Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactoring UAA client #3474

Merged
merged 1 commit into from
Nov 20, 2023
+81 −82
Merged

Refactoring UAA client #3474

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 6 additions & 4 deletions app/actions/role_create.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,7 @@ def initialize(message, user_audit_info)
def create_space_role(type:, user:, space:)
error!("Users cannot be assigned roles in a space if they do not have a role in that space's organization.") unless space.in_organization?(user)

uaa_client = CloudController::DependencyLocator.instance.uaa_client
UsernamePopulator.new(uaa_client).transform(user)
UsernamePopulator.new(uaa_username_lookup_client).transform(user)

case type
when RoleTypes::SPACE_AUDITOR
Expand All @@ -34,8 +33,7 @@ def create_space_role(type:, user:, space:)
end

def create_organization_role(type:, user:, organization:)
uaa_client = CloudController::DependencyLocator.instance.uaa_client
UsernamePopulator.new(uaa_client).transform(user)
UsernamePopulator.new(uaa_username_lookup_client).transform(user)

case type
when RoleTypes::ORGANIZATION_USER
Expand Down Expand Up @@ -124,5 +122,9 @@ def organization_validation_error!(type, error, user, organization)
def error!(message)
raise Error.new(message)
end

def uaa_username_lookup_client
CloudController::DependencyLocator.instance.uaa_username_lookup_client
end
end
end
2 changes: 1 addition & 1 deletion app/controllers/runtime/mixins/uaa_origin_validator.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
module VCAP::CloudController
module UaaOriginValidator
def validate_origin_for_username!(origin, username)
origins_for_username = @uaa_client.origins_for_username(username)
origins_for_username = @uaa_username_lookup_client.origins_for_username(username)
if origin.present?
unless origins_for_username.include?(origin)
message = "username: '#{username}', origin: '#{origin}'"
Expand Down
10 changes: 5 additions & 5 deletions app/controllers/runtime/organizations_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ class OrganizationsController < RestController::ModelController
def self.dependencies
%i[
username_and_roles_populating_collection_renderer
uaa_client
uaa_username_lookup_client
services_event_repository
user_event_repository
organization_event_repository
Expand All @@ -21,7 +21,7 @@ def self.dependencies
def inject_dependencies(dependencies)
super
@user_roles_collection_renderer = dependencies.fetch(:username_and_roles_populating_collection_renderer)
@uaa_client = dependencies.fetch(:uaa_client)
@uaa_username_lookup_client = dependencies.fetch(:uaa_username_lookup_client)
@services_event_repository = dependencies.fetch(:services_event_repository)
@user_event_repository = dependencies.fetch(:user_event_repository)
@organization_event_repository = dependencies.fetch(:organization_event_repository)
Expand Down Expand Up @@ -194,7 +194,7 @@ def get_memory_usage(guid)

begin
validate_origin_for_username!(origin, username)
user_id = @uaa_client.id_for_username(username, origin: origin.presence)
user_id = @uaa_username_lookup_client.id_for_username(username, origin: origin.presence)
rescue UaaUnavailable
raise CloudController::Errors::ApiError.new_from_details('UaaUnavailable')
end
Expand All @@ -204,7 +204,7 @@ def get_memory_usage(guid)
end

define_method("add_#{role}_by_user_id") do |guid, user_id|
username = @uaa_client.usernames_for_ids([user_id])[user_id]
username = @uaa_username_lookup_client.usernames_for_ids([user_id])[user_id]

add_role(guid, role, user_id, username || '')
end
Expand All @@ -227,7 +227,7 @@ def get_memory_usage(guid)

begin
validate_origin_for_username!(origin, username)
user_id = @uaa_client.id_for_username(username, origin: origin.presence)
user_id = @uaa_username_lookup_client.id_for_username(username, origin: origin.presence)
rescue UaaUnavailable
raise CloudController::Errors::ApiError.new_from_details('UaaUnavailable')
end
Expand Down
12 changes: 6 additions & 6 deletions app/controllers/runtime/spaces_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ class SpacesController < RestController::ModelController
include UaaOriginValidator

def self.dependencies
%i[space_event_repository username_and_roles_populating_collection_renderer uaa_client
%i[space_event_repository username_and_roles_populating_collection_renderer uaa_username_lookup_client
services_event_repository user_event_repository app_event_repository route_event_repository]
end

