add organization ID check from JWT token for internal rules

config.toml

@@ -7,6 +7,8 @@ auth = false
 auth_type = "xrh"
 use_https = false
 enable_cors = false
+enable_internal_rules_organizations = false
+internal_rules_organizations = []
 
 [services]
 aggregator = "http://localhost:8080/api/v1/"

content/content.go

@@ -48,6 +48,13 @@ type RulesWithContentStorage struct {
 	rules            map[types.RuleID]*ics_content.RuleContent
 }
 
+// SetRuleContentDirectory is made for easy testing fake rules etc. from other directories
+func SetRuleContentDirectory(contentDir *ics_content.RuleContentDirectory) {
+	if ruleContentDirectory == nil {
+		ruleContentDirectory = contentDir
+	}
+}
+
 // GetRuleWithErrorKeyContent returns content for rule with error key
 func (s *RulesWithContentStorage) GetRuleWithErrorKeyContent(
 	ruleID types.RuleID, errorKey types.ErrorKey,
@@ -99,7 +106,8 @@ var rulesWithContentStorage = RulesWithContentStorage{
 	rules:            map[types.RuleID]*ics_content.RuleContent{},
 }
 
-func waitForContentDirectoryToBeReady() {
+// WaitForContentDirectoryToBeReady ensures the rule content directory is safe to read/write
+func WaitForContentDirectoryToBeReady() {
 	// according to the example in the official dock,
 	// lock is required here
 	if ruleContentDirectory == nil {
@@ -115,7 +123,7 @@ func GetRuleWithErrorKeyContent(
 	ruleID types.RuleID, errorKey types.ErrorKey,
 ) (*types.RuleWithContent, error) {
 	// to be sure the data is there
-	waitForContentDirectoryToBeReady()
+	WaitForContentDirectoryToBeReady()
 
 	ruleID = types.RuleID(strings.TrimSuffix(string(ruleID), ".report"))
 
@@ -131,7 +139,7 @@ func GetRuleWithErrorKeyContent(
 // Caching is done under the hood, don't worry about it.
 func GetRuleContent(ruleID types.RuleID) (*ics_content.RuleContent, error) {
 	// to be sure the data is there
-	waitForContentDirectoryToBeReady()
+	WaitForContentDirectoryToBeReady()
 
 	ruleID = types.RuleID(strings.TrimSuffix(string(ruleID), ".report"))
 
@@ -166,15 +174,13 @@ func StopUpdateContentLoop() {
 func updateContent(servicesConf services.Configuration) {
 	var err error
 
-	ruleContentDirectory, err = services.GetContent(servicesConf)
+	contentServiceDirectory, err := services.GetContent(servicesConf)
 	if err != nil {
 		log.Error().Err(err).Msg("Error retrieving static content")
 		return
 	}
 
-	loadRuleContent(ruleContentDirectory)
-
-	ruleContentDirectoryReady.L.Lock()
-	ruleContentDirectoryReady.Broadcast()
-	ruleContentDirectoryReady.L.Unlock()
+	SetRuleContentDirectory(contentServiceDirectory)
+	WaitForContentDirectoryToBeReady()
+	LoadRuleContent(ruleContentDirectory)
 }

content/content_test.go

@@ -120,9 +120,6 @@ func TestUpdateContentBadTime(t *testing.T) {
 	}
 
 	content.LoadRuleContent(&ruleContentDirectory)
-	content.RuleContentDirectoryReady.L.Lock()
-	content.RuleContentDirectoryReady.Broadcast()
-	content.RuleContentDirectoryReady.L.Unlock()
 
 	_, err := content.GetRuleWithErrorKeyContent(testdata.Rule4ID, testdata.ErrorKey4)
 	helpers.FailOnError(t, err)

content/export_test.go

@@ -21,6 +21,5 @@ package content
 // to see why this trick is needed.
 var (
 	UpdateContent             = updateContent
-	LoadRuleContent           = loadRuleContent
 	RuleContentDirectoryReady = ruleContentDirectoryReady
 )

content/parsing.go

@@ -23,6 +23,8 @@ import (
 	"github.com/rs/zerolog/log"
 )
 
+const internalRuleStr = "internal"
+
 var (
 	timeParseFormats = []string{
 		"2006-01-02 15:04:05",
@@ -32,8 +34,8 @@ var (
 
 // TODO: consider moving parsing to content service
 
-// loadRuleContent loads the parsed rule content into the storage
-func loadRuleContent(contentDir *content.RuleContentDirectory) {
+// LoadRuleContent loads the parsed rule content into the storage
+func LoadRuleContent(contentDir *content.RuleContentDirectory) {
 	for _, rule := range contentDir.Rules {
 		ruleID := types.RuleID(rule.Plugin.PythonModule)
 
