Merge pull request #218 from permitio/omer/per-11093-rename-interfaci…

…ng-usages-to-factdb

Rename datasync to FactDB

.github/workflows/pdp_cicd.yml

@@ -39,7 +39,7 @@ jobs:
         latest: true
         fileName: factstore_server*
         token: ${{ secrets.CLONE_REPO_TOKEN }}
-        out-file-path: "datasync"
+        out-file-path: "factdb"
 
     - name: Build and load image for PDP E2E tests
       uses: docker/build-push-action@v5
@@ -163,7 +163,7 @@ jobs:
         latest: true
         fileName: factstore_server*
         token: ${{ secrets.CLONE_REPO_TOKEN }}
-        out-file-path: "datasync"
+        out-file-path: "factdb"
 
     - name: Build and push PDP image - (pre-release)
       if: "github.event.release.prerelease"

Dockerfile

@@ -4,7 +4,7 @@
 FROM golang:bullseye AS opa_build
 
 COPY custom* /custom
-COPY datasync* /datasync
+COPY factdb* /factdb
 
 RUN if [ -f /custom/custom_opa.tar.gz ]; \
   then \
@@ -27,17 +27,17 @@ RUN if [ -f /custom/custom_opa.tar.gz ]; \
   esac ; \
   fi
 
-RUN if [ -f /datasync/datasync.tar.gz ]; \
+RUN if [ -f /factdb/factdb.tar.gz ]; \
   then \
-  cd /datasync && \
-  tar xzf datasync.tar.gz && \
-  go build -ldflags="-extldflags=-static" -o /factstore ./cmd/factstore_server && \
-  rm -rf /datasync ; \
+  cd /factdb && \
+  tar xzf factdb.tar.gz && \
+  go build -ldflags="-extldflags=-static" -o /factdb ./cmd/factstore_server && \
+  rm -rf /factdb ; \
   else \
   case $(uname -m) in \
   x86_64) \
-    if [ -f /datasync/factstore_server-linux-amd64 ]; then \
-      cp /datasync/factstore_server-linux-amd64 /factstore; \
+    if [ -f /factdb/factstore_server-linux-amd64 ]; then \
+      cp /factdb/factstore_server-linux-amd64 /factdb; \
     else \
       echo "factstore_server-linux-amd64 not found." ; \
       if [ "$ALLOW_MISSING_FACTSTORE" = "false" ]; then \
@@ -49,8 +49,8 @@ RUN if [ -f /datasync/datasync.tar.gz ]; \
     fi \
   ;; \
   aarch64) \
-    if [ -f /datasync/factstore_server-linux-arm64 ]; then \
-      cp /datasync/factstore_server-linux-arm64 /factstore; \
+    if [ -f /factdb/factstore_server-linux-arm64 ]; then \
+      cp /factdb/factstore_server-linux-arm64 /factdb; \
     else \
       echo "factstore_server-linux-arm64 not found." ; \
       if [ "$ALLOW_MISSING_FACTSTORE" = "false" ]; then \
@@ -93,7 +93,7 @@ COPY --from=opa_build --chmod=755 /opa /app/bin/opa
 ENV OPAL_INLINE_OPA_EXEC_PATH="/app/bin/opa"
 
 COPY --from=opa_build --chmod=755 /factstore /app/bin/factstore
-ENV PDP_DATA_MANAGER_BINARY_PATH="/app/bin/factstore"
+ENV PDP_FACTDB_BINARY_PATH="/app/bin/factstore"
 
