diff --git a/.env b/.env index 1b9fc1a..154e2f1 100644 --- a/.env +++ b/.env @@ -1,8 +1,5 @@ -# NOTE -# You SHOULD specify point releases here so that build time and run time Erlang/OTPs -# are the same. See: https://github.com/erlware/relx/pull/902 SERVICE_NAME=bouncer -OTP_VERSION=24.2.0 +OTP_VERSION=24.3.4 REBAR_VERSION=3.18 -THRIFT_VERSION=0.14.2.2 +THRIFT_VERSION=0.14.2.3 OPA_VERSION=0.37.2 diff --git a/.github/workflows/basic-linters.yml b/.github/workflows/basic-linters.yaml similarity index 100% rename from .github/workflows/basic-linters.yml rename to .github/workflows/basic-linters.yaml diff --git a/.github/workflows/build-and-push-image.yaml b/.github/workflows/build-and-push-image.yaml deleted file mode 100644 index b704a49..0000000 --- a/.github/workflows/build-and-push-image.yaml +++ /dev/null @@ -1,54 +0,0 @@ -name: Build and push Docker image -on: - push: - branches: [master] - -env: - REGISTRY: ghcr.io - -jobs: - build: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v2 - - - name: Log in to the Container registry - uses: docker/login-action@v1 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Construct tags / labels for an image - id: meta - uses: docker/metadata-action@v3 - with: - images: | - ${{ env.REGISTRY }}/${{ github.repository }} - tags: | - type=sha - - # https://docs.github.com/en/actions/learn-github-actions/workflow-commands-for-github-actions#setting-an-environment-variable - - name: Update environment variables - run: grep -v '^#' .env >> $GITHUB_ENV - - - name: Set up QEMU - uses: docker/setup-qemu-action@v1 - - - name: Setup Buildx - uses: docker/setup-buildx-action@v1 - - - name: Build and push Docker image - uses: docker/build-push-action@v2 - with: - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - platforms: linux/amd64,linux/arm64 - cache-from: type=gha - cache-to: type=gha,mode=max - build-args: | - OTP_VERSION=${{ env.OTP_VERSION }} - THRIFT_VERSION=${{ env.THRIFT_VERSION }} - SERVICE_NAME=${{ env.SERVICE_NAME }} diff --git a/.github/workflows/build-image.yaml b/.github/workflows/build-image.yaml index 5e525b7..ff53b0e 100644 --- a/.github/workflows/build-image.yaml +++ b/.github/workflows/build-image.yaml @@ -1,43 +1,21 @@ -name: Build Docker image +name: Build and publish Docker image + on: + push: + branches: + - 'master' + - 'epic/**' pull_request: - branches: ["*"] + branches: ['**'] env: REGISTRY: ghcr.io jobs: - build: + build-push: runs-on: ubuntu-latest steps: - - name: Checkout code - uses: actions/checkout@v2 - - - name: Construct tags / labels for an image - id: meta - uses: docker/metadata-action@v3 + - uses: valitydev/action-deploy-docker@v2 with: - images: | - ${{ env.REGISTRY }}/${{ github.repository }} - tags: | - type=sha - - # https://docs.github.com/en/actions/learn-github-actions/workflow-commands-for-github-actions#setting-an-environment-variable - - name: Update environment variables - run: grep -v '^#' .env >> $GITHUB_ENV - - - name: Setup Buildx - uses: docker/setup-buildx-action@v1 - - - name: Build Docker image - uses: docker/build-push-action@v2 - with: - push: false - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - cache-from: type=gha - cache-to: type=gha,mode=max - build-args: | - OTP_VERSION=${{ env.OTP_VERSION }} - THRIFT_VERSION=${{ env.THRIFT_VERSION }} - SERVICE_NAME=${{ env.SERVICE_NAME }} + registry-username: ${{ github.actor }} + registry-access-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/erlang-checks.yaml b/.github/workflows/erlang-checks.yaml index 0ef752b..4bb7abf 100644 --- a/.github/workflows/erlang-checks.yaml +++ b/.github/workflows/erlang-checks.yaml @@ -6,7 +6,7 @@ on: - 'master' - 'epic/**' pull_request: - branches: [ '**' ] + branches: ['**'] jobs: setup: diff --git a/Dockerfile b/Dockerfile index ee06622..ec0732d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,10 +2,10 @@ ARG OTP_VERSION # Build the release FROM docker.io/library/erlang:${OTP_VERSION} AS builder +SHELL ["/bin/bash", "-o", "pipefail", "-c"] # Install thrift compiler ARG THRIFT_VERSION - ARG TARGETARCH RUN wget -q -O- "https://github.com/valitydev/thrift/releases/download/${THRIFT_VERSION}/thrift-${THRIFT_VERSION}-linux-${TARGETARCH}.tar.gz" \ | tar -xvz -C /usr/local/bin/ @@ -16,8 +16,8 @@ COPY . /build/ # Build the release WORKDIR /build -RUN rebar3 compile -RUN rebar3 as prod release +RUN rebar3 compile && \ + rebar3 as prod release # Make a runner image FROM docker.io/library/erlang:${OTP_VERSION}-slim @@ -28,15 +28,15 @@ ARG SERVICE_NAME ENV CHARSET=UTF-8 ENV LANG=C.UTF-8 -# Expose SERVICE_NAME as env so CMD expands properly on start -ENV SERVICE_NAME=${SERVICE_NAME} - # Set runtime WORKDIR /opt/${SERVICE_NAME} COPY --from=builder /build/_build/prod/rel/${SERVICE_NAME} /opt/${SERVICE_NAME} +RUN echo "#!/bin/sh" >> /entrypoint.sh && \ + echo "exec /opt/${SERVICE_NAME}/bin/${SERVICE_NAME} foreground" >> /entrypoint.sh && \ + chmod +x /entrypoint.sh ENTRYPOINT [] -CMD /opt/${SERVICE_NAME}/bin/${SERVICE_NAME} foreground +CMD ["/entrypoint.sh"] EXPOSE 8022 diff --git a/Dockerfile.dev b/Dockerfile.dev index b2805aa..e4cfa53 100644 --- a/Dockerfile.dev +++ b/Dockerfile.dev @@ -1,13 +1,17 @@ ARG OTP_VERSION FROM docker.io/library/erlang:${OTP_VERSION} +SHELL ["/bin/bash", "-o", "pipefail", "-c"] +# Install thrift compiler ARG THRIFT_VERSION -ARG BUILDARCH - -RUN wget -q -O- "https://github.com/valitydev/thrift/releases/download/${THRIFT_VERSION}/thrift-${THRIFT_VERSION}-linux-${BUILDARCH}.tar.gz" \ +ARG TARGETARCH +RUN wget -q -O- "https://github.com/valitydev/thrift/releases/download/${THRIFT_VERSION}/thrift-${THRIFT_VERSION}-linux-${TARGETARCH}.tar.gz" \ | tar -xvz -C /usr/local/bin/ +# Set env ENV CHARSET=UTF-8 ENV LANG=C.UTF-8 -CMD /bin/bash + +# Set runtime +CMD ["/bin/bash"] diff --git a/elvis.config b/elvis.config index 069b0a5..90dc7f7 100644 --- a/elvis.config +++ b/elvis.config @@ -3,7 +3,7 @@ {verbose, true}, {config, [ #{ - dirs => ["src"], + dirs => ["src", "include"], filter => "*.erl", ruleset => erl_files, rules => [ @@ -44,20 +44,28 @@ filter => "Makefile", ruleset => makefiles }, + #{ + dirs => ["."], + filter => "elvis.config", + ruleset => elvis_config + }, #{ dirs => ["."], filter => "rebar.config", + ruleset => rebar_config, rules => [ - {elvis_text_style, line_length, #{limit => 100, skip_comments => false}}, + {elvis_text_style, line_length, #{limit => 120}}, {elvis_text_style, no_tabs}, - {elvis_text_style, no_trailing_whitespace} + {elvis_text_style, no_trailing_whitespace}, + %% Temporarily