sourcegraph

mirror of https://github.com/sourcegraph/sourcegraph.git synced 2026-02-06 16:31:47 +00:00

History

Joe Chen b717fd518a enterprise-portal: implement basic MSP IAM and RPCs (#63173 ) Closes CORE-99, closes CORE-176 This PR is based off (and was also served as PoC of) [RFC 962: MSP IAM framework](https://docs.google.com/document/d/1ItJlQnpR5AHbrfAholZqjH8-8dPF1iQcKh99gE6SSjs/edit). It comes with two main parts: 1. The initial version of the MSP IAM SDK: `lib/managedservicesplatform/iam` - Embeds the [OpenFGA server implementation](https://github.com/openfga/openfga/tree/main/pkg/server) and exposes the a `ClientV1` for interacting with it. - Automagically manages the both MSP IAM's and OpenFGA's database migrations upon initializing the `ClientV1`. ![CleanShot 2024-06-18 at 15 09 24@2x](https://github.com/sourcegraph/sourcegraph/assets/2946214/387e0e28-a6c2-4664-b946-0ea4a1dd0804) - Ensures the specified OpenFGA's store and automatization model DSL exists. - Utility types and helpers to avoid easy mistakes (i.e. make the relation tuples a bit more strongly-typed). - Decided to put all types and pre-defined values together to simulate a "central registry" and acting as a forcing function for services to form some sort of convention. Then when we migrate the OpenFGA server to a separate standalone service, it will be less headache about consolidating similar meaning types/relations but different string literals. 1. The first use case of the MSP IAM: `cmd/enterprise-portal/internal/subscriptionsservice` - Added/updated RPCs: - Listing enterprise subscriptions via permissions - Update enterprise subscriptions to assign instance domains - Update enterprise subscriptions membership to assign roles (and permissions) - A database table for enterprise subscriptions, only storing the extra instance domains as Enterprise Portal is not the writeable-source-of-truth. ## Other minor changes - Moved `internal/redislock` to `lib/redislock` to be used in MSP IAM SDK. - Call `createdb ...` as part of `enterprise-portal` install script in `sg.config.yaml` (`msp_iam` database is a hard requirement of MSP IAM framework). ## Test plan Tested with gRPC UI: - `UpdateEnterpriseSubscription` to assign an instance domain - `UpdateEnterpriseSubscriptionMembership` to assign roles - `ListEnterpriseSubscriptions`: - List by subscription ID - List by instance domain - List by view cody analytics permissions --------- Co-authored-by: Robert Lin <robert@bobheadxi.dev>		2024-06-19 21:46:48 -04:00
..
com_github_chainguard_dev_go_apk	Build images end-to-end using Bazel v2 (#61845 )	2024-04-12 16:18:43 +01:00
com_github_cloudflare_circl	bazel: build //internal/... (#47109 )	2023-01-31 19:02:34 +01:00
com_github_google_cel_go	enterprise-portal: implement basic MSP IAM and RPCs (#63173 )	2024-06-19 21:46:48 -04:00
com_github_sourcegraph_scip	feat: Add new GraphQL API for getting occurrences (#62531 )	2024-05-24 09:20:52 +08:00
com_github_sourcegraph_zoekt	chore(bazel): update ownership tags to increase coverage (#63001 )	2024-05-31 14:10:29 +00:00
hermetic_cc	chore: bump hermetic_cc_toolchain to drop patches (#59541 )	2024-01-12 13:24:21 +00:00
rules_apko	bazel: patch rules_apko to copy, not symlink, lockfile (#61877 )	2024-04-15 11:07:16 +00:00
rules_esbuild	chore(bazel): enable rules_esbuild sandbox with object-inspect workaround (#61969 )	2024-06-05 15:34:29 +01:00
rules_go	bazel: bump rules_go to 0.47.0 (#62147 )	2024-04-25 17:08:10 +02:00