Merge branch 'release/0.7.11'

gildas · Apr 22, 2022 · 5e5a0ad · 5e5a0ad
2 parents ccc89fc + 0791980
commit 5e5a0ad
Show file tree

Hide file tree

Showing 9 changed files with 58 additions and 19 deletions.
diff --git a/auth_division.go b/auth_division.go
@@ -23,6 +23,16 @@ func (division AuthorizationDivision) GetID() uuid.UUID {
 	return division.ID
 }
 
+// String returns a string representation of the AuthorizationDivision
+//
+// implements fmt.Stringer
+func (division AuthorizationDivision) String() string {
+	if len(division.Name) > 0 {
+		return division.Name
+	}
+	return division.ID.String()
+}
+
 func (division AuthorizationDivision) MarshalJSON() ([]byte, error) {
 	type surrogate AuthorizationDivision
 	inner := struct {

diff --git a/auth_grant.go b/auth_grant.go
@@ -13,3 +13,7 @@ type AuthorizationGrant struct {
 func (grant AuthorizationGrant) CheckScope(scope AuthorizationScope) bool {
 	return grant.Role.CheckScope(scope)
 }
+
+func (grant AuthorizationGrant) String() string {
+	return grant.Role.String() + "@" + grant.Division.String()
+}
diff --git a/auth_grant_role.go b/auth_grant_role.go
@@ -27,3 +27,13 @@ func (role AuthorizationGrantRole) CheckScope(scope AuthorizationScope) bool {
 	}
 	return false
 }
+
+// String returns a string representation of the AuthorizationDivision
+//
+// implements fmt.Stringer
+func (role AuthorizationGrantRole) String() string {
+	if len(role.Name) > 0 {
+		return role.Name
+	}
+	return role.ID.String()
+}
diff --git a/auth_scope.go b/auth_scope.go
@@ -15,7 +15,7 @@ func (scope AuthorizationScope) With(subscopes ...string) AuthorizationScope {
 	newScope := AuthorizationScope{"*", "*", "*"}
 	expanded := []string{}
 	for _, subscope := range subscopes {
-		expanded = append(expanded,  strings.Split(subscope, ":")...)
+		expanded = append(expanded, strings.Split(subscope, ":")...)
 	}
 	if len(expanded) > 0 {
 		newScope.Domain = expanded[0]
@@ -31,4 +31,4 @@ func (scope AuthorizationScope) With(subscopes ...string) AuthorizationScope {
 
 func (scope AuthorizationScope) String() string {
 	return scope.Domain + ":" + scope.Entity + ":" + scope.Action
-}
+}
diff --git a/auth_subject.go b/auth_subject.go
@@ -32,37 +32,38 @@ func (subject *AuthorizationSubject) Fetch(context context.Context, client *Clie
 		if err := client.Get(context, NewURI("/authorization/subjects/%s", id), &subject); err != nil {
 			return err
 		}
-		subject.Logger = log
 	} else if len(selfURI) > 0 {
 		if err := client.Get(context, selfURI, &subject); err != nil {
 			return err
 		}
-		subject.Logger = log.Record("id", subject.ID)
 	} else if len(name) > 0 {
 		return errors.NotImplemented.WithStack()
-	} else if _, ok := client.Grant.(*ClientCredentialsGrant); !ok { // /users/me is not possible with ClientCredentialsGrant
-		if err := client.Get(context, "/users/me", &subject); err != nil {
-			return err
-		}
-		subject.Logger = log.Record("id", subject.ID)
+	} else {
+		return errors.CreationFailed.With("AuthorizationSubject")
 	}
+	subject.Logger = log.Child("authorization_subject", "authorization_subject", "id", subject.ID)
 	return nil
 }
 
 // CheckScopes checks if the subject allows or denies the given scopes
 //
 // See https://developer.genesys.cloud/authorization/platform-auth/scopes#scope-descriptions
 func (subject AuthorizationSubject) CheckScopes(scopes ...string) (permitted []string, denied []string) {
+	log := subject.Logger.Child(nil, "check_scopes")
+
 	for _, scope := range scopes {
 		authScope := AuthorizationScope{}.With(scope)
 		granted := false
 		for _, grant := range subject.Grants {
+			log.Tracef("Checking against grant %s", grant)
 			if granted = grant.CheckScope(authScope); granted {
+				log.Debugf("Scope %s permitted by Authorization Grant %s", authScope, grant)
 				permitted = append(permitted, scope)
 				break
 			}
 		}
 		if !granted {
+			log.Tracef("Scope %s is denied", authScope)
 			denied = append(denied, scope)
 		}
 	}
@@ -73,5 +74,8 @@ func (subject AuthorizationSubject) CheckScopes(scopes ...string) (permitted []s
 //
 // implements fmt.Stringer
 func (subject AuthorizationSubject) String() string {
-	return subject.Name
-}
+	if len(subject.Name) > 0 {
+		return subject.Name
+	}
+	return subject.ID.String()
+}
diff --git a/auth_test.go b/auth_test.go
@@ -96,7 +96,7 @@ func (suite *AuthSuite) AfterTest(suiteName, testName string) {
 
