diff --git a/Makefile b/Makefile index 8bb69acad1..1b92557d73 100644 --- a/Makefile +++ b/Makefile @@ -169,6 +169,8 @@ protobuild: @protoc-go-inject-tag -input=./internal/gen/controller/api/services/authtokens_service.pb.go @protoc-go-inject-tag -input=./sdk/pbs/controller/api/resources/managedgroups/managed_group.pb.go @protoc-go-inject-tag -input=./internal/gen/controller/api/services/managed_group_service.pb.go + @protoc-go-inject-tag -input=./sdk/pbs/controller/api/resources/groups/group.pb.go + @protoc-go-inject-tag -input=./internal/gen/controller/api/services/group_service.pb.go # these protos, services and openapi artifacts are purely for testing purposes @protoc-go-inject-tag -input=./internal/gen/testing/event/event.pb.go diff --git a/internal/gen/controller/api/services/group_service.pb.go b/internal/gen/controller/api/services/group_service.pb.go index 2967b7dec4..8ae4170c19 100644 --- a/internal/gen/controller/api/services/group_service.pb.go +++ b/internal/gen/controller/api/services/group_service.pb.go @@ -29,7 +29,7 @@ type GetGroupRequest struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` + Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty" class:"public"` // @gotags: `class:"public"` } func (x *GetGroupRequest) Reset() { @@ -123,9 +123,9 @@ type ListGroupsRequest struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - ScopeId string `protobuf:"bytes,1,opt,name=scope_id,proto3" json:"scope_id,omitempty"` - Recursive bool `protobuf:"varint,20,opt,name=recursive,proto3" json:"recursive,omitempty"` - Filter string `protobuf:"bytes,30,opt,name=filter,proto3" json:"filter,omitempty"` + ScopeId string `protobuf:"bytes,1,opt,name=scope_id,proto3" json:"scope_id,omitempty" class:"public"` // @gotags: `class:"public"` + Recursive bool `protobuf:"varint,20,opt,name=recursive,proto3" json:"recursive,omitempty" class:"public"` // @gotags: `class:"public"` + Filter string `protobuf:"bytes,30,opt,name=filter,proto3" json:"filter,omitempty" class:"public"` // @gotags: `class:"public"` } func (x *ListGroupsRequest) Reset() { @@ -280,7 +280,7 @@ type CreateGroupResponse struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Uri string `protobuf:"bytes,1,opt,name=uri,proto3" json:"uri,omitempty"` + Uri string `protobuf:"bytes,1,opt,name=uri,proto3" json:"uri,omitempty" class:"public"` // @gotags: `class:"public"` Item *groups.Group `protobuf:"bytes,2,opt,name=item,proto3" json:"item,omitempty"` } @@ -335,7 +335,7 @@ type UpdateGroupRequest struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` + Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty" class:"public"` // @gotags: `class:"public"` Item *groups.Group `protobuf:"bytes,2,opt,name=item,proto3" json:"item,omitempty"` UpdateMask *fieldmaskpb.FieldMask `protobuf:"bytes,3,opt,name=update_mask,proto3" json:"update_mask,omitempty"` } @@ -445,7 +445,7 @@ type DeleteGroupRequest struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` + Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty" class:"public"` // @gotags: `class:"public"` } func (x *DeleteGroupRequest) Reset() { @@ -530,11 +530,11 @@ type AddGroupMembersRequest struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` + Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty" class:"public"` // @gotags: `class:"public"` // Version is used to ensure this resource has not changed. // The mutation will fail if the version does not match the latest known good version. - Version uint32 `protobuf:"varint,2,opt,name=version,proto3" json:"version,omitempty"` - MemberIds []string `protobuf:"bytes,3,rep,name=member_ids,proto3" json:"member_ids,omitempty"` + Version uint32 `protobuf:"varint,2,opt,name=version,proto3" json:"version,omitempty" class:"public"` // @gotags: `class:"public"` + MemberIds []string `protobuf:"bytes,3,rep,name=member_ids,proto3" json:"member_ids,omitempty" class:"public"` // @gotags: `class:"public"` } func (x *AddGroupMembersRequest) Reset() { @@ -642,11 +642,11 @@ type SetGroupMembersRequest struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` + Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty" class:"public"` // @gotags: `class:"public"` // Version is used to ensure this resource has not changed. // The mutation will fail if the version does not match the latest known good version. - Version uint32 `protobuf:"varint,2,opt,name=version,proto3" json:"version,omitempty"` - MemberIds []string `protobuf:"bytes,3,rep,name=member_ids,proto3" json:"member_ids,omitempty"` + Version uint32 `protobuf:"varint,2,opt,name=version,proto3" json:"version,omitempty" class:"public"` // @gotags: `class:"public"` + MemberIds []string `protobuf:"bytes,3,rep,name=member_ids,proto3" json:"member_ids,omitempty" class:"public"` // @gotags: `class:"public"` } func (x *SetGroupMembersRequest) Reset() { @@ -754,11 +754,11 @@ type RemoveGroupMembersRequest struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` + Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty" class:"public"` // @gotags: `class:"public"` // Version is used to ensure this resource has not changed. // The mutation will fail if the version does not match the latest known good version. - Version uint32 `protobuf:"varint,2,opt,name=version,proto3" json:"version,omitempty"` - MemberIds []string `protobuf:"bytes,3,rep,name=member_ids,proto3" json:"member_ids,omitempty"` + Version uint32 `protobuf:"varint,2,opt,name=version,proto3" json:"version,omitempty" class:"public"` // @gotags: `class:"public"` + MemberIds []string `protobuf:"bytes,3,rep,name=member_ids,proto3" json:"member_ids,omitempty" class:"public"` // @gotags: `class:"public"` } func (x *RemoveGroupMembersRequest) Reset() { diff --git a/internal/proto/controller/api/resources/groups/v1/group.proto b/internal/proto/controller/api/resources/groups/v1/group.proto index dbedd7ad7a..4dddd5313f 100644 --- a/internal/proto/controller/api/resources/groups/v1/group.proto +++ b/internal/proto/controller/api/resources/groups/v1/group.proto @@ -11,45 +11,45 @@ import "controller/custom_options/v1/options.proto"; message Member { // Output only. The ID of the member. - string id = 10; + string id = 10; // @gotags: `class:"public"` // Output only. The Scope ID of the member. - string scope_id = 20 [json_name="scope_id"]; + string scope_id = 20 [json_name="scope_id"]; // @gotags: `class:"public"` } // Group contains all fields related to a Group resource message Group { // Output only. The ID of the Group. - string id = 10; + string id = 10; // @gotags: `class:"public"` // The ID of the scope of which this Group is a part. - string scope_id = 20 [json_name="scope_id"]; + string scope_id = 20 [json_name="scope_id"]; // @gotags: `class:"public"` // Output only. Scope information for this Group. resources.scopes.v1.ScopeInfo scope = 30; // Optional name for identification purposes. - google.protobuf.StringValue name = 40 [(custom_options.v1.generate_sdk_option) = true, (custom_options.v1.mask_mapping) = {this:"name" that: "name"}]; + google.protobuf.StringValue name = 40 [(custom_options.v1.generate_sdk_option) = true, (custom_options.v1.mask_mapping) = {this:"name" that: "name"}]; // @gotags: `class:"public"` // Optional user-set descripton for identification purposes. - google.protobuf.StringValue description = 50 [(custom_options.v1.generate_sdk_option) = true, (custom_options.v1.mask_mapping) = {this:"description" that: "description"}]; + google.protobuf.StringValue description = 50 [(custom_options.v1.generate_sdk_option) = true, (custom_options.v1.mask_mapping) = {this:"description" that: "description"}]; // @gotags: `class:"public"` // Output only. The time this resource was created. - google.protobuf.Timestamp created_time = 60 [json_name="created_time"]; + google.protobuf.Timestamp created_time = 60 [json_name="created_time"]; // @gotags: `class:"public"` // Output only. The time this resource was last updated. - google.protobuf.Timestamp updated_time = 70 [json_name="updated_time"]; + google.protobuf.Timestamp updated_time = 70 [json_name="updated_time"]; // @gotags: `class:"public"` // Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. // The mutation will fail if the version does not match the latest known good version. - uint32 version = 80; + uint32 version = 80; // @gotags: `class:"public"` // Output only. Contains the list of member IDs in this Group. - repeated string member_ids = 90 [json_name="member_ids"]; + repeated string member_ids = 90 [json_name="member_ids"]; // @gotags: `class:"public"` // Output only. The members of this Group. repeated Member members = 100; // Output only. The available actions on this resource for this user. - repeated string authorized_actions = 300 [json_name="authorized_actions"]; + repeated string authorized_actions = 300 [json_name="authorized_actions"]; // @gotags: `class:"public"` } diff --git a/internal/proto/controller/api/services/v1/group_service.proto b/internal/proto/controller/api/services/v1/group_service.proto index 290dc60f29..c75bcb0675 100644 --- a/internal/proto/controller/api/services/v1/group_service.proto +++ b/internal/proto/controller/api/services/v1/group_service.proto @@ -131,7 +131,7 @@ service GroupService { } message GetGroupRequest { - string id = 1; + string id = 1; // @gotags: `class:"public"` } message GetGroupResponse { @@ -139,9 +139,9 @@ message GetGroupResponse { } message ListGroupsRequest { - string scope_id = 1 [json_name="scope_id"]; - bool recursive = 20 [json_name="recursive"]; - string filter = 30 [json_name="filter"]; + string scope_id = 1 [json_name="scope_id"]; // @gotags: `class:"public"` + bool recursive = 20 [json_name="recursive"]; // @gotags: `class:"public"` + string filter = 30 [json_name="filter"]; // @gotags: `class:"public"` } message ListGroupsResponse { @@ -153,12 +153,12 @@ message CreateGroupRequest { } message CreateGroupResponse { - string uri = 1; + string uri = 1; // @gotags: `class:"public"` resources.groups.v1.Group item = 2; } message UpdateGroupRequest { - string id = 1; + string id = 1; // @gotags: `class:"public"` resources.groups.v1.Group item = 2; google.protobuf.FieldMask update_mask = 3 [json_name="update_mask"]; } @@ -168,17 +168,17 @@ message UpdateGroupResponse { } message DeleteGroupRequest { - string id = 1; + string id = 1; // @gotags: `class:"public"` } message DeleteGroupResponse {} message AddGroupMembersRequest { - string id = 1; + string id = 1; // @gotags: `class:"public"` // Version is used to ensure this resource has not changed. // The mutation will fail if the version does not match the latest known good version. - uint32 version = 2; - repeated string member_ids = 3 [json_name="member_ids"]; + uint32 version = 2; // @gotags: `class:"public"` + repeated string member_ids = 3 [json_name="member_ids"]; // @gotags: `class:"public"` } message AddGroupMembersResponse { @@ -186,11 +186,11 @@ message AddGroupMembersResponse { } message SetGroupMembersRequest { - string id = 1; + string id = 1; // @gotags: `class:"public"` // Version is used to ensure this resource has not changed. // The mutation will fail if the version does not match the latest known good version. - uint32 version = 2; - repeated string member_ids = 3 [json_name="member_ids"]; + uint32 version = 2; // @gotags: `class:"public"` + repeated string