Skip to content

Commit 751f259

Browse files
committed
PR(ADHERE): Code review - remove code duplication & init
1 parent dcfacc2 commit 751f259

19 files changed

Lines changed: 594 additions & 844 deletions

acp/aac/aac.go

Lines changed: 9 additions & 313 deletions
Original file line numberDiff line numberDiff line change
@@ -12,240 +12,28 @@ package aac
1212

1313
import (
1414
"context"
15-
"os"
16-
17-
protoTypes "github.com/cosmos/gogoproto/types"
18-
"github.com/sourcenetwork/acp_core/pkg/auth"
19-
acpErrors "github.com/sourcenetwork/acp_core/pkg/errors"
20-
"github.com/sourcenetwork/acp_core/pkg/runtime"
21-
"github.com/sourcenetwork/acp_core/pkg/services"
22-
"github.com/sourcenetwork/acp_core/pkg/types"
23-
"github.com/sourcenetwork/immutable"
2415

2516
"github.com/sourcenetwork/defradb/acp"
26-
"github.com/sourcenetwork/defradb/acp/identity"
17+
"github.com/sourcenetwork/defradb/acp/local"
2718
acpTypes "github.com/sourcenetwork/defradb/acp/types"
28-
"github.com/sourcenetwork/defradb/errors"
2919
)
3020

31-
const adminACPStoreName = "admin_acp"
32-
33-
// AdminACP represents a admin acp (local to the node) implementation that makes no remote calls.
34-
type AdminACP struct {
35-
pathToStore immutable.Option[string]
36-
engine types.ACPEngineServer
37-
manager runtime.RuntimeManager
38-
closed bool
39-
}
40-
41-
func NewAdminACP() AdminACP {
42-
return AdminACP{}
43-
}
21+
const localStoreName = "local_admin_acp"
4422

