From f2ddb9564cc8e020840e26ccc3bb7c08b1a9a1dd Mon Sep 17 00:00:00 2001 From: Ronen Hilewicz Date: Wed, 27 Nov 2024 18:33:35 -0500 Subject: [PATCH] Take IdentityContext in AuthorizerClient.query And update java-directory and java-authorizer --- .gitignore | 1 + examples/authz-example/pom.xml | 4 +- examples/directory-example/pom.xml | 4 +- pom.xml | 6 +- .../java/com/aserto/AuthorizerClient.java | 10 +- .../com/aserto/authorizer/AuthzClient.java | 18 +- .../aserto/directory/v3/DirectoryClient.java | 276 +++++++++--------- 7 files changed, 167 insertions(+), 152 deletions(-) diff --git a/.gitignore b/.gitignore index b210962..ddcd232 100644 --- a/.gitignore +++ b/.gitignore @@ -26,3 +26,4 @@ hs_err_pid* # IDE specific .idea/ +.factorypath diff --git a/examples/authz-example/pom.xml b/examples/authz-example/pom.xml index 5a6956e..07da956 100644 --- a/examples/authz-example/pom.xml +++ b/examples/authz-example/pom.xml @@ -18,7 +18,7 @@ com.aserto aserto-java - 0.31.1 + 0.31.4 @@ -51,4 +51,4 @@ - \ No newline at end of file + diff --git a/examples/directory-example/pom.xml b/examples/directory-example/pom.xml index 1989944..9eae05c 100644 --- a/examples/directory-example/pom.xml +++ b/examples/directory-example/pom.xml @@ -18,7 +18,7 @@ com.aserto aserto-java - 0.31.1 + 0.31.4 @@ -51,4 +51,4 @@ - \ No newline at end of file + diff --git a/pom.xml b/pom.xml index 01749a2..d21ce8c 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.aserto aserto-java - 0.31.3 + 0.31.4 ${project.groupId}:${project.artifactId} Java SDK to interact with aserto services @@ -50,12 +50,12 @@ com.aserto java-authorizer - 0.20.13 + 0.20.14 com.aserto java-directory - 0.31.4 + 0.31.5 diff --git a/src/main/java/com/aserto/AuthorizerClient.java b/src/main/java/com/aserto/AuthorizerClient.java index 9d9a477..4fc911b 100644 --- a/src/main/java/com/aserto/AuthorizerClient.java +++ b/src/main/java/com/aserto/AuthorizerClient.java @@ -12,10 +12,18 @@ public interface AuthorizerClient { public List listPolicies(String policyName, String policyLabel); + public Module getPolicy(String policyId); + public List is(IdentityCtx identityCtx, PolicyCtx policyCtx); + public List is(IdentityCtx identityCtx, PolicyCtx policyCtx, Map resourceCtx); - public Struct query(String query, PolicyCtx policyContext, Map values); + + public Struct query(String query, PolicyCtx policyContext, Map resourceCtx); + + public Struct query(String query, IdentityCtx identityCtx, PolicyCtx policyContext, Map resourceCtx); + public Map decisionTree(IdentityCtx identityCtx, PolicyCtx policyCtx); + public void close(); } diff --git a/src/main/java/com/aserto/authorizer/AuthzClient.java b/src/main/java/com/aserto/authorizer/AuthzClient.java index dcc3b34..c030ee6 100644 --- a/src/main/java/com/aserto/authorizer/AuthzClient.java +++ b/src/main/java/com/aserto/authorizer/AuthzClient.java @@ -19,6 +19,7 @@ import com.aserto.authorizer.v2.QueryRequest; import com.aserto.authorizer.v2.QueryResponse; import com.aserto.authorizer.v2.api.IdentityContext; +import com.aserto.authorizer.v2.api.IdentityType; import com.aserto.authorizer.v2.api.Module; import com.aserto.authorizer.v2.api.PolicyContext; import com.aserto.authorizer.v2.api.PolicyInstance; @@ -32,6 +33,7 @@ public class AuthzClient implements AuthorizerClient { private final AuthorizerGrpc.AuthorizerBlockingStub client; private final ManagedChannel channel; + public AuthzClient(ManagedChannel channel) { client = AuthorizerGrpc.newBlockingStub(channel); this.channel = channel; @@ -84,21 +86,29 @@ public List is(IdentityCtx identityCtx, PolicyCtx policyCtx, Map values) { + public Struct query(String query, IdentityCtx identityCtx, PolicyCtx policyContext, + Map resourceCtx) { QueryRequest.Builder queryRequestBuilder = QueryRequest.newBuilder(); queryRequestBuilder.setQuery(query); + IdentityContext identityContext = buildIdentityContext(identityCtx); PolicyInstance policy = buildPolicy(policyContext.getName()); - Struct.Builder structBuilder = buildResourceContext(values); + Struct.Builder resourceContext = buildResourceContext(resourceCtx); + queryRequestBuilder.setIdentityContext(identityContext); queryRequestBuilder.setPolicyInstance(policy); - queryRequestBuilder.setResourceContext(structBuilder); + queryRequestBuilder.setResourceContext(resourceContext); QueryResponse