Expand Down Expand Up @@ -53,7 +53,7 @@ def inject_dependencies(dependencies)
@space_event_repository = dependencies.fetch(:space_event_repository)
@user_event_repository = dependencies.fetch(:user_event_repository)
@user_roles_collection_renderer = dependencies.fetch(:username_and_roles_populating_collection_renderer)
@uaa_client = dependencies.fetch(:uaa_client)
@uaa_username_lookup_client = dependencies.fetch(:uaa_username_lookup_client)
@services_event_repository = dependencies.fetch(:services_event_repository)
@app_event_repository = dependencies.fetch(:app_event_repository)
@route_event_repository = dependencies.fetch(:route_event_repository)
Expand Down Expand Up @@ -198,7 +198,7 @@ def delete(guid)

begin
validate_origin_for_username!(origin, username)
user_id = @uaa_client.id_for_username(username, origin: origin.presence)
user_id = @uaa_username_lookup_client.id_for_username(username, origin: origin.presence)
rescue UaaUnavailable
raise CloudController::Errors::ApiError.new_from_details('UaaUnavailable')
end
Expand All @@ -208,7 +208,7 @@ def delete(guid)
end

define_method("add_#{role}_by_user_id") do |guid, user_id|
username = @uaa_client.usernames_for_ids([user_id])[user_id]
username = @uaa_username_lookup_client.usernames_for_ids([user_id])[user_id]

add_role(guid, role, user_id, username || '')
end
Expand All @@ -231,7 +231,7 @@ def delete(guid)

begin
validate_origin_for_username!(origin, username)
user_id = @uaa_client.id_for_username(username, origin: origin.presence)
user_id = @uaa_username_lookup_client.id_for_username(username, origin: origin.presence)
rescue UaaUnavailable
raise CloudController::Errors::ApiError.new_from_details('UaaUnavailable')
end
Expand All @@ -254,7 +254,7 @@ def delete(guid)
find_guid_and_validate_access(:update, guid)
end

username = @uaa_client.usernames_for_ids([user_id])[user_id]
username = @uaa_username_lookup_client.usernames_for_ids([user_id])[user_id]
remove_role(space, role, user_id, username || '')

[HTTP::NO_CONTENT, nil]
Expand Down
10 changes: 5 additions & 5 deletions app/controllers/runtime/users_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ class UsersController < RestController::ModelController
def self.dependencies
%i[
username_populating_collection_renderer
uaa_client
uaa_username_lookup_client
username_populating_object_renderer
user_event_repository
]
Expand Down Expand Up @@ -45,7 +45,7 @@ def delete(guid)
def inject_dependencies(dependencies)
super
@object_renderer = dependencies[:username_populating_object_renderer]
@uaa_client = dependencies.fetch(:uaa_client)
@uaa_username_lookup_client = dependencies.fetch(:uaa_username_lookup_client)
@collection_renderer = dependencies[:username_populating_collection_renderer]
@user_event_repository = dependencies.fetch(:user_event_repository)
end
Expand Down Expand Up @@ -113,7 +113,7 @@ def inject_dependencies(dependencies)
def remove_related(related_guid, name, user_guid, find_model=model)
response = super(related_guid, name, user_guid, find_model)
user = User.first(guid: user_guid)
user.username = @uaa_client.usernames_for_ids([user.guid])[user.guid] || ''
user.username = @uaa_username_lookup_client.usernames_for_ids([user.guid])[user.guid] || ''

if find_model == Space
@user_event_repository.record_space_role_remove(
Expand All @@ -139,7 +139,7 @@ def remove_related(related_guid, name, user_guid, find_model=model)
def add_space_role(user_guid, relationship, space_guid)
space = Space.first(guid: space_guid)
user = User.first(guid: user_guid)
user.username = @uaa_client.usernames_for_ids([user.guid])[user.guid] || ''
user.username = @uaa_username_lookup_client.usernames_for_ids([user.guid])[user.guid] || ''

