diff --git a/src/api/v3/auth/token/common.rs b/src/api/v3/auth/token/common.rs index 7df37c21..2299bd6d 100644 --- a/src/api/v3/auth/token/common.rs +++ b/src/api/v3/auth/token/common.rs @@ -362,7 +362,7 @@ mod tests { }); let mut assignment_mock = MockAssignmentProvider::default(); assignment_mock.expect_list_role_assignments().returning( - |_, _, q: &RoleAssignmentListParameters| { + |_, q: &RoleAssignmentListParameters| { Ok(vec![Assignment { role_id: "rid".into(), role_name: Some("role_name".into()), diff --git a/src/api/v3/auth/token/mod.rs b/src/api/v3/auth/token/mod.rs index 195be8b7..3773b98e 100644 --- a/src/api/v3/auth/token/mod.rs +++ b/src/api/v3/auth/token/mod.rs @@ -818,7 +818,7 @@ mod tests { let mut catalog_mock = MockCatalogProvider::default(); assignment_mock .expect_list_role_assignments() - .returning(|_, _, _| Ok(Vec::new())); + .returning(|_, _| Ok(Vec::new())); let mut identity_mock = MockIdentityProvider::default(); identity_mock @@ -844,15 +844,15 @@ mod tests { let mut resource_mock = MockResourceProvider::default(); resource_mock .expect_get_project() - .withf(|_: &DatabaseConnection, id: &'_ str| id == "pid") + .withf(|_, id: &'_ str| id == "pid") .returning(move |_, _| Ok(Some(project.clone()))); resource_mock .expect_get_domain() - .withf(|_: &DatabaseConnection, id: &'_ str| id == "user_domain_id") + .withf(|_, id: &'_ str| id == "user_domain_id") .returning(move |_, _| Ok(Some(user_domain.clone()))); resource_mock .expect_get_domain() - .withf(|_: &DatabaseConnection, id: &'_ str| id == "pdid") + .withf(|_, id: &'_ str| id == "pdid") .returning(move |_, _| Ok(Some(project_domain.clone()))); let mut token_mock = MockTokenProvider::default(); token_mock.expect_issue_token().returning(|_, _, _| { @@ -995,7 +995,7 @@ mod tests { let mut resource_mock = MockResourceProvider::default(); resource_mock .expect_get_project() - .withf(|_: &DatabaseConnection, id: &'_ str| id == "pid") + .withf(|_, id: &'_ str| id == "pid") .returning(move |_, _| { Ok(Some(Project { id: "pid".into(), diff --git a/src/api/v3/role/mod.rs b/src/api/v3/role/mod.rs index b339926a..35f43572 100644 --- a/src/api/v3/role/mod.rs +++ b/src/api/v3/role/mod.rs @@ -53,7 +53,7 @@ async fn list( let roles: Vec = state .provider .get_assignment_provider() - .list_roles(&state.db, &query.into()) + .list_roles(&state, &query.into()) .await .map_err(KeystoneApiError::assignment)? .into_iter() @@ -83,7 +83,7 @@ async fn show( state .provider .get_assignment_provider() - .get_role(&state.db, &role_id) + .get_role(&state, &role_id) .await .map(|x| { x.ok_or_else(|| KeystoneApiError::NotFound { @@ -166,7 +166,7 @@ mod tests { let mut assignment_mock = MockAssignmentProvider::default(); assignment_mock .expect_list_roles() - .withf(|_: &DatabaseConnection, _: &RoleListParameters| true) + .withf(|_, _: &RoleListParameters| true) .returning(|_, _| { Ok(vec![Role { id: "1".into(), @@ -215,7 +215,7 @@ mod tests { let mut assignment_mock = MockAssignmentProvider::default(); assignment_mock .expect_list_roles() - .withf(|_: &DatabaseConnection, qp: &RoleListParameters| { + .withf(|_, qp: &RoleListParameters| { RoleListParameters { domain_id: Some("domain".into()), name: Some("name".into()), @@ -269,12 +269,12 @@ mod tests { let mut assignment_mock = MockAssignmentProvider::default(); assignment_mock .expect_get_role() - .withf(|_: &DatabaseConnection, id: &'_ str| id == "foo") + .withf(|_, id: &'_ str| id == "foo") .returning(|_, _| Ok(None)); assignment_mock .expect_get_role() - .withf(|_: &DatabaseConnection, id: &'_ str| id == "bar") + .withf(|_, id: &'_ str| id == "bar") .returning(|_, _| { Ok(Some(Role { id: "bar".into(), diff --git a/src/api/v3/role_assignment/mod.rs b/src/api/v3/role_assignment/mod.rs index 7c45f9d1..c7f76110 100644 --- a/src/api/v3/role_assignment/mod.rs +++ b/src/api/v3/role_assignment/mod.rs @@ -55,7 +55,7 @@ async fn list( let assignments: Result, _> = state .provider .get_assignment_provider() - .list_role_assignments(&state.db, &state.provider, &query.try_into()?) + .list_role_assignments(&state, &query.try_into()?) .await .map_err(KeystoneApiError::assignment)? .into_iter() @@ -136,8 +136,8 @@ mod tests { let mut assignment_mock = MockAssignmentProvider::default(); assignment_mock .expect_list_role_assignments() - .withf(|_, _, _s| true) - .returning(|_, _, _| { + .withf(|_, _s| true) + .returning(|_, _| { Ok(vec![Assignment { role_id: "role".into(), role_name: Some("rn".into()), @@ -191,7 +191,7 @@ mod tests { let mut assignment_mock = MockAssignmentProvider::default(); assignment_mock .expect_list_role_assignments() - .withf(|_, _, qp: &RoleAssignmentListParameters| { + .withf(|_, qp: &RoleAssignmentListParameters| { RoleAssignmentListParameters { role_id: Some("role".into()), user_id: Some("user1".into()), @@ -199,7 +199,7 @@ mod tests { ..Default::default() } == *qp }) - .returning(|_, _, _| { + .returning(|_, _| { Ok(vec![Assignment { role_id: "role".into(), role_name: None, @@ -212,7 +212,7 @@ mod tests { assignment_mock .expect_list_role_assignments() - .withf(|_, _, qp: &RoleAssignmentListParameters| { + .withf(|_, qp: &RoleAssignmentListParameters| { RoleAssignmentListParameters { role_id: Some("role".into()), user_id: Some("user2".into()), @@ -220,7 +220,7 @@ mod tests { ..Default::default() } == *qp }) - .returning(|_, _, _| { + .returning(|_, _| { Ok(vec![Assignment { role_id: "role".into(), role_name: None, @@ -233,14 +233,14 @@ mod tests { assignment_mock .expect_list_role_assignments() - .withf(|_, _, qp: &RoleAssignmentListParameters| { + .withf(|_, qp: &RoleAssignmentListParameters| { RoleAssignmentListParameters { group_id: Some("group3".into()), project_id: Some("project3".into()), ..Default::default() } == *qp }) - .returning(|_, _, _| { + .returning(|_, _| { Ok(vec![Assignment { role_id: "role".into(), role_name: None, diff --git a/src/api/v4/auth/token/common.rs b/src/api/v4/auth/token/common.rs index 61bb5dfd..70ead8e3 100644 --- a/src/api/v4/auth/token/common.rs +++ b/src/api/v4/auth/token/common.rs @@ -217,7 +217,7 @@ mod tests { let mut identity_mock = MockIdentityProvider::default(); identity_mock .expect_get_user() - .withf(|_: &DatabaseConnection, id: &'_ str| id == "bar") + .withf(|_, id: &'_ str| id == "bar") .returning(|_, _| { Ok(Some(UserResponse { id: "bar".into(), @@ -229,7 +229,7 @@ mod tests { let mut resource_mock = MockResourceProvider::default(); resource_mock .expect_get_domain() - .withf(|_: &DatabaseConnection, id: &'_ str| id == "user_domain_id") + .withf(|_, id: &'_ str| id == "user_domain_id") .returning(|_, _| { Ok(Some(Domain { id: "user_domain_id".into(), @@ -272,7 +272,7 @@ mod tests { let mut identity_mock = MockIdentityProvider::default(); identity_mock .expect_get_user() - .withf(|_: &DatabaseConnection, id: &'_ str| id == "bar") + .withf(|_, id: &'_ str| id == "bar") .returning(|_, _| { Ok(Some(UserResponse { id: "bar".into(), @@ -331,7 +331,7 @@ mod tests { let mut identity_mock = MockIdentityProvider::default(); identity_mock .expect_get_user() - .withf(|_: &DatabaseConnection, id: &'_ str| id == "bar") + .withf(|_, id: &'_ str| id == "bar") .returning(|_, _| { Ok(Some(UserResponse { id: "bar".into(), @@ -360,7 +360,7 @@ mod tests { }); let mut assignment_mock = MockAssignmentProvider::default(); assignment_mock.expect_list_role_assignments().returning( - |_, _, q: &RoleAssignmentListParameters| { + |_, q: &RoleAssignmentListParameters| { Ok(vec![Assignment { role_id: "rid".into(), role_name: Some("role_name".into()), diff --git a/src/api/v4/auth/token/mod.rs b/src/api/v4/auth/token/mod.rs index ef4051c2..1f6beabf 100644 --- a/src/api/v4/auth/token/mod.rs +++ b/src/api/v4/auth/token/mod.rs @@ -658,7 +658,7 @@ mod tests { let mut catalog_mock = MockCatalogProvider::default(); assignment_mock .expect_list_role_assignments() - .returning(|_, _, _| Ok(Vec::new())); + .returning(|_, _| Ok(Vec::new())); let mut identity_mock = MockIdentityProvider::default(); identity_mock diff --git a/src/api/v4/role_assignment/mod.rs b/src/api/v4/role_assignment/mod.rs index 4e74563a..f2607bb7 100644 --- a/src/api/v4/role_assignment/mod.rs +++ b/src/api/v4/role_assignment/mod.rs @@ -91,8 +91,8 @@ mod tests { let mut assignment_mock = MockAssignmentProvider::default(); assignment_mock .expect_list_role_assignments() - .withf(|_: &DatabaseConnection, _: &Provider, _: &RoleAssignmentListParameters| true) - .returning(|_, _, _| { + .withf(|_, _: &RoleAssignmentListParameters| true) + .returning(|_, _| { Ok(vec![Assignment { role_id: "role".into(), role_name: Some("rn".into()), @@ -146,17 +146,15 @@ mod tests { let mut assignment_mock = MockAssignmentProvider::default(); assignment_mock .expect_list_role_assignments() - .withf( - |_: &DatabaseConnection, _: &Provider, qp: &RoleAssignmentListParameters| { - RoleAssignmentListParameters { - role_id: Some("role".into()), - user_id: Some("user1".into()), - project_id: Some("project1".into()), - ..Default::default() - } == *qp - }, - ) - .returning(|_, _, _| { + .withf(|_, qp: &RoleAssignmentListParameters| { + RoleAssignmentListParameters { + role_id: Some("role".into()), + user_id: Some("user1".into()), + project_id: Some("project1".into()), + ..Default::default() + } == *qp + }) + .returning(|_, _| { Ok(vec![Assignment { role_id: "role".into(), role_name: None, @@ -169,17 +167,15 @@ mod tests { assignment_mock .expect_list_role_assignments() - .withf( - |_: &DatabaseConnection, _: &Provider, qp: &RoleAssignmentListParameters| { - RoleAssignmentListParameters { - role_id: Some("role".into()), - user_id: Some("user2".into()), - domain_id: Some("domain2".into()), - ..Default::default() - } == *qp - }, - ) - .returning(|_, _, _| { + .withf(|_, qp: &RoleAssignmentListParameters| { + RoleAssignmentListParameters { + role_id: Some("role".into()), + user_id: Some("user2".into()), + domain_id: Some("domain2".into()), + ..Default::default() + } == *qp + }) + .returning(|_, _| { Ok(vec![Assignment { role_id: "role".into(), role_name: None, @@ -192,16 +188,14 @@ mod tests { assignment_mock .expect_list_role_assignments() - .withf( - |_: &DatabaseConnection, _: &Provider, qp: &RoleAssignmentListParameters| { - RoleAssignmentListParameters { - group_id: Some("group3".into()), - project_id: Some("project3".into()), - ..Default::default() - } == *qp - }, - ) - .returning(|_, _, _| { + .withf(|_, qp: &RoleAssignmentListParameters| { + RoleAssignmentListParameters { + group_id: Some("group3".into()), + project_id: Some("project3".into()), + ..Default::default() + } == *qp + }) + .returning(|_, _| { Ok(vec![Assignment { role_id: "role".into(), role_name: None, diff --git a/src/assignment/backends/sql.rs b/src/assignment/backends/sql.rs index 75be4f94..23c9bb66 100644 --- a/src/assignment/backends/sql.rs +++ b/src/assignment/backends/sql.rs @@ -13,11 +13,11 @@ // SPDX-License-Identifier: Apache-2.0 use async_trait::async_trait; -use sea_orm::DatabaseConnection; use super::super::types::*; use crate::assignment::AssignmentProviderError; use crate::config::Config; +use crate::keystone::ServiceState; mod assignment; mod implied_role; @@ -38,42 +38,45 @@ impl AssignmentBackend for SqlBackend { } /// List roles - #[tracing::instrument(level = "debug", skip(self, db))] + #[tracing::instrument(level = "debug", skip(self, state))] async fn list_roles( &self, - db: &DatabaseConnection, + state: &ServiceState, params: &RoleListParameters, ) -> Result, AssignmentProviderError> { - Ok(role::list(&self.config, db, params).await?) + Ok(role::list(&self.config, &state.db, params).await?) } /// Get single role by ID - #[tracing::instrument(level = "debug", skip(self, db))] + #[tracing::instrument(level = "debug", skip(self, state))] async fn get_role<'a>( &self, - db: &DatabaseConnection, + state: &ServiceState, id: &'a str, ) -> Result, AssignmentProviderError> { - Ok(role::get(&self.config, db, id).await?) + Ok(role::get(&self.config, &state.db, id).await?) } /// List role assignments - #[tracing::instrument(level = "info", skip(self, db))] + #[tracing::instrument(level = "info", skip(self, state))] async fn list_assignments( &self, - db: &DatabaseConnection, + state: &ServiceState, params: &RoleAssignmentListParameters, ) -> Result, AssignmentProviderError> { - Ok(assignment::list(&self.config, db, params).await?) + Ok(assignment::list(&self.config, &state.db, params).await?) } /// List role assignments for multiple actors/targets - #[tracing::instrument(level = "info", skip(self, db))] + #[tracing::instrument(level = "info", skip(self, state))] async fn list_assignments_for_multiple_actors_and_targets( &self, - db: &DatabaseConnection, + state: &ServiceState, params: &RoleAssignmentListForMultipleActorTargetParameters, ) -> Result, AssignmentProviderError> { - Ok(assignment::list_for_multiple_actors_and_targets(&self.config, db, params).await?) + Ok( + assignment::list_for_multiple_actors_and_targets(&self.config, &state.db, params) + .await?, + ) } } diff --git a/src/assignment/mod.rs b/src/assignment/mod.rs index c021030a..7b71ee9b 100644 --- a/src/assignment/mod.rs +++ b/src/assignment/mod.rs @@ -14,7 +14,6 @@ use async_trait::async_trait; #[cfg(test)] use mockall::mock; -use sea_orm::DatabaseConnection; pub mod backends; pub mod error; @@ -28,8 +27,8 @@ use crate::assignment::types::{ }; use crate::config::Config; use crate::identity::IdentityApi; +use crate::keystone::ServiceState; use crate::plugin_manager::PluginManager; -use crate::provider::Provider; #[derive(Clone, Debug)] pub struct AssignmentProvider { @@ -41,22 +40,21 @@ pub trait AssignmentApi: Send + Sync + Clone { /// List Roles async fn list_roles( &self, - db: &DatabaseConnection, + state: &ServiceState, params: &RoleListParameters, ) -> Result, AssignmentProviderError>; /// Get a single role async fn get_role<'a>( &self, - db: &DatabaseConnection, + state: &ServiceState, role_id: &'a str, ) -> Result, AssignmentProviderError>; /// List role assignments for given target/role/actor async fn list_role_assignments( &self, - db: &DatabaseConnection, - provider: &Provider, + state: &ServiceState, params: &RoleAssignmentListParameters, ) -> Result, AssignmentProviderError>; } @@ -71,20 +69,19 @@ mock! { impl AssignmentApi for AssignmentProvider { async fn list_roles( &self, - db: &DatabaseConnection, + state: &ServiceState, params: &RoleListParameters, ) -> Result, AssignmentProviderError>; async fn get_role<'a>( &self, - db: &DatabaseConnection, + state: &ServiceState, id: &'a str, ) -> Result, AssignmentProviderError>; async fn list_role_assignments( &self, - db: &DatabaseConnection, - provider: &Provider, + state: &ServiceState, params: &RoleAssignmentListParameters, ) -> Result, AssignmentProviderError>; } @@ -121,31 +118,30 @@ impl AssignmentProvider { #[async_trait] impl AssignmentApi for AssignmentProvider { /// List roles - #[tracing::instrument(level = "info", skip(self, db))] + #[tracing::instrument(level = "info", skip(self, state))] async fn list_roles( &self, - db: &DatabaseConnection, + state: &ServiceState, params: &RoleListParameters, ) -> Result, AssignmentProviderError> { - self.backend_driver.list_roles(db, params).await + self.backend_driver.list_roles(state, params).await } /// Get single role - #[tracing::instrument(level = "info", skip(self, db))] + #[tracing::instrument(level = "info", skip(self, state))] async fn get_role<'a>( &self, - db: &DatabaseConnection, + state: &ServiceState, id: &'a str, ) -> Result, AssignmentProviderError> { - self.backend_driver.get_role(db, id).await + self.backend_driver.get_role(state, id).await } /// List role assignments - #[tracing::instrument(level = "info", skip(self, db, provider))] + #[tracing::instrument(level = "info", skip(self, state))] async fn list_role_assignments( &self, - db: &DatabaseConnection, - provider: &Provider, + state: &ServiceState, params: &RoleAssignmentListParameters, ) -> Result, AssignmentProviderError> { if let Some(true) = ¶ms.effective { @@ -161,9 +157,10 @@ impl AssignmentApi for AssignmentProvider { if let Some(true) = ¶ms.effective && let Some(uid) = ¶ms.user_id { - let users = provider + let users = state + .provider .get_identity_provider() - .list_groups_of_user(db, uid) + .list_groups_of_user(&state.db, uid) .await?; actors.extend(users.into_iter().map(|x| x.id)); }; @@ -176,10 +173,10 @@ impl AssignmentApi for AssignmentProvider { request.targets(targets); request.actors(actors); self.backend_driver - .list_assignments_for_multiple_actors_and_targets(db, &request.build()?) + .list_assignments_for_multiple_actors_and_targets(state, &request.build()?) .await } else { - self.backend_driver.list_assignments(db, params).await + self.backend_driver.list_assignments(state, params).await } } } diff --git a/src/assignment/types.rs b/src/assignment/types.rs index 1cce88fd..1ba3fb5b 100644 --- a/src/assignment/types.rs +++ b/src/assignment/types.rs @@ -17,10 +17,10 @@ pub mod role; use async_trait::async_trait; use dyn_clone::DynClone; -use sea_orm::DatabaseConnection; use crate::assignment::AssignmentProviderError; use crate::config::Config; +use