Make IAS adapter internal (#3873)

* ias adapter internal * remove tenant auth middleware * refactor jwt middleware * rename jwt middleware file * move chart changes * revert image version --------- Co-authored-by: PetarTodorovv <todorovv.petar@gmail.com>
kyma-incubator · May 17, 2024 · aa65a30 · aa65a30
1 parent 716cda9
commit aa65a30
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 100 deletions.
diff --git a/components/ias-adapter/internal/api/middlewares/auth.go b/components/ias-adapter/internal/api/middlewares/auth.go
diff --git a/...s-adapter/internal/api/middlewares/jwt.go → ...pter/internal/api/middlewares/id_token.go b/...s-adapter/internal/api/middlewares/jwt.go → ...pter/internal/api/middlewares/id_token.go
@@ -5,9 +5,8 @@ import (
 	"net/http"
 	"strings"
 
-	"github.com/golang-jwt/jwt/v5"
-
 	"github.com/gin-gonic/gin"
+	"github.com/golang-jwt/jwt/v5"
 	"github.com/kyma-incubator/compass/components/ias-adapter/internal/api/internal"
 	"github.com/kyma-incubator/compass/components/ias-adapter/internal/errors"
 	"github.com/kyma-incubator/compass/components/ias-adapter/internal/jwk"
@@ -19,17 +18,17 @@ const (
 	keyIDHeader         = "kid"
 )
 
-type JWTMiddleware struct {
+type IDTokenMiddleware struct {
 	cache jwk.Cache
 }
 
-func NewJWTMiddleware(cache jwk.Cache) JWTMiddleware {
-	return JWTMiddleware{
+func NewIDTokenMiddleware(cache jwk.Cache) IDTokenMiddleware {
+	return IDTokenMiddleware{
 		cache: cache,
 	}
 }
 
-func (m JWTMiddleware) JWT(ctx *gin.Context) {
+func (m IDTokenMiddleware) VerifyIDToken(ctx *gin.Context) {
 	log := logger.FromContext(ctx)
 
 	bearerToken, err := getBearerToken(ctx.Request)
@@ -58,11 +57,11 @@ func getBearerToken(r *http.Request) (string, error) {
 }
 
 type jwtClaims struct {
-	Tenants string `json:"tenant"`
+	Tenant string `json:"tenant"`
 	jwt.RegisteredClaims
 }
 
-func (m JWTMiddleware) verifyJWT(ctx context.Context, jwtToken string) (jwtClaims, error) {
+func (m IDTokenMiddleware) verifyJWT(ctx context.Context, jwtToken string) (jwtClaims, error) {
 	claims := jwtClaims{}
 	token, err := jwt.ParseWithClaims(jwtToken, &claims, func(token *jwt.Token) (any, error) {
 		keyID, ok := token.Header[keyIDHeader]

diff --git a/components/ias-adapter/internal/api/server.go b/components/ias-adapter/internal/api/server.go
@@ -41,14 +41,8 @@ func NewServer(ctx context.Context, cfg config.Config, services Services) (*http
 	if err != nil {
 		return nil, errors.Newf("failed to create jwk cache: %w", err)
 	}
-	jwtMiddleware := middlewares.NewJWTMiddleware(jwkCache)
-	tenantMappingRouter.Use(jwtMiddleware.JWT)
-	authMiddleware, err := middlewares.NewAuthMiddleware(ctx, cfg.TenantInfo)
-	if err != nil {
-		return nil, errors.Newf("failed to create auth middleware: %w", err)
-	}
-	routerGroup.Use(authMiddleware.Auth)
-	tenantMappingRouter.Use(authMiddleware.Auth)
+	idTokenMiddleware := middlewares.NewIDTokenMiddleware(jwkCache)
+	tenantMappingRouter.Use(idTokenMiddleware.VerifyIDToken)
 	tenantMappingsHandler := handlers.TenantMappingsHandler{
 		Service:        services.TenantMappingsService,
 		AsyncProcessor: services.AsyncProcessor,