From 5684a37af07affa123ec70b9e2266bb4d8c132e3 Mon Sep 17 00:00:00 2001 From: Uditha Atukorala Date: Mon, 23 Sep 2024 18:22:02 +0100 Subject: [PATCH 1/7] (cmake) rename sentium -> ruek --- CMakeLists.txt | 20 ++++++++++---------- cmake/dependencies.cmake | 4 ++-- src/db/CMakeLists.txt | 6 +++--- src/encoding/CMakeLists.txt | 4 ++-- src/err/CMakeLists.txt | 4 ++-- src/svc/CMakeLists.txt | 6 +++--- 6 files changed, 22 insertions(+), 22 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 35f4a494..95ccac3b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,5 +1,5 @@ cmake_minimum_required(VERSION 3.23) -project(sentium VERSION 0.3.1 LANGUAGES CXX) +project(ruek VERSION 0.3.1 LANGUAGES CXX) cmake_policy(SET CMP0135 NEW) @@ -8,26 +8,26 @@ set(CMAKE_CXX_STANDARD_REQUIRED ON) set(EXECUTABLE_OUTPUT_PATH ${CMAKE_BINARY_DIR}/bin) -option(SENTIUM_BUILD_BENCHMARKS +option(RUEK_BUILD_BENCHMARKS "Build benchmarks" OFF ) include(CMakeDependentOption) -cmake_dependent_option(SENTIUM_BUILD_TESTING +cmake_dependent_option(RUEK_BUILD_TESTING "Build tests when this is the root project" ON "CMAKE_SOURCE_DIR STREQUAL PROJECT_SOURCE_DIR" OFF ) -cmake_dependent_option(SENTIUM_ENABLE_COVERAGE - "Enable code coverage when SENTIUM_BUILD_TESTING is enabled and this is the root project" ON - "SENTIUM_BUILD_TESTING;CMAKE_SOURCE_DIR STREQUAL PROJECT_SOURCE_DIR" OFF +cmake_dependent_option(RUEK_ENABLE_COVERAGE + "Enable code coverage when RUEK_BUILD_TESTING is enabled and this is the root project" ON + "RUEK_BUILD_TESTING;CMAKE_SOURCE_DIR STREQUAL PROJECT_SOURCE_DIR" OFF ) -if (SENTIUM_ENABLE_COVERAGE) +if (RUEK_ENABLE_COVERAGE) if (NOT CMAKE_CXX_COMPILER_ID MATCHES "Clang") message(FATAL_ERROR "Code coverage is only available with clang. " - "Can't continue with SENTIUM_ENABLE_COVERAGE=ON." + "Can't continue with RUEK_ENABLE_COVERAGE=ON." ) endif() endif() @@ -35,11 +35,11 @@ endif() include(cmake/dependencies.cmake) include(cmake/googleapis.cmake) -if (SENTIUM_BUILD_TESTING) +if (RUEK_BUILD_TESTING) enable_testing() endif() -if (SENTIUM_BUILD_BENCHMARKS) +if (RUEK_BUILD_BENCHMARKS) add_subdirectory(bench) endif() diff --git a/cmake/dependencies.cmake b/cmake/dependencies.cmake index b2cc447b..829952a6 100644 --- a/cmake/dependencies.cmake +++ b/cmake/dependencies.cmake @@ -41,7 +41,7 @@ FetchContent_Declare(libxid FetchContent_MakeAvailable(libxid) -if (SENTIUM_BUILD_BENCHMARKS) +if (RUEK_BUILD_BENCHMARKS) # google benchmark FetchContent_Declare(benchmark URL https://github.com/google/benchmark/archive/refs/tags/v1.8.3.tar.gz @@ -53,7 +53,7 @@ if (SENTIUM_BUILD_BENCHMARKS) FetchContent_MakeAvailable(benchmark) endif() -if (SENTIUM_BUILD_TESTING) +if (RUEK_BUILD_TESTING) # googletest FetchContent_Declare(googletest URL https://github.com/google/googletest/archive/refs/tags/v1.14.0.tar.gz diff --git a/src/db/CMakeLists.txt b/src/db/CMakeLists.txt index d87fa80d..3ef91ab6 100644 --- a/src/db/CMakeLists.txt +++ b/src/db/CMakeLists.txt @@ -28,7 +28,7 @@ target_link_libraries(db pqxx ) -if (SENTIUM_ENABLE_COVERAGE) +if (RUEK_ENABLE_COVERAGE) target_compile_options(db PRIVATE -fprofile-instr-generate -fcoverage-mapping ) @@ -39,7 +39,7 @@ if (SENTIUM_ENABLE_COVERAGE) endif() # tests -if (SENTIUM_BUILD_TESTING) +if (RUEK_BUILD_TESTING) target_sources(db PUBLIC FILE_SET headers TYPE HEADERS @@ -63,7 +63,7 @@ if (SENTIUM_BUILD_TESTING) ${PROJECT_NAME}::err ) - if (SENTIUM_ENABLE_COVERAGE) + if (RUEK_ENABLE_COVERAGE) target_compile_options(db_tests PRIVATE -fprofile-instr-generate -fcoverage-mapping ) diff --git a/src/encoding/CMakeLists.txt b/src/encoding/CMakeLists.txt index ced7e480..9521702e 100644 --- a/src/encoding/CMakeLists.txt +++ b/src/encoding/CMakeLists.txt @@ -7,7 +7,7 @@ target_sources(encoding ) # tests -if (SENTIUM_BUILD_TESTING) +if (RUEK_BUILD_TESTING) add_executable(encoding_tests) target_sources(encoding_tests PRIVATE @@ -21,7 +21,7 @@ if (SENTIUM_BUILD_TESTING) gtest_main ) - if (SENTIUM_ENABLE_COVERAGE) + if (RUEK_ENABLE_COVERAGE) target_compile_options(encoding_tests PRIVATE -fprofile-instr-generate -fcoverage-mapping ) diff --git a/src/err/CMakeLists.txt b/src/err/CMakeLists.txt index 6cb612dc..cc3c1957 100644 --- a/src/err/CMakeLists.txt +++ b/src/err/CMakeLists.txt @@ -8,7 +8,7 @@ target_sources(err ) # tests -if (SENTIUM_BUILD_TESTING) +if (RUEK_BUILD_TESTING) add_executable(err_tests) target_sources(err_tests PRIVATE @@ -21,7 +21,7 @@ if (SENTIUM_BUILD_TESTING) gtest_main ) - if (SENTIUM_ENABLE_COVERAGE) + if (RUEK_ENABLE_COVERAGE) target_compile_options(err_tests PRIVATE -fprofile-instr-generate -fcoverage-mapping ) diff --git a/src/svc/CMakeLists.txt b/src/svc/CMakeLists.txt index e8b3c305..c242c5a5 100644 --- a/src/svc/CMakeLists.txt +++ b/src/svc/CMakeLists.txt @@ -27,7 +27,7 @@ target_link_libraries(svc ${PROJECT_NAME}::libproto ) -if (SENTIUM_ENABLE_COVERAGE) +if (RUEK_ENABLE_COVERAGE) target_compile_options(svc PRIVATE -fprofile-instr-generate -fcoverage-mapping ) @@ -38,7 +38,7 @@ if (SENTIUM_ENABLE_COVERAGE) endif() # tests -if (SENTIUM_BUILD_TESTING) +if (RUEK_BUILD_TESTING) add_executable(svc_tests) target_sources(svc_tests PRIVATE @@ -54,7 +54,7 @@ if (SENTIUM_BUILD_TESTING) gtest_main ) - if (SENTIUM_ENABLE_COVERAGE) + if (RUEK_ENABLE_COVERAGE) target_compile_options(svc_tests PRIVATE -fprofile-instr-generate -fcoverage-mapping ) From 7e46d05017818ce522c585e19a4f8e3d342f64d2 Mon Sep 17 00:00:00 2001 From: Uditha Atukorala Date: Mon, 23 Sep 2024 18:23:42 +0100 Subject: [PATCH 2/7] update builds to reference 'ruek' (instead of 'sentium') --- Containerfile | 8 ++++---- Makefile | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Containerfile b/Containerfile index 41c6f356..7427b967 100644 --- a/Containerfile +++ b/Containerfile @@ -13,7 +13,7 @@ WORKDIR /tmp RUN cmake -B build -G Ninja -S source/ \ -DCMAKE_BUILD_TYPE=Release \ - -DSENTIUM_BUILD_TESTING=OFF + -DRUEK_BUILD_TESTING=OFF RUN cmake --build build/ --config Release @@ -26,8 +26,8 @@ RUN apt-get update \ libpq5 \ libprotobuf32 -COPY --from=builder /tmp/build/bin/sentium /opt/sentium/bin/ +COPY --from=builder /tmp/build/bin/ruek /opt/ruek/bin/ -WORKDIR /opt/sentium -ENTRYPOINT [ "bin/sentium" ] +WORKDIR /opt/ruek +ENTRYPOINT [ "bin/ruek" ] EXPOSE 8080 diff --git a/Makefile b/Makefile index 52ab037b..bdee2bd8 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ builddir = .build bindir = $(builddir)/bin -binary = $(bindir)/sentium +binary = $(bindir)/ruek benchbin = $(binary)_bench buildfile = $(builddir)/build.ninja From c57efe703255d07225f1b5cf70d1d39ae22e6b4b Mon Sep 17 00:00:00 2001 From: Uditha Atukorala Date: Mon, 23 Sep 2024 18:27:02 +0100 Subject: [PATCH 3/7] (github) rename sentium -> ruek --- .github/workflows/ci.yaml | 18 +++++++++--------- .github/workflows/publish.yaml | 2 +- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 7585b245..b4d18db0 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -16,9 +16,9 @@ jobs: services: postgres: env: - POSTGRES_DB: test-sentium - POSTGRES_PASSWORD: sentium - POSTGRES_USER: sentium + POSTGRES_DB: test-ruek + POSTGRES_PASSWORD: ruek + POSTGRES_USER: ruek image: postgres:15 options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 ports: @@ -41,19 +41,19 @@ jobs: - name: Setup Postgres run: psql < db/schema.sql env: - PGDATABASE: test-sentium + PGDATABASE: test-ruek PGHOST: postgres - PGPASSWORD: sentium - PGUSER: sentium + PGPASSWORD: ruek + PGUSER: ruek - name: Build run: make - name: Generate code coverage reports run: make coverage:lcov env: - PGDATABASE: test-sentium + PGDATABASE: test-ruek PGHOST: postgres - PGPASSWORD: sentium - PGUSER: sentium + PGPASSWORD: ruek + PGUSER: ruek - name: Upload coverage to Codecov uses: codecov/codecov-action@v3 with: diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 218064c7..75fb38ef 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -46,7 +46,7 @@ jobs: tags: ${{ steps.meta.outputs.tags }} - uses: actions/delete-package-versions@v5 with: - package-name: sentium + package-name: ruek package-type: container min-versions-to-keep: 2 delete-only-untagged-versions: true From 201fe2323b281c47db720fecfecf5031410d753d Mon Sep 17 00:00:00 2001 From: Uditha Atukorala Date: Mon, 23 Sep 2024 21:05:04 +0100 Subject: [PATCH 4/7] (proto) rename sentium -> ruek --- bench/relations_test.cpp | 2 +- proto/CMakeLists.txt | 44 +++++++++---------- proto/{sentium => ruek}/api/v1/authz.proto | 2 +- proto/{sentium => ruek}/api/v1/entities.proto | 2 +- .../{sentium => ruek}/api/v1/principals.proto | 2 +- .../{sentium => ruek}/api/v1/relations.proto | 2 +- .../{sentium => ruek}/detail/pagination.proto | 2 +- src/svc/authz.h | 4 +- src/svc/authz_test.cpp | 2 +- src/svc/entities.cpp | 22 +++++----- src/svc/entities.h | 8 ++-- src/svc/entities_test.cpp | 2 +- src/svc/principals.cpp | 6 +-- src/svc/principals.h | 4 +- src/svc/principals_test.cpp | 2 +- src/svc/relations.cpp | 17 ++++--- src/svc/relations.h | 11 +++-- src/svc/relations_test.cpp | 2 +- 18 files changed, 67 insertions(+), 69 deletions(-) rename proto/{sentium => ruek}/api/v1/authz.proto (97%) rename proto/{sentium => ruek}/api/v1/entities.proto (98%) rename proto/{sentium => ruek}/api/v1/principals.proto (98%) rename proto/{sentium => ruek}/api/v1/relations.proto (99%) rename proto/{sentium => ruek}/detail/pagination.proto (74%) diff --git a/bench/relations_test.cpp b/bench/relations_test.cpp index ae732b06..ef665f4a 100644 --- a/bench/relations_test.cpp +++ b/bench/relations_test.cpp @@ -6,7 +6,7 @@ #include "svc/common.h" #include "svc/svc.h" -using namespace sentium::api::v1::Relations; +using namespace ruek::api::v1::Relations; class bm_relations : public benchmark::Fixture { public: diff --git a/proto/CMakeLists.txt b/proto/CMakeLists.txt index 9560f24a..5b3902b6 100644 --- a/proto/CMakeLists.txt +++ b/proto/CMakeLists.txt @@ -1,22 +1,22 @@ -cmake_path(SET authz_proto ${CMAKE_CURRENT_SOURCE_DIR}/sentium/api/v1/authz.proto) -cmake_path(SET authz_grpcxx_header ${CMAKE_CURRENT_BINARY_DIR}/sentium/api/v1/authz.grpcxx.pb.h) -cmake_path(SET authz_header ${CMAKE_CURRENT_BINARY_DIR}/sentium/api/v1/authz.pb.h) -cmake_path(SET authz_source ${CMAKE_CURRENT_BINARY_DIR}/sentium/api/v1/authz.pb.cc) - -cmake_path(SET principals_proto ${CMAKE_CURRENT_SOURCE_DIR}/sentium/api/v1/principals.proto) -cmake_path(SET principals_grpcxx_header ${CMAKE_CURRENT_BINARY_DIR}/sentium/api/v1/principals.grpcxx.pb.h) -cmake_path(SET principals_header ${CMAKE_CURRENT_BINARY_DIR}/sentium/api/v1/principals.pb.h) -cmake_path(SET principals_source ${CMAKE_CURRENT_BINARY_DIR}/sentium/api/v1/principals.pb.cc) - -cmake_path(SET relations_proto ${CMAKE_CURRENT_SOURCE_DIR}/sentium/api/v1/relations.proto) -cmake_path(SET relations_grpcxx_header ${CMAKE_CURRENT_BINARY_DIR}/sentium/api/v1/relations.grpcxx.pb.h) -cmake_path(SET relations_header ${CMAKE_CURRENT_BINARY_DIR}/sentium/api/v1/relations.pb.h) -cmake_path(SET relations_source ${CMAKE_CURRENT_BINARY_DIR}/sentium/api/v1/relations.pb.cc) - -cmake_path(SET entities_proto ${CMAKE_CURRENT_SOURCE_DIR}/sentium/api/v1/entities.proto) -cmake_path(SET entities_grpcxx_header ${CMAKE_CURRENT_BINARY_DIR}/sentium/api/v1/entities.grpcxx.pb.h) -cmake_path(SET entities_header ${CMAKE_CURRENT_BINARY_DIR}/sentium/api/v1/entities.pb.h) -cmake_path(SET entities_source ${CMAKE_CURRENT_BINARY_DIR}/sentium/api/v1/entities.pb.cc) +cmake_path(SET authz_proto ${CMAKE_CURRENT_SOURCE_DIR}/ruek/api/v1/authz.proto) +cmake_path(SET authz_grpcxx_header ${CMAKE_CURRENT_BINARY_DIR}/ruek/api/v1/authz.grpcxx.pb.h) +cmake_path(SET authz_header ${CMAKE_CURRENT_BINARY_DIR}/ruek/api/v1/authz.pb.h) +cmake_path(SET authz_source ${CMAKE_CURRENT_BINARY_DIR}/ruek/api/v1/authz.pb.cc) + +cmake_path(SET principals_proto ${CMAKE_CURRENT_SOURCE_DIR}/ruek/api/v1/principals.proto) +cmake_path(SET principals_grpcxx_header ${CMAKE_CURRENT_BINARY_DIR}/ruek/api/v1/principals.grpcxx.pb.h) +cmake_path(SET principals_header ${CMAKE_CURRENT_BINARY_DIR}/ruek/api/v1/principals.pb.h) +cmake_path(SET principals_source ${CMAKE_CURRENT_BINARY_DIR}/ruek/api/v1/principals.pb.cc) + +cmake_path(SET relations_proto ${CMAKE_CURRENT_SOURCE_DIR}/ruek/api/v1/relations.proto) +cmake_path(SET relations_grpcxx_header ${CMAKE_CURRENT_BINARY_DIR}/ruek/api/v1/relations.grpcxx.pb.h) +cmake_path(SET relations_header ${CMAKE_CURRENT_BINARY_DIR}/ruek/api/v1/relations.pb.h) +cmake_path(SET relations_source ${CMAKE_CURRENT_BINARY_DIR}/ruek/api/v1/relations.pb.cc) + +cmake_path(SET entities_proto ${CMAKE_CURRENT_SOURCE_DIR}/ruek/api/v1/entities.proto) +cmake_path(SET entities_grpcxx_header ${CMAKE_CURRENT_BINARY_DIR}/ruek/api/v1/entities.grpcxx.pb.h) +cmake_path(SET entities_header ${CMAKE_CURRENT_BINARY_DIR}/ruek/api/v1/entities.pb.h) +cmake_path(SET entities_source ${CMAKE_CURRENT_BINARY_DIR}/ruek/api/v1/entities.pb.cc) set(protos ${authz_proto} @@ -54,9 +54,9 @@ add_custom_command( ) -cmake_path(SET detail_pagination_proto ${CMAKE_CURRENT_SOURCE_DIR}/sentium/detail/pagination.proto) -cmake_path(SET detail_pagination_header ${CMAKE_CURRENT_BINARY_DIR}/sentium/detail/pagination.pb.h) -cmake_path(SET detail_pagination_source ${CMAKE_CURRENT_BINARY_DIR}/sentium/detail/pagination.pb.cc) +cmake_path(SET detail_pagination_proto ${CMAKE_CURRENT_SOURCE_DIR}/ruek/detail/pagination.proto) +cmake_path(SET detail_pagination_header ${CMAKE_CURRENT_BINARY_DIR}/ruek/detail/pagination.pb.h) +cmake_path(SET detail_pagination_source ${CMAKE_CURRENT_BINARY_DIR}/ruek/detail/pagination.pb.cc) set(detail_protos ${detail_pagination_proto} diff --git a/proto/sentium/api/v1/authz.proto b/proto/ruek/api/v1/authz.proto similarity index 97% rename from proto/sentium/api/v1/authz.proto rename to proto/ruek/api/v1/authz.proto index 87f04cef..bc84ee04 100644 --- a/proto/sentium/api/v1/authz.proto +++ b/proto/ruek/api/v1/authz.proto @@ -1,6 +1,6 @@ syntax = "proto3"; -package sentium.api.v1; +package ruek.api.v1; import "google/protobuf/struct.proto"; import "google/api/annotations.proto"; diff --git a/proto/sentium/api/v1/entities.proto b/proto/ruek/api/v1/entities.proto similarity index 98% rename from proto/sentium/api/v1/entities.proto rename to proto/ruek/api/v1/entities.proto index be0e364a..6dfbf90a 100644 --- a/proto/sentium/api/v1/entities.proto +++ b/proto/ruek/api/v1/entities.proto @@ -1,6 +1,6 @@ syntax = "proto3"; -package sentium.api.v1; +package ruek.api.v1; import "google/api/annotations.proto"; import "google/protobuf/struct.proto"; diff --git a/proto/sentium/api/v1/principals.proto b/proto/ruek/api/v1/principals.proto similarity index 98% rename from proto/sentium/api/v1/principals.proto rename to proto/ruek/api/v1/principals.proto index 467dfe68..449befbb 100644 --- a/proto/sentium/api/v1/principals.proto +++ b/proto/ruek/api/v1/principals.proto @@ -1,6 +1,6 @@ syntax = "proto3"; -package sentium.api.v1; +package ruek.api.v1; import "google/api/annotations.proto"; import "google/protobuf/struct.proto"; diff --git a/proto/sentium/api/v1/relations.proto b/proto/ruek/api/v1/relations.proto similarity index 99% rename from proto/sentium/api/v1/relations.proto rename to proto/ruek/api/v1/relations.proto index 3ffbb1af..07d07602 100644 --- a/proto/sentium/api/v1/relations.proto +++ b/proto/ruek/api/v1/relations.proto @@ -1,6 +1,6 @@ syntax = "proto3"; -package sentium.api.v1; +package ruek.api.v1; import "google/protobuf/struct.proto"; import "google/api/annotations.proto"; diff --git a/proto/sentium/detail/pagination.proto b/proto/ruek/detail/pagination.proto similarity index 74% rename from proto/sentium/detail/pagination.proto rename to proto/ruek/detail/pagination.proto index 9adfa839..08a07830 100644 --- a/proto/sentium/detail/pagination.proto +++ b/proto/ruek/detail/pagination.proto @@ -1,6 +1,6 @@ syntax = "proto3"; -package sentium.detail; +package ruek.detail; message PaginationToken { string last_id = 1; diff --git a/src/svc/authz.h b/src/svc/authz.h index 51561e89..d32da853 100644 --- a/src/svc/authz.h +++ b/src/svc/authz.h @@ -2,11 +2,11 @@ #include #include "db/tuples.h" -#include "sentium/api/v1/authz.grpcxx.pb.h" +#include "ruek/api/v1/authz.grpcxx.pb.h" namespace svc { namespace authz { -using namespace sentium::api::v1::Authz; +using namespace ruek::api::v1::Authz; class Impl { public: diff --git a/src/svc/authz_test.cpp b/src/svc/authz_test.cpp index 40700929..0a2fd763 100644 --- a/src/svc/authz_test.cpp +++ b/src/svc/authz_test.cpp @@ -7,7 +7,7 @@ #include "common.h" #include "svc.h" -using namespace sentium::api::v1::Authz; +using namespace ruek::api::v1::Authz; class svc_AuthzTest : public testing::Test { protected: diff --git a/src/svc/entities.cpp b/src/svc/entities.cpp index f09aa179..da160ccd 100644 --- a/src/svc/entities.cpp +++ b/src/svc/entities.cpp @@ -4,7 +4,7 @@ #include #include "encoding/b32.h" -#include "sentium/detail/pagination.pb.h" +#include "ruek/detail/pagination.pb.h" #include "common.h" @@ -14,7 +14,7 @@ template <> rpcList::result_type Impl::call(grpcxx::context &ctx, const rpcList::request_type &req) { std::string lastId; if (req.has_pagination_token()) { - sentium::detail::PaginationToken pbToken; + ruek::detail::PaginationToken pbToken; if (pbToken.ParseFromString(encoding::b32::decode(req.pagination_token()))) { lastId = pbToken.last_id(); } @@ -52,7 +52,7 @@ rpcList::result_type Impl::call(grpcxx::context &ctx, const rpcList::re auto response = map(results); if (results.size() == limit) { - sentium::detail::PaginationToken pbToken; + ruek::detail::PaginationToken pbToken; pbToken.set_last_id(results.back().rEntityId()); auto strToken = encoding::b32::encode(pbToken.SerializeAsString()); @@ -67,7 +67,7 @@ rpcListPrincipals::result_type Impl::call( grpcxx::context &ctx, const rpcListPrincipals::request_type &req) { std::string lastId; if (req.has_pagination_token()) { - sentium::detail::PaginationToken pbToken; + ruek::detail::PaginationToken pbToken; if (pbToken.ParseFromString(encoding::b32::decode(req.pagination_token()))) { lastId = pbToken.last_id(); } @@ -106,7 +106,7 @@ rpcListPrincipals::result_type Impl::call( auto response = map(results); if (results.size() == limit) { - sentium::detail::PaginationToken pbToken; + ruek::detail::PaginationToken pbToken; pbToken.set_last_id(*results.back().lPrincipalId()); auto strToken = encoding::b32::encode(pbToken.SerializeAsString()); @@ -129,7 +129,7 @@ template <> rpcList::response_type Impl::map(const db::Tuples &from) const noexc auto *arr = to.mutable_entities(); arr->Reserve(from.size()); for (const auto &t : from) { - arr->Add(map(t)); + arr->Add(map(t)); } return to; @@ -141,14 +141,14 @@ template <> rpcListPrincipals::response_type Impl::map(const db::Tuples &from) c auto *arr = to.mutable_principals(); arr->Reserve(from.size()); for (const auto &t : from) { - arr->Add(map(t)); + arr->Add(map(t)); } return to; } -template <> sentium::api::v1::EntitiesEntity Impl::map(const db::Tuple &from) const noexcept { - sentium::api::v1::EntitiesEntity to; +template <> ruek::api::v1::EntitiesEntity Impl::map(const db::Tuple &from) const noexcept { + ruek::api::v1::EntitiesEntity to; to.set_id(from.rEntityId()); to.set_type(from.rEntityType()); @@ -159,8 +159,8 @@ template <> sentium::api::v1::EntitiesEntity Impl::map(const db::Tuple &from) co return to; } -template <> sentium::api::v1::EntitiesPrincipal Impl::map(const db::Tuple &from) const noexcept { - sentium::api::v1::EntitiesPrincipal to; +template <> ruek::api::v1::EntitiesPrincipal Impl::map(const db::Tuple &from) const noexcept { + ruek::api::v1::EntitiesPrincipal to; to.set_id(*from.lPrincipalId()); if (from.attrs()) { diff --git a/src/svc/entities.h b/src/svc/entities.h index f5fc439f..6a623927 100644 --- a/src/svc/entities.h +++ b/src/svc/entities.h @@ -3,11 +3,11 @@ #include #include "db/tuples.h" -#include "sentium/api/v1/entities.grpcxx.pb.h" +#include "ruek/api/v1/entities.grpcxx.pb.h" namespace svc { namespace entities { -using namespace sentium::api::v1::Entities; +using namespace ruek::api::v1::Entities; class Impl { public: @@ -33,8 +33,8 @@ class Impl { template <> rpcList::response_type map(const db::Tuples &from) const noexcept; template <> rpcListPrincipals::response_type map(const db::Tuples &from) const noexcept; - template <> sentium::api::v1::EntitiesEntity map(const db::Tuple &from) const noexcept; - template <> sentium::api::v1::EntitiesPrincipal map(const db::Tuple &from) const noexcept; + template <> ruek::api::v1::EntitiesEntity map(const db::Tuple &from) const noexcept; + template <> ruek::api::v1::EntitiesPrincipal map(const db::Tuple &from) const noexcept; }; } // namespace entities } // namespace svc diff --git a/src/svc/entities_test.cpp b/src/svc/entities_test.cpp index 73fd251b..afacf059 100644 --- a/src/svc/entities_test.cpp +++ b/src/svc/entities_test.cpp @@ -7,7 +7,7 @@ #include "common.h" #include "svc.h" -using namespace sentium::api::v1::Entities; +using namespace ruek::api::v1::Entities; class svc_EntitiesTest : public testing::Test { protected: diff --git a/src/svc/principals.cpp b/src/svc/principals.cpp index 2e2a7778..05749855 100644 --- a/src/svc/principals.cpp +++ b/src/svc/principals.cpp @@ -5,7 +5,7 @@ #include "encoding/b32.h" #include "err/errors.h" -#include "sentium/detail/pagination.pb.h" +#include "ruek/detail/pagination.pb.h" #include "common.h" @@ -49,7 +49,7 @@ rpcList::result_type Impl::call(grpcxx::context &ctx, const rpcList::re std::string lastId; if (req.has_pagination_token()) { - sentium::detail::PaginationToken pbToken; + ruek::detail::PaginationToken pbToken; if (pbToken.ParseFromString(encoding::b32::decode(req.pagination_token()))) { lastId = pbToken.last_id(); } @@ -64,7 +64,7 @@ rpcList::result_type Impl::call(grpcxx::context &ctx, const rpcList::re auto response = map(results); if (results.size() == limit) { - sentium::detail::PaginationToken pbToken; + ruek::detail::PaginationToken pbToken; pbToken.set_last_id(results.back().id()); auto strToken = encoding::b32::encode(pbToken.SerializeAsString()); diff --git a/src/svc/principals.h b/src/svc/principals.h index 34f7bed6..a4434932 100644 --- a/src/svc/principals.h +++ b/src/svc/principals.h @@ -3,11 +3,11 @@ #include #include "db/principals.h" -#include "sentium/api/v1/principals.grpcxx.pb.h" +#include "ruek/api/v1/principals.grpcxx.pb.h" namespace svc { namespace principals { -using namespace sentium::api::v1::Principals; +using namespace ruek::api::v1::Principals; class Impl { public: diff --git a/src/svc/principals_test.cpp b/src/svc/principals_test.cpp index e876a51f..cc89e98f 100644 --- a/src/svc/principals_test.cpp +++ b/src/svc/principals_test.cpp @@ -7,7 +7,7 @@ #include "common.h" #include "svc.h" -using namespace sentium::api::v1::Principals; +using namespace ruek::api::v1::Principals; class svc_PrincipalsTest : public testing::Test { protected: diff --git a/src/svc/relations.cpp b/src/svc/relations.cpp index 7d6022c6..fbb6f165 100644 --- a/src/svc/relations.cpp +++ b/src/svc/relations.cpp @@ -9,7 +9,7 @@ #include "db/tuplets.h" #include "encoding/b32.h" #include "err/errors.h" -#include "sentium/detail/pagination.pb.h" +#include "ruek/detail/pagination.pb.h" #include "common.h" @@ -262,7 +262,7 @@ rpcListLeft::result_type Impl::call( std::string lastId; if (req.has_pagination_token()) { - sentium::detail::PaginationToken pbToken; + ruek::detail::PaginationToken pbToken; if (pbToken.ParseFromString(encoding::b32::decode(req.pagination_token()))) { lastId = pbToken.last_id(); } @@ -279,7 +279,7 @@ rpcListLeft::result_type Impl::call( map(results, response.mutable_tuples()); if (results.size() == limit) { - sentium::detail::PaginationToken pbToken; + ruek::detail::PaginationToken pbToken; pbToken.set_last_id(results.back().lEntityId()); auto strToken = encoding::b32::encode(pbToken.SerializeAsString()); @@ -307,7 +307,7 @@ rpcListRight::result_type Impl::call( std::string lastId; if (req.has_pagination_token()) { - sentium::detail::PaginationToken pbToken; + ruek::detail::PaginationToken pbToken; if (pbToken.ParseFromString(encoding::b32::decode(req.pagination_token()))) { lastId = pbToken.last_id(); } @@ -324,7 +324,7 @@ rpcListRight::result_type Impl::call( map(results, response.mutable_tuples()); if (results.size() == limit) { - sentium::detail::PaginationToken pbToken; + ruek::detail::PaginationToken pbToken; pbToken.set_last_id(results.back().rEntityId()); auto strToken = encoding::b32::encode(pbToken.SerializeAsString()); @@ -497,7 +497,7 @@ rpcCreate::response_type Impl::map(const db::Tuple &from) const noexcept { return to; } -void Impl::map(const db::Tuple &from, sentium::api::v1::Tuple *to) const noexcept { +void Impl::map(const db::Tuple &from, ruek::api::v1::Tuple *to) const noexcept { to->set_id(from.id()); to->set_space_id(from.spaceId()); @@ -536,9 +536,8 @@ void Impl::map(const db::Tuple &from, sentium::api::v1::Tuple *to) const noexcep } } -void Impl::map( - const db::Tuples &from, - google::protobuf::RepeatedPtrField *to) const noexcept { +void Impl::map(const db::Tuples &from, google::protobuf::RepeatedPtrField *to) + const noexcept { to->Reserve(from.size()); for (const auto &t : from) { diff --git a/src/svc/relations.h b/src/svc/relations.h index a6a3b258..ebb3db53 100644 --- a/src/svc/relations.h +++ b/src/svc/relations.h @@ -6,11 +6,11 @@ #include #include "db/tuples.h" -#include "sentium/api/v1/relations.grpcxx.pb.h" +#include "ruek/api/v1/relations.grpcxx.pb.h" namespace svc { namespace relations { -using namespace sentium::api::v1::Relations; +using namespace