mirror of https://github.com/hashicorp/boundary
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
288 lines
12 KiB
288 lines
12 KiB
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: BUSL-1.1
|
|
|
|
package iam
|
|
|
|
import (
|
|
"context"
|
|
"time"
|
|
|
|
"github.com/hashicorp/boundary/globals"
|
|
"github.com/hashicorp/boundary/internal/errors"
|
|
"github.com/hashicorp/boundary/internal/listtoken"
|
|
"github.com/hashicorp/boundary/internal/pagination"
|
|
"github.com/hashicorp/boundary/internal/types/resource"
|
|
)
|
|
|
|
// ListRolesRefreshPage lists up to page size roles, filtering out entries that
|
|
// do not pass the filter item function. It will automatically request
|
|
// more roles from the database, at page size chunks, to fill the page.
|
|
// It will start its paging based on the information in the token.
|
|
// It returns a new list token used to continue pagination or refresh items.
|
|
// Roles are ordered by update time descending (most recently updated first).
|
|
// Roles may contain items that were already returned during the initial
|
|
// pagination phase. It also returns a list of any roles deleted since the
|
|
// last response.
|
|
func ListRolesRefreshPage(
|
|
ctx context.Context,
|
|
grantsHash []byte,
|
|
pageSize int,
|
|
filterItemFn pagination.ListFilterFunc[*Role],
|
|
tok *listtoken.Token,
|
|
repo *Repository,
|
|
withScopeIds []string,
|
|
) (*pagination.ListResponse[*Role], error) {
|
|
const op = "iam.ListRolesRefreshPage"
|
|
|
|
switch {
|
|
case len(grantsHash) == 0:
|
|
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing grants hash")
|
|
case pageSize < 1:
|
|
return nil, errors.New(ctx, errors.InvalidParameter, op, "page size must be at least 1")
|
|
case filterItemFn == nil:
|
|
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing filter item callback")
|
|
case tok == nil:
|
|
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing token")
|
|
case repo == nil:
|
|
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing repo")
|
|
case len(withScopeIds) == 0:
|
|
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing scope ids")
|
|
case tok.ResourceType != resource.Role:
|
|
return nil, errors.New(ctx, errors.InvalidParameter, op, "token did not have a role resource type")
|
|
}
|
|
rt, ok := tok.Subtype.(*listtoken.RefreshToken)
|
|
if !ok {
|
|
return nil, errors.New(ctx, errors.InvalidParameter, op, "token did not have a refresh token component")
|
|
}
|
|
|
|
listItemsFn := func(ctx context.Context, lastPageItem *Role, limit int) ([]*Role, time.Time, error) {
|
|
opts := []Option{
|
|
WithLimit(limit),
|
|
}
|
|
if lastPageItem != nil {
|
|
opts = append(opts, WithStartPageAfterItem(lastPageItem))
|
|
} else {
|
|
lastItem, err := tok.LastItem(ctx)
|
|
if err != nil {
|
|
return nil, time.Time{}, err
|
|
}
|
|
opts = append(opts, WithStartPageAfterItem(lastItem))
|
|
}
|
|
// Add the database read timeout to account for any creations missed due to concurrent
|
|
// transactions in the original list pagination phase.
|
|
return repo.listRolesRefresh(ctx, rt.PhaseLowerBound.Add(-globals.RefreshReadLookbackDuration), withScopeIds, opts...)
|
|
}
|
|
|
|
listDeletedIdsFn := func(ctx context.Context, since time.Time) ([]string, time.Time, error) {
|
|
// Add the database read timeout to account for any deletes missed due to concurrent
|
|
// transactions in the original list pagination phase.
|
|
return repo.listRoleDeletedIds(ctx, since.Add(-globals.RefreshReadLookbackDuration))
|
|
}
|
|
|
|
return pagination.ListRefreshPage(ctx, grantsHash, pageSize, filterItemFn, listItemsFn, repo.estimatedRoleCount, listDeletedIdsFn, tok)
|
|
}
|
|
|
|
// ListUsersRefreshPage lists up to page size users, filtering out entries that
|
|
// do not pass the filter item function. It will automatically request
|
|
// more users from the database, at page size chunks, to fill the page.
|
|
// It will start its paging based on the information in the token.
|
|
// It returns a new list token used to continue pagination or refresh items.
|
|
// Users are ordered by update time descending (most recently updated first).
|
|
// Users may contain items that were already returned during the initial
|
|
// pagination phase. It also returns a list of any users deleted since the
|
|
// last response.
