Domain: iam: Repository: update list-grant-scope and test setup to use new model #5679
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…for org and project
…name some functions
This comment has been minimized.
This comment has been minimized.
bosorawis
force-pushed
the
bosorawis-domain-iam-implement-role-grant-scopes-list-and-test
branch
from
a5428e4 to
555dd56
Compare
This comment has been minimized.
This comment has been minimized.
tmessi
approved these changes
Apr 30, 2025
Base automatically changed from
bosorawis-domain-iam-role-use-new-model
to
llb-normalized-grants
April 30, 2025 16:54
…ent-role-grant-scopes-list-and-test
|
Database schema diff between To understand how these diffs are generated and some limitations see the FunctionsUnchanged Tablesdiff --git a/.schema-diff/tables_9b9aa75418f7c289ec9161988fdd0097ae3446fc/iam_role_org_individual_grant_scope.sql b/.schema-diff/tables_9d2b71c58ef29e127f84563aee5e6fa597c5e43e/iam_role_org_individual_grant_scope.sql
index 27f74af8e..548d94fa0 100644
--- a/.schema-diff/tables_9b9aa75418f7c289ec9161988fdd0097ae3446fc/iam_role_org_individual_grant_scope.sql
+++ b/.schema-diff/tables_9d2b71c58ef29e127f84563aee5e6fa597c5e43e/iam_role_org_individual_grant_scope.sql
@@ -37,7 +37,7 @@ create table public.iam_role_org_individual_grant_scope (
-- name: table iam_role_org_individual_grant_scope; type: comment; schema: public; owner: -
--
-comment on table public.iam_role_org_individual_grant_scope is 'iam_role_global_individual_grant_scope is the subtype table for the org role with grant_scope as individual.';
+comment on table public.iam_role_org_individual_grant_scope is 'iam_role_org_individual_grant_scope is the subtype table for the org role with grant_scope as individual.';
--ViewsUnchanged TriggersUnchanged IndexesUnchanged ConstraintsUnchanged Foreign Key Constraintsdiff --git a/.schema-diff/fk_constraints_9b9aa75418f7c289ec9161988fdd0097ae3446fc/iam_scope_org_scope_id_fkey.sql b/.schema-diff/fk_constraints_9d2b71c58ef29e127f84563aee5e6fa597c5e43e/iam_scope_org_scope_id_fkey.sql
index ba173a911..6919cd49d 100644
--- a/.schema-diff/fk_constraints_9b9aa75418f7c289ec9161988fdd0097ae3446fc/iam_scope_org_scope_id_fkey.sql
+++ b/.schema-diff/fk_constraints_9d2b71c58ef29e127f84563aee5e6fa597c5e43e/iam_scope_org_scope_id_fkey.sql
@@ -1,4 +1,2 @@
-- name: iam_scope_org iam_scope_org_scope_id_fkey; type: fk constraint; schema: public; owner: -
add constraint iam_scope_org_scope_id_fkey foreign key (scope_id) references public.iam_scope(public_id) on update cascade on delete cascade;
--- name: iam_role_org_individual_grant_scope iam_scope_org_scope_id_fkey; type: fk constraint; schema: public; owner: -
- add constraint iam_scope_org_scope_id_fkey foreign key (scope_id) references public.iam_scope_project(scope_id) on update cascade on delete cascade;
diff --git a/.schema-diff/fk_constraints_9b9aa75418f7c289ec9161988fdd0097ae3446fc/iam_scope_project_fkey.sql b/.schema-diff/fk_constraints_9d2b71c58ef29e127f84563aee5e6fa597c5e43e/iam_scope_project_fkey.sql
index 533ea8e8b..556118a18 100644
--- a/.schema-diff/fk_constraints_9b9aa75418f7c289ec9161988fdd0097ae3446fc/iam_scope_project_fkey.sql
+++ b/.schema-diff/fk_constraints_9d2b71c58ef29e127f84563aee5e6fa597c5e43e/iam_scope_project_fkey.sql
@@ -8,5 +8,7 @@
add constraint iam_scope_project_fkey foreign key (project_id) references public.iam_scope_project(scope_id) on update cascade on delete cascade;
-- name: iam_role_global_individual_project_grant_scope iam_scope_project_fkey; type: fk constraint; schema: public; owner: -
add constraint iam_scope_project_fkey foreign key (scope_id) references public.iam_scope_project(scope_id) on update cascade on delete cascade;
+-- name: iam_role_org_individual_grant_scope iam_scope_project_fkey; type: fk constraint; schema: public; owner: -
+ add constraint iam_scope_project_fkey foreign key (scope_id) references public.iam_scope_project(scope_id) on update cascade on delete cascade;
-- name: iam_role_project iam_scope_project_fkey; type: fk constraint; schema: public; owner: -
add constraint iam_scope_project_fkey foreign key (scope_id) references public.iam_scope_project(scope_id) on update cascade on delete cascade; |
bosorawis
deleted the
bosorawis-domain-iam-implement-role-grant-scopes-list-and-test
branch
This was referenced May 8, 2025
bosorawis
added a commit
that referenced
this pull request
May 16, 2025
