diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index f7d672a7..2ec5bf25 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -4,4 +4,10 @@ repos: hooks: - id: detect-secrets args: ['--baseline', '.secrets.baseline'] - exclude: .*/tests/.* + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v2.5.0 + hooks: + - id: trailing-whitespace + - id: end-of-file-fixer + - id: no-commit-to-branch + args: [--branch, develop, --branch, master, --pattern, release/.*] diff --git a/package-lock.json b/package-lock.json index f0eb85d2..babe64be 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "@gen3/guppy", - "version": "0.7.0", + "version": "0.8.0", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/package.json b/package.json index 64c21bc7..9c79f9de 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@gen3/guppy", - "version": "0.7.0", + "version": "0.8.0", "description": "Server that support GraphQL queries on data from elasticsearch", "main": "src/server/server.js", "directories": { diff --git a/src/server/__mocks__/mockDataFromES.js b/src/server/__mocks__/mockDataFromES.js index 80643092..f2daac30 100644 --- a/src/server/__mocks__/mockDataFromES.js +++ b/src/server/__mocks__/mockDataFromES.js @@ -204,11 +204,71 @@ const mockResourcePath = () => { const mockArborist = () => { nock(config.arboristEndpoint) .persist() - .get('/auth/resources') + .get('/auth/mapping') .reply(200, { - resources: [ - 'internal-project-1', - 'internal-project-2', + 'internal-project-1': [ // accessible + { + service: '*', + method: 'create', + }, + { + service: '*', + method: 'delete', + }, + { + service: '*', + method: 'read', + }, + { + service: '*', + method: 'read-storage', + }, + { + service: '*', + method: 'update', + }, + ], + 'internal-project-2': [ // accessible + { + service: '*', + method: 'read', + }, + ], + 'internal-project-3': [ // not accessible since method does not match + { + service: '*', + method: 'create', + }, + { + service: '*', + method: 'delete', + }, + { + service: '*', + method: 'read-storage', + }, + { + service: '*', + method: 'update', + }, + ], + 'internal-project-4': [ // accessible + { + service: '*', + method: '*', + }, + ], + 'internal-project-5': [ // accessible + { + service: 'guppy', + method: '*', + }, + ], + 'internal-project-6': [ // not accessible since service does not match + { + service: 'indexd', + method: '*', + }, ], }); }; diff --git a/src/server/auth/__tests__/authHelper.test.js b/src/server/auth/__tests__/authHelper.test.js index 081fe5a1..41762d7a 100644 --- a/src/server/auth/__tests__/authHelper.test.js +++ b/src/server/auth/__tests__/authHelper.test.js @@ -12,7 +12,8 @@ setupMockDataEndpoint(); describe('AuthHelper', () => { test('could create auth helper instance', async () => { const authHelper = await getAuthHelperInstance('fake-jwt'); - expect(authHelper.getAccessibleResources()).toEqual(['internal-project-1', 'internal-project-2']); + expect(authHelper.getAccessibleResources()).toEqual(['internal-project-1', 'internal-project-2', 'internal-project-4', 'internal-project-5']); + expect(authHelper.getAccessibleResources()).not.toContain(['internal-project-3', 'internal-project-6']); expect(authHelper.getUnaccessibleResources()).toEqual(['external-project-1', 'external-project-2']); }); @@ -51,6 +52,8 @@ describe('AuthHelper', () => { gen3_resource_path: [ 'internal-project-1', 'internal-project-2', + 'internal-project-4', + 'internal-project-5', ], }, }; @@ -70,6 +73,8 @@ describe('AuthHelper', () => { gen3_resource_path: [ 'internal-project-1', 'internal-project-2', + 'internal-project-4', + 'internal-project-5', ], }, }, @@ -108,6 +113,8 @@ describe('AuthHelper', () => { gen3_resource_path: [ 'internal-project-1', 'internal-project-2', + 'internal-project-4', + 'internal-project-5', ], }, }; diff --git a/src/server/auth/arboristClient.js b/src/server/auth/arboristClient.js index 977fb9b0..66d2f231 100644 --- a/src/server/auth/arboristClient.js +++ b/src/server/auth/arboristClient.js @@ -10,7 +10,7 @@ class ArboristClient { listAuthorizedResources(jwt) { // Make request to arborist for list of resources with access - const resourcesEndpoint = `${this.baseEndpoint}/auth/resources`; + const resourcesEndpoint = `${this.baseEndpoint}/auth/mapping`; log.debug('[ArboristClient] listAuthorizedResources jwt: ', jwt); const headers = (jwt) ? { Authorization: `bearer ${jwt}` } : {}; return fetch( @@ -21,11 +21,28 @@ class ArboristClient { }, ).then( (response) => response.json(), - (err) => { - log.error(err); - throw new CodedError(500, err); - }, - ); + ).then((result) => { + const data = { + resources: [], + }; + Object.keys(result).forEach((key) => { + // logic: you have access to a project if you have the following access: + // method 'read' (or '*' - all methods) to service 'guppy' (or '*' - all services) + // on the project resource. + if (result[key] && result[key].some((x) => ( + (x.method === 'read' || x.method === '*') + && (x.service === 'guppy' || x.service === '*') + ))) { + data.resources.push(key); + } + }); + log.debug('[ArboristClient] data: ', data); + return data; + }, + (err) => { + log.error(err); + throw new CodedError(500, err); + }); } } diff --git a/src/server/resolvers.js b/src/server/resolvers.js index 179c4548..847bdc8a 100644 --- a/src/server/resolvers.js +++ b/src/server/resolvers.js @@ -146,7 +146,6 @@ const getFieldAggregationResolverMappings = (esInstance, esIndex) => { return fieldAggregationResolverMappings; }; - /** * Tree-structured resolvers pass down arguments. * For better understanding, following is an example query, and related resolvers for each level: