From e8cc7d2f1c9bedd0f34bb1529fe2f98ff6fb5fa9 Mon Sep 17 00:00:00 2001 From: Abin Simon Date: Mon, 28 Mar 2022 22:06:00 +0530 Subject: [PATCH] Implement filtering of users and groups via sentry Drop the previous implementationusing custom code --- .../proto/rpc/scheduler/cluster.swagger.json | 12 + .../proto/rpc/sentry/bootstrap.swagger.json | 30 +++ .../proto/rpc/sentry/kubeconfig.swagger.json | 90 +++++++ .../rpc/sentry/kubectl_cluster.swagger.json | 18 ++ gen/openapi/proto/rpc/user/group.swagger.json | 12 + gen/openapi/proto/rpc/user/user.swagger.json | 12 + internal/dao/user.go | 76 ++---- internal/models/sentrypermission.go | 24 ++ master.rest | 2 +- pkg/service/user.go | 75 +++--- pkg/service/utils.go | 60 +---- proto/types/commonpb/v3/common.pb.go | 243 ++++++++++-------- proto/types/commonpb/v3/common.proto | 44 ++-- sentry-account.sql | 130 ++++++++++ 14 files changed, 554 insertions(+), 274 deletions(-) create mode 100644 internal/models/sentrypermission.go create mode 100644 sentry-account.sql diff --git a/gen/openapi/proto/rpc/scheduler/cluster.swagger.json b/gen/openapi/proto/rpc/scheduler/cluster.swagger.json index 0b535cf..42adf0c 100644 --- a/gen/openapi/proto/rpc/scheduler/cluster.swagger.json +++ b/gen/openapi/proto/rpc/scheduler/cluster.swagger.json @@ -1517,6 +1517,18 @@ "required": false, "type": "string" }, + { + "name": "group", + "in": "query", + "required": false, + "type": "string" + }, + { + "name": "role", + "in": "query", + "required": false, + "type": "string" + }, { "name": "displayName", "description": "displayName only used for update queries to set displayName (READONLY).", diff --git a/gen/openapi/proto/rpc/sentry/bootstrap.swagger.json b/gen/openapi/proto/rpc/sentry/bootstrap.swagger.json index 0bc389d..3744c8f 100644 --- a/gen/openapi/proto/rpc/sentry/bootstrap.swagger.json +++ b/gen/openapi/proto/rpc/sentry/bootstrap.swagger.json @@ -273,6 +273,18 @@ "required": false, "type": "string" }, + { + "name": "group", + "in": "query", + "required": false, + "type": "string" + }, + { + "name": "role", + "in": "query", + "required": false, + "type": "string" + }, { "name": "displayName", "description": "displayName only used for update queries to set displayName (READONLY).", @@ -1309,6 +1321,18 @@ "required": false, "type": "string" }, + { + "name": "opts.group", + "in": "query", + "required": false, + "type": "string" + }, + { + "name": "opts.role", + "in": "query", + "required": false, + "type": "string" + }, { "name": "opts.displayName", "description": "displayName only used for update queries to set displayName (READONLY).", @@ -1973,6 +1997,12 @@ "project": { "type": "string" }, + "group": { + "type": "string" + }, + "role": { + "type": "string" + }, "displayName": { "type": "string", "title": "displayName only used for update queries to set displayName (READONLY)" diff --git a/gen/openapi/proto/rpc/sentry/kubeconfig.swagger.json b/gen/openapi/proto/rpc/sentry/kubeconfig.swagger.json index e1ff264..503263f 100644 --- a/gen/openapi/proto/rpc/sentry/kubeconfig.swagger.json +++ b/gen/openapi/proto/rpc/sentry/kubeconfig.swagger.json @@ -92,6 +92,18 @@ "required": false, "type": "string" }, + { + "name": "opts.group", + "in": "query", + "required": false, + "type": "string" + }, + { + "name": "opts.role", + "in": "query", + "required": false, + "type": "string" + }, { "name": "opts.displayName", "description": "displayName only used for update queries to set displayName (READONLY).", @@ -303,6 +315,18 @@ "required": false, "type": "string" }, + { + "name": "opts.group", + "in": "query", + "required": false, + "type": "string" + }, + { + "name": "opts.role", + "in": "query", + "required": false, + "type": "string" + }, { "name": "opts.displayName", "description": "displayName only used for update queries to set displayName (READONLY).", @@ -557,6 +581,18 @@ "required": false, "type": "string" }, + { + "name": "opts.group", + "in": "query", + "required": false, + "type": "string" + }, + { + "name": "opts.role", + "in": "query", + "required": false, + "type": "string" + }, { "name": "opts.displayName", "description": "displayName only used for update queries to set displayName (READONLY).", @@ -770,6 +806,18 @@ "required": false, "type": "string" }, + { + "name": "opts.group", + "in": "query", + "required": false, + "type": "string" + }, + { + "name": "opts.role", + "in": "query", + "required": false, + "type": "string" + }, { "name": "opts.displayName", "description": "displayName only used for update queries to set displayName (READONLY).", @@ -1019,6 +1067,18 @@ "required": false, "type": "string" }, + { + "name": "opts.group", + "in": "query", + "required": false, + "type": "string" + }, + { + "name": "opts.role", + "in": "query", + "required": false, + "type": "string" + }, { "name": "opts.displayName", "description": "displayName only used for update queries to set displayName (READONLY).", @@ -1268,6 +1328,18 @@ "required": false, "type": "string" }, + { + "name": "opts.group", + "in": "query", + "required": false, + "type": "string" + }, + { + "name": "opts.role", + "in": "query", + "required": false, + "type": "string" + }, { "name": "opts.displayName", "description": "displayName only used for update queries to set displayName (READONLY).", @@ -1525,6 +1597,18 @@ "required": false, "type": "string" }, + { + "name": "opts.group", + "in": "query", + "required": false, + "type": "string" + }, + { + "name": "opts.role", + "in": "query", + "required": false, + "type": "string" + }, { "name": "opts.displayName", "description": "displayName only used for update queries to set displayName (READONLY).", @@ -1831,6 +1915,12 @@ "project": { "type": "string" }, + "group": { + "type": "string" + }, + "role": { + "type": "string" + }, "displayName": { "type": "string", "title": "displayName