queryResponse = client.query(queryRequestBuilder.build()); return queryResponse.getResponse(); } + @Override + public Struct query(String query, PolicyCtx policyContext, Map resourceCtx) { + return query(query, new IdentityCtx("", IdentityType.IDENTITY_TYPE_NONE), policyContext, resourceCtx); + } + @Override public Map decisionTree(IdentityCtx identityCtx, PolicyCtx policyCtx) { DecisionTreeRequest.Builder decisionTreeBuilder = DecisionTreeRequest.newBuilder(); @@ -129,7 +139,7 @@ private PolicyInstance buildPolicy(String name) { } private IdentityContext buildIdentityContext(IdentityCtx identityContext) { - IdentityContext.Builder identityContextBuilder = IdentityContext.newBuilder(); + IdentityContext.Builder identityContextBuilder = IdentityContext.newBuilder(); identityContextBuilder.setIdentity(identityContext.getIdentity()); identityContextBuilder.setType(identityContext.getIdentityType()); diff --git a/src/main/java/com/aserto/directory/v3/DirectoryClient.java b/src/main/java/com/aserto/directory/v3/DirectoryClient.java index f3eef6c..d92786f 100644 --- a/src/main/java/com/aserto/directory/v3/DirectoryClient.java +++ b/src/main/java/com/aserto/directory/v3/DirectoryClient.java @@ -19,7 +19,6 @@ import com.google.protobuf.Struct; import com.aserto.directory.common.v3.Object; - import com.google.protobuf.Timestamp; import io.grpc.ManagedChannel; import io.grpc.Status; @@ -51,12 +50,11 @@ public class DirectoryClient implements DirectoryClientReader, private ModelGrpc.ModelStub modelClientAsync; public DirectoryClient( - ManagedChannel readerChannel, - ManagedChannel writerChannel, - ManagedChannel importerChannel, - ManagedChannel exporterChannel, - ManagedChannel modelChannel - ) { + ManagedChannel readerChannel, + ManagedChannel writerChannel, + ManagedChannel importerChannel, + ManagedChannel exporterChannel, + ManagedChannel modelChannel) { if (readerChannel != null) { readerClient = ReaderGrpc.newBlockingStub(readerChannel); } @@ -92,8 +90,10 @@ public DirectoryClient(ManagedChannel managedChannel) { public GetObjectResponse getObject(String type, String id) throws UninitilizedClientException { return getObject(type, id, false); } + @Override - public GetObjectResponse getObject(String type, String id, boolean withRelations) throws UninitilizedClientException { + public GetObjectResponse getObject(String type, String id, boolean withRelations) + throws UninitilizedClientException { if (readerClient == null) { throw new UninitilizedClientException("Reader client is not initialized"); } @@ -111,7 +111,8 @@ public GetObjectsResponse getObjects(String type) throws UninitilizedClientExcep } @Override - public GetObjectsResponse getObjects(String type, int pageSize, String pageToken) throws UninitilizedClientException { + public GetObjectsResponse getObjects(String type, int pageSize, String pageToken) + throws UninitilizedClientException { if (readerClient == null) { throw new UninitilizedClientException("Reader client is not initialized"); } @@ -123,7 +124,8 @@ public GetObjectsResponse getObjects(String type, int pageSize, String pageToken } @Override - public GetObjectManyResponse getObjectManyRequest(List objectIdentifiers) throws UninitilizedClientException { + public GetObjectManyResponse getObjectManyRequest(List objectIdentifiers) + throws UninitilizedClientException { if (readerClient == null) { throw new UninitilizedClientException("Reader client is not initialized"); } @@ -142,49 +144,45 @@ private PaginationRequest buildPaginationRequest(int pageSize, String pageToken) @Override public GetRelationResponse getRelation( - String objectType, - String objectId, - String relationName, - String subjectType, - String subjectId - ) throws UninitilizedClientException { + String objectType, + String objectId, + String relationName, + String subjectType, + String subjectId) throws UninitilizedClientException { return getRelation(objectType, objectId, relationName, subjectType, subjectId, "", false); } @Override public GetRelationResponse getRelation( - String objectType, - String objectId, - String relationName, - String subjectType, - String subjectId, - boolean withObjects - ) throws