Add context object details to Extra map in tenant mapping handler

chart/compass/values.yaml

@@ -10,7 +10,7 @@ global:
       version: "PR-391"
     director:
       dir:
-      version: "PR-472"
+      version: "PR-475"
     gateway:
       dir: pr/
       version: "PR-357"

components/director/internal/tenantmapping/handler.go

@@ -23,12 +23,12 @@ type ReqDataParser interface {
 
 //go:generate mockery -name=TenantAndScopesForUserProvider -output=automock -outpkg=automock -case=underscore
 type TenantAndScopesForUserProvider interface {
-	GetTenantAndScopes(reqData ReqData, authID string) (string, string, error)
+	GetTenantAndScopes(reqData ReqData, authID string) (ObjectContext, error)
 }
 
 //go:generate mockery -name=TenantAndScopesForSystemAuthProvider -output=automock -outpkg=automock -case=underscore
 type TenantAndScopesForSystemAuthProvider interface {
-	GetTenantAndScopes(ctx context.Context, reqData ReqData, authID string, authFlow AuthFlow) (string, string, error)
+	GetTenantAndScopes(ctx context.Context, reqData ReqData, authID string, authFlow AuthFlow) (ObjectContext, error)
 }
 
 type Handler struct {
@@ -72,14 +72,16 @@ func (h *Handler) ServeHTTP(writer http.ResponseWriter, req *http.Request) {
 
 	ctx := persistence.SaveToContext(req.Context(), tx)
 
-	tenantID, scopes, err := h.lookupForTenantAndScopes(ctx, reqData)
+	objCtx, err := h.lookupForTenantAndScopes(ctx, reqData)
 	if err != nil {
 		respondWithError(writer, http.StatusInternalServerError, err, "while looking for tenant and scopes data")
 		return
 	}
 
-	reqData.Body.Extra["tenant"] = tenantID
-	reqData.Body.Extra["scope"] = scopes
+	reqData.Body.Extra["tenant"] = objCtx.TenantID
+	reqData.Body.Extra["scope"] = objCtx.Scopes
+	reqData.Body.Extra["objectID"] = objCtx.ObjectID
+	reqData.Body.Extra["objectType"] = objCtx.ObjectType
 
 	writer.Header().Set("Content-Type", "application/json")
 	err = json.NewEncoder(writer).Encode(reqData.Body)
@@ -89,10 +91,10 @@ func (h *Handler) ServeHTTP(writer http.ResponseWriter, req *http.Request) {
 	}
 }
 
-func (h *Handler) lookupForTenantAndScopes(ctx context.Context, reqData ReqData) (string, string, error) {
+func (h *Handler) lookupForTenantAndScopes(ctx context.Context, reqData ReqData) (ObjectContext, error) {
 	authID, authFlow, err := reqData.GetAuthID()
 	if err != nil {
-		return "", "", errors.Wrap(err, "while determining the auth ID from the request")
+		return ObjectContext{}, errors.Wrap(err, "while determining the auth ID from the request")
 	}
 
 	switch authFlow {
@@ -102,7 +104,7 @@ func (h *Handler) lookupForTenantAndScopes(ctx context.Context, reqData ReqData)
 		return h.mapperForSystemAuth.GetTenantAndScopes(ctx, reqData, authID, authFlow)
 	}
 
-	return "", "", fmt.Errorf("unknown authentication flow (%s)", authFlow)
+	return ObjectContext{}, fmt.Errorf("unknown authentication flow (%s)", authFlow)
 }
 
 func respondWithError(writer http.ResponseWriter, httpErrorCode int, err error, wrapperStr string) {

components/director/internal/tenantmapping/handler_test.go

@@ -20,6 +20,7 @@ import (
 func TestHandler(t *testing.T) {
 	tenantID := uuid.New()
 	systemAuthID := uuid.New()
+	objID := uuid.New()
 