|
|
func ListUsersRefreshPage(
|
|
ctx context.Context,
|
|
grantsHash []byte,
|
|
pageSize int,
|
|
filterItemFn pagination.ListFilterFunc[*User],
|
|
tok *listtoken.Token,
|
|
repo *Repository,
|
|
withScopeIds []string,
|
|
) (*pagination.ListResponse[*User], error) {
|
|
const op = "iam.ListUsersRefreshPage"
|
|
|
|
switch {
|
|
case len(grantsHash) == 0:
|
|
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing grants hash")
|
|
case pageSize < 1:
|
|
return nil, errors.New(ctx, errors.InvalidParameter, op, "page size must be at least 1")
|
|
case filterItemFn == nil:
|
|
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing filter item callback")
|
|
case tok == nil:
|
|
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing token")
|
|
case repo == nil:
|
|
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing repo")
|
|
case withScopeIds == nil:
|
|
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing scope ids")
|
|
case tok.ResourceType != resource.User:
|
|
return nil, errors.New(ctx, errors.InvalidParameter, op, "token did not have a user resource type")
|
|
}
|
|
rt, ok := tok.Subtype.(*listtoken.RefreshToken)
|
|
if !ok {
|
|
return nil, errors.New(ctx, errors.InvalidParameter, op, "token did not have a refresh token component")
|
|
}
|
|
|
|
listItemsFn := func(ctx context.Context, lastPageItem *User, limit int) ([]*User, time.Time, error) {
|
|
opts := []Option{
|
|
WithLimit(limit),
|
|
}
|
|
if lastPageItem != nil {
|
|
opts = append(opts, WithStartPageAfterItem(lastPageItem))
|
|
} else {
|
|
lastItem, err := tok.LastItem(ctx)
|
|
if err != nil {
|
|
return nil, time.Time{}, err
|
|
}
|
|
opts = append(opts, WithStartPageAfterItem(lastItem))
|
|
}
|
|
// Add the database read timeout to account for any creations missed due to concurrent
|
|
// transactions in the original list pagination phase.
|
|
return repo.listUsersRefresh(ctx, rt.PhaseLowerBound.Add(-globals.RefreshReadLookbackDuration), withScopeIds, opts...)
|
|
}
|
|
|
|
listDeletedIdsFn := func(ctx context.Context, since time.Time) ([]string, time.Time, error) {
|
|
// Add the database read timeout to account for any deletes missed due to concurrent
|
|
// transactions in the original list pagination phase.
|
|
return repo.listUserDeletedIds(ctx, since.Add(-globals.RefreshReadLookbackDuration))
|
|
}
|
|
|
|
return pagination.ListRefreshPage(ctx, grantsHash, pageSize, filterItemFn, listItemsFn, repo.estimatedUserCount, listDeletedIdsFn, tok)
|
|
}
|
|
|
|
// ListGroupsRefreshPage lists up to page size groups, filtering out entries that
|
|
// do not pass the filter item function. It will automatically request
|
|
// more groups from the database, at page size chunks, to fill the page.
|
|
// It will start its paging based on the information in the token.
|
|
// It returns a new list token used to continue pagination or refresh items.
|
|
// Groups are ordered by update time descending (most recently updated first).
|
|
// Groups may contain items that were already returned during the initial
|
|
// pagination phase. It also returns a list of any groups deleted since the
|
|
// last response.
|
|
func ListGroupsRefreshPage(
|
|
ctx context.Context,
|
|
grantsHash []byte,
|
|
pageSize int,
|
|
filterItemFn pagination.ListFilterFunc[*Group],
|
|
tok *listtoken.Token,
|
|
repo *Repository,
|
|
withScopeIds []string,
|
|
) (*pagination.ListResponse[*Group], error) {
|
|
const op = "iam.ListGroupsRefreshPage"
|
|
|
|
switch {
|
|
case len(grantsHash) == 0:
|
|
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing grants hash")
|
|
case pageSize < 1:
|
|
return nil, errors.New(ctx, errors.InvalidParameter, op, "page size must be at least 1")
|
|
case filterItemFn == nil:
|
|
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing filter item callback")
|
|
case tok == nil:
|
|
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing token")
|
|
case repo == nil:
|
|
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing repo")
|
|
case withScopeIds == nil:
|
|
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing scope ids")
|
|
case tok.ResourceType != resource.Group:
|
|
return nil, errors.New(ctx, errors.InvalidParameter, op, "token did not have a group resource type")
|
|
}
|
|
rt, ok := tok.Subtype.(*listtoken.RefreshToken)
|
|
if !ok {
|
|
return nil, errors.New(ctx, errors.InvalidParameter, op, "token did not have a refresh token component")
|
|
}
|
|
|
|
listItemsFn := func(ctx context.Context, lastPageItem *Group, limit int) ([]*Group, time.Time, error) {
|
|
opts := []Option{
|
|
WithLimit(limit),
|
|
}
|
|
if lastPageItem != nil {
|
|
opts = append(opts, WithStartPageAfterItem(lastPageItem))
|
|
} else {
|
|
lastItem, err := tok.LastItem(ctx)
|
|
if err != nil {
|
|
return nil, time.Time{}, err
|
|
}
|
|
opts = append(opts, WithStartPageAfterItem(lastItem))
|
|
}
|
|
// Add the database read timeout to account for any creations missed due to concurrent
|
|
// transactions in the original list pagination phase.
