Change account -> namespace

redhat-cop · Feb 27, 2022 · a9f98a1 · a9f98a1
1 parent 5f04786
commit a9f98a1
Show file tree

Hide file tree

Showing 5 changed files with 65 additions and 67 deletions.
diff --git a/README.md b/README.md
@@ -105,8 +105,8 @@ The full list of options when configuring roles can be found below:
 
 | Name | Description | Defaults | Required |
 | ----- | ---------- | -------- | ----- |
-| `account_type` | Type of account to associate the Robot account to (`user` or `organization`) | `organization` | No |
-| `account_name` | Name of the _user_ or _organization_ the Robot account should be created within | | Yes |
+| `namespace_type` | Type of namespace to associate the Robot account to (`user` or `organization`) | `organization` | No |
+| `namespace_name` | Name of the _user_ or _organization_ the Robot account should be created within | | Yes |
 | `create_repositories` | Allow the Robot account the ability to create new repositories. Once enabled, a new _Team_ called `vault-creator` will be created with `creator` privileges | `false` | No |
 | `default_permission` | Default permissions applied for the robot account against newly created repositories | | No |
 | `repositories` | Permissions applied to repositories for the Robot account. An example of how content should be formatted can be found [here](examples/repositories.json).  | | No |
@@ -120,8 +120,7 @@ To manage repositories within the _myorg_ organization and assuming the OAuth to
 
 ```shell
 $ vault write quay/static-roles/my-static-account \
-  account_name=myorg \
-  account_type=organization \
+  namespace_name=myorg \
   create_repositories=true
 ```
 
@@ -132,8 +131,8 @@ $ vault read quay/static-creds/my-static-account
 
 Key             Value
 ---             -----
-account_name    myorg
-account_type    organization
+namespace_name    myorg
+namespace_type    organization
 password        <PASSWORD>
 username        <USERNAME>
 ```
@@ -152,8 +151,7 @@ Short lived credentials can be created to limit validity of a robot account. Sim
 
 ```shell
 $ vault write quay/roles/my-dynamic-account \
-  account_name=myorg \
-  account_type=organization \
+  namespace_name=myorg \
   create_repositories=true
 ```
 
@@ -169,8 +167,8 @@ Key                Value
 lease_id           quay/creds/my-dynamic-account/JVrcAL9Oyrat2MOgKKTdrL1T
 lease_duration     100h
 lease_renewable    true
-account_name       myorg
-account_type       organization
+namespace_name     myorg
+namespace_type     organization
 password           <PASSWORD>
 username           <USERNAME_WITH_UNIQUE_SUFFIX>
 ```

diff --git a/client/client.go b/client/client.go
@@ -11,9 +11,9 @@ import (
 	"reflect"
 )
 
-func (c *QuayClient) GetRobotAccount(accountType string, accountName string, robotName string) (RobotAccount, *http.Response, QuayApiError) {
+func (c *QuayClient) GetRobotAccount(namespaceType string, namespaceName string, robotName string) (RobotAccount, *http.Response, QuayApiError) {
 
-	req, err := c.newRequest("GET", fmt.Sprintf("/api/v1/%s/%s/robots/%s", accountType, accountName, robotName), nil)
+	req, err := c.newRequest("GET", fmt.Sprintf("/api/v1/%s/%s/robots/%s", namespaceType, namespaceName, robotName), nil)
 	if err != nil {
 		return RobotAccount{}, nil, QuayApiError{Error: err}
 	}
@@ -23,9 +23,9 @@ func (c *QuayClient) GetRobotAccount(accountType string, accountName string, rob
 	return getRobotResponse, resp, QuayApiError{Error: err}
 }
 
-func (c *QuayClient) CreateRobotAccount(accountType string, accountName string, robotName string) (RobotAccount, *http.Response, QuayApiError) {
+func (c *QuayClient) CreateRobotAccount(namespaceType string, namespaceName string, robotName string) (RobotAccount, *http.Response, QuayApiError) {
 
-	req, err := c.newRequest("PUT", fmt.Sprintf("/api/v1/%s/%s/robots/%s", accountType, accountName, robotName), nil)
+	req, err := c.newRequest("PUT", fmt.Sprintf("/api/v1/%s/%s/robots/%s", namespaceType, namespaceName, robotName), nil)
 	if err != nil {
 		return RobotAccount{}, nil, QuayApiError{Error: err}
 	}
@@ -35,9 +35,9 @@ func (c *QuayClient) CreateRobotAccount(accountType string, accountName string,
 	return createRobotResponse, resp, QuayApiError{Error: err}
 }
 
