Use URN for resource, e.g. cherami:dst:zone1_prod

uber-archive · Apr 26, 2017 · ba6a818 · ba6a818
1 parent ddad921
commit ba6a818
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 5 deletions.
diff --git a/common/auth_util.go b/common/auth_util.go
@@ -26,10 +26,12 @@ import (
 )
 
 const (
-	resourceUriTemplateCreateDestination = "dst://%v"
+	resourceURNTemplateCreateDestination = "cherami:dst:%v"
 )
 
-func GetResourceRootUri(scommon SCommon) string {
+// GetResourceRootURN returns the root resource URN, e.g. cherami:dst:zone1_prod
+// We use URN (Uniform Resource Name) like this: https://www.ietf.org/rfc/rfc2141.txt
+func GetResourceRootURN(scommon SCommon) string {
 	deploymentName := scommon.GetConfig().GetDeploymentName()
-	return fmt.Sprintf(resourceUriTemplateCreateDestination, strings.ToLower(deploymentName))
+	return fmt.Sprintf(resourceURNTemplateCreateDestination, strings.ToLower(deploymentName))
 }
diff --git a/services/frontendhost/frontend.go b/services/frontendhost/frontend.go
@@ -588,13 +588,14 @@ func (h *Frontend) CreateDestination(ctx thrift.Context, createRequest *c.Create
 
 	authSubject, err := h.GetAuthManager().Authenticate(ctx)
 	if err != nil {
+		// TODO add metrics
 		return nil, err
 	}
 
-	authResource := common.GetResourceRootUri(h.SCommon)
+	authResource := common.GetResourceRootURN(h.SCommon)
 	err = h.GetAuthManager().Authorize(authSubject, common.OperationCreate, common.Resource(authResource))
 	if err != nil {
-		lclLg.WithField(common.TagSubject, authSubject).WithField(common.TagResource, authResource).Warn("Not allowed to create destination")
+		lclLg.WithField(common.TagSubject, authSubject).WithField(common.TagResource, authResource).Info("Not allowed to create destination")
 		// TODO add metrics
 		return nil, err
 	}