *RelationshipTuples) list(ctx context.Context,
+	page int,
+	perPage int,
+	tenantFilter,
+	subjectFilter,
+	relationFilter,
+	objectFilter string,
+	detailed bool,
+) (*[]models.RelationshipTupleRead, error) {
+	perPageLimit := int32(DefaultPerPageLimit)
+
+	if !isPaginationInLimit(int32(page), int32(perPage), perPageLimit) {
+		err := errors.NewPermitPaginationError()
+		r.logger.Error("error listing relationship tuples - max per page: "+string(perPageLimit), zap.Error(err))
+		return nil, err
+	}
+
+	err := r.lazyLoadPermitContext(ctx)
+
+	if err != nil {
+		r.logger.Error("", zap.Error(err))
+		return nil, err
+	}
+
+	request := r.client.RelationshipTuplesApi.ListRelationshipTuples(
+		ctx,
+		r.config.Context.GetProject(),
+		r.config.Context.GetEnvironment(),
+	).Page(int32(page)).PerPage(int32(perPage))
+
+	if tenantFilter != "" {
+		request = request.Tenant(tenantFilter)
+	}
+
+	if subjectFilter != "" {
+		request = request.Subject(subjectFilter)
+	}
+
+	if relationFilter != "" {
+		request = request.Relation(relationFilter)
+	}
+
+	if objectFilter != "" {
+		request = request.Object(objectFilter)
+	}
+
+	if detailed {
+		request = request.Detailed(detailed)
+	}
+
+	relTuples, httpRes, err := request.Execute()
+
+	err = errors.HttpErrorHandle(err, httpRes)
+	if err != nil {
+		r.logger.Error("error listing relationship tuples", zap.Error(err))
+		return nil, err
+	}
+
+	return &relTuples, nil
+}
+
+func (r *RelationshipTuples) BulkCreate(
+	ctx context.Context,
+	bulkCreateOperation models.RelationshipTupleCreateBulkOperation,
+) error {
+	err := r.lazyLoadPermitContext(ctx)
+
+	if err != nil {
+		r.logger.Error("", zap.Error(err))
+		return err
+	}
+
+	_, httpRes, err := r.client.RelationshipTuplesApi.BulkCreateRelationshipTuples(ctx,
+		r.config.Context.GetProject(),
+		r.config.Context.GetEnvironment(),
+	).RelationshipTupleCreateBulkOperation(bulkCreateOperation).Execute()
+
+	err = errors.HttpErrorHandle(err, httpRes)
+
+	if err != nil {
+		r.logger.Error("error executing bulk relationship tuple creation", zap.Error(err))
+		return err
+	}
+
+	return nil
+}
+
+func (r *RelationshipTuples) BulkDelete(
+	ctx context.Context,
+	bulkDeleteOperation models.RelationshipTupleDeleteBulkOperation,
+) error {
+	err := r.lazyLoadPermitContext(ctx)
+
+	if err != nil {
+		r.logger.Error("", zap.Error(err))
+		return err
+	}
+
+	_, httpRes, err := r.client.RelationshipTuplesApi.BulkDeleteRelationshipTuples(ctx,
+		r.config.Context.GetProject(),
+		r.config.Context.GetEnvironment(),
+	).RelationshipTupleDeleteBulkOperation(bulkDeleteOperation).Execute()
+
+	err = errors.HttpErrorHandle(err, httpRes)
+
+	if err != nil {
+		r.logger.Error("error executing bulk relationship tuple deletion", zap.Error(err))
+		return err
+	}
+
+	return nil
+}