4523
var _ acp.ACPSystemClient = (*AdminACP)(nil)
4624

47-
func (a *AdminACP) Init(ctx context.Context, path string) {
48-
if path == "" {
49-
a.pathToStore = immutable.None[string]()
50-
} else {
51-
a.pathToStore = immutable.Some(path)
52-
}
53-
}
54-
55-
func (a *AdminACP) Start(ctx context.Context) error {
56-
var manager runtime.RuntimeManager
57-
var err error
58-
var opts []runtime.Opt
59-
var storeLocation string
60-
61-
a.closed = false
62-
if !a.pathToStore.HasValue() { // Use a non-persistent, i.e. in memory store.
63-
storeLocation = "in-memory"
64-
opts = append(opts, runtime.WithMemKV())
65-
} else { // Use peristent storage.
66-
storeLocation = a.pathToStore.Value()
67-
acpStorePath := storeLocation + "/" + adminACPStoreName
68-
opts = append(opts, runtime.WithPersistentKV(acpStorePath))
69-
}
70-
71-
manager, err = runtime.NewRuntimeManager(opts...)
72-
if err != nil {
73-
return acp.NewErrInitializationOfACPFailed(err, "Admin", storeLocation)
74-
}
75-
76-
a.manager = manager
77-
a.engine = services.NewACPEngine(manager)
78-
return nil
79-
}
80-
81-
func (a *AdminACP) Close() error {
82-
if !a.closed {
83-
if a.manager != nil {
84-
err := a.manager.Terminate()
85-
if err != nil {
86-
return err
87-
}
88-
}
89-
a.closed = true
90-
}
91-
return nil
92-
}
93-
94-
func (a *AdminACP) ResetState(ctx context.Context) error {
95-
err := a.Close()
96-
if err != nil {
97-
return err
98-
}
99-
100-
// delete state (applicable to persistent store)
101-
if a.pathToStore.HasValue() {
102-
storeLocation := a.pathToStore.Value()
103-
path := storeLocation + "/" + adminACPStoreName
104-
info, err := os.Stat(path)
105-
if os.IsNotExist(err) {
106-
return errors.Join(acp.ErrACPResetState, err)
107-
} else if err != nil {
108-
return errors.Join(acp.ErrACPResetState, err)
109-
}
110-
111-
if info.IsDir() {
112-
// remove dir
113-
if err := os.RemoveAll(path); err != nil {
114-
return errors.Join(acp.ErrACPResetState, err)
115-
}
116-
} else {
117-
// remove file
118-
if err := os.Remove(path); err != nil {
119-
return errors.Join(acp.ErrACPResetState, err)
120-
}
121-
}
122-
}
123-
124-
// Start again
125-
return a.Start(ctx)
126-
}
127-
128-
func (a *AdminACP) AddPolicy(
129-
ctx context.Context,
130-
creator identity.Identity,
131-
policy string,
132-
marshalType acpTypes.PolicyMarshalType,
133-
creationTime *protoTypes.Timestamp,
134-
) (string, error) {
135-
principal, err := types.NewDIDPrincipal(creator.DID())
136-
if err != nil {
137-
return "", acp.NewErrInvalidActorID(err, creator.DID())
138-
}
139-
ctx = auth.InjectPrincipal(ctx, principal)
140-
141-
createPolicy := types.CreatePolicyRequest{
142-
Policy: policy,
143-
MarshalType: types.PolicyMarshalingType(marshalType),
144-
}
145-
146-
response, err := a.engine.CreatePolicy(ctx, &createPolicy)
147-
if err != nil {
148-
return "", err
149-
}
150-
151-
return response.Record.Policy.Id, nil
152-
}
153-
154-
func (a *AdminACP) Policy(
155-
ctx context.Context,
156-
policyID string,
157-
) (immutable.Option[acpTypes.Policy], error) {
158-
none := immutable.None[acpTypes.Policy]()
159-
160-
request := types.GetPolicyRequest{Id: policyID}
161-
response, err := a.engine.GetPolicy(ctx, &request)
162-
if err != nil {
163-
if errors.Is(err, acpErrors.ErrorType_NOT_FOUND) {
164-
return none, nil
165-
}
166-
return none, err
167-
}
168-
169-
policy := acpTypes.MapACPCorePolicy(response.Record.Policy)
170-
return immutable.Some(policy), nil
171-
}
172-
173-
func (a *AdminACP) RegisterObject(
174-
ctx context.Context,
175-
identity identity.Identity,
176-
policyID string,
177-
resourceName string,
178-
objectID string,
179-
creationTime *protoTypes.Timestamp,
180-
) error {
181-
principal, err := types.NewDIDPrincipal(identity.DID())
182-
if err != nil {
183-
return acp.NewErrInvalidActorID(err, identity.DID())
184-
}
185-
186-
ctx = auth.InjectPrincipal(ctx, principal)
187-
req := types.RegisterObjectRequest{
188-
PolicyId: policyID,
189-
Object: types.NewObject(resourceName, objectID),
190-
}
191-
192-
_, err = a.engine.RegisterObject(ctx, &req)
193-
return err
194-
}
195-
196-
func (a *AdminACP) ObjectOwner(
197-
ctx context.Context,
198-
policyID string,
199-
resourceName string,
200-
objectID string,
201-
) (immutable.Option[string], error) {
202-
none := immutable.None[string]()
203-
204-
req := types.GetObjectRegistrationRequest{
205-
PolicyId: policyID,
206-
Object: types.NewObject(resourceName, objectID),
207-
}
208-
result, err := a.engine.GetObjectRegistration(ctx, &req)
209-
if err != nil {
210-
return none, err
211-
}
212-
213-
if result.IsRegistered {
214-
return immutable.Some(result.OwnerId), nil
215-
}
216-
217-
return none, nil
25+
// AdminACP represents a admin acp (local to the node) implementation that makes no remote calls.
26+
type AdminACP struct {
27+
*local.LocalACP
21828
}
21929

220-
func (a *AdminACP) VerifyAccessRequest(
221-
ctx context.Context,
222-
permission acpTypes.ResourceInterfacePermission,
223-
actorID string,
224-
policyID string,
225-
resourceName string,
226-
objectID string,
227-
) (bool, error) {
228-
req := types.VerifyAccessRequestRequest{
229-
PolicyId: policyID,
230-
AccessRequest: &types.AccessRequest{
231-
Operations: []*types.Operation{
232-
{
233-
Object: types.NewObject(resourceName, objectID),
234-
Permission: permission.String(),
235-
},
236-
},
237-
Actor: &types.Actor{
238-
Id: actorID,
239-
},
240-
},
241-
}
242-
resp, err := a.engine.VerifyAccessRequest(ctx, &req)
243-
30+
func NewAdminACP(pathToStore string) (AdminACP, error) {
31+
localACP, err := local.NewLocalACP(pathToStore, localStoreName)
24432
if err != nil {
245-
return false, err
33+
return AdminACP{}, err
24634
}
24735

248-
return resp.Valid, nil
36+
return AdminACP{LocalACP: localACP}, nil
24937
}
25038

