Skip to content

Commit f7d55b6

Browse files
tminusplustminusplus
authored
Update protos with service account changes (#343)
1 parent 4fd8d45 commit f7d55b6

16 files changed

Lines changed: 1858 additions & 18614 deletions

File tree

app/apikey.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -77,7 +77,7 @@ func (s *APIKeyClient) createServiceAccountAPIKey(
7777
Description: description,
7878
ExpiryTime: expiryts,
7979
},
80-
AsyncOperationId: requestID,
80+
RequestId: requestID,
8181
})
8282
if err != nil {
8383
return err

app/serviceaccount.go

Lines changed: 35 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,6 @@ package app
33
import (
44
"context"
55
"fmt"
6-
"github.com/temporalio/tcld/protogen/temporal/api/cloud/identity/v1"
76

87
"github.com/temporalio/tcld/protogen/api/auth/v1"
98
"github.com/temporalio/tcld/protogen/api/authservice/v1"
@@ -60,8 +59,8 @@ func (c *ServiceAccountClient) createServiceAccount(
6059
operationID string,
6160
) error {
6261
req := &authservice.CreateServiceAccountRequest{
63-
Spec: spec,
64-
AsyncOperationId: operationID,
62+
Spec: spec,
63+
RequestId: operationID,
6564
}
6665

6766
resp, err := c.client.CreateServiceAccount(c.ctx, req)
@@ -111,7 +110,7 @@ func (c *ServiceAccountClient) deleteServiceAccount(
111110
req := &authservice.DeleteServiceAccountRequest{
112111
ServiceAccountId: sa.Id,
113112
ResourceVersion: ctx.String(ResourceVersionFlagName),
114-
AsyncOperationId: ctx.String(RequestIDFlagName),
113+
RequestId: ctx.String(RequestIDFlagName),
115114
}
116115
if req.ResourceVersion == "" {
117116
req.ResourceVersion = sa.ResourceVersion
@@ -120,7 +119,7 @@ func (c *ServiceAccountClient) deleteServiceAccount(
120119
if err != nil {
121120
return fmt.Errorf("unable to delete service account: %w", err)
122121
}
123-
return PrintProto(resp.AsyncOperation)
122+
return PrintProto(resp.RequestStatus)
124123
}
125124

126125
func (c *ServiceAccountClient) performUpdate(
@@ -144,15 +143,25 @@ func (c *ServiceAccountClient) performUpdate(
144143
spec.Description = description
145144
}
146145
if len(accountRole) > 0 {
147-
spec.Access.AccountAccess = &identity.AccountAccess{
148-
Role: accountRole,
146+
ag, err := toAccountActionGroup(accountRole)
147+
if err != nil {
148+
return fmt.Errorf("failed to parse account role: %w", err)
149+
}
150+
151+
spec.Access.AccountAccess = &auth.AccountAccess{
152+
Role: ag,
149153
}
150154
}
151155
if namespaceRoles != nil {
152-
nrs := map[string]*identity.NamespaceAccess{}
156+
nrs := map[string]*auth.NamespaceAccess{}
153157
for ns, p := range namespaceRoles {
154-
nrs[ns] = &identity.NamespaceAccess{
155-
Permission: p,
158+
nsActionGroup, err := toNamespaceActionGroup(p)
159+
if err != nil {
160+
return fmt.Errorf("failed to parse namespace %q permission: %w", ns, err)
161+
}
162+
163+
nrs[ns] = &auth.NamespaceAccess{
164+
Permission: nsActionGroup,
156165
}
157166
}
158167
spec.Access.NamespaceAccesses = nrs
@@ -166,7 +175,7 @@ func (c *ServiceAccountClient) performUpdate(
166175
req.ResourceVersion = ctx.String(ResourceVersionFlagName)
167176
}
168177
if ctx.IsSet(RequestIDFlagName) {
169-
req.AsyncOperationId = ctx.String(RequestIDFlagName)
178+
req.RequestId = ctx.String(RequestIDFlagName)
170179
}
171180
if req.ResourceVersion == "" {
172181
req.ResourceVersion = sa.ResourceVersion
@@ -176,7 +185,7 @@ func (c *ServiceAccountClient) performUpdate(
176185
if err != nil {
177186
return fmt.Errorf("unable to update service account: %w", err)
178187
}
179-
return PrintProto(resp.AsyncOperation)
188+
return PrintProto(resp.RequestStatus)
180189
}
181190

182191
func NewServiceAccountCommand(getServiceAccountClientFn GetServiceAccountClientFn) (CommandOut, error) {
@@ -221,17 +230,18 @@ func NewServiceAccountCommand(getServiceAccountClientFn GetServiceAccountClientF
221230
return fmt.Errorf("account role must be specified; valid types are %v", accountActionGroups)
222231
}
223232

