STAC-24194: Add cli options to distinguish subjects and permissions by source

Author: craffit

cmd/rbac/rbac_describe_permissions.go

@@ -1,6 +1,7 @@
 package rbac
 
 import (
+	"fmt"
 	"sort"
 	"strings"
 
@@ -51,13 +52,30 @@ func RunDescribePermissionsCommand(args *DescribePermissionsArgs) di.CmdWithApiF
 			return common.NewResponseError(err, resp)
 		}
 
+		sourceStrings := make([]string, 0)
+		if description.FromSources != nil {
+			for _, s := range description.FromSources {
+				sourceStrings = append(sourceStrings, string(s))
+			}
+		} else {
+			sourceStrings = nil
+		}
+
 		if cli.IsJson() {
-			cli.Printer.PrintJson(map[string]interface{}{
-				"subject":     description.SubjectHandle,
-				"permissions": description.Permissions,
-			})
+			if sourceStrings != nil {
+				cli.Printer.PrintJson(map[string]interface{}{
+					"subject":     description.SubjectHandle,
+					"permissions": description.Permissions,
+					"sources":     sourceStrings,
+				})
+			} else {
+				cli.Printer.PrintJson(map[string]interface{}{
+					"subject":     description.SubjectHandle,
+					"permissions": description.Permissions,
+				})
+			}
 		} else {
-			printPermissionsTable(cli, description.Permissions)
+			printPermissionsTable(cli, sourceStrings, description.Permissions)
 		}
 
 		return nil
@@ -85,7 +103,7 @@ func capitalizeFirst(s string) string {
 	return strings.ToUpper(s[:1]) + strings.ToLower(s[1:])
 }
 
-func printPermissionsTable(cli *di.Deps, permissionsList map[string][]string) {
+func printPermissionsTable(cli *di.Deps, sources []string, permissionsList map[string][]string) {
 	keys := make([]string, len(permissionsList))
 	for key := range permissionsList {
 		keys = append(keys, key)
@@ -106,6 +124,11 @@ func printPermissionsTable(cli *di.Deps, permissionsList map[string][]string) {
 		}
 	}
 
+	if sources != nil {
+		cli.Printer.PrintLn(fmt.Sprintf("Got subject from the following subject sources: %s", strings.Join(sources, ", ")))
+		cli.Printer.PrintLn("")
+	}
+
 	cli.Printer.Table(printer.TableData{
 		Header:              []string{"permission", "resource"},
 		Data:                data,

cmd/rbac/rbac_describe_permissions_test.go

@@ -44,6 +44,11 @@ var (
 		"subject":     SubjectHandle,
 		"permissions": AllPermissions,
 	}
+	ExpectedSourcesJson = map[string]interface{}{
+		"subject":     SubjectHandle,
+		"permissions": AllPermissions,
+		"sources":     []string{"Static"},
+	}
 )
 
 func TestPermissionsDescribeJson(t *testing.T) {
@@ -112,6 +117,22 @@ func TestPermissionsDescribeFilterPermission(t *testing.T) {
 	assert.Nil(t, calls[0].Presource)
 }
 
+func TestPermissionsDescribeFilterSource(t *testing.T) {
+	cli := di.NewMockDeps(t)
+	cmd := DescribePermissionsCommand(&cli.Deps)
+
+	cli.MockClient.ApiMocks.PermissionsApi.DescribePermissionsResponse.Result = *Description
+
+	di.ExecuteCommandWithContextUnsafe(&cli.Deps, cmd, "--subject", SubjectHandle, "--source", "static")
+
+	s := stackstate_api.SUBJECTSOURCE_STATIC
+	calls := *cli.MockClient.ApiMocks.PermissionsApi.DescribePermissionsCalls
+	assert.Len(t, calls, 1)
+	assert.Equal(t, SubjectHandle, calls[0].Psubject)
+	assert.Equal(t, &s, calls[0].Psource)
+	assert.Nil(t, calls[0].Presource)
+}
+
 func TestPermissionsDescribeFilterResourceAndPermission(t *testing.T) {
 	cli := di.NewMockDeps(t)
 	cmd := DescribePermissionsCommand(&cli.Deps)
@@ -126,3 +147,40 @@ func TestPermissionsDescribeFilterResourceAndPermission(t *testing.T) {
 	assert.Equal(t, "foo", *calls[0].Ppermission)
 	assert.Equal(t, Resource1, *calls[0].Presource)
 }
+
+func TestPermissionsDescribeWithSourcesJson(t *testing.T) {
+	cli := di.NewMockDeps(t)
+	cmd := DescribePermissionsCommand(&cli.Deps)
+
+	cli.MockClient.ApiMocks.PermissionsApi.DescribePermissionsResponse.Result = *Description
+	cli.MockClient.ApiMocks.PermissionsApi.DescribePermissionsResponse.Result.FromSources = []stackstate_api.SubjectSource{stackstate_api.SUBJECTSOURCE_STATIC}
+
+	di.ExecuteCommandWithContextUnsafe(&cli.Deps, cmd, "--subject", SubjectHandle, "-o", "json")
+
+	calls := *cli.MockClient.ApiMocks.PermissionsApi.DescribePermissionsCalls
+	assert.Len(t, calls, 1)
+
+	expected := []map[string]interface{}{
+		ExpectedSourcesJson,
+	}
+	assert.Equal(t, expected, *cli.MockPrinter.PrintJsonCalls)
+}
+
+func TestPermissionsDescribeWithSourcesTable(t *testing.T) {
+	cli := di.NewMockDeps(t)
+	cmd := DescribePermissionsCommand(&cli.Deps)
+
+	cli.MockClient.ApiMocks.PermissionsApi.DescribePermissionsResponse.Result = *Description
+	cli.MockClient.ApiMocks.PermissionsApi.DescribePermissionsResponse.Result.FromSources = []stackstate_api.SubjectSource{stackstate_api.SUBJECTSOURCE_STATIC}
+
+	di.ExecuteCommandWithContextUnsafe(&cli.Deps, cmd, "--subject", SubjectHandle)
+
+	assert.Len(t, *cli.MockClient.ApiMocks.PermissionsApi.DescribePermissionsCalls, 1)
+
+	expected := []printer.TableData{
+		ExpectedTable,
+	}
+
+	assert.Equal(t, expected, *cli.MockPrinter.TableCalls)
+	assert.Equal(t, []string([]string{"Got subject from the following subject sources: Static", ""}), *cli.MockPrinter.PrintLnCalls)
+}