member_ids = 3 [json_name="member_ids"]; // @gotags: `class:"public"` } message SetGroupMembersResponse { @@ -198,11 +198,11 @@ message SetGroupMembersResponse { } message RemoveGroupMembersRequest { - string id = 1; + string id = 1; // @gotags: `class:"public"` // Version is used to ensure this resource has not changed. // The mutation will fail if the version does not match the latest known good version. - uint32 version = 2; - repeated string member_ids = 3 [json_name="member_ids"]; + uint32 version = 2; // @gotags: `class:"public"` + repeated string member_ids = 3 [json_name="member_ids"]; // @gotags: `class:"public"` } message RemoveGroupMembersResponse { diff --git a/internal/tests/api/groups/classification_test.go b/internal/tests/api/groups/classification_test.go new file mode 100644 index 0000000000..f705f0bb8c --- /dev/null +++ b/internal/tests/api/groups/classification_test.go @@ -0,0 +1,113 @@ +package groups_test + +import ( + "context" + "encoding/json" + "testing" + "time" + + "github.com/hashicorp/boundary/sdk/pbs/controller/api" + pb "github.com/hashicorp/boundary/sdk/pbs/controller/api/resources/groups" + "github.com/hashicorp/boundary/sdk/pbs/controller/api/resources/scopes" + "github.com/hashicorp/boundary/sdk/wrapper" + "github.com/hashicorp/eventlogger" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "google.golang.org/protobuf/types/known/timestamppb" + "google.golang.org/protobuf/types/known/wrapperspb" +) + +func TestGroupsClassification(t *testing.T) { + ctx := context.Background() + now := time.Now() + pbNow := timestamppb.Now() + wrapper := wrapper.TestWrapper(t) + testEncryptingFilter := api.NewEncryptFilter(t, wrapper) + + cases := []struct { + name string + in *eventlogger.Event + want *eventlogger.Event + }{ + { + name: "validate-group-filtering", + in: &eventlogger.Event{ + Type: "test", + CreatedAt: now, + Payload: &pb.Group{ + Id: "id", + ScopeId: "scope-id", + Scope: &scopes.ScopeInfo{ + Id: "id", + Type: "type", + Name: "name", + Description: "description", + ParentScopeId: "parent-scope-id", + }, + Name: &wrapperspb.StringValue{Value: "name"}, + Description: &wrapperspb.StringValue{Value: "description"}, + CreatedTime: pbNow, + UpdatedTime: pbNow, + Version: 1, + MemberIds: []string{"member-id"}, + Members: []*pb.Member{ + { + Id: "member-id", + ScopeId: "scope-id", + }, + }, + AuthorizedActions: []string{ + "action-1", + "action-2", + }, + }, + }, + want: &eventlogger.Event{ + Type: "test", + CreatedAt: now, + Payload: &pb.Group{ + Id: "id", + ScopeId: "scope-id", + Scope: &scopes.ScopeInfo{ + Id: "id", + Type: "type", + Name: "name", + Description: "description", + ParentScopeId: "parent-scope-id", + }, + Name: &wrapperspb.StringValue{Value: "name"}, + Description: &wrapperspb.StringValue{Value: "description"}, + CreatedTime: pbNow, + UpdatedTime: pbNow, + Version: 1, + MemberIds: []string{"member-id"}, + Members: []*pb.Member{ + { + Id: "member-id", + ScopeId: "scope-id", + }, + }, + AuthorizedActions: []string{ + "action-1", + "action-2", + }, + }, + }, + }, + } + + for _, tc := range cases { + t.Run(tc.name, func(t *testing.T) { + assert, require := assert.New(t), require.New(t) + got, err := testEncryptingFilter.Process(ctx, tc.in) + require.NoError(err) + require.NotNil(got) + gotJSON, err := json.Marshal(got) + require.NoError(err) + + wantJSON, err := json.Marshal(tc.want) + require.NoError(err) + assert.JSONEq(string(wantJSON), string(gotJSON)) + }) + } +} diff --git a/sdk/pbs/controller/api/resources/groups/group.pb.go b/sdk/pbs/controller/api/resources/groups/group.pb.go index 0b1510df39..4ff81e1a72 100644 --- a/sdk/pbs/controller/api/resources/groups/group.pb.go +++ b/sdk/pbs/controller/api/resources/groups/group.pb.go @@ -30,9 +30,9 @@ type Member