Skip to content

Commit

Permalink
Add authorization for system resources (#98)
Browse files Browse the repository at this point in the history 
* refine auth for system extension resources

* update cockroach test-server
  • Loading branch information
@bailinhe
bailinhe authored Jan 19, 2024
1 parent aabd171 commit 27a2aa9
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 3 deletions.
2 changes: 1 addition & 1 deletion go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ go 1.20

require (
github.com/XSAM/otelsql v0.24.0
github.com/cockroachdb/cockroach-go/v2 v2.3.5
github.com/cockroachdb/cockroach-go/v2 v2.3.6
github.com/coreos/go-oidc/v3 v3.6.0
github.com/friendsofgo/errors v0.9.2
github.com/gin-contrib/cors v1.4.0
Expand Down
4 changes: 2 additions & 2 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,8 +122,8 @@ github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWH
github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
github.com/cockroachdb/apd v1.1.0 h1:3LFP3629v+1aKXU5Q37mxmRxX/pIu1nijXydLShEq5I=
github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ=
github.com/cockroachdb/cockroach-go/v2 v2.3.5 h1:Khtm8K6fTTz/ZCWPzU9Ne3aOW9VyAnj4qIPCJgKtwK0=
github.com/cockroachdb/cockroach-go/v2 v2.3.5/go.mod h1:1wNJ45eSXW9AnOc3skntW9ZUZz6gxrQK3cOj3rK+BC8=
github.com/cockroachdb/cockroach-go/v2 v2.3.6 h1:Wlv9TzkrG9V7i6u8dEtmXPrBzvfFp+CgJNs696rAajM=
github.com/cockroachdb/cockroach-go/v2 v2.3.6/go.mod h1:1wNJ45eSXW9AnOc3skntW9ZUZz6gxrQK3cOj3rK+BC8=
github.com/coreos/go-oidc/v3 v3.6.0 h1:AKVxfYw1Gmkn/w96z0DbT/B/xFnzTd3MkZvWLjF4n/o=
github.com/coreos/go-oidc/v3 v3.6.0/go.mod h1:ZpHUsHBucTUj6WOkrP4E20UPynbLZzhTQ1XKCXkxyPc=
github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
Expand Down
9 changes: 9 additions & 0 deletions pkg/api/v1alpha1/router.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -596,6 +596,7 @@ func (r *Router) Routes(rg *gin.RouterGroup) {
"/extensions/:eid",
r.AuditMW.AuditWithType("UpdateExtension"),
r.AuthMW.AuthRequired(updateScopesWithOpenID("governor:extensions")),
r.mwUserAuthRequired(AuthRoleAdmin),
r.updateExtension,
)

Expand All @@ -619,6 +620,7 @@ func (r *Router) Routes(rg *gin.RouterGroup) {
"/extensions/:eid/erds",
r.AuditMW.AuditWithType("CreateExtensionResourceDefinition"),
r.AuthMW.AuthRequired(createScopesWithOpenID("governor:extensions")),
r.mwUserAuthRequired(AuthRoleAdmin),
r.createExtensionResourceDefinition,
)

Expand All @@ -640,27 +642,31 @@ func (r *Router) Routes(rg *gin.RouterGroup) {
"/extensions/:eid/erds/:erd-id-slug",
r.AuditMW.AuditWithType("UpdateExtensionResourceDefinitionByID"),
r.AuthMW.AuthRequired(updateScopesWithOpenID("governor:extensions")),
r.mwUserAuthRequired(AuthRoleAdmin),
r.updateExtensionResourceDefinition,
)

rg.PATCH(
"/extensions/:eid/erds/:erd-id-slug/:erd-version",
r.AuditMW.AuditWithType("UpdateExtensionResourceDefinitionBySlug"),
r.AuthMW.AuthRequired(updateScopesWithOpenID("governor:extensions")),
r.mwUserAuthRequired(AuthRoleAdmin),
r.updateExtensionResourceDefinition,
)

rg.DELETE(
"/extensions/:eid/erds/:erd-id-slug",
r.AuditMW.AuditWithType("DeleteExtensionResourceDefinitionByID"),
r.AuthMW.AuthRequired(deleteScopesWithOpenID("governor:extensions")),
r.mwUserAuthRequired(AuthRoleAdmin),
r.deleteExtensionResourceDefinition,
)

rg.DELETE(
"/extensions/:eid/erds/:erd-id-slug/:erd-version",
r.AuditMW.AuditWithType("DeleteExtensionResourceDefinitionBySlug"),
r.AuthMW.AuthRequired(deleteScopesWithOpenID("governor:extensions")),
r.mwUserAuthRequired(AuthRoleAdmin),
r.deleteExtensionResourceDefinition,
)

Expand All @@ -669,6 +675,7 @@ func (r *Router) Routes(rg *gin.RouterGroup) {
"/extension-resources/:ex-slug/:erd-slug-plural/:erd-version",
r.AuditMW.AuditWithType("CreateSystemExtensionResource"),
r.AuthMW.AuthRequired(createScopesWithOpenID("governor:extensionresources")),
r.mwUserAuthRequired(AuthRoleAdmin),
r.createSystemExtensionResource,
)

Expand All @@ -690,13 +697,15 @@ func (r *Router) Routes(rg *gin.RouterGroup) {
"/extension-resources/:ex-slug/:erd-slug-plural/:erd-version/:resource-id",
r.AuditMW.AuditWithType("UpdateSystemExtensionResource"),
r.AuthMW.AuthRequired(createScopesWithOpenID("governor:extensionresources")),
r.mwUserAuthRequired(AuthRoleAdmin),
r.updateSystemExtensionResource,
)

rg.DELETE(
"/extension-resources/:ex-slug/:erd-slug-plural/:erd-version/:resource-id",
r.AuditMW.AuditWithType("DeleteSystemExtensionResource"),
r.AuthMW.AuthRequired(createScopesWithOpenID("governor:extensionresources")),
r.mwUserAuthRequired(AuthRoleAdmin),
r.deleteSystemExtensionResource,
)

Expand Down

0 comments on commit 27a2aa9

Please sign in to comment.