@@ -45,14 +47,9 @@ func loadRuleContent(contentDir *content.RuleContentDirectory) {
 				log.Error().Msgf(`impact "%v" doesn't have integer representation'`, impact)
 				continue
 			}
-			var isActive bool
-			switch strings.ToLower(strings.TrimSpace(errorProperties.Metadata.Status)) {
-			case "active":
-				isActive = true
-			case "inactive":
-				isActive = false
-			default:
-				log.Error().Msgf("invalid rule error key status: '%s'", errorProperties.Metadata.Status)
+
+			isActive, success := getActiveStatus(errorProperties.Metadata.Status)
+			if success != true {
 				return
 			}
 
@@ -75,6 +72,7 @@ func loadRuleContent(contentDir *content.RuleContentDirectory) {
 				RiskOfChange: calculateRiskOfChange(impact, errorProperties.Metadata.Likelihood),
 				PublishDate:  publishDate,
 				Active:       isActive,
+				Internal:     IsRuleInternal(ruleID),
 				Generic:      errorProperties.Generic,
 				Tags:         errorProperties.Metadata.Tags,
 			})
@@ -122,3 +120,35 @@ func timeParse(value string) (time.Time, error) {
 
 	return time.Time{}, err
 }
+
+// Reads Status string, first returned bool is active status, second bool is a success check
+func getActiveStatus(status string) (bool, bool) {
+	var isActive, success bool
+
+	switch strings.ToLower(strings.TrimSpace(status)) {
+	case "active":
+		isActive = true
+		success = true
+	case "inactive":
+		isActive = false
+		success = true
+	default:
+		log.Error().Msgf("invalid rule error key status: '%s'", status)
+		success = false
+	}
+
+	return isActive, success
+}
+
+// IsRuleInternal tries to look for the word "internal" in the ruleID / rule module,
+// because it's currently not specified anywhere on it's own
+// TODO: add field indicating restricted/internal status to one of Rule structs in content-service
+func IsRuleInternal(ruleID types.RuleID) bool {
+	splitRuleID := strings.Split(string(ruleID), ".")
+	for _, ruleIDPart := range splitRuleID {
+		if ruleIDPart == internalRuleStr {
+			return true
+		}
+	}
+	return false
+}

docs/packages/conf/configuration.html

@@ -1,4 +1,20 @@
 <!DOCTYPE html>
+<!--
+ Copyright 2020 Red Hat, Inc
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
 <html>
 <head>
 <title>configuration.go</title>

docs/packages/conf/configuration_test.html

@@ -1,4 +1,20 @@
 <!DOCTYPE html>
+<!--
+ Copyright 2020 Red Hat, Inc
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
 <html>
 <head>
 <title>configuration_test.go</title>

docs/packages/conf/export_test.html

@@ -1,4 +1,20 @@
 <!DOCTYPE html>
+<!--
+ Copyright 2020 Red Hat, Inc
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
 <html>
 <head>
 <title>export_test.go</title>

docs/packages/export_test.html

@@ -1,4 +1,20 @@
 <!DOCTYPE html>
+<!--
+ Copyright 2020 Red Hat, Inc
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
 <html>
 <head>
 <title>export_test.go</title>

docs/packages/server/auth.html

@@ -1,4 +1,20 @@
 <!DOCTYPE html>
+<!--
+ Copyright 2020 Red Hat, Inc
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
 <html>
 <head>
 <title>auth.go</title>

docs/packages/server/configuration.html

@@ -1,4 +1,20 @@
 <!DOCTYPE html>
+<!--
+ Copyright 2020 Red Hat, Inc
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
 <html>
 <head>
 <title>configuration.go</title>

docs/packages/server/endpoints.html

@@ -1,4 +1,20 @@
 <!DOCTYPE html>
+<!--
+ Copyright 2020 Red Hat, Inc
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
 <html>
 <head>
 <title>endpoints.go</title>

docs/packages/server/endpoints_test.html

@@ -1,4 +1,20 @@
 <!DOCTYPE html>
+<!--
+ Copyright 2020 Red Hat, Inc
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
 <html>
 <head>
 <title>endpoints_test.go</title>

docs/packages/server/errors.html

@@ -1,4 +1,20 @@
 <!DOCTYPE html>
+<!--
+ Copyright 2020 Red Hat, Inc
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
 <html>
 <head>
 <title>errors.go</title>

docs/packages/server/export_test.html

@@ -1,4 +1,20 @@
 <!DOCTYPE html>
+<!--
+ Copyright 2020 Red Hat, Inc
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
 <html>
 <head>
 <title>export_test.go</title>