Skip to content

Commit

Permalink
raito owner tag for access providers
Browse files Browse the repository at this point in the history
  • Loading branch information
rmennes committed Oct 14, 2024
1 parent 74884ae commit bbb2663
Show file tree
Hide file tree
Showing 7 changed files with 276 additions and 124 deletions.
2 changes: 1 addition & 1 deletion base/access_provider/sync_from_target/model.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ type AccessProvider struct {
Policy string `json:"policy"`
Who *WhoItem `yaml:"who" json:"who"`

Owners *OwnersInput `json:"owners"`
Owners *OwnersInput `json:"owners,omitempty"` // Deprecated, use RaitoOwnerTag instead

// Locking properties

Expand Down
2 changes: 1 addition & 1 deletion base/data_source/exporter.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ type DataObject struct {
ParentExternalId string `json:"parentExternalId"`
Tags []*tag.Tag `json:"tags"`
DataType *string `json:"dataType,omitempty"`
Owners *OwnersInput `json:"owners"` // Deprecated, use RaitoOwnerTag instead
Owners *OwnersInput `json:"owners,omitempty"` // Deprecated, use RaitoOwnerTag instead
}

type OwnersInput struct {
Expand Down
100 changes: 60 additions & 40 deletions internal/access_provider/post_processor.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,10 @@ import (

baseAp "github.com/raito-io/cli/base/access_provider"
"github.com/raito-io/cli/base/access_provider/sync_from_target"
"github.com/raito-io/cli/base/constants"
"github.com/raito-io/cli/base/tag"
"github.com/raito-io/cli/internal/access_provider/post_processing"
string2 "github.com/raito-io/cli/internal/util/string"
)

const nameTagOverrideLockedReason = "This Snowflake role can't be renamed because it has a name tag override attached to it"
Expand Down Expand Up @@ -97,27 +99,8 @@ func (p *PostProcessor) PostProcess(inputFilePath string, outputFile string) (*P
}

func (p *PostProcessor) postProcessAp(accessProvider *sync_from_target.AccessProvider, outputWriter sync_from_target.AccessProviderFileCreator) (bool, error) {
touched := false

if len(accessProvider.Tags) > 0 {
for _, tag := range accessProvider.Tags {
if p.matchedWithTagKey(p.config.TagOverwriteKeyForName, tag) {
nameOverwritten := p.overwriteName(accessProvider, tag)
if nameOverwritten {
touched = true
continue
}
}

if p.matchedWithTagKey(p.config.TagOverwriteKeyForOwners, tag) {
ownersOverwritten := p.overwriteOwners(accessProvider, tag)
if ownersOverwritten {
touched = ownersOverwritten
continue
}
}
}
}
touched := p.processOverwriteName(accessProvider)
touched = p.processOverwriteOwners(accessProvider) || touched

err := outputWriter.AddAccessProviders(accessProvider)
if err != nil {
Expand All @@ -128,36 +111,73 @@ func (p *PostProcessor) postProcessAp(accessProvider *sync_from_target.AccessPro
return touched, nil
}

func (p *PostProcessor) overwriteName(accessProvider *sync_from_target.AccessProvider, tag *tag.Tag) bool {
if tag.Value != "" {
p.config.TargetLogger.Debug(fmt.Sprintf("adjusting name for AP (externalId: %v) from %v to %v", accessProvider.ExternalId, accessProvider.Name, tag.Value))

accessProvider.Name = tag.Value
accessProvider.NameLocked = ptr.Bool(true)
accessProvider.NameLockedReason = ptr.String(nameTagOverrideLockedReason)
func (p *PostProcessor) processOverwriteName(accessProvider *sync_from_target.AccessProvider) bool {
if p.config.TagOverwriteKeyForName == "" {
return false
}

return true
for _, t := range accessProvider.Tags {
if p.matchedWithTagKey(p.config.TagOverwriteKeyForName, t) {
return p.overwriteName(accessProvider, t)
}
}

return false
}
func (p *PostProcessor) overwriteOwners(accessProvider *sync_from_target.AccessProvider, tag *tag.Tag) bool {
if tag.Value != "" {
overwrittenOwners := []string{}
for _, owner := range strings.Split(tag.Value, ",") {
overwrittenOwners = append(overwrittenOwners, strings.TrimSpace(owner))
}

p.config.TargetLogger.Debug(fmt.Sprintf("adjusting owners for AP (externalId: %v) to %v", accessProvider.ExternalId, overwrittenOwners))
func (p *PostProcessor) processOverwriteOwners(accessProvider *sync_from_target.AccessProvider) (touched bool) {
touched = false

if p.config.TagOverwriteKeyForOwners == "" {
return touched
}

var raitoOwnerTag *tag.Tag

for _, t := range accessProvider.Tags {
if strings.EqualFold(t.Key, constants.RaitoOwnerTagKey) {
raitoOwnerTag = t
raitoOwnerTag.Value = string2.TrimSpaceInCommaSeparatedList(raitoOwnerTag.Value)

touched = true

if accessProvider.Owners == nil {
accessProvider.Owners = &sync_from_target.OwnersInput{}
break
}
}

accessProvider.Owners.Users = overwrittenOwners
for _, t := range accessProvider.Tags {
if p.matchedWithTagKey(p.config.TagOverwriteKeyForOwners, t) {
if raitoOwnerTag != nil {
raitoOwnerTag.Value = raitoOwnerTag.Value + "," + string2.TrimSpaceInCommaSeparatedList(t.Value)
} else {
raitoOwnerTag = &tag.Tag{
Key: constants.RaitoOwnerTagKey,
Value: string2.TrimSpaceInCommaSeparatedList(t.Value),
Source: t.Source,
}

accessProvider.Tags = append(accessProvider.Tags, raitoOwnerTag)
}

touched = true
}
}

if raitoOwnerTag != nil {
accessProvider.OwnersLocked = ptr.Bool(true)
accessProvider.OwnersLockedReason = ptr.String(ownersTagOverrideLockedReason)
}

return touched
}

func (p *PostProcessor) overwriteName(accessProvider *sync_from_target.AccessProvider, tag *tag.Tag) bool {
if tag.Value != "" {
p.config.TargetLogger.Debug(fmt.Sprintf("adjusting name for AP (externalId: %v) from %v to %v", accessProvider.ExternalId, accessProvider.Name, tag.Value))

accessProvider.Name = tag.Value
accessProvider.NameLocked = ptr.Bool(true)
accessProvider.NameLockedReason = ptr.String(nameTagOverrideLockedReason)

return true
}
Expand All @@ -169,6 +189,6 @@ func (p *PostProcessor) matchedWithTagKey(overwriteKey string, tag *tag.Tag) boo
return tag != nil && overwriteKey != "" && strings.EqualFold(tag.Key, overwriteKey) && tag.Value != ""
}

func (p *PostProcessor) Close(ctx context.Context) error {
func (p *PostProcessor) Close(_ context.Context) error {
return nil
}
Loading

0 comments on commit bbb2663

Please sign in to comment.