github/drone
5
0
Fork 0
mirror of https://github.com/harness/drone.git synced 2025-05-05 06:10:55 +08:00
Code Issues Packages Projects Releases Wiki Activity
3ba0f75c8d
drone/internal/api/controller/serviceaccount/controller.go
Johannes Batzill 3ba0f75c8d Introduce UIDs for Space / Repo / Tokens, Add Custom Harness Validation, ... (#57) 
This change adds the following:
- Space UID + Custom harness validation (accountId for top level space, harness identifier for child spaces)
- Repo UID + Custom harness validation (harness identifier)
- Store Unique casing of space / repo path and add Path.ValueUnique (with Unique index) to allow for application layer controlling the case sensitivity (case insensitive standalone vs partially case sensitive harness)
- Token UID (unique index over ownertype + ownerID + tokenUID)
- Add DisplayName for principals (replaces Name to avoid confustion)
- Store Unique casing of principal UID and add Principal.ValueUnique (with unique index) to allow for application layer, per principal type control of case sensitivity (required in embedded mode)
- Generate serviceAccount UID (+Email) Randomly (sa-{space|repo}-{ID}-{random}) - Allows to have a unique UID across all principals while reducing likelyhood of overlaps with users + avoid overlap across spaces / repos.
- Sync casing of space names (accountId orgId projectId) when creating spaces on the fly (to ensure case sensitivity of - harness code) or use the existing space to update casing.
- Update serviceaccount client to match updated NG Manager API
- in embedded mode create spaces for harness resources owning the service account
2022-11-06 23:14:47 -08:00

34 lines
1.1 KiB
Go
Raw Blame History

// Copyright 2022 Harness Inc. All rights reserved.
// Use of this source code is governed by the Polyform Free Trial License
// that can be found in the LICENSE.md file for this repository.
package serviceaccount
import (
"github.com/harness/gitness/internal/auth/authz"
"github.com/harness/gitness/internal/store"
"github.com/harness/gitness/types/check"
)
type Controller struct {
serviceAccountCheck check.ServiceAccount
authorizer authz.Authorizer
saStore store.ServiceAccountStore
spaceStore store.SpaceStore
repoStore store.RepoStore
tokenStore store.TokenStore
}
func NewController(serviceAccountCheck check.ServiceAccount, authorizer authz.Authorizer,
saStore store.ServiceAccountStore, spaceStore store.SpaceStore, repoStore store.RepoStore,
tokenStore store.TokenStore) *Controller {
return &Controller{
serviceAccountCheck: serviceAccountCheck,
authorizer: authorizer,
saStore: saStore,
spaceStore: spaceStore,
repoStore: repoStore,
tokenStore: tokenStore,
}
}
Reference in New Issue View Git Blame Copy Permalink