Permalink
Browse files

1078 1079 expose new endpoints (#1084)

* failed attempt at go live reloading

* add endpoints for subject extraction points, update openapi, add endpoint for listing apps

* fix

* readd support for query params

* bump versions

* refactor integration tests, fix policies in gateway

* remove

* CR changes
  • Loading branch information...
Yshayy committed Jan 29, 2019
1 parent 1c93b41 commit 798f8f5e4de2685d8f313ebe8b9476dfd1a8036e
Showing with 458 additions and 362 deletions.
  1. +0 −3 CI/codefresh.yml
  2. +0 −3 CI/docker-compose.override.yml
  3. +0 −25 deployments/dev/gateway/config/gateway.k8s.json
  4. +91 −6 docs/openapi/openapi.yaml
  5. +0 −54 e2e/integration/spec/authoring-api/add-app.spec.js
  6. +11 −11 e2e/integration/spec/authoring-api/bulk-keys-upload.spec.js
  7. +11 −5 e2e/integration/spec/authoring-api/extractionRules.spec.js
  8. +4 −4 e2e/integration/spec/authoring-api/policy.spec.js
  9. +0 −100 e2e/integration/spec/authoring-api/security-app-permissions.spec.js
  10. +7 −7 e2e/integration/spec/authoring-api/write-validation.spec.js
  11. +10 −11 e2e/integration/spec/gateway/v2.spec.js
  12. +24 −3 e2e/integration/spec/gateway/v2_app_policies.spec.js
  13. +2 −2 e2e/integration/spec/tweek-api/key-aliases.test.js
  14. +2 −2 e2e/integration/spec/tweek-api/value-distribution.test.js
  15. +2 −5 e2e/integration/utils/clients.js
  16. +67 −57 e2e/integration/yarn.lock
  17. +1 −1 services/authoring/package.json
  18. +14 −2 services/authoring/src/repositories/apps-repository.ts
  19. +7 −0 services/authoring/src/repositories/extraction-rules-repository.ts
  20. +1 −1 services/authoring/src/repositories/git-repository.ts
  21. +13 −1 services/authoring/src/routes/apps.ts
  22. +10 −3 services/authoring/src/routes/subject-extraction-rules.ts
  23. +1 −0 services/gateway/.dockerignore
  24. +3 −0 services/gateway/authorization.rego
  25. +22 −0 services/gateway/debug.Dockerfile
  26. +35 −33 services/gateway/security/requestUtils.go
  27. +40 −0 services/gateway/security/requestUtils_test.go
  28. +39 −3 services/gateway/settings/settings.json
  29. +10 −1 services/gateway/testdata/policy.json
  30. +20 −0 services/gateway/testdata/test_authorization.rego
  31. +1 −1 services/gateway/version.go
  32. +0 −2 services/git-service/BareRepository/init.sh
  33. +3 −13 services/git-service/BareRepository/source/security/policy.json
  34. +3 −3 services/git-service/BareRepository/tests-source/security/policy.json