ruek::api::v1::Relations; class Impl { public: @@ -57,10 +57,9 @@ class Impl { rpcCreate::response_type map(const db::Tuple &from) const noexcept; - void map(const db::Tuple &from, sentium::api::v1::Tuple *to) const noexcept; - void map( - const db::Tuples &from, - google::protobuf::RepeatedPtrField *to) const noexcept; + void map(const db::Tuple &from, ruek::api::v1::Tuple *to) const noexcept; + void map(const db::Tuples &from, google::protobuf::RepeatedPtrField *to) + const noexcept; // Check for a relation between left and right entities using the `graph` algorithm. graph_t graph( diff --git a/src/svc/relations_test.cpp b/src/svc/relations_test.cpp index 28c7b8d2..0c593bbb 100644 --- a/src/svc/relations_test.cpp +++ b/src/svc/relations_test.cpp @@ -7,7 +7,7 @@ #include "common.h" #include "svc.h" -using namespace sentium::api::v1::Relations; +using namespace ruek::api::v1::Relations; class svc_RelationsTest : public testing::Test { protected: From eed9fe31698f5aaf49ce21ad925da383fb79a5d1 Mon Sep 17 00:00:00 2001 From: Uditha Atukorala Date: Mon, 23 Sep 2024 21:06:28 +0100 Subject: [PATCH 5/7] (err) rename sentium -> ruek --- src/err/errors.h | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/src/err/errors.h b/src/err/errors.h index e477e498..489cadae 100644 --- a/src/err/errors.h +++ b/src/err/errors.h @@ -3,30 +3,30 @@ #include "basic_error.h" namespace err { -using DbConnectionUnavailable = basic_error<"sentium:1.0.1.503", "Unavailable">; -using DbTimeout = basic_error<"sentium:1.0.2.503", "Operation timed out">; +using DbConnectionUnavailable = basic_error<"ruek:1.0.1.503", "Unavailable">; +using DbTimeout = basic_error<"ruek:1.0.2.503", "Operation timed out">; -using DbRevisionMismatch = basic_error<"sentium:1.1.1.409", "Revision mismatch">; +using DbRevisionMismatch = basic_error<"ruek:1.1.1.409", "Revision mismatch">; -using DbPrincipalInvalidData = basic_error<"sentium:1.2.1.400", "Invalid principal data">; -using DbPrincipalNotFound = basic_error<"sentium:1.2.2.404", "Principal not found">; +using DbPrincipalInvalidData = basic_error<"ruek:1.2.1.400", "Invalid principal data">; +using DbPrincipalNotFound = basic_error<"ruek:1.2.2.404", "Principal not found">; -using DbRecordInvalidData = basic_error<"sentium:1.3.1.400", "Invalid principal data">; -using DbRecordInvalidPrincipalId = basic_error<"sentium:1.3.2.400", "Invalid principal for record">; +using DbRecordInvalidData = basic_error<"ruek:1.3.1.400", "Invalid principal data">; +using DbRecordInvalidPrincipalId = basic_error<"ruek:1.3.2.400", "Invalid principal for record">; -using DbTupleAlreadyExists = basic_error<"sentium:1.4.4.409", "Tuple already exists">; -using DbTupleInvalidData = basic_error<"sentium:1.4.1.400", "Invalid tuple data">; -using DbTupleInvalidKey = basic_error<"sentium:1.4.2.400", "Invalid reference key for tuple">; -using DbTupleNotFound = basic_error<"sentium:1.4.3.404", "Tuple not found">; +using DbTupleAlreadyExists = basic_error<"ruek:1.4.4.409", "Tuple already exists">; +using DbTupleInvalidData = basic_error<"ruek:1.4.1.400", "Invalid tuple data">; +using DbTupleInvalidKey = basic_error<"ruek:1.4.2.400", "Invalid reference key for tuple">; +using DbTupleNotFound = basic_error<"ruek:1.4.3.404", "Tuple not found">; using DbTuplesInvalidListArgs = - basic_error<"sentium:1.4.4.400", "Invalid arguments for listing tuples">; + basic_error<"ruek:1.4.4.400", "Invalid arguments for listing tuples">; using DbTupletsInvalidListArgs = - basic_error<"sentium:1.4.5.400", "Invalid arguments for listing tuplets">; + basic_error<"ruek:1.4.5.400", "Invalid arguments for listing tuplets">; -using RpcPrincipalsAlreadyExists = basic_error<"sentium:2.1.1.409", "Principal already exists">; -using RpcPrincipalsNotFound = basic_error<"sentium:2.1.2.404", "Principal not found">; +using RpcPrincipalsAlreadyExists = basic_error<"ruek:2.1.1.409", "Principal already exists">; +using RpcPrincipalsNotFound = basic_error<"ruek:2.1.2.404", "Principal not found">; -using RpcRelationsInvalidStrategy = basic_error<"sentium:2.2.1.400", "Invalid relations strategy">; +using RpcRelationsInvalidStrategy = basic_error<"ruek:2.2.1.400", "Invalid relations strategy">; } // namespace err From eca34cbb023808463947de589369ffbc7fa32b83 Mon Sep 17 00:00:00 2001 From: Uditha Atukorala Date: Mon, 23 Sep 2024 21:12:10 +0100 Subject: [PATCH 6/7] update docs Change sentium -> ruek --- README.md | 56 ++++++++++++++++++------------------- changelog.md | 76 +++++++++++++++++++++++++-------------------------- docs/rebac.md | 26 +++++++++--------- 3 files changed, 79 insertions(+), 79 deletions(-) diff --git a/README.md b/README.md index 15af868e..93f38101 100644 --- a/README.md +++ b/README.md @@ -1,21 +1,21 @@ -# 🔐 Sentium +# 🔐 Ruek -[![license](https://img.shields.io/github/license/uatuko/sentium)](https://raw.githubusercontent.com/uatuko/sentium/main/LICENSE) -[![codecov](https://codecov.io/gh/uatuko/sentium/graph/badge.svg?token=KR9MkDkk8s)](https://codecov.io/gh/uatuko/sentium) -[![discussions](https://img.shields.io/github/discussions/uatuko/sentium)](https://github.com/uatuko/sentium/discussions) -[![release](https://img.shields.io/github/v/release/uatuko/sentium)](https://github.com/uatuko/sentium/releases) +[![license](https://img.shields.io/github/license/uatuko/ruek)](https://raw.githubusercontent.com/uatuko/ruek/main/LICENSE) +[![codecov](https://codecov.io/gh/uatuko/ruek/graph/badge.svg?token=KR9MkDkk8s)](https://codecov.io/gh/uatuko/ruek) +[![discussions](https://img.shields.io/github/discussions/uatuko/ruek)](https://github.com/uatuko/ruek/discussions) +[![release](https://img.shields.io/github/v/release/uatuko/ruek)](https://github.com/uatuko/ruek/releases) Lightning fast, global scale authorization service without the overhead of yet another DSL[^1]. -## What is Sentium? +## What is Ruek? -Sentium is an authorization service for securing your applications and services using zero trust[^2] +Ruek is an authorization service for securing your applications and services using zero trust[^2] fine-grained authorization (FGA). -We designed Sentium to be as powerful and scalable as [Zanzibar — Google’s Consistent, Global Authorization System](https://research.google/pubs/zanzibar-googles-consistent-global-authorization-system/) +We designed Ruek to be as powerful and scalable as [Zanzibar — Google’s