forked from sourcenetwork/defradb
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
PR(ACP): Add CLI Client For Adding Policy Command
- Loading branch information
1 parent
3644d9b
commit 2e53560
Showing
6 changed files
with
239 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
// Copyright 2024 Democratized Data Foundation | ||
// | ||
// Use of this software is governed by the Business Source License | ||
// included in the file licenses/BSL.txt. | ||
// | ||
// As of the Change Date specified in that file, in accordance with | ||
// the Business Source License, use of this software will be governed | ||
// by the Apache License, Version 2.0, included in the file | ||
// licenses/APL.txt. | ||
|
||
package cli | ||
|
||
import ( | ||
"github.com/spf13/cobra" | ||
) | ||
|
||
func MakeACPCommand() *cobra.Command { | ||
var cmd = &cobra.Command{ | ||
Use: "acp", | ||
Short: "Interact with the access control system of a DefraDB node", | ||
Long: `Interact with the access control system of a DefraDB node`, | ||
} | ||
|
||
return cmd | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
// Copyright 2024 Democratized Data Foundation | ||
// | ||
// Use of this software is governed by the Business Source License | ||
// included in the file licenses/BSL.txt. | ||
// | ||
// As of the Change Date specified in that file, in accordance with | ||
// the Business Source License, use of this software will be governed | ||
// by the Apache License, Version 2.0, included in the file | ||
// licenses/APL.txt. | ||
|
||
package cli | ||
|
||
import ( | ||
"github.com/spf13/cobra" | ||
) | ||
|
||
func MakeACPPolicyCommand() *cobra.Command { | ||
var cmd = &cobra.Command{ | ||
Use: "policy", | ||
Short: "Interact with the acp policy features of DefraDB instance", | ||
Long: `Interact with the acp policy features of DefraDB instance`, | ||
} | ||
|
||
return cmd | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,147 @@ | ||
// Copyright 2024 Democratized Data Foundation | ||
// | ||
// Use of this software is governed by the Business Source License | ||
// included in the file licenses/BSL.txt. | ||
// | ||
// As of the Change Date specified in that file, in accordance with | ||
// the Business Source License, use of this software will be governed | ||
// by the Apache License, Version 2.0, included in the file | ||
// licenses/APL.txt. | ||
|
||
package cli | ||
|
||
import ( | ||
"io" | ||
"os" | ||
|
||
"github.com/spf13/cobra" | ||
) | ||
|
||
func MakeACPPolicyAddCommand() *cobra.Command { | ||
const identityFlagLongRequired string = "identity" | ||
const identityFlagShortRequired string = "i" | ||
|
||
const fileFlagLong string = "file" | ||
const fileFlagShort string = "f" | ||
|
||
var identitySignature string | ||
var policyFile string | ||
|
||
var cmd = &cobra.Command{ | ||
Use: "add [-i --identity] [policy]", | ||
Short: "Add new policy", | ||
Long: `Add new policy | ||
Terminology: | ||
- 'DPI' means 'DefraDB Policy Interface'. | ||
- 'Permissioned Schema' means to have a policy on the schema: @policy(id:".." resource: "..") | ||
Requirements: | ||
- Must provide a valid [TODO-ACP Insert agreed upon name with bruno] signature identity. | ||
- ACP module must be available (i.e. ACP not disabled). | ||
- Policy specified must be a valid policy (but DPI compliance is not necessary). | ||
- Policy specified must be in a valid JSON or YAML format (detected automatically). | ||
Notes: | ||
- A non-DPI policy is be accepted (will be registered with acp module). | ||
- But only a valid DPI policyID & resource can be specified on a schema. | ||
- DPI validation happens when attempting to add a permissioned schema. | ||
- If DPI validation fails while adding schema, the schema is rejected. | ||
Example: add from an argument string: | ||
defradb client acp policy add -i cosmos1f2djr7dl9vhrk3twt3xwqp09nhtzec9mdkf70j ' | ||
description: A Valid DefraDB Policy Interface | ||
actor: | ||
name: actor | ||
resources: | ||
users: | ||
permissions: | ||
read: | ||
expr: owner + reader | ||
write: | ||
expr: owner | ||
relations: | ||
owner: | ||
types: | ||
- actor | ||
reader: | ||
types: | ||
- actor | ||
' | ||
Example: add from file: | ||
defradb client acp policy add -i cosmos17r39df0hdcrgnmmw4mvu7qgk5nu888c7uvv37y -f policy.yml | ||
Example: add from file, verbose flags: | ||
defradb client acp policy add --identity cosmos1kpw734v54g0t0d8tcye8ee5jc3gld0tcr2q473 --file policy.yml | ||
Example: add from stdin: | ||
cat policy.yml | defradb client acp policy add - | ||
Learn more about the DefraDB Policy Interface [TODO-ACP insert DPI Instruction link] | ||
`, | ||
RunE: func(cmd *cobra.Command, args []string) error { | ||
if identitySignature == "" { | ||
return NewErrRequiredFlagEmpty(identityFlagLongRequired, identityFlagShortRequired) | ||
} | ||
|
||
// TODO-ACP | ||
// Handle required signature identity argument. | ||
// Validate Identity that is provided to see if it is valid, | ||
// if it is then all good, otherwise return this Error: | ||
// return NewErrRequiredFlagInvalid(identityFlagLongRequired, identityFlagShortRequired) | ||
|
||
// Handle policy argument. | ||
extraArgsProvided := len(args) | ||
var policy string | ||
switch { | ||
case policyFile != "": | ||
data, err := os.ReadFile(policyFile) | ||
if err != nil { | ||
return err | ||
} | ||
policy = string(data) | ||
|
||
case extraArgsProvided > 0 && args[extraArgsProvided-1] == "-": | ||
data, err := io.ReadAll(cmd.InOrStdin()) | ||
if err != nil { | ||
return err | ||
} | ||
policy = string(data) | ||
|
||
case extraArgsProvided > 0: | ||
policy = args[0] | ||
|
||
default: | ||
return ErrPolicyFileArgCanNotBeEmpty | ||
} | ||
|
||
store := mustGetContextStore(cmd) | ||
policyResult, err := store.AddPolicy( | ||
cmd.Context(), | ||
identitySignature, | ||
policy, | ||
) | ||
|
||
if err != nil { | ||
return err | ||
} | ||
|
||
return writeJSON(cmd, policyResult) | ||
}, | ||
} | ||
cmd.Flags().StringVarP(&policyFile, fileFlagLong, fileFlagShort, "", "File to load a policy from") | ||
cmd.Flags().StringVarP( | ||
&identitySignature, | ||
identityFlagLongRequired, | ||
identityFlagShortRequired, | ||
"", | ||
"[Required] Signature identity of the creator", | ||
) | ||
_ = cmd.MarkFlagRequired(identityFlagLongRequired) | ||
|
||
return cmd | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters