Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

APIGOV-23681 - Changes to pass CRD data to provisioning handler #545

Merged
merged 3 commits into from
Sep 26, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
68 changes: 52 additions & 16 deletions pkg/agent/handler/credential.go
Original file line number Diff line number Diff line change
Expand Up @@ -174,8 +174,14 @@ func (h *credentials) shouldProcessUpdating(cr *management.Credential) []prov.Cr
func (h *credentials) onDeleting(ctx context.Context, cred *management.Credential) {
logger := getLoggerFromContext(ctx)
provData := h.deprovisionPreProcess(ctx, cred)
crd, err := h.getCRD(ctx, cred)
if err != nil {
logger.WithError(err).Error("error getting credential request definition")
h.onError(ctx, cred, err)
return
}

provCreds, err := h.newProvCreds(cred, map[string]interface{}{}, provData, 0, nil)
provCreds, err := h.newProvCreds(cred, map[string]interface{}{}, provData, 0, crd)
if err != nil {
logger.WithError(err).Error("error preparing credential request")
h.onError(ctx, cred, err)
Expand Down Expand Up @@ -499,17 +505,20 @@ func hasAgentCredentialFinalizer(finalizers []v1.Finalizer) bool {
}

type provCreds struct {
managedApp string
credType string
id string
name string
days int
credAction prov.CredentialAction
credData map[string]interface{}
credDetails map[string]interface{}
appDetails map[string]interface{}
idpProvider oauth.Provider
idpCredData *idpCredData
managedApp string
credType string
id string
name string
days int
credAction prov.CredentialAction
credData map[string]interface{}
credDetails map[string]interface{}
appDetails map[string]interface{}
idpProvider oauth.Provider
idpCredData *idpCredData
credSchema map[string]interface{}
credProvSchema map[string]interface{}
credSchemaDetails map[string]interface{}
}

type idpCredData struct {
Expand Down Expand Up @@ -539,10 +548,18 @@ func (h *credentials) newProvCreds(cr *management.Credential, appDetails map[str
days: 0,
}

if crd != nil &&
crd.Spec.Provision != nil &&
crd.Spec.Provision.Policies.Expiry != nil {
provCred.days = int(crd.Spec.Provision.Policies.Expiry.Period)
if crd != nil {
if crd.Spec.Provision != nil &&
crd.Spec.Provision.Policies.Expiry != nil {
provCred.days = int(crd.Spec.Provision.Policies.Expiry.Period)
}

credSchemaDetails := util.GetAgentDetails(crd)
provCred.credSchema = crd.Spec.Schema
if crd.Spec.Provision != nil {
provCred.credProvSchema = crd.Spec.Provision.Schema
}
provCred.credSchemaDetails = credSchemaDetails
}

// Setup external credential request data to be used for provisioning
Expand Down Expand Up @@ -610,6 +627,25 @@ func (c provCreds) GetCredentialExpirationDays() int {
return c.days
}

// GetCredentialSchema returns the schema for the credential request.
func (c provCreds) GetCredentialSchema() map[string]interface{} {
return c.credSchema
}

// GetCredentialProvisionSchema returns the provisioning schema for the credential request.
func (c provCreds) GetCredentialProvisionSchema() map[string]interface{} {
return c.credProvSchema
}

// GetCredentialSchemaDetailsValue returns a value found on the 'x-agent-details' sub resource of the crd.
func (c provCreds) GetCredentialSchemaDetailsValue(key string) interface{} {
if c.credSchemaDetails == nil {
return nil
}

return c.credSchemaDetails[key]
}

// IsIDPCredential returns boolean indicating if the credential request is for IDP provider
func (c provCreds) IsIDPCredential() bool {
return c.idpProvider != nil
Expand Down
15 changes: 15 additions & 0 deletions pkg/agent/handler/credential_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -410,6 +410,12 @@ func Test_creds(t *testing.T) {
"def": "789",
},
id: "cred-id",
credSchema: map[string]interface{}{
"properties": "test",
},
credProvSchema: map[string]interface{}{
"properties": "test",
},
}

assert.Equal(t, c.managedApp, c.GetApplicationName())
Expand All @@ -418,11 +424,20 @@ func Test_creds(t *testing.T) {
assert.Equal(t, c.credData, c.GetCredentialData())
assert.Equal(t, c.credDetails["abc"], c.GetCredentialDetailsValue("abc"))
assert.Equal(t, c.appDetails["def"], c.GetApplicationDetailsValue("def"))
assert.Equal(t, c.credSchema, c.GetCredentialSchema())
assert.Equal(t, c.credProvSchema, c.GetCredentialProvisionSchema())
assert.Empty(t, c.GetCredentialSchemaDetailsValue("prop"))

c.credSchemaDetails = map[string]interface{}{
"detail": "test",
}
assert.Equal(t, c.credSchemaDetails["prop"], c.GetCredentialSchemaDetailsValue("prop"))

