From 2e60e7366fc5d169060da06ad004a7f067dcbd61 Mon Sep 17 00:00:00 2001 From: Kian Parvin Date: Mon, 2 Sep 2024 16:51:45 +0200 Subject: [PATCH] fix issues --- cmd/jimmsrv/service/service_test.go | 1 + internal/common/pagination/entitlement.go | 2 +- .../common/pagination/entitlement_test.go | 2 +- internal/common/pagination/export_test.go | 2 +- internal/common/pagination/pagination.go | 2 +- internal/common/pagination/pagination_test.go | 2 +- internal/common/utils/test_utils.go | 1 + internal/jimm/admin.go | 5 ++ internal/jimm/identity.go | 2 +- internal/jimm/identity_test.go | 2 +- internal/jimm/relation.go | 2 +- internal/jimm/relation_test.go | 2 +- .../jimmtest/mocks/jimm_controller_mock.go | 6 ++- internal/jimmtest/mocks/jimm_group_mock.go | 2 +- internal/jimmtest/mocks/jimm_relation_mock.go | 2 +- internal/jimmtest/mocks/login.go | 19 +++++-- internal/jimmtest/mocks/model.go | 4 +- internal/jujuapi/admin.go | 3 ++ internal/jujuapi/jimm_relation.go | 2 +- internal/jujuapi/modelmanager.go | 2 +- internal/jujuapi/service_account.go | 2 +- internal/jujuapi/service_account_test.go | 10 ++-- internal/middleware/auth.go | 14 ++--- internal/middleware/auth_test.go | 52 +++++++------------ internal/openfga/names/common.go | 2 +- internal/rebac_admin/backend.go | 4 +- internal/rebac_admin/entitlements.go | 5 +- internal/rebac_admin/export_test.go | 1 + internal/rebac_admin/groups.go | 2 +- .../rebac_admin/groups_integration_test.go | 8 +-- internal/rebac_admin/groups_test.go | 2 +- internal/rebac_admin/identities.go | 14 ++--- .../identities_integration_test.go | 1 + internal/rebac_admin/identities_test.go | 2 +- internal/rebac_admin/package_test.go | 2 +- internal/rebac_admin/utils/auth.go | 5 +- internal/rebac_admin/utils/errors.go | 1 + internal/rebac_admin/utils/types.go | 1 + internal/rebac_admin/utils/utils.go | 2 +- 39 files changed, 103 insertions(+), 92 deletions(-) diff --git a/cmd/jimmsrv/service/service_test.go b/cmd/jimmsrv/service/service_test.go index 5f5bea519..07d4ed519 100644 --- a/cmd/jimmsrv/service/service_test.go +++ b/cmd/jimmsrv/service/service_test.go @@ -292,6 +292,7 @@ func TestRebacAdminApi(t *testing.T) { response, err := srv.Client().Get(srv.URL + "/rebac/v1/swagger.json") c.Assert(err, qt.IsNil) + defer response.Body.Close() c.Assert(response.StatusCode, qt.Equals, 401) } diff --git a/internal/common/pagination/entitlement.go b/internal/common/pagination/entitlement.go index 12c01922e..276a07e38 100644 --- a/internal/common/pagination/entitlement.go +++ b/internal/common/pagination/entitlement.go @@ -1,4 +1,4 @@ -// Copyright 2024 Canonical Ltd. +// Copyright 2024 Canonical. package pagination diff --git a/internal/common/pagination/entitlement_test.go b/internal/common/pagination/entitlement_test.go index d6c5c7431..592f59ba8 100644 --- a/internal/common/pagination/entitlement_test.go +++ b/internal/common/pagination/entitlement_test.go @@ -1,4 +1,4 @@ -// Copyright 2024 Canonical Ltd. +// Copyright 2024 Canonical. package pagination_test diff --git a/internal/common/pagination/export_test.go b/internal/common/pagination/export_test.go index 611ea33b4..db80c2be3 100644 --- a/internal/common/pagination/export_test.go +++ b/internal/common/pagination/export_test.go @@ -1,4 +1,4 @@ -// Copyright 2024 Canonical Ltd. +// Copyright 2024 Canonical. package pagination diff --git a/internal/common/pagination/pagination.go b/internal/common/pagination/pagination.go index 82380279c..7c0360a99 100644 --- a/internal/common/pagination/pagination.go +++ b/internal/common/pagination/pagination.go @@ -1,4 +1,4 @@ -// Copyright 2024 Canonical Ltd. +// Copyright 2024 Canonical. // pagination holds common pagination patterns. package pagination diff --git