  35. +4 −0 skaffold.yaml
@@ -101,9 +101,6 @@ steps:
- gateway
- publishing
environment:
- API_URL=http://api
- AUTHORING_URL=http://authoring
- PUBLISHING_URL=http://publishing
- GATEWAY_URL=http://gateway
- GIT_PRIVATE_KEY_INLINE=LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBeE1JdjB3QW9NTkhzc1J6OUhvanM2eUNla2w5RHI5RUt1WjUwZ3QveHk4Wk9DelFKCmVuWG9ub1N4clUrRTZrS01QWnFXOElQVWg3R2gvSkhtMUZXczFlVHdhM1oxK1VFRmtpM1E5ZURGSVBUTzM1bmEKcVYwcFVyWTJ3S0xUV24zczd2ZGhjQVNPWHZ1anN5cXZvbENQa0VxckFVdUlRV2c1d0cwSkR1cHhuLzB0UklvcQpPT0gxNmlmeFpZcjdEQzQvQkp2Z0g2anRrdTVuNVhNTDhBaXVnd3B3bFNTU0c4dnVldXZabW53VWRKZ3FPM0RVCkhMdVNwRnBRdTJKNkZ5djhkVWFZVDFWdHFYOWh4TGlIbUdFUktoTCs1a1BHNGQxM0JvZDVUWFZkbzZ4eGZDUGEKaGhVbnpsZE1lc0EwYi9WYVE4QWlRaGtvQ2NRaWJPYXJVNzAzUlFJREFRQUJBb0lCQVFDWmpOWVh1N0toenVJQgpvcGJpNG9iS1JDMmNHMTVPY2p3RmVlU0JVbFYzNnExelRzdnExdU9QK2d4VExaQ1Q1UlZlNmlyTFRvWm8wemFRClRpaXZJcUY4VjJ0TTRpalZPV29vbHpyUTkvVy9iMjJXMEpIMXhHK0FUaFZTcG45OHluTkNWcXFpNmR0Vnd0b1EKODhvWFNQbVE2TVNsZ1JXM3ZhZjhSTnRoMlpLTkFIOTdZOHBqVk1YL3FMTDFuWjk1YnFvclJJTFJ6ektHSmpxRwplN0VpeFQ0a0JaemxHWUF5a1dVeFFZZzBkdTlnQjc1U1o2MHNwZzVUQlh5a3RXdzVIWG1ZWlMvSHdCOVRKbG1XClRqeVZ0T2VWbGpPRmI4VmdIcE13d3UyTW9yN1ZQQVB3Z0RYdXFGTVd2RnpxVWJIY1VLclcwZ0JITGpYU1BtUzYKMEwxSTNjV0JBb0dCQVBPeHlxSmZ4cnpVQ1BuM3AzbVk2cjZnbHlYYi8rZWFYYTQ2N3NOWThNWnBWZGw1bVFKVgpuOEdRN3FYaklaa2pCU2E5YzZZQThxOFRLVHlJbEcvTDE1OFVSaFRqZldNSC9nandaem1oSmVkL0N6Lzg1Y2V4CmxRbDdsTi9SMjRUYjN3VTE2M21FeW5oR1JXNUt3cWNVNW9FQm1uOS9ZazhoaWJraTZoSTY0QWhsQW9HQkFNNngKcVBabi9uaHY4dSttT2U3Y3pTVjVMc3dmTTNTU3NuZlhnUVJXN3J6a2hrZnJRWjJlWHpFQ21oVk8vdUpWb01iVApoQS9tUXRYRzVuMk9QMndmSk1LVUNiVVZ2ZTJYNUQxU1VGYk03dWVHU3JlWExXdXJzaHdnN1p6VlpxVDYzUEJSCmpUa1FFNHJ1a1ZFSzNNMFVQOUlNVndzYURqMjgrY01RZk5ORmh0VmhBb0dBQ1Q5cStDUjRUendncHhPOTJFQjAKVUEyYURzYTlmRldBVHBkUDdqdld6MEM2RUVtc0E4bXFDVmR0cHYvcWkzd251dU9mbXVJWVU0cC9teHQzdnBKVwp1V08wa1NCYzVzQXI1THp5dmQ0ZXFSMUtHUUNJMjc0aWNMeXUxcHVKSUE2VDlRZXB5dSsrR3poWGRDc0VIZ0VPCkNrRThVckJMMDhMckRncUVKWEwwZzMwQ2dZQm0welVtR0FnZExEd2tBb0xSbEtDdDRzSm9JNkY2ZmJ3eEtGRnoKc2pla1d0OStpY2VqdlBUSU1lNHJhWmdkU3RIbjk3TzhJU1hncWNsaWJ0Q1lYa253VHFzaG5nWlZXM25kRThVSgoyWHVFVEdlQk84RUp6bW1WMnIrNmhPTkNjZFpWNjR3ZzlpRnl2VW9ua2dyVUx4MnN4aHpMVmhQOW5MUjMyUXp3CklhZDVJUUtCZ1FEWHBhU25seGcrbzMyV0FHd0dzQXhxNUNXK3JFcE84UENEbytSZWU2dmNGN25JZi95NHNSUHUKNDFpcFo2WHhZcHdnUkQ3em5aano5QWVWaEc4aUFBQUJORlUxSkZUaVhpZ1BEWi8wOFlFMHRnQ1ZiL0VPV2ZxVAptS0NBTUgrSjJZWUlwb3NLL3dyQmRXQ1RiUHYvYUI3RkVraFFLeGVJTXYxd0trd2tSaU5BQ0E9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
- MINIO_HOST=minio