c.credDetails = nil
c.appDetails = nil
assert.Empty(t, c.GetApplicationDetailsValue("app_details_key"))
assert.Empty(t, c.GetCredentialDetailsValue("access_details_key"))
assert.Empty(t, c.GetCredentialSchemaDetailsValue("invalid_key"))
}

func TestIDPCredentialProvisioning(t *testing.T) {
Expand Down
6 changes: 6 additions & 0 deletions pkg/apic/provisioning/credentialrequest.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,12 @@ type CredentialRequest interface {
GetCredentialType() string
// GetCredentialData returns the map[string]interface{} of data from the request
GetCredentialData() map[string]interface{}
// GetCredentialSchema returns the schema for the credential request.
GetCredentialSchema() map[string]interface{}
// GetCredentialProvisionSchema returns the provisioning schema for the credential request.
GetCredentialProvisionSchema() map[string]interface{}
// GetCredentialSchemaDetails returns a value found on the 'x-agent-details' sub resource of the crd.
GetCredentialSchemaDetailsValue(key string) interface{}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you update the provisioning.md file with these?

// IsIDPCredential returns boolean indicating if the credential request is for IDP provider
IsIDPCredential() bool
// GetIDPProvider returns the interface for IDP provider if the credential request is for IDP provider
Expand Down
93 changes: 78 additions & 15 deletions pkg/apic/provisioning/mock/provisioning.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ package mock
import (
v1 "github.com/Axway/agent-sdk/pkg/apic/apiserver/models/api/v1"
"github.com/Axway/agent-sdk/pkg/apic/provisioning"
"github.com/Axway/agent-sdk/pkg/authz/oauth"
)

type MockApplicationRequest struct {
Expand Down Expand Up @@ -31,14 +30,18 @@ func (m MockApplicationRequest) GetTeamName() string {

type MockCredentialRequest struct {
provisioning.CredentialRequest
ID string
AppDetails map[string]string
AppName string
Name string
CredDefName string
Details map[string]string
CredData map[string]interface{}
Action provisioning.CredentialAction
ID string
AppDetails map[string]string
AppName string
Name string
CredDefName string
Details map[string]string
CredData map[string]interface{}
Action provisioning.CredentialAction
IDPCredData provisioning.IDPCredentialData
CRDSchema map[string]interface{}
CRDProvSchema map[string]interface{}
CRDDetails map[string]interface{}
}

func (m MockCredentialRequest) GetApplicationName() string {
Expand Down Expand Up @@ -73,16 +76,27 @@ func (m MockCredentialRequest) GetCredentialAction() provisioning.CredentialActi
return m.Action
}

func (m MockCredentialRequest) IsIDPCredential() bool {
return false
func (m MockCredentialRequest) GetCredentialSchema() map[string]interface{} {
return m.CRDSchema
}

func (m MockCredentialRequest) GetCredentialProvisionSchema() map[string]interface{} {
return m.CRDProvSchema
}

func (m MockCredentialRequest) GetCredentialSchemaDetailsValue(key string) interface{} {
if m.CRDDetails == nil {
return nil
}
return m.CRDDetails[key]
}

func GetIDPProvider() oauth.Provider {
return nil
func (m MockCredentialRequest) IsIDPCredential() bool {
return m.IDPCredData != nil
}

func GetIDPCredentialData() provisioning.IDPCredentialData {
return nil
func (m MockCredentialRequest) GetIDPCredentialData() provisioning.IDPCredentialData {
return m.IDPCredData
}

type MockAccessRequest struct {
Expand Down Expand Up @@ -173,3 +187,52 @@ func (m MockRequestStatus) GetProperties() map[string]string {
func (m MockRequestStatus) GetReasons() []v1.ResourceStatusReason {
return m.Reasons
}

type MockIDPCredentialData struct {
provisioning.IDPCredentialData
ClientID string
ClientSecret string
Scopes []string
GrantTypes []string
TokenEndpointAuthMethod string
ResponseTypes []string
RedirectUris []string
JwksURI string
PublicKey string
}

func (m MockIDPCredentialData) GetClientID() string {
return m.ClientID
}

func (m MockIDPCredentialData) GetClientSecret() string {
return m.ClientSecret
}

func (m MockIDPCredentialData) GetScopes() []string {
return m.Scopes
}

func (m MockIDPCredentialData) GetGrantTypes() []string {
return m.GrantTypes
}

func (m MockIDPCredentialData) GetTokenEndpointAuthMethod() string {
return m.TokenEndpointAuthMethod
}

func (m MockIDPCredentialData) GetResponseTypes() []string {
return m.ResponseTypes
}

func (m MockIDPCredentialData) GetRedirectURIs() []string {
return m.RedirectUris
}

func (m MockIDPCredentialData) GetJwksURI() string {
return m.JwksURI
}

func (m MockIDPCredentialData) GetPublicKey() string {
return m.PublicKey
}