implement originating origin identity

* added a interface to the context
* Exposing the concrete classes for casting if wanted

pkg/broker/logic.go

@@ -167,6 +167,7 @@ type BusinessLogic interface {
 // - the original http request, in case access is required (to get special
 //   request headers, for example)
 type RequestContext struct {
-	Writer  http.ResponseWriter
-	Request *http.Request
+	Writer   http.ResponseWriter
+	Request  *http.Request
+	Identity Identity
 }

pkg/broker/user_info.go

@@ -0,0 +1,82 @@
+package broker
+
+import (
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"strings"
+)
+
+// Identity that is sent from the OSB spec in the Originating Identity Header
+// https://github.com/openservicebrokerapi/servicebroker/blob/master/profile.md#originating-identity-header
+type Identity interface {
+	// Platform - Retrieve the platform for the identity.
+	Platform() string
+	// Value - Retrieve the value for the identity.
+	Value() interface{}
+}
+
+// NewIdentity - will return a new identity
+func NewIdentity(platform, value string) (Identity, error) {
+	val, err := base64.StdEncoding.DecodeString(value)
+	if err != nil {
+		return nil, fmt.Errorf("unable decode identity value")
+	}
+	switch strings.ToLower(platform) {
+	case "kubernetes":
+		u := UserInfo{}
+		err = json.Unmarshal(val, &u)
+		if err != nil {
+			return nil, fmt.Errorf("unable to unmarshal json for value")
+		}
+		return K8SIdentity{userInfo: u, platform: platform}, nil
+	case "cloudfoundry":
+		m := map[string]interface{}{}
+		err = json.Unmarshal(val, &m)
+		if err != nil {
+			return nil, fmt.Errorf("unable to unmarshal json for value")
+		}
+		return CloudFoundry{platform: platform, value: m}, nil
+	}
+	return nil, fmt.Errorf("unable to determine type of identity")
+}
+
+// K8SIdentity - Identity implementation based on the kubernetes user info object
+type K8SIdentity struct {
+	platform string
+	userInfo UserInfo
+}
+
+// UserInfo - kubernetest user info object
+type UserInfo struct {
+	Username string
+	UID      string
+	Groups   []string
+	Extra    map[string][]string
+}
+
+// Platform - Retrieve the platform for the identity.
+func (k K8SIdentity) Platform() string {
+	return k.platform
+}
+
+// Value - Retrieve the value for the identity.
+func (k K8SIdentity) Value() interface{} {
+	return k.userInfo
+}
+
+// CloudFoundry - Identity implementation based on cloud foundry
+type CloudFoundry struct {
+	platform string
+	value    map[string]interface{}
+}
+
+// Platform - Retrieve the platform for the identity.
+func (c CloudFoundry) Platform() string {
+	return c.platform
+}
+
+// Value - Retrieve the value for the identity.
+func (c CloudFoundry) Value() interface{} {
+	return c.Value
+}

pkg/rest/apisurface.go

@@ -1,6 +1,7 @@
 package rest
 
 import (
+	"fmt"
 	"net/http"
 	"strings"
 
@@ -79,9 +80,16 @@ func (s *APISurface) ProvisionHandler(w http.ResponseWriter, r *http.Request) {
 
 	glog.Infof("Received ProvisionRequest for instanceID %q", request.InstanceID)
 
+	identity, err := retrieveOriginatingIdentity(r)
+	if err != nil {
+		writeError(w, err, http.StatusBadRequest)
+		return
+	}
+
 	c := &broker.RequestContext{
-		Writer:  w,
-		Request: r,
+		Writer:   w,
+		Request:  r,
+		Identity: identity,
 	}
 
 	response, err := s.BusinessLogic.Provision(request, c)
@@ -138,10 +146,16 @@ func (s *APISurface) DeprovisionHandler(w http.ResponseWriter, r *http.Request)
 	}
 
 	glog.Infof("Received DeprovisionRequest for instanceID %q", request.InstanceID)
+	identity, err := retrieveOriginatingIdentity(r)
+	if err != nil {
+		writeError(w, err, http.StatusBadRequest)
+		return
+	}
 
 	c := &broker.RequestContext{
-		Writer:  w,
-		Request: r,
+		Writer:   w,
+		Request:  r,
+		Identity: identity,
 	}
 
 	response, err := s.BusinessLogic.Deprovision(request, c)
@@ -252,10 +266,16 @@ func (s *APISurface) BindHandler(w http.ResponseWriter, r *http.Request) {
 	}
 
 	glog.Infof("Received BindRequest for instanceID %q, bindingID %q", request.InstanceID, request.BindingID)
+	identity, err := retrieveOriginatingIdentity(r)
+	if err != nil {
+		writeError(w, err, http.StatusBadRequest)
+		return
+	}
 
 	c := &broker.RequestContext{
-		Writer:  w,
-		Request: r,
+		Writer:   w,
+		Request:  r,
+		Identity: identity,
 	}
 
 	response, err := s.BusinessLogic.Bind(request, c)
@@ -299,10 +319,16 @@ func (s *APISurface) UnbindHandler(w http.ResponseWriter, r *http.Request) {
 	}
 
 	glog.Infof("Received UnbindRequest for instanceID %q, bindingID %q", request.InstanceID, request.BindingID)
+	identity, err := retrieveOriginatingIdentity(r)
+	if err != nil {
+		writeError(w, err, http.StatusBadRequest)
+		return
+	}
 
 	c := &broker.RequestContext{
-		Writer:  w,
-		Request: r,
+		Writer:   w,
+		Request:  r,
+		Identity: identity,
 	}
 
 	response, err := s.BusinessLogic.Unbind(request, c)
@@ -344,9 +370,15 @@ func (s *APISurface) UpdateHandler(w http.ResponseWriter, r *http.Request) {
 
 	glog.Infof("Received Update Request for instanceID %q", request.InstanceID)
 
+	identity, err := retrieveOriginatingIdentity(r)
+	if err != nil {
+		writeError(w, err, http.StatusBadRequest)
+		return
+	}
 	c := &broker.RequestContext{
-		Writer:  w,
-		Request: r,
+		Writer:   w,
+		Request:  r,
+		Identity: identity,
 	}
 
 	response, err := s.BusinessLogic.Update(request, c)
@@ -376,3 +408,16 @@ func unpackUpdateRequest(r *http.Request) (*osb.UpdateInstanceRequest, error) {
 
 	return osbRequest, nil
 }
+
+func retrieveOriginatingIdentity(r *http.Request) (broker.Identity, error) {
+	identityHeader := r.Header.Get("OriginatingIdentityHeader")
+	if identityHeader != "" {
+		identitySlice := strings.Split(identityHeader, " ")
+		if len(identitySlice) != 2 {
+			glog.Infof("invalid header for originating origin header - %v", identityHeader)
+			return nil, fmt.Errorf("invalid originating identity header")
+		}
+		return broker.NewIdentity(identitySlice[0], identitySlice[1])
+	}
+	return nil, fmt.Errorf("unable to find originating identity")
+}