fix: use existing config

goto · Oct 2, 2024 · 7dea742 · 7dea742
1 parent 0764db3
commit 7dea742
Show file tree

Hide file tree

Showing 7 changed files with 47 additions and 31 deletions.
diff --git a/cmd/serve.go b/cmd/serve.go
@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"io"
 	"net/http"
+	"net/url"
 	"os"
 	"os/signal"
 	"syscall"
@@ -79,11 +80,19 @@ func StartServer(logger *log.Zap, cfg *config.Shield) error {
 		return errors.New("resource config path cannot be left empty")
 	}
 
-	resourceBlobFS, err := blob.NewStore(ctx, cfg.App.ResourcesConfigPath, cfg.App.ResourcesConfigPathSecret)
+	parsedResourceStorageURL, err := url.Parse(cfg.App.ResourcesConfigPath)
 	if err != nil {
 		return err
 	}
 
+	var resourceBlobFS blob.Bucket
+	if parsedResourceStorageURL.Scheme != resource.RESOURCES_CONFIG_STORAGE_PG {
+		resourceBlobFS, err = blob.NewStore(ctx, cfg.App.ResourcesConfigPath, cfg.App.ResourcesConfigPathSecret)
+		if err != nil {
+			return err
+		}
+	}
+
 	spiceDBClient, err := spicedb.New(cfg.SpiceDB, logger)
 	if err != nil {
 		return err
@@ -130,10 +139,12 @@ func StartServer(logger *log.Zap, cfg *config.Shield) error {
 
 	resourcePGRepository := postgres.NewResourceRepository(dbClient)
 	var schemaConfigRepository schema.FileService
-	switch cfg.App.ResourcesConfigStorage {
-	case resource.RESOURCES_CONFIG_STORAGE_DB:
+	switch parsedResourceStorageURL.Scheme {
+	case resource.RESOURCES_CONFIG_STORAGE_PG:
 		schemaConfigRepository = resourcePGRepository
-	case resource.RESOURCES_CONFIG_STORAGE_BLOB:
+	case resource.RESOURCES_CONFIG_STORAGE_GS,
+		resource.RESOURCES_CONFIG_STORAGE_FILE,
+		resource.RESOURCES_CONFIG_STORAGE_MEM:
 		schemaConfigRepository = blob.NewSchemaConfigRepository(resourceBlobFS)
 	default:
 		return errors.New("invalid resource config storage")
@@ -165,7 +176,7 @@ func StartServer(logger *log.Zap, cfg *config.Shield) error {
 	}
 
 	// serving proxies
-	cbs, cps, err := serveProxies(ctx, logger, cfg.App.IdentityProxyHeader, cfg.App.UserIDHeader, cfg.Proxy, cfg.App.RulesConfigStorage, pgRuleRepository, deps.ResourceService, deps.RelationService, deps.UserService, deps.GroupService, deps.ProjectService, deps.RelationAdapter)
+	cbs, cps, err := serveProxies(ctx, logger, cfg.App.IdentityProxyHeader, cfg.App.UserIDHeader, cfg.Proxy, pgRuleRepository, deps.ResourceService, deps.RelationService, deps.UserService, deps.GroupService, deps.ProjectService, deps.RelationAdapter)
 	if err != nil {
 		return err
 	}
@@ -246,9 +257,13 @@ func BuildAPIDependencies(
 	policyPGRepository := postgres.NewPolicyRepository(dbc)
 	policyService := policy.NewService(logger, policyPGRepository, userService, activityService)
 
+	parsedResourceStorageURL, err := url.Parse(cfg.App.ResourcesConfigPath)
+	if err != nil {
+		return api.Deps{}, err
+	}
 	resourcePGRepository := postgres.NewResourceRepository(dbc)
 	resourceService := resource.NewService(
-		logger, resource.AppConfig{ConfigStorage: cfg.App.ResourcesConfigStorage}, resourcePGRepository, resourcePGRepository, relationService,
+		logger, resource.AppConfig{ConfigStorage: parsedResourceStorageURL.Scheme}, resourcePGRepository, resourcePGRepository, relationService,
 		userService, projectService, organizationService, groupService, policyService, namespaceService, schemaMigrationService, activityService)
 
 	serviceDataRepository := postgres.NewServiceDataRepository(dbc)

diff --git a/cmd/serve_proxy.go b/cmd/serve_proxy.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"errors"
 	"net/http"
+	"net/url"
 
 	"github.com/goto/salt/log"
 	"github.com/goto/shield/core/group"
@@ -34,7 +35,6 @@ func serveProxies(
 	identityProxyHeaderKey,
 	userIDHeaderKey string,
 	cfg proxy.ServicesConfig,
-	storageConfig string,
 	pgRuleRepository *postgres.RuleRepository,
 	resourceService *resource.Service,
 	relationService *relation.Service,
@@ -59,16 +59,23 @@ func serveProxies(
 			return nil, nil, errors.New("ruleset field cannot be left empty")
 		}
 