 func (suite *AuthSuite) TestCanCreateAuthScopeFromString() {
 	var scope gcloudcx.AuthorizationScope
-	
+
 	suite.Assert().Equal("domain:entity:action", scope.With("domain", "entity", "action").String())
 	suite.Assert().Equal("domain:entity:action", scope.With("domain:entity", "action").String())
 	suite.Assert().Equal("domain:entity:action", scope.With("domain:entity:action").String())
@@ -132,4 +132,4 @@ func (suite *AuthSuite) TestCanCheckScopes() {
 	suite.Assert().Contains(permitted, "routing:language:assign")
 	suite.Assert().Contains(permitted, "messaging:message")
 	suite.Assert().Contains(denied, "processing:space:deploy")
-}
+}
diff --git a/client.go b/client.go
@@ -7,6 +7,7 @@ import (
 	"time"
 
 	"github.com/gildas/go-core"
+	"github.com/gildas/go-errors"
 	"github.com/gildas/go-logger"
 	"github.com/google/uuid"
 )
@@ -142,6 +143,10 @@ func (client *Client) ParseParameters(ctx context.Context, object interface{}, p
 			name = parameter
 		case URI:
 			uri = parameter
+		default:
+			if identifiable, ok := parameter.(Identifiable); ok {
+				id = identifiable.GetID()
+			}
 		}
 	}
 	if identifiable, ok := object.(Identifiable); id == uuid.Nil && ok {
@@ -166,18 +171,22 @@ func (client *Client) ParseParameters(ctx context.Context, object interface{}, p
 // CheckScopes checks if the current client allows/denies the given scopes
 //
 // See https://developer.genesys.cloud/authorization/platform-auth/scopes#scope-descriptions
-func (client *Client) CheckScopes(context context.Context, scopes ...string) (permitted []string, denied []string) {
+func (client *Client) CheckScopes(context context.Context, scopes ...string) (permitted []string, denied []string, err error) {
 	return client.CheckScopesWithID(context, client.Grant, scopes...)
 }
 
 // CheckScopesWithID checks if the given grant allows/denies the given scopes
 //
 // See https://developer.genesys.cloud/authorization/platform-auth/scopes#scope-descriptions
-func (client *Client) CheckScopesWithID(context context.Context, id core.Identifiable, scopes ...string) (permitted []string, denied []string) {
+func (client *Client) CheckScopesWithID(context context.Context, id core.Identifiable, scopes ...string) (permitted []string, denied []string, err error) {
 	var subject AuthorizationSubject
 
+	if id.GetID() == uuid.Nil {
+		return nil, nil, errors.ArgumentMissing.With("id")
+	}
 	if err := client.Fetch(context, &subject, id); err != nil {
-		return []string{}, scopes
+		return []string{}, scopes, err
 	}
-	return subject.CheckScopes(scopes...)
+	permitted, denied = subject.CheckScopes(scopes...)
+	return permitted, denied, nil
 }
diff --git a/examples/rolesAndPermissions/main.go b/examples/rolesAndPermissions/main.go
@@ -58,7 +58,9 @@ func main() {
 	defer UpdateEnvFile(config)
 
 	log.Infof("Permissions: %d", len(flag.Args()))
-	if permitted, denied := config.Client.CheckScopes(context.Background(), flag.Args()...); len(denied) == 0 {
+	if permitted, denied, err := config.Client.CheckScopes(context.Background(), flag.Args()...); err != nil {
+		log.Errorf("Failed to check scopes %v", flag.Args(), err)
+	} else if len(denied) == 0 {
 		log.Infof("You can do %s", strings.Join(permitted, ", "))
 	} else {
 		log.Errorf("You are missing %s", strings.Join(denied, ", "))

diff --git a/version.go b/version.go
@@ -4,7 +4,7 @@ package gcloudcx
 var commit string
 
 // VERSION is the version of this application
-var VERSION = "0.7.10" + commit
+var VERSION = "0.7.11" + commit
 
 // APP is the name of the application
 const APP string = "GCloudCX Client"