@@ -12,240 +12,28 @@ package aac
1212
1313import (
1414 "context"
15- "os"
16-
17- protoTypes "github.com/cosmos/gogoproto/types"
18- "github.com/sourcenetwork/acp_core/pkg/auth"
19- acpErrors "github.com/sourcenetwork/acp_core/pkg/errors"
20- "github.com/sourcenetwork/acp_core/pkg/runtime"
21- "github.com/sourcenetwork/acp_core/pkg/services"
22- "github.com/sourcenetwork/acp_core/pkg/types"
23- "github.com/sourcenetwork/immutable"
2415
2516 "github.com/sourcenetwork/defradb/acp"
26- "github.com/sourcenetwork/defradb/acp/identity "
17+ "github.com/sourcenetwork/defradb/acp/local "
2718 acpTypes "github.com/sourcenetwork/defradb/acp/types"
28- "github.com/sourcenetwork/defradb/errors"
2919)
3020
31- const adminACPStoreName = "admin_acp"
32-
33- // AdminACP represents a admin acp (local to the node) implementation that makes no remote calls.
34- type AdminACP struct {
35- pathToStore immutable.Option [string ]
36- engine types.ACPEngineServer
37- manager runtime.RuntimeManager
38- closed bool
39- }
40-
41- func NewAdminACP () AdminACP {
42- return AdminACP {}
43- }
21+ const localStoreName = "local_admin_acp"
4422
4523var _ acp.ACPSystemClient = (* AdminACP )(nil )
4624
47- func (a * AdminACP ) Init (ctx context.Context , path string ) {
48- if path == "" {
49- a .pathToStore = immutable .None [string ]()
50- } else {
51- a .pathToStore = immutable .Some (path )
52- }
53- }
54-
55- func (a * AdminACP ) Start (ctx context.Context ) error {
56- var manager runtime.RuntimeManager
57- var err error
58- var opts []runtime.Opt
59- var storeLocation string
60-
61- a .closed = false
62- if ! a .pathToStore .HasValue () { // Use a non-persistent, i.e. in memory store.
63- storeLocation = "in-memory"
64- opts = append (opts , runtime .WithMemKV ())
65- } else { // Use peristent storage.
66- storeLocation = a .pathToStore .Value ()
67- acpStorePath := storeLocation + "/" + adminACPStoreName
68- opts = append (opts , runtime .WithPersistentKV (acpStorePath ))
69- }
70-
71- manager , err = runtime .NewRuntimeManager (opts ... )
72- if err != nil {
73- return acp .NewErrInitializationOfACPFailed (err , "Admin" , storeLocation )
74- }
75-
76- a .manager = manager
77- a .engine = services .NewACPEngine (manager )
78- return nil
79- }
80-
81- func (a * AdminACP ) Close () error {
82- if ! a .closed {
83- if a .manager != nil {
84- err := a .manager .Terminate ()
85- if err != nil {
86- return err
87- }
88- }
89- a .closed = true
90- }
91- return nil
92- }
93-
94- func (a * AdminACP ) ResetState (ctx context.Context ) error {
95- err := a .Close ()
96- if err != nil {
97- return err
98- }
99-
100- // delete state (applicable to persistent store)
101- if a .pathToStore .HasValue () {
102- storeLocation := a .pathToStore .Value ()
103- path := storeLocation + "/" + adminACPStoreName
104- info , err := os .Stat (path )
105- if os .IsNotExist (err ) {
106- return errors .Join (acp .ErrACPResetState , err )
107- } else if err != nil {
108- return errors .Join (acp .ErrACPResetState , err )
109- }
110-
111- if info .IsDir () {
112- // remove dir
113- if err := os .RemoveAll (path ); err != nil {
114- return errors .Join (acp .ErrACPResetState , err )
115- }
116- } else {
117- // remove file
118- if err := os .Remove (path ); err != nil {
119- return errors .Join (acp .ErrACPResetState , err )
120- }
121- }
122- }
123-
124- // Start again
125- return a .Start (ctx )
126- }
127-
128- func (a * AdminACP ) AddPolicy (
129- ctx context.Context ,
130- creator identity.Identity ,
131- policy string ,
132- marshalType acpTypes.PolicyMarshalType ,
133- creationTime * protoTypes.Timestamp ,
134- ) (string , error ) {
135- principal , err := types .NewDIDPrincipal (creator .DID ())
136- if err != nil {
137- return "" , acp .NewErrInvalidActorID (err , creator .DID ())
138- }
139- ctx = auth .InjectPrincipal (ctx , principal )
140-
141- createPolicy := types.CreatePolicyRequest {
142- Policy : policy ,
143- MarshalType : types .PolicyMarshalingType (marshalType ),
144- }
145-
146- response , err := a .engine .CreatePolicy (ctx , & createPolicy )
147- if err != nil {
148- return "" , err
149- }
150-
151- return response .Record .Policy .Id , nil
152- }
153-
154- func (a * AdminACP ) Policy (
155- ctx context.Context ,
156- policyID string ,
157- ) (immutable.Option [acpTypes.Policy ], error ) {
158- none := immutable .None [acpTypes.Policy ]()
159-
160- request := types.GetPolicyRequest {Id : policyID }
161- response , err := a .engine .GetPolicy (ctx , & request )
162- if err != nil {
163- if errors .Is (err , acpErrors .ErrorType_NOT_FOUND ) {
164- return none , nil
165- }
166- return none , err
167- }
168-
169- policy := acpTypes .MapACPCorePolicy (response .Record .Policy )
170- return immutable .Some (policy ), nil
171- }
172-
173- func (a * AdminACP ) RegisterObject (
174- ctx context.Context ,
175- identity identity.Identity ,
176- policyID string ,
177- resourceName string ,
178- objectID string ,
179- creationTime * protoTypes.Timestamp ,
180- ) error {
181- principal , err := types .NewDIDPrincipal (identity .DID ())
182- if err != nil {
183- return acp .NewErrInvalidActorID (err , identity .DID ())
184- }
185-
186- ctx = auth .InjectPrincipal (ctx , principal )
187- req := types.RegisterObjectRequest {
188- PolicyId : policyID ,
189- Object : types .NewObject (resourceName , objectID ),
190- }
191-
192- _ , err = a .engine .RegisterObject (ctx , & req )
193- return err
194- }
195-
196- func (a * AdminACP ) ObjectOwner (
197- ctx context.Context ,
198- policyID string ,
199- resourceName string ,
200- objectID string ,
201- ) (immutable.Option [string ], error ) {
202- none := immutable .None [string ]()
203-
204- req := types.GetObjectRegistrationRequest {
205- PolicyId : policyID ,
206- Object : types .NewObject (resourceName , objectID ),
207- }
208- result , err := a .engine .GetObjectRegistration (ctx , & req )
209- if err != nil {
210- return none , err
211- }
212-
213- if result .IsRegistered {
214- return immutable .Some (result .OwnerId ), nil
215- }
216-
217- return none , nil
25+ // AdminACP represents a admin acp (local to the node) implementation that makes no remote calls.
