rebase

cloudtrust · Feb 19, 2020 · 146e4be · 146e4be
1 parent 1aea98c
commit 146e4be
Show file tree

Hide file tree

Showing 28 changed files with 266 additions and 302 deletions.
diff --git a/Gopkg.lock b/Gopkg.lock
diff --git a/Gopkg.toml b/Gopkg.toml
@@ -27,11 +27,11 @@
 
 [[constraint]]
   name = "github.com/cloudtrust/common-service"
-  version = "v1.2.4"
+  branch = "CLOUDTRUST-2109_2_authorizationManagement"
 
 [[constraint]]
   name = "github.com/cloudtrust/keycloak-client"
-  version = "v1.2.7"
+  branch = "CLOUDTRUST-2109_2_branch"
 
 [[constraint]]
   name = "github.com/go-kit/kit"

diff --git a/api/event/fb/AdminEvent.go b/api/event/fb/AdminEvent.go
diff --git a/api/management/api.go b/api/management/api.go
@@ -5,7 +5,7 @@ import (
 	"regexp"
 	"strconv"
 
-	"github.com/cloudtrust/keycloak-bridge/internal/dto"
+	"github.com/cloudtrust/common-service/configuration"
 	internal "github.com/cloudtrust/keycloak-bridge/internal/messages"
 	kc "github.com/cloudtrust/keycloak-client"
 )
@@ -277,7 +277,7 @@ func ConvertToKCGroup(group GroupRepresentation) kc.GroupRepresentation {
 }
 
 // ConvertToAPIAuthorizations creates a API authorization representation from an array of DB Authorization
-func ConvertToAPIAuthorizations(authorizations []dto.Authorization) AuthorizationsRepresentation {
+func ConvertToAPIAuthorizations(authorizations []configuration.Authorization) AuthorizationsRepresentation {
 	var matrix = make(map[string]map[string]map[string]struct{})
 
 	for _, authz := range authorizations {
@@ -309,8 +309,8 @@ func ConvertToAPIAuthorizations(authorizations []dto.Authorization) Authorizatio
 }
 
 // ConvertToDBAuthorizations creates an array of DB Authorization from an API AuthorizationsRepresentation
-func ConvertToDBAuthorizations(realmID, groupID string, apiAuthorizations AuthorizationsRepresentation) []dto.Authorization {
-	var authorizations = []dto.Authorization{}
+func ConvertToDBAuthorizations(realmID, groupName string, apiAuthorizations AuthorizationsRepresentation) []configuration.Authorization {
+	var authorizations = []configuration.Authorization{}
 
 	if apiAuthorizations.Matrix == nil {
 		return authorizations
@@ -319,9 +319,9 @@ func ConvertToDBAuthorizations(realmID, groupID string, apiAuthorizations Author
 	for action, u := range *apiAuthorizations.Matrix {
 		if len(u) == 0 {
 			var act = string(action)
-			authorizations = append(authorizations, dto.Authorization{
+			authorizations = append(authorizations, configuration.Authorization{
 				RealmID:   &realmID,
-				GroupName: &groupID,
+				GroupName: &groupName,
 				Action:    &act,
 			})
 			continue
@@ -331,9 +331,9 @@ func ConvertToDBAuthorizations(realmID, groupID string, apiAuthorizations Author
 			if len(v) == 0 {
 				var act = string(action)
 				var targetRealm = string(targetRealmID)
-				authorizations = append(authorizations, dto.Authorization{
+				authorizations = append(authorizations, configuration.Authorization{
 					RealmID:       &realmID,
-					GroupName:     &groupID,
+					GroupName:     &groupName,
 					Action:        &act,
 					TargetRealmID: &targetRealm,
 				})
@@ -344,9 +344,9 @@ func ConvertToDBAuthorizations(realmID, groupID string, apiAuthorizations Author
 				var act = string(action)
 				var targetRealm = string(targetRealmID)
 				var targetGroup = string(targetGroupName)
-				authorizations = append(authorizations, dto.Authorization{
+				authorizations = append(authorizations, configuration.Authorization{
 					RealmID:         &realmID,
-					GroupName:       &groupID,
+					GroupName:       &groupName,
 					Action:          &act,
 					TargetRealmID:   &targetRealm,
 					TargetGroupName: &targetGroup,

diff --git a/api/management/api_test.go b/api/management/api_test.go
@@ -5,7 +5,7 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/cloudtrust/keycloak-bridge/internal/dto"
+	"github.com/cloudtrust/common-service/configuration"
 	kc "github.com/cloudtrust/keycloak-client"
 	"github.com/stretchr/testify/assert"
 )
@@ -211,22 +211,22 @@ func TestConvertToAPIAuthorizations(t *testing.T) {
 	var action2 = "action2"
 	var any = "*"
 
