Skip to content

Commit

Permalink
feat: make guardian multi-tenant using postgres RLS (#389)
Browse files Browse the repository at this point in the history
* feat: adding multi-tenancy in the application

- using namespace_id in the database to shard different tenants
- default namespace id will be a nil id, this will ensure if this
app is not used in multi-tenant envs, it still works as usual

Signed-off-by: Kush Sharma <[email protected]>

* fixed postgres repositories to use namespace id

Signed-off-by: Kush Sharma <[email protected]>

---------

Signed-off-by: Kush Sharma <[email protected]>
  • Loading branch information
kushsharma authored Sep 3, 2023
1 parent 9954153 commit 5c8a46d
Show file tree
Hide file tree
Showing 50 changed files with 3,445 additions and 1,183 deletions.
7 changes: 7 additions & 0 deletions .dockerignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
tmp
guardian.yml
guardian.yaml
config.yaml
config.yml
.git
.github
31 changes: 31 additions & 0 deletions .github/workflows/main.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
name: Main
on:
push:
branches:
- main

jobs:
dev:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: "1.20"
- name: Login to DockerHub
uses: docker/login-action@v1
with:
registry: docker.io
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Publish dev image
id: docker_dev_build
uses: docker/build-push-action@v2
with:
push: true
file: "./Dockerfile.dev"
tags: raystack/guardian:dev
24 changes: 24 additions & 0 deletions Dockerfile.dev
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
FROM golang:1.20-alpine3.17 as builder

RUN apk add make

WORKDIR /go/src/app

COPY go.mod go.sum ./
RUN go mod download

COPY . .

RUN make build

FROM alpine:3.17
COPY --from=builder /go/src/app/dist/guardian /usr/bin/guardian
RUN apk update
RUN apk add ca-certificates

# glibc compatibility library, since go binaries
# don't work well with musl libc that alpine uses
RUN apk add libc6-compat

EXPOSE 8080
ENTRYPOINT ["./guardian"]
6 changes: 5 additions & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ COMMIT := $(shell git rev-parse --short HEAD)
TAG := "$(shell git rev-list --tags --max-count=1)"
VERSION := "$(shell git describe --tags ${TAG})-next"
BUILD_DIR=dist
PROTON_COMMIT := "ccbf219312db35a934361ebad895cb40145ca235"
PROTON_COMMIT := "95140abe54e3c27f0bf4f06bc780a289f41aadf1"

.PHONY: all build clean test tidy vet proto setup format generate

Expand All @@ -25,6 +25,10 @@ lint: ## Lint checker
@echo "Running lint checks using golangci-lint..."
@golangci-lint run

lintf: ## Lint checker and fix
@echo "Running lint checks using golangci-lint..."
@golangci-lint run --fix

clean: tidy ## Clean the build artifacts
@echo "Cleaning up build directories..."
@rm -rf $coverage.out ${BUILD_DIR}
Expand Down
27 changes: 19 additions & 8 deletions api/handler/v1beta1/grpc.go
Original file line number Diff line number Diff line change
Expand Up @@ -108,15 +108,24 @@ type grantService interface {
ImportFromProvider(ctx context.Context, criteria grant.ImportFromProviderCriteria) ([]*domain.Grant, error)
}

//go:generate mockery --name=namespaceService --exported --with-expecter
type namespaceService interface {
Get(ctx context.Context, id string) (*domain.Namespace, error)
Create(ctx context.Context, namespace *domain.Namespace) error
Update(ctx context.Context, namespace *domain.Namespace) error
List(ctx context.Context, filter domain.NamespaceFilter) ([]*domain.Namespace, error)
}

type GRPCServer struct {
resourceService resourceService
activityService activityService
providerService providerService
policyService policyService
appealService appealService
approvalService approvalService
grantService grantService
adapter ProtoAdapter
resourceService resourceService
activityService activityService
providerService providerService
policyService policyService
appealService appealService
approvalService approvalService
grantService grantService
namespaceService namespaceService
adapter ProtoAdapter

authenticatedUserContextKey interface{}

Expand All @@ -131,6 +140,7 @@ func NewGRPCServer(
appealService appealService,
approvalService approvalService,
grantService grantService,
namespaceService namespaceService,
adapter ProtoAdapter,
authenticatedUserContextKey interface{},
) *GRPCServer {
Expand All @@ -142,6 +152,7 @@ func NewGRPCServer(
appealService: appealService,
approvalService: approvalService,
grantService: grantService,
namespaceService: namespaceService,
adapter: adapter,
authenticatedUserContextKey: authenticatedUserContextKey,
}
Expand Down
19 changes: 11 additions & 8 deletions api/handler/v1beta1/grpc_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,14 +13,15 @@ type authEmailTestContextKey struct{}
type GrpcHandlersSuite struct {
suite.Suite

resourceService *mocks.ResourceService
activityService *mocks.ActivityService
providerService *mocks.ProviderService
policyService *mocks.PolicyService
appealService *mocks.AppealService
approvalService *mocks.ApprovalService
grantService *mocks.GrantService
grpcServer *v1beta1.GRPCServer
resourceService *mocks.ResourceService
activityService *mocks.ActivityService
providerService *mocks.ProviderService
policyService *mocks.PolicyService
appealService *mocks.AppealService
approvalService *mocks.ApprovalService
grantService *mocks.GrantService
namespaceService *mocks.NamespaceService
grpcServer *v1beta1.GRPCServer
}

func TestGrpcHandler(t *testing.T) {
Expand All @@ -35,6 +36,7 @@ func (s *GrpcHandlersSuite) setup() {
s.appealService = new(mocks.AppealService)
s.approvalService = new(mocks.ApprovalService)
s.grantService = new(mocks.GrantService)
s.namespaceService = new(mocks.NamespaceService)
s.grpcServer = v1beta1.NewGRPCServer(
s.resourceService,
s.activityService,
Expand All @@ -43,6 +45,7 @@ func (s *GrpcHandlersSuite) setup() {
s.appealService,
s.approvalService,
s.grantService,
s.namespaceService,
v1beta1.NewAdapter(),
authEmailTestContextKey{},
)
Expand Down
Loading

0 comments on commit 5c8a46d

Please sign in to comment.