Skip to content

Commit

Permalink
APIGOV-23681 - Changes to pass CRD data to provisioning handler (#545)
Browse files Browse the repository at this point in the history
* APIGOV-23681 - Changes to pass CRD data to provisioning handler

* APIGOV-23681 - added unit test

* APIGOV-23681 - updated credential provisioning mock
  • Loading branch information
vivekschauhan authored Sep 26, 2022
1 parent 81c2e2b commit 66041fa
Show file tree
Hide file tree
Showing 4 changed files with 151 additions and 31 deletions.
68 changes: 52 additions & 16 deletions pkg/agent/handler/credential.go
Original file line number Diff line number Diff line change
Expand Up @@ -174,8 +174,14 @@ func (h *credentials) shouldProcessUpdating(cr *management.Credential) []prov.Cr
func (h *credentials) onDeleting(ctx context.Context, cred *management.Credential) {
logger := getLoggerFromContext(ctx)
provData := h.deprovisionPreProcess(ctx, cred)
crd, err := h.getCRD(ctx, cred)
if err != nil {
logger.WithError(err).Error("error getting credential request definition")
h.onError(ctx, cred, err)
return
}

provCreds, err := h.newProvCreds(cred, map[string]interface{}{}, provData, 0, nil)
provCreds, err := h.newProvCreds(cred, map[string]interface{}{}, provData, 0, crd)
if err != nil {
logger.WithError(err).Error("error preparing credential request")
h.onError(ctx, cred, err)
Expand Down Expand Up @@ -499,17 +505,20 @@ func hasAgentCredentialFinalizer(finalizers []v1.Finalizer) bool {
}

type provCreds struct {
managedApp string
credType string
id string
name string
days int
credAction prov.CredentialAction
credData map[string]interface{}
credDetails map[string]interface{}
appDetails map[string]interface{}
idpProvider oauth.Provider
idpCredData *idpCredData
managedApp string
credType string
id string
name string
days int
credAction prov.CredentialAction
credData map[string]interface{}
credDetails map[string]interface{}
appDetails map[string]interface{}
idpProvider oauth.Provider
idpCredData *idpCredData
credSchema map[string]interface{}
credProvSchema map[string]interface{}
credSchemaDetails map[string]interface{}
}

type idpCredData struct {
Expand Down Expand Up @@ -539,10 +548,18 @@ func (h *credentials) newProvCreds(cr *management.Credential, appDetails map[str
days: 0,
}

if crd != nil &&
crd.Spec.Provision != nil &&
crd.Spec.Provision.Policies.Expiry != nil {
provCred.days = int(crd.Spec.Provision.Policies.Expiry.Period)
if crd != nil {
if crd.Spec.Provision != nil &&
crd.Spec.Provision.Policies.Expiry != nil {
provCred.days = int(crd.Spec.Provision.Policies.Expiry.Period)
}

credSchemaDetails := util.GetAgentDetails(crd)
provCred.credSchema = crd.Spec.Schema
if crd.Spec.Provision != nil {
provCred.credProvSchema = crd.Spec.Provision.Schema
}
provCred.credSchemaDetails = credSchemaDetails
}

// Setup external credential request data to be used for provisioning
Expand Down Expand Up @@ -610,6 +627,25 @@ func (c provCreds) GetCredentialExpirationDays() int {
return c.days
}

// GetCredentialSchema returns the schema for the credential request.
func (c provCreds) GetCredentialSchema() map[string]interface{} {
return c.credSchema
}

// GetCredentialProvisionSchema returns the provisioning schema for the credential request.
func (c provCreds) GetCredentialProvisionSchema() map[string]interface{} {
return c.credProvSchema
}

// GetCredentialSchemaDetailsValue returns a value found on the 'x-agent-details' sub resource of the crd.
func (c provCreds) GetCredentialSchemaDetailsValue(key string) interface{} {
if c.credSchemaDetails == nil {
return nil
}

return c.credSchemaDetails[key]
}

// IsIDPCredential returns boolean indicating if the credential request is for IDP provider
func (c provCreds) IsIDPCredential() bool {
return c.idpProvider != nil
Expand Down
15 changes: 15 additions & 0 deletions pkg/agent/handler/credential_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -410,6 +410,12 @@ func Test_creds(t *testing.T) {
"def": "789",
},
id: "cred-id",
credSchema: map[string]interface{}{
"properties": "test",
},
credProvSchema: map[string]interface{}{
"properties": "test",
},
}

assert.Equal(t, c.managedApp, c.GetApplicationName())
Expand All @@ -418,11 +424,20 @@ func Test_creds(t *testing.T) {
assert.Equal(t, c.credData, c.GetCredentialData())
assert.Equal(t, c.credDetails["abc"], c.GetCredentialDetailsValue("abc"))
assert.Equal(t, c.appDetails["def"], c.GetApplicationDetailsValue("def"))
assert.Equal(t, c.credSchema, c.GetCredentialSchema())
assert.Equal(t, c.credProvSchema, c.GetCredentialProvisionSchema())
assert.Empty(t, c.GetCredentialSchemaDetailsValue("prop"))