crate::keystone::ServiceState; pub use crate::assignment::types::assignment::{ Assignment, AssignmentBuilder, AssignmentBuilderError, AssignmentType, @@ -39,21 +39,21 @@ pub trait AssignmentBackend: DynClone + Send + Sync + std::fmt::Debug { /// List Roles async fn list_roles( &self, - db: &DatabaseConnection, + state: &ServiceState, params: &RoleListParameters, ) -> Result, AssignmentProviderError>; /// Get single role by ID async fn get_role<'a>( &self, - db: &DatabaseConnection, + state: &ServiceState, id: &'a str, ) -> Result, AssignmentProviderError>; /// List Role assignments async fn list_assignments( &self, - db: &DatabaseConnection, + state: &ServiceState, params: &RoleAssignmentListParameters, ) -> Result, AssignmentProviderError>; @@ -64,7 +64,7 @@ pub trait AssignmentBackend: DynClone + Send + Sync + std::fmt::Debug { /// the role can be inherited from) async fn list_assignments_for_multiple_actors_and_targets( &self, - db: &DatabaseConnection, + state: &ServiceState, params: &RoleAssignmentListForMultipleActorTargetParameters, ) -> Result, AssignmentProviderError>; } diff --git a/src/token/mod.rs b/src/token/mod.rs index fcfaa2b6..786d72c1 100644 --- a/src/token/mod.rs +++ b/src/token/mod.rs @@ -458,8 +458,7 @@ impl TokenApi for TokenProvider { .provider .get_assignment_provider() .list_role_assignments( - &state.db, - &state.provider, + state, &RoleAssignmentListParametersBuilder::default() .user_id(&data.user_id) .project_id(&data.project_id) @@ -487,8 +486,7 @@ impl TokenApi for TokenProvider { .provider .get_assignment_provider() .list_role_assignments( - &state.db, - &state.provider, + state, &RoleAssignmentListParametersBuilder::default() .user_id(&data.user_id) .domain_id(&data.domain_id) @@ -515,8 +513,7 @@ impl TokenApi for TokenProvider { .provider .get_assignment_provider() .list_role_assignments( - &state.db, - &state.provider, + state, &RoleAssignmentListParametersBuilder::default() .user_id(&data.user_id) .project_id(&data.project_id) @@ -543,8 +540,7 @@ impl TokenApi for TokenProvider { .provider .get_assignment_provider() .list_role_assignments( - &state.db, - &state.provider, + state, &RoleAssignmentListParametersBuilder::default() .user_id(&data.user_id) .project_id(&data.project_id) @@ -572,8 +568,7 @@ impl TokenApi for TokenProvider { .provider .get_assignment_provider() .list_role_assignments( - &state.db, - &state.provider, + state, &RoleAssignmentListParametersBuilder::default() .user_id(&data.user_id) .domain_id(&data.domain_id) @@ -807,10 +802,10 @@ mod tests { let mut assignment_mock = MockAssignmentProvider::default(); assignment_mock .expect_list_role_assignments() - .withf(|_, _, q: &RoleAssignmentListParameters| { + .withf(|_, q: &RoleAssignmentListParameters| { q.project_id == Some("project_id".to_string()) }) - .returning(|_, _, q: &RoleAssignmentListParameters| { + .returning(|_, q: &RoleAssignmentListParameters| { Ok(vec![Assignment { role_id: "rid".into(), role_name: Some("role_name".into()), @@ -822,10 +817,10 @@ mod tests { }); assignment_mock .expect_list_role_assignments() - .withf(|_, _, q: &RoleAssignmentListParameters| { + .withf(|_, q: &RoleAssignmentListParameters| { q.domain_id == Some("domain_id".to_string()) }) - .returning(|_, _, q: &RoleAssignmentListParameters| { + .returning(|_, q: &RoleAssignmentListParameters| { Ok(vec![Assignment { role_id: "rid".into(), role_name: Some("role_name".into()),