Skip to content

Commit

Permalink
added wsvc/at LocalName() to headers (#43)
Browse files Browse the repository at this point in the history
* added wsvc/at LocalName() to headers

* fix tests

* fix typo in test
  • Loading branch information
SamMHD authored Feb 27, 2024
1 parent 0788b5f commit abebb6a
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 9 deletions.
4 changes: 4 additions & 0 deletions api/v1alpha1/accesstoken_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,10 @@ type AccessTokenList struct {
Items []AccessToken `json:"items"`
}

func (at AccessToken) LocalName() string {
return at.Namespace + "/" + at.Name
}

func init() {
SchemeBuilder.Register(&AccessToken{}, &AccessTokenList{})
}
4 changes: 3 additions & 1 deletion pkg/auth/authenticator.go
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@ const (
CerberusHeaderTokenPriority CerberusHeaderName = "X-Cerberus-Token-Priority"
CerberusHeaderWebServiceMinPriority CerberusHeaderName = "X-Cerberus-Webservice-Min-Priority"
CerberusHeaderAccessToken CerberusHeaderName = "X-Cerberus-AccessToken"
CerberusHeaderWebservice CerberusHeaderName = "X-Cerberus-Webservice"
)

// Access limit reasons
Expand Down Expand Up @@ -92,7 +93,8 @@ func (a *Authenticator) TestAccess(request *Request, wsvc WebservicesCacheEntry)
return
}

newExtraHeaders.set(CerberusHeaderAccessToken, ac.ObjectMeta.Name)
newExtraHeaders.set(CerberusHeaderAccessToken, ac.LocalName())
newExtraHeaders.set(CerberusHeaderWebservice, wsvc.LocalName())

for _, validator := range a.validators {
var headers CerberusExtraHeaders
Expand Down
23 changes: 15 additions & 8 deletions pkg/auth/authenticator_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -203,11 +203,12 @@ func TestTestAccessValidToken(t *testing.T) {
tokenEntry := AccessTokensCacheEntry{
AccessToken: cerberusv1alpha1.AccessToken{
ObjectMeta: metav1.ObjectMeta{
Name: "valid-token",
Name: "valid-token",
Namespace: "SampleNamespace",
},
},
allowedWebservicesCache: map[string]struct{}{
"SampleWebService": {},
"SampleNamespace/SampleWebService": {},
},
}
(*authenticator.accessTokensCache)["valid-token"] = tokenEntry
Expand All @@ -218,6 +219,7 @@ func TestTestAccessValidToken(t *testing.T) {
request := &Request{
Context: map[string]string{
"webservice": "SampleWebService",
"namespace": "SampleNamespace",
},
Request: http.Request{
Header: headers,
Expand All @@ -227,7 +229,8 @@ func TestTestAccessValidToken(t *testing.T) {
webservice := WebservicesCacheEntry{
WebService: cerberusv1alpha1.WebService{
ObjectMeta: metav1.ObjectMeta{
Name: "SampleWebService",
Name: "SampleWebService",
Namespace: "SampleNamespace",
},
Spec: cerberusv1alpha1.WebServiceSpec{
LookupHeader: string(CerberusHeaderAccessToken),
Expand All @@ -239,7 +242,8 @@ func TestTestAccessValidToken(t *testing.T) {
reason, extraHeaders := authenticator.TestAccess(request, webservice)

assert.Equal(t, CerberusReasonNotSet, reason, "Expected reason to be OK")
assert.Equal(t, "valid-token", extraHeaders[CerberusHeaderAccessToken], "Expected token in extraHeaders")
assert.Equal(t, "SampleNamespace/valid-token", extraHeaders[CerberusHeaderAccessToken], "Expected token in extraHeaders")
assert.Equal(t, "SampleNamespace/SampleWebService", extraHeaders[CerberusHeaderWebservice], "Expected webservice in extraHeader")
}

func TestTestAccessInvalidToken(t *testing.T) {
Expand Down Expand Up @@ -328,7 +332,8 @@ func TestTestAccessBadIPList(t *testing.T) {
tokenEntry := AccessTokensCacheEntry{
AccessToken: cerberusv1alpha1.AccessToken{
ObjectMeta: metav1.ObjectMeta{
Name: "valid-token",
Name: "valid-token",
Namespace: "SampleNamespace",
},
Spec: cerberusv1alpha1.AccessTokenSpec{
AllowedIPs: []string{"192.168.1.1", "192.168.1.2"},
Expand Down Expand Up @@ -358,20 +363,22 @@ func TestTestAccessBadIPList(t *testing.T) {
webservice := WebservicesCacheEntry{
WebService: cerberusv1alpha1.WebService{
ObjectMeta: metav1.ObjectMeta{
Name: "SampleWebService",
Name: "SampleWebService",
Namespace: "SampleNamespace",
},
Spec: cerberusv1alpha1.WebServiceSpec{
LookupHeader: string(CerberusHeaderAccessToken),
},
},
}

(*authenticator.webservicesCache)["SampleWebService"] = webservice
(*authenticator.webservicesCache)["SampleNamespace/SampleWebService"] = webservice

reason, extraHeaders := authenticator.TestAccess(request, webservice)

assert.Equal(t, CerberusReasonBadIpList, reason, "Expected reason to be BadIpList")
assert.Equal(t, extraHeaders[CerberusHeaderAccessToken], "valid-token", "Expected AccessToken Name as a Header")
assert.Equal(t, extraHeaders[CerberusHeaderAccessToken], "SampleNamespace/valid-token", "Expected AccessToken LocalName as a Header")
assert.Equal(t, extraHeaders[CerberusHeaderWebservice], "SampleNamespace/SampleWebService", "Expected Webservice LocalName as a Header")
}

func TestTestAccessLimited(t *testing.T) {
Expand Down

0 comments on commit abebb6a

Please sign in to comment.