|
|
return repo.listGroupsRefresh(ctx, rt.PhaseLowerBound.Add(-globals.RefreshReadLookbackDuration), withScopeIds, opts...)
|
|
}
|
|
|
|
listDeletedIdsFn := func(ctx context.Context, since time.Time) ([]string, time.Time, error) {
|
|
// Add the database read timeout to account for any deletes missed due to concurrent
|
|
// transactions in the original list pagination phase.
|
|
return repo.listGroupDeletedIds(ctx, since.Add(-globals.RefreshReadLookbackDuration))
|
|
}
|
|
|
|
return pagination.ListRefreshPage(ctx, grantsHash, pageSize, filterItemFn, listItemsFn, repo.estimatedGroupCount, listDeletedIdsFn, tok)
|
|
}
|
|
|
|
// ListScopesRefreshPage lists up to page size scopes, filtering out entries that
|
|
// do not pass the filter item function. It will automatically request
|
|
// more scopes from the database, at page size chunks, to fill the page.
|
|
// It will start its paging based on the information in the token.
|
|
// It returns a new list token used to continue pagination or refresh items.
|
|
// Scopes are ordered by update time descending (most recently updated first).
|
|
// Scopes may contain items that were already returned during the initial
|
|
// pagination phase. It also returns a list of any scopes deleted since the
|
|
// last response.
|
|
func ListScopesRefreshPage(
|
|
ctx context.Context,
|
|
grantsHash []byte,
|
|
pageSize int,
|
|
filterItemFn pagination.ListFilterFunc[*Scope],
|
|
tok *listtoken.Token,
|
|
repo *Repository,
|
|
withParentIds []string,
|
|
) (*pagination.ListResponse[*Scope], error) {
|
|
const op = "iam.ListScopesRefreshPage"
|
|
|
|
switch {
|
|
case len(grantsHash) == 0:
|
|
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing grants hash")
|
|
case pageSize < 1:
|
|
return nil, errors.New(ctx, errors.InvalidParameter, op, "page size must be at least 1")
|
|
case filterItemFn == nil:
|
|
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing filter item callback")
|
|
case tok == nil:
|
|
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing token")
|
|
case repo == nil:
|
|
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing repo")
|
|
case len(withParentIds) == 0:
|
|
return nil, errors.New(ctx, errors.InvalidParameter, op, "missing parent ids")
|
|
case tok.ResourceType != resource.Scope:
|
|
return nil, errors.New(ctx, errors.InvalidParameter, op, "token did not have a scope resource type")
|
|
}
|
|
rt, ok := tok.Subtype.(*listtoken.RefreshToken)
|
|
if !ok {
|
|
return nil, errors.New(ctx, errors.InvalidParameter, op, "token did not have a refresh token component")
|
|
}
|
|
|
|
listItemsFn := func(ctx context.Context, lastPageItem *Scope, limit int) ([]*Scope, time.Time, error) {
|
|
opts := []Option{
|
|
WithLimit(limit),
|
|
}
|
|
if lastPageItem != nil {
|
|
opts = append(opts, WithStartPageAfterItem(lastPageItem))
|
|
} else {
|
|
lastItem, err := tok.LastItem(ctx)
|
|
if err != nil {
|
|
return nil, time.Time{}, err
|
|
}
|
|
opts = append(opts, WithStartPageAfterItem(lastItem))
|
|
}
|
|
// Add the database read timeout to account for any creations missed due to concurrent
|
|
// transactions in the original list pagination phase.
|
|
return repo.listScopesRefresh(ctx, rt.PhaseLowerBound.Add(-globals.RefreshReadLookbackDuration), withParentIds, opts...)
|
|
}
|
|
|
|
listDeletedIdsFn := func(ctx context.Context, since time.Time) ([]string, time.Time, error) {
|
|
// Add the database read timeout to account for any deletes missed due to concurrent
|
|
// transactions in the original list pagination phase.
|
|
return repo.listScopeDeletedIds(ctx, since.Add(-globals.RefreshReadLookbackDuration))
|
|
}
|
|
|
|
return pagination.ListRefreshPage(ctx, grantsHash, pageSize, filterItemFn, listItemsFn, repo.estimatedScopeCount, listDeletedIdsFn, tok)
|
|
}
|