diff --git a/env/iasConfig.go b/env/iasConfig.go index 4ad4dce..6f15b08 100644 --- a/env/iasConfig.go +++ b/env/iasConfig.go @@ -29,32 +29,34 @@ type VCAPServices struct { // Identity interface has to be implemented to instantiate NewMiddleware. For IAS the standard implementation IASConfig from ../env/iasConfig.go package can be used. type Identity interface { - GetClientID() string // Returns the client id of the oAuth client. - GetClientSecret() string // Returns the client secret. Optional - GetURL() string // Returns the url to the DefaultIdentity tenant. E.g. https://abcdefgh.accounts.ondemand.com - GetDomains() []string // Returns the domains of the DefaultIdentity service. E.g. ["accounts.ondemand.com"] - GetZoneUUID() uuid.UUID // Deprecated: Returns the zone uuid, will be replaced by GetAppTID Optional - GetAppTID() string // Returns the app tid uuid and replaces zone uuid in future Optional - GetProofTokenURL() string // Returns the proof token url. Optional - GetCertificate() string // Returns the client certificate. Optional - GetKey() string // Returns the client certificate key. Optional - GetCertificateExpiresAt() string // Returns the client certificate expiration time. Optional - IsCertificateBased() bool // Returns true, in case GetCertificate() and GetKey returns non empty values + GetClientID() string // Returns the client id of the oAuth client. + GetClientSecret() string // Returns the client secret. Optional + GetURL() string // Returns the url to the DefaultIdentity tenant. E.g. https://abcdefgh.accounts.ondemand.com + GetDomains() []string // Returns the domains of the DefaultIdentity service. E.g. ["accounts.ondemand.com"] + GetZoneUUID() uuid.UUID // Deprecated: Returns the zone uuid, will be replaced by GetAppTID Optional + GetAppTID() string // Returns the app tid uuid and replaces zone uuid in future Optional + GetProofTokenURL() string // Returns the proof token url. Optional + GetCertificate() string // Returns the client certificate. Optional + GetKey() string // Returns the client certificate key. Optional + GetCertificateExpiresAt() string // Returns the client certificate expiration time. Optional + GetAuthorizationInstanceID() string // Returns the AMS instance id if authorization is enabled + IsCertificateBased() bool // Returns true, in case GetCertificate() and GetKey returns non-empty values } // DefaultIdentity represents the parsed credentials from the ias binding type DefaultIdentity struct { - ClientID string `json:"clientid"` - ClientSecret string `json:"clientsecret"` - Domains []string `json:"domains"` - URL string `json:"url"` - ZoneUUID uuid.UUID `json:"zone_uuid"` // Deprecated: will be replaced by AppTID - AppTID string `json:"app_tid"` // replaces ZoneUUID - ProofTokenURL string `json:"prooftoken_url"` - OsbURL string `json:"osb_url"` - Certificate string `json:"certificate"` - Key string `json:"key"` - CertificateExpiresAt string `json:"certificate_expires_at"` + ClientID string `json:"clientid"` + ClientSecret string `json:"clientsecret"` + Domains []string `json:"domains"` + URL string `json:"url"` + ZoneUUID uuid.UUID `json:"zone_uuid"` // Deprecated: will be replaced by AppTID + AppTID string `json:"app_tid"` // replaces ZoneUUID + ProofTokenURL string `json:"prooftoken_url"` + OsbURL string `json:"osb_url"` + Certificate string `json:"certificate"` + Key string `json:"key"` + CertificateExpiresAt string `json:"certificate_expires_at"` + AuthorizationInstanceID string `json:"authorization_instance_id"` } // ParseIdentityConfig parses the IAS config from the applications environment @@ -232,3 +234,8 @@ func (c DefaultIdentity) GetKey() string { func (c DefaultIdentity) GetCertificateExpiresAt() string { return c.CertificateExpiresAt } + +// GetAuthorizationInstanceID implements the env.Identity interface. +func (c DefaultIdentity) GetAuthorizationInstanceID() string { + return c.AuthorizationInstanceID +} diff --git a/env/iasConfig_test.go b/env/iasConfig_test.go index f99f456..e3e7c08 100644 --- a/env/iasConfig_test.go +++ b/env/iasConfig_test.go @@ -16,12 +16,13 @@ import ( ) var testConfig = &DefaultIdentity{ - ClientID: "cef76757-de57-480f-be92-1d8c1c7abf16", - ClientSecret: "[the_CLIENT.secret:3[/abc", - Domains: []string{"accounts400.ondemand.com", "my.arbitrary.domain"}, - URL: "https://mytenant.accounts400.ondemand.com", - ZoneUUID: uuid.MustParse("bef12345-de57-480f-be92-1d8c1c7abf16"), - AppTID: "70cd0de3-528a-4655-b56a-5862591def5c", + ClientID: "cef76757-de57-480f-be92-1d8c1c7abf16", + ClientSecret: "[the_CLIENT.secret:3[/abc", + Domains: []string{"accounts400.ondemand.com", "my.arbitrary.domain"}, + URL: "https://mytenant.accounts400.ondemand.com", + ZoneUUID: uuid.MustParse("bef12345-de57-480f-be92-1d8c1c7abf16"), + AppTID: "70cd0de3-528a-4655-b56a-5862591def5c", + AuthorizationInstanceID: "8d5423d7-bda4-461c-9670-1b9adc142f0a", } func TestParseIdentityConfig(t *testing.T) { @@ -34,7 +35,7 @@ func TestParseIdentityConfig(t *testing.T) { }{ { name: "[CF] single identity service instance bound", - env: "{\"identity\":[{\"binding_name\":null,\"credentials\":{\"clientid\":\"cef76757-de57-480f-be92-1d8c1c7abf16\",\"clientsecret\":\"[the_CLIENT.secret:3[/abc\",\"domains\":[\"accounts400.ondemand.com\",\"my.arbitrary.domain\"],\"token_url\":\"https://mytenant.accounts400.ondemand.com/oauth2/token\",\"url\":\"https://mytenant.accounts400.ondemand.com\",\"zone_uuid\":\"bef12345-de57-480f-be92-1d8c1c7abf16\", \"app_tid\":\"70cd0de3-528a-4655-b56a-5862591def5c\"},\"instance_name\":\"my-ams-instance\",\"label\":\"identity\",\"name\":\"my-ams-instance\",\"plan\":\"application\",\"provider\":null,\"syslog_drain_url\":null,\"tags\":[\"ias\"],\"volume_mounts\":[]}]}", + env: "{\"identity\":[{\"binding_name\":null,\"credentials\":{\"clientid\":\"cef76757-de57-480f-be92-1d8c1c7abf16\",\"clientsecret\":\"[the_CLIENT.secret:3[/abc\",\"domains\":[\"accounts400.ondemand.com\",\"my.arbitrary.domain\"],\"token_url\":\"https://mytenant.accounts400.ondemand.com/oauth2/token\",\"url\":\"https://mytenant.accounts400.ondemand.com\",\"zone_uuid\":\"bef12345-de57-480f-be92-1d8c1c7abf16\", \"app_tid\":\"70cd0de3-528a-4655-b56a-5862591def5c\", \"authorization_instance_id\":\"8d5423d7-bda4-461c-9670-1b9adc142f0a\"},\"instance_name\":\"my-ams-instance\",\"label\":\"identity\",\"name\":\"my-ams-instance\",\"plan\":\"application\",\"provider\":null,\"syslog_drain_url\":null,\"tags\":[\"ias\"],\"volume_mounts\":[]}]}", want: testConfig, wantErr: false, }, diff --git a/env/testdata/k8s/single-instance-onecredentialsfile/service-instance/credentials b/env/testdata/k8s/single-instance-onecredentialsfile/service-instance/credentials index 79884ab..44fa60b 100644 --- a/env/testdata/k8s/single-instance-onecredentialsfile/service-instance/credentials +++ b/env/testdata/k8s/single-instance-onecredentialsfile/service-instance/credentials @@ -6,5 +6,6 @@ ], "url": "https://mytenant.accounts400.ondemand.com", "zone_uuid": "bef12345-de57-480f-be92-1d8c1c7abf16", - "app_tid": "70cd0de3-528a-4655-b56a-5862591def5c" + "app_tid": "70cd0de3-528a-4655-b56a-5862591def5c", + "authorization_instance_id": "8d5423d7-bda4-461c-9670-1b9adc142f0a" } \ No newline at end of file diff --git a/env/testdata/k8s/single-instance-onecredentialsfile/service-instance/zone_uuid b/env/testdata/k8s/single-instance-onecredentialsfile/service-instance/zone_uuid deleted file mode 100644 index 2a162cc..0000000 --- a/env/testdata/k8s/single-instance-onecredentialsfile/service-instance/zone_uuid +++ /dev/null @@ -1 +0,0 @@ -cef12345-ed75-fabc-be92-1d8c1c7abf16 \ No newline at end of file diff --git a/env/testdata/k8s/single-instance/service-instance/authorization_instance_id b/env/testdata/k8s/single-instance/service-instance/authorization_instance_id new file mode 100644 index 0000000..9513bd8 --- /dev/null +++ b/env/testdata/k8s/single-instance/service-instance/authorization_instance_id @@ -0,0 +1 @@ +8d5423d7-bda4-461c-9670-1b9adc142f0a \ No newline at end of file diff --git a/mocks/mockServer.go b/mocks/mockServer.go index 97c45af..f2879a1 100644 --- a/mocks/mockServer.go +++ b/mocks/mockServer.go @@ -302,17 +302,18 @@ func (m *MockServer) DefaultHeaders() map[string]interface{} { // MockConfig represents the credentials to the mock server type MockConfig struct { - ClientID string - ClientSecret string - URL string - Domains []string - ZoneUUID uuid.UUID - AppTID string - ProofTokenURL string - OsbURL string - Certificate string - Key string - CertificateExpiresAt string + ClientID string + ClientSecret string + URL string + Domains []string + ZoneUUID uuid.UUID + AppTID string + ProofTokenURL string + OsbURL string + Certificate string + Key string + CertificateExpiresAt string + AuthorizationInstanceID string } // GetClientID implements the env.Identity interface. @@ -375,6 +376,9 @@ func (c MockConfig) IsCertificateBased() bool { return c.Certificate != "" && c.Key != "" } +// GetAuthorizationInstanceID implements the env.Identity interface. +func (c MockConfig) GetAuthorizationInstanceID() string { return c.AuthorizationInstanceID } + // JSONWebKeySet represents the data which is returned by the tenants /oauth2/certs endpoint type JSONWebKeySet struct { Keys []*JSONWebKey `json:"keys"`