Merge pull request RedHatInsights#451 from MikelAlejoBR/chore-bump-pl…

…atform-go-middlewares-version
petracihalova · Jul 27, 2022 · 971b954 · 971b954
2 parents 78c5675 + 7f151db
commit 971b954
Show file tree

Hide file tree

Showing 5 changed files with 26 additions and 15 deletions.
diff --git a/go.mod b/go.mod
@@ -24,7 +24,7 @@ require (
 	github.com/labstack/gommon v0.3.1
 	github.com/prometheus/client_golang v1.12.1
 	github.com/redhatinsights/app-common-go v1.6.3
-	github.com/redhatinsights/platform-go-middlewares v0.12.0
+	github.com/redhatinsights/platform-go-middlewares v0.19.0
 	github.com/redhatinsights/sources-superkey-worker v0.0.0-20220110114734-d076299a7d68
 	github.com/segmentio/kafka-go v0.4.25
 	github.com/sirupsen/logrus v1.8.1

diff --git a/go.sum b/go.sum
@@ -1215,6 +1215,8 @@ github.com/redhatinsights/platform-go-middlewares v0.8.1/go.mod h1:koDaxx4Ht3ZgX
 github.com/redhatinsights/platform-go-middlewares v0.10.0/go.mod h1:i5gVDZJ/quCQhs5AW5CwkRPXlz1HfDBvyNtXHnlXZfM=
 github.com/redhatinsights/platform-go-middlewares v0.12.0 h1:gLFgsqupumRqAKDuYtvrYVNQr53iqfhQYc98VJ/cRUs=
 github.com/redhatinsights/platform-go-middlewares v0.12.0/go.mod h1:i5gVDZJ/quCQhs5AW5CwkRPXlz1HfDBvyNtXHnlXZfM=
+github.com/redhatinsights/platform-go-middlewares v0.19.0 h1:KEOVfDTOE0OpOKSb8HeEuYblFa2bpXvXpHRV/6706RM=
+github.com/redhatinsights/platform-go-middlewares v0.19.0/go.mod h1:i5gVDZJ/quCQhs5AW5CwkRPXlz1HfDBvyNtXHnlXZfM=
 github.com/redhatinsights/sources-superkey-worker v0.0.0-20220110114734-d076299a7d68 h1:YOKTWdW6poVAoL0ds7oB5yJSXNQOUIveCjqQRthzJ30=
 github.com/redhatinsights/sources-superkey-worker v0.0.0-20220110114734-d076299a7d68/go.mod h1:D74VLRhmYd+tGF1eid7+HLUKytgsm9L2dS9CoR+lxXM=
 github.com/remyoudompheng/bigfft v0.0.0-20190728182440-6a916e37a237/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=

diff --git a/middleware/authorization.go b/middleware/authorization.go
@@ -51,15 +51,15 @@ func PermissionCheck(next echo.HandlerFunc) echo.HandlerFunc {
 			// first check the identity (already parsed) to see if it contains
 			// the system key and if it does do some extra checks to authorize
 			// based on some internal rules (operator + satellite)
-			identity, ok := c.Get(h.PARSED_IDENTITY).(*identity.XRHID)
+			id, ok := c.Get(h.PARSED_IDENTITY).(*identity.XRHID)
 			if !ok {
 				return fmt.Errorf("error casting identity to struct: %+v", c.Get("identity"))
 			}
 
 			// checking to see if we're going to change the results since
 			// system-auth is treated completely differently than
 			// org_admin/rbac/psk
-			if identity.Identity.System != nil {
+			if id.Identity.System != (identity.System{}) {
 				// system-auth only allows GET and POST requests.
 				method := c.Request().Method
 				if method != http.MethodGet && method != http.MethodPost && method != http.MethodDelete {
@@ -77,12 +77,9 @@ func PermissionCheck(next echo.HandlerFunc) echo.HandlerFunc {
 				// can go through (but only if it's a POST)
 				//
 				// we're returning early because this is easier than a goto.
-				switch {
-				case identity.Identity.System["cluster_id"] != nil:
+				if id.Identity.System.ClusterId != "" || id.Identity.System.CommonName != "" {
 					return next(c)
-				case identity.Identity.System["cn"] != nil:
-					return next(c)
-				default:
+				} else {
 					return c.JSON(http.StatusUnauthorized, util.ErrorDoc("Unauthorized Action: system authorization only supports cn/cluster_id authorization", "401"))
 				}
 			}

diff --git a/middleware/authorization_test.go b/middleware/authorization_test.go
@@ -114,7 +114,9 @@ func TestSystemClusterID(t *testing.T) {
 			"x-rh-identity": "dummy",
 			"identity": &identity.XRHID{
 				Identity: identity.Identity{
-					System: map[string]interface{}{"cluster_id": "test_cluster"},
+					System: identity.System{
+						ClusterId: "test_cluster",
+					},
 				},
 			},
 		},
@@ -139,7 +141,9 @@ func TestSystemCN(t *testing.T) {
 			"x-rh-identity": "dummy",
 			"identity": &identity.XRHID{
 				Identity: identity.Identity{
-					System: map[string]interface{}{"cn": "test_cert"},
+					System: identity.System{
+						CommonName: "test_cert",
+					},
 				},
 			},
 		},
@@ -164,7 +168,9 @@ func TestSystemPatch(t *testing.T) {
 			"x-rh-identity": "dummy",
 			"identity": &identity.XRHID{
 				Identity: identity.Identity{
-					System: map[string]interface{}{"cn": "test_cert"},
+					System: identity.System{
+						CommonName: "test_cert",
+					},
 				},
 			},
 		},
@@ -189,7 +195,9 @@ func TestSystemDelete(t *testing.T) {
 			"x-rh-identity": "dummy",
 			"identity": &identity.XRHID{
 				Identity: identity.Identity{
-					System: map[string]interface{}{"cn": "test_cert"},
+					System: identity.System{
+						CommonName: "test_cert",
+					},
 				},
 			},
 		},
@@ -214,7 +222,9 @@ func TestSystemDeleteSource(t *testing.T) {
 			"x-rh-identity": "dummy",
 			"identity": &identity.XRHID{
 				Identity: identity.Identity{
-					System: map[string]interface{}{"cn": "test_cert"},
+					System: identity.System{
+						CommonName: "test_cert",
+					},
 				},
 			},
 		},
@@ -239,7 +249,9 @@ func TestSystemDeleteSourceVersioned(t *testing.T) {
 			"x-rh-identity": "dummy",
 			"identity": &identity.XRHID{
 				Identity: identity.Identity{
-					System: map[string]interface{}{"cn": "test_cert"},
+					System: identity.System{
+						CommonName: "test_cert",
+					},
 				},
 			},
 		},

diff --git a/middleware/headers.go b/middleware/headers.go
@@ -56,7 +56,7 @@ func ParseHeaders(next echo.HandlerFunc) echo.HandlerFunc {
 			c.Set(h.PARSED_IDENTITY, xRhIdentity)
 
 			// store whether or not this a cert-auth based request
-			if xRhIdentity.Identity.System != nil && xRhIdentity.Identity.System["cn"] != nil {
+			if xRhIdentity.Identity.System.CommonName != "" {
 				c.Set("cert-auth", true)
 			}
 		} else {