a/internal/common/pagination/pagination_test.go b/internal/common/pagination/pagination_test.go index 60ce5af93..18c3769cf 100644 --- a/internal/common/pagination/pagination_test.go +++ b/internal/common/pagination/pagination_test.go @@ -1,4 +1,4 @@ -// Copyright 2024 Canonical Ltd. +// Copyright 2024 Canonical. package pagination_test diff --git a/internal/common/utils/test_utils.go b/internal/common/utils/test_utils.go index 199871d37..4e0b7fdcc 100644 --- a/internal/common/utils/test_utils.go +++ b/internal/common/utils/test_utils.go @@ -1,3 +1,4 @@ +// Copyright 2024 Canonical. package utils func IntToPointer(i int) *int { diff --git a/internal/jimm/admin.go b/internal/jimm/admin.go index 844761918..f17ff3690 100644 --- a/internal/jimm/admin.go +++ b/internal/jimm/admin.go @@ -4,6 +4,7 @@ package jimm import ( "context" + "net/http" "golang.org/x/oauth2" @@ -22,6 +23,10 @@ func (j *JIMM) LoginDevice(ctx context.Context) (*oauth2.DeviceAuthResponse, err return resp, nil } +func (j *JIMM) AuthenticateBrowserSession(ctx context.Context, w http.ResponseWriter, r *http.Request) (context.Context, error) { + return j.OAuthAuthenticator.AuthenticateBrowserSession(ctx, w, r) +} + // GetDeviceSessionToken polls an OIDC server while a user logs in and returns a session token scoped to the user's identity. func (j *JIMM) GetDeviceSessionToken(ctx context.Context, deviceOAuthResponse *oauth2.DeviceAuthResponse) (string, error) { const op = errors.Op("jimm.GetDeviceSessionToken") diff --git a/internal/jimm/identity.go b/internal/jimm/identity.go index 57af733d6..740f28353 100644 --- a/internal/jimm/identity.go +++ b/internal/jimm/identity.go @@ -1,4 +1,4 @@ -// Copyright 2020 Canonical Ltd. +// Copyright 2024 Canonical. package jimm diff --git a/internal/jimm/identity_test.go b/internal/jimm/identity_test.go index f7128c643..e189dc594 100644 --- a/internal/jimm/identity_test.go +++ b/internal/jimm/identity_test.go @@ -1,4 +1,4 @@ -// Copyright 2021 Canonical Ltd. +// Copyright 2024 Canonical. package jimm_test diff --git a/internal/jimm/relation.go b/internal/jimm/relation.go index 8f317779c..20952e31c 100644 --- a/internal/jimm/relation.go +++ b/internal/jimm/relation.go @@ -1,4 +1,4 @@ -// Copyright 2024 Canonical Ltd. +// Copyright 2024 Canonical. package jimm diff --git a/internal/jimm/relation_test.go b/internal/jimm/relation_test.go index d6b372bf3..ac3b8a9a2 100644 --- a/internal/jimm/relation_test.go +++ b/internal/jimm/relation_test.go @@ -1,4 +1,4 @@ -// Copyright 2024 Canonical Ltd. +// Copyright 2024 Canonical. package jimm_test diff --git a/internal/jimmtest/mocks/jimm_controller_mock.go b/internal/jimmtest/mocks/jimm_controller_mock.go index 143dda015..a0f2aead6 100644 --- a/internal/jimmtest/mocks/jimm_controller_mock.go +++ b/internal/jimmtest/mocks/jimm_controller_mock.go @@ -1,13 +1,15 @@ +// Copyright 2024 Canonical. package mocks import ( "context" + jujuparams "github.com/juju/juju/rpc/params" + "github.com/juju/version" + "github.com/canonical/jimm/v3/internal/dbmodel" "github.com/canonical/jimm/v3/internal/errors" "github.com/canonical/jimm/v3/internal/openfga" - jujuparams "github.com/juju/juju/rpc/params" - "github.com/juju/version" ) // ControllerService is an implementation of the jujuapi.ControllerService interface. diff --git a/internal/jimmtest/mocks/jimm_group_mock.go b/internal/jimmtest/mocks/jimm_group_mock.go index b93b94a4c..8065635d5 100644 --- a/internal/jimmtest/mocks/jimm_group_mock.go +++ b/internal/jimmtest/mocks/jimm_group_mock.go @@ -1,4 +1,4 @@ -// Copyright 2024 Canonical Ltd. +// Copyright 2024 Canonical. // This package contains mocks for each JIMM service. // Each file contains a struct providing tests with the ability to mock diff --git