 # bash is needed for ./start/sh script
 COPY scripts ./
@@ -161,7 +161,7 @@ ENV PDP_API_KEY="MUST BE DEFINED"
 ENV PDP_REMOTE_CONFIG_ENDPOINT="/v2/pdps/me/config"
 ENV PDP_REMOTE_STATE_ENDPOINT="/v2/pdps/me/state"
 ENV PDP_VERSION_FILE_PATH="/app/permit_pdp_version"
-ENV PDP_DATA_MANAGER_BINARY_PATH="/app/bin/factstore"
+ENV PDP_FACTDB_BINARY_PATH="/app/bin/factstore"
 # This is a default PUBLIC (not secret) key,
 # and it is here as a safety measure on purpose.
 ENV OPAL_AUTH_PUBLIC_KEY="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDe2iQ+/E01P2W5/EZwD5NpRiSQ8/r/k18pFnym+vWCSNMWpd9UVpgOUWfA9CAX4oEo5G6RfVVId/epPH/qVSL87uh5PakkLZ3E+PWVnYtbzuFPs/lHZ9HhSqNtOQ3WcPDTcY/ST2jyib2z0sURYDMInSc1jnYKqPQ6YuREdoaNdPHwaTFN1tEKhQ1GyyhL5EDK97qU1ejvcYjpGm+EeE2sjauHYn2iVXa2UA9fC+FAKUwKqNcwRTf3VBLQTE6EHGWbxVzXv1Feo8lPZgL7Yu/UPgp7ivCZhZCROGDdagAfK9sveYjkKiWCLNUSpado/E5Vb+/1EVdAYj6fCzk45AdQzA9vwZefP0sVg7EuZ8VQvlz7cU9m+XYIeWqduN4Qodu87rtBYtSEAsru/8YDCXBDWlLJfuZb0p/klbte3TayKnQNSWD+tNYSJHrtA/3ZewP+tGDmtgLeB38NLy1xEsgd31v6ISOSCTHNS8ku9yWQXttv0/xRnuITr8a3TCLuqtUrNOhCx+nKLmYF2cyjYeQjOWWpn/Z6VkZvOa35jhG1ETI8IwE+t5zXqrf2s505mh18LwA1DhC8L/wHk8ZG7bnUe56QwxEo32myUBN8nHdu7XmPCVP8MWQNLh406QRAysishWhXVs/+0PbgfBJ/FxKP8BXW9zqzeIG+7b/yk8tRHQ=="

build_opal_bundle.sh

@@ -15,12 +15,12 @@ else
   echo "permit-opa directory already exists. Skipping clone operation."
 fi
 
-# Check if datasync directory already exists
-if [ ! -d "../datasync" ]; then
+# Check if factdb directory already exists
+if [ ! -d "../factdb" ]; then
   # Clone the permit-opa repository into the parent directory if it doesn't exist
-  git clone [email protected]:permitio/datasync.git ../datasync
+  git clone [email protected]:permitio/datasync.git ../factdb
 else
-  echo "datasync directory already exists. Skipping clone operation."
+  echo "factdb directory already exists. Skipping clone operation."
 fi
 
 # Conditionally execute the custom OPA tarball creation section based on the value of PDP_VANILLA
@@ -32,12 +32,12 @@ if [ "$PDP_VANILLA" != "true" ]; then
   cd "../permit-opa"
   find * -name '*go*' -print0 | xargs -0 tar -czf "$build_root"/custom/custom_opa.tar.gz --exclude '.*'
   cd "$build_root"
-  # Datasync tarball creation section
-  rm -rf datasync
-  mkdir datasync
+  # factdb tarball creation section
+  rm -rf factdb
+  mkdir factdb
   build_root="$PWD"
-  cd "../datasync"
-  find * -name '*go*' -print0 | xargs -0 tar -czf "$build_root"/datasync/datasync.tar.gz --exclude '.*'
+  cd "../factdb"
+  find * -name '*go*' -print0 | xargs -0 tar -czf "$build_root"/factdb/factdb.tar.gz --exclude '.*'
   cd "$build_root"
 else
   echo "Skipping custom OPA tarball creation for pdp-vanilla environment."

horizon/config.py

@@ -18,31 +18,31 @@ def __new__(cls, prefix=None, is_model=True):
             cls.instance = super(SidecarConfig, cls).__new__(cls)
         return cls.instance
 
-    ENABLE_EXTERNAL_DATA_MANAGER = confi.bool(
-        "ENABLE_EXTERNAL_DATA_MANAGER",
+    FACTDB_ENABLED = confi.bool(
+        "FACTDB_ENABLED",
         False,
-        description="if true, the sidecar will enable the Data Manager service to manage the PDP data in "
-        "external data store",
+        description="if true, the sidecar will enable the FactDB service to manage the PDP data in "
+        "FactDB",
     )
 
