diff --git a/golem-service-base/src/service/auth.rs b/golem-service-base/src/service/auth.rs deleted file mode 100644 index 62c776bfe..000000000 --- a/golem-service-base/src/service/auth.rs +++ /dev/null @@ -1,71 +0,0 @@ -use async_trait::async_trait; -use serde::{Deserialize, Serialize}; - -// Every authorisation is based on a permission to a particular context. -// A context can be a simple unit, to a user, namespace, project, account, or -// a mere request from where we can fetch details. -// -#[async_trait] -pub trait AuthService { - async fn is_authorized( - &self, - permission: Permission, - ctx: &AuthCtx, - ) -> Result; -} - -#[derive(Debug, Clone, thiserror::Error)] -pub enum AuthError { - // TODO: Do we want to display these errors? - #[error("Unauthorized: {0}")] - Unauthorized(String), - #[error("Forbidden: {0}")] - Forbidden(String), - #[error("Not found: {0}")] - NotFound(String), - #[error("Internal error: {0}")] - Internal(String), -} - -#[derive(Debug, Copy, Clone, PartialEq, Eq, Hash, Serialize, Deserialize)] -pub enum Permission { - View, - Create, - Update, - Delete, -} - -impl std::fmt::Display for Permission { - fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { - match self { - Permission::View => write!(f, "View"), - Permission::Create => write!(f, "Create"), - Permission::Update => write!(f, "Update"), - Permission::Delete => write!(f, "Delete"), - } - } -} - -#[derive(Debug, Clone, PartialEq, Eq, Hash)] -pub struct WithNamespace { - pub value: T, - pub namespace: Namespace, -} - -impl WithNamespace { - pub fn new(value: T, namespace: Namespace) -> Self { - Self { value, namespace } - } -} - -#[derive(Debug, Clone, PartialEq, Eq, Hash)] -pub struct WithAuth { - pub value: T, - pub auth: AuthCtx, -} - -impl WithAuth { - pub fn new(value: T, auth: AuthCtx) -> Self { - Self { value, auth } - } -} diff --git a/golem-service-base/src/service/mod.rs b/golem-service-base/src/service/mod.rs index 8a5dcc474..c14926480 100644 --- a/golem-service-base/src/service/mod.rs +++ b/golem-service-base/src/service/mod.rs @@ -12,5 +12,4 @@ // See the License for the specific language governing permissions and // limitations under the License. -pub mod auth; pub mod template_object_store; diff --git a/golem-worker-service-base/src/api/error.rs b/golem-worker-service-base/src/api/error.rs index a48838623..ac0e95e53 100644 --- a/golem-worker-service-base/src/api/error.rs +++ b/golem-worker-service-base/src/api/error.rs @@ -1,7 +1,6 @@ use crate::service::template::TemplateServiceError; use crate::service::worker::WorkerServiceError; use golem_service_base::model::*; -use golem_service_base::service::auth::AuthError; use poem_openapi::payload::Json; use poem_openapi::*; use tonic::Status; @@ -67,7 +66,6 @@ impl From for WorkerApiBaseError { } match error { - ServiceError::Auth(error) => error.into(), ServiceError::Internal(_) => internal(error.to_string()), ServiceError::TypeChecker(_) => WorkerApiBaseError::BadRequest(Json(ErrorsBody { errors: vec![error.to_string()], @@ -102,28 +100,16 @@ impl From for WorkerApiBaseError { }), })) } - TemplateServiceError::Auth(error) => error.into(), - } - } -} -impl From for WorkerApiBaseError { - fn from(error: AuthError) -> Self { - match error { - AuthError::Unauthorized(_) => WorkerApiBaseError::Unauthorized(Json(ErrorBody { - error: error.to_string(), - })), - AuthError::Forbidden(_) => WorkerApiBaseError::Forbidden(Json(ErrorBody { - error: error.to_string(), - })), - AuthError::NotFound(_) => WorkerApiBaseError::NotFound(Json(ErrorBody { - error: error.to_string(), - })), - AuthError::Internal(_) => WorkerApiBaseError::InternalError(Json(GolemErrorBody { - golem_error: GolemError::Unknown(GolemErrorUnknown { - details: error.to_string(), - }), - })), + TemplateServiceError::NotFound(error) => { + WorkerApiBaseError::NotFound(Json(ErrorBody { error })) + } + TemplateServiceError::Unauthorized(error) => { + WorkerApiBaseError::Unauthorized(Json(ErrorBody { error })) + } + TemplateServiceError::Forbidden(error) => { + WorkerApiBaseError::Forbidden(Json(ErrorBody { error })) + } } } } diff --git a/golem-worker-service-base/src/service/template/error.rs b/golem-worker-service-base/src/service/template/error.rs index e931896cc..a5ad3677c 100644 --- a/golem-worker-service-base/src/service/template/error.rs +++ b/golem-worker-service-base/src/service/template/error.rs @@ -1,15 +1,18 @@ use golem_api_grpc::proto::golem::worker::{ self, worker_error, worker_execution_error, UnknownError, WorkerError as GrpcWorkerError, }; -use golem_service_base::service::auth::AuthError; use tonic::Status; // The dependents of golem-worker-service-base is expected // to have a template service internally that can depend on this base error #[derive(Debug, thiserror::Error)] pub enum TemplateServiceError { - #[error(transparent)] - Auth(#[from] AuthError), + #[error("Unauthorized: {0}")] + Unauthorized(String), + #[error("Forbidden: {0}")] + Forbidden(String), + #[error("Not found: {0}")] + NotFound(String), #[error("Bad Request: {0:?