struct { unknownFields protoimpl.UnknownFields // Output only. The ID of the member. - Id string `protobuf:"bytes,10,opt,name=id,proto3" json:"id,omitempty"` + Id string `protobuf:"bytes,10,opt,name=id,proto3" json:"id,omitempty" class:"public"` // @gotags: `class:"public"` // Output only. The Scope ID of the member. - ScopeId string `protobuf:"bytes,20,opt,name=scope_id,proto3" json:"scope_id,omitempty"` + ScopeId string `protobuf:"bytes,20,opt,name=scope_id,proto3" json:"scope_id,omitempty" class:"public"` // @gotags: `class:"public"` } func (x *Member) Reset() { @@ -88,28 +88,28 @@ type Group struct { unknownFields protoimpl.UnknownFields // Output only. The ID of the Group. - Id string `protobuf:"bytes,10,opt,name=id,proto3" json:"id,omitempty"` + Id string `protobuf:"bytes,10,opt,name=id,proto3" json:"id,omitempty" class:"public"` // @gotags: `class:"public"` // The ID of the scope of which this Group is a part. - ScopeId string `protobuf:"bytes,20,opt,name=scope_id,proto3" json:"scope_id,omitempty"` + ScopeId string `protobuf:"bytes,20,opt,name=scope_id,proto3" json:"scope_id,omitempty" class:"public"` // @gotags: `class:"public"` // Output only. Scope information for this Group. Scope *scopes.ScopeInfo `protobuf:"bytes,30,opt,name=scope,proto3" json:"scope,omitempty"` // Optional name for identification purposes. - Name *wrapperspb.StringValue `protobuf:"bytes,40,opt,name=name,proto3" json:"name,omitempty"` + Name *wrapperspb.StringValue `protobuf:"bytes,40,opt,name=name,proto3" json:"name,omitempty" class:"public"` // @gotags: `class:"public"` // Optional user-set descripton for identification purposes. - Description *wrapperspb.StringValue `protobuf:"bytes,50,opt,name=description,proto3" json:"description,omitempty"` + Description *wrapperspb.StringValue `protobuf:"bytes,50,opt,name=description,proto3" json:"description,omitempty" class:"public"` // @gotags: `class:"public"` // Output only. The time this resource was created. - CreatedTime *timestamppb.Timestamp `protobuf:"bytes,60,opt,name=created_time,proto3" json:"created_time,omitempty"` + CreatedTime *timestamppb.Timestamp `protobuf:"bytes,60,opt,name=created_time,proto3" json:"created_time,omitempty" class:"public"` // @gotags: `class:"public"` // Output only. The time this resource was last updated. - UpdatedTime *timestamppb.Timestamp `protobuf:"bytes,70,opt,name=updated_time,proto3" json:"updated_time,omitempty"` + UpdatedTime *timestamppb.Timestamp `protobuf:"bytes,70,opt,name=updated_time,proto3" json:"updated_time,omitempty" class:"public"` // @gotags: `class:"public"` // Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. // The mutation will fail if the version does not match the latest known good version. - Version uint32 `protobuf:"varint,80,opt,name=version,proto3" json:"version,omitempty"` + Version uint32 `protobuf:"varint,80,opt,name=version,proto3" json:"version,omitempty" class:"public"` // @gotags: `class:"public"` // Output only. Contains the list of member IDs in this Group. - MemberIds []string `protobuf:"bytes,90,rep,name=member_ids,proto3" json:"member_ids,omitempty"` + MemberIds []string `protobuf:"bytes,90,rep,name=member_ids,proto3" json:"member_ids,omitempty" class:"public"` // @gotags: `class:"public"` // Output only. The members of this Group. Members []*Member `protobuf:"bytes,100,rep,name=members,proto3" json:"members,omitempty"` // Output only. The available actions on this resource for this user. - AuthorizedActions []string `protobuf:"bytes,300,rep,name=authorized_actions,proto3" json:"authorized_actions,omitempty"` + AuthorizedActions []string `protobuf:"bytes,300,rep,name=authorized_actions,proto3" json:"authorized_actions,omitempty" class:"public"` // @gotags: `class:"public"` } func (x *Group) Reset() {