Merge pull request #908 from neuroglia-io/fix-authentication-policy-r…

…eference

Changes  the way authentication policies can be referenced

dsl-reference.md

@@ -192,7 +192,8 @@ do:
  method: post
  endpoint:
  uri: https://fake.smtp.service.com/email/send
- authentication: petStoreOAuth2
+ authentication: 
+ use: petStoreOAuth2
  body:
  from: noreply@fake.petstore.com
  to: ${ .order.client.email }
@@ -438,14 +439,24 @@ document:
  namespace: test
  name: do-example
  version: '0.1.0'
+use:
+ authentications:
+ fake-booking-agency-oauth2:
+ oauth2:
+ authority: https://fake-booking-agency.com
+ grant: client_credentials
+ client:
+ id: serverless-workflow-runtime
+ secret: secret0123456789
 do:
  - bookHotel:
  call: http
  with:
  method: post
  endpoint: 
  uri: https://fake-booking-agency.com/hotels/book
- authentication: fake-booking-agency-oauth2
+ authentication: 
+ use: fake-booking-agency-oauth2
  body:
  name: Four Seasons
  city: Antwerp
@@ -456,7 +467,8 @@ do:
  method: post
  endpoint: 
  uri: https://fake-booking-agency.com/flights/book
- authentication: fake-booking-agency-oauth2
+ authentication: 
+ use: fake-booking-agency-oauth2
  body:
  departure:
  date: '01/01/26'
@@ -1083,6 +1095,7 @@ Defines the mechanism used to authenticate users and workflows attempting to acc
 
 | Property | Type | Required | Description |
 |----------|:----:|:--------:|-------------|
+| use | `string` | `no` | The name of the top-level authentication definition to use. Cannot be used by authentication definitions defined at top level. |
 | basic | [`basicAuthentication`](#basic-authentication) | `no` | The `basic` authentication scheme to use, if any.<br>Required if no other property has been set, otherwise ignored. |
 | bearer | [`bearerAuthentication`](#bearer-authentication) | `no` | The `bearer` authentication scheme to use, if any.<br>Required if no other property has been set, otherwise ignored. |
 | certificate | [`certificateAuthentication`](#certificate-authentication) | `no` | The `certificate` authentication scheme to use, if any.<br>Required if no other property has been set, otherwise ignored. |
@@ -1102,15 +1115,17 @@ use:
  - usernamePasswordSecret
  authentication:
  sampleBasicFromSecret:
- basic: usernamePasswordSecret
+ basic:
+ use: usernamePasswordSecret
 do:
  - sampleTask:
  call: http
  with:
  method: get
  endpoint: 
  uri: https://secured.fake.com/sample
- authentication: sampleBasicFromSecret
+ authentication:
+ use: sampleBasicFromSecret
 ```
 
 #### Basic Authentication
@@ -1133,19 +1148,20 @@ document:
  name: basic-authentication-example
  version: '0.1.0'
 use:
- authentication:
+ authentications:
  sampleBasic:
  basic:
  username: admin
- password: 123
+ password: password123
 do:
  - sampleTask:
  call: http
  with:
  method: get
  endpoint: 
  uri: https://secured.fake.com/sample
- authentication: sampleBasic
+ authentication: 
+ use: sampleBasic
 ```
 
 #### Bearer Authentication

dsl.md

@@ -204,6 +204,7 @@ When the evaluation of an expression fails, runtimes **must** raise an error wit
 |:-----|:----:|:------------|
 | context | `map` | The task's context data. |
 | input | `any` | The task's filtered input. |
+| secrets | `map` | A key/value map of the workflow secrets.<br>To avoid unintentional bleeding, secrets can only be used in the `input.from` runtime expression. |
 | task | [`taskDescriptor`](#task-descriptor) | Describes the current task. |
 | workflow | [`workflowDescritor`](#workflow-descriptor) | Describes the current workflow. |
 

examples/use-authentication.yaml

@@ -15,4 +15,5 @@ do:
  method: get
  endpoint:
  uri: https://petstore.swagger.io/v2/pet/{petId}
- authentication: petStoreAuth
+ authentication: 
+ use: petStoreAuth

