From 465cb268da79d4f7dfb1d32890ccb163d218e180 Mon Sep 17 00:00:00 2001 From: Arvindh Date: Tue, 4 Feb 2025 15:39:02 +0530 Subject: [PATCH] add: remove member from entity Signed-off-by: Arvindh --- api/http/util/errors.go | 4 +- channels/mocks/repository.go | 54 +++++++-- channels/mocks/service.go | 24 ++-- clients/mocks/repository.go | 54 +++++++-- clients/mocks/service.go | 24 ++-- domains/mocks/repository.go | 54 +++++++-- domains/mocks/service.go | 24 ++-- groups/mocks/repository.go | 54 +++++++-- groups/mocks/service.go | 24 ++-- pkg/roles/mocks/rolemanager.go | 24 ++-- pkg/roles/mocks/rolesRepo.go | 54 +++++++-- pkg/roles/provisionmanage.go | 65 +++++++++- pkg/roles/repo/postgres/roles.go | 111 +++++++++++++++++- pkg/roles/rolemanager/api/decoders.go | 4 +- pkg/roles/rolemanager/api/endpoints.go | 6 +- pkg/roles/rolemanager/api/requests.go | 14 +-- pkg/roles/rolemanager/api/router.go | 6 +- .../rolemanager/events/consumer/decode.go | 1 + .../rolemanager/events/consumer/handler.go | 22 ++-- pkg/roles/rolemanager/events/events.go | 14 +-- pkg/roles/rolemanager/events/streams.go | 8 +- .../rolemanager/middleware/authoirzation.go | 4 +- pkg/roles/rolemanager/middleware/logging.go | 6 +- pkg/roles/rolemanager/middleware/meterics.go | 4 +- pkg/roles/rolemanager/tracing/tracing.go | 4 +- pkg/roles/roles.go | 8 +- 26 files changed, 494 insertions(+), 177 deletions(-) diff --git a/api/http/util/errors.go b/api/http/util/errors.go index 6113c2b8ae..c5146dde22 100644 --- a/api/http/util/errors.go +++ b/api/http/util/errors.go @@ -141,8 +141,8 @@ var ( // ErrInvalidComparator indicates an invalid comparator. ErrInvalidComparator = errors.New("invalid comparator") - // ErrMissingMemberIDs indicates missing member ids. - ErrMissingMemberIDs = errors.New("missing member ids") + // ErrMissingMemberID indicates missing member id. + ErrMissingMemberID = errors.New("missing member id") // ErrMissingMemberType indicates missing group member type. ErrMissingMemberType = errors.New("missing group member type") diff --git a/channels/mocks/repository.go b/channels/mocks/repository.go index af480c83fe..cca3cc679d 100644 --- a/channels/mocks/repository.go +++ b/channels/mocks/repository.go @@ -294,17 +294,17 @@ func (_m *Repository) RemoveConnections(ctx context.Context, conns []channels.Co return r0 } -// RemoveEntityMembers provides a mock function with given fields: ctx, entityID, members -func (_m *Repository) RemoveEntityMembers(ctx context.Context, entityID string, members []string) error { - ret := _m.Called(ctx, entityID, members) +// RemoveMemberFromAllRoles provides a mock function with given fields: ctx, memberID +func (_m *Repository) RemoveMemberFromAllRoles(ctx context.Context, memberID string) error { + ret := _m.Called(ctx, memberID) if len(ret) == 0 { - panic("no return value specified for RemoveEntityMembers") + panic("no return value specified for RemoveMemberFromAllRoles") } var r0 error - if rf, ok := ret.Get(0).(func(context.Context, string, []string) error); ok { - r0 = rf(ctx, entityID, members) + if rf, ok := ret.Get(0).(func(context.Context, string) error); ok { + r0 = rf(ctx, memberID) } else { r0 = ret.Error(0) } @@ -312,17 +312,17 @@ func (_m *Repository) RemoveEntityMembers(ctx context.Context, entityID string, return r0 } -// RemoveMemberFromAllRoles provides a mock function with given fields: ctx, memberID -func (_m *Repository) RemoveMemberFromAllRoles(ctx context.Context, memberID string) error { - ret := _m.Called(ctx, memberID) +// RemoveMemberFromEntity provides a mock function with given fields: ctx, entityID, memberID +func (_m *Repository) RemoveMemberFromEntity(ctx context.Context, entityID string, memberID string) error { + ret := _m.Called(ctx, entityID, memberID) if len(ret) == 0 { - panic("no return value specified for RemoveMemberFromAllRoles") + panic("no return value specified for RemoveMemberFromEntity") } var r0 error - if rf, ok := ret.Get(0).(func(context.Context, string) error); ok { - r0 = rf(ctx, memberID) + if rf, ok := ret.Get(0).(func(context.Context, string, string) error); ok { + r0 = rf(ctx, entityID, memberID) } else { r0 = ret.Error(0) } @@ -575,6 +575,36 @@ func (_m *Repository) RetrieveRole(ctx context.Context, roleID string) (roles.Ro return r0, r1 } +// RetrieveRolesByEntityMember provides a mock function with given fields: ctx, entityID, memberID +func (_m *Repository) RetrieveRolesByEntityMember(ctx context.Context, entityID string, memberID string) ([]string, error) { + ret := _m.Called(ctx, entityID, memberID) + + if len(ret) == 0 { + panic("no return value specified for RetrieveRolesByEntityMember") + } + + var r0 []string + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, string, string) ([]string, error)); ok { + return rf(ctx, entityID, memberID) + } + if rf, ok := ret.Get(0).(func(context.Context, string, string) []string); ok { + r0 = rf(ctx, entityID, memberID) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).([]string) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, string, string) error); ok { + r1 = rf(ctx, entityID, memberID) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + // RetrieveUserChannels provides a mock function with given fields: ctx, domainID, userID, pm func (_m *Repository) RetrieveUserChannels(ctx context.Context, domainID string, userID string, pm channels.PageMetadata) (channels.Page, error) { ret := _m.Called(ctx, domainID, userID, pm) diff --git a/channels/mocks/service.go b/channels/mocks/service.go index a0f1fee131..d2203c3d63 100644 --- a/channels/mocks/service.go +++ b/channels/mocks/service.go @@ -320,17 +320,17 @@ func (_m *Service) RemoveChannel(ctx context.Context, session authn.Session, id return r0 } -// RemoveEntityMembers provides a mock function with given fields: ctx, session, entityID, members -func (_m *Service) RemoveEntityMembers(ctx context.Context, session authn.Session, entityID string, members []string) error { - ret := _m.Called(ctx, session, entityID, members) +// RemoveMemberFromAllRoles provides a mock function with given fields: ctx, session, memberID +func (_m *Service) RemoveMemberFromAllRoles(ctx context.Context, session authn.Session, memberID string) error { + ret := _m.Called(ctx, session, memberID) if len(ret) == 0 { - panic("no return value specified for RemoveEntityMembers") + panic("no return value specified for RemoveMemberFromAllRoles") } var r0 error - if rf, ok := ret.Get(0).(func(context.Context, authn.Session, string, []string) error); ok { - r0 = rf(ctx, session, entityID, members) + if rf, ok := ret.Get(0).