UninitilizedClientException { + String objectType, + String objectId, + String relationName, + String subjectType, + String subjectId, + boolean withObjects) throws UninitilizedClientException { return getRelation(objectType, objectId, relationName, subjectType, subjectId, "", withObjects); } @Override public GetRelationResponse getRelation( - String objectType, - String objectId, - String relationName, - String subjectType, - String subjectId, - String subjectRelation - ) throws UninitilizedClientException { + String objectType, + String objectId, + String relationName, + String subjectType, + String subjectId, + String subjectRelation) throws UninitilizedClientException { return getRelation(objectType, objectId, relationName, subjectType, subjectId, subjectRelation, false); } @Override public GetRelationResponse getRelation( - String objectType, - String objectId, - String relationName, - String subjectType, - String subjectId, - String subjectRelation, - boolean withObjects - ) throws UninitilizedClientException { + String objectType, + String objectId, + String relationName, + String subjectType, + String subjectId, + String subjectRelation, + boolean withObjects) throws UninitilizedClientException { if (readerClient == null) { throw new UninitilizedClientException("Reader client is not initialized"); } @@ -212,35 +210,36 @@ public GetRelationsResponse getRelations(GetRelationsRequest relationsRequest) t /** * Checks whether a subject has a given permission on an object. * - * @deprecated use @link {@link #check(String, String, String, String, String)} instead. + * @deprecated use @link {@link #check(String, String, String, String, String)} + * instead. */ @Deprecated @Override public CheckPermissionResponse checkPermission( - String objectType, - String objectId, - String subjectType, - String subjectId, - String permissionName - ) throws UninitilizedClientException { + String objectType, + String objectId, + String subjectType, + String subjectId, + String permissionName) throws UninitilizedClientException { return checkPermission(objectType, objectId, subjectType, subjectId, permissionName, false); } /** * Checks whether a subject has a given permission on an object. * - * @deprecated use @link {@link #check(String, String, String, String, String, boolean)} instead. + * @deprecated use @link + * {@link #check(String, String, String, String, String, boolean)} + * instead. */ @Deprecated @Override public CheckPermissionResponse checkPermission( - String objectType, - String objectId, - String subjectType, - String subjectId, - String permissionName, - boolean trace - ) throws UninitilizedClientException { + String objectType, + String objectId, + String subjectType, + String subjectId, + String permissionName, + boolean trace) throws UninitilizedClientException { if (readerClient == null) { throw new UninitilizedClientException("Reader client is not initialized"); } @@ -258,35 +257,36 @@ public CheckPermissionResponse checkPermission( /** * Checks whether a subject has a given relation to an object. * - * @deprecated use @link {@link #check(String, String, String, String, String)} instead. + * @deprecated use @link {@link #check(String, String, String, String, String)} + * instead. */ @Deprecated @Override public CheckRelationResponse checkRelation( - String objectType, - String objectId, - String relationName, - String subjectType, - String subjectId - ) throws UninitilizedClientException { + String objectType, + String objectId, + String relationName, + String subjectType, + String subjectId) throws UninitilizedClientException { return checkRelation(objectType, objectId, relationName, subjectType, subjectId, false); } /** * Checks whether a subject has a given relation to an object. * - * @deprecated use @link {@link #check(String, String, String, String, String, boolean)} instead. + * @deprecated use @link + * {@link #check(String, String, String, String, String, boolean)} + * instead. */ @Deprecated @Override public CheckRelationResponse checkRelation( - String objectType, - String objectId, - String relationName, - String subjectType, - String subjectId, - boolean trace - ) throws UninitilizedClientException { + String objectType, + String objectId, + String