Make key level tags in order and unique

gateway/api_test.go

@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"net/http"
 	"net/http/httptest"
+	"reflect"
 	"strconv"
 	"sync"
 	"testing"
@@ -285,14 +286,17 @@ func TestKeyHandler_UpdateKey(t *testing.T) {
 
 	pID := CreatePolicy(func(p *user.Policy) {
 		p.Partitions.RateLimit = true
+		p.Tags = []string{"p1-tag"}
 	})
 
 	pID2 := CreatePolicy(func(p *user.Policy) {
 		p.Partitions.Quota = true
+		p.Tags = []string{"p2-tag"}
 	})
 
 	session, key := ts.CreateSession(func(s *user.SessionState) {
 		s.ApplyPolicies = []string{pID}
+		s.Tags = []string{"key-tag1", "key-tag2"}
 		s.AccessRights = map[string]user.AccessDefinition{testAPIID: {
 			APIID: testAPIID, Versions: []string{"v1"},
 		}}
@@ -327,6 +331,43 @@ func TestKeyHandler_UpdateKey(t *testing.T) {
 			t.Fatal("Removing policy from the list failed")
 		}
 	})
+
+	t.Run("Tag on key level", func(t *testing.T) {
+		assert := func(session *user.SessionState, expected []string) {
+			sessionData, _ := json.Marshal(session)
+			path := fmt.Sprintf("/tyk/keys/%s", key)
+
+			_, _ = ts.Run(t, []test.TestCase{
+				{Method: http.MethodPut, Path: path, Data: sessionData, AdminAuth: true, Code: 200},
+			}...)
+
+			sessionState, found := FallbackKeySesionManager.SessionDetail(key, false)
+			if !found || !reflect.DeepEqual(expected, sessionState.Tags) {
+				t.Fatalf("Expected %v, returned %v", expected, sessionState.Tags)
+			}
+		}
+
+		t.Run("Add", func(t *testing.T) {
+			expected := []string{"p1-tag", "p2-tag", "key-tag1", "key-tag2"}
+			session.ApplyPolicies = []string{pID, pID2}
+			assert(session, expected)
+		})
+
+		t.Run("Make unique", func(t *testing.T) {
+			expected := []string{"p1-tag", "p2-tag", "key-tag1", "key-tag2"}
+			session.ApplyPolicies = []string{pID, pID2}
+			session.Tags = append(session.Tags, "p1-tag", "key-tag1")
+			assert(session, expected)
+		})
+
+		t.Run("Remove", func(t *testing.T) {
+			expected := []string{"p1-tag", "p2-tag", "key-tag2"}
+			session.ApplyPolicies = []string{pID, pID2}
+			session.Tags = []string{"key-tag2"}
+			assert(session, expected)
+		})
+
+	})
 }
 
 func TestHashKeyHandler(t *testing.T) {

gateway/middleware.go

@@ -286,7 +286,7 @@ func (t BaseMiddleware) UpdateRequestSession(r *http.Request) bool {
 // will overwrite the session state to use the policy values.
 func (t BaseMiddleware) ApplyPolicies(session *user.SessionState) error {
 	rights := make(map[string]user.AccessDefinition)
-	tags := make(map[string]bool)
+	tags := make([]string, 0)
 	didQuota, didRateLimit, didACL := make(map[string]bool), make(map[string]bool), make(map[string]bool)
 	policies := session.PolicyIDs()
 
@@ -474,17 +474,17 @@ func (t BaseMiddleware) ApplyPolicies(session *user.SessionState) error {
 			session.IsInactive = true
 		}
 		for _, tag := range policy.Tags {
-			tags[tag] = true
+			tags = appendIfMissing(tags, tag)
 		}
 	}
 
-	// set tags
-	if len(tags) > 0 {
-		for tag := range tags {
-			session.Tags = append(session.Tags, tag)
-		}
+	for _, tag := range session.Tags {
+		tags = appendIfMissing(tags, tag)
 	}
 
+	// set tags
+	session.Tags = tags
+
 	// If some APIs had only ACL partitions, inherit rest from session level
 	for k, v := range rights {
 		if !didRateLimit[k] {

gateway/mw_jwt.go

@@ -296,15 +296,6 @@ func (k *JWTMiddleware) processCentralisedJWT(r *http.Request, token *jwt.Token)
 
 	k.Logger().Debug("JWT Temporary session ID is: ", sessionID)
 
-	contains := func(s []string, e string) bool {
-		for _, a := range s {
-			if a == e {
-				return true
-			}
-		}
-		return false
-	}
-
 	session, exists := k.CheckSessionAndIdentityForValidKey(sessionID, r)
 	isDefaultPol := false
 	if !exists {

gateway/policy_test.go

@@ -57,6 +57,7 @@ type testApplyPoliciesData struct {
 	policies  []string
 	errMatch  string                               // substring
 	sessMatch func(*testing.T, *user.SessionState) // ignored if nil
+	session   *user.SessionState
 }
 