(func(context.Context, authn.Session, string) error); ok { + r0 = rf(ctx, session, memberID) } else { r0 = ret.Error(0) } @@ -338,17 +338,17 @@ func (_m *Service) RemoveEntityMembers(ctx context.Context, session authn.Sessio return r0 } -// RemoveMemberFromAllRoles provides a mock function with given fields: ctx, session, memberID -func (_m *Service) RemoveMemberFromAllRoles(ctx context.Context, session authn.Session, memberID string) error { - ret := _m.Called(ctx, session, memberID) +// RemoveMemberFromEntity provides a mock function with given fields: ctx, session, entityID, memberID +func (_m *Service) RemoveMemberFromEntity(ctx context.Context, session authn.Session, entityID string, memberID string) error { + ret := _m.Called(ctx, session, entityID, memberID) if len(ret) == 0 { - panic("no return value specified for RemoveMemberFromAllRoles") + panic("no return value specified for RemoveMemberFromEntity") } var r0 error - if rf, ok := ret.Get(0).(func(context.Context, authn.Session, string) error); ok { - r0 = rf(ctx, session, memberID) + if rf, ok := ret.Get(0).(func(context.Context, authn.Session, string, string) error); ok { + r0 = rf(ctx, session, entityID, memberID) } else { r0 = ret.Error(0) } diff --git a/clients/mocks/repository.go b/clients/mocks/repository.go index dab002e409..ebb3664f84 100644 --- a/clients/mocks/repository.go +++ b/clients/mocks/repository.go @@ -258,17 +258,17 @@ func (_m *Repository) RemoveConnections(ctx context.Context, conns []clients.Con return r0 } -// RemoveEntityMembers provides a mock function with given fields: ctx, entityID, members -func (_m *Repository) RemoveEntityMembers(ctx context.Context, entityID string, members []string) error { - ret := _m.Called(ctx, entityID, members) +// RemoveMemberFromAllRoles provides a mock function with given fields: ctx, memberID +func (_m *Repository) RemoveMemberFromAllRoles(ctx context.Context, memberID string) error { + ret := _m.Called(ctx, memberID) if len(ret) == 0 { - panic("no return value specified for RemoveEntityMembers") + panic("no return value specified for RemoveMemberFromAllRoles") } var r0 error - if rf, ok := ret.Get(0).(func(context.Context, string, []string) error); ok { - r0 = rf(ctx, entityID, members) + if rf, ok := ret.Get(0).(func(context.Context, string) error); ok { + r0 = rf(ctx, memberID) } else { r0 = ret.Error(0) } @@ -276,17 +276,17 @@ func (_m *Repository) RemoveEntityMembers(ctx context.Context, entityID string, return r0 } -// RemoveMemberFromAllRoles provides a mock function with given fields: ctx, memberID -func (_m *Repository) RemoveMemberFromAllRoles(ctx context.Context, memberID string) error { - ret := _m.Called(ctx, memberID) +// RemoveMemberFromEntity provides a mock function with given fields: ctx, entityID, memberID +func (_m *Repository) RemoveMemberFromEntity(ctx context.Context, entityID string, memberID string) error { + ret := _m.Called(ctx, entityID, memberID) if len(ret) == 0 { - panic("no return value specified for RemoveMemberFromAllRoles") + panic("no return value specified for RemoveMemberFromEntity") } var r0 error - if rf, ok := ret.Get(0).(func(context.Context, string) error); ok { - r0 = rf(ctx, memberID) + if rf, ok := ret.Get(0).(func(context.Context, string, string) error); ok { + r0 = rf(ctx, entityID, memberID) } else { r0 = ret.Error(0) } @@ -595,6 +595,36 @@ func (_m *Repository) RetrieveRole(ctx context.Context, roleID string) (roles.Ro return r0, r1 } +// RetrieveRolesByEntityMember provides a mock function with given fields: ctx, entityID, memberID +func (_m *Repository) RetrieveRolesByEntityMember(ctx context.Context, entityID string, memberID string) ([]string, error) { + ret := _m.Called(ctx, entityID, memberID) + + if len(ret) == 0 { + panic("no return value specified for RetrieveRolesByEntityMember") + } + + var r0 []string + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, string, string) ([]string, error)); ok { + return rf(ctx, entityID, memberID) + } + if rf, ok := ret.Get(0).(func(context.Context, string, string) []string); ok { + r0 = rf(ctx, entityID, memberID) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).([]string) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, string, string) error); ok { + r1 = rf(ctx, entityID, memberID) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + // RetrieveUserClients provides a mock function with given fields: ctx, domainID, userID, pm func (_m *Repository) RetrieveUserClients(ctx context.Context, domainID string, userID string, pm clients.Page) (clients.ClientsPage, error) { ret := _m.Called(ctx, domainID, userID, pm) diff --git a/clients/mocks/service.go b/clients/mocks/service.go index 1ea36255f0..4799c21de5 100644 --- a/clients/mocks/service.go +++ b/clients/mocks/service.go @@ -282,17 +282,17 @@ func (_m *Service) ListUserClients(ctx context.Context, session authn.Session, u return r0, r1 } -// RemoveEntityMembers provides a mock function with given fields: ctx, session, entityID, members -func (_m *Service) RemoveEntityMembers(ctx context.Context, session authn.Session, entityID string, members []string) error { - ret := _m.Called(ctx, session, entityID, members) +// RemoveMemberFromAllRoles provides a mock function with given fields: ctx, session, memberID +func (_m *Service) RemoveMemberFromAllRoles(ctx context.Context, session authn.Session, memberID string) error { + ret := _m.Called(ctx, session, memberID) if len(ret) == 0 { - panic("no return value specified for RemoveEntityMembers") + panic("no return value specified for RemoveMemberFromAllRoles") } var r0 error - if rf, ok := ret.Get(0).(func(context.Context, authn.Session, string, []string) error); ok { - r0 = rf(ctx, session, entityID, members) + if rf, ok := ret.Get(0).(func(context.Context, authn.Session, string) error); ok { + r0 = rf(ctx, session, memberID) } else { r0 = ret.Error(0) } @@ -300,17 +300,17 @@ func (_m *Service) RemoveEntityMembers(ctx context.Context, session authn.Sessio return r0 } -// RemoveMemberFromAllRoles provides a mock function with given fields: ctx, session, memberID -func (_m *Service) RemoveMemberFromAllRoles(ctx context.Context, session authn.Session, memberID string) error { - ret := _m.Called(ctx, session, memberID) +// RemoveMemberFromEntity provides a mock function with given fields: ctx, session, entityID, memberID +func (_m *Service) RemoveMemberFromEntity(ctx context.Context, session authn.Session, entityID string, memberID string) error { + ret := _m.Called(ctx, session, entityID, memberID) if len(ret) == 0 { - panic("no return value specified for RemoveMemberFromAllRoles") + panic("no return value specified for RemoveMemberFromEntity") } var r0 error - if rf, ok := ret.Get(0).(func(context.Context, authn.Session, string) error); ok { - r0 = rf(ctx, session, memberID) + if rf, ok := ret.Get(0).