only used for update queries to set displayName (READONLY)" diff --git a/gen/openapi/proto/rpc/sentry/kubectl_cluster.swagger.json b/gen/openapi/proto/rpc/sentry/kubectl_cluster.swagger.json index 525c0f4..10bee2b 100644 --- a/gen/openapi/proto/rpc/sentry/kubectl_cluster.swagger.json +++ b/gen/openapi/proto/rpc/sentry/kubectl_cluster.swagger.json @@ -100,6 +100,18 @@ "required": false, "type": "string" }, + { + "name": "opts.group", + "in": "query", + "required": false, + "type": "string" + }, + { + "name": "opts.role", + "in": "query", + "required": false, + "type": "string" + }, { "name": "opts.displayName", "description": "displayName only used for update queries to set displayName (READONLY).", @@ -354,6 +366,12 @@ "project": { "type": "string" }, + "group": { + "type": "string" + }, + "role": { + "type": "string" + }, "displayName": { "type": "string", "title": "displayName only used for update queries to set displayName (READONLY)" diff --git a/gen/openapi/proto/rpc/user/group.swagger.json b/gen/openapi/proto/rpc/user/group.swagger.json index 32bd418..deb1be5 100644 --- a/gen/openapi/proto/rpc/user/group.swagger.json +++ b/gen/openapi/proto/rpc/user/group.swagger.json @@ -549,6 +549,18 @@ "required": false, "type": "string" }, + { + "name": "group", + "in": "query", + "required": false, + "type": "string" + }, + { + "name": "role", + "in": "query", + "required": false, + "type": "string" + }, { "name": "displayName", "description": "displayName only used for update queries to set displayName (READONLY).", diff --git a/gen/openapi/proto/rpc/user/user.swagger.json b/gen/openapi/proto/rpc/user/user.swagger.json index 67f1690..730d9c9 100644 --- a/gen/openapi/proto/rpc/user/user.swagger.json +++ b/gen/openapi/proto/rpc/user/user.swagger.json @@ -671,6 +671,18 @@ "required": false, "type": "string" }, + { + "name": "group", + "in": "query", + "required": false, + "type": "string" + }, + { + "name": "role", + "in": "query", + "required": false, + "type": "string" + }, { "name": "displayName", "description": "displayName only used for update queries to set displayName (READONLY).", diff --git a/internal/dao/user.go b/internal/dao/user.go index 9a45104..8171647 100644 --- a/internal/dao/user.go +++ b/internal/dao/user.go @@ -71,48 +71,30 @@ type userProjectnamesaceRole struct { Project *string `bun:"project,type:string"` } -func ListUserRoles(ctx context.Context, db bun.IDB) ([]*userProjectnamesaceRole, error) { - // Could possibly union them later for some speedup - // TODO: filter by org and partner - // TODO: add lookup via group as well - var r = []*userProjectnamesaceRole{} - err := db.NewSelect().Table("authsrv_accountresourcerole"). - ColumnExpr("authsrv_accountresourcerole.account_id as account_id, authsrv_resourcerole.name as role"). - Join(`JOIN authsrv_resourcerole ON authsrv_resourcerole.id=authsrv_accountresourcerole.role_id`). - Where("authsrv_resourcerole.trash = ?", false). - Where("authsrv_accountresourcerole.trash = ?", false). - Scan(ctx, &r) - if err != nil { - return nil, err - } +// TODO: find a better name for the function +func GetQueryFilteredUsers(ctx context.Context, db bun.IDB, partner, org, group, role uuid.UUID, projects []uuid.UUID) ([]uuid.UUID, error) { + p := []models.SentryPermission{} + q := db.NewSelect().Model(&p).ColumnExpr("DISTINCT account_id") - var pr = []*userProjectnamesaceRole{} - err = db.NewSelect().Table("authsrv_projectaccountresourcerole"). - ColumnExpr("authsrv_projectaccountresourcerole.account_id as account_id, authsrv_resourcerole.name as role, authsrv_project.name as project"). - Join(`JOIN authsrv_resourcerole ON authsrv_resourcerole.id=authsrv_projectaccountresourcerole.role_id`). - Join(`JOIN authsrv_project ON authsrv_project.id=authsrv_projectaccountresourcerole.project_id`). - Where("authsrv_project.trash = ?", false). - Where("authsrv_resourcerole.trash = ?", false). - Where("authsrv_projectaccountresourcerole.trash = ?", false). - Scan(ctx, &pr) - if err != nil { - return nil, err - } + q.Where("partner_id = ?", partner). + Where("organization_id = ?", org) - var pnr = []*userProjectnamesaceRole{} - err = db.NewSelect().Table("authsrv_projectaccountnamespacerole"). - ColumnExpr("authsrv_projectaccountnamespacerole.account_id as account_id, authsrv_resourcerole.name as role, authsrv_project.name as project, namespace_id as namespace"). - Join(`JOIN authsrv_resourcerole ON authsrv_resourcerole.id=authsrv_projectaccountnamespacerole.role_id`). - Join(`JOIN authsrv_project ON authsrv_project.id=authsrv_projectaccountnamespacerole.project_id`). // also need a namespace join - Where("authsrv_project.trash = ?", false). - Where("authsrv_resourcerole.trash = ?", false). - Where("authsrv_projectaccountnamespacerole.trash = ?", false). - Scan(ctx, &pnr) - if err != nil { - return nil, err + if group != uuid.Nil { + q.Where("group_id = ?", group) } + if role != uuid.Nil { + q.Where("role_id = ?", role) + } + if len(projects) != 0 { + q.Where("project_id IN (?)", bun.In(projects)) + } + q.Scan(ctx) - return append(append(r, pr...), pnr...), err + acc := []uuid.UUID{} + for _, a := range p { + acc = append(acc, a.AccountId) + } + return acc, nil } // ListFilteredUsers will return the list of users fileterd by query @@ -137,21 +119,3 @@ func ListFilteredUsers(ctx context.Context, db bun.IDB, users *[]models.KratosId } return users, nil } - -// func FilterUsersByGroups(ctx context.Context, db bun.IDB, users []uuid.UUID, groups []string) ([]uuid.UUID, error) { -// ga := []models.GroupAccount{} -// q := db.NewSelect().Model(&ga). -// Where("name IN (?)", bun.In(groups)). -// Where("account_id IN (?)", bun.In(users)) - -// err := q.Scan(ctx) -// if err != nil { -// return