Merge branch 'v3' into intercept-ssh-commands

canonical · Jan 14, 2025 · 88e92ec · 88e92ec
2 parents 6a3bab3 + 253320e
commit 88e92ec
Show file tree

Hide file tree

Showing 9 changed files with 80 additions and 94 deletions.
diff --git a/internal/jimm/jimm.go b/internal/jimm/jimm.go
@@ -187,6 +187,8 @@ type PermissionManager interface {
 	ListRelationshipTuples(ctx context.Context, user *openfga.User, tuple apiparams.RelationshipTuple, pageSize int32, continuationToken string) ([]openfga.Tuple, string, error)
 	// ListObjectRelations lists all the tuples that an object has a direct relation with.
 	ListObjectRelations(ctx context.Context, user *openfga.User, object string, pageSize int32, entitlementToken pagination.EntitlementToken) ([]openfga.Tuple, pagination.EntitlementToken, error)
+	// ListResources lists all resources known to JIMM.
+	ListResources(ctx context.Context, user *openfga.User, filter pagination.LimitOffsetPagination, namePrefixFilter, typeFilter string) ([]db.Resource, error)
 
 	// GetJimmControllerAccess returns the user's level of access to JIMM.
 	GetJimmControllerAccess(ctx context.Context, user *openfga.User, tag names.UserTag) (string, error)

diff --git a/internal/jimm/permissions/relations.go b/internal/jimm/permissions/relations.go
@@ -10,6 +10,7 @@ import (
 	"go.uber.org/zap"
 
 	"github.com/canonical/jimm/v3/internal/common/pagination"
+	"github.com/canonical/jimm/v3/internal/db"
 	"github.com/canonical/jimm/v3/internal/errors"
 	"github.com/canonical/jimm/v3/internal/openfga"
 	ofganames "github.com/canonical/jimm/v3/internal/openfga/names"
@@ -127,6 +128,17 @@ func (j *permissionManager) ListObjectRelations(ctx context.Context, user *openf
 	return responseTuples, nextToken, nil
 }
 
+// ListResources returns a list of resources known to JIMM with a pagination filter.
+func (j *permissionManager) ListResources(ctx context.Context, user *openfga.User, filter pagination.LimitOffsetPagination, namePrefixFilter, typeFilter string) ([]db.Resource, error) {
+	const op = errors.Op("jimm.ListResources")
+
+	if !user.JimmAdmin {
+		return nil, errors.E(op, errors.CodeUnauthorized, "unauthorized")
+	}
+
+	return j.store.ListResources(ctx, filter.Limit(), filter.Offset(), namePrefixFilter, typeFilter)
+}
+
 func (j *permissionManager) getObjectRelationsPage(ctx context.Context, object string, pageSize int32, entitlementToken pagination.EntitlementToken) ([]openfga.Tuple, pagination.EntitlementToken, error) {
 	var err error
 	var e pagination.EntitlementToken

diff --git a/internal/jimm/permissions/relations_test.go b/internal/jimm/permissions/relations_test.go
@@ -266,3 +266,49 @@ func (s *permissionManagerSuite) TestListObjectRelations(c *qt.C) {
 		})
 	}
 }
+
+func (s *permissionManagerSuite) TestListResources(c *qt.C) {
+	c.Parallel()
+	ctx := context.Background()
+
+	_, _, controller, model, applicationOffer, cloud, _, _ := jimmtest.CreateTestControllerEnvironment(ctx, c, s.db)
+
+	ids := []string{applicationOffer.UUID, cloud.Name, controller.UUID, model.UUID.String}
+
+	testCases := []struct {
+		desc       string
+		limit      int
+		offset     int
+		identities []string
+	}{
+		{
+			desc:       "test with first resources",
+			limit:      3,
+			offset:     0,
+			identities: []string{ids[0], ids[1], ids[2]},
+		},
+		{
+			desc:       "test with remianing ids",
+			limit:      3,
+			offset:     3,
+			identities: []string{ids[3]},
+		},
+		{
+			desc:       "test out of range",
+			limit:      3,
+			offset:     6,
+			identities: []string{},
+		},
+	}
+	for _, t := range testCases {
+		c.Run(t.desc, func(c *qt.C) {
+			filter := pagination.NewOffsetFilter(t.limit, t.offset)
+			resources, err := s.manager.ListResources(ctx, s.adminUser, filter, "", "")
+			c.Assert(err, qt.IsNil)
+			c.Assert(resources, qt.HasLen, len(t.identities))
+			for i := range len(t.identities) {
+				c.Assert(resources[i].ID.String, qt.Equals, t.identities[i])
+			}
+		})
+	}
+}
diff --git a/internal/jimm/resource.go b/internal/jimm/resource.go
diff --git a/internal/jimm/resource_test.go b/internal/jimm/resource_test.go
diff --git a/internal/jimmhttp/rebac_admin/resources.go b/internal/jimmhttp/rebac_admin/resources.go
@@ -1,4 +1,4 @@
-// Copyright 2024 Canonical.
+// Copyright 2025 Canonical.
 
 package rebac_admin
 
@@ -40,7 +40,7 @@ func (s *resourcesService) ListResources(ctx context.Context, params *resources.
 		}
 	}
 
-	res, err := s.jimm.ListResources(ctx, user, pagination, namePrefixFilter, typeFilter)
+	res, err := s.jimm.PermissionManager().ListResources(ctx, user, pagination, namePrefixFilter, typeFilter)
 	if err != nil {
 		return nil, err
 	}

diff --git a/internal/jimmhttp/rebac_admin/resources_test.go b/internal/jimmhttp/rebac_admin/resources_test.go
@@ -1,4 +1,4 @@
-// Copyright 2024 Canonical.
+// Copyright 2025 Canonical.
 