Consistent, Global Authorization System](https://research.google/pubs/zanzibar-googles-consistent-global-authorization-system/) yet simple enough to start using without the overhead of having to learn a new DSL to define authorization models or policies. -### Why Sentium? +### Why Ruek? There are other open-source (and commercial) authorization services, some are inspired by Google Zanzibar while others tend to offer policy-as-code solutions. But almost all of these solutions require learning @@ -24,7 +24,7 @@ a new DSL to create authorization models or define policies, which adds unnecess Using an authorization service shouldn't come with a requirement to be an expert in building and maintaining authorization models or policies. It should be as easy as using an API. -Sentium lean on well known API design principals to provide an authorization service that's easy to +Ruek lean on well known API design principals to provide an authorization service that's easy to integrate, quick to master and flexible enough to handle complex requirements. @@ -62,11 +62,11 @@ You can find a bit more detailed documentation in [docs/](docs/README.md). ❯ cmake -B .build -G Ninja \ -DCMAKE_BUILD_TYPE=Release \ -DPostgreSQL_ADDITIONAL_VERSIONS=16 \ - -DSENTIUM_ENABLE_COVERAGE=OFF + -Druek_ENABLE_COVERAGE=OFF ``` ``` -❯ cmake --build .build --target sentium +❯ cmake --build .build --target ruek ``` ### Setting-up @@ -76,20 +76,20 @@ You can find a bit more detailed documentation in [docs/](docs/README.md). psql (16.1) Type "help" for help. -postgres=# create user sentium; +postgres=# create user ruek; CREATE ROLE -postgres=# create database sentium owner sentium; +postgres=# create database ruek owner ruek; CREATE DATABASE ``` ``` -❯ psql --username=sentium --dbname=sentium < db/schema.sql +❯ psql --username=ruek --dbname=ruek < db/schema.sql ``` ### Running ``` -❯ PGDATABASE=sentium PGUSER=sentium ./.build/bin/sentium +❯ PGDATABASE=ruek PGUSER=ruek ./.build/bin/ruek Listening on [127.0.0.1:8080] ... ``` @@ -102,9 +102,9 @@ Listening on [127.0.0.1:8080] ... ❯ grpcurl \ -import-path proto \ -import-path ./.build/_deps/googleapis-src \ - -proto proto/sentium/api/v1/principals.proto \ + -proto proto/ruek/api/v1/principals.proto \ -plaintext \ - localhost:8080 sentium.api.v1.Principals/Create + localhost:8080 ruek.api.v1.Principals/Create { "id": "cn7qtdu56a1cqrj8kur0" @@ -117,14 +117,14 @@ Listening on [127.0.0.1:8080] ... ❯ grpcurl \ -import-path proto \ -import-path ./.build/_deps/googleapis-src \ - -proto proto/sentium/api/v1/authz.proto \ + -proto proto/ruek/api/v1/authz.proto \ -plaintext \ -d '{ "principal_id": "cn7qtdu56a1cqrj8kur0", "entity_type": "documents", "entity_id": "65bd28aaa076ee8c8463cff8" }' \ - localhost:8080 sentium.api.v1.Authz/Grant + localhost:8080 ruek.api.v1.Authz/Grant {} ``` @@ -135,14 +135,14 @@ Listening on [127.0.0.1:8080] ... ❯ grpcurl \ -import-path proto \ -import-path ./.build/_deps/googleapis-src \ - -proto proto/sentium/api/v1/authz.proto \ + -proto proto/ruek/api/v1/authz.proto \ -plaintext \ -d '{ "principal_id": "cn7qtdu56a1cqrj8kur0", "entity_type": "documents", "entity_id": "65bd28aaa076ee8c8463cff8" }' \ - localhost:8080 sentium.api.v1.Authz/Check + localhost:8080 ruek.api.v1.Authz/Check { "ok": true @@ -155,9 +155,9 @@ Listening on [127.0.0.1:8080] ... ❯ grpcurl \ -import-path proto \ -import-path ./.build/_deps/googleapis-src \ - -proto proto/sentium/api/v1/principals.proto \ + -proto proto/ruek/api/v1/principals.proto \ -plaintext \ - localhost:8080 sentium.api.v1.Principals/List + localhost:8080 ruek.api.v1.Principals/List { "principals": [ @@ -177,13 +177,13 @@ Listening on [127.0.0.1:8080] ... ❯ grpcurl \ -import-path proto \ -import-path ./.build/_deps/googleapis-src \ - -proto proto/sentium/api/v1/entities.proto \ + -proto proto/ruek/api/v1/entities.proto \ -plaintext \ -d '{ "principal_id": "cn7qtdu56a1cqrj8kur0", "entity_type": "documents" }' \ - localhost:8080 sentium.api.v1.Entities/List + localhost:8080 ruek.api.v1.Entities/List { "entities": [ @@ -201,13 +201,13 @@ Listening on [127.0.0.1:8080] ... ❯ grpcurl \ -import-path proto \ -import-path ./.build/_deps/googleapis-src \ - -proto proto/sentium/api/v1/entities.proto \ + -proto proto/ruek/api/v1/entities.proto \ -plaintext \ -d '{ "entity_type": "documents", "entity_id": "65bd28aaa076ee8c8463cff8" }' \ - localhost:8080 sentium.api.v1.Entities/ListPrincipals + localhost:8080 ruek.api.v1.Entities/ListPrincipals { "principals": [ diff --git a/changelog.md b/changelog.md index e1c90182..7a01f5fc 100644 --- a/changelog.md +++ b/changelog.md @@ -3,70 +3,70 @@ ## v0.3.1 - 4th June, 2024 ### 🔦 Spotlight -* Significantly reduce the lookup costs for checking relations when using _graph_ strategy (https://github.com/uatuko/sentium/pull/103) +* Significantly reduce the lookup costs for checking relations when using _graph_ strategy (https://github.com/uatuko/ruek/pull/103) ### What's Changed -* Traverse relations graph right to left when checking relations by @uatuko in https://github.com/uatuko/sentium/pull/103 +* Traverse relations graph right to left when checking relations by @uatuko in https://github.com/uatuko/ruek/pull/103 -**Full Changelog**: https://github.com/uatuko/sentium/compare/v0.3.0...v0.3.1 +**Full Changelog**: https://github.com/uatuko/ruek/compare/v0.3.0...v0.3.1 ## v0.3.0 - 1st June, 2024 ### 🔦 Spotlight -* Full ReBAC implementation with multiple optimisation strategies (https://github.com/uatuko/sentium/issues/73) +* Full ReBAC implementation with multiple optimisation strategies (https://github.com/uatuko/ruek/issues/73) ### ⚠️ Breaking changes -* **DB**: Unused `_rid` column is removed from `tuples` table and replaced by new `_rid_l` and `_rid_r` columns (https://github.com/uatuko/sentium/pull/98) -* **gRPC**: `cost` fields in _Relations_ service response messages have been changed from `uint32` to `int32` (https://github.com/uatuko/sentium/pull/98) +* **DB**: Unused `_rid` column is removed from `tuples` table and replaced by new `_rid_l` and `_rid_r` columns (https://github.com/uatuko/ruek/pull/98) +* **gRPC**: `cost` fields in _Relations_ service response messages have been changed from `uint32` to `int32` (https://github.com/uatuko/ruek/pull/98) ### What's Changed -* Bump golang.org/x/net from 0.19.0 to 0.23.0 in /examples/fileshare by @dependabot in