finleap-connect · jastBytes · Dec 14, 2021
diff --git a/api/domain/commanddata/user.proto b/api/domain/commanddata/user.proto
@@ -18,6 +18,7 @@ syntax = "proto3";
 // https://cloud.google.com/apis/design/naming_convention
 
 import "validate/validate.proto";
+import "api/domain/common/roles.proto";
 
 option go_package = "github.com/finleap-connect/monoskope/pkg/api/domain/commanddata";
 
@@ -36,9 +37,9 @@ message CreateUserRoleBindingCommandData {
   // Unique identifier of the user (UUID 128-bit number)
   string user_id = 1 [(validate.rules).string.uuid = true];
   // Name of the role to add
-  string role = 2 [(validate.rules).string = {pattern: "^[a-z]+$", max_bytes: 60}];
+  common.Role role = 2;
   // Scope of the role
-  string scope = 3 [(validate.rules).string = {pattern: "^[a-z]+$", max_bytes: 60}];
+  common.Scope scope = 3;
   // Unique identifier of the affected resource within scope (UUID 128-bit
   // number)
   string resource = 4 [(validate.rules).string.uuid = true];

diff --git a/pkg/domain/constants/roles/roles.go → api/domain/common/roles.proto b/pkg/domain/constants/roles/roles.go → api/domain/common/roles.proto
@@ -12,43 +12,33 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package roles
+syntax = "proto3";
 
-import (
-	"fmt"
+// This file follows google's gRPC naming conventions:
+// https://cloud.google.com/apis/design/naming_convention
 
-	"github.com/finleap-connect/monoskope/pkg/domain/errors"
-	es "github.com/finleap-connect/monoskope/pkg/eventsourcing"
-)
+option go_package = "github.com/finleap-connect/monoskope/pkg/api/domain/common";
+
+package common;
 
 // Roles
-const (
+enum Role {
 	// Admin role
-	Admin es.Role = "admin"
-
+    admin = 0;
 	// User role
-	User es.Role = "user"
-
+    user = 1;
 	// OnCall role
-	OnCall es.Role = "oncall"
-
+    oncall = 2;
 	// K8sOperator role
-	K8sOperator es.Role = "k8soperator"
-)
-
-// A list of all existing roles.
-var AvailableRoles = []es.Role{
-	Admin,
-	User,
-	K8sOperator,
-	OnCall,
+    k8soperator = 3;
 }
 
-func ValidateRole(role string) error {
-	for _, v := range AvailableRoles {
-		if v.String() == role {
-			return nil
-		}
-	}
-	return errors.ErrInvalidArgument(fmt.Sprintf("Role '%s' is invalid.", role))
-}
+// Scopes
+enum Scope {
+	// System scope
+    system = 0;
+	// Tenant scope
+    tenant = 1;
+	// Cluster scope
+    cluster = 2;
+}
diff --git a/api/domain/eventdata/user.proto b/api/domain/eventdata/user.proto
@@ -20,6 +20,7 @@ syntax = "proto3";
 // import "google/protobuf/wrappers.proto";
 
 import "validate/validate.proto";
+import "api/domain/common/roles.proto";
 
 option go_package = "github.com/finleap-connect/monoskope/pkg/api/domain/eventdata";
 
@@ -36,9 +37,9 @@ message UserRoleAdded {
   // Unique identifier of the user (UUID 128-bit number)
   string user_id = 1 [(validate.rules).string.uuid = true];
   // Name of the role added to the user
-  string role = 2 [(validate.rules).string = {pattern: "^[a-z]+$", max_bytes: 60}];
+  common.Role role = 2;
   // Scope of the role
-  string scope = 3 [(validate.rules).string = {pattern: "^[a-z]+$", max_bytes: 60}];
+  common.Scope scope = 3;
   // Unique identifier of the affected resource (UUID 128-bit number)
   string resource = 4 [(validate.rules).string.uuid = true];
 }
diff --git a/docs/development/02-commands.md b/docs/development/02-commands.md
@@ -66,7 +66,7 @@ So before adding a new `Command` you might have a look at the docs about them fi
     // Policies returns the Role/Scope combination allowed to execute.
     func (c *UpdateUserNameCommand) Policies(ctx context.Context) []es.Policy {
         return []es.Policy{
-            es.NewPolicy().WithRole(roles.Admin).WithScope(scopes.System), // Allows system admins to update a user name
+            es.NewPolicy().WithRole(es.Role(common.Role_admin.String())).WithScope(es.Scope(common.Scope_system.String())), // Allows system admins to update a user name
         }
     }
     ```

diff --git a/internal/commandhandler/api_server.go b/internal/commandhandler/api_server.go
@@ -20,10 +20,9 @@ import (
 	"time"
 
 	api_domain "github.com/finleap-connect/monoskope/pkg/api/domain"
+	"github.com/finleap-connect/monoskope/pkg/api/domain/common"
 	api "github.com/finleap-connect/monoskope/pkg/api/eventsourcing"
 	"github.com/finleap-connect/monoskope/pkg/api/eventsourcing/commands"
-	"github.com/finleap-connect/monoskope/pkg/domain/constants/roles"
-	"github.com/finleap-connect/monoskope/pkg/domain/constants/scopes"
 	"github.com/finleap-connect/monoskope/pkg/domain/errors"
 	metadata "github.com/finleap-connect/monoskope/pkg/domain/metadata"
 	evs "github.com/finleap-connect/monoskope/pkg/eventsourcing"
@@ -92,11 +91,11 @@ func (s *apiServer) Execute(ctx context.Context, command *commands.Command) (*ap
 // GetPermissionModel implements API method GetPermissionModel
 func (s *apiServer) GetPermissionModel(ctx context.Context, in *empty.Empty) (*api_domain.PermissionModel, error) {
 	permissionModel := &api_domain.PermissionModel{}
-	for _, role := range roles.AvailableRoles {
-		permissionModel.Roles = append(permissionModel.Roles, role.String())
+	for _, role := range common.Role_name {
+		permissionModel.Roles = append(permissionModel.Roles, role)
 	}
-	for _, scope := range scopes.AvailableScopes {
-		permissionModel.Scopes = append(permissionModel.Scopes, scope.String())
+	for _, scope := range common.Scope_name {
+		permissionModel.Scopes = append(permissionModel.Scopes, scope)
 	}
 	return permissionModel, nil
 }