…e new model (#5679) * implement getRoleScopeId * move query to query.go * improve notfound err message * improve other err messages * use named parameter and move getRoleScopeId implementation * moved getRoleScopeId test * rename getRoleScopeId to getRoleScopeType * fix public_id ambiguous error * undo unintended change to getUserWithAccount * fix the correct query * split iam_role_global_individual_grant_scope to have separate tables for org and project * small comment change * small comment change * WIP: add tests * remove grant_scope as immutable column * add trigger to delete individual grant scope when grant_scope changes * add a test that covers changing grant_scope * rename function and trigger in iam_role_global * improve assertion in sqltest for iam_role_global * update iam_role_org to delete redundant grants scope * minor comment fix * no longer handle individual grant scope deletion with triggers and rename some functions * rename test * add all subtype definitions * remove unnecessary baseRole subtype * add clone, setTableName, and GetScope tests * add ResourceType and Actions test * add create and delete tests for globalROle * finish create and delete tests * add trigger for deleting base role * add trigger to sync update_time back to base iam_role table * add update tests * fix missing err checks * fix iam_role delete subtype trigger function name and use new.update_time instead of now() * add struct documentation to role subtypes * add version update check * implement getRoleScopeId * implement getRoleScopeId * save * remove struct embedding from iam.Role * fix tests to use new iam.Role definition * repository_role_test.go move to new iam.Role model * repository_principal_role_test.go use new iam.Role model * repository_role_grant_test.go use new iam.Role model in test * add oplog info to sql schema * internal/iam/testing.go use new role schema in TestRole * add toRole helper function to all role subtype * remove tests that are no longer relevant * internal/iam/repository_scope.go use new iam model * internal/iam/repository_role_grant.go use new iam model * internal/iam/repository_principal_role.go use new iam model * internal/iam/repository_role_test.go add test case for global scoped role * internal/iam/repository_grant_scope.go use new iam model * fix query * make create and lookup role work and add tests * add role id to getRoleScopeId error message * make DeleteRole work with new model and add tests * fix update * ensure oplog.ReplayableMessage is implemented on all role subtypes * internal/iam/repository_role_grant.go fix slugging version properly * internal/iam/repository_role.go minor correction to error message saying org instead of scope * internal/iam/repository_role_test.go add more update tests * add immutable_fields tests * fix rebase * change error code to RecordNotFound * refactor to use getScopeType * fix delete test * add getRoleScope utility function * repository_principal_role.go: refactor to remove multiple switch statements * repository_role_grant.go: refactor to reduce LOC * repository_role.go small refactor to use alloc func * repository_grant_scope.go refactor * review comments * implement getRoleScopeId * move query to query.go * improve notfound err message * improve other err messages * use named parameter and move getRoleScopeId implementation * moved getRoleScopeId test * rename getRoleScopeId to getRoleScopeType * fix public_id ambiguous error * undo unintended change to getUserWithAccount * fix the correct query * rename test * change error code to RecordNotFound * Update internal/iam/repository_role.go Co-authored-by: David Kanney <[email protected]> * switch to slice instead of counter * fix merge mistakes * handling special scopes in test function * fix TestRoleWithGrants * fix minor typo * make gen * fix comment typos * Bosorawis domain iam role use new model list role (#5676) * add and use new list roles query * run make gen * tweaked returned error * replace tabs with spaces in query string * missed one tab * remove leading spaces * move ListRoleGrantScopes to repository_grant_scope.go * rename repository_grant_scope to repository_role_grant_scope * add proto definition for global role individual grant scope tables * fix test from removing embeded struct from RoleGrantScope * add grant_scope to proto definition * implement GlobalRoleIndividualOrgGrantScope and GlobalRoleIndividualProjectGrantScope * update comment * run make gen to update comment * implement OrgRoleIndividualGrantScope and add tests * implement part of ListRoleGrantScopes * Add more test * add more test cases and remove add-grants test * unexport listRoleGrantScopes * use reader from function parameter instead of struct method * rename test to match actual function * run make gen * unexport individual grants structs * unexport individual grants structs - missed one file * change TestRole and TestRoleGrantScope function to support new model * add validation for special scopes * add role_org_individual_grant_scope.pb.go to protobuild make target * remove dead code from listRoleGrantScopes * fix testRoleGrantScopeSpecial not handling org role special scope properly * add back query removed by rebase --------- Co-authored-by: David Kanney <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.