disabled till regex pattern is available + {elvis_project, no_deps_master_rebar, disable} ] }, #{ dirs => ["src"], filter => "*.app.src", rules => [ - {elvis_text_style, line_length, #{limit => 100, skip_comments => false}}, + {elvis_text_style, line_length, #{limit => 120}}, {elvis_text_style, no_tabs}, {elvis_text_style, no_trailing_whitespace} ] diff --git a/rebar.lock b/rebar.lock index 6e98720..ba12405 100644 --- a/rebar.lock +++ b/rebar.lock @@ -2,7 +2,7 @@ [{<<"bear">>,{pkg,<<"bear">>,<<"0.9.0">>},2}, {<<"bouncer_proto">>, {git,"https://github.com/valitydev/bouncer-proto.git", - {ref,"3b5927d4ee59983e855f87ddaee2aac4deeae0fe"}}, + {ref,"de15d375ee77c5002c55a1ba9a20a67d2c222115"}}, 0}, {<<"cache">>,{pkg,<<"cache">>,<<"2.3.3">>},1}, {<<"certifi">>,{pkg,<<"certifi">>,<<"2.8.0">>},2}, @@ -53,7 +53,7 @@ {<<"mimerl">>,{pkg,<<"mimerl">>,<<"1.2.0">>},2}, {<<"org_management_proto">>, {git,"https://github.com/valitydev/org-management-proto.git", - {ref,"39d8513ced33a0a53435326f68352c220c9e41dd"}}, + {ref,"03a269df4805fa604e8fd2d04241619a739e2ae3"}}, 0}, {<<"parse_trans">>,{pkg,<<"parse_trans">>,<<"3.3.1">>},2}, {<<"ranch">>,{pkg,<<"ranch">>,<<"1.8.0">>},1}, diff --git a/src/bouncer.erl b/src/bouncer.erl index 569f795..767ca00 100644 --- a/src/bouncer.erl +++ b/src/bouncer.erl @@ -100,7 +100,7 @@ get_handler_specs(ServiceOpts, AuditPulse, OpaClient) -> [ { maps:get(path, ArbiterService, <<"/v1/arbiter">>), - {{bouncer_decisions_thrift, 'Arbiter'}, {bouncer_arbiter_handler, ArbiterOpts}} + {{bouncer_decision_thrift, 'Arbiter'}, {bouncer_arbiter_handler, ArbiterOpts}} } ]. @@ -111,7 +111,7 @@ get_stub_handler_specs(ServiceOpts) -> { maps:get(path, OrgManagementStub, <<"/v1/org_management_stub">>), { - {orgmgmt_auth_context_provider_thrift, 'AuthContextProvider'}, + {orgmgmt_authctx_provider_thrift, 'AuthContextProvider'}, bouncer_org_management_stub } } diff --git a/src/bouncer_arbiter_handler.erl b/src/bouncer_arbiter_handler.erl index 7b20a4c..69d332d 100644 --- a/src/bouncer_arbiter_handler.erl +++ b/src/bouncer_arbiter_handler.erl @@ -1,6 +1,8 @@ -module(bouncer_arbiter_handler). --include_lib("bouncer_proto/include/bouncer_decisions_thrift.hrl"). +-include_lib("bouncer_proto/include/bouncer_decision_thrift.hrl"). +-include_lib("bouncer_proto/include/bouncer_ctx_thrift.hrl"). +-include_lib("bouncer_proto/include/bouncer_rstn_thrift.hrl"). %% Woody handler @@ -56,10 +58,10 @@ handle_judge(RulesetID, ContextIn, St0) -> {ok, encode_judgement(Judgement)}; {error, ruleset_notfound = Reason} -> ok = handle_judgement_beat({failed, Reason}, St2), - throw({woody, business, #bdcs_RulesetNotFound{}}); + throw({woody, business, #decision_RulesetNotFound{}}); {error, {ruleset_invalid, _} = Reason} -> ok = handle_judgement_beat({failed, Reason}, St2), - throw({woody, business, #bdcs_InvalidRuleset{}}); + throw({woody, business, #decision_InvalidRuleset{}}); {error, Reason} -> handle_network_error(Reason, St2) end. @@ -77,32 +79,32 @@ handle_network_error({unknown, Reason} = Error, St) -> -type fragment_id() :: binary(). -type fragment_metadata() :: #{atom() => _}. --type thrift_judgement() :: bouncer_decisions_thrift:'Judgement'(). --type thrift_context() :: bouncer_decisions_thrift:'Context'(). --type