SMQ-2604 - Change PAT repo implementation (#2680)

Signed-off-by: nyagamunene <[email protected]> Signed-off-by: Arvindh <[email protected]> Co-authored-by: Arvindh <[email protected]>
absmach · Feb 27, 2025 · 17b5224 · 17b5224
1 parent 56829c1
commit 17b5224
Show file tree

Hide file tree

Showing 47 changed files with 2,500 additions and 2,605 deletions.
diff --git a/api/grpc/auth/v1/auth.pb.go b/api/grpc/auth/v1/auth.pb.go
diff --git a/auth/api/grpc/auth/client.go b/auth/api/grpc/auth/client.go
@@ -151,13 +151,12 @@ func (client authGrpcClient) AuthorizePAT(ctx context.Context, req *grpcAuthV1.A
 	defer cancel()
 
 	res, err := client.authorizePAT(ctx, authPATReq{
-		userID:                   req.GetUserId(),
-		patID:                    req.GetPatId(),
-		platformEntityType:       auth.PlatformEntityType(req.GetPlatformEntityType()),
-		optionalDomainID:         req.GetOptionalDomainId(),
-		optionalDomainEntityType: auth.DomainEntityType(req.GetOptionalDomainEntityType()),
-		operation:                auth.OperationType(req.GetOperation()),
-		entityIDs:                req.GetEntityIds(),
+		userID:           req.GetUserId(),
+		patID:            req.GetPatId(),
+		entityType:       auth.EntityType(req.GetEntityType()),
+		optionalDomainID: req.GetOptionalDomainId(),
+		operation:        auth.Operation(req.GetOperation()),
+		entityID:         req.GetEntityId(),
 	})
 	if err != nil {
 		return &grpcAuthV1.AuthZRes{}, grpcapi.DecodeError(err)
@@ -170,12 +169,11 @@ func (client authGrpcClient) AuthorizePAT(ctx context.Context, req *grpcAuthV1.A
 func encodeAuthorizePATRequest(_ context.Context, grpcReq interface{}) (interface{}, error) {
 	req := grpcReq.(authPATReq)
 	return &grpcAuthV1.AuthZPatReq{
-		UserId:                   req.userID,
-		PatId:                    req.patID,
-		PlatformEntityType:       uint32(req.platformEntityType),
-		OptionalDomainId:         req.optionalDomainID,
-		OptionalDomainEntityType: uint32(req.optionalDomainEntityType),
-		Operation:                uint32(req.operation),
-		EntityIds:                req.entityIDs,
+		UserId:           req.userID,
+		PatId:            req.patID,
+		EntityType:       uint32(req.entityType),
+		OptionalDomainId: req.optionalDomainID,
+		Operation:        uint32(req.operation),
+		EntityId:         req.entityID,
 	}, nil
 }
diff --git a/auth/api/grpc/auth/endpoint.go b/auth/api/grpc/auth/endpoint.go
@@ -74,7 +74,7 @@ func authorizePATEndpoint(svc auth.Service) endpoint.Endpoint {
 		if err := req.validate(); err != nil {
 			return authorizeRes{}, err
 		}
-		err := svc.AuthorizePAT(ctx, req.userID, req.patID, req.platformEntityType, req.optionalDomainID, req.optionalDomainEntityType, req.operation, req.entityIDs...)
+		err := svc.AuthorizePAT(ctx, req.userID, req.patID, req.entityType, req.optionalDomainID, req.operation, req.entityID)
 		if err != nil {
 			return authorizeRes{authorized: false}, err
 		}