diff --git a/internal/gateway/suite_test.go b/internal/gateway/suite_test.go
@@ -29,8 +29,6 @@ import (
 	api_common "github.com/finleap-connect/monoskope/pkg/api/domain/common"
 	api "github.com/finleap-connect/monoskope/pkg/api/gateway"
 	clientAuth "github.com/finleap-connect/monoskope/pkg/auth"
-	"github.com/finleap-connect/monoskope/pkg/domain/constants/roles"
-	"github.com/finleap-connect/monoskope/pkg/domain/constants/scopes"
 	"github.com/finleap-connect/monoskope/pkg/domain/projections"
 	"github.com/finleap-connect/monoskope/pkg/domain/repositories"
 	es_repos "github.com/finleap-connect/monoskope/pkg/eventsourcing/repositories"
@@ -190,8 +188,8 @@ var _ = BeforeSuite(func() {
 		env.AdminUser = adminUser
 		adminRoleBinding := projections.NewUserRoleBinding(uuid.New())
 		adminRoleBinding.UserId = env.AdminUser.Id
-		adminRoleBinding.Role = roles.Admin.String()
-		adminRoleBinding.Scope = scopes.System.String()
+		adminRoleBinding.Role = api_common.Role_admin.String()
+		adminRoleBinding.Scope = api_common.Scope_system.String()
 
 		existingUser := projections.NewUserProjection(uuid.New()).(*projections.User)
 		existingUser.Name = "someone"

diff --git a/internal/integration_test.go b/internal/integration_test.go
@@ -34,8 +34,6 @@ import (
 	"github.com/finleap-connect/monoskope/pkg/domain/constants/aggregates"
 	commandTypes "github.com/finleap-connect/monoskope/pkg/domain/constants/commands"
 	"github.com/finleap-connect/monoskope/pkg/domain/constants/events"
-	"github.com/finleap-connect/monoskope/pkg/domain/constants/roles"
-	"github.com/finleap-connect/monoskope/pkg/domain/constants/scopes"
 	"github.com/finleap-connect/monoskope/pkg/domain/errors"
 	metadata "github.com/finleap-connect/monoskope/pkg/domain/metadata"
 	es "github.com/finleap-connect/monoskope/pkg/eventsourcing"
@@ -135,7 +133,7 @@ var _ = Describe("integration", func() {
 			userRoleBindingId := uuid.New()
 			command, err = cmd.AddCommandData(
 				cmd.CreateCommand(userRoleBindingId, commandTypes.CreateUserRoleBinding),
-				&cmdData.CreateUserRoleBindingCommandData{Role: roles.Admin.String(), Scope: scopes.System.String(), UserId: userId.String(), Resource: uuid.New().String()},
+				&cmdData.CreateUserRoleBindingCommandData{Role: common.Role_admin, Scope: common.Scope_system, UserId: userId.String(), Resource: uuid.New().String()},
 			)
 			Expect(err).ToNot(HaveOccurred())
 
@@ -146,9 +144,6 @@ var _ = Describe("integration", func() {
 			// update userRolebBindingId, as the "create" command will have changed it.
 			userRoleBindingId = uuid.MustParse(reply.AggregateId)
 
-			// Wait to propagate
-			time.Sleep(500 * time.Millisecond)
-
 			// Creating the same rolebinding again should fail
 			Eventually(func(g Gomega) {
 				command.Id = uuid.New().String()
@@ -159,8 +154,8 @@ var _ = Describe("integration", func() {
 			user, err = userServiceClient().GetByEmail(ctx, wrapperspb.String("[email protected]"))
 			Expect(err).ToNot(HaveOccurred())
 			Expect(user).ToNot(BeNil())
-			Expect(user.Roles[0].Role).To(Equal(roles.Admin.String()))
-			Expect(user.Roles[0].Scope).To(Equal(scopes.System.String()))
+			Expect(user.Roles[0].Role).To(Equal(common.Role_admin.String()))
+			Expect(user.Roles[0].Scope).To(Equal(common.Scope_system.String()))
 
 			_, err = commandHandlerClient().Execute(mdManager.GetOutgoingGrpcContext(), cmd.CreateCommand(userRoleBindingId, commandTypes.DeleteUserRoleBinding))
 			Expect(err).ToNot(HaveOccurred())

diff --git a/internal/suite_test.go b/internal/suite_test.go
@@ -18,7 +18,6 @@ import (
 	"testing"
 
 	"github.com/finleap-connect/monoskope/internal/test"
-	"github.com/onsi/ginkgo/reporters"
 
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
@@ -31,8 +30,7 @@ var (
 
 func TestQueryHandler(t *testing.T) {
 	RegisterFailHandler(Fail)
-	junitReporter := reporters.NewJUnitReporter("../reports/internal-junit.xml")
-	RunSpecsWithDefaultAndCustomReporters(t, "integration", []Reporter{junitReporter})
+	RunSpecs(t, "integration")
 }
 
 var _ = BeforeSuite(func() {

diff --git a/pkg/api/domain/commanddata/user.pb.go b/pkg/api/domain/commanddata/user.pb.go