(func(context.Context, authn.Session, string, string) error); ok { + r0 = rf(ctx, session, entityID, memberID) } else { r0 = ret.Error(0) } diff --git a/domains/mocks/repository.go b/domains/mocks/repository.go index e8aad64c13..566e45fc36 100644 --- a/domains/mocks/repository.go +++ b/domains/mocks/repository.go @@ -122,17 +122,17 @@ func (_m *Repository) ListEntityMembers(ctx context.Context, entityID string, pa return r0, r1 } -// RemoveEntityMembers provides a mock function with given fields: ctx, entityID, members -func (_m *Repository) RemoveEntityMembers(ctx context.Context, entityID string, members []string) error { - ret := _m.Called(ctx, entityID, members) +// RemoveMemberFromAllRoles provides a mock function with given fields: ctx, memberID +func (_m *Repository) RemoveMemberFromAllRoles(ctx context.Context, memberID string) error { + ret := _m.Called(ctx, memberID) if len(ret) == 0 { - panic("no return value specified for RemoveEntityMembers") + panic("no return value specified for RemoveMemberFromAllRoles") } var r0 error - if rf, ok := ret.Get(0).(func(context.Context, string, []string) error); ok { - r0 = rf(ctx, entityID, members) + if rf, ok := ret.Get(0).(func(context.Context, string) error); ok { + r0 = rf(ctx, memberID) } else { r0 = ret.Error(0) } @@ -140,17 +140,17 @@ func (_m *Repository) RemoveEntityMembers(ctx context.Context, entityID string, return r0 } -// RemoveMemberFromAllRoles provides a mock function with given fields: ctx, memberID -func (_m *Repository) RemoveMemberFromAllRoles(ctx context.Context, memberID string) error { - ret := _m.Called(ctx, memberID) +// RemoveMemberFromEntity provides a mock function with given fields: ctx, entityID, memberID +func (_m *Repository) RemoveMemberFromEntity(ctx context.Context, entityID string, memberID string) error { + ret := _m.Called(ctx, entityID, memberID) if len(ret) == 0 { - panic("no return value specified for RemoveMemberFromAllRoles") + panic("no return value specified for RemoveMemberFromEntity") } var r0 error - if rf, ok := ret.Get(0).(func(context.Context, string) error); ok { - r0 = rf(ctx, memberID) + if rf, ok := ret.Get(0).(func(context.Context, string, string) error); ok { + r0 = rf(ctx, entityID, memberID) } else { r0 = ret.Error(0) } @@ -383,6 +383,36 @@ func (_m *Repository) RetrieveRole(ctx context.Context, roleID string) (roles.Ro return r0, r1 } +// RetrieveRolesByEntityMember provides a mock function with given fields: ctx, entityID, memberID +func (_m *Repository) RetrieveRolesByEntityMember(ctx context.Context, entityID string, memberID string) ([]string, error) { + ret := _m.Called(ctx, entityID, memberID) + + if len(ret) == 0 { + panic("no return value specified for RetrieveRolesByEntityMember") + } + + var r0 []string + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, string, string) ([]string, error)); ok { + return rf(ctx, entityID, memberID) + } + if rf, ok := ret.Get(0).(func(context.Context, string, string) []string); ok { + r0 = rf(ctx, entityID, memberID) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).([]string) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, string, string) error); ok { + r1 = rf(ctx, entityID, memberID) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + // RoleAddActions provides a mock function with given fields: ctx, role, actions func (_m *Repository) RoleAddActions(ctx context.Context, role roles.Role, actions []string) ([]string, error) { ret := _m.Called(ctx, role, actions) diff --git a/domains/mocks/service.go b/domains/mocks/service.go index 5523941a87..799d6a7714 100644 --- a/domains/mocks/service.go +++ b/domains/mocks/service.go @@ -256,17 +256,17 @@ func (_m *Service) ListEntityMembers(ctx context.Context, session authn.Session, return r0, r1 } -// RemoveEntityMembers provides a mock function with given fields: ctx, session, entityID, members -func (_m *Service) RemoveEntityMembers(ctx context.Context, session authn.Session, entityID string, members []string) error { - ret := _m.Called(ctx, session, entityID, members) +// RemoveMemberFromAllRoles provides a mock function with given fields: ctx, session, memberID +func (_m *Service) RemoveMemberFromAllRoles(ctx context.Context, session authn.Session, memberID string) error { + ret := _m.Called(ctx, session, memberID) if len(ret) == 0 { - panic("no return value specified for RemoveEntityMembers") + panic("no return value specified for RemoveMemberFromAllRoles") } var r0 error - if rf, ok := ret.Get(0).(func(context.Context, authn.Session, string, []string) error); ok { - r0 = rf(ctx, session, entityID, members) + if rf, ok := ret.Get(0).(func(context.Context, authn.Session, string) error); ok { + r0 = rf(ctx, session, memberID) } else { r0 = ret.Error(0) } @@ -274,17 +274,17 @@ func (_m *Service) RemoveEntityMembers(ctx context.Context, session authn.Sessio return r0 } -// RemoveMemberFromAllRoles provides a mock function with given fields: ctx, session, memberID -func (_m *Service) RemoveMemberFromAllRoles(ctx context.Context, session authn.Session, memberID string) error { - ret := _m.Called(ctx, session, memberID) +// RemoveMemberFromEntity provides a mock function with given fields: ctx, session, entityID, memberID +func (_m *Service) RemoveMemberFromEntity(ctx context.Context, session authn.Session, entityID string, memberID string) error { + ret := _m.Called(ctx, session, entityID, memberID) if len(ret) == 0 { - panic("no return value specified for RemoveMemberFromAllRoles") + panic("no return value specified for RemoveMemberFromEntity") } var r0 error - if rf, ok := ret.Get(0).(func(context.Context, authn.Session, string) error); ok { - r0 = rf(ctx, session, memberID) + if rf, ok := ret.Get(0).(func(context.Context, authn.Session, string, string) error); ok { + r0 = rf(ctx, session, entityID, memberID) } else { r0 = ret.Error(0) } diff --git a/groups/mocks/repository.go b/groups/mocks/repository.go index b785736918..219608a1eb 100644 --- a/groups/mocks/repository.go +++ b/groups/mocks/repository.go @@ -140,17 +140,17 @@ func (_m *Repository) ListEntityMembers(ctx context.Context, entityID string, pa return r0, r1 } -// RemoveEntityMembers provides a mock function with given fields: ctx, entityID, members -func (_m *Repository) RemoveEntityMembers(ctx context.Context, entityID string, members []string) error { - ret := _m.Called(ctx, entityID, members) +// RemoveMemberFromAllRoles provides a mock function with given fields: ctx, memberID +func (_m *Repository) RemoveMemberFromAllRoles(ctx context.Context, memberID string) error { + ret := _m.Called(ctx, memberID) if len(ret) == 0 { - panic("no return value specified for RemoveEntityMembers") + panic("no return value specified for RemoveMemberFromAllRoles") } var r0 error - if rf, ok := ret.Get(0).