feat: make guardian multi-tenant using postgres RLS

.dockerignore

@@ -0,0 +1,7 @@
+tmp
+guardian.yml
+guardian.yaml
+config.yaml
+config.yml
+.git
+.github

.github/workflows/main.yml

@@ -0,0 +1,31 @@
+name: Main
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  dev:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: "1.20"
+      - name: Login to DockerHub
+        uses: docker/login-action@v1
+        with:
+          registry: docker.io
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Publish dev image
+        id: docker_dev_build
+        uses: docker/build-push-action@v2
+        with:
+          push: true
+          file: "./Dockerfile.dev"
+          tags: raystack/guardian:dev

Dockerfile.dev

@@ -0,0 +1,24 @@
+FROM golang:1.20-alpine3.17 as builder
+
+RUN apk add make
+
+WORKDIR /go/src/app
+
+COPY go.mod go.sum ./
+RUN go mod download
+
+COPY . .
+
+RUN make build
+
+FROM alpine:3.17
+COPY --from=builder /go/src/app/dist/guardian /usr/bin/guardian
+RUN apk update
+RUN apk add ca-certificates
+
+# glibc compatibility library, since go binaries
+# don't work well with musl libc that alpine uses
+RUN apk add libc6-compat
+
+EXPOSE 8080
+ENTRYPOINT ["./guardian"]

Makefile

@@ -3,7 +3,7 @@ COMMIT := $(shell git rev-parse --short HEAD)
 TAG := "$(shell git rev-list --tags --max-count=1)"
 VERSION := "$(shell git describe --tags ${TAG})-next"
 BUILD_DIR=dist
-PROTON_COMMIT := "ccbf219312db35a934361ebad895cb40145ca235"
+PROTON_COMMIT := "95140abe54e3c27f0bf4f06bc780a289f41aadf1"
 
 .PHONY: all build clean test tidy vet proto setup format generate
 
@@ -25,6 +25,10 @@ lint: ## Lint checker
 	@echo "Running lint checks using golangci-lint..."
 	@golangci-lint run
 
+lintf: ## Lint checker and fix
+	@echo "Running lint checks using golangci-lint..."
+	@golangci-lint run --fix
+
 clean: tidy ## Clean the build artifacts
 	@echo "Cleaning up build directories..."
 	@rm -rf $coverage.out ${BUILD_DIR}

api/handler/v1beta1/grpc.go

@@ -108,15 +108,24 @@ type grantService interface {
 	ImportFromProvider(ctx context.Context, criteria grant.ImportFromProviderCriteria) ([]*domain.Grant, error)
 }
 
+//go:generate mockery --name=namespaceService --exported --with-expecter
+type namespaceService interface {
+	Get(ctx context.Context, id string) (*domain.Namespace, error)
+	Create(ctx context.Context, namespace *domain.Namespace) error
+	Update(ctx context.Context, namespace *domain.Namespace) error
+	List(ctx context.Context, filter domain.NamespaceFilter) ([]*domain.Namespace, error)
+}
+
 type GRPCServer struct {
-	resourceService resourceService
-	activityService activityService
-	providerService providerService
-	policyService   policyService
-	appealService   appealService
-	approvalService approvalService
-	grantService    grantService
-	adapter         ProtoAdapter
+	resourceService  resourceService
+	activityService  activityService
+	providerService  providerService
+	policyService    policyService
+	appealService    appealService
+	approvalService  approvalService
+	grantService     grantService
+	namespaceService namespaceService
+	adapter          ProtoAdapter
 
 	authenticatedUserContextKey interface{}
 
@@ -131,6 +140,7 @@ func NewGRPCServer(
 	appealService appealService,
 	approvalService approvalService,
 	grantService grantService,
+	namespaceService namespaceService,
 	adapter ProtoAdapter,
 	authenticatedUserContextKey interface{},
 ) *GRPCServer {
@@ -142,6 +152,7 @@ func NewGRPCServer(
 		appealService:               appealService,
 		approvalService:             approvalService,
 		grantService:                grantService,
+		namespaceService:            namespaceService,
 		adapter:                     adapter,
 		authenticatedUserContextKey: authenticatedUserContextKey,
 	}

api/handler/v1beta1/grpc_test.go

@@ -13,14 +13,15 @@ type authEmailTestContextKey struct{}
 type GrpcHandlersSuite struct {
 	suite.Suite
 
-	resourceService *mocks.ResourceService
-	activityService *mocks.ActivityService
-	providerService *mocks.ProviderService
-	policyService   *mocks.PolicyService
-	appealService   *mocks.AppealService
-	approvalService *mocks.ApprovalService
-	grantService    *mocks.GrantService
-	grpcServer      *v1beta1.GRPCServer
+	resourceService  *mocks.ResourceService
+	activityService  *mocks.ActivityService
+	providerService  *mocks.ProviderService
+	policyService    *mocks.PolicyService
+	appealService    *mocks.AppealService
+	approvalService  *mocks.ApprovalService
+	grantService     *mocks.GrantService
+	namespaceService *mocks.NamespaceService
+	grpcServer       *v1beta1.GRPCServer
 }
 
 func TestGrpcHandler(t *testing.T) {
@@ -35,6 +36,7 @@ func (s *GrpcHandlersSuite) setup() {
 	s.appealService = new(mocks.AppealService)
 	s.approvalService = new(mocks.ApprovalService)
 	s.grantService = new(mocks.GrantService)
+	s.namespaceService = new(mocks.NamespaceService)
 	s.grpcServer = v1beta1.NewGRPCServer(
 		s.resourceService,
 		s.activityService,
@@ -43,6 +45,7 @@ func (s *GrpcHandlersSuite) setup() {
 		s.appealService,
 		s.approvalService,
 		s.grantService,
+		s.namespaceService,
 		v1beta1.NewAdapter(),
 		authEmailTestContextKey{},
 	)