nil, err -// } - -// fusers := []uuid.UUID{} -// for _, g := range ga { -// fusers = append(fusers, g.AccountId) -// } -// return fusers, nil -// } diff --git a/internal/models/sentrypermission.go b/internal/models/sentrypermission.go new file mode 100644 index 0000000..f528cec --- /dev/null +++ b/internal/models/sentrypermission.go @@ -0,0 +1,24 @@ +package models + +import ( + "encoding/json" + + "github.com/google/uuid" + "github.com/uptrace/bun" +) + +type SentryPermission struct { + bun.BaseModel `bun:"table:sentry_permission,alias:sentry_permission"` + + AccountId uuid.UUID `bun:"account_id,type:uuid"` + ProjectId uuid.UUID `bun:"project_id,type:uuid"` + GroupId uuid.UUID `bun:"group_id,type:uuid"` + RoleId uuid.UUID `bun:"role_id,type:uuid"` + OrganizationId uuid.UUID `bun:"organization_id,type:uuid"` + PartnerId uuid.UUID `bun:"partner_id,type:uuid"` + IsGlobal bool `bun:"is_global,notnull,default:true"` // does not matter + Scope string `bun:"scope,notnull"` + Permission string `bun:"permission_name,type:string"` + BaseUrl string `bun:"base_url,type:string"` + Urls json.RawMessage `bun:"urls,type:jsonb"` +} diff --git a/master.rest b/master.rest index ea3a3d4..fbb540f 100644 --- a/master.rest +++ b/master.rest @@ -280,7 +280,7 @@ GET :host/auth/v3/users Content-Type: application/yaml # Get all users with query options -GET :host/auth/v3/users?q=user&name=john&order_by=email +GET :host/auth/v3/users?partner=:partner&organization=:org&q=user&name=john&order_by=email&project=ALL,:project Content-Type: application/yaml # Get single user diff --git a/pkg/service/user.go b/pkg/service/user.go index fc7bbe7..c81b6bd 100644 --- a/pkg/service/user.go +++ b/pkg/service/user.go @@ -505,47 +505,60 @@ func (s *userService) List(ctx context.Context, opts ...query.Option) (*userv3.U opt(&queryOptions) } - // TODO: group relation stuff - // TODO: This is kinda expensive to compute - upr, err := getUserProjectRoles(ctx, s.db) + partnerId, orgId, err := getPartnerOrganization(ctx, s.db, queryOptions.Partner, queryOptions.Organization) if err != nil { - return &userv3.UserList{}, err + return &userv3.UserList{}, fmt.Errorf("unable to find role partner and org") } - fmt.Println("upr:", upr) - projects := []string{} - fmt.Println("queryOptions.Project:", queryOptions.Project) + roleName := queryOptions.Role + roleId := uuid.Nil + if roleName != "" { + role, err := dao.GetIdByName(ctx, s.db, roleName, &models.Role{}) + if err != nil { + return &userv3.UserList{}, fmt.Errorf("unable to find role '%v'", roleName) + } + if rle, ok := role.(*models.Role); ok { + roleId = rle.ID + } + } + + groupName := queryOptions.Group + groupId := uuid.Nil + if groupName != "" { + group, err := dao.GetIdByName(ctx, s.db, groupName, &models.Group{}) + if err != nil { + return &userv3.UserList{}, fmt.Errorf("unable to find group '%v'", groupName) + } + if grp, ok := group.(*models.Group); ok { + groupId = grp.ID + } + } + + projectIds := []uuid.UUID{} if queryOptions.Project != "" { - projects = strings.Split(queryOptions.Project, ",") + for _, p := range strings.Split(queryOptions.Project, ",") { + if p == "ALL" { + projectIds = append(projectIds, uuid.Nil) + } else { + project, err := dao.GetIdByName(ctx, s.db, p, &models.Project{}) + if err != nil { + return &userv3.UserList{}, fmt.Errorf("unable to find project '%v'", p) + } + if prj, ok := project.(*models.Project); ok { + projectIds = append(projectIds, prj.ID) + } + } + } } - // TODO: make this a single big query - fupr, err := filterUserProjectRoles(upr, - projects, - "role-name", // TODO: add role to QueryOptions - // queryOptions.Role, - ) + + uids, err := dao.GetQueryFilteredUsers(ctx, s.db, partnerId, orgId, groupId, roleId, projectIds) if err != nil { return &userv3.UserList{}, err } - fmt.Println("fupr:", fupr) - uids := []uuid.UUID{} - for k := range fupr { - uids = append(uids, k) - } - // TODO: add gorup to search - if queryOptions.Group { - - // partnerId, organizationId, err := s.getPartnerOrganization(ctx, s.db, group) - // if err != nil { - // return nil, fmt.Errorf("unable to get partner and org id") - // } - ga := []models.GroupAccount{} - g, err := dao.Get(ctx, ) - } - - if len(fupr) != 0 { + if len(uids) != 0 { var accs []models.KratosIdentities + // TODO: maybe merge this with the previous one into single sql usrs, err := dao.ListFilteredUsers(ctx, s.db, &accs, uids, queryOptions.Q, queryOptions.OrderBy, queryOptions.Order, diff --git a/pkg/service/utils.go b/pkg/service/utils.go index 0b3e998..a293a62 100644 --- a/pkg/service/utils.go +++ b/pkg/service/utils.go @@ -38,61 +38,15 @@ func remove(l []string, item string) []string { return l } -type projectRole struct { - Project *string - Role string -} -type userProjectRoles map[uuid.UUID][]projectRole - -func getUserProjectRoles(ctx context.Context, db bun.IDB) (userProjectRoles, error) { - roles, err := dao.ListUserRoles(ctx, db) +func getPartnerOrganization(ctx context.Context, db bun.IDB, partner, org string) (uuid.UUID, uuid.UUID, error) { + partnerId, err := dao.GetPartnerId(ctx, db, partner) if err != nil { - return userProjectRoles{}, err + return uuid.Nil, uuid.Nil, err } - - upr := userProjectRoles{} - for _, role := range roles { - upr[role.AccountId] = append(upr[role.AccountId], projectRole{Project: role.Project, Role: role.Role}) + organizationId, err := dao.GetOrganizationId(ctx, db, org) + if err != nil { + return partnerId, uuid.Nil, err } + return partnerId, organizationId, nil - return upr, nil -} - -func projectAvailable(r []projectRole, projects []string) bool { - // This is an OR internally - // ALL is when the permissions is not project bound - all := false - if contains(projects, "ALL") { - all = true - projects = remove(projects, "ALL") - } - for _, pr := range r { - if pr.Project != nil { - if contains(projects, *pr.Project) { - return true - } - } else if all { - return true - } - } - return false -} - -func roleAvailable(r []projectRole, role string) bool { - for _, pr := range r { - if pr.Role == role { - return true - } - } - return false -} - -func filterUserProjectRoles(upr userProjectRoles, projects []string, role string) (userProjectRoles, error) { - fupr := userProjectRoles{} - for u, r := range upr { - if (len(projects) == 0 || projectAvailable(r, projects)) && (role == "" || roleAvailable(r, role)) { - fupr[u] = r - } - } - return fupr, nil } diff --git a/proto/types/commonpb/v3/common.pb.go b/proto/types/commonpb/v3/common.pb.go index 6967855..3f43e22 100644 --- a/proto/types/commonpb/v3/common.pb.go +++ b/proto/types/commonpb/v3/common.pb.go @@ -762,34 +762,36 @@ type QueryOptions struct { Partner string `protobuf:"bytes,4,opt,name=partner,proto3" json:"partner,omitempty"` Organization string `protobuf:"bytes,5,opt,name=organization,proto3" json:"organization,omitempty"` Project string `protobuf:"bytes,6,opt,name=project,proto3" json:"project,omitempty"` + Group string `protobuf:"bytes,7,opt,name=group,proto3" json:"group,omitempty"` + Role string `protobuf:"bytes,8,opt,name=role,proto3" json:"role,omitempty"` // displayName only used for update queries to set displayName (READONLY) - DisplayName string `protobuf:"bytes,7,opt,name=displayName,proto3" json:"displayName,omitempty"` + DisplayName string `protobuf:"bytes,9,opt,name=displayName,proto3" json:"displayName,omitempty"` // labels only used for update queries to set labels (READONLY) - Labels map[string]string `protobuf:"bytes,8,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + Labels map[string]string `protobuf:"bytes,10,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` // annotations only used for update queries to set annotations (READONLY) - Annotations map[string]string `protobuf:"bytes,9,rep,name=annotations,proto3" json:"annotations,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - Count int64 `protobuf:"zigzag64,10,opt,name=count,proto3" json:"count,omitempty"` - Offset int64 `protobuf:"zigzag64,11,opt,name=offset,proto3" json:"offset,omitempty"` - Limit int64 `protobuf:"zigzag64,12,opt,name=limit,proto3" json:"limit,omitempty"` + Annotations map[string]string `protobuf:"bytes,11,rep,name=annotations,proto3" json:"annotations,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + Count int64 `protobuf:"zigzag64,12,opt,name=count,proto3" json:"count,omitempty"` + Offset int64 `protobuf:"zigzag64,13,opt,name=offset,proto3" json:"offset,omitempty"` + Limit int64 `protobuf:"zigzag64,14,opt,name=limit,proto3" json:"limit,omitempty"` // ignoreScopeDefault ignores default values for partnerID, organizationID and // projectID - IgnoreScopeDefault bool `protobuf:"varint,13,opt,name=ignoreScopeDefault,proto3" json:"ignoreScopeDefault,omitempty"` + IgnoreScopeDefault bool `protobuf:"varint,15,opt,name=ignoreScopeDefault,proto3" json:"ignoreScopeDefault,omitempty"` // globalScope sets partnerID,organizationID,projectID = 0 - GlobalScope bool `protobuf:"varint,14,opt,name=globalScope,proto3" json:"globalScope,omitempty"` - OrderBy string `protobuf:"bytes,15,opt,name=orderBy,proto3" json:"orderBy,omitempty"` - Order string `protobuf:"bytes,16,opt,name=order,proto3" json:"order,omitempty"` - Deleted bool `protobuf:"varint,17,opt,name=deleted,proto3" json:"deleted,omitempty"` - Extended bool `protobuf:"varint,18,opt,name=extended,proto3" json:"extended,omitempty"` + GlobalScope bool `protobuf:"varint,16,opt,name=globalScope,proto3" json:"globalScope,omitempty"` + OrderBy string `protobuf:"bytes,17,opt,name=orderBy,proto3" json:"orderBy,omitempty"` + Order string `protobuf:"bytes,18,opt,name=order,proto3" json:"order,omitempty"` + Deleted bool `protobuf:"varint,19,opt,name=deleted,proto3" json:"deleted,omitempty"` + Extended bool `protobuf:"varint,20,opt,name=extended,proto3" json:"extended,omitempty"` // urlScope is supposed to be passed in the URL as kind/HashID(value) - UrlScope string `protobuf:"bytes,19,opt,name=urlScope,proto3" json:"urlScope,omitempty"` - IsSSOUser bool `protobuf:"varint,20,opt,name=isSSOUser,proto3" json:"isSSOUser,omitempty"` - Username string `protobuf:"bytes,21,opt,name=username,proto3" json:"username,omitempty"` - Groups []string `protobuf:"bytes,22,rep,name=groups,proto3" json:"groups,omitempty"` - BlueprintRef string `protobuf:"bytes,23,opt,name=blueprintRef,proto3" json:"blueprintRef,omitempty"` - PublishedVersion string `protobuf:"bytes,24,opt,name=publishedVersion,proto3" json:"publishedVersion,omitempty"` - ClusterID string `protobuf:"bytes,25,opt,name=clusterID,proto3" json:"clusterID,omitempty"` - ID string `protobuf:"bytes,26,opt,name=ID,proto3" json:"ID,omitempty"` - Account string `protobuf:"bytes,27,opt,name=account,proto3" json:"account,omitempty"` + UrlScope string `protobuf:"bytes,21,opt,name=urlScope,proto3" json:"urlScope,omitempty"` + IsSSOUser bool `protobuf:"varint,22,opt,name=isSSOUser,proto3" json:"isSSOUser,omitempty"` + Username string `protobuf:"bytes,23,opt,name=username,proto3" json:"username,omitempty"` + Groups []string `protobuf:"bytes,24,rep,name=groups,proto3" json:"groups,omitempty"` + BlueprintRef string `protobuf:"bytes,25,opt,name=blueprintRef,proto3" json:"blueprintRef,omitempty"` + PublishedVersion string `protobuf:"bytes,26,opt,name=publishedVersion,proto3" json:"publishedVersion,omitempty"` + ClusterID string `protobuf:"bytes,27,opt,name=clusterID,proto3" json:"clusterID,omitempty"` + ID string `protobuf:"bytes,28,opt,name=ID,proto3" json:"ID,omitempty"` + Account string `protobuf:"bytes,29,opt,name=account,proto3" json:"account,omitempty"` } func (x *QueryOptions) Reset() { @@ -866,6 +868,20 @@ func (x *QueryOptions) GetProject() string { return "" } +func (x *QueryOptions) GetGroup() string { + if x != nil { + return x.Group + } + return "" +} + +func (x *QueryOptions) GetRole() string { + if x != nil { + return x.Role + } + return "" +} + func (x *QueryOptions) GetDisplayName() string { if x != nil { return x.DisplayName @@ -1287,7 +1303,7 @@ var file_proto_types_commonpb_v3_common_proto_rawDesc = []byte{ 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x3a, 0x25, 0x92, 0x41, 0x22, 0x0a, 0x20, 0x2a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x32, 0x14, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x20, 0x6f, 0x66, 0x20, 0x61, 0x20, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x40, 0x01, 0x22, - 0xec, 0x07, 0x0a, 0x0c, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, + 0x96, 0x08, 0x0a, 0x0c, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x0c, 0x0a, 0x01, 0x71, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x01, 0x71, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x03, @@ -1297,96 +1313,99 @@ var file_proto_types_commonpb_v3_common_proto_rawDesc = []byte{ 0x6e, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x6f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x70, - 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x69, 0x73, 0x70, 0x6c, 0x61, - 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x69, 0x73, - 0x70, 0x6c, 0x61, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x4b, 0x0a, 0x06, 0x6c, 0x61, 0x62, 0x65, - 0x6c, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x72, 0x61, 0x66, 0x61, 0x79, - 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, - 0x6e, 0x2e, 0x76, 0x33, 0x2e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, - 0x73, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x6c, - 0x61, 0x62, 0x65, 0x6c, 0x73, 0x12, 0x5a, 0x0a, 0x0b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x72, 0x61, 0x66, - 0x61, 0x79, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2e, 0x63, 0x6f, 0x6d, - 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x33, 0x2e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4f, 0x70, 0x74, 0x69, - 0x6f, 0x6e, 0x73, 0x2e, 0x41, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x45, - 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x73, 0x12, 0x14, 0x0a, 0x05, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x12, - 0x52, 0x05, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, - 0x74, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x12, 0x52, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x12, - 0x14, 0x0a, 0x05, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x12, 0x52, 0x05, - 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x12, 0x2e, 0x0a, 0x12, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65, 0x53, - 0x63, 0x6f, 0x70, 0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, 0x0d, 0x20, 0x01, 0x28, - 0x08, 0x52, 0x12, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65, 0x53, 0x63, 0x6f, 0x70, 0x65, 0x44, 0x65, - 0x66, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x20, 0x0a, 0x0b, 0x67, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x53, - 0x63, 0x6f, 0x70, 0x65, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x67, 0x6c, 0x6f, 0x62, - 0x61, 0x6c, 0x53, 0x63, 0x6f, 0x70, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x6f, 0x72, 0x64, 0x65, 0x72, - 0x42, 0x79, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x42, - 0x79, 0x12, 0x14, 0x0a, 0x05, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x18, 0x10, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x05, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x65, 0x6c, 0x65, 0x74, - 0x65, 0x64, 0x18, 0x11, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, - 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x64, 0x18, 0x12, 0x20, - 0x01, 0x28, 0x08, 0x52, 0x08, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x64, 0x12, 0x1a, 0x0a, - 0x08, 0x75, 0x72, 0x6c, 0x53, 0x63, 0x6f, 0x70, 0x65, 0x18, 0x13, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x08, 0x75, 0x72, 0x6c, 0x53, 0x63, 0x6f, 0x70, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x69, 0x73, 0x53, - 0x53, 0x4f, 0x55, 0x73, 0x65, 0x72, 0x18, 0x14, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x69, 0x73, - 0x53, 0x53, 0x4f, 0x55, 0x73, 0x65, 0x72, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, - 0x61, 0x6d, 0x65, 0x18, 0x15, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, - 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x18, 0x16, 0x20, - 0x03, 0x28, 0x09, 0x52, 0x06, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x12, 0x22, 0x0a, 0x0c, 0x62, - 0x6c, 0x75, 0x65, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x52, 0x65, 0x66, 0x18, 0x17, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0c, 0x62, 0x6c, 0x75, 0x65, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x52, 0x65, 0x66, 0x12, - 0x2a, 0x0a, 0x10, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x65, 0x64, 0x56, 0x65, 0x72, 0x73, - 0x69, 0x6f, 0x6e, 0x18, 0x18, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x70, 0x75, 0x62, 0x6c, 0x69, - 0x73, 0x68, 0x65, 0x64, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x1c, 0x0a, 0x09, 0x63, - 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x49, 0x44, 0x18, 0x19, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, - 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x49, 0x44, 0x12, 0x0e, 0x0a, 0x02, 0x49, 0x44, 0x18, - 0x1a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x49, 0x44, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x63, 0x63, - 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x1b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x61, 