multi: use group ID for PrivacyMapConversion query

Author: ellemouton

cmd/litcli/privacy_map.go

@@ -18,9 +18,9 @@ var privacyMapCommands = cli.Command{
 	Category: "Privacy",
 	Flags: []cli.Flag{
 		cli.StringFlag{
-			Name:     "session_id",
-			Usage:    "The id of the session in question",
-			Required: true,
+			Name:   "session_id",
+			Usage:  "Deprecated, use group_id instead.",
+			Hidden: true,
 		},
 		cli.BoolFlag{
 			Name: "realtopseudo",
@@ -30,6 +30,11 @@ var privacyMapCommands = cli.Command{
 				"as the pseudo value that should be " +
 				"mapped to its real counterpart.",
 		},
+		cli.StringFlag{
+			Name: "group_id",
+			Usage: "The ID of the session group who's privacy " +
+				"map DB should be queried.",
+		},
 	},
 	Subcommands: []cli.Command{
 		privacyMapConvertStrCommand,
@@ -60,16 +65,26 @@ func privacyMapConvertStr(ctx *cli.Context) error {
 	defer cleanup()
 	client := litrpc.NewFirewallClient(clientConn)
 
-	id, err := hex.DecodeString(ctx.GlobalString("session_id"))
-	if err != nil {
-		return err
+	var groupID []byte
+	if ctx.GlobalIsSet("group_id") {
+		groupID, err = hex.DecodeString(ctx.GlobalString("group_id"))
+		if err != nil {
+			return err
+		}
+	} else if ctx.GlobalIsSet("session_id") {
+		groupID, err = hex.DecodeString(ctx.GlobalString("session_id"))
+		if err != nil {
+			return err
+		}
+	} else {
+		return fmt.Errorf("must set group_id")
 	}
 
 	resp, err := client.PrivacyMapConversion(
 		ctxb, &litrpc.PrivacyMapConversionRequest{
-			SessionId:    id,
 			RealToPseudo: ctx.GlobalBool("realtopseudo"),
 			Input:        ctx.String("input"),
+			GroupId:      groupID,
 		},
 	)
 	if err != nil {
@@ -104,18 +119,28 @@ func privacyMapConvertUint64(ctx *cli.Context) error {
 	defer cleanup()
 	client := litrpc.NewFirewallClient(clientConn)
 
-	id, err := hex.DecodeString(ctx.GlobalString("session_id"))
-	if err != nil {
-		return err
+	var groupID []byte
+	if ctx.GlobalIsSet("group_id") {
+		groupID, err = hex.DecodeString(ctx.GlobalString("group_id"))
+		if err != nil {
+			return err
+		}
+	} else if ctx.GlobalIsSet("session_id") {
+		groupID, err = hex.DecodeString(ctx.GlobalString("session_id"))
+		if err != nil {
+			return err
+		}
+	} else {
+		return fmt.Errorf("must set group_id")
 	}
 
 	input := firewalldb.Uint64ToStr(ctx.Uint64("input"))
 
 	resp, err := client.PrivacyMapConversion(
 		ctxb, &litrpc.PrivacyMapConversionRequest{
-			SessionId:    id,
 			RealToPseudo: ctx.GlobalBool("realtopseudo"),
 			Input:        input,
+			GroupId:      groupID,
 		},
 	)
 	if err != nil {

litrpc/firewall.pb.go

@@ -36,14 +36,20 @@ message PrivacyMapConversionRequest {
     bool real_to_pseudo = 1;
 
     /*
+    Deprecated, use group_id.
     The session ID under which to search for the real-pseudo pair.
     */
-    bytes session_id = 2;
+    bytes session_id = 2 [deprecated = true];
 
     /*
     The input to be converted into the real or pseudo value.
     */
     string input = 3;
+
+    /*
+    The group ID under which to search for the real-pseudo pair.
+    */
+    bytes group_id = 4;
 }
 
 message PrivacyMapConversionResponse {

litrpc/firewall.proto

@@ -237,11 +237,16 @@
         "session_id": {
           "type": "string",
           "format": "byte",
-          "description": "The session ID under which to search for the real-pseudo pair."
+          "description": "Deprecated, use group_id.\nThe session ID under which to search for the real-pseudo pair."
         },
         "input": {
           "type": "string",
           "description": "The input to be converted into the real or pseudo value."
+        },
+        "group_id": {
+          "type": "string",
+          "format": "byte",
+          "description": "The group ID under which to search for the real-pseudo pair."
         }
       }
     },

litrpc/firewall.swagger.json

@@ -592,13 +592,29 @@ func (s *sessionRpcServer) PrivacyMapConversion(_ context.Context,
 	req *litrpc.PrivacyMapConversionRequest) (
 	*litrpc.PrivacyMapConversionResponse, error) {
 
-	sessionID, err := session.IDFromBytes(req.SessionId)
-	if err != nil {
-		return nil, err
+	var (
+		groupID session.ID
+		err     error
+	)
+	if len(req.GroupId) != 0 {
+		groupID, err = session.IDFromBytes(req.GroupId)
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		sessionID, err := session.IDFromBytes(req.SessionId)
+		if err != nil {
+			return nil, err
+		}
+
+		groupID, err = s.cfg.db.GetGroupID(sessionID)
+		if err != nil {
+			return nil, err
+		}
 	}
 
 	var res string
-	privMap := s.cfg.privMap(sessionID)
+	privMap := s.cfg.privMap(groupID)
 	err = privMap.View(func(tx firewalldb.PrivacyMapTx) error {
 		var err error
 		if req.RealToPseudo {