thrift_fragment() :: bouncer_context_thrift:'ContextFragment'(). --type thrift_fragment_type() :: bouncer_context_thrift:'ContextFragmentType'(). +-type thrift_judgement() :: bouncer_decision_thrift:'Judgement'(). +-type thrift_context() :: bouncer_decision_thrift:'Context'(). +-type thrift_fragment() :: bouncer_ctx_thrift:'ContextFragment'(). +-type thrift_fragment_type() :: bouncer_ctx_thrift:'ContextFragmentType'(). -spec encode_judgement(bouncer_arbiter:judgement()) -> thrift_judgement(). encode_judgement({Resolution, _Assertions}) -> - #bdcs_Judgement{ + #decision_Judgement{ resolution = encode_resolution(Resolution) }. encode_resolution(allowed) -> - {allowed, #bdcs_ResolutionAllowed{}}; + {allowed, #decision_ResolutionAllowed{}}; encode_resolution(forbidden) -> - {forbidden, #bdcs_ResolutionForbidden{}}; + {forbidden, #decision_ResolutionForbidden{}}; encode_resolution({restricted, Restrictions}) -> - {restricted, #bdcs_ResolutionRestricted{ + {restricted, #decision_ResolutionRestricted{ restrictions = encode_restrictions(Restrictions) }}. encode_restrictions(Restrictions) -> - {struct, _, StructDef} = bouncer_restriction_thrift:struct_info('Restrictions'), - bouncer_thrift:json_to_thrift_struct(StructDef, Restrictions, #brstn_Restrictions{}). + {struct, _, StructDef} = bouncer_rstn_thrift:struct_info('Restrictions'), + bouncer_thrift:json_to_thrift_struct(StructDef, Restrictions, #rstn_Restrictions{}). -spec decode_context(thrift_context(), st()) -> {bouncer_context:ctx(), st()}. -decode_context(#bdcs_Context{fragments = FragmentsIn}, St0) -> +decode_context(#decision_Context{fragments = FragmentsIn}, St0) -> % 1. Decode each fragment. {Fragments, St1} = decode_fragments(FragmentsIn, St0), % 2. Merge each decoded context into an empty context. Accumulate conflicts associated with @@ -131,7 +133,7 @@ decode_context(#bdcs_Context{fragments = FragmentsIn}, St0) -> % системы рано или поздно они где-нибудь появятся), быть может стоит это сделать % сразу? ok = handle_judgement_beat({failed, {conflicting_context, Conflicts}}, St1), - throw({woody, business, #bdcs_InvalidContext{}}) + throw({woody, business, #decision_InvalidContext{}}) end. -spec decode_fragments(#{fragment_id() => thrift_fragment()}, st()) -> @@ -139,8 +141,8 @@ decode_context(#bdcs_Context{fragments = FragmentsIn}, St0) -> decode_fragments(Fragments, St0) -> {Ctxs, Errors, PulseMeta} = maps:fold( fun(ID, Fragment, {CtxAcc, ErrorAcc, PulseMetaAcc}) -> - Type = Fragment#bctx_ContextFragment.type, - Content = genlib:define(Fragment#bctx_ContextFragment.content, <<>>), + Type = Fragment#ctx_ContextFragment.type, + Content = genlib:define(Fragment#ctx_ContextFragment.content, <<>>), case decode_fragment(Type, Content) of {ok, Ctx, Meta} -> PulseMeta = #{ @@ -170,7 +172,7 @@ decode_fragments(Fragments, St0) -> {Ctxs, St1}; _ -> ok = handle_judgement_beat({failed, {malformed_context, Errors}}, St1), - throw({woody, business, #bdcs_InvalidContext{}}) + throw({woody, business, #decision_InvalidContext{}}) end. -spec decode_fragment(thrift_fragment_type(), _Content :: binary()) -> diff --git a/src/bouncer_context_v1.erl b/src/bouncer_context_v1.erl index f26942b..2e4dbe8 100644 --- a/src/bouncer_context_v1.erl +++ b/src/bouncer_context_v1.erl @@ -1,6 +1,6 @@ -module(bouncer_context_v1). --include_lib("bouncer_proto/include/bouncer_context_v1_thrift.hrl"). +-include_lib("bouncer_proto/include/bouncer_ctx_v1_thrift.hrl"). -type vsn() :: integer(). -type format() :: thrift. @@ -19,10 +19,10 @@ %% -define(THRIFT_TYPE, - {struct, struct, {bouncer_context_v1_thrift, 'ContextFragment'}} + {struct, struct, {bouncer_ctx_v1_thrift, 'ContextFragment'}} ). --type thrift_ctx_fragment() :: bouncer_context_v1_thrift:'ContextFragment'(). +-type thrift_ctx_fragment() :: bouncer_ctx_v1_thrift:'ContextFragment'(). -spec decode(format(), _Content :: binary()) -> {ok, bouncer_context:ctx(), metadata()} | {error, _Reason}. @@ -41,31 +41,31 @@ decode(thrift, Content) -> end. -spec from_thrift(thrift_ctx_fragment()) -> {ok, bouncer_context:ctx(), metadata()}. -from_thrift(#bctx_v1_ContextFragment{} = Ctx0) -> +from_thrift(#ctx_v1_ContextFragment{} = Ctx0) -> Ctx1 = try_upgrade(Ctx0), Metadata = #{ version => #{ - current => Ctx1#bctx_v1_ContextFragment.vsn, - original => Ctx0#bctx_v1_ContextFragment.vsn, - latest => ?BCTX_V1_HEAD + current => Ctx1#ctx_v1_ContextFragment.vsn, + original => Ctx0#ctx_v1_ContextFragment.vsn, + latest => ?CTX_V1_HEAD } }, {ok, from_thrift_context(Ctx1), Metadata}. from_thrift_context(Ctx) -> {struct, _, [_VsnField | StructDef]} = - bouncer_context_v1_thrift:struct_info('ContextFragment'), + bouncer_ctx_v1_thrift:struct_info('ContextFragment'), % NOTE % This 3 refers to the first data field in a ContextFragment, after version field. bouncer_thrift:from_thrift_struct(StructDef, Ctx, 3, #{}). -spec try_upgrade(thrift_ctx_fragment()) -> thrift_ctx_fragment(). -try_upgrade(#bctx_v1_ContextFragment{vsn = 1} = Ctx) -> +try_upgrade(#ctx_v1_ContextFragment{vsn = 1} = Ctx) -> % no legacy data producers % legacy structures have been removed % nothing to update - Ctx#bctx_v1_ContextFragment{vsn = ?BCTX_V1_HEAD}; -try_upgrade(#bctx_v1_ContextFragment{vsn = ?BCTX_V1_HEAD} = Ctx) -> + Ctx#ctx_v1_ContextFragment{vsn = ?CTX_V1_HEAD}; +try_upgrade(#ctx_v1_ContextFragment{vsn = ?CTX_V1_HEAD} = Ctx) -> Ctx. %% @@ -83,5 +83,5 @@ encode(thrift, Context) -> -spec to_thrift(bouncer_context:ctx()) -> thrift_ctx_fragment() | no_return(). to_thrift(Context) -> - {struct, _, StructDef} = bouncer_context_v1_thrift:struct_info('ContextFragment'), - bouncer_thrift:to_thrift_struct(StructDef, Context, #bctx_v1_ContextFragment{}). + {struct, _, StructDef} = bouncer_ctx_v1_thrift:struct_info('ContextFragment'), + bouncer_thrift:to_thrift_struct(StructDef, Context, #ctx_v1_ContextFragment{}). diff --git a/src/bouncer_org_management_stub.erl b/src/bouncer_org_management_stub.erl index 878c09e..f927b8e 100644 --- a/src/bouncer_org_management_stub.erl +++ b/src/bouncer_org_management_stub.erl @@ -1,33 +1,34 @@ %% TODO delete after org_management is done -module(bouncer_org_management_stub). --include_lib("org_management_proto/include/orgmgmt_context_thrift.hrl"). --include_lib("bouncer_proto/include/bouncer_context_v1_thrift.hrl"). +-include_lib("bouncer_proto/include/bouncer_ctx_thrift.hrl"). +-include_lib("bouncer_proto/include/bouncer_ctx_v1_thrift.hrl"). +-include_lib("bouncer_proto/include/bouncer_base_thrift.hrl"). -behaviour(woody_server_thrift_handler). -export([handle_function/4]). -define(THRIFT_TYPE, - {struct, struct, {bouncer_context_v1_thrift, 