-
Notifications
You must be signed in to change notification settings - Fork 24
feat: add structured schema policy config #51
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from 5 commits
Commits
Show all changes
29 commits
Select commit
Hold shift + click to select a range
a976bea
proto updates to match database schema
strantalis e564652
chore(migration): add new schemas (#46)
jrschumacher 5c285bd
chore: Attributes proto definition rework to match new entity relatio…
jakedoublev 7878f9a
chore: update resource-mapping and subject-mapping proto examples (#47)
jrschumacher 20981c9
Fix protos and generate sdk
jrschumacher 3112378
Policy-config-changes-implement-attributes (#50)
jrschumacher 4283795
Refactor attributes (#56)
jrschumacher ac77694
Add attribute value implementation (#61)
jrschumacher 59a073b
feat(subject-mappings): refactor to meet db schema (#59)
jrschumacher cf6b3c6
feat: key access server registry impl (#66)
strantalis 1b3a831
fix: attribute missing rpc method for listing attribute values (#69)
strantalis c144db1
feat(resourcemapping): resource mapping implementation (#83)
strantalis 77438b6
chore: add helper for checking "bad request" invalid query DB errors …
jakedoublev b3f32b1
feat(namespaces CRUD): protos, generated SDK, db interactivity for na…
jakedoublev e1fd203
chore: Refactor: write tests for the subject mapping db interface (#87)
jrschumacher 568df9c
fix(attribute value): fixes attribute value crud (#86)
strantalis 397dd5a
chore(issue #80): attribute namespaces integration test suite (#98)
jakedoublev 7d30b89
chore(issue 75): integration tests for attributes and consumption of …
jakedoublev 19f70b5
chore(issue 77): resource mapping integration tests (#102)
jakedoublev 8dfd8c2
chore(Issue 78): integration tests for key_access_server registry db …
jakedoublev e0f6d07
fix(issue 90): remove duplicate attribute_id from attribute value cre…
jakedoublev 6a7462c
chore(issue 74): attribute values integration test suite (#107)
jakedoublev a48d686
feat: key access server assignments (#111)
strantalis 0395509
Fix integration tests
jrschumacher 3f37864
Update .github/workflows/go-checks.yaml
jrschumacher b1140c3
golangci-lint to ignore existing files
jrschumacher dfe920d
Add config
jrschumacher ed06c80
tweak
jrschumacher fa4e576
fix: fix tests for pivot tables (#122)
jrschumacher File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 h1:+9834+KizmvFV7pXQGSXQTsaWhq2GjuNUt0aUU0YBYw= | ||
| github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,89 @@ | ||
| -- +goose Up | ||
| -- +goose StatementBegin | ||
| CREATE SCHEMA IF NOT EXISTS opentdf; | ||
|
|
||
| CREATE TYPE attribute_definition_rule AS ENUM ('UNSPECIFIED', 'ALL_OF', 'ANY_OF', 'HIERARCHY'); | ||
| CREATE TYPE subject_mappings_operator AS ENUM ('UNSPECIFIED', 'IN', 'NOT_IN'); | ||
|
|
||
| CREATE TABLE IF NOT EXISTS opentdf.namespaces | ||
| ( | ||
| id UUID PRIMARY KEY, | ||
| name VARCHAR NOT NULL UNIQUE | ||
| ); | ||
|
|
||
| CREATE TABLE IF NOT EXISTS opentdf.attribute_definitions | ||
| ( | ||
| id UUID PRIMARY KEY, | ||
| namespace_id UUID NOT NULL REFERENCES opentdf.namespaces(id), | ||
| name VARCHAR NOT NULL, | ||
| rule attribute_definition_rule NOT NULL, | ||
| metadata JSONB, | ||
| UNIQUE (namespace_id, name) | ||
| ); | ||
|
|
||
| CREATE TABLE IF NOT EXISTS opentdf.attribute_values | ||
| ( | ||
| id UUID PRIMARY KEY, | ||
| attribute_definition_id UUID NOT NULL REFERENCES opentdf.attribute_definitions(id), | ||
| value VARCHAR NOT NULL, | ||
| members UUID[] NOT NULL, | ||
| metadata JSONB, | ||
| UNIQUE (attribute_definition_id, value) | ||
| ); | ||
|
|
||
| CREATE TABLE IF NOT EXISTS opentdf.key_access_servers | ||
| ( | ||
| id UUID PRIMARY KEY, | ||
| key_access_server VARCHAR NOT NULL UNIQUE, | ||
| public_key VARCHAR NOT NULL, | ||
| metadata JSONB | ||
| ); | ||
|
|
||
| CREATE TABLE IF NOT EXISTS opentdf.attribute_definition_key_access_grants | ||
| ( | ||
| attribute_definition_id UUID NOT NULL REFERENCES opentdf.attribute_definitions(id), | ||
| key_access_server_id UUID NOT NULL REFERENCES opentdf.key_access_servers(id), | ||