-		ruleBlobFS, err := blob.NewStore(ctx, svcConfig.RulesPath, svcConfig.RulesPathSecret)
+		parsedStorageURL, err := url.Parse(svcConfig.RulesPath)
 		if err != nil {
 			return nil, nil, err
 		}
 
 		var ruleRepository rule.ConfigRepository
-		switch storageConfig {
-		case rule.RULES_CONFIG_STORAGE_DB:
+		switch parsedStorageURL.Scheme {
+		case rule.RULES_CONFIG_STORAGE_PG:
 			ruleRepository = pgRuleRepository
-		case rule.RULES_CONFIG_STORAGE_BLOB:
+		case rule.RULES_CONFIG_STORAGE_GS,
+			rule.RULES_CONFIG_STORAGE_FILE,
+			rule.RULES_CONFIG_STORAGE_MEM:
+			ruleBlobFS, err := blob.NewStore(ctx, svcConfig.RulesPath, svcConfig.RulesPathSecret)
+			if err != nil {
+				return nil, nil, err
+			}
+
 			blobRuleRepository := blob.NewRuleRepository(logger, ruleBlobFS)
 			if err := blobRuleRepository.InitCache(ctx, ruleCacheRefreshDelay); err != nil {
 				return nil, nil, err

diff --git a/core/resource/resource.go b/core/resource/resource.go
@@ -11,8 +11,10 @@ import (
 
 const (
 	NON_RESOURCE_ID               = "*"
-	RESOURCES_CONFIG_STORAGE_DB   = "db"
-	RESOURCES_CONFIG_STORAGE_BLOB = "blob"
+	RESOURCES_CONFIG_STORAGE_PG   = "postgresql"
+	RESOURCES_CONFIG_STORAGE_GS   = "gs"
+	RESOURCES_CONFIG_STORAGE_FILE = "file"
+	RESOURCES_CONFIG_STORAGE_MEM  = "mem"
 
 	AuditEntity = "resource"
 )

diff --git a/core/resource/service.go b/core/resource/service.go
@@ -543,7 +543,7 @@ func (s Service) UpsertResourcesConfig(ctx context.Context, name string, config
 		return ResourceConfig{}, err
 	}
 
-	if s.appConfig.ConfigStorage == RESOURCES_CONFIG_STORAGE_DB {
+	if s.appConfig.ConfigStorage == RESOURCES_CONFIG_STORAGE_PG {
 		if err := s.schemaService.RunMigrations(ctx); err != nil {
 			if txErr := s.repository.Rollback(ctx, err); txErr != nil {
 				return ResourceConfig{}, err

diff --git a/core/rule/service.go b/core/rule/service.go
@@ -8,8 +8,10 @@ import (
 )
 
 const (
-	RULES_CONFIG_STORAGE_DB   = "db"
-	RULES_CONFIG_STORAGE_BLOB = "blob"
+	RULES_CONFIG_STORAGE_PG   = "postgresql"
+	RULES_CONFIG_STORAGE_GS   = "gs"
+	RULES_CONFIG_STORAGE_FILE = "file"
+	RULES_CONFIG_STORAGE_MEM  = "mem"
 )
 
 type Service struct {

diff --git a/internal/server/config.go b/internal/server/config.go
@@ -42,10 +42,6 @@ type Config struct {
 	// to access RulesPath files
 	RulesPathSecret string `yaml:"ruleset_secret" mapstructure:"ruleset_secret"`
 
-	// Type of storage to where ruleset definition is stored
-	// The value must be set to either BLOB or DB
-	RulesConfigStorage string `yaml:"rules_config_storage" mapstructure:"rules_config_storage" default:"blob"`
-
 	// TODO might not suitable here because it is also being used by proxy
 	// Headers which will have user's email id
 	IdentityProxyHeader string `yaml:"identity_proxy_header" mapstructure:"identity_proxy_header" default:"X-Shield-Email"`
@@ -61,10 +57,6 @@ type Config struct {
 	// to access ResourcesPathSecretPath files
 	ResourcesConfigPathSecret string `yaml:"resources_config_path_secret" mapstructure:"resources_config_path_secret"`
 
-	// Type of storage to where resource schema definition is stored
-	// The value must be set to either BLOB or DB
-	ResourcesConfigStorage string `yaml:"resources_config_storage" mapstructure:"resources_config_storage" default:"blob"`
-
 	// CheckAPILimit will have the maximum number of resource permissions that can be included
 	// in the resource permission check API. Default: 5
 	CheckAPILimit int `yaml:"check_api_limit" mapstructure:"check_api_limit" default:"5"`

diff --git a/test/e2e_test/testbench/testbench.go b/test/e2e_test/testbench/testbench.go
@@ -197,13 +197,11 @@ func SetupTests(t *testing.T) (shieldv1beta1.ShieldServiceClient, shieldv1beta1.
 			GRPC: server.GRPCConfig{
 				Port: apiGRPCPort,
 			},
-			DefaultSystemEmail:     DefaultSystemEmail,
-			IdentityProxyHeader:    IdentityHeader,
-			UserIDHeader:           userIDHeaderKey,
-			ResourcesConfigPath:    fmt.Sprintf("file://%s/%s", testDataPath, "configs/resources"),
-			RulesPath:              fmt.Sprintf("file://%s/%s", testDataPath, "configs/rules"),
-			RulesConfigStorage:     "blob",
-			ResourcesConfigStorage: "blob",
+			DefaultSystemEmail:  DefaultSystemEmail,
+			IdentityProxyHeader: IdentityHeader,
+			UserIDHeader:        userIDHeaderKey,
+			ResourcesConfigPath: fmt.Sprintf("file://%s/%s", testDataPath, "configs/resources"),
+			RulesPath:           fmt.Sprintf("file://%s/%s", testDataPath, "configs/rules"),
 			ServiceData: server.ServiceDataConfig{
 				BootstrapEnabled:          true,
 				MaxNumUpsertData:          1,