224-
if _, ok := auth.AccountActionGroup_value[ctx.String(accountRoleFlagName)]; !ok {
225-
return fmt.Errorf("invalid account role; valid types are: %v", accountActionGroups)
233+
acctActionGroup, err := toAccountActionGroup(ctx.String(accountRoleFlagName))
234+
if err != nil {
235+
return fmt.Errorf("failed to parse account role: %w", err)
226236
}
227237

228238
spec := &auth.ServiceAccountSpec{
229239
Name: ctx.String(serviceAccountNameFlagName),
230-
Access: &identity.Access{
231-
AccountAccess: &identity.AccountAccess{
232-
Role: ctx.String(accountRoleFlagName),
240+
Access: &auth.Access{
241+
AccountAccess: &auth.AccountAccess{
242+
Role: acctActionGroup,
233243
},
234-
NamespaceAccesses: map[string]*identity.NamespaceAccess{},
244+
NamespaceAccesses: map[string]*auth.NamespaceAccess{},
235245
},
236246
Description: ctx.String(serviceAccountDescriptionFlagName),
237247
}
@@ -255,8 +265,13 @@ func NewServiceAccountCommand(getServiceAccountClientFn GetServiceAccountClientF
255265
}
256266

257267
for ns, perm := range nsMap {
258-
spec.Access.NamespaceAccesses[ns] = &identity.NamespaceAccess{
259-
Permission: perm,
268+
nsActionGroup, err := toNamespaceActionGroup(perm)
269+
if err != nil {
270+
return fmt.Errorf("failed to parse %q namespace permission: %w", ns, err)
271+
}
272+
273+
spec.Access.NamespaceAccesses[ns] = &auth.NamespaceAccess{
274+
Permission: nsActionGroup,
260275
}
261276
}
262277
}

app/serviceaccount_test.go

Lines changed: 57 additions & 57 deletions
Original file line numberDiff line numberDiff line change
@@ -3,16 +3,16 @@ package app
33
import (
44
"context"
55
"errors"
6+
"reflect"
7+
"testing"
8+
69
"github.com/golang/mock/gomock"
710
"github.com/stretchr/testify/suite"
811
"github.com/temporalio/tcld/protogen/api/auth/v1"
912
"github.com/temporalio/tcld/protogen/api/authservice/v1"
13+
"github.com/temporalio/tcld/protogen/api/request/v1"
1014
authservicemock "github.com/temporalio/tcld/protogen/apimock/authservice/v1"
11-
"github.com/temporalio/tcld/protogen/temporal/api/cloud/identity/v1"
12-
"github.com/temporalio/tcld/protogen/temporal/api/cloud/operation/v1"
1315
"github.com/urfave/cli/v2"
14-
"reflect"
15-
"testing"
1616
)
1717