a/internal/jimmtest/mocks/jimm_relation_mock.go b/internal/jimmtest/mocks/jimm_relation_mock.go index ec425ba61..06fb1652b 100644 --- a/internal/jimmtest/mocks/jimm_relation_mock.go +++ b/internal/jimmtest/mocks/jimm_relation_mock.go @@ -1,4 +1,4 @@ -// Copyright 2024 Canonical Ltd. +// Copyright 2024 Canonical. package mocks diff --git a/internal/jimmtest/mocks/login.go b/internal/jimmtest/mocks/login.go index 0fa6fdf88..48e54779f 100644 --- a/internal/jimmtest/mocks/login.go +++ b/internal/jimmtest/mocks/login.go @@ -3,6 +3,7 @@ package mocks import ( "context" + "net/http" "golang.org/x/oauth2" @@ -11,11 +12,19 @@ import ( ) type LoginService struct { - LoginDevice_ func(ctx context.Context) (*oauth2.DeviceAuthResponse, error) - GetDeviceSessionToken_ func(ctx context.Context, deviceOAuthResponse *oauth2.DeviceAuthResponse) (string, error) - LoginClientCredentials_ func(ctx context.Context, clientID string, clientSecret string) (*openfga.User, error) - LoginWithSessionToken_ func(ctx context.Context, sessionToken string) (*openfga.User, error) - LoginWithSessionCookie_ func(ctx context.Context, identityID string) (*openfga.User, error) + AuthenticateBrowserSession_ func(ctx context.Context, w http.ResponseWriter, req *http.Request) (context.Context, error) + LoginDevice_ func(ctx context.Context) (*oauth2.DeviceAuthResponse, error) + GetDeviceSessionToken_ func(ctx context.Context, deviceOAuthResponse *oauth2.DeviceAuthResponse) (string, error) + LoginClientCredentials_ func(ctx context.Context, clientID string, clientSecret string) (*openfga.User, error) + LoginWithSessionToken_ func(ctx context.Context, sessionToken string) (*openfga.User, error) + LoginWithSessionCookie_ func(ctx context.Context, identityID string) (*openfga.User, error) +} + +func (j *LoginService) AuthenticateBrowserSession(ctx context.Context, w http.ResponseWriter, req *http.Request) (context.Context, error) { + if j.AuthenticateBrowserSession_ == nil { + return nil, errors.E(errors.CodeNotImplemented) + } + return j.AuthenticateBrowserSession_(ctx, w, req) } func (j *LoginService) LoginDevice(ctx context.Context) (*oauth2.DeviceAuthResponse, error) { diff --git a/internal/jimmtest/mocks/model.go b/internal/jimmtest/mocks/model.go index 37b991873..0b0ff2536 100644 --- a/internal/jimmtest/mocks/model.go +++ b/internal/jimmtest/mocks/model.go @@ -30,7 +30,7 @@ type ModelManager struct { ModelDefaultsForCloud_ func(ctx context.Context, user *dbmodel.Identity, cloudTag names.CloudTag) (jujuparams.ModelDefaultsResult, error) ModelInfo_ func(ctx context.Context, u *openfga.User, mt names.ModelTag) (*jujuparams.ModelInfo, error) ModelStatus_ func(ctx context.Context, u *openfga.User, mt names.ModelTag) (*jujuparams.ModelStatus, error) - QueryModelsJq_ func(ctx context.Context, models []dbmodel.Model, jqQuery string) (params.CrossModelQueryResponse, error) + QueryModelsJq_ func(ctx context.Context, models []string, jqQuery string) (params.CrossModelQueryResponse, error) SetModelDefaults_ func(ctx context.Context, user *dbmodel.Identity, cloudTag names.CloudTag, region string, configs map[string]interface{}) error UnsetModelDefaults_ func(ctx context.Context, user *dbmodel.Identity, cloudTag names.CloudTag, region string, keys []string) error UpdateMigratedModel_ func(ctx context.Context, user *openfga.User, modelTag names.ModelTag, targetControllerName string) error @@ -120,7 +120,7 @@ func (j *ModelManager) ModelStatus(ctx context.Context, u *openfga.User, mt name return j.ModelStatus_(ctx, u, mt) } -func (j *ModelManager) QueryModelsJq(ctx context.Context, models []dbmodel.Model, jqQuery string) (params.CrossModelQueryResponse, error) { +func (j *ModelManager) QueryModelsJq(ctx context.Context, models []string, jqQuery