(func(context.Context, string, []string) error); ok { - r0 = rf(ctx, entityID, members) + if rf, ok := ret.Get(0).(func(context.Context, string) error); ok { + r0 = rf(ctx, memberID) } else { r0 = ret.Error(0) } @@ -158,17 +158,17 @@ func (_m *Repository) RemoveEntityMembers(ctx context.Context, entityID string, return r0 } -// RemoveMemberFromAllRoles provides a mock function with given fields: ctx, memberID -func (_m *Repository) RemoveMemberFromAllRoles(ctx context.Context, memberID string) error { - ret := _m.Called(ctx, memberID) +// RemoveMemberFromEntity provides a mock function with given fields: ctx, entityID, memberID +func (_m *Repository) RemoveMemberFromEntity(ctx context.Context, entityID string, memberID string) error { + ret := _m.Called(ctx, entityID, memberID) if len(ret) == 0 { - panic("no return value specified for RemoveMemberFromAllRoles") + panic("no return value specified for RemoveMemberFromEntity") } var r0 error - if rf, ok := ret.Get(0).(func(context.Context, string) error); ok { - r0 = rf(ctx, memberID) + if rf, ok := ret.Get(0).(func(context.Context, string, string) error); ok { + r0 = rf(ctx, entityID, memberID) } else { r0 = ret.Error(0) } @@ -513,6 +513,36 @@ func (_m *Repository) RetrieveRole(ctx context.Context, roleID string) (roles.Ro return r0, r1 } +// RetrieveRolesByEntityMember provides a mock function with given fields: ctx, entityID, memberID +func (_m *Repository) RetrieveRolesByEntityMember(ctx context.Context, entityID string, memberID string) ([]string, error) { + ret := _m.Called(ctx, entityID, memberID) + + if len(ret) == 0 { + panic("no return value specified for RetrieveRolesByEntityMember") + } + + var r0 []string + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, string, string) ([]string, error)); ok { + return rf(ctx, entityID, memberID) + } + if rf, ok := ret.Get(0).(func(context.Context, string, string) []string); ok { + r0 = rf(ctx, entityID, memberID) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).([]string) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, string, string) error); ok { + r1 = rf(ctx, entityID, memberID) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + // RetrieveUserGroups provides a mock function with given fields: ctx, domainID, userID, pm func (_m *Repository) RetrieveUserGroups(ctx context.Context, domainID string, userID string, pm groups.PageMeta) (groups.Page, error) { ret := _m.Called(ctx, domainID, userID, pm) diff --git a/groups/mocks/service.go b/groups/mocks/service.go index 6bfa972130..d42249ca9b 100644 --- a/groups/mocks/service.go +++ b/groups/mocks/service.go @@ -374,17 +374,17 @@ func (_m *Service) RemoveChildrenGroups(ctx context.Context, session authn.Sessi return r0 } -// RemoveEntityMembers provides a mock function with given fields: ctx, session, entityID, members -func (_m *Service) RemoveEntityMembers(ctx context.Context, session authn.Session, entityID string, members []string) error { - ret := _m.Called(ctx, session, entityID, members) +// RemoveMemberFromAllRoles provides a mock function with given fields: ctx, session, memberID +func (_m *Service) RemoveMemberFromAllRoles(ctx context.Context, session authn.Session, memberID string) error { + ret := _m.Called(ctx, session, memberID) if len(ret) == 0 { - panic("no return value specified for RemoveEntityMembers") + panic("no return value specified for RemoveMemberFromAllRoles") } var r0 error - if rf, ok := ret.Get(0).(func(context.Context, authn.Session, string, []string) error); ok { - r0 = rf(ctx, session, entityID, members) + if rf, ok := ret.Get(0).(func(context.Context, authn.Session, string) error); ok { + r0 = rf(ctx, session, memberID) } else { r0 = ret.Error(0) } @@ -392,17 +392,17 @@ func (_m *Service) RemoveEntityMembers(ctx context.Context, session authn.Sessio return r0 } -// RemoveMemberFromAllRoles provides a mock function with given fields: ctx, session, memberID -func (_m *Service) RemoveMemberFromAllRoles(ctx context.Context, session authn.Session, memberID string) error { - ret := _m.Called(ctx, session, memberID) +// RemoveMemberFromEntity provides a mock function with given fields: ctx, session, entityID, memberID +func (_m *Service) RemoveMemberFromEntity(ctx context.Context, session authn.Session, entityID string, memberID string) error { + ret := _m.Called(ctx, session, entityID, memberID) if len(ret) == 0 { - panic("no return value specified for RemoveMemberFromAllRoles") + panic("no return value specified for RemoveMemberFromEntity") } var r0 error - if rf, ok := ret.Get(0).(func(context.Context, authn.Session, string) error); ok { - r0 = rf(ctx, session, memberID) + if rf, ok := ret.Get(0).(func(context.Context, authn.Session, string, string) error); ok { + r0 = rf(ctx, session, entityID, memberID) } else { r0 = ret.Error(0) } diff --git a/pkg/roles/mocks/rolemanager.go b/pkg/roles/mocks/rolemanager.go index 3e7d843890..1a1302871f 100644 --- a/pkg/roles/mocks/rolemanager.go +++ b/pkg/roles/mocks/rolemanager.go @@ -105,17 +105,17 @@ func (_m *RoleManager) ListEntityMembers(ctx context.Context, session authn.Sess return r0, r1 } -// RemoveEntityMembers provides a mock function with given fields: ctx, session, entityID, members -func (_m *RoleManager) RemoveEntityMembers(ctx context.Context, session authn.Session, entityID string, members []string) error { - ret := _m.Called(ctx, session, entityID, members) +// RemoveMemberFromAllRoles provides a mock function with given fields: ctx, session, memberID +func (_m *RoleManager) RemoveMemberFromAllRoles(ctx context.Context, session authn.Session, memberID string) error { + ret := _m.Called(ctx, session, memberID) if len(ret) == 0 { - panic("no return value specified for RemoveEntityMembers") + panic("no return value specified for RemoveMemberFromAllRoles") } var r0 error - if rf, ok := ret.Get(0).(func(context.Context, authn.Session, string, []string) error); ok { - r0 = rf(ctx, session, entityID, members) + if rf, ok := ret.Get(0).(func(context.Context, authn.Session, string) error); ok { + r0 = rf(ctx, session, memberID) } else { r0 = ret.Error(0) } @@ -123,17 +123,17 @@ func (_m *RoleManager) RemoveEntityMembers(ctx context.Context, session authn.Se return r0 } -// RemoveMemberFromAllRoles provides a mock function with given fields: ctx, session, memberID -func (_m *RoleManager) RemoveMemberFromAllRoles(ctx context.Context, session authn.Session, memberID string) error { - ret := _m.Called(ctx, session, memberID) +// RemoveMemberFromEntity provides a mock function with given fields: ctx, session, entityID, memberID +func (_m *RoleManager) RemoveMemberFromEntity(ctx context.Context, session authn.Session, entityID string, memberID string) error { + ret := _m.Called(ctx, session, entityID, memberID) if len(ret) == 0 { - panic("no return value specified for RemoveMemberFromAllRoles") + panic("no return value specified for RemoveMemberFromEntity") } var r0 error - if rf, ok := ret.Get(0).