diff --git a/auth/api/grpc/auth/endpoint_test.go b/auth/api/grpc/auth/endpoint_test.go
@@ -301,13 +301,12 @@ func TestAuthorizePAT(t *testing.T) {
 			desc:  "authorize user with authorized token",
 			token: validPATToken,
 			authRequest: &grpcAuthV1.AuthZPatReq{
-				UserId:                   id,
-				PatId:                    id,
-				PlatformEntityType:       uint32(auth.PlatformDomainsScope),
-				OptionalDomainId:         domainID,
-				OptionalDomainEntityType: uint32(auth.DomainClientsScope),
-				Operation:                uint32(auth.CreateOp),
-				EntityIds:                []string{clientID},
+				UserId:           id,
+				PatId:            id,
+				EntityType:       uint32(auth.ClientsType),
+				OptionalDomainId: domainID,
+				Operation:        uint32(auth.CreateOp),
+				EntityId:         clientID,
 			},
 			authResponse: &grpcAuthV1.AuthZRes{Authorized: true},
 			err:          nil,
@@ -316,13 +315,12 @@ func TestAuthorizePAT(t *testing.T) {
 			desc:  "authorize user with unauthorized token",
 			token: inValidPATToken,
 			authRequest: &grpcAuthV1.AuthZPatReq{
-				UserId:                   id,
-				PatId:                    id,
-				PlatformEntityType:       uint32(auth.PlatformDomainsScope),
-				OptionalDomainId:         domainID,
-				OptionalDomainEntityType: uint32(auth.DomainClientsScope),
-				Operation:                uint32(auth.CreateOp),
-				EntityIds:                []string{clientID},
+				UserId:           id,
+				PatId:            id,
+				EntityType:       uint32(auth.ClientsType),
+				OptionalDomainId: domainID,
+				Operation:        uint32(auth.CreateOp),
+				EntityId:         clientID,
 			},
 			authResponse: &grpcAuthV1.AuthZRes{Authorized: false},
 			err:          svcerr.ErrAuthorization,
@@ -331,12 +329,11 @@ func TestAuthorizePAT(t *testing.T) {
 			desc:  "authorize user with missing user id",
 			token: validPATToken,
 			authRequest: &grpcAuthV1.AuthZPatReq{
-				PatId:                    id,
-				PlatformEntityType:       uint32(auth.PlatformDomainsScope),
-				OptionalDomainId:         domainID,
-				OptionalDomainEntityType: uint32(auth.DomainClientsScope),
-				Operation:                uint32(auth.CreateOp),
-				EntityIds:                []string{clientID},
+				PatId:            id,
+				EntityType:       uint32(auth.ClientsType),
+				OptionalDomainId: domainID,
+				Operation:        uint32(auth.CreateOp),
+				EntityId:         clientID,
 			},
 			authResponse: &grpcAuthV1.AuthZRes{Authorized: false},
 			err:          apiutil.ErrMissingUserID,
@@ -345,12 +342,11 @@ func TestAuthorizePAT(t *testing.T) {
 			desc:  "authorize user with missing pat id",
 			token: validPATToken,
 			authRequest: &grpcAuthV1.AuthZPatReq{
-				UserId:                   id,
-				PlatformEntityType:       uint32(auth.PlatformDomainsScope),
-				OptionalDomainId:         domainID,
-				OptionalDomainEntityType: uint32(auth.DomainClientsScope),
-				Operation:                uint32(auth.CreateOp),
-				EntityIds:                []string{clientID},
+				UserId:           id,
+				EntityType:       uint32(auth.ClientsType),
+				OptionalDomainId: domainID,
+				Operation:        uint32(auth.CreateOp),
+				EntityId:         clientID,
 			},
 			authResponse: &grpcAuthV1.AuthZRes{Authorized: false},
 			err:          apiutil.ErrMissingPATID,

diff --git a/auth/api/grpc/auth/requests.go b/auth/api/grpc/auth/requests.go
@@ -52,13 +52,12 @@ func (req authReq) validate() error {
 }
 
 type authPATReq struct {
-	userID                   string
-	patID                    string
-	platformEntityType       auth.PlatformEntityType
-	optionalDomainID         string
-	optionalDomainEntityType auth.DomainEntityType
-	operation                auth.OperationType
-	entityIDs                []string
+	userID           string
+	patID            string
+	entityType       auth.EntityType
+	optionalDomainID string
+	operation        auth.Operation
+	entityID         string
 }
 
 func (req authPATReq) validate() error {

diff --git a/auth/api/grpc/auth/server.go b/auth/api/grpc/auth/server.go
@@ -112,13 +112,12 @@ func encodeAuthorizeResponse(_ context.Context, grpcRes interface{}) (interface{
 func decodeAuthorizePATRequest(_ context.Context, grpcReq interface{}) (interface{}, error) {
 	req := grpcReq.(*grpcAuthV1.AuthZPatReq)
 	return authPATReq{
-		userID:                   req.GetUserId(),
-		patID:                    req.GetPatId(),
-		platformEntityType:       auth.PlatformEntityType(req.GetPlatformEntityType()),
-		optionalDomainID:         req.GetOptionalDomainId(),
-		optionalDomainEntityType: auth.DomainEntityType(req.GetOptionalDomainEntityType()),
-		operation:                auth.OperationType(req.GetOperation()),
-		entityIDs:                req.GetEntityIds(),
+		userID:           req.GetUserId(),
+		patID:            req.GetPatId(),
+		entityType:       auth.EntityType(req.GetEntityType()),
+		optionalDomainID: req.GetOptionalDomainId(),
+		operation:        auth.Operation(req.GetOperation()),
+		entityID:         req.GetEntityId(),
 	}, nil
 }
 

diff --git a/auth/api/http/keys/endpoint_test.go b/auth/api/http/keys/endpoint_test.go
@@ -70,13 +70,14 @@ func (tr testRequest) make() (*http.Response, error) {
 func newService() (auth.Service, *mocks.KeyRepository) {
 	krepo := new(mocks.KeyRepository)
 	pRepo := new(mocks.PATSRepository)
+	cache := new(mocks.Cache)
 	hash := new(mocks.Hasher)
 	idProvider := uuid.NewMock()
 	pService := new(policymocks.Service)
 	pEvaluator := new(policymocks.Evaluator)
 	t := jwt.New([]byte(secret))
 
-	return auth.New(krepo, pRepo, hash, idProvider, t, pEvaluator, pService, loginDuration, refreshDuration, invalidDuration), krepo
+	return auth.New(krepo, pRepo, cache, hash, idProvider, t, pEvaluator, pService, loginDuration, refreshDuration, invalidDuration), krepo
 }
 
 func newServer(svc auth.Service) *httptest.Server {