Skip to content

Commit

Permalink
chore: rename jwtgenerator to jujuauth
Browse files Browse the repository at this point in the history
  • Loading branch information
kian99 committed Dec 18, 2024
1 parent 7869486 commit 78482b7
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 26 deletions.
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
// Copyright 2024 Canonical.

// Package jwtgenerator generates JWT tokens to
// Package jujuauth generates JWT tokens to
// authenticate and authorize messages to Juju controllers.
// This package is more specialised than a generic
// JWT token generator as it crafts Juju specific
// permissions that are added as claims to the JWT
// and therefore exists in JIMM's business logic layer.
package jwtgenerator
package jujuauth

import (
"context"
Expand All @@ -22,31 +22,31 @@ import (
"github.com/canonical/jimm/v3/internal/openfga"
)

// generatorDatabase specifies the database interface used by the
// GeneratorDatabase specifies the database interface used by the
// JWT generator.
type generatorDatabase interface {
type GeneratorDatabase interface {
GetController(ctx context.Context, controller *dbmodel.Controller) error
}

// generatorAccessChecker specifies the access checker used by the JWT
// GeneratorAccessChecker specifies the access checker used by the JWT
// generator to obtain user's access rights to various entities.
type generatorAccessChecker interface {
type GeneratorAccessChecker interface {
GetUserModelAccess(context.Context, *openfga.User, names.ModelTag) (string, error)
GetUserControllerAccess(context.Context, *openfga.User, names.ControllerTag) (string, error)
GetUserCloudAccess(context.Context, *openfga.User, names.CloudTag) (string, error)
CheckPermission(context.Context, *openfga.User, map[string]string, map[string]interface{}) (map[string]string, error)
}

// jwtService specifies the service JWT generator uses to generate JWTs.
type jwtService interface {
// JWTService specifies the service JWT generator uses to generate JWTs.
type JWTService interface {
NewJWT(context.Context, jimmjwx.JWTParams) ([]byte, error)
}

// JWTGenerator provides the necessary state and methods to authorize a user and generate JWT tokens.
type JWTGenerator struct {
database generatorDatabase
accessChecker generatorAccessChecker
jwtService jwtService
// TokenGenerator provides the necessary state and methods to authorize a user and generate JWT tokens.
type TokenGenerator struct {
database GeneratorDatabase
accessChecker GeneratorAccessChecker
jwtService JWTService

mu sync.Mutex
accessMapCache map[string]string
Expand All @@ -57,22 +57,22 @@ type JWTGenerator struct {
}

// New returns a new JWTGenerator.
func New(database generatorDatabase, accessChecker generatorAccessChecker, jwtService jwtService) JWTGenerator {
return JWTGenerator{
func New(database GeneratorDatabase, accessChecker GeneratorAccessChecker, jwtService JWTService) TokenGenerator {
return TokenGenerator{
database: database,
accessChecker: accessChecker,
jwtService: jwtService,
}
}

// SetTags implements TokenGenerator.
func (auth *JWTGenerator) SetTags(mt names.ModelTag, ct names.ControllerTag) {
func (auth *TokenGenerator) SetTags(mt names.ModelTag, ct names.ControllerTag) {
auth.mt = mt
auth.ct = ct
}

// SetTags implements TokenGenerator.
func (auth *JWTGenerator) GetUser() names.UserTag {
func (auth *TokenGenerator) GetUser() names.UserTag {
if auth.user != nil {
return auth.user.ResourceTag()
}
Expand All @@ -82,7 +82,7 @@ func (auth *JWTGenerator) GetUser() names.UserTag {
// MakeLoginToken authorizes the user based on the provided login requests and returns
// a JWT containing claims about user's access to the controller, model (if applicable)
// and all clouds that the controller knows about.
func (auth *JWTGenerator) MakeLoginToken(ctx context.Context, user *openfga.User) ([]byte, error) {
func (auth *TokenGenerator) MakeLoginToken(ctx context.Context, user *openfga.User) ([]byte, error) {
const op = errors.Op("jimm.MakeLoginToken")

auth.mu.Lock()
Expand Down Expand Up @@ -148,7 +148,7 @@ func (auth *JWTGenerator) MakeLoginToken(ctx context.Context, user *openfga.User
// MakeToken assumes MakeLoginToken has already been called and checks the permissions
// specified in the permissionMap. If the logged in user has all those permissions
// a JWT will be returned with assertions confirming all those permissions.
func (auth *JWTGenerator) MakeToken(ctx context.Context, permissionMap map[string]interface{}) ([]byte, error) {
func (auth *TokenGenerator) MakeToken(ctx context.Context, permissionMap map[string]interface{}) ([]byte, error) {
const op = errors.Op("jimm.MakeToken")

auth.mu.Lock()
Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
// Copyright 2024 Canonical.