0x63, 0x63, 0x6f, - 0x75, 0x6e, 0x74, 0x1a, 0x39, 0x0a, 0x0b, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, - 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x3e, - 0x0a, 0x10, 0x41, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x45, 0x6e, 0x74, - 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x41, - 0x0a, 0x08, 0x48, 0x74, 0x74, 0x70, 0x42, 0x6f, 0x64, 0x79, 0x12, 0x21, 0x0a, 0x0c, 0x63, 0x6f, - 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x0b, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, - 0x04, 0x64, 0x61, 0x74, 0x61, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x64, 0x61, 0x74, - 0x61, 0x2a, 0x58, 0x0a, 0x0f, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x74, - 0x61, 0x74, 0x75, 0x73, 0x12, 0x10, 0x0a, 0x0c, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x4e, 0x6f, - 0x74, 0x53, 0x65, 0x74, 0x10, 0x00, 0x12, 0x13, 0x0a, 0x0f, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, - 0x53, 0x75, 0x62, 0x6d, 0x69, 0x74, 0x74, 0x65, 0x64, 0x10, 0x01, 0x12, 0x0c, 0x0a, 0x08, 0x53, - 0x74, 0x61, 0x74, 0x75, 0x73, 0x4f, 0x4b, 0x10, 0x02, 0x12, 0x10, 0x0a, 0x0c, 0x53, 0x74, 0x61, - 0x74, 0x75, 0x73, 0x46, 0x61, 0x69, 0x6c, 0x65, 0x64, 0x10, 0x03, 0x2a, 0xa7, 0x01, 0x0a, 0x14, - 0x52, 0x61, 0x66, 0x61, 0x79, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x74, - 0x61, 0x74, 0x75, 0x73, 0x12, 0x0a, 0x0a, 0x06, 0x4e, 0x6f, 0x74, 0x53, 0x65, 0x74, 0x10, 0x00, - 0x12, 0x0b, 0x0a, 0x07, 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x10, 0x01, 0x12, 0x0e, 0x0a, - 0x0a, 0x49, 0x6e, 0x50, 0x72, 0x6f, 0x67, 0x72, 0x65, 0x73, 0x73, 0x10, 0x02, 0x12, 0x0b, 0x0a, - 0x07, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x10, 0x03, 0x12, 0x0a, 0x0a, 0x06, 0x46, 0x61, - 0x69, 0x6c, 0x65, 0x64, 0x10, 0x04, 0x12, 0x09, 0x0a, 0x05, 0x52, 0x65, 0x74, 0x72, 0x79, 0x10, - 0x05, 0x12, 0x0b, 0x0a, 0x07, 0x53, 0x6b, 0x69, 0x70, 0x70, 0x65, 0x64, 0x10, 0x06, 0x12, 0x0b, - 0x0a, 0x07, 0x53, 0x74, 0x6f, 0x70, 0x70, 0x65, 0x64, 0x10, 0x07, 0x12, 0x0b, 0x0a, 0x07, 0x45, - 0x78, 0x70, 0x69, 0x72, 0x65, 0x64, 0x10, 0x08, 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x74, 0x6f, 0x70, - 0x70, 0x69, 0x6e, 0x67, 0x10, 0x09, 0x12, 0x0d, 0x0a, 0x09, 0x53, 0x75, 0x62, 0x6d, 0x69, 0x74, - 0x74, 0x65, 0x64, 0x10, 0x0a, 0x42, 0xf8, 0x01, 0x0a, 0x1d, 0x63, 0x6f, 0x6d, 0x2e, 0x72, 0x61, - 0x66, 0x61, 0x79, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2e, 0x63, 0x6f, - 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x33, 0x42, 0x0b, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x50, - 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x41, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, - 0x6f, 0x6d, 0x2f, 0x52, 0x61, 0x66, 0x61, 0x79, 0x4c, 0x61, 0x62, 0x73, 0x2f, 0x72, 0x63, 0x6c, - 0x6f, 0x75, 0x64, 0x2d, 0x62, 0x61, 0x73, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x74, - 0x79, 0x70, 0x65, 0x73, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x70, 0x62, 0x2f, 0x76, 0x33, - 0x3b, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x76, 0x33, 0xa2, 0x02, 0x04, 0x52, 0x44, 0x54, 0x43, - 0xaa, 0x02, 0x19, 0x52, 0x61, 0x66, 0x61, 0x79, 0x2e, 0x44, 0x65, 0x76, 0x2e, 0x54, 0x79, 0x70, - 0x65, 0x73, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x56, 0x33, 0xca, 0x02, 0x19, 0x52, - 0x61, 0x66, 0x61, 0x79, 0x5c, 0x44, 0x65, 0x76, 0x5c, 0x54, 0x79, 0x70, 0x65, 0x73, 0x5c, 0x43, - 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5c, 0x56, 0x33, 0xe2, 0x02, 0x25, 0x52, 0x61, 0x66, 0x61, 0x79, - 0x5c, 0x44, 0x65, 0x76, 0x5c, 0x54, 0x79, 0x70, 0x65, 0x73, 0x5c, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, - 0x6e, 0x5c, 0x56, 0x33, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, - 0xea, 0x02, 0x1d, 0x52, 0x61, 0x66, 0x61, 0x79, 0x3a, 0x3a, 0x44, 0x65, 0x76, 0x3a, 0x3a, 0x54, - 0x79, 0x70, 0x65, 0x73, 0x3a, 0x3a, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x3a, 0x3a, 0x56, 0x33, - 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x18, + 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x12, 0x0a, 0x04, + 0x72, 0x6f, 0x6c, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x72, 0x6f, 0x6c, 0x65, + 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x69, 0x73, 0x70, 0x6c, 0x61, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x18, + 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x69, 0x73, 0x70, 0x6c, 0x61, 0x79, 0x4e, 0x61, + 0x6d, 0x65, 0x12, 0x4b, 0x0a, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, 0x0a, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x72, 0x61, 0x66, 0x61, 0x79, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x74, + 0x79, 0x70, 0x65, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x33, 0x2e, 0x51, + 0x75, 0x65, 0x72, 0x79, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4c, 0x61, 0x62, 0x65, + 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x12, + 0x5a, 0x0a, 0x0b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x0b, + 0x20, 0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x72, 0x61, 0x66, 0x61, 0x79, 0x2e, 0x64, 0x65, 0x76, + 0x2e, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x33, + 0x2e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x41, 0x6e, + 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0b, + 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x63, + 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x12, 0x52, 0x05, 0x63, 0x6f, 0x75, 0x6e, + 0x74, 0x12, 0x16, 0x0a, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x18, 0x0d, 0x20, 0x01, 0x28, + 0x12, 0x52, 0x06, 0x6f, 0x66, 0x66, 0x73, 0x65, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x6c, 0x69, 0x6d, + 0x69, 0x74, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x12, 0x52, 0x05, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x12, + 