-func (c *QuayClient) DeleteRobotAccount(accountType string, accountName string, robotName string) (*http.Response, QuayApiError) {
+func (c *QuayClient) DeleteRobotAccount(namespaceType string, namespaceName string, robotName string) (*http.Response, QuayApiError) {
 
-	req, err := c.newRequest("DELETE", fmt.Sprintf("/api/v1/%s/%s/robots/%s", accountType, accountName, robotName), nil)
+	req, err := c.newRequest("DELETE", fmt.Sprintf("/api/v1/%s/%s/robots/%s", namespaceType, namespaceName, robotName), nil)
 	if err != nil {
 		return nil, QuayApiError{Error: err}
 	}
@@ -46,9 +46,9 @@ func (c *QuayClient) DeleteRobotAccount(accountType string, accountName string,
 	return resp, QuayApiError{Error: err}
 }
 
-func (c *QuayClient) CreateTeam(accountName string, team *Team) (Team, *http.Response, QuayApiError) {
+func (c *QuayClient) CreateTeam(namespaceName string, team *Team) (Team, *http.Response, QuayApiError) {
 
-	req, err := c.newRequest("PUT", fmt.Sprintf("/api/v1/organization/%s/team/%s", accountName, team.Name), team)
+	req, err := c.newRequest("PUT", fmt.Sprintf("/api/v1/organization/%s/team/%s", namespaceName, team.Name), team)
 	if err != nil {
 		return Team{}, nil, QuayApiError{Error: err}
 	}
@@ -58,9 +58,9 @@ func (c *QuayClient) CreateTeam(accountName string, team *Team) (Team, *http.Res
 	return createTeamResponse, resp, QuayApiError{Error: err}
 }
 
-func (c *QuayClient) AddTeamMember(accountName, teamName, memberName string) (*http.Response, QuayApiError) {
+func (c *QuayClient) AddTeamMember(namespaceName, teamName, memberName string) (*http.Response, QuayApiError) {
 
-	req, err := c.newRequest("PUT", fmt.Sprintf("/api/v1/organization/%s/team/%s/members/%s", accountName, teamName, memberName), nil)
+	req, err := c.newRequest("PUT", fmt.Sprintf("/api/v1/organization/%s/team/%s/members/%s", namespaceName, teamName, memberName), nil)
 	if err != nil {
 		return nil, QuayApiError{Error: err}
 	}

diff --git a/plugin/path_creds.go b/plugin/path_creds.go
@@ -99,10 +99,10 @@ func (b *quayBackend) pathCredentialsRead(ctx context.Context, req *logical.Requ
 	}
 
 	secretData := map[string]interface{}{
-		"account_type": role.AccountType,
-		"account_name": role.AccountName,
-		"username":     robotAccount.Name,
-		"password":     robotAccount.Token,
+		"namespace_type": role.NamespaceType,
+		"namespace_name": role.NamespaceName,
+		"username":       robotAccount.Name,
+		"password":       robotAccount.Token,
 	}
 	secretInternalData := map[string]interface{}{
 		"role":     roleName,
@@ -153,10 +153,10 @@ func (b *quayBackend) pathStaticCredentialsRead(ctx context.Context, req *logica
 
 	return &logical.Response{
 		Data: map[string]interface{}{
-			"account_type": role.AccountType,
-			"account_name": role.AccountName,
-			"username":     robotAccount.Name,
-			"password":     robotAccount.Token,
+			"namespace_type":  role.NamespaceType,
+			"namespaces_name": role.NamespaceName,
+			"username":        robotAccount.Name,
+			"password":        robotAccount.Token,
 		},
 	}, nil
 

diff --git a/plugin/path_role.go b/plugin/path_role.go
@@ -13,25 +13,25 @@ import (
 
 type Permission string
 type TeamRole string
-type AccountType string
+type NamespaceType string
 
 const (
-	rolesStoragePath                    = "roles"
-	staticRolesStoragePath              = "static-roles"
-	organization                        = "organization"
-	TeamRoleAdmin           TeamRole    = "admin"
-	TeamRoleCreator         TeamRole    = "creator"
-	TeamRoleMember          TeamRole    = "member"
-	AccountTypeUser         AccountType = "user"
-	AccountTypeOrganization AccountType = "organization"
-	PermissionAdmin         Permission  = "admin"
-	PermissionRead          Permission  = "read"
-	PermissionWrite         Permission  = "write"
+	rolesStoragePath                        = "roles"
+	staticRolesStoragePath                  = "static-roles"
+	organization                            = "organization"
+	TeamRoleAdmin             TeamRole      = "admin"
+	TeamRoleCreator           TeamRole      = "creator"
+	TeamRoleMember            TeamRole      = "member"
+	NamespaceTypeUser         NamespaceType = "user"
+	NamespaceTypeOrganization NamespaceType = "organization"
+	PermissionAdmin           Permission    = "admin"
+	PermissionRead            Permission    = "read"
+	PermissionWrite           Permission    = "write"
 )
 