relationName, + String subjectType, + String subjectId, + boolean trace) throws UninitilizedClientException { if (readerClient == null) { throw new UninitilizedClientException("Reader client is not initialized"); } @@ -303,24 +303,22 @@ public CheckRelationResponse checkRelation( @Override public CheckResponse check( - String objectType, - String objectId, - String relationName, - String subjectType, - String subjectId - ) throws UninitilizedClientException { + String objectType, + String objectId, + String relationName, + String subjectType, + String subjectId) throws UninitilizedClientException { return check(objectType, objectId, relationName, subjectType, subjectId, false); } @Override public CheckResponse check( - String objectType, - String objectId, - String relationName, - String subjectType, - String subjectId, - boolean trace - ) throws UninitilizedClientException { + String objectType, + String objectId, + String relationName, + String subjectType, + String subjectId, + boolean trace) throws UninitilizedClientException { if (readerClient == null) { throw new UninitilizedClientException("Reader client is not initialized"); } @@ -347,12 +345,11 @@ public SetObjectResponse setObject(String type, String id) throws UninitilizedCl @Override public SetObjectResponse setObject( - String type, - String id, - String displayName, - Struct properties, - String hash - ) throws UninitilizedClientException { + String type, + String id, + String displayName, + Struct properties, + String hash) throws UninitilizedClientException { if (writerClient == null) { throw new UninitilizedClientException("Writer client is not initialized"); } @@ -368,8 +365,8 @@ public SetObjectResponse setObject( .setDisplayName(displayName) .setProperties(properties) .setCreatedAt(timestamp) - .build() - ).build(); + .build()) + .build(); return writerClient.setObject(objRequest); } @@ -380,7 +377,8 @@ public DeleteObjectResponse deleteObject(String type, String id) throws Uninitil } @Override - public DeleteObjectResponse deleteObject(String type, String id, boolean withRelations) throws UninitilizedClientException { + public DeleteObjectResponse deleteObject(String type, String id, boolean withRelations) + throws UninitilizedClientException { if (writerClient == null) { throw new UninitilizedClientException("Writer client is not initialized"); } @@ -394,12 +392,11 @@ public DeleteObjectResponse deleteObject(String type, String id, boolean withRel @Override public SetRelationResponse setRelation( - String objectType, - String objectId, - String relationName, - String subjectType, - String subjectId - ) throws UninitilizedClientException { + String objectType, + String objectId, + String relationName, + String subjectType, + String subjectId) throws UninitilizedClientException { if (writerClient == null) { throw new UninitilizedClientException("Writer client is not initialized"); } @@ -417,13 +414,12 @@ public SetRelationResponse setRelation( @Override public SetRelationResponse setRelation( - String objectType, - String objectId, - String relationName, - String subjectType, - String subjectId, - String subjectRelation - ) throws UninitilizedClientException { + String objectType, + String objectId, + String relationName, + String subjectType, + String subjectId, + String subjectRelation) throws UninitilizedClientException { if (writerClient == null) { throw new UninitilizedClientException("Writer client is not initialized"); } @@ -442,14 +438,13 @@ public SetRelationResponse setRelation( @Override public SetRelationResponse setRelation( - String objectType, - String objectId, - String relationName, - String subjectType, - String subjectId, - String subjectRelation, - String hash - ) throws UninitilizedClientException { + String objectType, + String objectId, + String relationName, + String subjectType, + String subjectId, + String subjectRelation, + String hash) throws UninitilizedClientException { if (writerClient == null) { throw new UninitilizedClientException("Writer client is not initialized"); } @@ -469,12 +464,11 @@ public SetRelationResponse setRelation( @Override public DeleteRelationResponse deleteRelation( - String objectType, - String objectId, - String relationName, - String subjectType, - String