@@ -92,9 +92,6 @@ services:
- gateway:api
- gateway:authoring
environment:
- API_URL=http://api
- AUTHORING_URL=http://authoring
- PUBLISHING_URL=http://publishing
- GATEWAY_URL=http://gateway
- GIT_PRIVATE_KEY_INLINE=LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBeE1JdjB3QW9NTkhzc1J6OUhvanM2eUNla2w5RHI5RUt1WjUwZ3QveHk4Wk9DelFKCmVuWG9ub1N4clUrRTZrS01QWnFXOElQVWg3R2gvSkhtMUZXczFlVHdhM1oxK1VFRmtpM1E5ZURGSVBUTzM1bmEKcVYwcFVyWTJ3S0xUV24zczd2ZGhjQVNPWHZ1anN5cXZvbENQa0VxckFVdUlRV2c1d0cwSkR1cHhuLzB0UklvcQpPT0gxNmlmeFpZcjdEQzQvQkp2Z0g2anRrdTVuNVhNTDhBaXVnd3B3bFNTU0c4dnVldXZabW53VWRKZ3FPM0RVCkhMdVNwRnBRdTJKNkZ5djhkVWFZVDFWdHFYOWh4TGlIbUdFUktoTCs1a1BHNGQxM0JvZDVUWFZkbzZ4eGZDUGEKaGhVbnpsZE1lc0EwYi9WYVE4QWlRaGtvQ2NRaWJPYXJVNzAzUlFJREFRQUJBb0lCQVFDWmpOWVh1N0toenVJQgpvcGJpNG9iS1JDMmNHMTVPY2p3RmVlU0JVbFYzNnExelRzdnExdU9QK2d4VExaQ1Q1UlZlNmlyTFRvWm8wemFRClRpaXZJcUY4VjJ0TTRpalZPV29vbHpyUTkvVy9iMjJXMEpIMXhHK0FUaFZTcG45OHluTkNWcXFpNmR0Vnd0b1EKODhvWFNQbVE2TVNsZ1JXM3ZhZjhSTnRoMlpLTkFIOTdZOHBqVk1YL3FMTDFuWjk1YnFvclJJTFJ6ektHSmpxRwplN0VpeFQ0a0JaemxHWUF5a1dVeFFZZzBkdTlnQjc1U1o2MHNwZzVUQlh5a3RXdzVIWG1ZWlMvSHdCOVRKbG1XClRqeVZ0T2VWbGpPRmI4VmdIcE13d3UyTW9yN1ZQQVB3Z0RYdXFGTVd2RnpxVWJIY1VLclcwZ0JITGpYU1BtUzYKMEwxSTNjV0JBb0dCQVBPeHlxSmZ4cnpVQ1BuM3AzbVk2cjZnbHlYYi8rZWFYYTQ2N3NOWThNWnBWZGw1bVFKVgpuOEdRN3FYaklaa2pCU2E5YzZZQThxOFRLVHlJbEcvTDE1OFVSaFRqZldNSC9nandaem1oSmVkL0N6Lzg1Y2V4CmxRbDdsTi9SMjRUYjN3VTE2M21FeW5oR1JXNUt3cWNVNW9FQm1uOS9ZazhoaWJraTZoSTY0QWhsQW9HQkFNNngKcVBabi9uaHY4dSttT2U3Y3pTVjVMc3dmTTNTU3NuZlhnUVJXN3J6a2hrZnJRWjJlWHpFQ21oVk8vdUpWb01iVApoQS9tUXRYRzVuMk9QMndmSk1LVUNiVVZ2ZTJYNUQxU1VGYk03dWVHU3JlWExXdXJzaHdnN1p6VlpxVDYzUEJSCmpUa1FFNHJ1a1ZFSzNNMFVQOUlNVndzYURqMjgrY01RZk5ORmh0VmhBb0dBQ1Q5cStDUjRUendncHhPOTJFQjAKVUEyYURzYTlmRldBVHBkUDdqdld6MEM2RUVtc0E4bXFDVmR0cHYvcWkzd251dU9mbXVJWVU0cC9teHQzdnBKVwp1V08wa1NCYzVzQXI1THp5dmQ0ZXFSMUtHUUNJMjc0aWNMeXUxcHVKSUE2VDlRZXB5dSsrR3poWGRDc0VIZ0VPCkNrRThVckJMMDhMckRncUVKWEwwZzMwQ2dZQm0welVtR0FnZExEd2tBb0xSbEtDdDRzSm9JNkY2ZmJ3eEtGRnoKc2pla1d0OStpY2VqdlBUSU1lNHJhWmdkU3RIbjk3TzhJU1hncWNsaWJ0Q1lYa253VHFzaG5nWlZXM25kRThVSgoyWHVFVEdlQk84RUp6bW1WMnIrNmhPTkNjZFpWNjR3ZzlpRnl2VW9ua2dyVUx4MnN4aHpMVmhQOW5MUjMyUXp3CklhZDVJUUtCZ1FEWHBhU25seGcrbzMyV0FHd0dzQXhxNUNXK3JFcE84UENEbytSZWU2dmNGN25JZi95NHNSUHUKNDFpcFo2WHhZcHdnUkQ3em5aano5QWVWaEc4aUFBQUJORlUxSkZUaVhpZ1BEWi8wOFlFMHRnQ1ZiL0VPV2ZxVAptS0NBTUgrSjJZWUlwb3NLL3dyQmRXQ1RiUHYvYUI3RkVraFFLeGVJTXYxd0trd2tSaU5BQ0E9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
- MINIO_HOST=minio