string) (params.CrossModelQueryResponse, error) { if j.QueryModelsJq_ == nil { return params.CrossModelQueryResponse{}, errors.E(errors.CodeNotImplemented) } diff --git a/internal/jujuapi/admin.go b/internal/jujuapi/admin.go index 246feb3bb..dd9be25ab 100644 --- a/internal/jujuapi/admin.go +++ b/internal/jujuapi/admin.go @@ -4,6 +4,7 @@ package jujuapi import ( "context" + "net/http" "sort" "github.com/juju/juju/rpc" @@ -18,6 +19,8 @@ import ( // LoginService defines the set of methods used for login to JIMM. type LoginService interface { + // AuthenticateBrowserSession authenticates a session cookie is valid. + AuthenticateBrowserSession(ctx context.Context, w http.ResponseWriter, r *http.Request) (context.Context, error) // LoginDevice is step 1 in the device flow and returns the OIDC server that the client should use for login. LoginDevice(ctx context.Context) (*oauth2.DeviceAuthResponse, error) // GetDeviceSessionToken polls the OIDC server waiting for the client to login and return a user scoped session token. diff --git a/internal/jujuapi/jimm_relation.go b/internal/jujuapi/jimm_relation.go index ad17d02a8..2e54225d6 100644 --- a/internal/jujuapi/jimm_relation.go +++ b/internal/jujuapi/jimm_relation.go @@ -1,4 +1,4 @@ -// Copyright 2024 Canonical Ltd. +// Copyright 2024 Canonical. package jujuapi diff --git a/internal/jujuapi/modelmanager.go b/internal/jujuapi/modelmanager.go index fec14a500..cc0e67f82 100644 --- a/internal/jujuapi/modelmanager.go +++ b/internal/jujuapi/modelmanager.go @@ -70,7 +70,7 @@ type ModelManager interface { ModelDefaultsForCloud(ctx context.Context, user *dbmodel.Identity, cloudTag names.CloudTag) (jujuparams.ModelDefaultsResult, error) ModelInfo(ctx context.Context, u *openfga.User, mt names.ModelTag) (*jujuparams.ModelInfo, error) ModelStatus(ctx context.Context, u *openfga.User, mt names.ModelTag) (*jujuparams.ModelStatus, error) - QueryModelsJq(ctx context.Context, models []dbmodel.Model, jqQuery string) (params.CrossModelQueryResponse, error) + QueryModelsJq(ctx context.Context, models []string, jqQuery string) (params.CrossModelQueryResponse, error) SetModelDefaults(ctx context.Context, user *dbmodel.Identity, cloudTag names.CloudTag, region string, configs map[string]interface{}) error UnsetModelDefaults(ctx context.Context, user *dbmodel.Identity, cloudTag names.CloudTag, region string, keys []string) error UpdateMigratedModel(ctx context.Context, user *openfga.User, modelTag names.ModelTag, targetControllerName string) error diff --git a/internal/jujuapi/service_account.go b/internal/jujuapi/service_account.go index ad54808f3..2e0b5dc85 100644 --- a/internal/jujuapi/service_account.go +++ b/internal/jujuapi/service_account.go @@ -72,7 +72,7 @@ func (r *controllerRoot) getServiceAccount(ctx context.Context, clientID string) return nil, errors.E(errors.CodeUnauthorized, "unauthorized") } - return r.jimm.GetUser(ctx, clientIdWithDomain) + return r.jimm.UserLogin(ctx, clientIdWithDomain) } // UpdateServiceAccountCredentialsCheckModels updates a set of cloud credentials' content. diff --git a/internal/jujuapi/service_account_test.go b/internal/jujuapi/service_account_test.go index 1ac278f3b..b6d14a222 100644 --- a/internal/jujuapi/service_account_test.go +++ b/internal/jujuapi/service_account_test.go @@ -175,7 +175,7 @@ func TestCopyServiceAccountCredential(t *testing.T) { newCredTag := names.NewCloudCredentialTag(fmt.Sprintf("%s/%s/%s", test.args.CloudName, svcAcc.Name, test.args.CredentialName)) return newCredTag, nil, nil }, - GetUser_: func(ctx context.Context, email string) (*openfga.User, error) { + UserLogin_: func(ctx context.Context, email string) (*openfga.User, error) { var u dbmodel.Identity u.SetTag(names.NewUserTag(email)) return