@request_attrs = { 'space' => space_guid, verb: 'add', relation: relationship, related_guid: space_guid }

Expand Down Expand Up @@ -176,7 +176,7 @@ def add_space_role(user_guid, relationship, space_guid)
def add_organization_role(user_guid, relationship, org_guid)
organization = Organization.first(guid: org_guid)
user = User.first(guid: user_guid)
user.username = @uaa_client.usernames_for_ids([user.guid])[user.guid] || ''
user.username = @uaa_username_lookup_client.usernames_for_ids([user.guid])[user.guid] || ''

@request_attrs = { 'organization' => org_guid, verb: 'add', relation: relationship, related_guid: org_guid }

Expand Down
12 changes: 7 additions & 5 deletions app/controllers/v3/roles_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -127,8 +127,7 @@ def fetch_readable_user(user_guid)

def fetch_role_owner_with_name(role)
user = User.first(id: role.user_id)
uaa_client = CloudController::DependencyLocator.instance.uaa_client
UsernamePopulator.new(uaa_client).transform(user)
UsernamePopulator.new(uaa_username_lookup_client).transform(user)
user
end

Expand Down Expand Up @@ -175,11 +174,10 @@ def unprocessable_space_user!

def lookup_user_guid_in_uaa(username, given_origin, creating_space_role: false)
FeatureFlag.raise_unless_enabled!(:set_roles_by_username)
uaa_client = CloudController::DependencyLocator.instance.uaa_client

origin = given_origin
if given_origin.nil?
origins = uaa_client.origins_for_username(username).sort
origins = uaa_username_lookup_client.origins_for_username(username).sort

if origins.length > 1
unprocessable!(
Expand All @@ -190,11 +188,15 @@ def lookup_user_guid_in_uaa(username, given_origin, creating_space_role: false)
origin = origins[0]
end

guid = uaa_client.id_for_username(username, origin:)
guid = uaa_username_lookup_client.id_for_username(username, origin:)
return guid if guid

unprocessable_space_user! if creating_space_role
unprocessable!("No user exists with the username '#{username}' and origin '#{origin}'.") if given_origin
unprocessable!("No user exists with the username '#{username}'.")
end

def uaa_username_lookup_client
CloudController::DependencyLocator.instance.uaa_username_lookup_client
end
end
8 changes: 4 additions & 4 deletions app/fetchers/user_list_fetcher.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,12 +13,12 @@ def fetch_all(message, readable_users_dataset)

def filter(message, dataset)
if message.requested?(:usernames)
guids = uaa_client.ids_for_usernames_and_origins(message.usernames, message.origins)
guids = uaa_username_lookup_client.ids_for_usernames_and_origins(message.usernames, message.origins)
dataset = dataset.where(guid: guids)
end

if message.requested?(:partial_usernames)
guids = uaa_client.ids_for_usernames_and_origins(message.partial_usernames, message.origins, false)
guids = uaa_username_lookup_client.ids_for_usernames_and_origins(message.partial_usernames, message.origins, false)
dataset = dataset.where(guid: guids)
end

Expand All @@ -34,8 +34,8 @@ def filter(message, dataset)
super(message, dataset, User)
end

def uaa_client
CloudController::DependencyLocator.instance.uaa_client
def uaa_username_lookup_client
CloudController::DependencyLocator.instance.uaa_username_lookup_client
end
end
end
Expand Down
4 changes: 2 additions & 2 deletions app/models/runtime/user.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -239,8 +239,8 @@ def readable_users(can_read_globally)
end

def self.uaa_users_info(user_guids)
uaa_client = CloudController::DependencyLocator.instance.uaa_client
uaa_client.users_for_ids(user_guids)
uaa_username_lookup_client = CloudController::DependencyLocator.instance.uaa_username_lookup_client
uaa_username_lookup_client.users_for_ids(user_guids)
end

