From e7b296dba07c9e096920f840c2fcedf137e24ebf Mon Sep 17 00:00:00 2001
From: Femi Novia Lina <feminovi@gmail.com>
Date: Tue, 8 Oct 2024 14:27:28 +0700
Subject: [PATCH 1/2] feat: log schema migration

---
 cmd/serve.go              |  1 +
 internal/schema/schema.go | 15 +++++++++++++--
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/cmd/serve.go b/cmd/serve.go
index d32ce03d8..666b96836 100644
--- a/cmd/serve.go
+++ b/cmd/serve.go
@@ -151,6 +151,7 @@ func StartServer(logger *log.Zap, cfg *config.Shield) error {
 	}
 
 	schemaMigrationService := schema.NewSchemaMigrationService(
+		logger,
 		schema.AppConfig{ConfigStorage: parsedResourcesConfigURL.Scheme},
 		schemaConfigRepository,
 		resourcePGRepository,
diff --git a/internal/schema/schema.go b/internal/schema/schema.go
index df3d2a2c3..f34ec6718 100644
--- a/internal/schema/schema.go
+++ b/internal/schema/schema.go
@@ -13,6 +13,7 @@ import (
 	"github.com/goto/shield/core/role"
 	"github.com/goto/shield/core/user"
 
+	"github.com/goto/salt/log"
 	"golang.org/x/exp/maps"
 )
 
@@ -105,6 +106,7 @@ type SchemaMigrationConfig struct {
 }
 
 type SchemaService struct {
+	logger                log.Logger
 	appConfig             AppConfig
 	schemaConfig          FileService
 	pgRepository          PGRepository
@@ -118,6 +120,7 @@ type SchemaService struct {
 }
 
 func NewSchemaMigrationService(
+	logger log.Logger,
 	appConfig AppConfig,
 	schemaConfig FileService,
 	pgRepository PGRepository,
@@ -130,6 +133,7 @@ func NewSchemaMigrationService(
 	schemaMigrationConfig SchemaMigrationConfig,
 ) *SchemaService {
 	return &SchemaService{
+		logger:                logger,
 		appConfig:             appConfig,
 		schemaConfig:          schemaConfig,
 		pgRepository:          pgRepository,
@@ -198,6 +202,7 @@ func (s SchemaService) RunMigrations(ctx context.Context) error {
 			backend = st[0]
 			resourceType = st[1]
 		}
+		s.logger.Info(fmt.Sprintf("create namespace %s", namespaceId))
 		_, err := s.namespaceService.Upsert(ctx, namespace.Namespace{
 			ID:           namespaceId,
 			Name:         namespaceId,
@@ -210,6 +215,7 @@ func (s SchemaService) RunMigrations(ctx context.Context) error {
 
 		// create roles
 		for roleId, principals := range v.Roles {
+			s.logger.Info(fmt.Sprintf("create role %s with principals %s under namespace %s", roleId, principals, namespaceId))
 			_, err := s.roleService.Upsert(ctx, role.Role{
 				ID:          fmt.Sprintf("%s:%s", namespaceId, roleId),
 				Name:        roleId,
@@ -223,6 +229,7 @@ func (s SchemaService) RunMigrations(ctx context.Context) error {
 
 		// create role for inherited namespaces
 		for _, ins := range v.InheritedNamespaces {
+			s.logger.Info(fmt.Sprintf("create role %s from inherited namespace %s under namespace %s", ins.Name, ins.NamespaceId, namespaceId))
 			_, err := s.roleService.Upsert(ctx, role.Role{
 				ID:          fmt.Sprintf("%s:%s", namespaceId, ins.Name),
 				Name:        ins.Name,
@@ -237,6 +244,7 @@ func (s SchemaService) RunMigrations(ctx context.Context) error {
 		// create actions
 		// IMP: we should depreciate actions with principals
 		for actionId := range v.Permissions {
+			s.logger.Info(fmt.Sprintf("create action %s under namespace %s", actionId, namespaceId))
 			_, err := s.actionService.Upsert(ctx, action.Action{
 				ID:          fmt.Sprintf("%s.%s", actionId, namespaceId),
 				Name:        actionId,
@@ -261,10 +269,13 @@ func (s SchemaService) RunMigrations(ctx context.Context) error {
 					return fmt.Errorf("%w: role %s not associated with namespace: %s", ErrInvalidDetail, transformedRole.ID, transformedRole.NamespaceID)
 				}
 
+				roleId := GetRoleID(GetNamespace(transformedRole.NamespaceID), transformedRole.ID)
+				actionId := fmt.Sprintf("%s.%s", actionId, namespaceId)
+				s.logger.Info(fmt.Sprintf("create policy for role %s on namespace %s with action %s", roleId, namespaceId, actionId))
 				_, err = s.policyService.Upsert(ctx, &policy.Policy{
-					RoleID:      GetRoleID(GetNamespace(transformedRole.NamespaceID), transformedRole.ID),
+					RoleID:      roleId,
 					NamespaceID: namespaceId,
-					ActionID:    fmt.Sprintf("%s.%s", actionId, namespaceId),
+					ActionID:    actionId,
 				})
 				if err != nil {
 					return fmt.Errorf("%w: %s", ErrMigration, err.Error())

From baf59f3f6ba521182273deb51fca5aa2d934dd52 Mon Sep 17 00:00:00 2001
From: Femi Novia Lina <feminovi@gmail.com>
Date: Tue, 8 Oct 2024 14:49:43 +0700
Subject: [PATCH 2/2] test: add test

---
 internal/schema/utils_test.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/internal/schema/utils_test.go b/internal/schema/utils_test.go
index b5201b39b..1b17edcbd 100644
--- a/internal/schema/utils_test.go
+++ b/internal/schema/utils_test.go
@@ -11,3 +11,10 @@ func TestAppendIfUnique(t *testing.T) {
 	fmt.Println(AppendIfUnique([]string{"1", "2", "3"}, []string{"3", "4"}))
 	assert.ElementsMatch(t, AppendIfUnique([]string{"1", "2", "3"}, []string{"3", "4"}), []string{"1", "2", "3", "4"})
 }
+
+func TestGetNamespace(t *testing.T) {
+	fmt.Println(GetNamespace("project"))
+	assert.Equal(t, "shield/project", GetNamespace("project"))
+	fmt.Println(GetNamespace("entropy/firehose"))
+	assert.Equal(t, "entropy/firehose", GetNamespace("entropy/firehose"))
+}