0x2e, 0x0a, 0x12, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65, 0x53, 0x63, 0x6f, 0x70, 0x65, 0x44, 0x65, + 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x08, 0x52, 0x12, 0x69, 0x67, 0x6e, + 0x6f, 0x72, 0x65, 0x53, 0x63, 0x6f, 0x70, 0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x12, + 0x20, 0x0a, 0x0b, 0x67, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x53, 0x63, 0x6f, 0x70, 0x65, 0x18, 0x10, + 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x67, 0x6c, 0x6f, 0x62, 0x61, 0x6c, 0x53, 0x63, 0x6f, 0x70, + 0x65, 0x12, 0x18, 0x0a, 0x07, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x42, 0x79, 0x18, 0x11, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x07, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x42, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x6f, + 0x72, 0x64, 0x65, 0x72, 0x18, 0x12, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x6f, 0x72, 0x64, 0x65, + 0x72, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x18, 0x13, 0x20, 0x01, + 0x28, 0x08, 0x52, 0x07, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x65, + 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x64, 0x18, 0x14, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x65, + 0x78, 0x74, 0x65, 0x6e, 0x64, 0x65, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x72, 0x6c, 0x53, 0x63, + 0x6f, 0x70, 0x65, 0x18, 0x15, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x72, 0x6c, 0x53, 0x63, + 0x6f, 0x70, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x69, 0x73, 0x53, 0x53, 0x4f, 0x55, 0x73, 0x65, 0x72, + 0x18, 0x16, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x69, 0x73, 0x53, 0x53, 0x4f, 0x55, 0x73, 0x65, + 0x72, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x17, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, + 0x06, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x18, 0x18, 0x20, 0x03, 0x28, 0x09, 0x52, 0x06, 0x67, + 0x72, 0x6f, 0x75, 0x70, 0x73, 0x12, 0x22, 0x0a, 0x0c, 0x62, 0x6c, 0x75, 0x65, 0x70, 0x72, 0x69, + 0x6e, 0x74, 0x52, 0x65, 0x66, 0x18, 0x19, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x62, 0x6c, 0x75, + 0x65, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x52, 0x65, 0x66, 0x12, 0x2a, 0x0a, 0x10, 0x70, 0x75, 0x62, + 0x6c, 0x69, 0x73, 0x68, 0x65, 0x64, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x1a, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x10, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x65, 0x64, 0x56, 0x65, + 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x1c, 0x0a, 0x09, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, + 0x49, 0x44, 0x18, 0x1b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, + 0x72, 0x49, 0x44, 0x12, 0x0e, 0x0a, 0x02, 0x49, 0x44, 0x18, 0x1c, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x02, 0x49, 0x44, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x1d, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x1a, 0x39, 0x0a, + 0x0b, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, + 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, + 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, + 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x3e, 0x0a, 0x10, 0x41, 0x6e, 0x6e, 0x6f, + 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, + 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, + 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, + 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x41, 0x0a, 0x08, 0x48, 0x74, 0x74, 0x70, + 0x42, 0x6f, 0x64, 0x79, 0x12, 0x21, 0x0a, 0x0c, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x5f, + 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x63, 0x6f, 0x6e, 0x74, + 0x65, 0x6e, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x64, 0x61, 0x74, 0x61, 0x2a, 0x58, 0x0a, 0x0f, 0x43, + 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x10, + 0x0a, 0x0c, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x4e, 0x6f, 0x74, 0x53, 0x65, 0x74, 0x10, 0x00, + 0x12, 0x13, 0x0a, 0x0f, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x53, 0x75, 0x62, 0x6d, 0x69, 0x74, + 0x74, 0x65, 0x64, 0x10, 0x01, 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x4f, + 0x4b, 0x10, 0x02, 0x12, 0x10, 0x0a, 0x0c, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x46, 0x61, 0x69, + 0x6c, 0x65, 0x64, 0x10, 0x03, 0x2a, 0xa7, 0x01, 0x0a, 0x14, 0x52, 0x61, 0x66, 0x61, 0x79, 0x43, + 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x0a, + 0x0a, 0x06, 0x4e, 0x6f, 0x74, 0x53, 0x65, 0x74, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x50, 0x65, + 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x10, 0x01, 0x12, 0x0e, 0x0a, 0x0a, 0x49, 0x6e, 0x50, 0x72, 0x6f, + 0x67, 0x72, 0x65, 0x73, 0x73, 0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x53, 0x75, 0x63, 0x63, 0x65, + 0x73, 0x73, 0x10, 0x03, 0x12, 0x0a, 0x0a, 0x06, 0x46, 0x61, 0x69, 0x6c, 0x65, 0x64, 0x10, 0x04, + 0x12, 0x09, 0x0a, 0x05, 0x52, 0x65, 0x74, 0x72, 0x79, 0x10, 0x05, 0x12, 0x0b, 0x0a, 0x07, 0x53, + 0x6b, 0x69, 0x70, 0x70, 0x65, 0x64, 0x10, 0x06, 0x12, 0x0b, 0x0a, 0x07, 0x53, 0x74, 0x6f, 0x70, + 0x70, 0x65, 0x64, 0x10, 0x07, 0x12, 0x0b, 0x0a, 0x07, 0x45, 0x78, 0x70, 0x69, 0x72, 0x65, 0x64, + 0x10, 0x08, 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x74, 0x6f, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x10, 0x09, + 0x12, 0x0d, 0x0a, 0x09, 0x53, 0x75, 0x62, 0x6d, 0x69, 0x74, 0x74, 0x65, 0x64, 0x10, 0x0a, 0x42, + 0xf8, 0x01, 0x0a, 0x1d, 0x63, 0x6f, 0x6d, 0x2e, 0x72, 0x61, 0x66, 0x61, 0x79, 0x2e, 0x64, 0x65, + 0x76, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, + 0x33, 0x42, 0x0b, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, + 0x5a, 0x41, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x52, 0x61, 0x66, + 0x61, 0x79, 0x4c, 