1818
func TestServiceAccount(t *testing.T) {
@@ -106,20 +106,20 @@ func (s *ServiceAccountTestSuite) TestCreateServiceAccount() {
106106
s.mockAuthService.EXPECT().CreateServiceAccount(gomock.Any(), gomock.Any()).Return(nil, errors.New("create service account error")).Times(1)
107107
s.EqualError(s.RunCmd("service-account", "create", "--description", "test description", "--name", "test name", "--account-role", "Read"), "unable to create service account: create service account error")
108108
s.mockAuthService.EXPECT().CreateServiceAccount(gomock.Any(), gomock.Any()).Return(&authservice.CreateServiceAccountResponse{
109-
AsyncOperation: &operation.AsyncOperation{
110-
State: "FULFILLED",
109+
RequestStatus: &request.RequestStatus{
110+
State: request.STATE_FULFILLED,
111111
},
112112
}, nil).Times(1)
113113
s.NoError(s.RunCmd("service-account", "create", "--description", "test description", "--name", "test name", "--account-role", "Read"))
114114
s.mockAuthService.EXPECT().CreateServiceAccount(gomock.Any(), gomock.Any()).Return(&authservice.CreateServiceAccountResponse{
115-
AsyncOperation: &operation.AsyncOperation{
116-
State: "FULFILLED",
115+
RequestStatus: &request.RequestStatus{
116+
State: request.STATE_FULFILLED,
117117
},
118118
}, nil).Times(1)
119119
s.NoError(s.RunCmd("service-account", "create", "--description", "test description", "--name", "test name", "--account-role", "Admin", "--namespace-permission", "test-namespace=Admin"))
120120
s.mockAuthService.EXPECT().CreateServiceAccount(gomock.Any(), gomock.Any()).Return(&authservice.CreateServiceAccountResponse{
121-
AsyncOperation: &operation.AsyncOperation{
122-
State: "FULFILLED",
121+
RequestStatus: &request.RequestStatus{
122+
State: request.STATE_FULFILLED,
123123
},
124124
}, nil).Times(1)
125125
s.NoError(s.RunCmd("service-account", "create", "--description", "test description", "--name", "test name", "--account-role", "Read", "--namespace-permission", "test-namespace=Read"))
@@ -149,8 +149,8 @@ func (s *ServiceAccountTestSuite) TestDeleteServiceAccount() {
149149
},
150150
}, nil).Times(1)
151151
s.mockAuthService.EXPECT().DeleteServiceAccount(gomock.Any(), gomock.Any()).Return(&authservice.DeleteServiceAccountResponse{
152-
AsyncOperation: &operation.AsyncOperation{
153-
State: "FULFILLED",
152+
RequestStatus: &request.RequestStatus{
153+
State: request.STATE_FULFILLED,
154154
},
155155
}, nil).Times(1)
156156
s.NoError(s.RunCmd("service-account", "delete", "--service-account-id", "test-service-account-id"))
@@ -170,13 +170,13 @@ func (s *ServiceAccountTestSuite) TestSetAccountRole() {
170170
Spec: &auth.ServiceAccountSpec{
171171
Name: "test-service-account-name",
172172
Description: "test-service-account-desc",
173-
Access: &identity.Access{
174-
AccountAccess: &identity.AccountAccess{
175-
Role: "Read",
173+
Access: &auth.Access{
174+
AccountAccess: &auth.AccountAccess{
175+
Role: auth.ACCOUNT_ACTION_GROUP_READ,
176176
},
177-
NamespaceAccesses: map[string]*identity.NamespaceAccess{
177+
NamespaceAccesses: map[string]*auth.NamespaceAccess{
178178
"test-namespace": {
179-
Permission: "test-namespace-role",
179+
Permission: auth.NAMESPACE_ACTION_GROUP_READ,
180180
},
181181
},
182182
},
@@ -189,21 +189,21 @@ func (s *ServiceAccountTestSuite) TestSetAccountRole() {
189189
Spec: &auth.ServiceAccountSpec{
190190
Name: "test-service-account-name",
191191
Description: "test-service-account-desc",
192-
Access: &identity.Access{
193-
AccountAccess: &identity.AccountAccess{
194-
Role: "Developer",
192+
Access: &auth.Access{
193+
AccountAccess: &auth.AccountAccess{
194+
Role: auth.ACCOUNT_ACTION_GROUP_DEVELOPER,
195195
},
196-
NamespaceAccesses: map[string]*identity.NamespaceAccess{
196+
NamespaceAccesses: map[string]*auth.NamespaceAccess{
197197
"test-namespace": {
198-
Permission: "test-namespace-role",
198+
Permission: auth.NAMESPACE_ACTION_GROUP_READ,
199199
},
200200
},
201201
},
202202
},
203203
},
204204
})).Return(&authservice.UpdateServiceAccountResponse{
205-
AsyncOperation: &operation.AsyncOperation{
206-
State: "FULFILLED",
205+
RequestStatus: &request.RequestStatus{
206+
State: request.STATE_FULFILLED,
207207
},
208208
}, nil)
209209
s.NoError(s.RunCmd("service-account", "set-account-role", "--service-account-id", "test-service-account-id", "--account-role", "Developer"))
@@ -216,13 +216,13 @@ func (s *ServiceAccountTestSuite) TestSetAccountRoleAdmin() {
216216
Spec: &auth.ServiceAccountSpec{
217217
Name: "test-service-account-name",
218218
Description: "test-service-account-desc",
219-
Access: &identity.Access{
220-
AccountAccess: &identity.AccountAccess{
221-
Role: "Read",
219+
Access: &auth.Access{
220+
AccountAccess: &auth.AccountAccess{
