refactor: upgrade to identity v2

Signed-off-by: Lukas Zapletal <[email protected]>

go.mod

@@ -40,7 +40,7 @@ require (
 	github.com/oapi-codegen/runtime v1.1.1
 	github.com/prometheus/client_golang v1.18.0
 	github.com/redhatinsights/app-common-go v1.6.7
-	github.com/redhatinsights/platform-go-middlewares v1.0.0
+	github.com/redhatinsights/platform-go-middlewares/v2 v2.0.0-beta.1
 	github.com/redis/go-redis/v9 v9.4.0
 	github.com/riandyrn/otelchi v0.5.1
 	github.com/rs/zerolog v1.31.0
@@ -85,7 +85,6 @@ require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
-	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
 	github.com/go-logr/logr v1.4.1 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
@@ -129,7 +128,6 @@ require (
 	github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
 	github.com/oleiade/lane/v2 v2.0.0 // indirect
-	github.com/onsi/gomega v1.27.6 // indirect
 	github.com/perimeterx/marshmallow v1.1.5 // indirect
 	github.com/pierrec/lz4/v4 v4.1.21 // indirect
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect

internal/headers/headers.go

@@ -7,7 +7,7 @@ import (
 
 	"github.com/RHEnVision/provisioning-backend/internal/config"
 	"github.com/RHEnVision/provisioning-backend/internal/logging"
-	"github.com/redhatinsights/platform-go-middlewares/identity"
+	"github.com/redhatinsights/platform-go-middlewares/v2/identity"
 	"github.com/rs/zerolog"
 )
 
@@ -21,6 +21,8 @@ func addIdentityHeader(ctx context.Context, req *http.Request, username, passwor
 		zerolog.Ctx(ctx).Warn().Msgf("Username/password authentication: %s", username)
 		req.Header.Add("Authorization", "Basic "+basicAuth(username, password))
 	} else {
+		logger := zerolog.Ctx(ctx)
+		logger.Trace().Str("identity", identity.GetIdentityHeader(ctx)).Msg("HTTP client identity set")
 		req.Header.Set("X-RH-Identity", identity.GetIdentityHeader(ctx))
 	}
 	return nil

internal/identity/account.go

@@ -11,13 +11,13 @@ const (
 	accountIdCtxKey cxtKeyId = iota
 )
 
-var MissingAccountInContextError = errors.New("operation requires account_id in context")
+var ErrMissingAccountInContext = errors.New("operation requires account_id in context")
 
 // AccountId returns current account model or panics when not set
 func AccountId(ctx context.Context) int64 {
 	value := ctx.Value(accountIdCtxKey)
 	if value == nil {
-		panic(MissingAccountInContextError)
+		panic(ErrMissingAccountInContext)
 	}
 	return value.(int64)
 }

internal/identity/identity.go

@@ -6,18 +6,14 @@ import (
 	"encoding/json"
 	"fmt"
 
-	"github.com/redhatinsights/platform-go-middlewares/identity"
+	"github.com/redhatinsights/platform-go-middlewares/v2/identity"
 )
 
 type Principal = identity.XRHID
 
 // Identity returns identity header struct or nil when not set.
 func Identity(ctx context.Context) Principal {
-	val := ctx.Value(identity.Key)
-	if val == nil {
-		return Principal{}
-	}
-	return val.(Principal)
+	return identity.GetIdentity(ctx)
 }
 
 // IdentityHeader returns identity header (base64-encoded JSON)
@@ -27,7 +23,7 @@ func IdentityHeader(ctx context.Context) string {
 
 // WithIdentity returns context copy with identity.
 func WithIdentity(ctx context.Context, id Principal) context.Context {
-	return context.WithValue(ctx, identity.Key, id)
+	return identity.WithIdentity(ctx, id)
 }
 
 // WithIdentityFrom64 returns context copy with identity parsed from base64-encoded JSON string.
@@ -43,5 +39,5 @@ func WithIdentityFrom64(ctx context.Context, id string) (context.Context, error)
 		return nil, fmt.Errorf("could not unmarshal json %w", err)
 	}
 
-	return context.WithValue(ctx, identity.Key, jsonData), nil
+	return WithIdentity(ctx, jsonData), nil
 }

internal/routes/all_routes.go

@@ -1,6 +1,7 @@
 package routes
 
 import (
+	"context"
 	"fmt"
 	"net/http"
 
@@ -11,6 +12,8 @@ import (
 	"github.com/go-chi/chi/v5"
 	"github.com/go-chi/render"
 	redoc "github.com/go-openapi/runtime/middleware"
+	"github.com/redhatinsights/platform-go-middlewares/v2/identity"
+	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
 )
 
@@ -42,6 +45,11 @@ func MountRoot(r *chi.Mux) {
 	})
 }
 
+func IdentityErrorLogFunc(ctx context.Context, rawId, msg string) {
+	logger := zerolog.Ctx(ctx)
+	logger.Error().Str("identity", rawId).Msgf("identity enforcement error: %s", msg)
+}
+
 func MountAPI(r *chi.Mux) {
 	r.Route("/openapi.json", func(r chi.Router) {
 		r.Use(middleware.ETagMiddleware(api.ETagValue))
@@ -56,7 +64,7 @@ func MountAPI(r *chi.Mux) {
 	r.Group(func(r chi.Router) {
 		r.Use(render.SetContentType(render.ContentTypeJSON))
 
-		r.Use(middleware.EnforceIdentity)
+		r.Use(identity.EnforceIdentityWithLogger(IdentityErrorLogFunc))
 		r.Use(middleware.AccountMiddleware)
 
 		// OpenAPI documented and supported routes

internal/testing/identity/dummy_identity.go

@@ -10,7 +10,7 @@ import (
 	"github.com/RHEnVision/provisioning-backend/internal/dao"
 	"github.com/RHEnVision/provisioning-backend/internal/identity"
 	"github.com/RHEnVision/provisioning-backend/internal/ptr"
-	rhidentity "github.com/redhatinsights/platform-go-middlewares/identity"
+	rhidentity "github.com/redhatinsights/platform-go-middlewares/v2/identity"
 )
 
 const (
@@ -28,11 +28,11 @@ func AddIdentityHeader(t *testing.T, req *http.Request) *http.Request {
 }
 
 func WithIdentity(t *testing.T, ctx context.Context) context.Context {
-	return context.WithValue(ctx, rhidentity.Key, xRhId)
+	return rhidentity.WithIdentity(ctx, xRhId)
 }
 
 func WithCustomIdentity(t *testing.T, ctx context.Context, orgId string, accountNumber *string) context.Context {
-	return context.WithValue(ctx, rhidentity.Key, newIdentity(orgId, accountNumber))
+	return rhidentity.WithIdentity(ctx, newIdentity(orgId, accountNumber))
 }
 
 func WithTenant(t *testing.T, ctx context.Context) context.Context {