def self.user_visibility_filter(_)
Expand Down
8 changes: 4 additions & 4 deletions lib/cloud_controller/dependency_locator.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -234,7 +234,7 @@ def object_renderer
end

def username_populating_object_renderer
create_object_renderer(object_transformer: UsernamePopulator.new(uaa_client))
create_object_renderer(object_transformer: UsernamePopulator.new(uaa_username_lookup_client))
end

def service_key_credential_object_renderer
Expand All @@ -250,22 +250,22 @@ def large_paginated_collection_renderer
end

def username_populating_collection_renderer
create_paginated_collection_renderer(collection_transformer: UsernamePopulator.new(uaa_client))
create_paginated_collection_renderer(collection_transformer: UsernamePopulator.new(uaa_username_lookup_client))
end

def service_key_credential_collection_renderer
create_paginated_collection_renderer(collection_transformer: CredhubCredentialPopulator.new(credhub_client))
end

def username_and_roles_populating_collection_renderer
create_paginated_collection_renderer(collection_transformer: UsernamesAndRolesPopulator.new(uaa_client))
create_paginated_collection_renderer(collection_transformer: UsernamesAndRolesPopulator.new(uaa_username_lookup_client))
end

def router_group_type_populating_collection_renderer
create_paginated_collection_renderer(collection_transformer: RouterGroupTypePopulator.new(routing_api_client))
end

def uaa_client
def uaa_username_lookup_client
UaaClient.new(
uaa_target: config.get(:uaa, :internal_url),
client_id: config.get(:cloud_controller_username_lookup_client_name),
Expand Down
2 changes: 1 addition & 1 deletion lib/cloud_controller/security/security_context_configurer.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ def decode_token(header_token)
end

def is_user_in_uaadb?(id)
CloudController::DependencyLocator.instance.uaa_client.usernames_for_ids(Array(id)).present?
CloudController::DependencyLocator.instance.uaa_username_lookup_client.usernames_for_ids(Array(id)).present?
end

def is_uuid_shaped?(id)
Expand Down
6 changes: 3 additions & 3 deletions lib/cloud_controller/uaa/uaa_token_decoder.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -105,11 +105,11 @@ def symmetric_key2
end

def asymmetric_key
@asymmetric_key ||= UaaVerificationKeys.new(uaa_client.info)
@asymmetric_key ||= UaaVerificationKeys.new(uaa_username_lookup_client.info)
end

def uaa_client
::CloudController::DependencyLocator.instance.uaa_client
def uaa_username_lookup_client
::CloudController::DependencyLocator.instance.uaa_username_lookup_client
end

def uaa_issuer
Expand Down
16 changes: 8 additions & 8 deletions spec/api/documentation/organizations_api_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -164,7 +164,7 @@
put 'v2/organizations/:guid/users' do
example 'Associate User with the Organization by Username' do
uaa_client = double(:uaa_client)
allow(CloudController::DependencyLocator.instance).to receive(:uaa_client).and_return(uaa_client)
allow(CloudController::DependencyLocator.instance).to receive(:uaa_username_lookup_client).and_return(uaa_client)
allow(uaa_client).to receive_messages(id_for_username: 'user-guid', origins_for_username: ['uaa'])

client.put "v2/organizations/#{organization.guid}/users", MultiJson.dump({ username: 'user@example.com' }, pretty: true), headers
Expand All @@ -177,7 +177,7 @@
delete 'v2/organizations/:guid/users' do
example 'Remove User with the Organization by Username' do
uaa_client = double(:uaa_client)
allow(CloudController::DependencyLocator.instance).to receive(:uaa_client).and_return(uaa_client)
allow(CloudController::DependencyLocator.instance).to receive(:uaa_username_lookup_client).and_return(uaa_client)
allow(uaa_client).to receive_messages(id_for_username: associated_user.guid, origins_for_username: ['uaa'])