221+
Role: auth.ACCOUNT_ACTION_GROUP_READ,
222222
},
223-
NamespaceAccesses: map[string]*identity.NamespaceAccess{
223+
NamespaceAccesses: map[string]*auth.NamespaceAccess{
224224
"test-namespace": {
225-
Permission: "test-namespace-role",
225+
Permission: auth.NAMESPACE_ACTION_GROUP_READ,
226226
},
227227
},
228228
},
@@ -235,17 +235,17 @@ func (s *ServiceAccountTestSuite) TestSetAccountRoleAdmin() {
235235
Spec: &auth.ServiceAccountSpec{
236236
Name: "test-service-account-name",
237237
Description: "test-service-account-desc",
238-
Access: &identity.Access{
239-
AccountAccess: &identity.AccountAccess{
240-
Role: "Admin",
238+
Access: &auth.Access{
239+
AccountAccess: &auth.AccountAccess{
240+
Role: auth.ACCOUNT_ACTION_GROUP_ADMIN,
241241
},
242-
NamespaceAccesses: map[string]*identity.NamespaceAccess{},
242+
NamespaceAccesses: map[string]*auth.NamespaceAccess{},
243243
},
244244
},
245245
},
246246
})).Return(&authservice.UpdateServiceAccountResponse{
247-
AsyncOperation: &operation.AsyncOperation{
248-
State: "FULFILLED",
247+
RequestStatus: &request.RequestStatus{
248+
State: request.STATE_FULFILLED,
249249
},
250250
}, nil)
251251
s.NoError(s.RunCmd("service-account", "set-account-role", "--service-account-id", "test-service-account-id", "--account-role", "Admin"))
@@ -265,11 +265,11 @@ func (s *ServiceAccountTestSuite) TestSetNamespacePermissions() {
265265
Spec: &auth.ServiceAccountSpec{
266266
Name: "test-service-account-name",
267267
Description: "test-service-account-desc",
268-
Access: &identity.Access{
269-
AccountAccess: &identity.AccountAccess{
270-
Role: "Read",
268+
Access: &auth.Access{
269+
AccountAccess: &auth.AccountAccess{
270+
Role: auth.ACCOUNT_ACTION_GROUP_READ,
271271
},
272-
NamespaceAccesses: map[string]*identity.NamespaceAccess{},
272+
NamespaceAccesses: map[string]*auth.NamespaceAccess{},
273273
},
274274
},
275275
},
@@ -280,21 +280,21 @@ func (s *ServiceAccountTestSuite) TestSetNamespacePermissions() {
280280
Spec: &auth.ServiceAccountSpec{
281281
Name: "test-service-account-name",
282282
Description: "test-service-account-desc",
283-
Access: &identity.Access{
284-
AccountAccess: &identity.AccountAccess{
285-
Role: "Read",
283+
Access: &auth.Access{
284+
AccountAccess: &auth.AccountAccess{
285+
Role: auth.ACCOUNT_ACTION_GROUP_READ,
286286
},
287-
NamespaceAccesses: map[string]*identity.NamespaceAccess{
287+
NamespaceAccesses: map[string]*auth.NamespaceAccess{
288288
"test-namespace-1": {
289-
Permission: "Read",
289+
Permission: auth.NAMESPACE_ACTION_GROUP_READ,
290290
},
291291
},
292292
},
293293
},
294294
},
295295
})).Return(&authservice.UpdateServiceAccountResponse{
296-
AsyncOperation: &operation.AsyncOperation{
297-
State: "FULFILLED",
296+
RequestStatus: &request.RequestStatus{
297+
State: request.STATE_FULFILLED,
298298
},
299299
}, nil)
300300
s.NoError(s.RunCmd("service-account", "set-namespace-permissions", "--service-account-id", "test-service-account-id", "-p", "test-namespace-1=Read"))
@@ -307,13 +307,13 @@ func (s *ServiceAccountTestSuite) TestSetNamespacePermissionsEmpty() {
307307
Spec: &auth.ServiceAccountSpec{
308308
Name: "test-service-account-name",
309309
Description: "test-service-account-desc",
310-
Access: &identity.Access{
311-
AccountAccess: &identity.AccountAccess{
312-
Role: "Read",
310+
Access: &auth.Access{
311+
AccountAccess: &auth.AccountAccess{
312+
Role: auth.ACCOUNT_ACTION_GROUP_READ,
313313
},
314-
NamespaceAccesses: map[string]*identity.NamespaceAccess{
314+
NamespaceAccesses: map[string]*auth.NamespaceAccess{
315315
"test-namespace-1": {
316-
Permission: "Read",
316+
Permission: auth.NAMESPACE_ACTION_GROUP_READ,
317317
},
318318
},
319319
},
@@ -326,17 +326,17 @@ func (s *ServiceAccountTestSuite) TestSetNamespacePermissionsEmpty() {
326326
Spec: &auth.ServiceAccountSpec{
327327
Name: "test-service-account-name",
328328
Description: "test-service-account-desc",
329-
Access: &identity.Access{
330-
AccountAccess: &identity.AccountAccess{
331-
Role: "Read",
329+
Access: &auth.Access{
330+
AccountAccess: &auth.AccountAccess{
331+
Role: auth.ACCOUNT_ACTION_GROUP_READ,
332332
},
333-
NamespaceAccesses: map[string]*identity.NamespaceAccess{},
333+
NamespaceAccesses: map[string]*auth.NamespaceAccess{},
334334
},
335335
},
336336
},
337337
})).Return(&authservice.UpdateServiceAccountResponse{
338-
AsyncOperation: &operation.AsyncOperation{
339-
State: "FULFILLED",
338+
RequestStatus: &request.RequestStatus{
339+
State: request.STATE_FULFILLED,
340340
},
341341
}, nil)
342342
s.NoError(s.RunCmd("service-account", "set-namespace-permissions", "--service-account-id", "test-service-account-id"))

0 commit comments

Comments
 (0)