-    DATA_MANAGER_BINARY_PATH = confi.str(
-        "DATA_MANAGER_BINARY_PATH",
+    FACTDB_BINARY_PATH = confi.str(
+        "FACTDB_BINARY_PATH",
         "/factstore",
-        description="path in which to find the data manager executable",
+        description="path in which to find the FactDB executable",
     )
 
-    DATA_MANAGER_SERVICE_URL = confi.str(
-        "DATA_MANAGER_SERVICE_URL",
+    FACTDB_SERVICE_URL = confi.str(
+        "FACTDB_SERVICE_URL",
         "http://localhost:8080",
-        description="URL to the Data Manager service that manages the PDP data, will only be used if "
-        "ENABLE_EXTERNAL_DATA_MANAGER is true",
+        description="URL to the FactDB service that manages the PDP data, will only be used if "
+        "FACTDB_ENABLED is true",
     )
 
-    DATA_MANAGER_REMOTE_BACKUP_URL = confi.str(
-        "DATA_MANAGER_REMOTE_BACKUP_URL",
+    FACTDB_BACKUP_SERVER_URL = confi.str(
+        "FACTDB_BACKUP_SERVER_URL",
         None,
-        description="URL from which the Data Manager service will fetch the PDP data backup from, will only be used if "
-        "DATA_MANAGER_ENABLE_REMOTE_BACKUP is true",
+        description="URL from which the FactDB service will fetch the PDP data backup from, will only be used if "
+        "FACTDB_ENABLE_REMOTE_BACKUP is true",
     )
 
     SHARD_ID = confi.str(

horizon/enforcer/api.py

@@ -276,18 +276,18 @@ async def conditional_is_allowed(
     request: Request,
     *,
     policy_package: str = MAIN_POLICY_PACKAGE,
-    external_data_manager_path: str = "/check",
-    external_data_manager_method: str = "POST",
-    external_data_manager_params: dict | None = None,
+    factdb_path: str = "/check",
+    factdb_method: str = "POST",
+    factdb_params: dict | None = None,
     legacy_parse_func: Callable[[dict | list], dict] | None = None,
 ) -> dict:
-    if sidecar_config.ENABLE_EXTERNAL_DATA_MANAGER:
-        response = await _is_allowed_data_manager(
-            query if external_data_manager_method != "GET" else None,
+    if sidecar_config.FACTDB_ENABLED:
+        response = await _is_allowed_factdb(
+            query if factdb_method != "GET" else None,
             request,
-            path=external_data_manager_path,
-            method=external_data_manager_method,
-            params=external_data_manager_params,
+            path=factdb_path,
+            method=factdb_method,
+            params=factdb_params,
         )
         raw_result = json.loads(response.body)
         log_query_result(query, response, is_inner=True)
@@ -307,7 +307,7 @@ async def conditional_is_allowed(
     return raw_result
 