package jwtgenerator_test
package jujuauth_test

import (
"context"
Expand All @@ -12,7 +12,7 @@ import (

"github.com/canonical/jimm/v3/internal/dbmodel"
"github.com/canonical/jimm/v3/internal/errors"
"github.com/canonical/jimm/v3/internal/jimm/jwtgenerator"
"github.com/canonical/jimm/v3/internal/jimm/jujuauth"
"github.com/canonical/jimm/v3/internal/jimmjwx"
"github.com/canonical/jimm/v3/internal/openfga"
)
Expand Down Expand Up @@ -238,7 +238,7 @@ func TestJWTGeneratorMakeLoginToken(t *testing.T) {
}}

for _, test := range tests {
generator := jwtgenerator.New(test.database, test.accessChecker, test.jwtService)
generator := jujuauth.New(test.database, test.accessChecker, test.jwtService)
generator.SetTags(mt, ct)

i, err := dbmodel.NewIdentity(test.username)
Expand Down Expand Up @@ -311,7 +311,7 @@ func TestJWTGeneratorMakeToken(t *testing.T) {
}}

for _, test := range tests {
generator := jwtgenerator.New(
generator := jujuauth.New(
&testDatabase{
ctl: dbmodel.Controller{
CloudRegions: []dbmodel.CloudRegionControllerPriority{{
Expand Down
6 changes: 3 additions & 3 deletions internal/jujuapi/websocket.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ import (
"github.com/canonical/jimm/v3/internal/dbmodel"
"github.com/canonical/jimm/v3/internal/errors"
"github.com/canonical/jimm/v3/internal/jimm"
"github.com/canonical/jimm/v3/internal/jimm/jwtgenerator"
"github.com/canonical/jimm/v3/internal/jimm/jujuauth"
"github.com/canonical/jimm/v3/internal/jimmhttp"
jimmRPC "github.com/canonical/jimm/v3/internal/rpc"
)
Expand Down Expand Up @@ -173,7 +173,7 @@ func modelInfoFromPath(path string) (uuid string, finalPath string, err error) {
// We act as a proxier, handling auth on requests before forwarding the
// requests to the appropriate Juju controller.
func (s apiProxier) ServeWS(ctx context.Context, clientConn *websocket.Conn) {
jwtGenerator := jwtgenerator.New(s.jimm.Database, s.jimm, s.jimm.JWTService)
jwtGenerator := jujuauth.New(s.jimm.Database, s.jimm, s.jimm.JWTService)
connectionFunc := controllerConnectionFunc(s, &jwtGenerator)
zapctx.Debug(ctx, "Starting proxier")
auditLogger := s.jimm.AddAuditLogEntry
Expand All @@ -192,7 +192,7 @@ func (s apiProxier) ServeWS(ctx context.Context, clientConn *websocket.Conn) {

// controllerConnectionFunc returns a function that will be used to
// connect to a controller when a client makes a request.
func controllerConnectionFunc(s apiProxier, jwtGenerator *jwtgenerator.JWTGenerator) func(context.Context) (jimmRPC.WebsocketConnectionWithMetadata, error) {
func controllerConnectionFunc(s apiProxier, jwtGenerator *jujuauth.TokenGenerator) func(context.Context) (jimmRPC.WebsocketConnectionWithMetadata, error) {
return func(ctx context.Context) (jimmRPC.WebsocketConnectionWithMetadata, error) {
const op = errors.Op("proxy.controllerConnectionFunc")
path := jimmhttp.PathElementFromContext(ctx, "path")
Expand Down

0 comments on commit 78482b7

Please sign in to comment.