 type quayRoleEntry struct {
-	AccountType        AccountType            `json:"account_type"`
-	AccountName        string                 `json:"account_name"`
+	NamespaceType      NamespaceType          `json:"namespace_type"`
+	NamespaceName      string                 `json:"namespace_name"`
 	CreateRepositories bool                   `json:"create_repositories,omitempty"`
 	DefaultPermission  *Permission            `json:"default_permission,omitempty"`
 	Teams              *map[string]TeamRole   `json:"teams,omitempty"`
@@ -139,8 +139,8 @@ func (b *quayBackend) pathRolesRead(ctx context.Context, req *logical.Request, d
 	}
 
 	respData := map[string]interface{}{
-		"account_name":        entry.AccountName,
-		"account_type":        entry.AccountType,
+		"namespace_name":      entry.NamespaceName,
+		"namespace_type":      entry.NamespaceType,
 		"create_repositories": entry.CreateRepositories,
 	}
 
@@ -182,11 +182,11 @@ func (b *quayBackend) pathRolesWrite(ctx context.Context, req *logical.Request,
 		roleEntry = &quayRoleEntry{}
 	}
 
-	accountType := data.Get("account_type")
-	roleEntry.AccountType = AccountType(accountType.(string))
+	namespaceType := data.Get("namespace_type")
+	roleEntry.NamespaceType = NamespaceType(namespaceType.(string))
 
-	if accountName, ok := data.GetOk("account_name"); ok {
-		roleEntry.AccountName = accountName.(string)
+	if namespaceName, ok := data.GetOk("namespace_name"); ok {
+		roleEntry.NamespaceName = namespaceName.(string)
 	}
 
 	if createRepositoriesRaw, ok := data.GetOk("create_repositories"); ok {
@@ -321,22 +321,22 @@ func defaultFieldSchemas() map[string]*framework.FieldSchema {
 				Name: "Name",
 			},
 		},
-		"account_name": {
+		"namespace_name": {
 			Type:        framework.TypeString,
-			Description: "Type of account the robot account should be placed within",
+			Description: "Name of the namespace the robot account should be placed within",
 			Required:    true,
 			DisplayAttrs: &framework.DisplayAttributes{
-				Name: "Robot Account Name",
+				Name: "Namespace Name",
 			},
 		},
-		"account_type": {
+		"namespace_type": {
 			Type:          framework.TypeString,
-			Description:   "Type of account the robot account should be placed within",
+			Description:   "Type of namespace the robot account should be placed within",
 			AllowedValues: []interface{}{"user", "organization"},
 			Default:       "organization",
 			Required:      true,
 			DisplayAttrs: &framework.DisplayAttributes{
-				Name: "Account Type",
+				Name: "Namespace Type",
 			},
 		},
 		"create_repositories": {
@@ -388,8 +388,8 @@ func dynamicRoleFieldSchemas() map[string]*framework.FieldSchema {
 	return dynamicRoleFieldSchemas
 }
 
-func (a *AccountType) String() string {
-	return string(*a)
+func (n *NamespaceType) String() string {
+	return string(*n)
 }
 
 func (p *Permission) String() string {

diff --git a/plugin/quay_robot.go b/plugin/quay_robot.go
@@ -16,21 +16,21 @@ const (
 
 func (b *quayBackend) createRobot(client *client, robotName string, role *quayRoleEntry) (*qc.RobotAccount, error) {
 	// Check if Account Exists
-	robotAccount, existingRobotAccountResponse, apiError := client.GetRobotAccount(role.AccountType.String(), role.AccountName, robotName)
+	robotAccount, existingRobotAccountResponse, apiError := client.GetRobotAccount(role.NamespaceType.String(), role.NamespaceName, robotName)
 
 	if apiError.Error != nil {
 		return nil, apiError.Error
 		// A 400 response will be returned with a robot not found. If not, create it
 	} else if existingRobotAccountResponse.StatusCode == 400 {
 
 		// Create new Account
-		robotAccount, _, apiError = client.CreateRobotAccount(role.AccountType.String(), role.AccountName, robotName)
+		robotAccount, _, apiError = client.CreateRobotAccount(role.NamespaceType.String(), role.NamespaceName, robotName)
 		if apiError.Error != nil {
 			return nil, apiError.Error
 		}
 	}
 
-	if role.AccountType == organization {
+	if role.NamespaceType == organization {
 		// Create Teams
 		err := b.CreateAssignTeam(client, robotAccount.Name, role)
 
