Skip to content

Commit

Permalink
Fix partnerID transferring to WRP message feature (#81)
Browse files Browse the repository at this point in the history 
* Add logic to fill out partnerID in wrp msg

* Pass JWT partnerIDs to WRP message

* bascule already provides the clientID

* actually perform logging

* update changelog

* use defined variable

* Add empty partnerID validator

* update changelog

* Update changelog to trigger next release
  • Loading branch information
@joe94
joe94 committed Jan 22, 2020
1 parent 6a1fd7e commit f4c0aa9
Show file tree
Hide file tree
Showing 6 changed files with 147 additions and 10 deletions.
6 changes: 5 additions & 1 deletion CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,11 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).

## [Unreleased]

## [v0.2.0]
- updated release pipeline to use travis [#73](https://github.com/xmidt-org/scytale/pull/73)
- bumped bascule, webpa-common, and wrp-go for updated capability configuration [#75](https://github.com/xmidt-org/scytale/pull/75)
- fix feature for passing partnerIDs from JWT to fanout WRP messages. Enforce nonempty partnerIDs [#81](https://github.com/xmidt-org/scytale/pull/81)

## [v0.1.5]
- converting glide to go mod
Expand All @@ -20,7 +23,8 @@ Switching to new build process
- initial creation


[Unreleased]: https://github.com/Comcast/scytale/compare/v0.1.5...HEAD
[Unreleased]: https://github.com/Comcast/scytale/compare/v0.2.0...HEAD
[v0.2.0]: https://github.com/Comcast/scytale/compare/v0.1.5...v0.2.0
[v0.1.5]: https://github.com/Comcast/scytale/compare/v0.1.4...v0.1.5
[v0.1.4]: https://github.com/Comcast/scytale/compare/v0.1.1...v0.1.4
[v0.1.1]: https://github.com/Comcast/scytale/compare/v0.1.0...v0.1.1
34 changes: 34 additions & 0 deletions basculeValidators.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
package main

import (
"context"
"errors"
"fmt"

"github.com/mitchellh/mapstructure"
"github.com/xmidt-org/bascule"
)

type allowedResources struct {
AllowedPartners []string
}

type claims struct {
AllowedResources allowedResources
}

var requirePartnerIDs bascule.ValidatorFunc = func(_ context.Context, token bascule.Token) error {
var claims claims

err := mapstructure.Decode(token.Attributes(), &claims)

if err != nil {
return fmt.Errorf("Unexpected JWT claim format for partnerIDs: %v", err)
}

if len(claims.AllowedResources.AllowedPartners) < 1 {
return errors.New("JWT must provide claims for partnerIDs")
}

return nil
}
54 changes: 54 additions & 0 deletions basculeValidators_test.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
package main

import (
"context"
"testing"

"github.com/stretchr/testify/assert"
"github.com/xmidt-org/bascule"
)

func TestRequirePartnerIDs(t *testing.T) {
var tests = []struct {
name string
attributes bascule.Attributes
shouldPass bool
}{
{
name: "partnerIDs",
attributes: map[string]interface{}{
"allowedResources": map[string]interface{}{
"allowedPartners": []string{"partner0", "partner1"},
}},
shouldPass: true,
},

{
name: "no partnerIDs",
attributes: nil,
},
{
name: "malformed partnerIDs field",
attributes: map[string]interface{}{
"allowedResources": map[string]interface{}{
"allowedPartners": "partner0",
}},
},
}

ctx := context.Background()

for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
assert := assert.New(t)
token := bascule.NewToken("bearer", "client0", test.attributes)