 	t.Run("success for the request parsed as JWT flow", func(t *testing.T) {
 		username := "admin"
@@ -31,7 +32,13 @@ func TestHandler(t *testing.T) {
 				},
 			},
 		}
-		expectedRespPayload := `{"subject":"","extra":{"name":"` + username + `","scope":"` + scopes + `","tenant":"` + tenantID.String() + `"},"header":null}`
+		objCtxMock := tenantmapping.ObjectContext{
+			Scopes:     scopes,
+			TenantID:   tenantID.String(),
+			ObjectID:   username,
+			ObjectType: "Static User",
+		}
+		expectedRespPayload := `{"subject":"","extra":{"name":"` + username + `","objectID":"` + username + `","objectType":"Static User","scope":"` + scopes + `","tenant":"` + tenantID.String() + `"},"header":null}`
 
 		req := httptest.NewRequest(http.MethodPost, "http://example.com/foo", strings.NewReader(""))
 		w := httptest.NewRecorder()
@@ -42,7 +49,7 @@ func TestHandler(t *testing.T) {
 		transactMock := getTransactMock()
 
 		mapperForUserMock := getMapperForUserMock()
-		mapperForUserMock.On("GetTenantAndScopes", reqDataMock, username).Return(tenantID.String(), scopes, nil).Once()
+		mapperForUserMock.On("GetTenantAndScopes", reqDataMock, username).Return(objCtxMock, nil).Once()
 
 		handler := tenantmapping.NewHandler(reqDataParserMock, transactMock, mapperForUserMock, nil)
 		handler.ServeHTTP(w, req)
@@ -66,7 +73,13 @@ func TestHandler(t *testing.T) {
 				},
 			},
 		}
-		expectedRespPayload := `{"subject":"","extra":{"client_id":"` + systemAuthID.String() + `","scope":"` + scopes + `","tenant":"` + tenantID.String() + `"},"header":null}`
+		objCtx := tenantmapping.ObjectContext{
+			Scopes:     scopes,
+			TenantID:   tenantID.String(),
+			ObjectID:   objID.String(),
+			ObjectType: "Integration System",
+		}
+		expectedRespPayload := `{"subject":"","extra":{"client_id":"` + systemAuthID.String() + `","objectID":"` + objID.String() + `","objectType":"Integration System","scope":"` + scopes + `","tenant":"` + tenantID.String() + `"},"header":null}`
 
 		req := httptest.NewRequest(http.MethodPost, "http://example.com/foo", strings.NewReader(""))
 		w := httptest.NewRecorder()
@@ -77,7 +90,7 @@ func TestHandler(t *testing.T) {
 		transactMock := getTransactMock()
 
 		mapperForSystemAuthMock := getMapperForSystemAuthMock()
-		mapperForSystemAuthMock.On("GetTenantAndScopes", mock.Anything, reqDataMock, systemAuthID.String(), tenantmapping.OAuth2Flow).Return(tenantID.String(), scopes, nil).Once()
+		mapperForSystemAuthMock.On("GetTenantAndScopes", mock.Anything, reqDataMock, systemAuthID.String(), tenantmapping.OAuth2Flow).Return(objCtx, nil).Once()
 
 		handler := tenantmapping.NewHandler(reqDataParserMock, transactMock, nil, mapperForSystemAuthMock)
 		handler.ServeHTTP(w, req)
@@ -102,7 +115,13 @@ func TestHandler(t *testing.T) {
 				},
 			},
 		}
-		expectedRespPayload := `{"subject":"","extra":{"scope":"` + scopes + `","tenant":"` + tenantID.String() + `"},"header":{"Client-Id-From-Certificate":["` + systemAuthID.String() + `"]}}`
+		objCtx := tenantmapping.ObjectContext{
+			Scopes:     scopes,
+			TenantID:   tenantID.String(),
+			ObjectID:   objID.String(),
+			ObjectType: "Integration System",
+		}
+		expectedRespPayload := `{"subject":"","extra":{"objectID":"` + objID.String() + `","objectType":"Integration System","scope":"` + scopes + `","tenant":"` + tenantID.String() + `"},"header":{"Client-Id-From-Certificate":["` + systemAuthID.String() + `"]}}`
 
 		req := httptest.NewRequest(http.MethodPost, "http://example.com/foo", strings.NewReader(""))
 		w := httptest.NewRecorder()
@@ -113,7 +132,7 @@ func TestHandler(t *testing.T) {
 		transactMock := getTransactMock()
 