 func testPrepareApplyPolicies() (*BaseMiddleware, []testApplyPoliciesData) {
@@ -219,36 +220,38 @@ func testPrepareApplyPolicies() (*BaseMiddleware, []testApplyPoliciesData) {
 	tests := []testApplyPoliciesData{
 		{
 			"Empty", nil,
-			"", nil,
+			"", nil, nil,
 		},
 		{
 			"Single", []string{"nonpart1"},
-			"", nil,
+			"", nil, nil,
 		},
 		{
 			"Missing", []string{"nonexistent"},
-			"not found", nil,
+			"not found", nil, nil,
 		},
 		{
 			"DiffOrg", []string{"difforg"},
-			"different org", nil,
+			"different org", nil, nil,
 		},
 		{
 			"MultiNonPart", []string{"nonpart1", "nonpart2"},
-			"", nil,
+			"", nil, nil,
 		},
 		{
 			"NonpartAndPart", []string{"nonpart1", "quota1"},
-			"", nil,
+			"", nil, nil,
 		},
 		{
 			"TagMerge", []string{"tags1", "tags2"},
 			"", func(t *testing.T, s *user.SessionState) {
-				want := []string{"tagA", "tagX", "tagY"}
+				want := []string{"key-tag", "tagA", "tagX", "tagY"}
 				sort.Strings(s.Tags)
 				if !reflect.DeepEqual(want, s.Tags) {
 					t.Fatalf("want Tags %v, got %v", want, s.Tags)
 				}
+			}, &user.SessionState{
+				Tags: []string{"key-tag"},
 			},
 		},
 		{
@@ -257,47 +260,47 @@ func testPrepareApplyPolicies() (*BaseMiddleware, []testApplyPoliciesData) {
 				if !s.IsInactive {
 					t.Fatalf("want IsInactive to be true")
 				}
-			},
+			}, nil,
 		},
 		{
 			"InactiveMergeAll", []string{"inactive1", "inactive2"},
 			"", func(t *testing.T, s *user.SessionState) {
 				if !s.IsInactive {
 					t.Fatalf("want IsInactive to be true")
 				}
-			},
+			}, nil,
 		},
 		{
 			"QuotaPart", []string{"quota1"},
 			"", func(t *testing.T, s *user.SessionState) {
 				if s.QuotaMax != 2 {
 					t.Fatalf("want QuotaMax to be 2")
 				}
-			},
+			}, nil,
 		},
 		{
 			"QuotaParts", []string{"quota1", "quota2"},
 			"", func(t *testing.T, s *user.SessionState) {
 				if s.QuotaMax != 3 {
 					t.Fatalf("Should pick bigger value")
 				}
-			},
+			}, nil,
 		},
 		{
 			"RatePart", []string{"rate1"},
 			"", func(t *testing.T, s *user.SessionState) {
 				if s.Rate != 3 {
 					t.Fatalf("want Rate to be 3")
 				}
-			},
+			}, nil,
 		},
 		{
 			"RateParts", []string{"rate1", "rate2"},
 			"", func(t *testing.T, s *user.SessionState) {
 				if s.Rate != 4 {
 					t.Fatalf("Should pick bigger value")
 				}
-			},
+			}, nil,
 		},
 		{
 			"AclPart", []string{"acl1"},
@@ -306,7 +309,7 @@ func testPrepareApplyPolicies() (*BaseMiddleware, []testApplyPoliciesData) {
 				if !reflect.DeepEqual(want, s.AccessRights) {
 					t.Fatalf("want %v got %v", want, s.AccessRights)
 				}
-			},
+			}, nil,
 		},
 		{
 			"AclPart", []string{"acl1", "acl2"},
@@ -315,7 +318,7 @@ func testPrepareApplyPolicies() (*BaseMiddleware, []testApplyPoliciesData) {
 				if !reflect.DeepEqual(want, s.AccessRights) {
 					t.Fatalf("want %v got %v", want, s.AccessRights)
 				}
-			},
+			}, nil,
 		},
 		{
 			"RightsUpdate", []string{"acl3"},
@@ -334,7 +337,7 @@ func testPrepareApplyPolicies() (*BaseMiddleware, []testApplyPoliciesData) {
 				if !reflect.DeepEqual(want, s.AccessRights) {
 					t.Fatalf("want %v got %v", want, s.AccessRights)
 				}
-			},
+			}, nil,
 		},
 		{
 			name:     "Per API is set with other partitions to true",
@@ -427,7 +430,10 @@ func TestApplyPolicies(t *testing.T) {
 
 	for _, tc := range tests {
 		t.Run(tc.name, func(t *testing.T) {
-			sess := &user.SessionState{}
+			sess := tc.session
+			if sess == nil {
+				sess = &user.SessionState{}
+			}
 			sess.SetPolicies(tc.policies...)
 			errStr := ""
 			if err := bmid.ApplyPolicies(sess); err != nil {

gateway/util.go

@@ -0,0 +1,21 @@
+package gateway
+
+// appendIfMissing appends the given new item to the given slice.
+func appendIfMissing(slice []string, new string) []string {
+	for _, item := range slice {
+		if item == new {
+			return slice
+		}
+	}
+	return append(slice, new)
+}
+
+// contains checks whether the given slice contains the given item.
+func contains(s []string, i string) bool {
+	for _, a := range s {
+		if a == i {
+			return true
+		}
+	}
+	return false
+}