client.delete "v2/organizations/#{organization.guid}/users", MultiJson.dump({ username: 'user@example.com' }, pretty: true), headers
Expand Down Expand Up @@ -217,7 +217,7 @@
put 'v2/organizations/:guid/managers' do
example 'Associate Manager with the Organization by Username' do
uaa_client = double(:uaa_client)
allow(CloudController::DependencyLocator.instance).to receive(:uaa_client).and_return(uaa_client)
allow(CloudController::DependencyLocator.instance).to receive(:uaa_username_lookup_client).and_return(uaa_client)
allow(uaa_client).to receive_messages(id_for_username: 'user-guid', origins_for_username: ['uaa'])

client.put "v2/organizations/#{organization.guid}/managers", MultiJson.dump({ username: 'user@example.com' }, pretty: true), headers
Expand All @@ -230,7 +230,7 @@
delete 'v2/organizations/:guid/managers' do
example 'Remove Manager with the Organization by Username' do
uaa_client = double(:uaa_client)
allow(CloudController::DependencyLocator.instance).to receive(:uaa_client).and_return(uaa_client)
allow(CloudController::DependencyLocator.instance).to receive(:uaa_username_lookup_client).and_return(uaa_client)
allow(uaa_client).to receive_messages(id_for_username: associated_manager_guid, origins_for_username: ['uaa'])

client.delete "v2/organizations/#{organization.guid}/managers", MultiJson.dump({ username: 'manage@example.com' }, pretty: true), headers
Expand Down Expand Up @@ -269,7 +269,7 @@
put 'v2/organizations/:guid/billing_managers' do
example 'Associate Billing Manager with the Organization by Username' do
uaa_client = double(:uaa_client)
allow(CloudController::DependencyLocator.instance).to receive(:uaa_client).and_return(uaa_client)
allow(CloudController::DependencyLocator.instance).to receive(:uaa_username_lookup_client).and_return(uaa_client)
allow(uaa_client).to receive_messages(id_for_username: 'user-guid', origins_for_username: ['uaa'])

client.put "v2/organizations/#{organization.guid}/billing_managers", MultiJson.dump({ username: 'user@example.com' }, pretty: true), headers
Expand All @@ -282,7 +282,7 @@
delete 'v2/organizations/:guid/billing_managers' do
example 'Remove Billing Manager with the Organization by Username' do
uaa_client = double(:uaa_client)
allow(CloudController::DependencyLocator.instance).to receive(:uaa_client).and_return(uaa_client)
allow(CloudController::DependencyLocator.instance).to receive(:uaa_username_lookup_client).and_return(uaa_client)
allow(uaa_client).to receive_messages(id_for_username: associated_billing_manager_guid, origins_for_username: ['uaa'])

client.delete "v2/organizations/#{organization.guid}/billing_managers", MultiJson.dump({ username: 'billing_manager@example.com' }, pretty: true), headers
Expand Down Expand Up @@ -321,7 +321,7 @@
put 'v2/organizations/:guid/auditors' do
example 'Associate Auditor with the Organization by Username' do
uaa_client = double(:uaa_client)
allow(CloudController::DependencyLocator.instance).to receive(:uaa_client).and_return(uaa_client)
allow(CloudController::DependencyLocator.instance).to receive(:uaa_username_lookup_client).and_return(uaa_client)
allow(uaa_client).to receive_messages(id_for_username: 'user-guid', origins_for_username: ['uaa'])

client.put "v2/organizations/#{organization.guid}/auditors", MultiJson.dump({ username: 'user@example.com' }, pretty: true), headers
Expand All @@ -334,7 +334,7 @@
delete 'v2/organizations/:guid/auditors' do
example 'Remove Auditor with the Organization by Username' do
uaa_client = double(:uaa_client)
allow(CloudController::DependencyLocator.instance).to receive(:uaa_client).and_return(uaa_client)
allow(CloudController::DependencyLocator.instance).to receive(:uaa_username_lookup_client).and_return(uaa_client)
allow(uaa_client).to receive_messages(id_for_username: associated_auditor_guid, origins_for_username: ['uaa'])

client.delete "v2/organizations/#{organization.guid}/auditors", MultiJson.dump({ username: 'auditor@example.com' }, pretty: true), headers
Expand Down
Loading