 		mapperForSystemAuthMock := getMapperForSystemAuthMock()
-		mapperForSystemAuthMock.On("GetTenantAndScopes", mock.Anything, reqDataMock, systemAuthID.String(), tenantmapping.CertificateFlow).Return(tenantID.String(), scopes, nil).Once()
+		mapperForSystemAuthMock.On("GetTenantAndScopes", mock.Anything, reqDataMock, systemAuthID.String(), tenantmapping.CertificateFlow).Return(objCtx, nil).Once()
 
 		handler := tenantmapping.NewHandler(reqDataParserMock, transactMock, nil, mapperForSystemAuthMock)
 		handler.ServeHTTP(w, req)

components/director/internal/tenantmapping/mapper_for_system_auth.go

@@ -24,25 +24,39 @@ type mapperForSystemAuth struct {
 	scopesGetter  ScopesGetter
 }
 
-func (m *mapperForSystemAuth) GetTenantAndScopes(ctx context.Context, reqData ReqData, authID string, authFlow AuthFlow) (string, string, error) {
+func (m *mapperForSystemAuth) GetTenantAndScopes(ctx context.Context, reqData ReqData, authID string, authFlow AuthFlow) (ObjectContext, error) {
 	sysAuth, err := m.systemAuthSvc.GetGlobal(ctx, authID)
 	if err != nil {
-		return "", "", errors.Wrap(err, "while retrieving system auth from database")
+		return ObjectContext{}, errors.Wrap(err, "while retrieving system auth from database")
 	}
 
 	refObjType, err := sysAuth.GetReferenceObjectType()
 	if err != nil {
-		return "", "", errors.Wrap(err, "while getting reference object type")
+		return ObjectContext{}, errors.Wrap(err, "while getting reference object type")
 	}
 
+	var scopes string
+	var tenant string
+
 	switch refObjType {
 	case model.IntegrationSystemReference:
-		return m.getTenantAndScopesForIntegrationSystem(reqData)
+		tenant, scopes, err = m.getTenantAndScopesForIntegrationSystem(reqData)
 	case model.RuntimeReference, model.ApplicationReference:
-		return m.getTenantAndScopesForApplicationOrRuntime(sysAuth, refObjType, reqData, authFlow)
+		tenant, scopes, err = m.getTenantAndScopesForApplicationOrRuntime(sysAuth, refObjType, reqData, authFlow)
+	default:
+		return ObjectContext{}, errors.Errorf("unsupported reference object type (%s)", refObjType)
+	}
+
+	if err != nil {
+		return ObjectContext{}, errors.Wrap(err, fmt.Sprintf("while fetching the tenant and scopes for object of type %s", refObjType))
+	}
+
+	objID, objType, err := getContextObj(refObjType, sysAuth)
+	if err != nil {
+		return ObjectContext{}, errors.Wrap(err, "while getting context object")
 	}
 
-	return "", "", errors.Errorf("unsupported reference object type (%s)", refObjType)
+	return NewObjectContext(scopes, tenant, objID, objType), nil
 }
 
 func (m *mapperForSystemAuth) getTenantAndScopesForIntegrationSystem(reqData ReqData) (string, string, error) {
@@ -104,3 +118,16 @@ func buildPath(refObjectType model.SystemAuthReferenceObjectType) string {
 	transformedObjType := strings.ReplaceAll(lowerCaseType, " ", "_")
 	return fmt.Sprintf("%s.%s", clientCredentialScopesPrefix, transformedObjType)
 }
+
+func getContextObj(refObjType model.SystemAuthReferenceObjectType, sysAuth *model.SystemAuth) (string, string, error) {
+	switch refObjType {
+	case model.IntegrationSystemReference:
+		return *sysAuth.IntegrationSystemID, string(model.IntegrationSystemReference), nil
+	case model.RuntimeReference:
+		return *sysAuth.RuntimeID, string(model.RuntimeReference), nil
+	case model.ApplicationReference:
+		return *sysAuth.AppID, string(model.ApplicationReference), nil
+	default:
+		return "", "", fmt.Errorf("unable to determin context detials for object of type %s", refObjType)
+	}
+}