 
-async def _is_allowed_data_manager(
+async def _is_allowed_factdb(
     query: BaseSchema | list[BaseSchema] | None,
     request: Request,
     *,
@@ -316,14 +316,14 @@ async def _is_allowed_data_manager(
     params: dict | None = None,
 ):
     headers = transform_headers(request)
-    url = f"{sidecar_config.DATA_MANAGER_SERVICE_URL}/v1/authz{path}"
+    url = f"{sidecar_config.FACTDB_SERVICE_URL}/v1/authz{path}"
     payload = None if query is None else {"input": jsonable_encoder(query)}
     exc = None
     if query is not None and isinstance(query, dict):
         _set_use_debugger(payload)
     try:
         logger.info(
-            f"calling Data Manager at '{url}' with input: {payload} and params {params}"
+            f"calling FactDB at '{url}' with input: {payload} and params {params}"
         )
         async with aiohttp.ClientSession() as session:
             async with session.request(
@@ -341,7 +341,7 @@ async def _is_allowed_data_manager(
         stats_manager.report_failure()
         exc = HTTPException(
             status.HTTP_504_GATEWAY_TIMEOUT,
-            detail="Data Manager request timed out (url: {url}, timeout: {timeout}s)".format(
+            detail="FactDB request timed out (url: {url}, timeout: {timeout}s)".format(
                 url=url,
                 timeout=sidecar_config.OPA_CLIENT_QUERY_TIMEOUT,
             ),
@@ -350,15 +350,15 @@ async def _is_allowed_data_manager(
         stats_manager.report_failure()
         exc = HTTPException(
             status.HTTP_502_BAD_GATEWAY,  # 502 indicates server got an error from another server
-            detail="Data Manager request failed (url: {url}, status: {status}, message: {message})".format(
+            detail="FactDB request failed (url: {url}, status: {status}, message: {message})".format(
                 url=url, status=e.status, message=e.message
             ),
         )
     except aiohttp.ClientError as e:
         stats_manager.report_failure()
         exc = HTTPException(
             status.HTTP_502_BAD_GATEWAY,
-            detail="Data Manager request failed (url: {url}, error: {error}".format(
+            detail="FactDB request failed (url: {url}, error: {error}".format(
                 url=url, error=str(e)
             ),
         )
@@ -408,7 +408,7 @@ async def authorized_users(
             query,
             request,
             policy_package=AUTHORIZED_USERS_POLICY_PACKAGE,
-            external_data_manager_path=f"/authorized-users",
+            factdb_path=f"/authorized-users",
             legacy_parse_func=authorized_users_parse_func,
         )
         try:
@@ -510,14 +510,27 @@ async def user_permissions(
             logger.info("User permissions query with pagination")
 
         def parse_func(result: dict) -> dict | list:
-            return result.get("permissions", {})
+            results = result.get("permissions", {})
+            if not query._offset and not query._limit:
+                return results
+
+            resource_keys = sorted(results.keys())
+            if query._offset and query._limit:
+                resource_keys = resource_keys[
+                    query._offset : query._offset + query._limit
+                ]
+            elif query._offset:
+                resource_keys = resource_keys[query._offset :]
+            elif query._limit:
+                resource_keys = resource_keys[: query._limit]
+            return {resource: results[resource] for resource in resource_keys}
 
         response = await conditional_is_allowed(
             query,
             request,
             policy_package=USER_PERMISSIONS_POLICY_PACKAGE,
-            external_data_manager_path=f"/user-permissions",
-            external_data_manager_params=query.get_params(),
+            factdb_path=f"/user-permissions",
+            factdb_params=query.get_params(),
             legacy_parse_func=parse_func,
         )
         try:
@@ -558,8 +571,8 @@ async def user_tenants(
             query,
             request,
             policy_package=USER_TENANTS_POLICY_PACKAGE,
-            external_data_manager_path=f"/users/{query.user.key}/tenants",
-            external_data_manager_method="GET",
+            factdb_path=f"/users/{query.user.key}/tenants",
+            factdb_method="GET",
             legacy_parse_func=parse_user_tenants_result,
         )
         try:
@@ -584,8 +597,8 @@ async def is_allowed_all_tenants(
         query: AuthorizationQuery,
         x_permit_sdk_language: Optional[str] = Depends(notify_seen_sdk),
     ):
-        if sidecar_config.ENABLE_EXTERNAL_DATA_MANAGER:
-            response = await _is_allowed_data_manager(
+        if sidecar_config.FACTDB_ENABLED:
+            response = await _is_allowed_factdb(
                 query, request, path="/check/all-tenants"
             )
             raw_result = json.loads(response.body)
@@ -623,10 +636,8 @@ async def is_allowed_bulk(
         queries: list[AuthorizationQuery],
         x_permit_sdk_language: Optional[str] = Depends(notify_seen_sdk),
     ):
-        if sidecar_config.ENABLE_EXTERNAL_DATA_MANAGER:
-            response = await _is_allowed_data_manager(
-                queries, request, path="/check/bulk"
-            )
+        if sidecar_config.FACTDB_ENABLED:
+            response = await _is_allowed_factdb(queries, request, path="/check/bulk")
             raw_result = json.loads(response.body)
         else:
             bulk_query = BulkAuthorizationQuery(checks=queries)