🛂 Activity RBAC (#1291)

rigdev · Oct 21, 2024 · 6a9f60f · 6a9f60f
1 parent f49da39
commit 6a9f60f
Show file tree

Hide file tree

Showing 6 changed files with 39 additions and 3 deletions.
diff --git a/cmd/rig/cmd/activity/setup.go b/cmd/rig/cmd/activity/setup.go
@@ -9,6 +9,7 @@ import (
 	"connectrpc.com/connect"
 	"github.com/jedib0t/go-pretty/v6/table"
 	"github.com/rigdev/rig-go-api/api/v1/activity"
+	"github.com/rigdev/rig-go-api/model"
 	"github.com/rigdev/rig-go-sdk"
 	"github.com/rigdev/rig/cmd/common"
 	"github.com/rigdev/rig/cmd/rig/cmd/flags"
@@ -23,6 +24,9 @@ var (
 	fromStr string
 	toStr   string
 	since   string
+
+	limit  int
+	offset int
 )
 
 type Cmd struct {
@@ -67,6 +71,15 @@ func Setup(parent *cobra.Command, s *cli.SetupContext) {
 		"A duration. If set, only include activities younger than 'since'. "+
 			"Cannot be used if either --from or --to is used. Default is 24 hours.",
 	)
+	activity.Flags().IntVar(
+		&limit, "limit", 10,
+		"Limit the number of activities returned. Default is 10.",
+	)
+
+	activity.Flags().IntVar(
+		&offset, "offset", 0,
+		"Offset the activities returned. Default is 0.",
+	)
 
 	parent.AddCommand(activity)
 }
@@ -80,6 +93,11 @@ func (c *Cmd) list(ctx context.Context, _ *cobra.Command, _ []string) error {
 	resp, err := c.Rig.Activity().GetActivities(ctx, connect.NewRequest(&activity.GetActivitiesRequest{
 		From: timestamppb.New(from),
 		To:   timestamppb.New(to),
+		Pagination: &model.Pagination{
+			Limit:      uint32(limit),
+			Offset:     uint32(offset),
+			Descending: true,
+		},
 	}))
 	if err != nil {
 		return err

diff --git a/go.mod b/go.mod
@@ -32,7 +32,7 @@ require (
 	github.com/nyaruka/phonenumbers v1.1.7
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.70.0
-	github.com/rigdev/rig-go-api v0.0.0-20241021083106-6e86765c844a
+	github.com/rigdev/rig-go-api v0.0.0-20241021120618-8a5ebe64928e
 	github.com/rigdev/rig-go-sdk v0.0.0-20241021090503-b515c1ca035f
 	github.com/rivo/tview v0.0.0-20240524063012-037df494fb76
 	github.com/robfig/cron v1.2.0

diff --git a/go.sum b/go.sum
@@ -309,8 +309,8 @@ github.com/prometheus/common v0.59.1 h1:LXb1quJHWm1P6wq/U824uxYi4Sg0oGvNeUm1z5dJ
 github.com/prometheus/common v0.59.1/go.mod h1:GpWM7dewqmVYcd7SmRaiWVe9SSqjf0UrwnYnpEZNuT0=
 github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
 github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
-github.com/rigdev/rig-go-api v0.0.0-20241021083106-6e86765c844a h1:uaaVqBigHwgd3dhjxeR9wlonKOm5qemLm41Gk8WG2nw=
-github.com/rigdev/rig-go-api v0.0.0-20241021083106-6e86765c844a/go.mod h1:6xxlwvADYBFRiIrot3yrcXVJT2IMGfkTZ5LIRomNlXY=
+github.com/rigdev/rig-go-api v0.0.0-20241021120618-8a5ebe64928e h1:5wW6yx4Z9o6o758RWogrUtUV+vhGSHANxC8bziptrEo=
+github.com/rigdev/rig-go-api v0.0.0-20241021120618-8a5ebe64928e/go.mod h1:6xxlwvADYBFRiIrot3yrcXVJT2IMGfkTZ5LIRomNlXY=
 github.com/rigdev/rig-go-sdk v0.0.0-20241021090503-b515c1ca035f h1:SScDJVwFt/QzURstwUdi/ejnRoqB1ZsBLlICPD6Lt0c=
 github.com/rigdev/rig-go-sdk v0.0.0-20241021090503-b515c1ca035f/go.mod h1:DJAwoPmFI6Jo71n/2VfFk/Nyzlyd24ARWCLC4Hsm1gg=
 github.com/rivo/tview v0.0.0-20240524063012-037df494fb76 h1:iqvDlgyjmqleATtFbA7c14djmPh2n4mCYUv7JlD/ruA=

diff --git a/pkg/rbac/actions.go b/pkg/rbac/actions.go
@@ -1,6 +1,7 @@
 package rbac
 
 import (
+	"github.com/rigdev/rig-go-api/api/v1/activity/activityconnect"
 	"github.com/rigdev/rig-go-api/api/v1/capsule/capsuleconnect"
 	"github.com/rigdev/rig-go-api/api/v1/cluster/clusterconnect"
 	"github.com/rigdev/rig-go-api/api/v1/environment/environmentconnect"
@@ -131,6 +132,10 @@ const (
 	ActionMetricsView = "metrics:view"
 )
 
+const (
+	ActionActivityView = "activity:view"
+)
+
 var CapsuleActionMap = map[string]string{
 	capsuleconnect.ServiceWatchStatusProcedure:              ActionCapsuleView,
 	capsuleconnect.ServiceGetStatusProcedure:                ActionCapsuleView,
@@ -262,3 +267,7 @@ var MetricsActionMap = map[string]string{
 	metricsconnect.ServiceGetMetricsManyProcedure:       ActionMetricsView,
 	metricsconnect.ServiceGetMetricsExpressionProcedure: ActionMetricsView,
 }
+
+var ActivityActionMap = map[string]string{
+	activityconnect.ServiceGetActivitiesProcedure: ActionActivityView,
+}
diff --git a/pkg/rbac/permissions.go b/pkg/rbac/permissions.go
@@ -117,6 +117,14 @@ func GetViewerPermissions(projectID, environmentID string) []*role.Permission {
 				Project:     projectID,
 			},
 		},
+		{
+			Action: ActionActivityView,
+			Scope: &role.Scope{
+				Resource:    WithWildcard(ResourceActivity),
+				Environment: environmentID,
+				Project:     projectID,
+			},
+		},
 	}
 }
 

diff --git a/pkg/rbac/resources.go b/pkg/rbac/resources.go
@@ -12,6 +12,7 @@ const (
 	ResourceCluster        = "cluster"
 	ResourceEnvironment    = "environment"
 	ResourceMetrics        = "metrics"
+	ResourceActivity       = "activity"
 )
 
 func WithWildcard(resource string) string {