This file was deleted.

Oops, something went wrong.
@@ -154,7 +154,7 @@ paths:
description: OK
/keys:
get:
operationId: GetKeys
operationId: getKeys
responses:
'200':
description: Ok
@@ -179,7 +179,7 @@ paths:
schema:
type: string
put:
operationId: SaveKey
operationId: saveKey
summary: Save or replace key
responses:
'200':
@@ -204,7 +204,7 @@ paths:
$ref: '#/components/schemas/KeyUpdateModel'
required: true
delete:
operationId: DeleteKey
operationId: deleteKey
tags:
- keys
responses:
@@ -229,6 +229,26 @@ paths:
type: array
items:
type: string
/bulk-keys-upload:
put:
operationId: bulkKeysUpload
responses:
'200':
description: Ok
summary: 'Bulk key upload'
description: Upload zip file of keys
tags:
- keys
requestBody:
content:
multipart/form-data:
schema:
type: object
properties:
bulk:
type: string
format: binary
required: true
/tags:
get:
operationId: getAllTags
@@ -442,23 +462,23 @@ paths:
items:
type: object
tags:
- policy
- policies
put:
operationId: putPoliciesList
summary: Replace policies list
responses:
'200':
description: OK
tags:
- policy
- policies
patch:
operationId: patchPoliciesList
summary: Update Policies file
responses:
'200':
description: OK
tags:
- policy
- policies
requestBody:
$ref: '#/components/requestBodies/Patch'
/apps:
@@ -472,6 +492,11 @@ paths:
schema:
$ref: '#/components/schemas/AppCreationResponseModel'
summary: 'Create new app'
description: |
Create new app (credentials) for using Tweek.
Return login details for the new app.
require permission - write repo/apps
tags:
- apps
requestBody:
@@ -480,6 +505,66 @@ paths:
schema:
$ref: '#/components/schemas/AppCreationRequestModel'
required: true
get:
operationId: getApps
responses:
'200':
description: Ok
content:
application/json:
schema:
type: object
summary: 'List apps'
description: |
List all applications created in Tweek.
Return a map of appId->name.
require permission - read repo/apps
tags:
- apps
/jwt-extraction-policy:
put:
operationId: updateJWTExtractionPolicy
responses:
'200':
description: Ok
summary: 'Update JWT extraction policy'
description: |
Update JWT subject extraction policy with a new rego payload.
require permission - write repo/policies
tags:
- policies
requestBody:
content:
application/json:
schema:
type: object
properties:
data:
type: string
required: true
get:
operationId: getJWTExtractionPolicy
responses:
'200':
description: Ok
content:
application/json:
schema:
type: object
properties:
data:
type: string

summary: 'Get JWT subject extraction policy'
description: |
Get current rego file data for JWT subject extraction.
require permission - read repo/policies
tags:
- policies

servers:
- url: /api/v2/
components:

This file was deleted.