c.credSchemaDetails = map[string]interface{}{
"detail": "test",
}
assert.Equal(t, c.credSchemaDetails["prop"], c.GetCredentialSchemaDetailsValue("prop"))

c.credDetails = nil
c.appDetails = nil
assert.Empty(t, c.GetApplicationDetailsValue("app_details_key"))
assert.Empty(t, c.GetCredentialDetailsValue("access_details_key"))
assert.Empty(t, c.GetCredentialSchemaDetailsValue("invalid_key"))
}

func TestIDPCredentialProvisioning(t *testing.T) {
Expand Down
6 changes: 6 additions & 0 deletions pkg/apic/provisioning/credentialrequest.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,12 @@ type CredentialRequest interface {
GetCredentialType() string
// GetCredentialData returns the map[string]interface{} of data from the request
GetCredentialData() map[string]interface{}
// GetCredentialSchema returns the schema for the credential request.
GetCredentialSchema() map[string]interface{}
// GetCredentialProvisionSchema returns the provisioning schema for the credential request.
GetCredentialProvisionSchema() map[string]interface{}
// GetCredentialSchemaDetails returns a value found on the 'x-agent-details' sub resource of the crd.
GetCredentialSchemaDetailsValue(key string) interface{}
// IsIDPCredential returns boolean indicating if the credential request is for IDP provider
IsIDPCredential() bool
// GetIDPProvider returns the interface for IDP provider if the credential request is for IDP provider
Expand Down
93 changes: 78 additions & 15 deletions pkg/apic/provisioning/mock/provisioning.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ package mock
import (
v1 "github.com/Axway/agent-sdk/pkg/apic/apiserver/models/api/v1"
"github.com/Axway/agent-sdk/pkg/apic/provisioning"
"github.com/Axway/agent-sdk/pkg/authz/oauth"
)

type MockApplicationRequest struct {
Expand Down Expand Up @@ -31,14 +30,18 @@ func (m MockApplicationRequest) GetTeamName() string {

type MockCredentialRequest struct {
provisioning.CredentialRequest
ID string
AppDetails map[string]string
AppName string
Name string
CredDefName string
Details map[string]string
CredData map[string]interface{}
Action provisioning.CredentialAction
ID string
AppDetails map[string]string
AppName string
Name string
CredDefName string
Details map[string]string
CredData map[string]interface{}
Action provisioning.CredentialAction
IDPCredData provisioning.IDPCredentialData
CRDSchema map[string]interface{}
CRDProvSchema map[string]interface{}
CRDDetails map[string]interface{}
}

func (m MockCredentialRequest) GetApplicationName() string {
Expand Down Expand Up @@ -73,16 +76,27 @@ func (m MockCredentialRequest) GetCredentialAction() provisioning.CredentialActi
return m.Action
}

func (m MockCredentialRequest) IsIDPCredential() bool {
return false
func (m MockCredentialRequest) GetCredentialSchema() map[string]interface{} {
return m.CRDSchema
}

func (m MockCredentialRequest) GetCredentialProvisionSchema() map[string]interface{} {
return m.CRDProvSchema
}

func (m MockCredentialRequest) GetCredentialSchemaDetailsValue(key string) interface{} {
if m.CRDDetails == nil {
return nil
}
return m.CRDDetails[key]
}

func GetIDPProvider() oauth.Provider {
return nil
func (m MockCredentialRequest) IsIDPCredential() bool {
return m.IDPCredData != nil
}

func GetIDPCredentialData() provisioning.IDPCredentialData {
return nil
func (m MockCredentialRequest) GetIDPCredentialData() provisioning.IDPCredentialData {
return m.IDPCredData
}

type MockAccessRequest struct {
Expand Down Expand Up @@ -173,3 +187,52 @@ func (m MockRequestStatus) GetProperties() map[string]string {
func (m MockRequestStatus) GetReasons() []v1.ResourceStatusReason {
return m.Reasons
}

type MockIDPCredentialData struct {
provisioning.IDPCredentialData
ClientID string
ClientSecret string
Scopes []string
GrantTypes []string
TokenEndpointAuthMethod string
ResponseTypes []string
RedirectUris []string
JwksURI string
PublicKey string
}

func (m MockIDPCredentialData) GetClientID() string {
return m.ClientID
}

func (m MockIDPCredentialData) GetClientSecret() string {
return m.ClientSecret
}

func (m MockIDPCredentialData) GetScopes() []string {
return m.Scopes
}

func (m MockIDPCredentialData) GetGrantTypes() []string {
return m.GrantTypes
}

func (m MockIDPCredentialData) GetTokenEndpointAuthMethod() string {
return m.TokenEndpointAuthMethod
}

func (m MockIDPCredentialData) GetResponseTypes() []string {
return m.ResponseTypes
}

func (m MockIDPCredentialData) GetRedirectURIs() []string {
return m.RedirectUris
}

func (m MockIDPCredentialData) GetJwksURI() string {
return m.JwksURI
}

func (m MockIDPCredentialData) GetPublicKey() string {
return m.PublicKey
}

0 comments on commit 66041fa

Please sign in to comment.