| PRIMARY KEY (attribute_definition_id, key_access_server_id) | ||
| ); | ||
|
|
||
| CREATE TABLE IF NOT EXISTS opentdf.attribute_value_key_access_grants | ||
| ( | ||
| attribute_value_id UUID NOT NULL REFERENCES opentdf.attribute_values(id), | ||
| key_access_server_id UUID NOT NULL REFERENCES opentdf.key_access_servers(id), | ||
| PRIMARY KEY (attribute_value_id, key_access_server_id) | ||
| ); | ||
|
|
||
| CREATE TABLE IF NOT EXISTS opentdf.resource_mappings | ||
| ( | ||
| id UUID PRIMARY KEY, | ||
| attribute_value_id UUID NOT NULL REFERENCES opentdf.attribute_values(id), | ||
| name VARCHAR NOT NULL, | ||
| terms VARCHAR[], | ||
| metadata JSONB | ||
| ); | ||
|
|
||
| CREATE TABLE IF NOT EXISTS opentdf.subject_mappings | ||
| ( | ||
| id UUID PRIMARY KEY, | ||
| attribute_value_id UUID NOT NULL REFERENCES opentdf.attribute_values(id), | ||
| operator subject_mappings_operator NOT NULL, | ||
| subject_attribute VARCHAR NOT NULL, | ||
| subject_attribute_values VARCHAR[], | ||
| metadata JSONB | ||
| ); | ||
| -- +goose StatementEnd | ||
|
|
||
| -- +goose Down | ||
| -- +goose StatementBegin | ||
| DROP TABLE IF EXISTS opentdf.key_access_servers; | ||
| DROP TABLE IF EXISTS opentdf.subject_mappings; | ||
| DROP TABLE IF EXISTS opentdf.resource_mappings; | ||
| DROP TABLE IF EXISTS opentdf.attribute_value_key_access_grants; | ||
| DROP TABLE IF EXISTS opentdf.attribute_definition_key_access_grants; | ||
| DROP TABLE IF EXISTS opentdf.attribute_values; | ||
| DROP TABLE IF EXISTS opentdf.attribute_definitions; | ||
| DROP TABLE IF EXISTS opentdf.namespaces; | ||
|
|
||
| DELETE TYPE attribute_definition_rule; | ||
| DELETE TYPE subject_mappings_operator; | ||
| -- +goose StatementEnd |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,89 @@ | ||
| # Diagram for 20240118000000_create_new_tables.sql | ||
|
|
||
| ```mermaid | ||
| --- | ||
| title: Database Schema Mermaid Diagram | ||
| nodes: | | ||
| Metadata is a jsonb type which will hold a common structure | ||
|
|
||
| To note OCI data we can utilize labels (i.e. map[string]string) | ||
| "labels": { | ||
| "oci:version": "1.0.0" | ||
| "oci:...": "..." | ||
| } | ||
|
|
||
| --- | ||
|
|
||
| erDiagram | ||
|
|
||
| Namespace ||--|{ AttributeDefinition : has | ||
| AttributeDefinition ||--|{ AttributeValue : has | ||
| AttributeDefinition ||--o{ AttributeDefinitionKeyAccessGrant : has | ||
|
|
||
| AttributeValue ||--o{ AttributeValueKeyAccessGrant: has | ||
| AttributeValue ||--o{ AttributeValue: "has group members" | ||
|
|
||
| AttributeDefinitionKeyAccessGrant ||--|{ KeyAccessServer: has | ||
| AttributeValueKeyAccessGrant ||--|{ KeyAccessServer: has | ||
|
|
||
| ResourceMapping }o--o{ AttributeValue: relates | ||
|
|
||
| SubjectMapping }o--o{ AttributeValue: relates | ||
|
|
||
| Namespace { | ||
| uuid id PK | ||
| varchar name UK | ||
| } | ||
|
|
||
| AttributeDefinition { | ||
| uuid id PK | ||
| uuid namespace_id FK | ||
| varchar name | ||
| enum rule | ||
| jsonb metadata | ||
| compIdx comp_key UK "ns_id + name" | ||
| } | ||
|
|
||
| AttributeDefinitionKeyAccessGrant { | ||
| uuid attribute_definition_id FK | ||
| uuid key_access_server_id FK | ||
| } | ||
|
|
||
| AttributeValue { | ||
| uuid namespace_id FK | ||
| uuid attribute_definition_id FK | ||
| varchar value | ||
| uuid[] members FK "Optional grouping of values" | ||
| jsonb metadata | ||
| compIdx comp_key UK "ns_id + ad_id + value" | ||
| } | ||
|
|
||
| AttributeValueKeyAccessGrant { | ||
| uuid attribute_value_id FK | ||
| uuid key_access_server_id FK | ||
| } | ||
|
|
||
| ResourceMapping { | ||
| uuid id PK | ||
| uuid attribute_value_id FK | ||
| varchar name | ||
| varchar[] terms | ||
| jsonb metadata | ||
| } | ||
|
|
||
| SubjectMapping { | ||
| uuid id PK | ||
| uuid attribute_value_id | ||
| enum operator | ||
| varchar subject_attribute | ||
| varchar[] subject_attribute_values | ||
| jsonb metadata | ||
| } | ||
|
|
||
| KeyAccessServer { | ||
| uuid id PK | ||
| varchar key_access_server UK | ||
| varchar public_key | ||
| jsonb metadata | ||
| } | ||
| ``` |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.