0x61, 0x62, 0x73, 0x2f, 0x72, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x2d, 0x62, 0x61, + 0x73, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2f, 0x63, + 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x70, 0x62, 0x2f, 0x76, 0x33, 0x3b, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, + 0x6e, 0x76, 0x33, 0xa2, 0x02, 0x04, 0x52, 0x44, 0x54, 0x43, 0xaa, 0x02, 0x19, 0x52, 0x61, 0x66, + 0x61, 0x79, 0x2e, 0x44, 0x65, 0x76, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x73, 0x2e, 0x43, 0x6f, 0x6d, + 0x6d, 0x6f, 0x6e, 0x2e, 0x56, 0x33, 0xca, 0x02, 0x19, 0x52, 0x61, 0x66, 0x61, 0x79, 0x5c, 0x44, + 0x65, 0x76, 0x5c, 0x54, 0x79, 0x70, 0x65, 0x73, 0x5c, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5c, + 0x56, 0x33, 0xe2, 0x02, 0x25, 0x52, 0x61, 0x66, 0x61, 0x79, 0x5c, 0x44, 0x65, 0x76, 0x5c, 0x54, + 0x79, 0x70, 0x65, 0x73, 0x5c, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x5c, 0x56, 0x33, 0x5c, 0x47, + 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x1d, 0x52, 0x61, 0x66, + 0x61, 0x79, 0x3a, 0x3a, 0x44, 0x65, 0x76, 0x3a, 0x3a, 0x54, 0x79, 0x70, 0x65, 0x73, 0x3a, 0x3a, + 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x3a, 0x3a, 0x56, 0x33, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x33, } var ( diff --git a/proto/types/commonpb/v3/common.proto b/proto/types/commonpb/v3/common.proto index 2d8afb2..b214dcb 100644 --- a/proto/types/commonpb/v3/common.proto +++ b/proto/types/commonpb/v3/common.proto @@ -249,35 +249,37 @@ message QueryOptions { string partner = 4; string organization = 5; string project = 6; + string group = 7; + string role = 8; // displayName only used for update queries to set displayName (READONLY) - string displayName = 7; + string displayName = 9; // labels only used for update queries to set labels (READONLY) - map labels = 8; + map labels = 10; // annotations only used for update queries to set annotations (READONLY) - map annotations = 9; - sint64 count = 10; - sint64 offset = 11; - sint64 limit = 12; + map annotations = 11; + sint64 count = 12; + sint64 offset = 13; + sint64 limit = 14; // ignoreScopeDefault ignores default values for partnerID, organizationID and // projectID - bool ignoreScopeDefault = 13; + bool ignoreScopeDefault = 15; // globalScope sets partnerID,organizationID,projectID = 0 - bool globalScope = 14; - string orderBy = 15; - string order = 16; - bool deleted = 17; + bool globalScope = 16; + string orderBy = 17; + string order = 18; + bool deleted = 19; - bool extended = 18; + bool extended = 20; // urlScope is supposed to be passed in the URL as kind/HashID(value) - string urlScope = 19; - bool isSSOUser = 20; - string username = 21; - repeated string groups = 22; - string blueprintRef = 23; - string publishedVersion = 24; - string clusterID = 25; - string ID = 26; - string account = 27; + string urlScope = 21; + bool isSSOUser = 22; + string username = 23; + repeated string groups = 24; + string blueprintRef = 25; + string publishedVersion = 26; + string clusterID = 27; + string ID = 28; + string account = 29; } // RafayConditionStatus is the status of the status condition diff --git a/sentry-account.sql b/sentry-account.sql new file mode 100644 index 0000000..8aeeb9a --- /dev/null +++ b/sentry-account.sql @@ -0,0 +1,130 @@ +DROP VIEW IF EXISTS sentry_permission; +CREATE OR REPLACE VIEW sentry_permission AS +SELECT + apr.account_id, + apr.group_id, + apr.project_id, + apr.organization_id, + apr.partner_id, + rbu.role_id, + rbu.is_global, + rbu.scope, + rbu.permission_name, + rbu.base_url, + rbu.urls +FROM ( + SELECT + ga.account_id, + gr.group_id, + uuid_nil() project_id, + gr.role_id, + gr.organization_id, + gr.partner_id + FROM + authsrv_groupaccount ga + INNER JOIN authsrv_grouprole gr ON ga.group_id = gr.group_id + WHERE + ga.trash = FALSE + AND gr.trash = FALSE + UNION + SELECT + account_id, + uuid_nil() as group_id, + uuid_nil() project_id, + role_id, + organization_id, + partner_id + FROM + authsrv_accountresourcerole + WHERE + trash = FALSE + UNION + SELECT + ga.account_id, + ga.group_id, + pgr.project_id, + pgr.role_id, + pgr.organization_id, + pgr.partner_id + FROM + authsrv_projectgrouprole pgr + INNER JOIN authsrv_groupaccount ga ON pgr.group_id = ga.group_id + WHERE + pgr.trash = FALSE + AND ga.trash = FALSE + UNION + SELECT + account_id, + uuid_nil() as group_id, + project_id, + role_id, + organization_id, + partner_id + FROM + authsrv_projectaccountresourcerole + WHERE + trash = FALSE + UNION + SELECT + account_id, + uuid_nil() as group_id, + project_id, + role_id, + organization_id, + partner_id + FROM + authsrv_projectaccountnamespacerole + WHERE + trash = FALSE + UNION + SELECT + ga.account_id, + ga.group_id, + pgnr.project_id, + pgnr.role_id, + pgnr.organization_id, + pgnr.partner_id + FROM + authsrv_projectgroupnamespacerole pgnr + INNER JOIN authsrv_groupaccount ga ON pgnr.group_id = ga.group_id + WHERE + pgnr.trash = FALSE + AND ga.trash = FALSE) AS apr + INNER JOIN ( + SELECT + rp.role_id, + rr.role_name, + rr.is_global, + rr.scope, + p.permission_name, + p.base_url, + p.urls + FROM ( + SELECT + resource_role_id AS role_id, + resource_permission_id AS permission_id + FROM + authsrv_resourcerolepermission + WHERE + trash = FALSE) rp + INNER JOIN ( + SELECT + rp.id AS permission_id, + rp.base_url, + rp.name AS permission_name, + rp.resource_urls || rp.resource_action_urls AS urls + FROM + authsrv_resourcepermission rp) p ON rp.permission_id = p.permission_id + INNER JOIN ( + SELECT + id, + name AS role_name, + is_global, + scope + FROM + authsrv_resourcerole + WHERE + trash = FALSE) rr ON rr.id = rp.role_id) rbu ON apr.role_id = rbu.role_id + INNER JOIN identities ON identities.id = apr.account_id +WHERE + lower(identities.state) = 'active';