openfga.NewUser(&u, ofgaClient), nil @@ -259,7 +259,7 @@ func TestGetServiceAccount(t *testing.T) { err = pgDb.Migrate(context.Background(), false) c.Assert(err, qt.IsNil) jimm := &jimmtest.JIMM{ - GetUser_: func(ctx context.Context, email string) (*openfga.User, error) { + UserLogin_: func(ctx context.Context, email string) (*openfga.User, error) { var u dbmodel.Identity u.SetTag(names.NewUserTag(email)) return openfga.NewUser(&u, ofgaClient), nil @@ -453,7 +453,7 @@ func TestUpdateServiceAccountCredentials(t *testing.T) { c.Assert(err, qt.IsNil) jimm := &jimmtest.JIMM{ UpdateCloudCredential_: test.updateCloudCredential, - GetUser_: func(ctx context.Context, email string) (*openfga.User, error) { return nil, nil }, + UserLogin_: func(ctx context.Context, email string) (*openfga.User, error) { return nil, nil }, } var u dbmodel.Identity u.SetTag(names.NewUserTag(test.username)) @@ -586,7 +586,7 @@ func TestListServiceAccountCredentials(t *testing.T) { GetCloudCredential_: test.getCloudCredential, GetCloudCredentialAttributes_: test.getCloudCredentialAttributes, ForEachUserCloudCredential_: test.ForEachUserCloudCredential, - GetUser_: func(ctx context.Context, email string) (*openfga.User, error) { + UserLogin_: func(ctx context.Context, email string) (*openfga.User, error) { var u dbmodel.Identity u.SetTag(names.NewUserTag(email)) return openfga.NewUser(&u, ofgaClient), nil @@ -702,7 +702,7 @@ func TestGrantServiceAccountAccess(t *testing.T) { err = pgDb.Migrate(context.Background(), false) c.Assert(err, qt.IsNil) jimm := &jimmtest.JIMM{ - GetUser_: func(ctx context.Context, email string) (*openfga.User, error) { return nil, nil }, + UserLogin_: func(ctx context.Context, email string) (*openfga.User, error) { return nil, nil }, GrantServiceAccountAccess_: test.grantServiceAccountAccess, } var u dbmodel.Identity diff --git a/internal/middleware/auth.go b/internal/middleware/auth.go index 11d354e53..44120ffbf 100644 --- a/internal/middleware/auth.go +++ b/internal/middleware/auth.go @@ -1,22 +1,22 @@ -// Copyright 2024 Canonical Ltd. +// Copyright 2024 Canonical. package middleware import ( "net/http" + rebac_handlers "github.com/canonical/rebac-admin-ui-handlers/v1" "github.com/juju/zaputil/zapctx" "go.uber.org/zap" "github.com/canonical/jimm/v3/internal/auth" "github.com/canonical/jimm/v3/internal/jujuapi" - rebac_handlers "github.com/canonical/rebac-admin-ui-handlers/v1" ) // AuthenticateViaCookie performs browser session authentication and puts an identity in the request's context func AuthenticateViaCookie(next http.Handler, jimm jujuapi.JIMM) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - ctx, err := jimm.OAuthAuthenticationService().AuthenticateBrowserSession(r.Context(), w, r) + ctx, err := jimm.AuthenticateBrowserSession(r.Context(), w, r) if err != nil { zapctx.Error(ctx, "failed to authenticate", zap.Error(err)) http.Error(w, "failed to authenticate", http.StatusUnauthorized) @@ -41,7 +41,7 @@ func AuthenticateRebac(next http.Handler, jimm jujuapi.JIMM) http.Handler { return } - user, err := jimm.GetUser(ctx, identity) + user, err := jimm.UserLogin(ctx, identity) if err != nil { zapctx.Error(ctx, "failed to get openfga user", zap.Error(err)) http.Error(w, "internal authentication error", http.StatusInternalServerError) @@ -49,13 +49,9 @@ func AuthenticateRebac(next http.Handler, jimm jujuapi.JIMM) http.Handler { } if !user.JimmAdmin { w.WriteHeader(http.StatusUnauthorized) - w.Write([]byte("user is not an admin")) + _, _ = w.Write([]byte("user is not an admin")) return } - err = jimm.UpdateUserLastLogin(ctx, identity) - if err != nil { - zapctx.Error(ctx, "failed to update user last login", zap.Error(err)) - } ctx = rebac_handlers.ContextWithIdentity(ctx, user) next.ServeHTTP(w, r.WithContext(ctx)) diff --git a/internal/middleware/auth_test.go b/internal/middleware/auth_test.go index f38454fc7..a622f542b 100644 --- a/internal/middleware/auth_test.go +++ b/internal/middleware/auth_test.go @@ -1,4 +1,4 @@ -// Copyright 2024 Canonical Ltd. +// Copyright 2024 Canonical. package middleware_test @@ -9,60 +9,52 @@ import ( "net/http/httptest" "testing" + rebac_handlers "github.com/canonical/rebac-admin-ui-handlers/v1" qt "github.com/frankban/quicktest" "github.com/canonical/jimm/v3/internal/auth" "github.com/canonical/jimm/v3/internal/dbmodel" - "github.com/canonical/jimm/v3/internal/jimm" "github.com/canonical/jimm/v3/internal/jimmtest" + "github.com/canonical/jimm/v3/internal/jimmtest/mocks" "github.com/canonical/jimm/v3/internal/middleware" "github.com/canonical/jimm/v3/internal/openfga" - rebac_handlers "github.com/canonical/rebac-admin-ui-handlers/v1" ) // Checks if the authenticator responsible for access control to rebac admin handlers works correctly. func TestAuthenticateRebac(t *testing.T) { testUser := "test-user@canonical.com" tests := []struct { - name string - setupMock func(*jimmtest.MockOAuthAuthenticator) - jimmAdmin bool - expectedStatus int + name string + mockAuthBrowserSession func(ctx context.Context, w http.ResponseWriter, req *http.Request) (context.Context, error) + jimmAdmin bool + expectedStatus int }{ { name: "success", - setupMock: func(m *jimmtest.MockOAuthAuthenticator) { - m.AuthenticateBrowserSession_ = func(ctx context.Context, w http.ResponseWriter, req *http.Request) (context.Context, error) { - return auth.ContextWithSessionIdentity(ctx, testUser), nil - } + mockAuthBrowserSession: func(ctx context.Context, w http.ResponseWriter, req *http.Request) (context.Context, error) { + return auth.ContextWithSessionIdentity(ctx, testUser), nil }, jimmAdmin: true, expectedStatus: http.StatusOK, }, { name: "failure", - setupMock: func(m *jimmtest.MockOAuthAuthenticator) { - m.AuthenticateBrowserSession_ = func(ctx context.Context, w http.ResponseWriter, req *http.Request) (context.Context, error) { - return ctx, errors.New("some error") - } + mockAuthBrowserSession: func(ctx context.Context, w http.ResponseWriter, req *http.Request) (context.Context, error) { + return ctx, errors.New("some error") }, expectedStatus: http.StatusUnauthorized, }, { name: "no identity", - setupMock: func(m *jimmtest.MockOAuthAuthenticator) { - m.AuthenticateBrowserSession_ = func(ctx context.Context, w http.ResponseWriter, req *http.Request) (context.Context, error) { - return ctx, nil - } + mockAuthBrowserSession: func(ctx context.Context, w http.ResponseWriter, req *http.Request) (context.Context, error) { + return ctx, nil }, expectedStatus: http.StatusInternalServerError, }, { name: "not a jimm admin", - setupMock: func(m *jimmtest.MockOAuthAuthenticator) { - m.AuthenticateBrowserSession_ = func(ctx context.Context, w http.ResponseWriter, req *http.Request) (context.Context, error) { - return auth.ContextWithSessionIdentity(ctx, testUser), nil - } + mockAuthBrowserSession: func(ctx context.Context, w http.ResponseWriter, req *http.Request) (context.Context, error) { + return auth.ContextWithSessionIdentity(ctx, testUser), nil }, jimmAdmin: false, expectedStatus: http.StatusUnauthorized, @@ -73,20 +65,16 @@ func TestAuthenticateRebac(t *testing.T) { t.Run(tt.name, func(t *testing.T) { c := qt.New(t) - mockAuthService := jimmtest.NewMockOAuthAuthenticator(nil, nil) - tt.setupMock(&mockAuthService) - j := jimmtest.JIMM{ - OAuthAuthenticationService_: func() jimm.OAuthAuthenticator { - return &mockAuthService + LoginService: mocks.LoginService{ + AuthenticateBrowserSession_: func(ctx context.Context, w http.ResponseWriter, req *http.Request) (context.Context, error) { + return