feat: add relation on pg & spicedb

Makefile

@@ -2,7 +2,7 @@ GOVERSION := $(shell go version | cut -d ' ' -f 3 | cut -d '.' -f 2)
 
 .PHONY: build check fmt lint test test-race vet test-cover-html help install proto
 .DEFAULT_GOAL := build
-PROTON_COMMIT := "1497165f2f48facb3ec6f5c5556ccd44f0a7119f"
+PROTON_COMMIT := "449cade0b780e5c33ba9abcd269b1393ad33b193"
 
 install:
 	@echo "Clean up imports..."

cmd/serve.go

@@ -190,9 +190,12 @@ func buildAPIDependencies(
 	userRepository := postgres.NewUserRepository(dbc)
 	userService := user.NewService(userRepository)
 
+	roleRepository := postgres.NewRoleRepository(dbc)
+	roleService := role.NewService(roleRepository)
+
 	relationPGRepository := postgres.NewRelationRepository(dbc)
 	relationSpiceRepository := spicedb.NewRelationRepository(sdb)
-	relationService := relation.NewService(relationPGRepository, relationSpiceRepository)
+	relationService := relation.NewService(relationPGRepository, relationSpiceRepository, roleService, userService)
 
 	groupRepository := postgres.NewGroupRepository(dbc)
 	groupService := group.NewService(groupRepository, relationService, userService)
@@ -206,9 +209,6 @@ func buildAPIDependencies(
 	policyPGRepository := postgres.NewPolicyRepository(dbc)
 	policyService := policy.NewService(policyPGRepository)
 
-	roleRepository := postgres.NewRoleRepository(dbc)
-	roleService := role.NewService(roleRepository)
-
 	resourcePGRepository := postgres.NewResourceRepository(dbc)
 	resourceService := resource.NewService(
 		resourcePGRepository,

core/group/service.go

@@ -17,7 +17,7 @@ import (
 )
 
 type RelationService interface {
-	Create(ctx context.Context, rel relation.Relation) (relation.Relation, error)
+	Create(ctx context.Context, rel relation.RelationV2) (relation.RelationV2, error)
 	Delete(ctx context.Context, rel relation.Relation) error
 	CheckPermission(ctx context.Context, usr user.User, resourceNS namespace.Namespace, resourceIdxa string, action action.Action) (bool, error)
 }
@@ -264,16 +264,16 @@ func (s Service) RemoveAdmin(ctx context.Context, groupIdOrSlug string, userId s
 
 func (s Service) addTeamToOrg(ctx context.Context, team Group, org organization.Organization) error {
 	orgId := str.DefaultStringIfEmpty(org.ID, team.OrganizationID)
-	rel := relation.Relation{
-		ObjectNamespace:  namespace.DefinitionTeam,
-		ObjectID:         team.ID,
-		SubjectID:        orgId,
-		SubjectNamespace: namespace.DefinitionOrg,
-		Role: role.Role{
-			ID:          namespace.DefinitionOrg.ID,
+	rel := relation.RelationV2{
+		Object: relation.Object{
+			ID:          team.ID,
 			NamespaceID: namespace.DefinitionTeam.ID,
 		},
-		RelationType: relation.RelationTypes.Namespace,
+		Subject: relation.Subject{
+			ID:        orgId,
+			Namespace: namespace.DefinitionOrg.ID,
+			RoleID:    namespace.DefinitionOrg.ID,
+		},
 	}
 