 package rebac_admin_test
 
@@ -13,18 +13,25 @@ import (
 	"github.com/canonical/jimm/v3/internal/common/pagination"
 	"github.com/canonical/jimm/v3/internal/common/utils"
 	"github.com/canonical/jimm/v3/internal/db"
+	"github.com/canonical/jimm/v3/internal/jimm"
 	"github.com/canonical/jimm/v3/internal/jimmhttp/rebac_admin"
 	"github.com/canonical/jimm/v3/internal/openfga"
 	"github.com/canonical/jimm/v3/internal/testutils/jimmtest"
+	"github.com/canonical/jimm/v3/internal/testutils/jimmtest/mocks"
 )
 
 func TestListResources(t *testing.T) {
 	c := qt.New(t)
-	jimm := jimmtest.JIMM{
+	permissionManager := mocks.PermissionManager{
 		ListResources_: func(ctx context.Context, user *openfga.User, filter pagination.LimitOffsetPagination, nameFilter, typeFilter string) ([]db.Resource, error) {
 			return []db.Resource{}, nil
 		},
 	}
+	jimm := jimmtest.JIMM{
+		PermissionManager_: func() jimm.PermissionManager {
+			return &permissionManager
+		},
+	}
 	user := openfga.User{}
 	user.JimmAdmin = true
 	ctx := context.Background()

diff --git a/internal/jujuapi/interface.go b/internal/jujuapi/interface.go
@@ -10,8 +10,6 @@ import (
 	jujuparams "github.com/juju/juju/rpc/params"
 	"github.com/juju/names/v5"
 
-	"github.com/canonical/jimm/v3/internal/common/pagination"
-	"github.com/canonical/jimm/v3/internal/db"
 	"github.com/canonical/jimm/v3/internal/dbmodel"
 	"github.com/canonical/jimm/v3/internal/jimm"
 	"github.com/canonical/jimm/v3/internal/openfga"
@@ -46,7 +44,6 @@ type JIMM interface {
 	InitiateMigration(ctx context.Context, user *openfga.User, spec jujuparams.MigrationSpec) (jujuparams.InitiateMigrationResult, error)
 	ListApplicationOffers(ctx context.Context, user *openfga.User, filters ...jujuparams.OfferFilter) ([]jujuparams.ApplicationOfferAdminDetailsV5, error)
 	ListModels(ctx context.Context, user *openfga.User) ([]base.UserModel, error)
-	ListResources(ctx context.Context, user *openfga.User, filter pagination.LimitOffsetPagination, namePrefixFilter, typeFilter string) ([]db.Resource, error)
 	Offer(ctx context.Context, user *openfga.User, offer jimm.AddApplicationOfferParams) error
 	PubSubHub() *pubsub.Hub
 	RemoveCloud(ctx context.Context, u *openfga.User, ct names.CloudTag) error

diff --git a/internal/testutils/jimmtest/mocks/jimm_relation_mock.go b/internal/testutils/jimmtest/mocks/jimm_relation_mock.go
@@ -9,6 +9,7 @@ import (
 	"github.com/juju/names/v5"
 
 	"github.com/canonical/jimm/v3/internal/common/pagination"
+	"github.com/canonical/jimm/v3/internal/db"
 	"github.com/canonical/jimm/v3/internal/dbmodel"
 	"github.com/canonical/jimm/v3/internal/errors"
 	"github.com/canonical/jimm/v3/internal/openfga"
@@ -24,6 +25,7 @@ type PermissionManager struct {
 	CheckRelation_          func(ctx context.Context, user *openfga.User, tuple apiparams.RelationshipTuple, trace bool) (_ bool, err error)
 	ListRelationshipTuples_ func(ctx context.Context, user *openfga.User, tuple apiparams.RelationshipTuple, pageSize int32, continuationToken string) ([]openfga.Tuple, string, error)
 	ListObjectRelations_    func(ctx context.Context, user *openfga.User, object string, pageSize int32, continuationToken pagination.EntitlementToken) ([]openfga.Tuple, pagination.EntitlementToken, error)
+	ListResources_          func(ctx context.Context, user *openfga.User, filter pagination.LimitOffsetPagination, namePrefixFilter, typeFilter string) ([]db.Resource, error)
 
 	GetJimmControllerAccess_   func(ctx context.Context, user *openfga.User, tag names.UserTag) (string, error)
 	GetUserCloudAccess_        func(ctx context.Context, user *openfga.User, cloud names.CloudTag) (string, error)
@@ -80,6 +82,13 @@ func (j *PermissionManager) ListObjectRelations(ctx context.Context, user *openf
 	return j.ListObjectRelations_(ctx, user, object, pageSize, entitlementToken)
 }
 
+func (j *PermissionManager) ListResources(ctx context.Context, user *openfga.User, filter pagination.LimitOffsetPagination, namePrefixFilter, typeFilter string) ([]db.Resource, error) {
+	if j.ListResources_ == nil {
+		return nil, errors.E(errors.CodeNotImplemented)
+	}
+	return j.ListResources_(ctx, user, filter, namePrefixFilter, typeFilter)
+}
+
 func (j *PermissionManager) GetJimmControllerAccess(ctx context.Context, user *openfga.User, tag names.UserTag) (string, error) {
 	if j.GetJimmControllerAccess_ == nil {
 		return "", errors.E(errors.CodeNotImplemented)