subjectId - ) throws UninitilizedClientException { + String objectType, + String objectId, + String relationName, + String subjectType, + String subjectId) throws UninitilizedClientException { if (writerClient == null) { throw new UninitilizedClientException("Writer client is not initialized"); } @@ -490,13 +484,12 @@ public DeleteRelationResponse deleteRelation( @Override public DeleteRelationResponse deleteRelation( - String objectType, - String objectId, - String relationName, - String subjectType, - String subjectId, - String subjectRelation - ) throws UninitilizedClientException { + String objectType, + String objectId, + String relationName, + String subjectType, + String subjectId, + String subjectRelation) throws UninitilizedClientException { if (writerClient == null) { throw new UninitilizedClientException("Writer client is not initialized"); } @@ -518,12 +511,11 @@ public GetManifestResponse getManifest() throws UninitilizedClientException { } GetManifestRequest manifestRequest = GetManifestRequest.newBuilder().build(); - Iterator manifestResponses = modelClient.getManifest(manifestRequest); - - Metadata.Builder metadataBuilder = Metadata.newBuilder(); + Iterator manifestResponses = modelClient.getManifest(manifestRequest); + Metadata.Builder metadataBuilder = Metadata.newBuilder(); - ByteArrayOutputStream outputStream = new ByteArrayOutputStream( ); + ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); manifestResponses.forEachRemaining(manifestResponse -> { if (!manifestResponse.getMetadata().getAllFields().isEmpty()) { manifestResponse.getMetadata().getAllFields().forEach(metadataBuilder::setField); @@ -531,7 +523,8 @@ public GetManifestResponse getManifest() throws UninitilizedClientException { try { outputStream.write(manifestResponse.getBody().getData().toByteArray()); } catch (IOException e) { - logger.error("Could not write to stream the fallowing message: {}", manifestResponse.getBody().getData().toByteArray()); + logger.error("Could not write to stream the fallowing message: {}", + manifestResponse.getBody().getData().toByteArray()); } } }); @@ -587,7 +580,6 @@ public void onCompleted() { } } - @Override public DeleteManifestResponse deleteManifest() throws UninitilizedClientException { if (modelClient == null) { @@ -597,13 +589,16 @@ public DeleteManifestResponse deleteManifest() throws UninitilizedClientExceptio return modelClient.deleteManifest(DeleteManifestRequest.newBuilder().build()); } + @Deprecated @Override - public void importData(Stream importStream) throws InterruptedException, UninitilizedClientException { + public void importData(Stream importStream) + throws InterruptedException, UninitilizedClientException { importData(importStream, new NullImportHandler()); } @Override - public Status importData(Stream importStream, ImportHandler handler) throws InterruptedException, UninitilizedClientException { + public Status importData(Stream importStream, ImportHandler handler) + throws InterruptedException, UninitilizedClientException { if (importerClient == null) { throw new UninitilizedClientException("Import client is not initialized"); } @@ -612,14 +607,15 @@ public Status importData(Stream importStream, ImportHandler handl StreamObserver requests = importerClient.import_(responses); importStream.takeWhile( - t -> responses.getStatus().isOk() - ).forEach(importElement -> { - if (importElement.getObject() != null) { - requests.onNext(ImportRequest.newBuilder().setOpCode(importElement.getOpcode()).setObject(importElement.getObject()).build()); - } else if (importElement.getRelation() != null) { - requests.onNext(ImportRequest.newBuilder().setOpCode(importElement.getOpcode()).setRelation(importElement.getRelation()).build()); - } - }); + t -> responses.getStatus().isOk()).forEach(importElement -> { + if (importElement.getObject() != null) { + requests.onNext(ImportRequest.newBuilder().setOpCode(importElement.getOpcode()) + .setObject(importElement.getObject()).build()); + } else if (importElement.getRelation() != null) { + requests.onNext(ImportRequest.newBuilder().setOpCode(importElement.getOpcode()) + .setRelation(importElement.getRelation()).build()); + } + }); requests.onCompleted(); return responses.await(5, TimeUnit.SECONDS);