@@ -40,15 +40,15 @@ func (b *quayBackend) createRobot(client *client, robotName string, role *quayRo
 
 		// Create Default Permission
 		if role.DefaultPermission != nil {
-			organizationPrototypes, organizationPrototypesResponse, organizationPrototypesError := client.GetPrototypesByOrganization(role.AccountName)
+			organizationPrototypes, organizationPrototypesResponse, organizationPrototypesError := client.GetPrototypesByOrganization(role.NamespaceName)
 
 			if organizationPrototypesError.Error != nil || organizationPrototypesResponse.StatusCode != 200 {
 				return nil, organizationPrototypesError.Error
 			}
 
 			if found := isRobotAccountInPrototypeByRole(organizationPrototypes.Prototypes, robotAccount.Name, role.DefaultPermission.String()); !found {
 
-				_, robotPrototypeResponse, robotPrototypeError := client.CreateRobotPermissionForOrganization(role.AccountName, robotAccount.Name, role.DefaultPermission.String())
+				_, robotPrototypeResponse, robotPrototypeError := client.CreateRobotPermissionForOrganization(role.NamespaceName, robotAccount.Name, role.DefaultPermission.String())
 
 				if robotPrototypeError.Error != nil || robotPrototypeResponse.StatusCode != 200 {
 					return nil, robotPrototypeError.Error
@@ -62,14 +62,14 @@ func (b *quayBackend) createRobot(client *client, robotName string, role *quayRo
 	// Manage Repositories
 	if role.Repositories != nil {
 		// Get Robot Permissions
-		robotPermissions, robotPermissionsResponse, robotPermissionsError := client.GetRobotPermissions(role.AccountName, robotName)
+		robotPermissions, robotPermissionsResponse, robotPermissionsError := client.GetRobotPermissions(role.NamespaceName, robotName)
 
 		if robotPermissionsError.Error != nil || robotPermissionsResponse.StatusCode != 200 {
 			return nil, robotPermissionsError.Error
 		}
 
 		// Get Repositories
-		namespaceRepositories, namespaceRepositoriesResponse, namespaceRepositoriesError := client.GetRepositoriesForNamespace(role.AccountName)
+		namespaceRepositories, namespaceRepositoriesResponse, namespaceRepositoriesError := client.GetRepositoriesForNamespace(role.NamespaceName)
 
 		if namespaceRepositoriesError.Error != nil || namespaceRepositoriesResponse.StatusCode != 200 {
 			return nil, robotPermissionsError.Error
@@ -81,7 +81,7 @@ func (b *quayBackend) createRobot(client *client, robotName string, role *quayRo
 			if updateRepository := repositoryExists(repositoryName, &namespaceRepositories.Repositories); updateRepository {
 				// Check to see if permission already exists on robot account
 				if updatePermissions := shouldNeedUpdateRepositoryPermissions(repositoryName, permission.String(), &robotPermissions.Permissions); updatePermissions {
-					_, repositoryPermissionUpdateResponse, repositoryPermissionError := client.UpdateRepositoryUserPermission(role.AccountName, repositoryName, robotName, permission.String())
+					_, repositoryPermissionUpdateResponse, repositoryPermissionError := client.UpdateRepositoryUserPermission(role.NamespaceName, repositoryName, robotName, permission.String())
 
 					if repositoryPermissionError.Error != nil || repositoryPermissionUpdateResponse.StatusCode != 200 {
 						return nil, repositoryPermissionError.Error
@@ -96,7 +96,7 @@ func (b *quayBackend) createRobot(client *client, robotName string, role *quayRo
 
 func (b *quayBackend) DeleteRobot(client *client, robotName string, role *quayRoleEntry) error {
 
-	_, apiError := client.DeleteRobotAccount(role.AccountType.String(), role.AccountName, robotName)
+	_, apiError := client.DeleteRobotAccount(role.NamespaceType.String(), role.NamespaceName, robotName)
 
 	return apiError.Error
 }
@@ -107,14 +107,14 @@ func (b *quayBackend) CreateAssignTeam(client *client, robotName string, role *q
 
 	for _, team := range teams {
 		// Create Team
-		_, _, err := client.CreateTeam(role.AccountName, team)
+		_, _, err := client.CreateTeam(role.NamespaceName, team)
 
 		if err.Error != nil {
 			return err.Error
 		}
 
 		// Add member to team
-		_, err = client.AddTeamMember(role.AccountName, team.Name, robotName)
+		_, err = client.AddTeamMember(role.NamespaceName, team.Name, robotName)
 
 		if err.Error != nil {
 			return err.Error