26+ type AdminACP struct {
27+ * local.LocalACP
21828}
21929
220- func (a * AdminACP ) VerifyAccessRequest (
221- ctx context.Context ,
222- permission acpTypes.ResourceInterfacePermission ,
223- actorID string ,
224- policyID string ,
225- resourceName string ,
226- objectID string ,
227- ) (bool , error ) {
228- req := types.VerifyAccessRequestRequest {
229- PolicyId : policyID ,
230- AccessRequest : & types.AccessRequest {
231- Operations : []* types.Operation {
232- {
233- Object : types .NewObject (resourceName , objectID ),
234- Permission : permission .String (),
235- },
236- },
237- Actor : & types.Actor {
238- Id : actorID ,
239- },
240- },
241- }
242- resp , err := a .engine .VerifyAccessRequest (ctx , & req )
243-
30+ func NewAdminACP (pathToStore string ) (AdminACP , error ) {
31+ localACP , err := local .NewLocalACP (pathToStore , localStoreName )
24432 if err != nil {
245- return false , err
33+ return AdminACP {} , err
24634 }
24735
248- return resp . Valid , nil
36+ return AdminACP { LocalACP : localACP } , nil
24937}
25038
25139func (a * AdminACP ) ValidateResourceInterface (
@@ -261,95 +49,3 @@ func (a *AdminACP) ValidateResourceInterface(
26149 a ,
26250 )
26351}
264-
265- func (a * AdminACP ) AddActorRelationship (
266- ctx context.Context ,
267- policyID string ,
268- resourceName string ,
269- objectID string ,
270- relation string ,
271- requester identity.Identity ,
272- targetActor string ,
273- creationTime * protoTypes.Timestamp ,
274- ) (bool , error ) {
275- principal , err := types .NewDIDPrincipal (requester .DID ())
276- if err != nil {
277- return false , acp .NewErrInvalidActorID (err , requester .DID ())
278- }
279-
280- ctx = auth .InjectPrincipal (ctx , principal )
281-
282- var newActorRelationship * types.Relationship
283- if targetActor == "*" {
284- newActorRelationship = types .NewAllActorsRelationship (
285- resourceName ,
286- objectID ,
287- relation ,
288- )
289- } else {
290- newActorRelationship = types .NewActorRelationship (
291- resourceName ,
292- objectID ,
293- relation ,
294- targetActor ,
295- )
296- }
297-
298- setRelationshipRequest := types.SetRelationshipRequest {
299- PolicyId : policyID ,
300- Relationship : newActorRelationship ,
301- }
302-
303- setRelationshipResponse , err := a .engine .SetRelationship (ctx , & setRelationshipRequest )
304- if err != nil {
305- return false , err
306- }
307-
308- return setRelationshipResponse .GetRecordExisted (), nil
309- }
310-
311- func (a * AdminACP ) DeleteActorRelationship (
312- ctx context.Context ,
313- policyID string ,
314- resourceName string ,
315- objectID string ,
316- relation string ,
317- requester identity.Identity ,
318- targetActor string ,
319- creationTime * protoTypes.Timestamp ,
320- ) (bool , error ) {
321- principal , err := types .NewDIDPrincipal (requester .DID ())
322- if err != nil {
323- return false , acp .NewErrInvalidActorID (err , requester .DID ())
324- }
325-
326- ctx = auth .InjectPrincipal (ctx , principal )
327-
328- var newActorRelationship * types.Relationship
329- if targetActor == "*" {
330- newActorRelationship = types .NewAllActorsRelationship (
331- resourceName ,
332- objectID ,
333- relation ,
334- )
335- } else {
336- newActorRelationship = types .NewActorRelationship (
337- resourceName ,
338- objectID ,
339- relation ,
340- targetActor ,
341- )
342- }
343-
344- deleteRelationshipRequest := types.DeleteRelationshipRequest {
345- PolicyId : policyID ,
346- Relationship : newActorRelationship ,
347- }
348-
349- deleteRelationshipResponse , err := a .engine .DeleteRelationship (ctx , & deleteRelationshipRequest )
350- if err != nil {
351- return false , err
352- }
353-
354- return deleteRelationshipResponse .GetRecordFound (), nil
355- }
0 commit comments