github.com/treeverse/lakefs@v1.24.1-0.20240520134607-95648127bfb0/pkg/kv/migrations/import_permissions.go (about) 1 package migrations 2 3 import ( 4 "context" 5 "fmt" 6 7 "github.com/treeverse/lakefs/pkg/auth/model" 8 "github.com/treeverse/lakefs/pkg/config" 9 "github.com/treeverse/lakefs/pkg/kv" 10 "github.com/treeverse/lakefs/pkg/permissions" 11 "golang.org/x/exp/slices" 12 "google.golang.org/protobuf/types/known/timestamppb" 13 ) 14 15 func MigrateImportPermissions(ctx context.Context, kvStore kv.Store, cfg *config.Config) error { 16 // skip migrate for users with External authorizations 17 if !cfg.IsAuthUISimplified() { 18 fmt.Println("skipping ACL migration - external Authorization") 19 return updateKVSchemaVersion(ctx, kvStore, kv.ACLImportMigrateVersion) 20 } 21 22 const action = "fs:Import*" 23 it, err := kv.NewPrimaryIterator(ctx, kvStore, (&model.PolicyData{}).ProtoReflect().Type(), model.PartitionKey, model.PolicyPath(""), kv.IteratorOptionsFrom([]byte(""))) 24 if err != nil { 25 return err 26 } 27 defer it.Close() 28 29 for it.Next() { 30 update := false 31 entry := it.Entry() 32 policy := entry.Value.(*model.PolicyData) 33 for _, statement := range policy.Statements { 34 if slices.Contains(statement.Action, action) { // Avoid duplication 35 continue 36 } 37 idx := slices.Index(statement.Action, permissions.ImportFromStorageAction) 38 if idx >= 0 { 39 statement.Action[idx] = action 40 update = true 41 } 42 } 43 44 if update { 45 policy.CreatedAt = timestamppb.Now() 46 if err = kv.SetMsg(ctx, kvStore, model.PartitionKey, entry.Key, policy); err != nil { 47 return err 48 } 49 } 50 } 51 52 return updateKVSchemaVersion(ctx, kvStore, kv.ACLImportMigrateVersion) 53 }