MG-370 - Add fine grained access control to alarms (#404)

* add access control to rules engine

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* add access control to reports

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* add access control to alarms

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* fix failing linter

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* remove unused variables

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* update authorization method

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* revert code

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* remove roles

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* update alarm permissions

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* update alarm permissions

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* address comments

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* fix tests

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* revert endpoint changes

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* fix make fetch

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* revert env variable

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* remove rule prefix

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* remove trailing line

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* remove unused constants

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* re consumer

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* update listing

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* fix tests

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* fix linter

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* fix rule roles interface

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* refactor listing commands

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* fetch supermq

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* address coments

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* update script

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* address comments

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* fetch supermq

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* fix time layout

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* fix failing linter

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* fix failing linter

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* fix role name

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* fix failing linter

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* address comments

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* remove white spaces

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* update check usperadmin method

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* update go mod file

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* fix tests

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* add missing env variable

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

---------

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

cmd/alarms/main.go

@@ -15,17 +15,23 @@ import (
 	"github.com/absmach/magistrala/alarms/brokers"
 	"github.com/absmach/magistrala/alarms/consumer"
 	"github.com/absmach/magistrala/alarms/middleware"
+	"github.com/absmach/magistrala/alarms/operations"
 	alarmsRepo "github.com/absmach/magistrala/alarms/postgres"
 	"github.com/absmach/magistrala/pkg/prometheus"
+	rconsumer "github.com/absmach/magistrala/pkg/re/events/consumer"
+	rpostgres "github.com/absmach/magistrala/re/postgres"
+	dpostgres "github.com/absmach/supermq/domains/postgres"
 	smqlog "github.com/absmach/supermq/logger"
 	smqauthn "github.com/absmach/supermq/pkg/authn"
 	"github.com/absmach/supermq/pkg/authn/authsvc"
 	authsvcAuthz "github.com/absmach/supermq/pkg/authz/authsvc"
+	dconsumer "github.com/absmach/supermq/pkg/domains/events/consumer"
 	domainsAuthz "github.com/absmach/supermq/pkg/domains/grpcclient"
 	"github.com/absmach/supermq/pkg/grpcclient"
 	"github.com/absmach/supermq/pkg/jaeger"
 	"github.com/absmach/supermq/pkg/messaging"
 	brokerstracing "github.com/absmach/supermq/pkg/messaging/brokers/tracing"
+	"github.com/absmach/supermq/pkg/permissions"
 	"github.com/absmach/supermq/pkg/postgres"
 	"github.com/absmach/supermq/pkg/server"
 	httpserver "github.com/absmach/supermq/pkg/server/http"
@@ -42,14 +48,18 @@ const (
 	defDB            = "alarms"
 	defSvcHTTPPort   = "8050"
 	envPrefixDomains = "SMQ_DOMAINS_GRPC_"
+	alarmEntity      = "alarm"
 )
 
 type config struct {
-	LogLevel   string  `env:"MG_ALARMS_LOG_LEVEL"    envDefault:"info"`
-	BrokerURL  string  `env:"SMQ_MESSAGE_BROKER_URL" envDefault:"nats://localhost:4222"`
-	InstanceID string  `env:"MG_ALARMS_INSTANCE_ID"  envDefault:""`
-	JaegerURL  url.URL `env:"SMQ_JAEGER_URL"         envDefault:"http://localhost:4318/v1/traces"`
-	TraceRatio float64 `env:"SMQ_JAEGER_TRACE_RATIO" envDefault:"1.0"`
+	LogLevel        string  `env:"MG_ALARMS_LOG_LEVEL"    envDefault:"info"`
+	BrokerURL       string  `env:"SMQ_MESSAGE_BROKER_URL" envDefault:"nats://localhost:4222"`
+	InstanceID      string  `env:"MG_ALARMS_INSTANCE_ID"  envDefault:""`
+	JaegerURL       url.URL `env:"SMQ_JAEGER_URL"         envDefault:"http://localhost:4318/v1/traces"`
+	TraceRatio      float64 `env:"SMQ_JAEGER_TRACE_RATIO" envDefault:"1.0"`
+	ESURL           string  `env:"SMQ_ES_URL"             envDefault:"nats://localhost:4222"`
+	ESConsumerName  string  `env:"MG_ALARMS_EVENT_CONSUMER" envDefault:"alarms"`
+	PermissionsFile string  `env:"SMQ_PERMISSIONS_FILE"             envDefault:"permission.yaml"`
 }
 
 func main() {
@@ -87,7 +97,14 @@ func main() {
 		logger.Error(err.Error())
 	}
 
-	db, err := postgres.Setup(dbConfig, *alarmsRepo.Migration())
+	migrations, err := alarmsRepo.Migration()
+	if err != nil {
+		logger.Error(fmt.Sprintf("failed to load migrations: %s", err))
+		exitCode = 1
+		return
+	}
+
+	db, err := postgres.Setup(dbConfig, *migrations)
 	if err != nil {
 		logger.Error(err.Error())
 		exitCode = 1
@@ -138,11 +155,63 @@ func main() {
 
 	logger.Info("AuthZ successfully connected to auth gRPC server " + authzHandler.Secure())
 
+	ddatabase := postgres.NewDatabase(db, dbConfig, tracer)
+	drepo := dpostgres.NewRepository(ddatabase)
+
+	if err := dconsumer.DomainsEventsSubscribe(ctx, drepo, cfg.ESURL, cfg.ESConsumerName, logger); err != nil {
+		logger.Error(fmt.Sprintf("failed to create domains event store : %s", err))
+		exitCode = 1
+		return
+	}
+
+	rdatabase := postgres.NewDatabase(db, dbConfig, tracer)
+	rrepo := rpostgres.NewRepository(rdatabase)
+
+	if err := rconsumer.RulesEventsSubscribe(ctx, rrepo, cfg.ESURL, cfg.ESConsumerName, logger); err != nil {
+		logger.Error(fmt.Sprintf("failed to subscribe to rules events: %s", err))
+		exitCode = 1
+		return
+	}
+
 	idp := uuid.New()
 
 	svc := alarms.NewService(idp, repo)
 
-	svc = middleware.NewAuthorizationMiddleware(svc, authz)
+	permConfig, err := permissions.ParsePermissionsFile(cfg.PermissionsFile)
+	if err != nil {
+		logger.Error(fmt.Sprintf("failed to parse permissions file: %s", err))
+		exitCode = 1
+		return
+	}
+
+	alarmOps, _, err := permConfig.GetEntityPermissions(alarmEntity)
+	if err != nil {
+		logger.Error(fmt.Sprintf("failed to get alarm permissions: %s", err))
+		exitCode = 1
+		return
+	}
+
+	entitiesOps, err := permissions.NewEntitiesOperations(
+		permissions.EntitiesPermission{
+			operations.EntityType: alarmOps,
+		},
+		permissions.EntitiesOperationDetails[permissions.Operation]{
+			operations.EntityType: operations.OperationDetails(),
+		},
+	)
+	if err != nil {
+		logger.Error(fmt.Sprintf("failed to create entity operations: %s", err))
+		exitCode = 1
+		return
+	}
+
+	svc, err = middleware.NewAuthorizationMiddleware(svc, authz, entitiesOps)
+	if err != nil {
+		logger.Error(fmt.Sprintf("failed to create authorization middleware: %s", err))
+		exitCode = 1
+		return
+	}
+
 	svc = middleware.NewLoggingMiddleware(logger, svc)
 	counter, latency := prometheus.MakeMetrics("alarms", "api")
 	svc = middleware.NewMetricsMiddleware(counter, latency, svc)