cmd/rbac/rbac_grant.go

@@ -49,7 +49,7 @@ func RunGrantPermissionsCommand(args *GrantPermissionsArgs) di.CmdWithApiFn {
 			return common.NewResponseError(grantErr, grantResp)
 		}
 
-		description, descrResp, descrErr := describePermissions(cli, api, args.Subject, args.Permission, args.Resource).Execute()
+		description, descrResp, descrErr := describePermissions(cli, api, args.Subject, args.Permission, args.Resource, "").Execute()
 
 		if descrErr != nil {
 			return common.NewResponseError(descrErr, descrResp)
@@ -62,7 +62,7 @@ func RunGrantPermissionsCommand(args *GrantPermissionsArgs) di.CmdWithApiFn {
 			})
 		} else {
 			cli.Printer.Successf("Granted permission '%s' on '%s' to subject '%s'", args.Permission, args.Resource, args.Subject)
-			printPermissionsTable(cli, description.Permissions)
+			printPermissionsTable(cli, nil, description.Permissions)
 		}
 
 		return nil

cmd/rbac/rbac_revoke.go

@@ -49,7 +49,7 @@ func RunRevokePermissionsCommand(args *RevokePermissionsArgs) di.CmdWithApiFn {
 			return common.NewResponseError(revokeErr, revokeResp)
 		}
 
-		description, descrResp, descrErr := describePermissions(cli, api, args.Subject, args.Permission, "").Execute()
+		description, descrResp, descrErr := describePermissions(cli, api, args.Subject, args.Permission, "", "").Execute()
 
 		if descrErr != nil {
 			return common.NewResponseError(descrErr, descrResp)
@@ -62,7 +62,7 @@ func RunRevokePermissionsCommand(args *RevokePermissionsArgs) di.CmdWithApiFn {
 			})
 		} else {
 			cli.Printer.Successf("Revoked permission '%s' on '%s' from subject '%s'", args.Permission, args.Resource, args.Subject)
-			printPermissionsTable(cli, description.Permissions)
+			printPermissionsTable(cli, nil, description.Permissions)
 		}
 
 		return nil

generated/stackstate_api/api/openapi.yaml

@@ -11241,20 +11241,14 @@ components:
           type: array
         permissions:
           additionalProperties:
-            $ref: '#/components/schemas/PermissionMap'
+            $ref: '#/components/schemas/PermissionList'
           type: object
       required:
       - permissions
       - subjectHandle
       type: object
     Subject:
       type: string
-    PermissionMap:
-      additionalProperties:
-        items:
-          $ref: '#/components/schemas/Permission'
-        type: array
-      type: object
     GrantPermission:
       example:
         permission: permission

generated/stackstate_api/docs/PermissionDescription.md

@@ -6,13 +6,13 @@ Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
 **SubjectHandle** | **string** |  | 
 **FromSources** | Pointer to [**[]SubjectSource**](SubjectSource.md) |  | [optional] 
-**Permissions** | [**map[string]map[string][]string**](map.md) |  | 
+**Permissions** | **map[string][]string** |  | 
 
 ## Methods
 
 ### NewPermissionDescription
 
-`func NewPermissionDescription(subjectHandle string, permissions map[string]map[string][]string, ) *PermissionDescription`
+`func NewPermissionDescription(subjectHandle string, permissions map[string][]string, ) *PermissionDescription`
 
 NewPermissionDescription instantiates a new PermissionDescription object
 This constructor will assign default values to properties that have it defined,
@@ -74,20 +74,20 @@ HasFromSources returns a boolean if a field has been set.
 
 ### GetPermissions
 
-`func (o *PermissionDescription) GetPermissions() map[string]map[string][]string`
+`func (o *PermissionDescription) GetPermissions() map[string][]string`
 
 GetPermissions returns the Permissions field if non-nil, zero value otherwise.
 
 ### GetPermissionsOk
 
-`func (o *PermissionDescription) GetPermissionsOk() (*map[string]map[string][]string, bool)`
+`func (o *PermissionDescription) GetPermissionsOk() (*map[string][]string, bool)`
 
 GetPermissionsOk returns a tuple with the Permissions field if it's non-nil, zero value otherwise
 and a boolean to check if the value has been set.
 
 ### SetPermissions
 
-`func (o *PermissionDescription) SetPermissions(v map[string]map[string][]string)`
+`func (o *PermissionDescription) SetPermissions(v map[string][]string)`
 
 SetPermissions sets Permissions field to given value.
 

generated/stackstate_api/model_permission_description.go

@@ -98,7 +98,7 @@ func NewNotFoundError(err error) CLIError {
 	return StdCLIError{
 		Err:            err,
 		ServerResponse: nil,
-		showUsage:      true,
+		showUsage:      false,
 		exitCode:       NotFoundExitCode,
 	}
 }

internal/common/common_cli_errors.go

@@ -1 +1 @@
-0a969d1edec1b1473f8ca433a1b4b3cf64b86170
+79390474f35f8f3d0599149a2c4c28a168fb39c4