'ContextFragment'}} + {struct, struct, {bouncer_ctx_v1_thrift, 'ContextFragment'}} ). -spec handle_function(woody:func(), woody:args(), woody_context:ctx(), woody_state:st()) -> {ok, woody:result()}. handle_function('GetUserContext', {UserID}, _WoodyCtx, _Opts) -> - ContextFragmentV1 = #bctx_v1_ContextFragment{ - user = #bctx_v1_User{ + ContextFragmentV1 = #ctx_v1_ContextFragment{ + user = #ctx_v1_User{ id = UserID, orgs = [ - #bctx_v1_Organization{ + #ctx_v1_Organization{ id = UserID, - owner = #bouncer_base_Entity{id = UserID}, - party = #bouncer_base_Entity{id = UserID} + owner = #base_Entity{id = UserID}, + party = #base_Entity{id = UserID} } ] } }, - {ok, #bctx_ContextFragment{ + {ok, #ctx_ContextFragment{ type = v1_thrift_binary, content = encode_context_fragment(ContextFragmentV1) }}. diff --git a/test/bouncer_audit_tests_SUITE.erl b/test/bouncer_audit_tests_SUITE.erl index 2290e91..e4f25ce 100644 --- a/test/bouncer_audit_tests_SUITE.erl +++ b/test/bouncer_audit_tests_SUITE.erl @@ -1,6 +1,5 @@ -module(bouncer_audit_tests_SUITE). --include_lib("common_test/include/ct.hrl"). -include_lib("stdlib/include/assert.hrl"). -export([all/0]). @@ -15,7 +14,7 @@ -export([write_error_fails_request/1]). -export([write_queue_contention/1]). --include_lib("bouncer_proto/include/bouncer_decisions_thrift.hrl"). +-include_lib("bouncer_proto/include/bouncer_decision_thrift.hrl"). -type config() :: ct_helper:config(). -type testcase_name() :: atom(). @@ -68,7 +67,7 @@ end_per_testcase(_Name, _C) -> %% --define(CONTEXT(Fragments), #bdcs_Context{fragments = Fragments}). +-define(CONTEXT(Fragments), #decision_Context{fragments = Fragments}). -spec invalid_config_fails_start(config()) -> ok. -spec unrecognized_config_fails_start(config()) -> ok. @@ -251,7 +250,7 @@ call(ServiceName, Fn, Args, {WoodyCtx, ServiceURLs}) -> end. get_service_spec(arbiter) -> - {bouncer_decisions_thrift, 'Arbiter'}. + {bouncer_decision_thrift, 'Arbiter'}. %% diff --git a/test/bouncer_gunner_metrics_SUITE.erl b/test/bouncer_gunner_metrics_SUITE.erl index 08cad58..d3562f1 100644 --- a/test/bouncer_gunner_metrics_SUITE.erl +++ b/test/bouncer_gunner_metrics_SUITE.erl @@ -19,7 +19,7 @@ %% --include_lib("bouncer_proto/include/bouncer_decisions_thrift.hrl"). +-include_lib("bouncer_proto/include/bouncer_decision_thrift.hrl"). -define(CONFIG(Key, C), (element(2, lists:keyfind(Key, 1, C)))). -define(OPA_HOST, "opa"). @@ -68,7 +68,7 @@ end_per_testcase(_Name, C) -> -spec basic_metrics_test(config()) -> _. basic_metrics_test(C) -> - _ = call_judge("service/authz/api", #bdcs_Context{fragments = #{}}, mk_client(C)), + _ = call_judge("service/authz/api", #decision_Context{fragments = #{}}, mk_client(C)), _ = timer:sleep(100), ?assertEqual(25, get_metric([gunner, config, connections, max])), ?assertEqual(5, get_metric([gunner, config, connections, min])), @@ -112,7 +112,7 @@ call(ServiceName, Fn, Args, {WoodyCtx, ServiceURLs}) -> end. get_service_spec(arbiter) -> - {bouncer_decisions_thrift, 'Arbiter'}. + {bouncer_decision_thrift, 'Arbiter'}. %% diff --git a/test/bouncer_stub_tests_SUITE.erl b/test/bouncer_stub_tests_SUITE.erl