25139
func (a *AdminACP) ValidateResourceInterface(
@@ -261,95 +49,3 @@ func (a *AdminACP) ValidateResourceInterface(
26149
a,
26250
)
26351
}
264-
265-
func (a *AdminACP) AddActorRelationship(
266-
ctx context.Context,
267-
policyID string,
268-
resourceName string,
269-
objectID string,
270-
relation string,
271-
requester identity.Identity,
272-
targetActor string,
273-
creationTime *protoTypes.Timestamp,
274-
) (bool, error) {
275-
principal, err := types.NewDIDPrincipal(requester.DID())
276-
if err != nil {
277-
return false, acp.NewErrInvalidActorID(err, requester.DID())
278-
}
279-
280-
ctx = auth.InjectPrincipal(ctx, principal)
281-
282-
var newActorRelationship *types.Relationship
283-
if targetActor == "*" {
284-
newActorRelationship = types.NewAllActorsRelationship(
285-
resourceName,
286-
objectID,
287-
relation,
288-
)
289-
} else {
290-
newActorRelationship = types.NewActorRelationship(
291-
resourceName,
292-
objectID,
293-
relation,
294-
targetActor,
295-
)
296-
}
297-
298-
setRelationshipRequest := types.SetRelationshipRequest{
299-
PolicyId: policyID,
300-
Relationship: newActorRelationship,
301-
}
302-
303-
setRelationshipResponse, err := a.engine.SetRelationship(ctx, &setRelationshipRequest)
304-
if err != nil {
305-
return false, err
306-
}
307-
308-
return setRelationshipResponse.GetRecordExisted(), nil
309-
}
310-
311-
func (a *AdminACP) DeleteActorRelationship(
312-
ctx context.Context,
313-
policyID string,
314-
resourceName string,
315-
objectID string,
316-
relation string,
317-
requester identity.Identity,
318-
targetActor string,
319-
creationTime *protoTypes.Timestamp,
320-
) (bool, error) {
321-
principal, err := types.NewDIDPrincipal(requester.DID())
322-
if err != nil {
323-
return false, acp.NewErrInvalidActorID(err, requester.DID())
324-
}
325-
326-
ctx = auth.InjectPrincipal(ctx, principal)
327-
328-
var newActorRelationship *types.Relationship
329-
if targetActor == "*" {
330-
newActorRelationship = types.NewAllActorsRelationship(
331-
resourceName,
332-
objectID,
333-
relation,
334-
)
335-
} else {
336-
newActorRelationship = types.NewActorRelationship(
337-
resourceName,
338-
objectID,
339-
relation,
340-
targetActor,
341-
)
342-
}
343-
344-
deleteRelationshipRequest := types.DeleteRelationshipRequest{
345-
PolicyId: policyID,
346-
Relationship: newActorRelationship,
347-
}
348-
349-
deleteRelationshipResponse, err := a.engine.DeleteRelationship(ctx, &deleteRelationshipRequest)
350-
if err != nil {
351-
return false, err
352-
}
353-
354-
return deleteRelationshipResponse.GetRecordFound(), nil
355-
}

acp/acp.go

Lines changed: 2 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -23,14 +23,8 @@ import (
2323

2424
// ACPSystemClient is an abstraction to allow multiple types of ACP systems to share DefraDB specific logic.
2525
type ACPSystemClient interface {
26-
// Init initializes the acp, with an absolute path. The provided path indicates where the
27-
// persistent data will be stored for that ACP system.
28-
//
29-
// If the path is empty then acp will run in memory.
30-
Init(ctx context.Context, path string)
31-
32-
// Start starts the acp, using the initialized path. Will recover acp state
33-
// from a previous run if under the same path.
26+
// Start starts the acp, using the configured path. Will recover acp state
27+
// from a previous run if under the same persistent path.
3428
//
3529
// If the path is empty then acp will run in memory.
3630
Start(ctx context.Context) error

acp/dac/bridge.go

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -34,10 +34,6 @@ type bridgeDocumentACP struct {
3434
clientACP acp.ACPSystemClient
3535
}
3636

37-
func (a *bridgeDocumentACP) Init(ctx context.Context, path string) {
38-
a.clientACP.Init(ctx, path)
39-
}
40-
4137
func (a *bridgeDocumentACP) Start(ctx context.Context) error {
4238
return a.clientACP.Start(ctx)
4339
}

acp/dac/dac.go

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -29,12 +29,6 @@ var (
2929

3030
// DocumentACP is the interface to all types of document access control that might exist.
3131
type DocumentACP interface {
32-
// Init initializes the acp, with an absolute path. The provided path indicates where the
33-
// persistent data will be stored for acp.
34-
//
35-
// If the path is empty then acp will run in memory.
36-
Init(ctx context.Context, path string)
37-
3832
// Start starts the acp, using the initialized path. Will recover acp state
3933
// from a previous run if under the same path.
4034
//

0 commit comments

Comments
 (0)