Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Changes the way authentication policies can be referenced #908

Merged
merged 4 commits into from
Jun 29, 2024
Merged

Changes the way authentication policies can be referenced #908

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
9ba2374
- Changed the way authentication policies can be referenced
cdavernas Jun 27, 2024
2f028fa
Fixes the samples
cdavernas Jun 27, 2024
39da284
Fixes dsl-reference.md definitions
cdavernas Jun 27, 2024
d285bec
Fix definitions in the dsl-reference.md
cdavernas Jun 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 24 additions & 8 deletions dsl-reference.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -192,7 +192,8 @@ do:
method: post
endpoint:
uri: https://fake.smtp.service.com/email/send
authentication: petStoreOAuth2
authentication:
use: petStoreOAuth2
body:
from: [email protected]
to: ${ .order.client.email }
Expand Down Expand Up @@ -438,14 +439,24 @@ document:
namespace: test
name: do-example
version: '0.1.0'
use:
authentications:
fake-booking-agency-oauth2:
oauth2:
authority: https://fake-booking-agency.com
grant: client_credentials
client:
id: serverless-workflow-runtime
secret: secret0123456789
do:
- bookHotel:
call: http
with:
method: post
endpoint:
uri: https://fake-booking-agency.com/hotels/book
authentication: fake-booking-agency-oauth2
authentication:
use: fake-booking-agency-oauth2
body:
name: Four Seasons
city: Antwerp
Expand All @@ -456,7 +467,8 @@ do:
method: post
endpoint:
uri: https://fake-booking-agency.com/flights/book
authentication: fake-booking-agency-oauth2
authentication:
use: fake-booking-agency-oauth2
body:
departure:
date: '01/01/26'
Expand Down Expand Up @@ -1083,6 +1095,7 @@ Defines the mechanism used to authenticate users and workflows attempting to acc

| Property | Type | Required | Description |
|----------|:----:|:--------:|-------------|
| use | `string` | `no` | The name of the top-level authentication definition to use. Cannot be used by authentication definitions defined at top level. |
| basic | [`basicAuthentication`](#basic-authentication) | `no` | The `basic` authentication scheme to use, if any.<br>Required if no other property has been set, otherwise ignored. |
| bearer | [`bearerAuthentication`](#bearer-authentication) | `no` | The `bearer` authentication scheme to use, if any.<br>Required if no other property has been set, otherwise ignored. |
| certificate | [`certificateAuthentication`](#certificate-authentication) | `no` | The `certificate` authentication scheme to use, if any.<br>Required if no other property has been set, otherwise ignored. |
Expand All @@ -1102,15 +1115,17 @@ use:
- usernamePasswordSecret
authentication:
sampleBasicFromSecret:
basic: usernamePasswordSecret
basic:
use: usernamePasswordSecret
do:
- sampleTask:
call: http
with:
method: get
endpoint:
uri: https://secured.fake.com/sample
authentication: sampleBasicFromSecret
authentication:
use: sampleBasicFromSecret
```

#### Basic Authentication
Expand All @@ -1133,19 +1148,20 @@ document:
name: basic-authentication-example
version: '0.1.0'
use:
authentication:
authentications:
sampleBasic:
basic:
username: admin
password: 123
password: password123
do:
- sampleTask:
call: http
with:
method: get
endpoint:
uri: https://secured.fake.com/sample
authentication: sampleBasic
authentication:
use: sampleBasic
```

#### Bearer Authentication
Expand Down
1 change: 1 addition & 0 deletions dsl.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -204,6 +204,7 @@ When the evaluation of an expression fails, runtimes **must** raise an error wit
|:-----|:----:|:------------|
| context | `map` | The task's context data. |
| input | `any` | The task's filtered input. |
| secrets | `map` | A key/value map of the workflow secrets.<br>To avoid unintentional bleeding, secrets can only be used in the `input.from` runtime expression. |
| task | [`taskDescriptor`](#task-descriptor) | Describes the current task. |
| workflow | [`workflowDescritor`](#workflow-descriptor) | Describes the current workflow. |

Expand Down
3 changes: 2 additions & 1 deletion examples/use-authentication.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,4 +15,5 @@ do:
method: get
endpoint:
uri: https://petstore.swagger.io/v2/pet/{petId}
authentication: petStoreAuth
authentication:
use: petStoreAuth
149 changes: 82 additions & 67 deletions schema/workflow.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -181,10 +181,8 @@ $defs:
type: object
description: The payload to call the AsyncAPI operation with, if any.
authentication:
$ref: '#/$defs/referenceableAuthenticationPolicy'
description: The authentication policy, if any, to use when calling the AsyncAPI operation.
oneOf:
- $ref: '#/$defs/authenticationPolicy'
- type: string
required: [ document, operationRef ]
additionalProperties: false
description: Defines the AsyncAPI call to perform.
Expand Down Expand Up @@ -220,10 +218,8 @@ $defs:
max: 65535
description: The port number of the GRPC service to call.
authentication:
$ref: '#/$defs/referenceableAuthenticationPolicy'
description: The endpoint's authentication policy, if any.
oneOf:
- $ref: '#/$defs/authenticationPolicy'
- type: string
required: [ name, host ]
method:
type: string
Expand Down Expand Up @@ -293,10 +289,8 @@ $defs:
additionalProperties: true
description: A name/value mapping of the parameters of the OpenAPI operation to call.
authentication:
$ref: '#/$defs/referenceableAuthenticationPolicy'
description: The authentication policy, if any, to use when calling the OpenAPI operation.
oneOf:
- $ref: '#/$defs/authenticationPolicy'
- type: string
output:
type: string
enum: [ raw, content, response ]
Expand Down Expand Up @@ -631,79 +625,104 @@ $defs:
enum: [ continue, exit, end ]
default: continue
- type: string
referenceableAuthenticationPolicy:
type: object
oneOf:
- title: AuthenticationPolicyReference
properties:
use:
type: string
minLength: 1
description: The name of the authentication policy to use
required: [use]
- $ref: '#/$defs/authenticationPolicy'
secretBasedAuthenticationPolicy:
type: object
properties:
use:
type: string
minLength: 1
description: The name of the authentication policy to use
required: [use]
authenticationPolicy:
type: object
oneOf:
- title: BasicAuthenticationPolicy
properties:
basic:
type: object
properties:
username:
type: string
description: The username to use.
password:
type: string
description: The password to use.
required: [ username, password ]
oneOf:
- properties:
username:
type: string
description: The username to use.
password:
type: string
description: The password to use.
required: [ username, password ]
- $ref: '#/$defs/secretBasedAuthenticationPolicy'
required: [ basic ]
description: Use basic authentication.
- title: BearerAuthenticationPolicy
properties:
bearer:
type: object
properties:
token:
type: string
description: The bearer token to use.
required: [ token ]
oneOf:
- properties:
token:
type: string
description: The bearer token to use.
required: [ token ]
- $ref: '#/$defs/secretBasedAuthenticationPolicy'
required: [ bearer ]
description: Use bearer authentication.
- title: OAuth2AuthenticationPolicy
properties:
oauth2:
type: object
properties:
authority:
type: string
format: uri
description: The URI that references the OAuth2 authority to use.
grant:
type: string
description: The grant type to use.
client:
type: object
properties:
id:
oneOf:
- properties:
authority:
type: string
description: The client id to use.
secret:
format: uri
description: The URI that references the OAuth2 authority to use.
grant:
type: string
description: The client secret to use, if any.
required: [ id ]
scopes:
type: array
items:
type: string
description: The scopes, if any, to request the token for.
audiences:
type: array
items:
type: string
description: The audiences, if any, to request the token for.
username:
type: string
description: The username to use. Used only if the grant type is Password.
password:
type: string
description: The password to use. Used only if the grant type is Password.
subject:
$ref: '#/$defs/oauth2Token'
description: The security token that represents the identity of the party on behalf of whom the request is being made.
actor:
$ref: '#/$defs/oauth2Token'
description: The security token that represents the identity of the acting party.
required: [ authority, grant, client ]
description: The grant type to use.
client:
type: object
properties:
id:
type: string
description: The client id to use.
secret:
type: string
description: The client secret to use, if any.
required: [ id ]
scopes:
type: array
items:
type: string
description: The scopes, if any, to request the token for.
audiences:
type: array
items:
type: string
description: The audiences, if any, to request the token for.
username:
type: string
description: The username to use. Used only if the grant type is Password.
password:
type: string
description: The password to use. Used only if the grant type is Password.
subject:
$ref: '#/$defs/oauth2Token'
description: The security token that represents the identity of the party on behalf of whom the request is being made.
actor:
$ref: '#/$defs/oauth2Token'
description: The security token that represents the identity of the acting party.
required: [ authority, grant, client ]
- $ref: '#/$defs/secretBasedAuthenticationPolicy'
required: [ oauth2 ]
description: Use OAUTH2 authentication.
description: Defines an authentication policy.
Expand Down Expand Up @@ -766,10 +785,8 @@ $defs:
format: uri-template
description: The endpoint's URI.
authentication:
$ref: '#/$defs/referenceableAuthenticationPolicy'
description: The authentication policy to use.
oneOf:
- $ref: '#/$defs/authenticationPolicy'
- type: string
required: [ uri ]
eventConsumptionStrategy:
type: object
Expand Down Expand Up @@ -869,10 +886,8 @@ $defs:
format: uri
description: The endpoint's URI.
authentication:
$ref: '#/$defs/referenceableAuthenticationPolicy'
description: The authentication policy to use.
oneOf:
- $ref: '#/$defs/authenticationPolicy'
- type: string
name:
type: string
description: The external resource's name, if any.
Expand Down
Loading