Joe Chen b717fd518a enterprise-portal: implement basic MSP IAM and RPCs (#63173) ... Closes CORE-99, closes CORE-176 This PR is based off (and was also served as PoC of) [RFC 962: MSP IAM framework](https://docs.google.com/document/d/1ItJlQnpR5AHbrfAholZqjH8-8dPF1iQcKh99gE6SSjs/edit). It comes with two main parts: 1. The initial version of the MSP IAM SDK: `lib/managedservicesplatform/iam` - Embeds the [OpenFGA server implementation](https://github.com/openfga/openfga/tree/main/pkg/server) and exposes the a `ClientV1` for interacting with it. - Automagically manages the both MSP IAM's and OpenFGA's database migrations upon initializing the `ClientV1`.  - Ensures the specified OpenFGA's store and automatization model DSL exists. - Utility types and helpers to avoid easy mistakes (i.e. make the relation tuples a bit more strongly-typed). - Decided to put all types and pre-defined values together to simulate a "central registry" and acting as a forcing function for services to form some sort of convention. Then when we migrate the OpenFGA server to a separate standalone service, it will be less headache about consolidating similar meaning types/relations but different string literals. 1. The first use case of the MSP IAM: `cmd/enterprise-portal/internal/subscriptionsservice` - Added/updated RPCs: - Listing enterprise subscriptions via permissions - Update enterprise subscriptions to assign instance domains - Update enterprise subscriptions membership to assign roles (and permissions) - A database table for enterprise subscriptions, only storing the extra instance domains as Enterprise Portal is not the writeable-source-of-truth. ## Other minor changes - Moved `internal/redislock` to `lib/redislock` to be used in MSP IAM SDK. - Call `createdb ...` as part of `enterprise-portal` install script in `sg.config.yaml` (`msp_iam` database is a hard requirement of MSP IAM framework). ## Test plan Tested with gRPC UI: - `UpdateEnterpriseSubscription` to assign an instance domain - `UpdateEnterpriseSubscriptionMembership` to assign roles - `ListEnterpriseSubscriptions`: - List by subscription ID - List by instance domain - List by view cody analytics permissions --------- Co-authored-by: Robert Lin <robert@bobheadxi.dev>		2024-06-19 21:46:48 -04:00
..
buf.go	dev/sg: support arg targets in 'sg gen buf', improve output (#56522)	2023-09-14 12:56:11 -07:00
BUILD.bazel	bazel: transcribe test ownership to bazel tags (#62664)	2024-05-16 15:51:16 +01:00
client.go	update code references to "Sourcegraph App" -> "Cody App" (#56747)	2023-09-19 12:31:12 -10:00
go_checks_test.go	dev/sg: refactor usage linter into separate utility (#41457)	2022-09-07 15:46:35 -07:00
go_checks.go	enterprise-portal: implement basic MSP IAM and RPCs (#63173)	2024-06-19 21:46:48 -04:00
godirective.go	lint: re-enable depguard in golangci-lint + fix all errors (#45270)	2022-12-06 18:16:04 +01:00
gogenerate.go	bazel: native go-mockgen in Bazel (#60386)	2024-02-16 13:26:48 +00:00
gomod_test.go	monitoring: extract into a submodule (#45786)	2022-12-19 17:49:25 +00:00
gomod.go	sg msp: initial prototype (#55905)	2023-09-07 17:24:34 -07:00
hadolint.go	executors: Make setup simpler (#42026)	2022-10-05 15:32:30 +02:00
linters.go	sg: skip honey event duration if event is nil (#62476)	2024-05-07 17:56:29 +02:00
misc.go	sg: skip honey event duration if event is nil (#62476)	2024-05-07 17:56:29 +02:00
prettier.go	ci: only run prettier on files changed between <commit> and <PR base branch> (#59554)	2024-01-12 19:59:08 +00:00
runner.go	ci: add annotation for linters (#51800)	2023-05-15 17:40:58 +00:00
shell.go	dev/sg: 'sg lint' with check.Runner (#37088)	2022-06-16 12:43:00 -07:00
usage_linter.go	dev/sg: properly name usage linters (#42320)	2022-09-29 21:00:50 +00:00