Fixes authorization flow for /api/logs/v1/{tenant}/rules (observatori…

…um#584)
periklis · Oct 12, 2023 · 08a17ed · 08a17ed
1 parent 5951750
commit 08a17ed
Show file tree

Hide file tree

Showing 4 changed files with 85 additions and 2 deletions.
diff --git a/authorization/http.go b/authorization/http.go
@@ -61,7 +61,7 @@ func WithSelectorsInfo(ctx context.Context, info *SelectorsInfo) context.Context
 }
 
 // WithLogsStreamSelectorsExtractor returns a middleware that, when enabled, tries to extract
-// stream selectors from queries, so that they can be used in authorizing the request.
+// stream selectors from queries or rules, so that they can be used in authorizing the request.
 func WithLogsStreamSelectorsExtractor(logger log.Logger, selectorNames []string) func(http.Handler) http.Handler {
 	enabled := len(selectorNames) > 0
 

diff --git a/authorization/query.go b/authorization/query.go
@@ -12,7 +12,12 @@ import (
 func extractLogStreamSelectors(selectorNames map[string]bool, values url.Values) (*SelectorsInfo, error) {
 	query := values.Get("query")
 	if query == "" {
-		return emptySelectorsInfo, nil
+		// If query is empty we will assume it's a possibly a rules request
+		selectors := parseLogRulesSelectors(selectorNames, values)
+
+		return &SelectorsInfo{
+			Selectors: selectors,
+		}, nil
 	}
 
 	selectors, hasWildcard, err := parseLogStreamSelectors(selectorNames, query)

diff --git a/authorization/rules.go b/authorization/rules.go
@@ -0,0 +1,27 @@
+package authorization
+
+import (
+	"net/url"
+)
+
+func parseLogRulesSelectors(selectorNames map[string]bool, queryParameter url.Values) map[string][]string {
+	selectors := make(map[string][]string)
+	appendSelector := func(selector, value string) {
+		values, ok := selectors[selector]
+		if !ok {
+			values = make([]string, 0)
+		}
+
+		values = append(values, value)
+		selectors[selector] = values
+	}
+
+	for selector := range selectorNames {
+		values := queryParameter[selector]
+		for _, value := range values {
+			appendSelector(selector, value)
+		}
+	}
+
+	return selectors
+}
diff --git a/authorization/rules_test.go b/authorization/rules_test.go
@@ -0,0 +1,51 @@
+package authorization
+
+import (
+	"net/url"
+	"reflect"
+	"testing"
+
+	"github.com/efficientgo/core/testutil"
+)
+
+func Test_parseQueryParametersSelectors(t *testing.T) {
+	testSelectorLabels := map[string]bool{
+		"namespace":             true,
+		"other_namespace_label": true,
+	}
+	tests := []struct {
+		queryParameters string
+		wantSelectors   map[string][]string
+	}{
+		{
+			queryParameters: `namespace=test`,
+			wantSelectors: map[string][]string{
+				"namespace": {"test"},
+			},
+		},
+		{
+			queryParameters: `namespace=test&other_namespace_label=test2`,
+			wantSelectors: map[string][]string{
+				"namespace":             {"test"},
+				"other_namespace_label": {"test2"},
+			},
+		},
+		{
+			queryParameters: `namespace=test&namespace=test2`,
+			wantSelectors: map[string][]string{
+				"namespace": {"test", "test2"},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.queryParameters, func(t *testing.T) {
+			queryValues, err := url.ParseQuery(tt.queryParameters)
+			testutil.Ok(t, err)
+
+			gotNamespaces := parseLogRulesSelectors(testSelectorLabels, queryValues)
+			if !reflect.DeepEqual(gotNamespaces, tt.wantSelectors) {
+				t.Errorf("parseLogStreamSelectors() got = %v, want %v", gotNamespaces, tt.wantSelectors)
+			}
+		})
+	}
+}