-	var authorizations = []dto.Authorization{}
+	var authorizations = []configuration.Authorization{}
 
-	var authz1 = dto.Authorization{
+	var authz1 = configuration.Authorization{
 		RealmID:   &master,
 		GroupName: &groupName2,
 		Action:    &action2,
 	}
 
-	var authz2 = dto.Authorization{
+	var authz2 = configuration.Authorization{
 		RealmID:       &master,
 		GroupName:     &groupName2,
 		Action:        &action2,
 		TargetRealmID: &any,
 	}
 
-	var authz3 = dto.Authorization{
+	var authz3 = configuration.Authorization{
 		RealmID:         &master,
 		GroupName:       &groupName1,
 		Action:          &action,

diff --git a/cmd/keycloakb/keycloak_bridge.go b/cmd/keycloakb/keycloak_bridge.go
@@ -14,6 +14,7 @@ import (
 	"syscall"
 	"time"
 
+	"github.com/cloudtrust/common-service/configuration"
 	"github.com/cloudtrust/common-service/database/sqltypes"
 	"github.com/cloudtrust/common-service/healthcheck"
 
@@ -101,9 +102,6 @@ func main() {
 	// Configurations.
 	var c = config(ctx, log.With(logger, "unit", "config"))
 	var (
-		// Component
-		authorizationConfigFile = c.GetString("authorization-file")
-
 		// Publishing
 		httpAddrInternal   = c.GetString("internal-http-host-port")
 		httpAddrManagement = c.GetString("management-http-host-port")
@@ -262,18 +260,6 @@ func main() {
 		keycloakPublicURL = urls[0]
 	}
 
-	// Authorization Manager
-	var authorizationManager security.AuthorizationManager
-	{
-		var err error
-		authorizationManager, err = security.NewAuthorizationManagerFromFile(commonKcAdaptor, logger, authorizationConfigFile)
-
-		if err != nil {
-			logger.Error(ctx, "msg", "could not load authorizations", "error", err)
-			return
-		}
-	}
-
 	var sentryClient tracking.SentryTracking
 	{
 		var logger = log.With(logger, "unit", "sentry")
@@ -382,6 +368,25 @@ func main() {
 	healthChecker.AddDatabase("Users R/W", usersRwDBConn, healthCheckCacheDuration)
 	healthChecker.AddHTTPEndpoint("Keycloak", keycloakConfig.AddrAPI, httpTimeout, 200, healthCheckCacheDuration)
 
+	// Authorization Manager
+	var authorizationManager security.AuthorizationManager
+	{
+		var authorizationLogger = log.With(logger, "svc", "authorization")
+
+		var configurationReaderDBModule *configuration.ConfigurationReaderDBModule
+		{
+			configurationReaderDBModule = configuration.NewConfigurationReaderDBModule(configurationRoDBConn, authorizationLogger)
+		}
+
+		var err error
+		authorizationManager, err = security.NewAuthorizationManager(configurationReaderDBModule, commonKcAdaptor, authorizationLogger)
+
+		if err != nil {
+			logger.Error(ctx, "msg", "could not load authorizations", "error", err)
+			return
+		}
+	}
+
 	// Event service.
 	var eventEndpoints = event.Endpoints{}
 	{
@@ -1010,7 +1015,6 @@ func config(ctx context.Context, logger log.Logger) *viper.Viper {
 
 	// Component default.
 	v.SetDefault("config-file", "./configs/keycloak_bridge.yml")
-	v.SetDefault("authorization-file", "./configs/authorization.json")
 
 	// Log level
 	v.SetDefault("log-level", "info")
@@ -1132,9 +1136,7 @@ func config(ctx context.Context, logger log.Logger) *viper.Viper {
 
 	// First level of override.
 	pflag.String("config-file", v.GetString("config-file"), "The configuration file path can be relative or absolute.")
-	pflag.String("authorization-file", v.GetString("authorization-file"), "The authorization file path can be relative or absolute.")
 	v.BindPFlag("config-file", pflag.Lookup("config-file"))
-	v.BindPFlag("authorization-file", pflag.Lookup("authorization-file"))
 	pflag.Parse()
 
 	// Bind ENV variables

diff --git a/internal/dto/authorization.go b/internal/dto/authorization.go