Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tuple queries with UUID #1335

Merged
merged 4 commits into from
Sep 2, 2024
Merged

Tuple queries with UUID #1335

merged 4 commits into from
Sep 2, 2024

Conversation

kian99
Copy link
Contributor

@kian99 kian99 commented Sep 2, 2024
edited
Loading

Description

This PR does two things,

  • Allows tuples to be queried by UUID without making a database call.
  • Refactors the tag resolver to be simpler.

The first change was necessary when working on the Juju Terraform Provider because as part of testing that access has been removed, we have a test function that checks that tearing down the plan, a user has no access to a resource. But currently in JIMM if that resource doesn't exist the request will fail. But if the user is querying with a UUID there is no need to make a call to the database.

The second change was motivated by the idea that we were accepting a user input, decomposing that input into multiple components like "model name", "model owner", etc. Then recombining those fields. Instead, just pass the user input after extracting the relevant bits. This also simplifies our jujuURIMatcher regex. The tests were also simplified.

Partially addresses CSS-6347

Engineering checklist

Check only items that apply

  • Documentation updated
  • Covered by unit tests
  • Covered by integration tests

Notes for code reviewers

I suggest reviewing this PR by each commit individually to see the changes more clearly.

@kian99 kian99 requested a review from a team as a code owner September 2, 2024 06:56
@kian99
tweak how tags are resolved
5555733 
- allow resolving tags without hitting the db if a UUID is specified
@kian99
simplify matcher and tests
5002ccc
@kian99 kian99 force-pushed the tuple-queries-with-uuid branch from d2f3ad6 to 5002ccc Compare September 2, 2024 06:57
@kian99
fix tests
c0fd677 
- Additionally cleaned up duplicated logic in ToJAASTag()
ale8k
ale8k reviewed Sep 2, 2024
View reviewed changes
internal/jimm/access.go
if tag.Relation.String() != "" {
res += "#" + tag.Relation.String()
}
return res
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

user-id#? What is this doing? I forget id vs tag.Relation.String

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's converting from the OpenFGA tag to a string. Lower down you'll see we had this logic duplicated for each resource type so I just captured it here.

ale8k
ale8k reviewed Sep 2, 2024
View reviewed changes
internal/jimm/access.go
// [8] - A single ".", ignored
// [9] - Application offer name
// [10] - Relation specifier (i.e., #member)
// [2] - trailer (i.e. resource identifier)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We give example #member below, an identifier example would be good - like controller/model? I think that's this right?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure I follow, regarding usersets or the #<field> notation, we only have #member currently.

ale8k
ale8k approved these changes Sep 2, 2024
View reviewed changes
Copy link
Contributor

@ale8k ale8k left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, still bit lost on some bits but I trust it's ok

internal/jimm/access.go
// [9] - Application offer name
// [10] - Relation specifier (i.e., #member)
// [2] - trailer (i.e. resource identifier)
// [3] - Relation specifier (i.e., #member)
// A complete matcher example would look like so with square-brackets denoting groups and paranthsis denoting index:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Parenthesis? Spelling error here aha

alesstimec
alesstimec approved these changes Sep 2, 2024
View reviewed changes
Copy link
Collaborator

@alesstimec alesstimec left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@kian99 kian99 merged commit 9cc7983 into canonical:v3 Sep 2, 2024
4 checks passed
kian99 added a commit to kian99/jimm that referenced this pull request Sep 3, 2024
@kian99
Tuple queries with UUID (canonical#1335)
11a141f 
* tweak how tags are resolved

- allow resolving tags without hitting the db if a UUID is specified

* simplify matcher and tests

* fix tests

- Additionally cleaned up duplicated logic in ToJAASTag()

* improve error message
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ale8k ale8k ale8k approved these changes

@alesstimec alesstimec alesstimec approved these changes

@pkulik0 pkulik0 Awaiting requested review from pkulik0

@SimoneDutto SimoneDutto Awaiting requested review from SimoneDutto

@babakks babakks Awaiting requested review from babakks

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kian99 @alesstimec @ale8k