tt.mockAuthBrowserSession(ctx, w, req) + }, }, - GetUser_: func(ctx context.Context, username string) (*openfga.User, error) { + UserLogin_: func(ctx context.Context, username string) (*openfga.User, error) { user := dbmodel.Identity{Name: username} return &openfga.User{Identity: &user, JimmAdmin: tt.jimmAdmin}, nil }, - UpdateUserLastLogin_: func(ctx context.Context, identifier string) error { - return nil - }, } req := httptest.NewRequest(http.MethodGet, "/", nil) w := httptest.NewRecorder() diff --git a/internal/openfga/names/common.go b/internal/openfga/names/common.go index ca6e7619a..199333cc4 100644 --- a/internal/openfga/names/common.go +++ b/internal/openfga/names/common.go @@ -1,4 +1,4 @@ -// Copyright 2024 canonical. +// Copyright 2024 Canonical. package names diff --git a/internal/rebac_admin/backend.go b/internal/rebac_admin/backend.go index e26c6ed19..0af81f3b1 100644 --- a/internal/rebac_admin/backend.go +++ b/internal/rebac_admin/backend.go @@ -1,16 +1,16 @@ -// Copyright 2024 Canonical Ltd. +// Copyright 2024 Canonical. package rebac_admin import ( "context" + rebac_handlers "github.com/canonical/rebac-admin-ui-handlers/v1" "github.com/juju/zaputil/zapctx" "go.uber.org/zap" "github.com/canonical/jimm/v3/internal/errors" "github.com/canonical/jimm/v3/internal/jujuapi" - rebac_handlers "github.com/canonical/rebac-admin-ui-handlers/v1" ) func SetupBackend(ctx context.Context, jimm jujuapi.JIMM) (*rebac_handlers.ReBACAdminBackend, error) { diff --git a/internal/rebac_admin/entitlements.go b/internal/rebac_admin/entitlements.go index fe4fa8b37..f3d624249 100644 --- a/internal/rebac_admin/entitlements.go +++ b/internal/rebac_admin/entitlements.go @@ -1,12 +1,13 @@ -// Copyright 2024 canonical. +// Copyright 2024 Canonical. package rebac_admin import ( "context" - openfgastatic "github.com/canonical/jimm/v3/openfga" "github.com/canonical/rebac-admin-ui-handlers/v1/resources" + + openfgastatic "github.com/canonical/jimm/v3/openfga" ) // Since these values have semantic meanings in the API, they'll probably be diff --git a/internal/rebac_admin/export_test.go b/internal/rebac_admin/export_test.go index 812b2170f..953b447e0 100644 --- a/internal/rebac_admin/export_test.go +++ b/internal/rebac_admin/export_test.go @@ -1,3 +1,4 @@ +// Copyright 2024 Canonical. package rebac_admin var ( diff --git a/internal/rebac_admin/groups.go b/internal/rebac_admin/groups.go index f7eb8e0ac..8fde4575b 100644 --- a/internal/rebac_admin/groups.go +++ b/internal/rebac_admin/groups.go @@ -1,4 +1,4 @@ -// Copyright 2024 Canonical Ltd. +// Copyright 2024 Canonical. package rebac_admin diff --git a/internal/rebac_admin/groups_integration_test.go b/internal/rebac_admin/groups_integration_test.go index b22b95085..b14b6c86f 100644 --- a/internal/rebac_admin/groups_integration_test.go +++ b/internal/rebac_admin/groups_integration_test.go @@ -1,4 +1,4 @@ -// Copyright 2024 Canonical Ltd. +// Copyright 2024 Canonical. package rebac_admin_test @@ -6,6 +6,9 @@ import ( "context" "fmt" + rebac_handlers "github.com/canonical/rebac-admin-ui-handlers/v1" + "github.com/canonical/rebac-admin-ui-handlers/v1/resources" + "github.com/juju/names/v5" gc "gopkg.in/check.v1" "github.com/canonical/jimm/v3/internal/jimmtest" @@ -13,9 +16,6 @@ import ( ofganames "github.com/canonical/jimm/v3/internal/openfga/names" "github.com/canonical/jimm/v3/internal/rebac_admin" jimmnames "github.com/canonical/jimm/v3/pkg/names" - rebac_handlers "github.com/canonical/rebac-admin-ui-handlers/v1" - "github.com/canonical/rebac-admin-ui-handlers/v1/resources" - "github.com/juju/names/v5" ) type rebacAdminSuite struct { diff --git a/internal/rebac_admin/groups_test.go b/internal/rebac_admin/groups_test.go index fe0be0b0f..3fc964bbb 