err := requirePartnerIDs(ctx, token)
if test.shouldPass {
assert.Nil(err)
} else {
assert.NotNil(err)
}
})
}
}
2 changes: 2 additions & 0 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,13 @@ require (
github.com/gorilla/mux v1.7.3
github.com/influxdata/influxdb v1.7.7 // indirect
github.com/justinas/alice v0.0.0-20171023064455-03f45bd4b7da
github.com/mitchellh/mapstructure v1.1.2
github.com/prometheus/client_golang v1.0.0 // indirect
github.com/samuel/go-zookeeper v0.0.0-20190810000440-0ceca61e4d75 // indirect
github.com/spaolacci/murmur3 v1.1.0 // indirect
github.com/spf13/pflag v1.0.3
github.com/spf13/viper v1.4.0
github.com/stretchr/testify v1.3.0
github.com/xmidt-org/bascule v0.7.0
github.com/xmidt-org/webpa-common v1.5.1
github.com/xmidt-org/wrp-go v1.3.3
Expand Down
18 changes: 9 additions & 9 deletions primaryHandler.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ import (
"github.com/goph/emperror"
"github.com/gorilla/mux"
"github.com/justinas/alice"
"github.com/mitchellh/mapstructure"
"github.com/spf13/viper"
"github.com/xmidt-org/bascule"
"github.com/xmidt-org/bascule/basculehttp"
Expand Down Expand Up @@ -67,14 +68,12 @@ func GetLogger(ctx context.Context) bascule.Logger {
return logger
}

func populateMessage(ctx context.Context, message *wrp.Message) {
func populateMessage(ctx context.Context, message *wrp.Message, logger log.Logger) {
if auth, ok := bascule.FromContext(ctx); ok {
if token := auth.Token; token != nil {
if ids, ok := token.Attributes().Get("partnerIDs"); ok {
if idStr, ok := ids.([]string); ok {
message.PartnerIDs = idStr
}
}
var claims claims
mapstructure.Decode(token.Attributes(), &claims)
message.PartnerIDs = claims.AllowedResources.AllowedPartners
}
}
}
Expand Down Expand Up @@ -132,6 +131,7 @@ func authChain(v *viper.Viper, logger log.Logger, registry xmetrics.Registry) (a
bascule.CreateNonEmptyPrincipalCheck(),
bascule.CreateNonEmptyTypeCheck(),
bascule.CreateValidTypeCheck([]string{"jwt"}),
requirePartnerIDs,
}

// only add capability check if the configuration is set
Expand Down Expand Up @@ -265,7 +265,7 @@ func NewPrimaryHandler(logger log.Logger, v *viper.Viper, registry xmetrics.Regi
return ctx, err
}

populateMessage(ctx, message)
populateMessage(ctx, message, logger)
var buffer bytes.Buffer
if err := wrp.NewEncoder(&buffer, wrp.Msgpack).Encode(message); err != nil {
return ctx, err
Expand Down Expand Up @@ -308,7 +308,7 @@ func NewPrimaryHandler(logger log.Logger, v *viper.Viper, registry xmetrics.Regi
return ctx, err
}

populateMessage(ctx, &message)
populateMessage(ctx, &message, logger)
var buffer bytes.Buffer
if err := wrp.NewEncoder(&buffer, wrp.Msgpack).Encode(&message); err != nil {
return ctx, err
Expand Down Expand Up @@ -351,7 +351,7 @@ func NewPrimaryHandler(logger log.Logger, v *viper.Viper, registry xmetrics.Regi
return ctx, err
}

populateMessage(ctx, &message)
populateMessage(ctx, &message, logger)
var buffer bytes.Buffer
if err := wrp.NewEncoder(&buffer, wrp.Msgpack).Encode(&message); err != nil {
return ctx, err
Expand Down
43 changes: 43 additions & 0 deletions primaryHandler_test.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
package main

import (
"context"
"github.com/stretchr/testify/assert"
"github.com/xmidt-org/bascule"
"github.com/xmidt-org/webpa-common/logging"
"github.com/xmidt-org/wrp-go/wrp"
"testing"
)

func TestPopulateMessagePartners(t *testing.T) {
var tests = []struct {
name string
attributes bascule.Attributes
expectedPartnerIDs []string
}{
{
name: "partnerIDs",
attributes: map[string]interface{}{
"allowedResources": map[string]interface{}{
"allowedPartners": []string{"partner0", "partner1"},
}},
expectedPartnerIDs: []string{"partner0", "partner1"},
},
}

for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
assert := assert.New(t)

auth := bascule.Authentication{
Token: bascule.NewToken("bearer", "client0", test.attributes),
}

ctx := bascule.WithAuthentication(context.Background(), auth)

wrpMsg := new(wrp.Message)
populateMessage(ctx, wrpMsg, logging.DefaultLogger())
assert.Equal(test.expectedPartnerIDs, wrpMsg.PartnerIDs)
})
}
}

0 comments on commit f4c0aa9

Please sign in to comment.