From 6a9f60ffac8b7909fd9a749511ccdabf1aa0523f Mon Sep 17 00:00:00 2001 From: Christian Leth-Espensen Date: Mon, 21 Oct 2024 15:00:23 +0200 Subject: [PATCH] :passport_control: Activity RBAC (#1291) --- cmd/rig/cmd/activity/setup.go | 18 ++++++++++++++++++ go.mod | 2 +- go.sum | 4 ++-- pkg/rbac/actions.go | 9 +++++++++ pkg/rbac/permissions.go | 8 ++++++++ pkg/rbac/resources.go | 1 + 6 files changed, 39 insertions(+), 3 deletions(-) diff --git a/cmd/rig/cmd/activity/setup.go b/cmd/rig/cmd/activity/setup.go index 434b1b3a..f3df9998 100644 --- a/cmd/rig/cmd/activity/setup.go +++ b/cmd/rig/cmd/activity/setup.go @@ -9,6 +9,7 @@ import ( "connectrpc.com/connect" "github.com/jedib0t/go-pretty/v6/table" "github.com/rigdev/rig-go-api/api/v1/activity" + "github.com/rigdev/rig-go-api/model" "github.com/rigdev/rig-go-sdk" "github.com/rigdev/rig/cmd/common" "github.com/rigdev/rig/cmd/rig/cmd/flags" @@ -23,6 +24,9 @@ var ( fromStr string toStr string since string + + limit int + offset int ) type Cmd struct { @@ -67,6 +71,15 @@ func Setup(parent *cobra.Command, s *cli.SetupContext) { "A duration. If set, only include activities younger than 'since'. "+ "Cannot be used if either --from or --to is used. Default is 24 hours.", ) + activity.Flags().IntVar( + &limit, "limit", 10, + "Limit the number of activities returned. Default is 10.", + ) + + activity.Flags().IntVar( + &offset, "offset", 0, + "Offset the activities returned. Default is 0.", + ) parent.AddCommand(activity) } @@ -80,6 +93,11 @@ func (c *Cmd) list(ctx context.Context, _ *cobra.Command, _ []string) error { resp, err := c.Rig.Activity().GetActivities(ctx, connect.NewRequest(&activity.GetActivitiesRequest{ From: timestamppb.New(from), To: timestamppb.New(to), + Pagination: &model.Pagination{ + Limit: uint32(limit), + Offset: uint32(offset), + Descending: true, + }, })) if err != nil { return err diff --git a/go.mod b/go.mod index 6b1d55c3..221ab09a 100644 --- a/go.mod +++ b/go.mod @@ -32,7 +32,7 @@ require ( github.com/nyaruka/phonenumbers v1.1.7 github.com/pkg/errors v0.9.1 github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.70.0 - github.com/rigdev/rig-go-api v0.0.0-20241021083106-6e86765c844a + github.com/rigdev/rig-go-api v0.0.0-20241021120618-8a5ebe64928e github.com/rigdev/rig-go-sdk v0.0.0-20241021090503-b515c1ca035f github.com/rivo/tview v0.0.0-20240524063012-037df494fb76 github.com/robfig/cron v1.2.0 diff --git a/go.sum b/go.sum index 13c6f9ef..6ef2ecb4 100644 --- a/go.sum +++ b/go.sum @@ -309,8 +309,8 @@ github.com/prometheus/common v0.59.1 h1:LXb1quJHWm1P6wq/U824uxYi4Sg0oGvNeUm1z5dJ github.com/prometheus/common v0.59.1/go.mod h1:GpWM7dewqmVYcd7SmRaiWVe9SSqjf0UrwnYnpEZNuT0= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= -github.com/rigdev/rig-go-api v0.0.0-20241021083106-6e86765c844a h1:uaaVqBigHwgd3dhjxeR9wlonKOm5qemLm41Gk8WG2nw= -github.com/rigdev/rig-go-api v0.0.0-20241021083106-6e86765c844a/go.mod h1:6xxlwvADYBFRiIrot3yrcXVJT2IMGfkTZ5LIRomNlXY= +github.com/rigdev/rig-go-api v0.0.0-20241021120618-8a5ebe64928e h1:5wW6yx4Z9o6o758RWogrUtUV+vhGSHANxC8bziptrEo= +github.com/rigdev/rig-go-api v0.0.0-20241021120618-8a5ebe64928e/go.mod h1:6xxlwvADYBFRiIrot3yrcXVJT2IMGfkTZ5LIRomNlXY= github.com/rigdev/rig-go-sdk v0.0.0-20241021090503-b515c1ca035f h1:SScDJVwFt/QzURstwUdi/ejnRoqB1ZsBLlICPD6Lt0c= github.com/rigdev/rig-go-sdk v0.0.0-20241021090503-b515c1ca035f/go.mod h1:DJAwoPmFI6Jo71n/2VfFk/Nyzlyd24ARWCLC4Hsm1gg= github.com/rivo/tview v0.0.0-20240524063012-037df494fb76 h1:iqvDlgyjmqleATtFbA7c14djmPh2n4mCYUv7JlD/ruA= diff --git a/pkg/rbac/actions.go b/pkg/rbac/actions.go index 2c01b0bc..e1edee9d 100644 --- a/pkg/rbac/actions.go +++ b/pkg/rbac/actions.go @@ -1,6 +1,7 @@ package rbac import ( + "github.com/rigdev/rig-go-api/api/v1/activity/activityconnect" "github.com/rigdev/rig-go-api/api/v1/capsule/capsuleconnect" "github.com/rigdev/rig-go-api/api/v1/cluster/clusterconnect" "github.com/rigdev/rig-go-api/api/v1/environment/environmentconnect" @@ -131,6 +132,10 @@ const ( ActionMetricsView = "metrics:view" ) +const ( + ActionActivityView = "activity:view" +) + var CapsuleActionMap = map[string]string{ capsuleconnect.ServiceWatchStatusProcedure: ActionCapsuleView, capsuleconnect.ServiceGetStatusProcedure: ActionCapsuleView, @@ -262,3 +267,7 @@ var MetricsActionMap = map[string]string{ metricsconnect.ServiceGetMetricsManyProcedure: ActionMetricsView, metricsconnect.ServiceGetMetricsExpressionProcedure: ActionMetricsView, } + +var ActivityActionMap = map[string]string{ + activityconnect.ServiceGetActivitiesProcedure: ActionActivityView, +} diff --git a/pkg/rbac/permissions.go b/pkg/rbac/permissions.go index d55418eb..646ca5e9 100644 --- a/pkg/rbac/permissions.go +++ b/pkg/rbac/permissions.go @@ -117,6 +117,14 @@ func GetViewerPermissions(projectID, environmentID string) []*role.Permission { Project: projectID, }, }, + { + Action: ActionActivityView, + Scope: &role.Scope{ + Resource: WithWildcard(ResourceActivity), + Environment: environmentID, + Project: projectID, + }, + }, } } diff --git a/pkg/rbac/resources.go b/pkg/rbac/resources.go index 6e57d139..dc93bdb1 100644 --- a/pkg/rbac/resources.go +++ b/pkg/rbac/resources.go @@ -12,6 +12,7 @@ const ( ResourceCluster = "cluster" ResourceEnvironment = "environment" ResourceMetrics = "metrics" + ResourceActivity = "activity" ) func WithWildcard(resource string) string {