100644 --- a/internal/rebac_admin/groups_test.go +++ b/internal/rebac_admin/groups_test.go @@ -1,4 +1,4 @@ -// Copyright 2024 Canonical Ltd. +// Copyright 2024 Canonical. package rebac_admin_test diff --git a/internal/rebac_admin/identities.go b/internal/rebac_admin/identities.go index eb6f7d080..584f54a55 100644 --- a/internal/rebac_admin/identities.go +++ b/internal/rebac_admin/identities.go @@ -1,4 +1,4 @@ -// Copyright 2024 Canonical Ltd. +// Copyright 2024 Canonical. package rebac_admin @@ -6,18 +6,18 @@ import ( "context" "fmt" + v1 "github.com/canonical/rebac-admin-ui-handlers/v1" + "github.com/canonical/rebac-admin-ui-handlers/v1/resources" + "github.com/juju/names/v5" + "github.com/juju/zaputil/zapctx" + "go.uber.org/zap" + "github.com/canonical/jimm/v3/internal/common/pagination" "github.com/canonical/jimm/v3/internal/jujuapi" "github.com/canonical/jimm/v3/internal/openfga" ofganames "github.com/canonical/jimm/v3/internal/openfga/names" "github.com/canonical/jimm/v3/internal/rebac_admin/utils" apiparams "github.com/canonical/jimm/v3/pkg/api/params" - "github.com/juju/names/v5" - - v1 "github.com/canonical/rebac-admin-ui-handlers/v1" - "github.com/canonical/rebac-admin-ui-handlers/v1/resources" - "github.com/juju/zaputil/zapctx" - "go.uber.org/zap" ) type identitiesService struct { diff --git a/internal/rebac_admin/identities_integration_test.go b/internal/rebac_admin/identities_integration_test.go index 236f682c1..b6d46e8cf 100644 --- a/internal/rebac_admin/identities_integration_test.go +++ b/internal/rebac_admin/identities_integration_test.go @@ -1,3 +1,4 @@ +// Copyright 2024 Canonical. package rebac_admin_test import ( diff --git a/internal/rebac_admin/identities_test.go b/internal/rebac_admin/identities_test.go index 2c4a01bd5..d039b18f1 100644 --- a/internal/rebac_admin/identities_test.go +++ b/internal/rebac_admin/identities_test.go @@ -1,4 +1,4 @@ -// Copyright 2024 Canonical Ltd. +// Copyright 2024 Canonical. package rebac_admin_test diff --git a/internal/rebac_admin/package_test.go b/internal/rebac_admin/package_test.go index 2f0c766a1..4c66d1819 100644 --- a/internal/rebac_admin/package_test.go +++ b/internal/rebac_admin/package_test.go @@ -1,4 +1,4 @@ -// Copyright 2024 Canonical Ltd. +// Copyright 2024 Canonical. package rebac_admin_test diff --git a/internal/rebac_admin/utils/auth.go b/internal/rebac_admin/utils/auth.go index 66a743760..376a778e4 100644 --- a/internal/rebac_admin/utils/auth.go +++ b/internal/rebac_admin/utils/auth.go @@ -1,4 +1,4 @@ -// Copyright 2024 Canonical Ltd. +// Copyright 2024 Canonical. package utils @@ -6,8 +6,9 @@ import ( "context" "errors" - "github.com/canonical/jimm/v3/internal/openfga" rebac_handlers "github.com/canonical/rebac-admin-ui-handlers/v1" + + "github.com/canonical/jimm/v3/internal/openfga" ) // GetUserFromContext retrieves the OpenFGA user pointer from the context diff --git a/internal/rebac_admin/utils/errors.go b/internal/rebac_admin/utils/errors.go index 0bdeb0a02..7c4c86c4e 100644 --- a/internal/rebac_admin/utils/errors.go +++ b/internal/rebac_admin/utils/errors.go @@ -1,3 +1,4 @@ +// Copyright 2024 Canonical. package utils import "errors" diff --git a/internal/rebac_admin/utils/types.go b/internal/rebac_admin/utils/types.go index 2266eb913..3e02a7a3f 100644 --- a/internal/rebac_admin/utils/types.go +++ b/internal/rebac_admin/utils/types.go @@ -1,3 +1,4 @@ +// Copyright 2024 Canonical. package utils import ( diff --git a/internal/rebac_admin/utils/utils.go b/internal/rebac_admin/utils/utils.go index 180dab6ec..11bde5059 100644 --- a/internal/rebac_admin/utils/utils.go +++ b/internal/rebac_admin/utils/utils.go @@ -1,4 +1,4 @@ -// Copyright 2024 Canonical Ltd. +// Copyright 2024 Canonical. package utils