}")] BadRequest(Vec), #[error("Already Exists: {0}")] @@ -44,9 +47,9 @@ impl From for TemplateSer use golem_api_grpc::proto::golem::template::template_error::Error; match error.error { Some(Error::BadRequest(errors)) => TemplateServiceError::BadRequest(errors.errors), - Some(Error::Unauthorized(error)) => AuthError::Unauthorized(error.error).into(), - Some(Error::LimitExceeded(error)) => AuthError::Forbidden(error.error).into(), - Some(Error::NotFound(error)) => AuthError::NotFound(error.error).into(), + Some(Error::Unauthorized(error)) => TemplateServiceError::Unauthorized(error.error), + Some(Error::LimitExceeded(error)) => TemplateServiceError::Forbidden(error.error), + Some(Error::NotFound(error)) => TemplateServiceError::NotFound(error.error), Some(Error::AlreadyExists(error)) => TemplateServiceError::AlreadyExists(error.error), Some(Error::InternalError(error)) => { TemplateServiceError::Internal(anyhow::Error::msg(error.error)) @@ -69,24 +72,15 @@ impl From for worker_error::Error { use golem_api_grpc::proto::golem::common::{ErrorBody, ErrorsBody}; match value { - TemplateServiceError::Auth(error) => match error { - AuthError::Unauthorized(_) => worker_error::Error::Unauthorized(ErrorBody { - error: error.to_string(), - }), - AuthError::Forbidden(_) => worker_error::Error::LimitExceeded(ErrorBody { - error: error.to_string(), - }), - AuthError::NotFound(_) => worker_error::Error::NotFound(ErrorBody { - error: error.to_string(), - }), - AuthError::Internal(_) => { - worker_error::Error::InternalError(worker::WorkerExecutionError { - error: Some(worker_execution_error::Error::Unknown(UnknownError { - details: error.to_string(), - })), - }) - } - }, + TemplateServiceError::Unauthorized(error) => { + worker_error::Error::Unauthorized(ErrorBody { error }) + } + TemplateServiceError::Forbidden(error) => { + worker_error::Error::LimitExceeded(ErrorBody { error }) + } + TemplateServiceError::NotFound(error) => { + worker_error::Error::NotFound(ErrorBody { error }) + } TemplateServiceError::AlreadyExists(error) => { worker_error::Error::AlreadyExists(ErrorBody { error }) } diff --git a/golem-worker-service-base/src/service/worker/error.rs b/golem-worker-service-base/src/service/worker/error.rs index 8077357f2..f0873972a 100644 --- a/golem-worker-service-base/src/service/worker/error.rs +++ b/golem-worker-service-base/src/service/worker/error.rs @@ -2,19 +2,12 @@ use golem_api_grpc::proto::golem::worker::{ worker_error, worker_execution_error, UnknownError, WorkerError as GrpcWorkerError, }; use golem_common::model::{AccountId, TemplateId, WorkerId}; -use golem_service_base::{ - model::{GolemError, VersionedTemplateId}, - service::auth::AuthError, -}; +use golem_service_base::model::{GolemError, VersionedTemplateId}; use crate::service::template::TemplateServiceError; #[derive(Debug, thiserror::Error)] pub enum WorkerServiceError { - #[error(transparent)] - Auth(#[from] AuthError), - #[error("Internal error: {0}")] - Internal(#[from] anyhow::Error), #[error(transparent)] Template(#[from] TemplateServiceError), // TODO: This should prob be a vec? @@ -29,6 +22,8 @@ pub enum WorkerServiceError { // TODO: Once worker is independent of account #[error("Worker not found: {0}")] WorkerNotFound(WorkerId), + #[error("Internal error: {0}")] + Internal(#[from] anyhow::Error), // TODO: Fix display impl. #[error("Golem error")] Golem(GolemError), @@ -57,24 +52,6 @@ impl From for worker_error::Error { use golem_api_grpc::proto::golem::worker::WorkerExecutionError; match error { - WorkerServiceError::Auth(error) => match error { - AuthError::Unauthorized(_) => worker_error::Error::Unauthorized(ErrorBody { - error: error.to_string(), - }), - AuthError::Forbidden(_) => worker_error::Error::LimitExceeded(ErrorBody { - error: error.to_string(), - }), - AuthError::NotFound(_) => worker_error::Error::NotFound(ErrorBody { - error: error.to_string(), - }), - AuthError::Internal(_) => { - worker_error::Error::InternalError(WorkerExecutionError { - error: Some(worker_execution_error::Error::Unknown(UnknownError { - details: error.to_string(), - })), - }) - } - }, error @ (WorkerServiceError::TemplateNotFound(_) | WorkerServiceError::AccountIdNotFound(_) | WorkerServiceError::VersionedTemplateIdNotFound(_)