 	_, err := s.relationService.Create(ctx, rel)
@@ -285,8 +285,8 @@ func (s Service) addTeamToOrg(ctx context.Context, team Group, org organization.
 }
 
 func (s Service) addAdminToTeam(ctx context.Context, userID, groupID string) error {
-	rel := s.getTeamAdminRelation(userID, groupID)
-	_, err := s.relationService.Create(ctx, rel)
+	//rel := s.getTeamAdminRelation(userID, groupID)
+	_, err := s.relationService.Create(ctx, relation.RelationV2{})
 	if err != nil {
 		return err
 	}
@@ -295,13 +295,14 @@ func (s Service) addAdminToTeam(ctx context.Context, userID, groupID string) err
 }
 
 func (s Service) addMemberToTeam(ctx context.Context, userID, groupID string) error {
-	rel := relation.Relation{
-		ObjectNamespace:  namespace.DefinitionTeam,
-		ObjectID:         groupID,
-		SubjectID:        userID,
-		SubjectNamespace: namespace.DefinitionUser,
-		Role: role.Role{
-			ID:          role.DefinitionTeamMember.ID,
+	rel := relation.RelationV2{
+		Subject: relation.Subject{
+			ID:        userID,
+			Namespace: namespace.DefinitionUser.ID,
+			RoleID:    role.DefinitionTeamMember.ID,
+		},
+		Object: relation.Object{
+			ID:          groupID,
 			NamespaceID: namespace.DefinitionTeam.ID,
 		},
 	}

core/organization/service.go

@@ -14,7 +14,7 @@ import (
 )
 
 type RelationService interface {
-	Create(ctx context.Context, rel relation.Relation) (relation.Relation, error)
+	Create(ctx context.Context, rel relation.RelationV2) (relation.RelationV2, error)
 	Delete(ctx context.Context, rel relation.Relation) error
 	CheckPermission(ctx context.Context, usr user.User, resourceNS namespace.Namespace, resourceIdxa string, action action.Action) (bool, error)
 }
@@ -182,16 +182,18 @@ func (s Service) removeAdminFromOrg(ctx context.Context, user user.User, org Org
 }
 
 func (s Service) addAdminToOrg(ctx context.Context, user user.User, org Organization) error {
-	rel := relation.Relation{
-		ObjectNamespace:  namespace.DefinitionOrg,
-		ObjectID:         org.ID,
-		SubjectID:        user.ID,
-		SubjectNamespace: namespace.DefinitionUser,
-		Role: role.Role{
-			ID:          role.DefinitionOrganizationAdmin.ID,
+	rel := relation.RelationV2{
+		Object: relation.Object{
+			ID:          org.ID,
 			NamespaceID: namespace.DefinitionOrg.ID,
 		},
+		Subject: relation.Subject{
+			ID:        user.ID,
+			Namespace: namespace.DefinitionUser.ID,
+			RoleID:    role.DefinitionOrganizationAdmin.ID,
+		},
 	}
+
 	if _, err := s.relationService.Create(ctx, rel); err != nil {
 		return err
 	}

core/project/service.go

@@ -15,7 +15,7 @@ import (
 )
 
 type RelationService interface {
-	Create(ctx context.Context, rel relation.Relation) (relation.Relation, error)
+	Create(ctx context.Context, rel relation.RelationV2) (relation.RelationV2, error)
 	Delete(ctx context.Context, rel relation.Relation) error
 	CheckPermission(ctx context.Context, usr user.User, resourceNS namespace.Namespace, resourceIdxa string, action action.Action) (bool, error)
 }
@@ -163,13 +163,14 @@ func (s Service) RemoveAdmin(ctx context.Context, idOrSlug string, userId string
 }
 
 func (s Service) addAdminToProject(ctx context.Context, usr user.User, prj Project) error {
-	rel := relation.Relation{
-		ObjectNamespace:  namespace.DefinitionProject,
-		ObjectID:         prj.ID,
-		SubjectID:        usr.ID,
-		SubjectNamespace: namespace.DefinitionUser,
-		Role: role.Role{
-			ID:          role.DefinitionProjectAdmin.ID,
+	rel := relation.RelationV2{
+		Subject: relation.Subject{
+			ID:        usr.ID,
+			Namespace: namespace.DefinitionUser.ID,
+			RoleID:    role.DefinitionProjectAdmin.ID,
+		},
+		Object: relation.Object{
+			ID:          prj.ID,
 			NamespaceID: namespace.DefinitionProject.ID,
 		},
 	}
@@ -195,16 +196,16 @@ func (s Service) removeAdminFromProject(ctx context.Context, usr user.User, prj
 }
 