Oops, something went wrong.
@@ -9,43 +9,43 @@ describe('authoring api - /PUT /bulk-keys-upload', () => {
});

it('should not accept an input without a zip file named bulk', async () => {
const response = await clients.authoring.put(
'/api/bulk-keys-upload?author.name=test&author.email=test@soluto.com',
const response = await clients.gateway.put(
'/api/v2/bulk-keys-upload',
);
response.status.should.eql(400);
response.text.should.eql('Required file is missing: bulk');
});

it('should not accept a corrupted zip file', async () => {
const response = await clients.authoring
.put('/api/bulk-keys-upload?author.name=test&author.email=test@soluto.com')
const response = await clients.gateway
.put('/api/v2/bulk-keys-upload')
.attach('bulk', './spec/authoring-api/test-data/notZip.zip');
response.status.should.eql(400);
response.text.should.include('Zip is corrupted:');
});

it('should not accept a zip file with invalid structure', async () => {
const response = await clients.authoring
.put('/api/bulk-keys-upload?author.name=test&author.email=test@soluto.com')
const response = await clients.gateway
.put('/api/v2/bulk-keys-upload')
.attach('bulk', './spec/authoring-api/test-data/invalidStructure.zip');
response.status.should.eql(400);
});

it('should not accept a zip file with invalid rules', async () => {
const response = await clients.authoring
.put('/api/bulk-keys-upload?author.name=test&author.email=test@soluto.com')
const response = await clients.gateway
.put('/api/v2/bulk-keys-upload')
.attach('bulk', './spec/authoring-api/test-data/invalidRules.zip');
response.status.should.eql(400);
});

it('should accept a zip file and update rules', async () => {
const response = await clients.authoring
.put('/api/bulk-keys-upload?author.name=test&author.email=test@soluto.com')
const response = await clients.gateway
.put('/api/v2/bulk-keys-upload')
.attach('bulk', './spec/authoring-api/test-data/bulk1.zip');
response.status.should.eql(204);
expect(response.header).to.have.property('x-oid');
await pollUntil(
() => clients.api.get('/api/v1/keys/test_key1?user.Country=country&user.ClientVersion=1.0.0'),
() => clients.gateway.get('/api/v1/keys/test_key1?user.Country=country&user.ClientVersion=1.0.0'),
res => expect(JSON.parse(res.body)).to.eql(true),
);
});
@@ -17,16 +17,22 @@ describe('authoring api extraction rules', () => {

const originalRules = buf.toString();
const newRules = originalRules + '\n'; // only adding new line in order not to break the original rules

await pollUntil(
() => getObjectContentFromMinio('security/subject_extraction_rules.rego'),
res => expect(res).to.equal(originalRules),
res => expect(res).to.contain(originalRules),
);

await clients.authoring
.put('/api/subject-extraction-rules?author.name=test&author.email=test@soluto.com')
.send({ subject_extraction_rules: newRules })
await clients.gateway
.put('/api/v2/jwt-extraction-policy')
.send({ data: newRules })
.expect(200);

const res = await clients.gateway
.get('/api/v2/jwt-extraction-policy')
.expect(200);

expect(res.body.data).to.equal(newRules);

await pollUntil(
() => getObjectContentFromMinio('security/subject_extraction_rules.rego'),
@@ -17,7 +17,7 @@ describe.skip('authoring api policy', () => {
const buf = await readFileAsync('./spec/authoring-api/test-data/policy.json');
const originalPolicy = JSON.parse(buf.toString());

await clients.authoring.get('/api/policies').expect(200, originalPolicy);
await clients.gateway.get('/api/v2/policies').expect(200, originalPolicy);
});

it('replace policy', async () => {
@@ -46,7 +46,7 @@ describe.skip('authoring api policy', () => {
);

await clients.authoring
.put('/api/policies?author.name=test&author.email=test@soluto.com')
.put('/api/v2/policies')
.send(newPolicy)
.expect(200);

@@ -82,8 +82,8 @@ describe.skip('authoring api policy', () => {
);

const policyPatch = jsonpatch.compare(policy, originalPolicy);
await clients.authoring
.patch('/api/policies?author.name=test&author.email=test@soluto.com')
await clients.gateway
.patch('/api/v2/policies')
.send(policyPatch)
.expect(200);

Oops, something went wrong.

0 comments on commit 798f8f5

Please sign in to comment.