https://github.com/uatuko/sentium/pull/87 -* ReBAC: Optimise when creating relations by @uatuko in https://github.com/uatuko/sentium/pull/98 -* ReBAC: Optimisation strategies by @uatuko in https://github.com/uatuko/sentium/pull/99 -* ReBAC: `set` strategy for checking relations by @uatuko in https://github.com/uatuko/sentium/pull/100 -* ReBAC: `graph` strategy for checking relations by @uatuko in https://github.com/uatuko/sentium/pull/101 -* Update docs by @uatuko in https://github.com/uatuko/sentium/pull/102 +* Bump golang.org/x/net from 0.19.0 to 0.23.0 in /examples/fileshare by @dependabot in https://github.com/uatuko/ruek/pull/87 +* ReBAC: Optimise when creating relations by @uatuko in https://github.com/uatuko/ruek/pull/98 +* ReBAC: Optimisation strategies by @uatuko in https://github.com/uatuko/ruek/pull/99 +* ReBAC: `set` strategy for checking relations by @uatuko in https://github.com/uatuko/ruek/pull/100 +* ReBAC: `graph` strategy for checking relations by @uatuko in https://github.com/uatuko/ruek/pull/101 +* Update docs by @uatuko in https://github.com/uatuko/ruek/pull/102 -**Full Changelog**: https://github.com/uatuko/sentium/compare/v0.2.0...v0.3.0 +**Full Changelog**: https://github.com/uatuko/ruek/compare/v0.2.0...v0.3.0 ## v0.2.0 - 27th April, 2024 ### 🔦 Spotlight -* ReBAC implementation without computed relations or optimisations (using Relation Tuples proposal from RFC https://github.com/uatuko/sentium/discussions/72) -* Multi-platform containers (https://github.com/uatuko/sentium/pull/93, https://github.com/uatuko/sentium/pull/95) +* ReBAC implementation without computed relations or optimisations (using Relation Tuples proposal from RFC https://github.com/uatuko/ruek/discussions/72) +* Multi-platform containers (https://github.com/uatuko/ruek/pull/93, https://github.com/uatuko/ruek/pull/95) ### ⚠️ Breaking changes -* Remove Resources gRPC service and introduce Entities gRPC service (https://github.com/uatuko/sentium/pull/91) +* Remove Resources gRPC service and introduce Entities gRPC service (https://github.com/uatuko/ruek/pull/91) ### What's Changed -* Handle shutdown signals by @kw510 in https://github.com/uatuko/sentium/pull/74 -* Add discussion reference for ReBAC by @Pr301 in https://github.com/uatuko/sentium/pull/76 -* Tuples by @uatuko in https://github.com/uatuko/sentium/pull/75 -* Fileshare Example: add host:port flag by @td0m in https://github.com/uatuko/sentium/pull/78 -* Change Authz service to use tuples instead of records by @uatuko in https://github.com/uatuko/sentium/pull/77 -* Bump vite from 5.0.11 to 5.0.12 in /examples/fileshare/app by @dependabot in https://github.com/uatuko/sentium/pull/81 -* Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 in /examples/fileshare by @dependabot in https://github.com/uatuko/sentium/pull/80 -* Bump golang.org/x/crypto from 0.16.0 to 0.17.0 in /examples/fileshare by @dependabot in https://github.com/uatuko/sentium/pull/79 -* Bump vite from 5.0.12 to 5.0.13 in /examples/fileshare/app by @dependabot in https://github.com/uatuko/sentium/pull/83 -* Relations gRPC service by @uatuko in https://github.com/uatuko/sentium/pull/82 -* List Relations (left) by @uatuko in https://github.com/uatuko/sentium/pull/84 -* List relations (right) by @uatuko in https://github.com/uatuko/sentium/pull/86 -* Change Resources service to use tuples instead of records by @uatuko in https://github.com/uatuko/sentium/pull/88 -* Drop records table by @uatuko in https://github.com/uatuko/sentium/pull/89 -* Entities gRPC service by @uatuko in https://github.com/uatuko/sentium/pull/91 -* Tidy-up Authz gRPC service by @uatuko in https://github.com/uatuko/sentium/pull/90 -* Enable Relations gRPC service by @uatuko in https://github.com/uatuko/sentium/pull/92 -* GitHub publish workflow by @uatuko in https://github.com/uatuko/sentium/pull/93 -* Command-line options by @uatuko in https://github.com/uatuko/sentium/pull/94 -* Publish multi-platform containers by @uatuko in https://github.com/uatuko/sentium/pull/95 +* Handle shutdown signals by @kw510 in https://github.com/uatuko/ruek/pull/74 +* Add discussion reference for ReBAC by @Pr301 in https://github.com/uatuko/ruek/pull/76 +* Tuples by @uatuko in https://github.com/uatuko/ruek/pull/75 +* Fileshare Example: add host:port flag by @td0m in https://github.com/uatuko/ruek/pull/78 +* Change Authz service to use tuples instead of records by @uatuko in https://github.com/uatuko/ruek/pull/77 +* Bump vite from 5.0.11 to 5.0.12 in /examples/fileshare/app by @dependabot in https://github.com/uatuko/ruek/pull/81 +* Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 in /examples/fileshare by @dependabot in https://github.com/uatuko/ruek/pull/80 +* Bump golang.org/x/crypto from 0.16.0 to 0.17.0 in /examples/fileshare by @dependabot in https://github.com/uatuko/ruek/pull/79 +* Bump vite from 5.0.12 to 5.0.13 in /examples/fileshare/app by @dependabot in https://github.com/uatuko/ruek/pull/83 +* Relations gRPC service by @uatuko in https://github.com/uatuko/ruek/pull/82 +* List Relations (left) by @uatuko in https://github.com/uatuko/ruek/pull/84 +* List relations (right) by @uatuko in https://github.com/uatuko/ruek/pull/86 +* Change Resources service to use tuples instead of records by @uatuko in https://github.com/uatuko/ruek/pull/88 +* Drop records table by @uatuko in https://github.com/uatuko/ruek/pull/89 +* Entities gRPC service by @uatuko in https://github.com/uatuko/ruek/pull/91 +* Tidy-up Authz gRPC service by @uatuko in https://github.com/uatuko/ruek/pull/90 +* Enable Relations gRPC service by @uatuko in https://github.com/uatuko/ruek/pull/92 +* GitHub publish workflow by @uatuko in https://github.com/uatuko/ruek/pull/93 +* Command-line options by @uatuko in https://github.com/uatuko/ruek/pull/94 +* Publish multi-platform containers by @uatuko in https://github.com/uatuko/ruek/pull/95 ### New Contributors -* @Pr301 made their first contribution in https://github.com/uatuko/sentium/pull/76 +* @Pr301 made their first contribution in https://github.com/uatuko/ruek/pull/76 -**Full Changelog**: https://github.com/uatuko/sentium/compare/v0.1.0...v0.2.0 +**Full Changelog**: https://github.com/uatuko/ruek/compare/v0.1.0...v0.2.0 ## v0.1.0 - 21st March, 2024 diff --git a/docs/rebac.md b/docs/rebac.md index f38c1d38..40e41232 100644 --- a/docs/rebac.md +++ b/docs/rebac.md @@ -1,11 +1,11 @@ # ReBAC You can use Relations-Based Access Control (ReBAC) to define and check fine-grained permissions between -entities as a relations graph. Relations graphs enable Sentium to derive implicit relations when there +entities as a relations graph. Relations graphs enable Ruek to derive implicit relations when there aren't any direct relations. For example, in the following relations graph there's no direct relation created between `user:jane` -and `doc:notes.txt`. But by examining the relations, Sentium can derive `user:jane -> reader -> doc:notes.txt` +and `doc:notes.txt`. But by examining the relations, Ruek can derive `user:jane -> reader -> doc:notes.txt` relation. ![Relations Graph #01](./assets/rebac-relations-graph-01.svg) @@ -61,12 +61,12 @@ To derive the relation `[]user:jane/reader/doc:notes.txt` using a BFS[^bfs] grap (which has **O(v+e)** complexity), we will need to read 10,003 tuples. This can be really slow depending on DB load and number of concurrent requests. -> 💡 This is only an illustrative example. In reality, Sentium traverse the relations graphs from right +> 💡 This is only an illustrative example. In reality, Ruek traverse the relations graphs from right > to left which will result in only 3 reads in this instance. ![Relations Graph #02](./assets/rebac-relations-graph-02.svg) -In order to maintain a consistent and a predictable throughput (QPS), Sentium offers different optimisation +In order to maintain a consistent and a predictable throughput (QPS), Ruek offers different optimisation strategies to suite different shapes of relations graphs. ### Direct @@ -76,7 +76,7 @@ strategies to suite different shapes of relations graphs. _Direct_ strategy optimise for **O(1)** relations checks at the expense of computing and storing derived relations during creation. -For example if the following tuples are created sequencially, when creating `t2` Sentium will evaluate +For example if the following tuples are created sequencially, when creating `t2` Ruek will evaluate the relations graph and compute and store the derived tuple `t2-1`. This ensures `user:jane -> parent -> group:viewers` relations check can be performed with just one lookup. @@ -91,7 +91,7 @@ the relations graph and compute and store the derived tuple `t2-1`. This ensures > 💡 Best for writes (**O(1)**), _can be_ worst for reads (**O(1+v+e)**). _Graph_ strategy does not perform any additional computations when creating relations resulting in **O(1)** -writes. When checking relations, if a direct relation does not exists Sentium will use a graph traversal +writes. When checking relations, if a direct relation does not exists Ruek will use a graph traversal algorithm to compute and check derived tuples which can result in slow reads depending on the complexity of the relations graph. @@ -100,8 +100,8 @@ of the relations graph. > 💡 A balance between reads and writes (**O(1+n+m)**), best for large datasets. _Set_ strategy require relations to be defined between principals (e.g. users, groups) and entities. -When creating relations, Sentium will analyse the relations graph and compute and store derived relations -between principals if necessary. This enables Sentium to use a set intersection algorithm (we call it _spot_) +When creating relations, Ruek will analyse the relations graph and compute and store derived relations +between principals if necessary. This enables Ruek to use a set intersection algorithm (we call it _spot_) to efficiently check relations with **O(1+n+m)** complexity. Consider the following tuples created sqeuncially. @@ -115,17 +115,17 @@ Consider the following tuples created sqeuncially. | `t4` | owner | folder:home | parent | doc:notes.txt | | | `t5` | | user:jane | owner | folder:home | | -When `t2` is created, similar to direct strategy, Sentium compute and store the derived tuple `t2-1`. -However when `t3`, `t4` and `t5` are created although they are part of the same relations graph, Sentium +When `t2` is created, similar to direct strategy, Ruek compute and store the derived tuple `t2-1`. +However when `t3`, `t4` and `t5` are created although they are part of the same relations graph, Ruek does not store any additional derived tuples. -This is because when Sentium evaluates the relations graph left to right, it can identify `t2`'s left +This is because when Ruek evaluates the relations graph left to right, it can identify `t2`'s left and right entities are principals and storing the derived tuple `t2-1` will optimise reads. However while `t3` and `t5`'s left entities are principals their right entities are not, so storing additional -derived tuples would increase writes. `t4`'s left and right entities are not principals so Sentium doesn't +derived tuples would increase writes. `t4`'s left and right entities are not principals so Ruek doesn't consider it for any further optimisations when using set strategy. -When checking if `user:jane -> reader -> doc:notes.txt` relation exists using set strategy, Sentium +When checking if `user:jane -> reader -> doc:notes.txt` relation exists using set strategy, Ruek look for all the groups `user:jane` is a member of and compare that list with all the groups that has a `reader` relation to `doc:notes.txt` using the _spot_ algorithm. From 75e1dfb570969d40e8827722bcf21261c3572492 Mon Sep 17 00:00:00 2001 From: Uditha Atukorala Date: Mon, 23 Sep 2024 21:19:36 +0100 Subject: [PATCH 7/7] (svc) fix tests --- src/svc/relations_test.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/svc/relations_test.cpp b/src/svc/relations_test.cpp index 0c593bbb..359042c1 100644 --- a/src/svc/relations_test.cpp +++ b/src/svc/relations_test.cpp @@ -479,7 +479,7 @@ TEST_F(svc_RelationsTest, Check) { EXPECT_EQ(grpcxx::status::code_t::invalid_argument, result.status.code()); EXPECT_EQ( - "CAMSLltzZW50aXVtOjIuMi4xLjQwMF0gSW52YWxpZCByZWxhdGlvbnMgc3RyYXRlZ3k=", + "CAMSK1tydWVrOjIuMi4xLjQwMF0gSW52YWxpZCByZWxhdGlvbnMgc3RyYXRlZ3k=", result.status.details()); EXPECT_FALSE(result.response); @@ -1060,7 +1060,7 @@ TEST_F(svc_RelationsTest, Create) { EXPECT_EQ(grpcxx::status::code_t::invalid_argument, result.status.code()); EXPECT_EQ( - "CAMSLltzZW50aXVtOjIuMi4xLjQwMF0gSW52YWxpZCByZWxhdGlvbnMgc3RyYXRlZ3k=", + "CAMSK1tydWVrOjIuMi4xLjQwMF0gSW52YWxpZCByZWxhdGlvbnMgc3RyYXRlZ3k=", result.status.details()); EXPECT_FALSE(result.response);