feat(iam): support scope storage policy

2 years ago · 1be1636883
parent 7dce1206ab
commit 1be1636883
2 changed files with 107 additions and 0 deletions
--- a/internal/iam/scope.go
+++ b/internal/iam/scope.go
@ -12,6 +12,7 @@ import (
 	"github.com/hashicorp/boundary/internal/db/timestamp"
 	"github.com/hashicorp/boundary/internal/errors"
 	"github.com/hashicorp/boundary/internal/iam/store"
+	"github.com/hashicorp/boundary/internal/oplog"
 	"github.com/hashicorp/boundary/internal/types/action"
 	"github.com/hashicorp/boundary/internal/types/resource"
 	"github.com/hashicorp/boundary/internal/types/scope"
@ -27,6 +28,8 @@ const (
 type Scope struct {
 	*store.Scope

+	StoragePolicyId string `json:"storage_policy_id,omitempty" gorm:"-"`
+
 	// tableName which is used to support overriding the table name in the db
 	// and making the Scope a ReplayableMessage
 	tableName string `gorm:"-"`
@ -105,6 +108,16 @@ func (s *Scope) Clone() any {
 	}
 }

+// Oplog provides the oplog.Metadata for recording operations taken on a Scope.
+func (s *Scope) Oplog(op oplog.OpType) oplog.Metadata {
+	return oplog.Metadata{
+		"resource-public-id": []string{s.PublicId},
+		"resource-type":      []string{"scope"},
+		"op-type":            []string{op.String()},
+		"parent-id":          []string{s.ParentId},
+	}
+}
+
 // VetForWrite implements db.VetForWrite() interface for scopes
 // this function is intended to be callled by a db.Writer (Create and Update) to validate
 // the scope before writing it to the db.
@ -201,6 +214,16 @@ func (s *Scope) GetScope(ctx context.Context, r db.Reader) (*Scope, error) {
 	}
 }

+// GetStoragePolicyId returns the storage policy id attached to the scope
+func (s *Scope) GetStoragePolicyId() string {
+	return s.StoragePolicyId
+}
+
+// SetStoragePolicyId sets the storage policy id
+func (s *Scope) SetStoragePolicyId(v string) {
+	s.StoragePolicyId = v
+}
+
 // TableName returns the tablename to override the default gorm table name
 func (s *Scope) TableName() string {
 	if s.tableName != "" {
--- a/internal/iam/scope_policy_storage_policy.go
+++ b/internal/iam/scope_policy_storage_policy.go
@ -0,0 +1,84 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package iam
+
+import (
+	"context"
+
+	"github.com/hashicorp/boundary/internal/db"
+	"github.com/hashicorp/boundary/internal/errors"
+	"github.com/hashicorp/boundary/internal/iam/store"
+	"github.com/hashicorp/boundary/internal/oplog"
+)
+
+const (
+	defaultScopePolicyStoragePolicyTableName = "scope_policy_storage_policy"
+)
+
+var (
+	_ oplog.ReplayableMessage = (*ScopePolicyStoragePolicy)(nil)
+	_ db.VetForWriter         = (*ScopePolicyStoragePolicy)(nil)
+)
+
+// ScopePolicyStoragePolicy is used to create an hierarchy of "containers" that
+// encompass the scope storage policy of an IAM resource.
+type ScopePolicyStoragePolicy struct {
+	*store.ScopePolicyStoragePolicy
+
+	// tableName which is used to support overriding the table name in the db
+	// and making the Scope a ReplayableMessage
+	tableName string `gorm:"-"`
+}
+
+func (s *ScopePolicyStoragePolicy) GetPublicId() string {
+	return s.GetScopeId()
+}
+
+// TableName returns the tablename to override the default gorm table name
+func (s *ScopePolicyStoragePolicy) TableName() string {
+	if s.tableName != "" {
+		return s.tableName
+	}
+	return defaultScopePolicyStoragePolicyTableName
+}
+
+// Oplog provides the oplog.Metadata for recording operations taken on a ScopePolicyStoragePolicy.
+func (s *ScopePolicyStoragePolicy) Oplog(op oplog.OpType) oplog.Metadata {
+	return oplog.Metadata{
+		"resource-public-id": []string{s.ScopeId},
+		"resource-type":      []string{"scope-policy-storage-policy"},
+		"op-type":            []string{oplog.OpType_OP_TYPE_DELETE.String()},
+	}
+}
+
+// SetTableName sets the tablename and satisfies the ReplayableMessage
+// interface. If the caller attempts to set the name to "" the name will be
+// reset to the default name.
+func (s *ScopePolicyStoragePolicy) SetTableName(n string) {
+	s.tableName = n
+}
+
+// VetForWrite implements db.VetForWrite() interface and validates the tcp target
+// before it's written.
+func (s *ScopePolicyStoragePolicy) VetForWrite(ctx context.Context, _ db.Reader, opType db.OpType, _ ...db.Option) error {
+	const op = "iam.(ScopePolicyStoragePolicy).VetForWrite"
+	if s.ScopeId == "" {
+		return errors.New(ctx, errors.InvalidParameter, op, "missing scope id")
+	}
+	if opType == db.CreateOp {
+		if s.ScopeId == "" {
+			return errors.New(ctx, errors.InvalidParameter, op, "missing scope id")
+		}
+		if s.StoragePolicyId == "" {
+			return errors.New(ctx, errors.InvalidParameter, op, "missing storage policy id")
+		}
+	}
+	return nil
+}
+
+func AllocScopePolicyStoragePolicy() ScopePolicyStoragePolicy {
+	return ScopePolicyStoragePolicy{
+		ScopePolicyStoragePolicy: &store.ScopePolicyStoragePolicy{},
+	}
+}