index 2adfce9..66fb57a 100644 --- a/test/bouncer_stub_tests_SUITE.erl +++ b/test/bouncer_stub_tests_SUITE.erl @@ -1,9 +1,9 @@ %% TODO delete after org_management is done -module(bouncer_stub_tests_SUITE). --include_lib("common_test/include/ct.hrl"). -include_lib("stdlib/include/assert.hrl"). --include_lib("org_management_proto/include/orgmgmt_context_thrift.hrl"). + +-include_lib("bouncer_proto/include/bouncer_ctx_thrift.hrl"). -export([all/0]). -export([groups/0]). @@ -26,7 +26,6 @@ -define(OPA_HOST, "opa"). -define(OPA_ENDPOINT, {?OPA_HOST, 8181}). --define(API_RULESET_ID, "service/authz/api"). -spec all() -> [{group, group_name()}]. all() -> @@ -119,7 +118,7 @@ orgmgmt_get_user_context_ok(C) -> Client = mk_client(C), UserID = <<"UserID">>, ?assertMatch( - #bctx_ContextFragment{ + #ctx_ContextFragment{ type = v1_thrift_binary, content = _Content }, @@ -148,4 +147,4 @@ call(ServiceName, Fn, Args, {WoodyCtx, ServiceURLs}) -> end. get_service_spec(org_management) -> - {orgmgmt_auth_context_provider_thrift, 'AuthContextProvider'}. + {orgmgmt_authctx_provider_thrift, 'AuthContextProvider'}. diff --git a/test/bouncer_tests_SUITE.erl b/test/bouncer_tests_SUITE.erl index 9b85549..fbab948 100644 --- a/test/bouncer_tests_SUITE.erl +++ b/test/bouncer_tests_SUITE.erl @@ -33,7 +33,8 @@ -export([handle_beat/3]). --include_lib("bouncer_proto/include/bouncer_decisions_thrift.hrl"). +-include_lib("bouncer_proto/include/bouncer_decision_thrift.hrl"). +-include_lib("bouncer_proto/include/bouncer_ctx_thrift.hrl"). -type config() :: ct_helper:config(). -type group_name() :: atom(). @@ -166,8 +167,8 @@ end_per_testcase(_Name, _C) -> %% --define(CONTEXT(Fragments), #bdcs_Context{fragments = Fragments}). --define(JUDGEMENT(Resolution), #bdcs_Judgement{resolution = Resolution}). +-define(CONTEXT(Fragments), #decision_Context{fragments = Fragments}). +-define(JUDGEMENT(Resolution), #decision_Judgement{resolution = Resolution}). -spec missing_ruleset_notfound(config()) -> ok. -spec incorrect_ruleset_invalid1(config()) -> ok. @@ -182,7 +183,7 @@ missing_ruleset_notfound(C) -> Client = mk_client(C), MissingRulesetID = "missing_ruleset", ?assertThrow( - #bdcs_RulesetNotFound{}, + #decision_RulesetNotFound{}, call_judge(MissingRulesetID, ?CONTEXT(#{}), Client) ), ?assertMatch( @@ -193,7 +194,7 @@ missing_ruleset_notfound(C) -> incorrect_ruleset_invalid1(C) -> Client = mk_client(C), ?assertThrow( - #bdcs_InvalidRuleset{}, + #decision_InvalidRuleset{}, call_judge("trivial/incorrect1", ?CONTEXT(#{}), Client) ), ?assertMatch( @@ -208,7 +209,7 @@ incorrect_ruleset_invalid1(C) -> incorrect_ruleset_invalid2(C) -> Client = mk_client(C), ?assertThrow( - #bdcs_InvalidRuleset{}, + #decision_InvalidRuleset{}, call_judge("trivial/incorrect2", ?CONTEXT(#{}), Client) ), ?assertMatch( @@ -223,7 +224,7 @@ incorrect_ruleset_invalid2(C) -> incorrect_ruleset_invalid3(C) -> Client = mk_client(C), ?assertThrow( - #bdcs_InvalidRuleset{}, + #decision_InvalidRuleset{}, call_judge("trivial/incorrect3", ?CONTEXT(#{}), Client) ), ?assertMatch( @@ -237,10 +238,10 @@ incorrect_ruleset_invalid3(C) -> missing_content_invalid_context(C) -> Client = mk_client(C), - NoContentFragment = #bctx_ContextFragment{type = v1_thrift_binary}, + NoContentFragment = #ctx_ContextFragment{type = v1_thrift_binary}, Context = ?CONTEXT(#{<<"missing">> => NoContentFragment}), ?assertThrow( - #bdcs_InvalidContext{}, + #decision_InvalidContext{}, call_judge(?API_RULESET_ID, Context, Client) ), ?assertMatch( @@ -255,10 +256,10 @@ missing_content_invalid_context(C) -> junk_content_invalid_context(C) -> Client = mk_client(C), Junk = <<"STOP RIGHT THERE YOU CRIMINAL SCUM!">>, - JunkFragment = #bctx_ContextFragment{type = v1_thrift_binary, content = Junk}, + JunkFragment = #ctx_ContextFragment{type = v1_thrift_binary, content = Junk}, Context = ?CONTEXT(#{<<"missing">> => JunkFragment}), ?assertThrow( - #bdcs_InvalidContext{}, + #decision_InvalidContext{}, call_judge(?API_RULESET_ID, Context, Client) ), ?assertMatch( @@ -295,7 +296,7 @@ conflicting_context_invalid(C) -> <<"frag2">> => mk_ctx_v1_fragment(Fragment2) }), ?assertThrow( - #bdcs_InvalidContext{}, + #decision_InvalidContext{}, call_judge(?API_RULESET_ID, Context, Client) ), ?assertEqual( @@ -344,7 +345,7 @@ distinct_sets_context_valid(C) -> <<"frag2">> => mk_ctx_v1_fragment(Fragment2) }), ?assertMatch( - #bdcs_Judgement{}, + #decision_Judgement{}, call_judge(?API_RULESET_ID, Context, Client) ), ?assertMatch( @@ -380,7 +381,7 @@ restricted_search_invoices_shop_manager(C) -> ]), Context = ?CONTEXT(#{<<"root">> => mk_ctx_v1_fragment(Fragment)}), ?assertMatch( - ?JUDGEMENT({restricted, #bdcs_ResolutionRestricted{}}), + ?JUDGEMENT({restricted, #decision_ResolutionRestricted{}}), call_judge(?API_RULESET_ID, Context, Client) ), ?assertMatch( @@ -400,7 +401,7 @@ forbidden_expired(C) -> }), Context = ?CONTEXT(#{<<"root">> => mk_ctx_v1_fragment(Fragment)}), ?assertMatch( - ?JUDGEMENT({forbidden, #bdcs_ResolutionForbidden{}}), + ?JUDGEMENT({forbidden, #decision_ResolutionForbidden{}}), call_judge(?API_RULESET_ID, Context, Client) ), ?assertMatch( @@ -418,7 +419,7 @@ forbidden_blacklisted_ip(C) -> ]), Context = ?CONTEXT(#{<<"root">> => mk_ctx_v1_fragment(Fragment)}), ?assertMatch( - ?JUDGEMENT({forbidden, #bdcs_ResolutionForbidden{}}), + ?JUDGEMENT({forbidden, #decision_ResolutionForbidden{}}), call_judge(?API_RULESET_ID, Context, Client) ), ?assertMatch( @@ -430,7 +431,7 @@ forbidden_w_empty_context(C) -> Client1 = mk_client(C), EmptyFragment = mk_ctx_v1_fragment(#{}), ?assertMatch( - ?JUDGEMENT({forbidden, #bdcs_ResolutionForbidden{}}), + ?JUDGEMENT({forbidden, #decision_ResolutionForbidden{}}), call_judge(?API_RULESET_ID, ?CONTEXT(#{}), Client1) ), ?assertMatch( @@ -439,7 +440,7 @@ forbidden_w_empty_context(C) -> ), Client2 = mk_client(C), ?assertMatch( - ?JUDGEMENT({forbidden, #bdcs_ResolutionForbidden{}}), + ?JUDGEMENT({forbidden, #decision_ResolutionForbidden{}}), call_judge(?API_RULESET_ID, ?CONTEXT(#{<<"empty">> => EmptyFragment}), Client2) ), ?assertMatch( @@ -617,7 +618,7 @@ mk_ordset(L) -> mk_ctx_v1_fragment(Context) -> {ok, Content} = bouncer_context_v1:encode(thrift, Context), - #bctx_ContextFragment{type = v1_thrift_binary, content = Content}. + #ctx_ContextFragment{type = v1_thrift_binary, content = Content}. %% @@ -643,7 +644,7 @@ call(ServiceName, Fn, Args, {WoodyCtx, ServiceURLs}) -> end. get_service_spec(arbiter) -> - {bouncer_decisions_thrift, 'Arbiter'}. + {bouncer_decision_thrift, 'Arbiter'}. %%