schema/workflow.yaml

@@ -181,10 +181,8 @@ $defs:
  type: object
  description: The payload to call the AsyncAPI operation with, if any.
  authentication:
+ $ref: '#/$defs/referenceableAuthenticationPolicy'
  description: The authentication policy, if any, to use when calling the AsyncAPI operation.
- oneOf:
- - $ref: '#/$defs/authenticationPolicy'
- - type: string
  required: [ document, operationRef ]
  additionalProperties: false
  description: Defines the AsyncAPI call to perform.
@@ -220,10 +218,8 @@ $defs:
  max: 65535
  description: The port number of the GRPC service to call.
  authentication:
+ $ref: '#/$defs/referenceableAuthenticationPolicy'
  description: The endpoint's authentication policy, if any.
- oneOf:
- - $ref: '#/$defs/authenticationPolicy'
- - type: string
  required: [ name, host ]
  method:
  type: string
@@ -293,10 +289,8 @@ $defs:
  additionalProperties: true
  description: A name/value mapping of the parameters of the OpenAPI operation to call.
  authentication:
+ $ref: '#/$defs/referenceableAuthenticationPolicy'
  description: The authentication policy, if any, to use when calling the OpenAPI operation.
- oneOf:
- - $ref: '#/$defs/authenticationPolicy'
- - type: string
  output:
  type: string
  enum: [ raw, content, response ]
@@ -631,79 +625,104 @@ $defs:
  enum: [ continue, exit, end ]
  default: continue
  - type: string
+ referenceableAuthenticationPolicy:
+ type: object
+ oneOf:
+ - title: AuthenticationPolicyReference
+ properties:
+ use:
+ type: string
+ minLength: 1
+ description: The name of the authentication policy to use
+ required: [use]
+ - $ref: '#/$defs/authenticationPolicy'
+ secretBasedAuthenticationPolicy:
+ type: object
+ properties:
+ use:
+ type: string
+ minLength: 1
+ description: The name of the authentication policy to use
+ required: [use]
  authenticationPolicy:
  type: object
  oneOf:
  - title: BasicAuthenticationPolicy 
  properties:
  basic:
  type: object
- properties:
- username:
- type: string
- description: The username to use.
- password:
- type: string
- description: The password to use.
- required: [ username, password ]
+ oneOf:
+ - properties:
+ username:
+ type: string
+ description: The username to use.
+ password:
+ type: string
+ description: The password to use.
+ required: [ username, password ]
+ - $ref: '#/$defs/secretBasedAuthenticationPolicy'
  required: [ basic ]
  description: Use basic authentication.
  - title: BearerAuthenticationPolicy
  properties:
  bearer:
  type: object
- properties:
- token:
- type: string
- description: The bearer token to use.
- required: [ token ]
+ oneOf:
+ - properties:
+ token:
+ type: string
+ description: The bearer token to use.
+ required: [ token ]
+ - $ref: '#/$defs/secretBasedAuthenticationPolicy'
  required: [ bearer ]
  description: Use bearer authentication.
  - title: OAuth2AuthenticationPolicy
  properties:
  oauth2:
  type: object
- properties:
- authority:
- type: string
- format: uri
- description: The URI that references the OAuth2 authority to use.
- grant:
- type: string
- description: The grant type to use.
- client:
- type: object
- properties:
- id:
+ oneOf:
+ - properties:
+ authority:
  type: string
- description: The client id to use.
- secret:
+ format: uri
+ description: The URI that references the OAuth2 authority to use.
+ grant:
  type: string
- description: The client secret to use, if any.
- required: [ id ]
- scopes:
- type: array
- items:
- type: string
- description: The scopes, if any, to request the token for.
- audiences:
- type: array
- items:
- type: string
- description: The audiences, if any, to request the token for.
- username:
- type: string
- description: The username to use. Used only if the grant type is Password.
- password:
- type: string
- description: The password to use. Used only if the grant type is Password.
- subject:
- $ref: '#/$defs/oauth2Token'
- description: The security token that represents the identity of the party on behalf of whom the request is being made.
- actor:
- $ref: '#/$defs/oauth2Token'
- description: The security token that represents the identity of the acting party.
- required: [ authority, grant, client ]
+ description: The grant type to use.
+ client:
+ type: object
+ properties:
+ id:
+ type: string
+ description: The client id to use.
+ secret:
+ type: string
+ description: The client secret to use, if any.
+ required: [ id ]
+ scopes:
+ type: array
+ items:
+ type: string
+ description: The scopes, if any, to request the token for.
+ audiences:
+ type: array
+ items:
+ type: string
+ description: The audiences, if any, to request the token for.
+ username:
+ type: string
+ description: The username to use. Used only if the grant type is Password.
+ password:
+ type: string
+ description: The password to use. Used only if the grant type is Password.
+ subject:
+ $ref: '#/$defs/oauth2Token'
+ description: The security token that represents the identity of the party on behalf of whom the request is being made.
+ actor:
+ $ref: '#/$defs/oauth2Token'
+ description: The security token that represents the identity of the acting party.
+ required: [ authority, grant, client ]
+ - $ref: '#/$defs/secretBasedAuthenticationPolicy'
  required: [ oauth2 ]
  description: Use OAUTH2 authentication.
  description: Defines an authentication policy.
@@ -766,10 +785,8 @@ $defs:
  format: uri-template
  description: The endpoint's URI.
  authentication:
+ $ref: '#/$defs/referenceableAuthenticationPolicy'
  description: The authentication policy to use.
- oneOf:
- - $ref: '#/$defs/authenticationPolicy'
- - type: string
  required: [ uri ]
  eventConsumptionStrategy:
  type: object
@@ -869,10 +886,8 @@ $defs:
  format: uri
  description: The endpoint's URI.
  authentication:
+ $ref: '#/$defs/referenceableAuthenticationPolicy'
  description: The authentication policy to use.
- oneOf:
- - $ref: '#/$defs/authenticationPolicy'
- - type: string
  name:
  type: string
  description: The external resource's name, if any.