 func (s Service) addProjectToOrg(ctx context.Context, prj Project, org organization.Organization) error {
-	rel := relation.Relation{
-		ObjectNamespace:  namespace.DefinitionProject,
-		ObjectID:         prj.ID,
-		SubjectID:        org.ID,
-		SubjectNamespace: namespace.DefinitionOrg,
-		Role: role.Role{
-			ID:          namespace.DefinitionOrg.ID,
+	rel := relation.RelationV2{
+		Object: relation.Object{
+			ID:          prj.ID,
 			NamespaceID: namespace.DefinitionProject.ID,
 		},
-		RelationType: relation.RelationTypes.Namespace,
+		Subject: relation.Subject{
+			ID:        org.ID,
+			Namespace: namespace.DefinitionOrg.ID,
+			RoleID:    namespace.DefinitionOrg.ID,
+		},
 	}
 
 	if _, err := s.relationService.Create(ctx, rel); err != nil {

core/relation/errors.go

@@ -3,9 +3,12 @@ package relation
 import "errors"
 
 var (
-	ErrNotExist      = errors.New("relation doesn't exist")
-	ErrInvalidUUID   = errors.New("invalid syntax of uuid")
-	ErrInvalidID     = errors.New("relation id is invalid")
-	ErrConflict      = errors.New("relation already exist")
-	ErrInvalidDetail = errors.New("invalid relation detail")
+	ErrNotExist                      = errors.New("relation doesn't exist")
+	ErrInvalidUUID                   = errors.New("invalid syntax of uuid")
+	ErrInvalidID                     = errors.New("relation id is invalid")
+	ErrConflict                      = errors.New("relation already exist")
+	ErrInvalidDetail                 = errors.New("invalid relation detail")
+	ErrCreatingRelationInStore       = errors.New("error while creating relation")
+	ErrCreatingRelationInAuthzEngine = errors.New("error while creating relation")
+	ErrFetchingUser                  = errors.New("error while fetching user")
 )

core/relation/relation.go

@@ -7,14 +7,14 @@ import (
 	"github.com/odpf/shield/core/action"
 	"github.com/odpf/shield/core/namespace"
 	"github.com/odpf/shield/core/role"
+	"github.com/odpf/shield/core/user"
 )
 
 type Repository interface {
-	Get(ctx context.Context, id string) (Relation, error)
-	Create(ctx context.Context, relation Relation) (Relation, error)
-	List(ctx context.Context) ([]Relation, error)
+	Get(ctx context.Context, id string) (RelationV2, error)
+	Create(ctx context.Context, relation RelationV2) (RelationV2, error)
+	List(ctx context.Context) ([]RelationV2, error)
 	Update(ctx context.Context, toUpdate Relation) (Relation, error)
-	GetByFields(ctx context.Context, relation Relation) (Relation, error)
 	DeleteByID(ctx context.Context, id string) error
 }
 
@@ -23,6 +23,15 @@ type AuthzRepository interface {
 	Check(ctx context.Context, rel Relation, act action.Action) (bool, error)
 	Delete(ctx context.Context, rel Relation) error
 	DeleteSubjectRelations(ctx context.Context, resourceType, optionalResourceID string) error
+	AddV2(ctx context.Context, rel RelationV2) error
+}
+
+type RoleService interface {
+	Get(ctx context.Context, id string) (role.Role, error)
+}
+
+type UserService interface {
+	GetByEmail(ctx context.Context, email string) (user.User, error)
 }
 
 type Relation struct {
@@ -41,6 +50,25 @@ type Relation struct {
 	UpdatedAt          time.Time
 }
 
+type Object struct {
+	ID          string
+	NamespaceID string
+}
+
+type Subject struct {
+	ID        string
+	Namespace string
+	RoleID    string
+}
+
+type RelationV2 struct {
+	ID        string
+	Object    Object
+	Subject   Subject
+	CreatedAt time.Time
+	UpdatedAt time.Time
+}
+
 type RelationType string
 
 var RelationTypes = struct {