(func(context.Context, authn.Session, string) error); ok { - r0 = rf(ctx, session, memberID) + if rf, ok := ret.Get(0).(func(context.Context, authn.Session, string, string) error); ok { + r0 = rf(ctx, session, entityID, memberID) } else { r0 = ret.Error(0) } diff --git a/pkg/roles/mocks/rolesRepo.go b/pkg/roles/mocks/rolesRepo.go index 2756369ba0..9804168d8f 100644 --- a/pkg/roles/mocks/rolesRepo.go +++ b/pkg/roles/mocks/rolesRepo.go @@ -74,17 +74,17 @@ func (_m *Repository) ListEntityMembers(ctx context.Context, entityID string, pa return r0, r1 } -// RemoveEntityMembers provides a mock function with given fields: ctx, entityID, members -func (_m *Repository) RemoveEntityMembers(ctx context.Context, entityID string, members []string) error { - ret := _m.Called(ctx, entityID, members) +// RemoveMemberFromAllRoles provides a mock function with given fields: ctx, memberID +func (_m *Repository) RemoveMemberFromAllRoles(ctx context.Context, memberID string) error { + ret := _m.Called(ctx, memberID) if len(ret) == 0 { - panic("no return value specified for RemoveEntityMembers") + panic("no return value specified for RemoveMemberFromAllRoles") } var r0 error - if rf, ok := ret.Get(0).(func(context.Context, string, []string) error); ok { - r0 = rf(ctx, entityID, members) + if rf, ok := ret.Get(0).(func(context.Context, string) error); ok { + r0 = rf(ctx, memberID) } else { r0 = ret.Error(0) } @@ -92,17 +92,17 @@ func (_m *Repository) RemoveEntityMembers(ctx context.Context, entityID string, return r0 } -// RemoveMemberFromAllRoles provides a mock function with given fields: ctx, memberID -func (_m *Repository) RemoveMemberFromAllRoles(ctx context.Context, memberID string) error { - ret := _m.Called(ctx, memberID) +// RemoveMemberFromEntity provides a mock function with given fields: ctx, entityID, memberID +func (_m *Repository) RemoveMemberFromEntity(ctx context.Context, entityID string, memberID string) error { + ret := _m.Called(ctx, entityID, memberID) if len(ret) == 0 { - panic("no return value specified for RemoveMemberFromAllRoles") + panic("no return value specified for RemoveMemberFromEntity") } var r0 error - if rf, ok := ret.Get(0).(func(context.Context, string) error); ok { - r0 = rf(ctx, memberID) + if rf, ok := ret.Get(0).(func(context.Context, string, string) error); ok { + r0 = rf(ctx, entityID, memberID) } else { r0 = ret.Error(0) } @@ -251,6 +251,36 @@ func (_m *Repository) RetrieveRole(ctx context.Context, roleID string) (roles.Ro return r0, r1 } +// RetrieveRolesByEntityMember provides a mock function with given fields: ctx, entityID, memberID +func (_m *Repository) RetrieveRolesByEntityMember(ctx context.Context, entityID string, memberID string) ([]string, error) { + ret := _m.Called(ctx, entityID, memberID) + + if len(ret) == 0 { + panic("no return value specified for RetrieveRolesByEntityMember") + } + + var r0 []string + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, string, string) ([]string, error)); ok { + return rf(ctx, entityID, memberID) + } + if rf, ok := ret.Get(0).(func(context.Context, string, string) []string); ok { + r0 = rf(ctx, entityID, memberID) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).([]string) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, string, string) error); ok { + r1 = rf(ctx, entityID, memberID) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + // RoleAddActions provides a mock function with given fields: ctx, role, actions func (_m *Repository) RoleAddActions(ctx context.Context, role roles.Role, actions []string) ([]string, error) { ret := _m.Called(ctx, role, actions) diff --git a/pkg/roles/provisionmanage.go b/pkg/roles/provisionmanage.go index 381dbd2489..4b9113f632 100644 --- a/pkg/roles/provisionmanage.go +++ b/pkg/roles/provisionmanage.go @@ -19,6 +19,7 @@ var ( errRemoveOptionalDeletePolicies = errors.New("failed to delete the additional requested policies") errRemoveOptionalFilterDeletePolicies = errors.New("failed to filter delete the additional requested policies") errRollbackRoles = errors.New("failed to rollback roles") + errInvalidOperation = errors.New("invalid operation") ) type roleProvisionerManger interface { @@ -92,6 +93,37 @@ func (r ProvisionManageService) validateActions(actions []Action) error { return nil } +func (r ProvisionManageService) RemoveMemberFromDomain(ctx context.Context, domainID, memberID string) error { + switch r.entityType { + case policies.ClientType, + policies.ChannelType, + policies.GroupType: + roles, err := r.repo.RetrieveRolesByDomainMember(ctx, domainID, memberID) + if err != nil { + return errors.Wrap(svcerr.ErrRemoveEntity, err) + } + + for _, role := range roles { + pr := policies.Policy{ + ObjectType: policies.RoleType, + Object: role, + SubjectType: policies.UserType, + } + + if err := r.policy.DeletePolicyFilter(ctx, pr); err != nil { + return errors.Wrap(svcerr.ErrDeletePolicies, err) + } + } + + if err := r.repo.RemoveMemberFromDomain(ctx, domainID, memberID); err != nil { + return err + } + return nil + default: + return errInvalidOperation + } +} + func (r ProvisionManageService) RemoveEntitiesRoles(ctx context.Context, domainID, userID string, entityIDs []string, optionalFilterDeletePolicies []policies.Policy, optionalDeletePolicies []policies.Policy) error { ears, emrs, err := r.repo.RetrieveEntitiesRolesActionsMembers(ctx, entityIDs) if err != nil { @@ -619,11 +651,36 @@ func (r ProvisionManageService) ListEntityMembers(ctx context.Context, session a return mp, nil } -func (r ProvisionManageService) RemoveEntityMembers(ctx context.Context, session authn.Session, entityID string, members []string) error { - if err := r.repo.RemoveEntityMembers(ctx, entityID, members); err != nil { - return err +func (r ProvisionManageService) RemoveMemberFromEntity(ctx context.Context, session authn.Session, entityID string, memberID string) error { + switch r.entityType { + case policies.ClientType, + policies.ChannelType, + policies.GroupType: + roles, err := r.repo.RetrieveRolesByEntityMember(ctx, entityID, memberID) + if err != nil { + return errors.Wrap(svcerr.ErrRemoveEntity, err) + } + + for _, role := range roles { + pr := policies.Policy{ + ObjectType: policies.RoleType, + Object: role, + SubjectType: policies.UserType, + } + + if err := r.policy.DeletePolicyFilter(ctx, pr); err != nil { + return errors.Wrap(svcerr.ErrDeletePolicies, err) + } + } + + if err := r.repo.RemoveMemberFromEntity(ctx, entityID, memberID); err != nil { + return err + } + return nil + default: + return errInvalidOperation } - return nil + } func (r ProvisionManageService) RemoveMemberFromAllRoles(ctx context.Context, session authn.Session, member string) (err error) { diff --git a/pkg/roles/repo/postgres/roles.go b/pkg/roles/repo/postgres/roles.go index 22b8a5e4af..9145e84852 100644 --- a/pkg/roles/repo/postgres/roles.go +++ b/pkg/roles/repo/postgres/roles.go @@ -846,11 +846,120 @@ func (repo *Repository) ListEntityMembers(ctx context.Context, entityID string, }, nil } -func (repo *Repository) RemoveEntityMembers(ctx context.Context, entityID string, memberIDs []string) error { +func (repo *Repository) RetrieveRolesByEntityMember(ctx context.Context, entityID, memberID string) ([]string, error) { + params := map[string]interface{}{ + "entity_id": entityID, + "member_id": memberID, + } + + query := fmt.Sprintf(`SELECT role_id, entity_id, member_id FROM %s_role_members WHERE entity_id = :entity_id AND member_id = :member_id`, repo.tableNamePrefix) + + rows, err := repo.db.NamedQueryContext(ctx, query, params) + if err != nil { + return []string{}, errors.Wrap(repoerr.ErrViewEntity, err) + } + + roleIDs := []string{} + for rows.Next() { + dbrmems := dbRoleMember{} + if err := rows.StructScan(&dbrmems); err != nil { + return []string{}, errors.Wrap(repoerr.ErrViewEntity, err) + } + + roleIDs = append(roleIDs, dbrmems.RoleID) + } + + return roleIDs, nil +} + +func (repo *Repository) RemoveMemberFromEntity(ctx context.Context, entityID string, memberID string) error { + params := map[string]interface{}{ + "entity_id": entityID, + "member_id": memberID, + } + + query := fmt.Sprintf(`DELETE FROM %s_role_members WHERE entity_id = :entity_id AND member_id = :member_id`, repo.tableNamePrefix) + + if _, err := repo.db.NamedExecContext(ctx, query, params); err != nil { + return errors.Wrap(repoerr.ErrRemoveEntity, err) + } + return nil } +func (repo *Repository) RetrieveRolesByDomainMember(ctx context.Context, domainID, memberID string) ([]string, error) { + params := map[string]interface{}{ + "domain_id": domainID, + "member_id": memberID, + } + + query := fmt.Sprintf(` + SELECT + rm.role_id, + rm.entity_id, + rm.member_id + FROM + %s_role_members rm + JOIN %s e ON + e.id = rm.entity_id + WHERE + e.domain_id = :domain_id + AND rm.member_id = :member_id + `, + repo.tableNamePrefix, repo.tableNamePrefix) + + rows, err := repo.db.NamedQueryContext(ctx, query, params) + if err != nil { + return []string{}, errors.Wrap(repoerr.ErrViewEntity, err) + } + + roleIDs := []string{} + for rows.Next() { + dbrmems := dbRoleMember{} + if err := rows.StructScan(&dbrmems); err != nil { + return []string{}, errors.Wrap(repoerr.ErrViewEntity, err) + } + + roleIDs = append(roleIDs, dbrmems.RoleID) + } + + return roleIDs, nil +} + +func (repo *Repository) RemoveMemberFromDomain(ctx context.Context, domainID string, memberID string) error { + params := map[string]interface{}{ + "domain_id": domainID, + "member_id": memberID, + } + + query := fmt.Sprintf(` + DELETE + FROM + %s_role_members rm + JOIN %s e ON + e.id = rm.entity_id + WHERE + e.domain_id = :domain_id + AND rm.member_id = :member_id + `, + repo.tableNamePrefix, repo.tableNamePrefix) + if _, err := repo.db.NamedExecContext(ctx, query, params); err != nil { + return errors.Wrap(repoerr.ErrRemoveEntity, err) + } + + return nil +} func (repo *Repository) RemoveMemberFromAllRoles(ctx context.Context, memberID string) (err error) { + params := map[string]interface{}{ + "member_id": memberID, + } + + query := fmt.Sprintf(`DELETE FROM %s_role_members WHERE member_id = :member_id`, repo.tableNamePrefix) + + if _, err := repo.db.NamedExecContext(ctx, query, params); err != nil { + return errors.Wrap(repoerr.ErrRemoveEntity, err) + } + return nil } diff --git a/pkg/roles/rolemanager/api/decoders.go b/pkg/roles/rolemanager/api/decoders.go index 853349804f..5dfa4c7242 100644 --- a/pkg/roles/rolemanager/api/decoders.go +++ b/pkg/roles/rolemanager/api/decoders.go @@ -124,12 +124,12 @@ func (d Decoder) DecodeListEntityMembers(_ context.Context, r *http.Request) (in return req, nil } -func (d Decoder) DecodeRemoveEntityMembers(_ context.Context, r *http.Request) (interface{}, error) { +func (d Decoder) DecodeRemoveEntityMember(_ context.Context, r *http.Request) (interface{}, error) { if !strings.Contains(r.Header.Get("Content-Type"), api.ContentType) { return nil, errors.Wrap(apiutil.ErrValidation, apiutil.ErrUnsupportedContentType) } - req := removeEntityMembersReq{ + req := removeEntityMemberReq{ token: apiutil.ExtractBearerToken(r), entityID: chi.URLParam(r, d.entityIDTemplate), } diff --git a/pkg/roles/rolemanager/api/endpoints.go b/pkg/roles/rolemanager/api/endpoints.go index a21224d0d2..ec353831ad 100644 --- a/pkg/roles/rolemanager/api/endpoints.go +++ b/pkg/roles/rolemanager/api/endpoints.go @@ -87,9 +87,9 @@ func ListEntityMembersEndpoint(svc roles.RoleManager) endpoint.Endpoint { } } -func RemoveEntityMembersEndpoint(svc roles.RoleManager) endpoint.Endpoint { +func RemoveEntityMemberEndpoint(svc roles.RoleManager) endpoint.Endpoint { return func(ctx context.Context, request interface{}) (interface{}, error) { - req := request.(removeEntityMembersReq) + req := request.(removeEntityMemberReq) if err := req.validate(); err != nil { return nil, errors.Wrap(apiutil.ErrValidation, err) } @@ -99,7 +99,7 @@ func RemoveEntityMembersEndpoint(svc roles.RoleManager) endpoint.Endpoint { return nil, svcerr.ErrAuthentication } - if err := svc.RemoveEntityMembers(ctx, session, req.entityID, req.MemberIDs); err != nil { + if err := svc.RemoveMemberFromEntity(ctx, session, req.entityID, req.MemberID); err != nil { return nil, err } return deleteEntityMembersRes{}, nil diff --git a/pkg/roles/rolemanager/api/requests.go b/pkg/roles/rolemanager/api/requests.go index 56fb4255bf..6544d6588c 100644 --- a/pkg/roles/rolemanager/api/requests.go +++ b/pkg/roles/rolemanager/api/requests.go @@ -80,21 +80,21 @@ func (req listEntityMembersReq) validate() error { return nil } -type removeEntityMembersReq struct { - token string - entityID string - MemberIDs []string `json:"member_ids"` +type removeEntityMemberReq struct { + token string + entityID string + MemberID string `json:"member_id"` } -func (req removeEntityMembersReq) validate() error { +func (req removeEntityMemberReq) validate() error { if req.token == "" { return apiutil.ErrBearerToken } if req.entityID == "" { return apiutil.ErrMissingID } - if len(req.MemberIDs) == 0 { - return apiutil.ErrMissingMemberIDs + if req.MemberID == "" { + return apiutil.ErrMissingMemberID } return nil } diff --git a/pkg/roles/rolemanager/api/router.go b/pkg/roles/rolemanager/api/router.go index 899e235b3b..3a48d4085d 100644 --- a/pkg/roles/rolemanager/api/router.go +++ b/pkg/roles/rolemanager/api/router.go @@ -34,9 +34,9 @@ func EntityRoleMangerRouter(svc roles.RoleManager, d Decoder, r chi.Router, opts opts..., ), "list_entity_members").ServeHTTP) - r.Delete("/", otelhttp.NewHandler(kithttp.NewServer( - RemoveEntityMembersEndpoint(svc), - d.DecodeListEntityMembers, + r.Delete("/members", otelhttp.NewHandler(kithttp.NewServer( + RemoveEntityMemberEndpoint(svc), + d.DecodeRemoveEntityMember, api.EncodeResponse, opts..., ), "delete_entity_members").ServeHTTP) diff --git a/pkg/roles/rolemanager/events/consumer/decode.go b/pkg/roles/rolemanager/events/consumer/decode.go index f3b0f5d4d6..b26152893b 100644 --- a/pkg/roles/rolemanager/events/consumer/decode.go +++ b/pkg/roles/rolemanager/events/consumer/decode.go @@ -17,6 +17,7 @@ var ( errEntityID = errors.New("missing or invalid 'entity_id'") errActions = errors.New("missing or invalid 'actions'") errMembers = errors.New("missing or invalid 'members'") + errMemberID = errors.New("missing or invalid 'member_id'") errCreatedAt = errors.New("failed to parse 'created_at' time") errUpdatedAt = errors.New("failed to parse 'updated_at' time") errNotString = errors.New("not string type") diff --git a/pkg/roles/rolemanager/events/consumer/handler.go b/pkg/roles/rolemanager/events/consumer/handler.go index d4e1079f1b..af5ce7d430 100644 --- a/pkg/roles/rolemanager/events/consumer/handler.go +++ b/pkg/roles/rolemanager/events/consumer/handler.go @@ -23,6 +23,7 @@ const ( errAddEntityRoleMembersEvent = "failed to consume %s add role members event : %w" errRemoveEntityRoleMembersEvent = "failed to consume %s remove role members event : %w" errRemoveEntityRoleAllMembersEvent = "failed to consume %s remove role all members event : %w" + errRemoveEntityMemberEvent = "failed to consume %s remove entity member event : %w" ) type EventHandler struct { @@ -55,7 +56,7 @@ func NewEventHandler(entityType string, repo roles.Repository) EventHandler { removeRoleMembers: entityType + "." + events.RemoveRoleMembers, removeRoleAllMembers: entityType + "." + events.RemoveRoleAllMembers, removeMemberFromAllRoles: entityType + "." + events.RemoveMemberFromAllRoles, - removeEntityMembers: entityType + "." + events.RemoveEntityMembers, + removeEntityMembers: entityType + "." + events.RemoveEntityMember, } } @@ -80,7 +81,7 @@ func (es *EventHandler) Handle(ctx context.Context, op interface{}, msg map[stri case es.removeRoleAllMembers: return es.RemoveAllMembersFromEntityRoleHandler(ctx, msg) case es.removeEntityMembers: - return es.RemoveEntityMembersHandler(ctx, msg) + return es.RemoveEntityMemberHandler(ctx, msg) case es.removeMemberFromAllRoles: return es.RemoveMemberFromAllEntityHandler(ctx, msg) } @@ -234,23 +235,18 @@ func (es *EventHandler) RemoveAllMembersFromEntityRoleHandler(ctx context.Contex return nil } -func (es *EventHandler) RemoveEntityMembersHandler(ctx context.Context, data map[string]interface{}) error { +func (es *EventHandler) RemoveEntityMemberHandler(ctx context.Context, data map[string]interface{}) error { entityID, ok := data["entity_id"].(string) if !ok { - return fmt.Errorf(errRemoveEntityRoleAllMembersEvent, es.entityType, errEntityID) + return fmt.Errorf(errRemoveEntityMemberEvent, es.entityType, errEntityID) } - imems, ok := data["members"].([]interface{}) + memberID, ok := data["member_id"].(string) if !ok { - return fmt.Errorf(errRemoveEntityRoleMembersEvent, es.entityType, errMembers) + return fmt.Errorf(errRemoveEntityMemberEvent, es.entityType, errMemberID) } - mems, err := ToStrings(imems) - if err != nil { - return fmt.Errorf(errRemoveEntityRoleMembersEvent, es.entityType, err) + if err := es.repo.RemoveMemberFromEntity(ctx, entityID, memberID); err != nil { + return fmt.Errorf(errRemoveEntityMemberEvent, es.entityType, err) } - - // added when repo is implemented. - _ = entityID - _ = mems return nil } diff --git a/pkg/roles/rolemanager/events/events.go b/pkg/roles/rolemanager/events/events.go index e7365705ec..2a5391b41c 100644 --- a/pkg/roles/rolemanager/events/events.go +++ b/pkg/roles/rolemanager/events/events.go @@ -26,7 +26,7 @@ const ( RemoveRoleMembers = "role.members.remove" RemoveRoleAllMembers = "role.members.remove_all" ListEntityMembers = "members.list" - RemoveEntityMembers = "members.remove" + RemoveEntityMember = "member.remove" RemoveMemberFromAllRoles = "role.members.remove_from_all_roles" ) @@ -48,7 +48,7 @@ var ( _ events.Event = (*roleRemoveMembersEvent)(nil) _ events.Event = (*roleRemoveAllMembersEvent)(nil) _ events.Event = (*listEntityMembersEvent)(nil) - _ events.Event = (*removeEntityMembersEvent)(nil) + _ events.Event = (*removeEntityMemberEvent)(nil) _ events.Event = (*removeMemberFromAllRolesEvent)(nil) ) @@ -339,17 +339,17 @@ func (leme listEntityMembersEvent) Encode() (map[string]interface{}, error) { return val, nil } -type removeEntityMembersEvent struct { +type removeEntityMemberEvent struct { operationPrefix string entityID string - members []string + memberID string } -func (reme removeEntityMembersEvent) Encode() (map[string]interface{}, error) { +func (reme removeEntityMemberEvent) Encode() (map[string]interface{}, error) { val := map[string]interface{}{ - "operation": reme.operationPrefix + RemoveEntityMembers, + "operation": reme.operationPrefix + RemoveEntityMember, "entity_id": reme.entityID, - "members": reme.members, + "member_id": reme.memberID, } return val, nil } diff --git a/pkg/roles/rolemanager/events/streams.go b/pkg/roles/rolemanager/events/streams.go index 9eab57bc85..b44b3bbabf 100644 --- a/pkg/roles/rolemanager/events/streams.go +++ b/pkg/roles/rolemanager/events/streams.go @@ -317,15 +317,15 @@ func (rmes *RoleManagerEventStore) ListEntityMembers(ctx context.Context, sessio return mems, nil } -func (rmes *RoleManagerEventStore) RemoveEntityMembers(ctx context.Context, session authn.Session, entityID string, members []string) error { - if err := rmes.svc.RemoveEntityMembers(ctx, session, entityID, members); err != nil { +func (rmes *RoleManagerEventStore) RemoveMemberFromEntity(ctx context.Context, session authn.Session, entityID string, memberID string) error { + if err := rmes.svc.RemoveMemberFromEntity(ctx, session, entityID, memberID); err != nil { return err } - e := removeEntityMembersEvent{ + e := removeEntityMemberEvent{ operationPrefix: rmes.operationPrefix, entityID: entityID, - members: members, + memberID: memberID, } if err := rmes.Publish(ctx, e); err != nil { return err diff --git a/pkg/roles/rolemanager/middleware/authoirzation.go b/pkg/roles/rolemanager/middleware/authoirzation.go index 02df36d3a4..3c52d7e575 100644 --- a/pkg/roles/rolemanager/middleware/authoirzation.go +++ b/pkg/roles/rolemanager/middleware/authoirzation.go @@ -268,7 +268,7 @@ func (ram RoleManagerAuthorizationMiddleware) ListEntityMembers(ctx context.Cont return ram.svc.ListEntityMembers(ctx, session, entityID, pageQuery) } -func (ram RoleManagerAuthorizationMiddleware) RemoveEntityMembers(ctx context.Context, session authn.Session, entityID string, members []string) error { +func (ram RoleManagerAuthorizationMiddleware) RemoveMemberFromEntity(ctx context.Context, session authn.Session, entityID string, memberID string) error { if err := ram.authorize(ctx, roles.OpRoleRemoveAllMembers, smqauthz.PolicyReq{ Domain: session.DomainID, Subject: session.DomainUserID, @@ -279,7 +279,7 @@ func (ram RoleManagerAuthorizationMiddleware) RemoveEntityMembers(ctx context.Co }); err != nil { return err } - return ram.svc.RemoveEntityMembers(ctx, session, entityID, members) + return ram.svc.RemoveMemberFromEntity(ctx, session, entityID, memberID) } func (ram RoleManagerAuthorizationMiddleware) RoleRemoveMembers(ctx context.Context, session authn.Session, entityID, roleID string, members []string) (err error) { diff --git a/pkg/roles/rolemanager/middleware/logging.go b/pkg/roles/rolemanager/middleware/logging.go index 0282c686ba..c47de39416 100644 --- a/pkg/roles/rolemanager/middleware/logging.go +++ b/pkg/roles/rolemanager/middleware/logging.go @@ -347,14 +347,14 @@ func (lm *RoleManagerLoggingMiddleware) ListEntityMembers(ctx context.Context, s return lm.svc.ListEntityMembers(ctx, session, entityID, pageQuery) } -func (lm *RoleManagerLoggingMiddleware) RemoveEntityMembers(ctx context.Context, session authn.Session, entityID string, members []string) (err error) { +func (lm *RoleManagerLoggingMiddleware) RemoveMemberFromEntity(ctx context.Context, session authn.Session, entityID string, memberID string) (err error) { prefix := fmt.Sprintf("%s remove entity members", lm.svcName) defer func(begin time.Time) { args := []any{ slog.String("duration", time.Since(begin).String()), slog.Group(lm.svcName+"_remove_entity_members", slog.String("entity_id", entityID), - slog.Any("member_ids", members), + slog.Any("member_id", memberID), ), } if err != nil { @@ -364,7 +364,7 @@ func (lm *RoleManagerLoggingMiddleware) RemoveEntityMembers(ctx context.Context, } lm.logger.Info(prefix+" completed successfully", args...) }(time.Now()) - return lm.svc.RemoveEntityMembers(ctx, session, entityID, members) + return lm.svc.RemoveMemberFromEntity(ctx, session, entityID, memberID) } func (lm *RoleManagerLoggingMiddleware) RemoveMemberFromAllRoles(ctx context.Context, session authn.Session, memberID string) (err error) { diff --git a/pkg/roles/rolemanager/middleware/meterics.go b/pkg/roles/rolemanager/middleware/meterics.go index 6220ff7587..f0a178d785 100644 --- a/pkg/roles/rolemanager/middleware/meterics.go +++ b/pkg/roles/rolemanager/middleware/meterics.go @@ -99,8 +99,8 @@ func (rmm *RoleManagerMetricsMiddleware) ListEntityMembers(ctx context.Context, return rmm.svc.ListEntityMembers(ctx, session, entityID, pageQuery) } -func (rmm *RoleManagerMetricsMiddleware) RemoveEntityMembers(ctx context.Context, session authn.Session, entityID string, members []string) error { - return rmm.svc.RemoveEntityMembers(ctx, session, entityID, members) +func (rmm *RoleManagerMetricsMiddleware) RemoveMemberFromEntity(ctx context.Context, session authn.Session, entityID string, memberID string) error { + return rmm.svc.RemoveMemberFromEntity(ctx, session, entityID, memberID) } func (rmm *RoleManagerMetricsMiddleware) RemoveMemberFromAllRoles(ctx context.Context, session authn.Session, memberID string) (err error) { diff --git a/pkg/roles/rolemanager/tracing/tracing.go b/pkg/roles/rolemanager/tracing/tracing.go index 41885f194d..9725121d9c 100644 --- a/pkg/roles/rolemanager/tracing/tracing.go +++ b/pkg/roles/rolemanager/tracing/tracing.go @@ -91,8 +91,8 @@ func (rtm *RoleManagerTracing) ListEntityMembers(ctx context.Context, session au return rtm.roles.ListEntityMembers(ctx, session, entityID, pageQuery) } -func (rtm *RoleManagerTracing) RemoveEntityMembers(ctx context.Context, session authn.Session, entityID string, members []string) error { - return rtm.roles.RemoveEntityMembers(ctx, session, entityID, members) +func (rtm *RoleManagerTracing) RemoveMemberFromEntity(ctx context.Context, session authn.Session, entityID string, memberID string) error { + return rtm.roles.RemoveMemberFromEntity(ctx, session, entityID, memberID) } func (rtm *RoleManagerTracing) RemoveMemberFromAllRoles(ctx context.Context, session authn.Session, memberID string) (err error) { diff --git a/pkg/roles/roles.go b/pkg/roles/roles.go index cf0fb89334..ac83853557 100644 --- a/pkg/roles/roles.go +++ b/pkg/roles/roles.go @@ -118,6 +118,7 @@ type EntityMemberRole struct { type Provisioner interface { AddNewEntitiesRoles(ctx context.Context, domainID, userID string, entityIDs []string, optionalEntityPolicies []policies.Policy, newBuiltInRoleMembers map[BuiltInRoleName][]Member) ([]RoleProvision, error) RemoveEntitiesRoles(ctx context.Context, domainID, userID string, entityIDs []string, optionalFilterDeletePolicies []policies.Policy, optionalDeletePolicies []policies.Policy) error + RemoveMemberFromDomain(ctx context.Context, domainID, memberID string) error } //go:generate mockery --name RoleManager --output=./mocks --filename rolemanager.go --quiet --note "Copyright (c) Abstract Machines" @@ -159,7 +160,7 @@ type RoleManager interface { ListEntityMembers(ctx context.Context, session authn.Session, entityID string, pq MembersRolePageQuery) (MembersRolePage, error) - RemoveEntityMembers(ctx context.Context, session authn.Session, entityID string, members []string) (err error) + RemoveMemberFromEntity(ctx context.Context, session authn.Session, entityID string, memberID string) error RemoveMemberFromAllRoles(ctx context.Context, session authn.Session, memberID string) (err error) } @@ -184,7 +185,10 @@ type Repository interface { RoleRemoveAllMembers(ctx context.Context, role Role) (err error) RetrieveEntitiesRolesActionsMembers(ctx context.Context, entityIDs []string) ([]EntityActionRole, []EntityMemberRole, error) ListEntityMembers(ctx context.Context, entityID string, pageQuery MembersRolePageQuery) (MembersRolePage, error) - RemoveEntityMembers(ctx context.Context, entityID string, members []string) error + RetrieveRolesByEntityMember(ctx context.Context, entityID, memberID string) ([]string, error) + RemoveMemberFromEntity(ctx context.Context, entityID string, memberID string) error + RetrieveRolesByDomainMember(ctx context.Context, domainID, memberID string) ([]string, error) + RemoveMemberFromDomain(ctx context.Context, domainID string, memberID string) error RemoveMemberFromAllRoles(ctx context.Context, memberID string) (err error) }