From 7762522cbe1dbf17deef789dbfbeb8f73c63b2ac Mon Sep 17 00:00:00 2001 From: jakedoublev Date: Tue, 20 May 2025 09:16:21 -0700 Subject: [PATCH 1/2] feat(authz): export entity id prefix constant from entity instead of authz v1 --- service/authorization/authorization.go | 7 +++---- service/entity/entity.go | 3 +++ service/entityresolution/claims/entity_resolution.go | 4 ++-- service/entityresolution/claims/v2/entity_resolution.go | 4 ++-- service/entityresolution/keycloak/entity_resolution.go | 6 +++--- service/entityresolution/keycloak/v2/entity_resolution.go | 6 +++--- 6 files changed, 16 insertions(+), 14 deletions(-) create mode 100644 service/entity/entity.go diff --git a/service/authorization/authorization.go b/service/authorization/authorization.go index 3ed2e67650..da1ad8e5c9 100644 --- a/service/authorization/authorization.go +++ b/service/authorization/authorization.go @@ -22,6 +22,7 @@ import ( attr "github.com/opentdf/platform/protocol/go/policy/attributes" "github.com/opentdf/platform/protocol/go/policy/subjectmapping" otdf "github.com/opentdf/platform/sdk" + ent "github.com/opentdf/platform/service/entity" "github.com/opentdf/platform/service/internal/access" "github.com/opentdf/platform/service/internal/entitlements" "github.com/opentdf/platform/service/internal/subjectmappingbuiltin" @@ -38,8 +39,6 @@ import ( "google.golang.org/grpc/status" ) -const EntityIDPrefix string = "entity_idx_" - var ErrEmptyStringAttribute = errors.New("resource attributes must have at least one attribute value fqn") type AuthorizationService struct { //nolint:revive // AuthorizationService is a valid name for this struct @@ -415,7 +414,7 @@ func (as *AuthorizationService) GetEntitlements(ctx context.Context, req *connec // Ensure the entity has an ID entityID := entity.GetId() if entityID == "" { - entityID = EntityIDPrefix + strconv.Itoa(idx) + entityID = ent.EntityIDPrefix + strconv.Itoa(idx) } // Check to maksure if the value is a list. Good validation if someone customizes the rego policy entityEntitlements, valueListOk := resultsEntitlements[entityID].([]interface{}) @@ -637,7 +636,7 @@ func (as *AuthorizationService) getDecisions(ctx context.Context, dr *authorizat for entIdx, e := range ecEntitlements.Msg.GetEntitlements() { entityID := e.GetEntityId() if entityID == "" { - entityID = EntityIDPrefix + strconv.Itoa(entIdx) + entityID = ent.EntityIDPrefix + strconv.Itoa(entIdx) } entityCategory := entities[entIdx].GetCategory() auditECEntitlements = append(auditECEntitlements, audit.EntityChainEntitlement{ diff --git a/service/entity/entity.go b/service/entity/entity.go new file mode 100644 index 0000000000..244be88dc5 --- /dev/null +++ b/service/entity/entity.go @@ -0,0 +1,3 @@ +package entity + +const EntityIDPrefix string = "entity_idx_" diff --git a/service/entityresolution/claims/entity_resolution.go b/service/entityresolution/claims/entity_resolution.go index cba7175d6c..82f9fdaf0f 100644 --- a/service/entityresolution/claims/entity_resolution.go +++ b/service/entityresolution/claims/entity_resolution.go @@ -10,7 +10,7 @@ import ( "github.com/lestrrat-go/jwx/v2/jwt" "github.com/opentdf/platform/protocol/go/authorization" "github.com/opentdf/platform/protocol/go/entityresolution" - auth "github.com/opentdf/platform/service/authorization" + "github.com/opentdf/platform/service/entity" "github.com/opentdf/platform/service/logger" "github.com/opentdf/platform/service/pkg/config" "github.com/opentdf/platform/service/pkg/serviceregistry" @@ -90,7 +90,7 @@ func EntityResolution(_ context.Context, // make sure the id field is populated originialID := ident.GetId() if originialID == "" { - originialID = auth.EntityIDPrefix + strconv.Itoa(idx) + originialID = entity.EntityIDPrefix + strconv.Itoa(idx) } resolvedEntities = append( resolvedEntities, diff --git a/service/entityresolution/claims/v2/entity_resolution.go b/service/entityresolution/claims/v2/entity_resolution.go index f9b1eee261..68d66ab472 100644 --- a/service/entityresolution/claims/v2/entity_resolution.go +++ b/service/entityresolution/claims/v2/entity_resolution.go @@ -9,8 +9,8 @@ import ( "connectrpc.com/connect" "github.com/lestrrat-go/jwx/v2/jwt" "github.com/opentdf/platform/protocol/go/entity" + ent "github.com/opentdf/platform/service/entity" entityresolutionV2 "github.com/opentdf/platform/protocol/go/entityresolution/v2" - auth "github.com/opentdf/platform/service/authorization" "github.com/opentdf/platform/service/logger" "github.com/opentdf/platform/service/pkg/config" "github.com/opentdf/platform/service/pkg/serviceregistry" @@ -90,7 +90,7 @@ func EntityResolution(_ context.Context, // make sure the id field is populated originialID := ident.GetEphemeralId() if originialID == "" { - originialID = auth.EntityIDPrefix + strconv.Itoa(idx) + originialID = ent.EntityIDPrefix + strconv.Itoa(idx) } resolvedEntities = append( resolvedEntities, diff --git a/service/entityresolution/keycloak/entity_resolution.go b/service/entityresolution/keycloak/entity_resolution.go index 8dab3143c0..84e970dffa 100644 --- a/service/entityresolution/keycloak/entity_resolution.go +++ b/service/entityresolution/keycloak/entity_resolution.go @@ -15,7 +15,7 @@ import ( "github.com/lestrrat-go/jwx/v2/jwt" "github.com/opentdf/platform/protocol/go/authorization" "github.com/opentdf/platform/protocol/go/entityresolution" - auth "github.com/opentdf/platform/service/authorization" + "github.com/opentdf/platform/service/entity" "github.com/opentdf/platform/service/logger" "github.com/opentdf/platform/service/pkg/config" "github.com/opentdf/platform/service/pkg/serviceregistry" @@ -184,7 +184,7 @@ func EntityResolution(ctx context.Context, // make sure the id field is populated originialID := ident.GetId() if originialID == "" { - originialID = auth.EntityIDPrefix + strconv.Itoa(idx) + originialID = entity.EntityIDPrefix + strconv.Itoa(idx) } resolvedEntities = append( resolvedEntities, @@ -299,7 +299,7 @@ func EntityResolution(ctx context.Context, // make sure the id field is populated originialID := ident.GetId() if originialID == "" { - originialID = auth.EntityIDPrefix + strconv.Itoa(idx) + originialID = entity.EntityIDPrefix + strconv.Itoa(idx) } resolvedEntities = append( resolvedEntities, diff --git a/service/entityresolution/keycloak/v2/entity_resolution.go b/service/entityresolution/keycloak/v2/entity_resolution.go index 2e45e4efb2..a216ab003a 100644 --- a/service/entityresolution/keycloak/v2/entity_resolution.go +++ b/service/entityresolution/keycloak/v2/entity_resolution.go @@ -14,8 +14,8 @@ import ( "github.com/go-viper/mapstructure/v2" "github.com/lestrrat-go/jwx/v2/jwt" "github.com/opentdf/platform/protocol/go/entity" + ent "github.com/opentdf/platform/service/entity" entityresolutionV2 "github.com/opentdf/platform/protocol/go/entityresolution/v2" - auth "github.com/opentdf/platform/service/authorization" "github.com/opentdf/platform/service/logger" "github.com/opentdf/platform/service/pkg/config" "github.com/opentdf/platform/service/pkg/serviceregistry" @@ -184,7 +184,7 @@ func EntityResolution(ctx context.Context, // make sure the id field is populated originialID := ident.GetEphemeralId() if originialID == "" { - originialID = auth.EntityIDPrefix + strconv.Itoa(idx) + originialID = ent.EntityIDPrefix + strconv.Itoa(idx) } resolvedEntities = append( resolvedEntities, @@ -299,7 +299,7 @@ func EntityResolution(ctx context.Context, // make sure the id field is populated originialID := ident.GetEphemeralId() if originialID == "" { - originialID = auth.EntityIDPrefix + strconv.Itoa(idx) + originialID = ent.EntityIDPrefix + strconv.Itoa(idx) } resolvedEntities = append( resolvedEntities, From 56df190c03f925a232d8eef440b1f70917dcaa5c Mon Sep 17 00:00:00 2001 From: jakedoublev Date: Tue, 20 May 2025 09:20:32 -0700 Subject: [PATCH 2/2] go fmt --- service/entityresolution/claims/v2/entity_resolution.go | 2 +- service/entityresolution/keycloak/v2/entity_resolution.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/service/entityresolution/claims/v2/entity_resolution.go b/service/entityresolution/claims/v2/entity_resolution.go index 68d66ab472..4f9b3fbaae 100644 --- a/service/entityresolution/claims/v2/entity_resolution.go +++ b/service/entityresolution/claims/v2/entity_resolution.go @@ -9,8 +9,8 @@ import ( "connectrpc.com/connect" "github.com/lestrrat-go/jwx/v2/jwt" "github.com/opentdf/platform/protocol/go/entity" - ent "github.com/opentdf/platform/service/entity" entityresolutionV2 "github.com/opentdf/platform/protocol/go/entityresolution/v2" + ent "github.com/opentdf/platform/service/entity" "github.com/opentdf/platform/service/logger" "github.com/opentdf/platform/service/pkg/config" "github.com/opentdf/platform/service/pkg/serviceregistry" diff --git a/service/entityresolution/keycloak/v2/entity_resolution.go b/service/entityresolution/keycloak/v2/entity_resolution.go index a216ab003a..54b93bdd7e 100644 --- a/service/entityresolution/keycloak/v2/entity_resolution.go +++ b/service/entityresolution/keycloak/v2/entity_resolution.go @@ -14,8 +14,8 @@ import ( "github.com/go-viper/mapstructure/v2" "github.com/lestrrat-go/jwx/v2/jwt" "github.com/opentdf/platform/protocol/go/entity" - ent "github.com/opentdf/platform/service/entity" entityresolutionV2 "github.com/opentdf/platform/protocol/go/entityresolution/v2" + ent "github.com/opentdf/platform/service/entity" "github.com/opentdf/platform/service/logger" "github.com/opentdf/platform/service/pkg/config" "github.com/opentdf/platform/service/pkg/serviceregistry"