tasker-orchestration 0.1.4

Orchestration system for tasker workflow coordination
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218

//! Template service gRPC implementation.
//!
//! Provides template discovery operations via gRPC.

use crate::grpc::conversions::json_to_struct;
use crate::grpc::interceptors::AuthInterceptor;
use crate::grpc::state::GrpcState;
use crate::services::TemplateQueryError;
use tasker_shared::proto::v1::{
    self as proto, template_service_server::TemplateService as TemplateServiceTrait,
};
use tasker_shared::types::Permission;
use tonic::{Request, Response, Status};
use tracing::debug;

/// gRPC Template service implementation.
#[derive(Debug)]
pub struct TemplateServiceImpl {
    state: GrpcState,
    auth_interceptor: AuthInterceptor,
}

impl TemplateServiceImpl {
    /// Create a new template service.
    pub fn new(state: GrpcState) -> Self {
        let auth_interceptor = AuthInterceptor::new(state.services.security_service.clone());
        Self {
            state,
            auth_interceptor,
        }
    }

    /// Authenticate the request and check permissions.
    async fn authenticate_and_authorize<T>(
        &self,
        request: &Request<T>,
        required_permission: Permission,
    ) -> Result<(), Status> {
        let ctx = self.auth_interceptor.authenticate(request).await?;

        // Check permission
        if !ctx.has_permission(&required_permission) {
            return Err(Status::permission_denied(
                "Insufficient permissions for this operation",
            ));
        }

        Ok(())
    }
}

#[tonic::async_trait]
impl TemplateServiceTrait for TemplateServiceImpl {
    /// List all available templates.
    async fn list_templates(
        &self,
        request: Request<proto::ListTemplatesRequest>,
    ) -> Result<Response<proto::ListTemplatesResponse>, Status> {
        // Authenticate and authorize
        self.authenticate_and_authorize(&request, Permission::TemplatesRead)
            .await?;

        let req = request.into_inner();
        debug!(namespace = ?req.namespace, "gRPC list templates");

        // List templates via service layer
        let result = self
            .state
            .services
            .template_query_service
            .list_templates(req.namespace.as_deref())
            .await;

        match result {
            Ok(response) => {
                // Convert namespaces
                let namespaces: Vec<proto::NamespaceSummary> = response
                    .namespaces
                    .into_iter()
                    .map(|ns| proto::NamespaceSummary {
                        name: ns.name,
                        description: ns.description,
                        template_count: ns.template_count as i64,
                    })
                    .collect();

                // Convert templates
                let templates: Vec<proto::TemplateSummary> = response
                    .templates
                    .into_iter()
                    .map(|t| proto::TemplateSummary {
                        name: t.name,
                        namespace: t.namespace,
                        version: t.version,
                        description: t.description,
                        step_count: t.step_count as i64,
                    })
                    .collect();

                Ok(Response::new(proto::ListTemplatesResponse {
                    namespaces,
                    templates,
                    total_count: response.total_count as i64,
                }))
            }
            Err(e) => Err(template_error_to_status(&e)),
        }
    }

    /// Get a specific template by namespace/name/version.
    async fn get_template(
        &self,
        request: Request<proto::GetTemplateRequest>,
    ) -> Result<Response<proto::GetTemplateResponse>, Status> {
        // Authenticate and authorize
        self.authenticate_and_authorize(&request, Permission::TemplatesRead)
            .await?;

        let req = request.into_inner();
        debug!(
            namespace = %req.namespace,
            name = %req.name,
            version = %req.version,
            "gRPC get template"
        );

        // Get template via service layer
        let result = self
            .state
            .services
            .template_query_service
            .get_template(&req.namespace, &req.name, &req.version)
            .await;

        match result {
            Ok(detail) => {
                // Convert steps
                let steps: Vec<proto::StepDefinition> = detail
                    .steps
                    .into_iter()
                    .map(|step| proto::StepDefinition {
                        name: step.name,
                        description: step.description,
                        default_retryable: step.default_retryable,
                        default_max_attempts: step.default_max_attempts,
                    })
                    .collect();

                // Convert configuration if present
                let configuration = detail.configuration.and_then(json_to_struct);

                Ok(Response::new(proto::GetTemplateResponse {
                    template: Some(proto::TemplateDetail {
                        name: detail.name,
                        namespace: detail.namespace,
                        version: detail.version,
                        description: detail.description,
                        configuration,
                        steps,
                    }),
                }))
            }
            Err(e) => Err(template_error_to_status(&e)),
        }
    }
}

/// Convert a TemplateQueryError to a gRPC Status.
fn template_error_to_status(error: &TemplateQueryError) -> Status {
    match error {
        TemplateQueryError::NamespaceNotFound(_) | TemplateQueryError::TemplateNotFound { .. } => {
            Status::not_found(error.to_string())
        }
        TemplateQueryError::DatabaseError(_) | TemplateQueryError::Internal(_) => {
            Status::internal(error.to_string())
        }
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_template_error_namespace_not_found() {
        let err = TemplateQueryError::NamespaceNotFound("production".to_string());
        let status = template_error_to_status(&err);
        assert_eq!(status.code(), tonic::Code::NotFound);
        assert!(status.message().contains("production"));
    }

    #[test]
    fn test_template_error_template_not_found() {
        let err = TemplateQueryError::TemplateNotFound {
            namespace: "default".to_string(),
            name: "missing_task".to_string(),
            version: "1.0.0".to_string(),
        };
        let status = template_error_to_status(&err);
        assert_eq!(status.code(), tonic::Code::NotFound);
    }

    #[test]
    fn test_template_error_database_error() {
        let err = TemplateQueryError::DatabaseError(sqlx::Error::Protocol(
            "connection refused".to_string(),
        ));
        let status = template_error_to_status(&err);
        assert_eq!(status.code(), tonic::Code::Internal);
    }

    #[test]
    fn test_template_error_internal() {
        let err = TemplateQueryError::Internal("unexpected".to_string());
        let status = template_error_to_status(&err);
        assert_eq!(status.code(), tonic::Code::Internal);
    }
}