Thanks to visit codestin.com
Credit goes to github.com

Skip to content

PXP-6412 Feat/auth mapping #93

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mfshao merged 11 commits into from
Jul 21, 2020
Merged

PXP-6412 Feat/auth mapping #93

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
c042d34
feat: auth mapping ep
mfshao Jul 13, 2020
b2b4c26
fix: test
mfshao Jul 13, 2020
cf73418
chore: cleaning
mfshao Jul 14, 2020
988eb1c
address comments
mfshao Jul 14, 2020
c1b051e
fix: logic
mfshao Jul 20, 2020
06e67b6
chore: update test
mfshao Jul 20, 2020
30f2b96
Merge branch 'master' into feat/auth-mapping
mfshao Jul 20, 2020
a6f0343
chore: should not exclude
mfshao Jul 20, 2020
a5aa05b
fix: logic
mfshao Jul 20, 2020
bad5f33
chore: update hook
mfshao Jul 20, 2020
a57de48
update ver
mfshao Jul 21, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 7 additions & 1 deletion .pre-commit-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,10 @@ repos:
hooks:
- id: detect-secrets
args: ['--baseline', '.secrets.baseline']
exclude: .*/tests/.*
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v2.5.0
hooks:
- id: trailing-whitespace
- id: end-of-file-fixer
- id: no-commit-to-branch
args: [--branch, develop, --branch, master, --pattern, release/.*]
2 changes: 1 addition & 1 deletion package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "@gen3/guppy",
"version": "0.7.0",
"version": "0.8.0",
"description": "Server that support GraphQL queries on data from elasticsearch",
"main": "src/server/server.js",
"directories": {
Expand Down
68 changes: 64 additions & 4 deletions src/server/__mocks__/mockDataFromES.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -204,11 +204,71 @@ const mockResourcePath = () => {
const mockArborist = () => {
nock(config.arboristEndpoint)
.persist()
.get('/auth/resources')
.get('/auth/mapping')
.reply(200, {
resources: [
'internal-project-1',
'internal-project-2',
'internal-project-1': [ // accessible
{
service: '*',
method: 'create',
},
{
service: '*',
method: 'delete',
},
{
service: '*',
method: 'read',
},
{
service: '*',
method: 'read-storage',
},
{
service: '*',
method: 'update',
},
],
'internal-project-2': [ // accessible
{
service: '*',
method: 'read',
},
],
'internal-project-3': [ // not accessible since method does not match
{
service: '*',
method: 'create',
},
{
service: '*',
method: 'delete',
},
{
service: '*',
method: 'read-storage',
},
{
service: '*',
method: 'update',
},
],
'internal-project-4': [ // accessible
{
service: '*',
method: '*',
},
],
'internal-project-5': [ // accessible
{
service: 'guppy',
method: '*',
},
],
'internal-project-6': [ // not accessible since service does not match
{
service: 'indexd',
method: '*',
},
],
});
};
Expand Down
9 changes: 8 additions & 1 deletion src/server/auth/__tests__/authHelper.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,8 @@ setupMockDataEndpoint();
describe('AuthHelper', () => {
test('could create auth helper instance', async () => {
const authHelper = await getAuthHelperInstance('fake-jwt');
expect(authHelper.getAccessibleResources()).toEqual(['internal-project-1', 'internal-project-2']);
expect(authHelper.getAccessibleResources()).toEqual(['internal-project-1', 'internal-project-2', 'internal-project-4', 'internal-project-5']);
expect(authHelper.getAccessibleResources()).not.toContain(['internal-project-3', 'internal-project-6']);
expect(authHelper.getUnaccessibleResources()).toEqual(['external-project-1', 'external-project-2']);
});

Expand Down Expand Up @@ -51,6 +52,8 @@ describe('AuthHelper', () => {
gen3_resource_path: [
'internal-project-1',
'internal-project-2',
'internal-project-4',
'internal-project-5',
],
},
};
Expand All @@ -70,6 +73,8 @@ describe('AuthHelper', () => {
gen3_resource_path: [
'internal-project-1',
'internal-project-2',
'internal-project-4',
'internal-project-5',
],
},
},
Expand Down Expand Up @@ -108,6 +113,8 @@ describe('AuthHelper', () => {
gen3_resource_path: [
'internal-project-1',
'internal-project-2',
'internal-project-4',
'internal-project-5',
],
},
};
Expand Down
29 changes: 23 additions & 6 deletions src/server/auth/arboristClient.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ class ArboristClient {

listAuthorizedResources(jwt) {
// Make request to arborist for list of resources with access
const resourcesEndpoint = `${this.baseEndpoint}/auth/resources`;
const resourcesEndpoint = `${this.baseEndpoint}/auth/mapping`;
log.debug('[ArboristClient] listAuthorizedResources jwt: ', jwt);
const headers = (jwt) ? { Authorization: `bearer ${jwt}` } : {};
return fetch(
Expand All @@ -21,11 +21,28 @@ class ArboristClient {
},
).then(
(response) => response.json(),
(err) => {
log.error(err);
throw new CodedError(500, err);
},
);
).then((result) => {
const data = {
resources: [],
};
Object.keys(result).forEach((key) => {
// logic: you have access to a project if you have the following access:
// method 'read' (or '*' - all methods) to service 'guppy' (or '*' - all services)
// on the project resource.
if (result[key] && result[key].some((x) => (
(x.method === 'read' || x.method === '*')
&& (x.service === 'guppy' || x.service === '*')
))) {
data.resources.push(key);
}
});
log.debug('[ArboristClient] data: ', data);
return data;
},
(err) => {
log.error(err);
throw new CodedError(500, err);
});
}
}

Expand Down
1 change: 0 additions & 1 deletion src/server/resolvers.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -146,7 +146,6 @@ const getFieldAggregationResolverMappings = (esInstance, esIndex) => {
return fieldAggregationResolverMappings;
};


/**
* Tree-structured resolvers pass down arguments.
* For better understanding, following is an example query, and related resolvers for each level:
Expand Down