Skip to content

Commit

Permalink
storage_volumes: Add/delete OpenFGA tuples
Browse files Browse the repository at this point in the history 
Signed-off-by: Thomas Hipp <thomas.hipp@canonical.com>
  • Loading branch information
@monstermunchkin
monstermunchkin committed Jul 14, 2023
1 parent 2586187 commit b376e2a
Show file tree
Hide file tree
Showing 2 changed files with 48 additions and 2 deletions.
26 changes: 24 additions & 2 deletions lxd/storage_volumes.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -710,14 +710,25 @@ func doVolumeCreateOrCopy(s *state.State, r *http.Request, requestProjectName st
}

run = func(op *operations.Operation) error {
var err error

if req.Source.Name == "" {
// Use an empty operation for this sync response to pass the requestor
op := &operations.Operation{}
op.SetRequestor(r)
return pool.CreateCustomVolume(projectName, req.Name, req.Description, req.Config, contentType, op)

err = pool.CreateCustomVolume(projectName, req.Name, req.Description, req.Config, contentType, op)
} else {
err = pool.CreateCustomVolumeFromCopy(projectName, req.Source.Project, req.Name, req.Description, req.Config, req.Source.Pool, req.Source.Name, !req.Source.VolumeOnly, op)
}

return pool.CreateCustomVolumeFromCopy(projectName, req.Source.Project, req.Name, req.Description, req.Config, req.Source.Pool, req.Source.Name, !req.Source.VolumeOnly, op)
if err != nil {
return err
}

storagePoolVolumeAddTuple(s, projectName, pool.Name(), req.Name, "custom")

return nil
}

// If no source name supplied then this a volume create operation.
Expand Down Expand Up @@ -926,6 +937,8 @@ func doVolumeMigration(s *state.State, r *http.Request, requestProjectName strin
return fmt.Errorf("Error transferring storage volume: %s", err)
}

storagePoolVolumeAddTuple(s, projectName, poolName, req.Name, "custom")

return nil
}

Expand Down Expand Up @@ -1239,6 +1252,9 @@ func storagePoolVolumeTypePostRename(s *state.State, r *http.Request, poolName s
return response.SmartError(err)
}

storagePoolVolumeDeleteTuple(s, projectName, pool.Name(), vol.Name, "custom")
storagePoolVolumeAddTuple(s, projectName, pool.Name(), req.Name, "custom")

revert.Success()

u := api.NewURL().Path(version.APIVersion, "storage-pools", pool.Name(), "volumes", db.StoragePoolVolumeTypeNameCustom, req.Name).Project(projectName)
Expand Down Expand Up @@ -1282,11 +1298,15 @@ func storagePoolVolumeTypePostMove(s *state.State, r *http.Request, poolName str
return err
}

storagePoolVolumeAddTuple(s, requestProjectName, newPool.Name(), newVol.Name, newVol.Type)

err = pool.DeleteCustomVolume(requestProjectName, vol.Name, op)
if err != nil {
return err
}

storagePoolVolumeDeleteTuple(s, requestProjectName, vol.Name, newVol.Name, vol.Type)

revert.Success()
return nil
}
Expand Down Expand Up @@ -1871,6 +1891,8 @@ func storagePoolVolumeDelete(d *Daemon, r *http.Request) response.Response {
return response.SmartError(err)
}

storagePoolVolumeDeleteTuple(s, volumeProjectName, pool.Name(), volumeName, volumeTypeName)

return response.EmptySyncResponse
}

Expand Down
24 changes: 24 additions & 0 deletions lxd/storage_volumes_utils.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,12 @@ import (
"github.com/canonical/lxd/lxd/backup"
"github.com/canonical/lxd/lxd/db"
"github.com/canonical/lxd/lxd/instance"
"github.com/canonical/lxd/lxd/openfga"
"github.com/canonical/lxd/lxd/state"
storagePools "github.com/canonical/lxd/lxd/storage"
"github.com/canonical/lxd/shared"
"github.com/canonical/lxd/shared/api"
"github.com/canonical/lxd/shared/logger"
"github.com/canonical/lxd/shared/version"
)

Expand Down Expand Up @@ -144,3 +146,25 @@ func storagePoolVolumeBackupLoadByName(s *state.State, projectName, poolName, ba

return backup, nil
}

func storagePoolVolumeAddTuple(s *state.State, projectName string, poolName string, volumeName string, volumeType string) {
if s.OpenFGAClient == nil {
return
}

err := s.OpenFGAClient.AddTuple(openfga.ProjectObject(projectName), openfga.RelationProject, openfga.StorageVolumeObject(projectName, poolName, volumeName, volumeType))
if err != nil {
logger.Warn("Failed adding tuple", logger.Ctx{"err": err})
}
}

func storagePoolVolumeDeleteTuple(s *state.State, projectName string, poolName string, volumeName string, volumeType string) {
if s.OpenFGAClient == nil {
return
}

err := s.OpenFGAClient.DeleteTuple(openfga.ProjectObject(projectName), openfga.RelationProject, openfga.StorageVolumeObject(projectName, poolName, volumeName, volumeType))
if err != nil {
logger.Warn("Failed adding tuple", logger.Ctx{"err": err})
}
}

0 comments on commit b376e2a

Please sign in to comment.