Skip to content

Commit

Permalink
Refactoring UAA client
Browse files Browse the repository at this point in the history 
While working on the "Support UAA identity zones in CC" PoC [1], I did
some refactoring that I would like to keep although the PoC is not going
to get implemented (see [2]).

[1] cloudfoundry#3341
[2] cloudfoundry/uaa#2505
  • Loading branch information
@philippthun
philippthun committed Oct 11, 2023
1 parent b5b010e commit 100fa65
Show file tree
Hide file tree
Showing 24 changed files with 81 additions and 82 deletions.
10 changes: 6 additions & 4 deletions app/actions/role_create.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,7 @@ def initialize(message, user_audit_info)
def create_space_role(type:, user:, space:)
error!("Users cannot be assigned roles in a space if they do not have a role in that space's organization.") unless space.in_organization?(user)

uaa_client = CloudController::DependencyLocator.instance.uaa_client
UsernamePopulator.new(uaa_client).transform(user)
UsernamePopulator.new(uaa_username_lookup_client).transform(user)

case type
when RoleTypes::SPACE_AUDITOR
Expand All @@ -34,8 +33,7 @@ def create_space_role(type:, user:, space:)
end

def create_organization_role(type:, user:, organization:)
uaa_client = CloudController::DependencyLocator.instance.uaa_client
UsernamePopulator.new(uaa_client).transform(user)
UsernamePopulator.new(uaa_username_lookup_client).transform(user)

case type
when RoleTypes::ORGANIZATION_USER
Expand Down Expand Up @@ -124,5 +122,9 @@ def organization_validation_error!(type, error, user, organization)
def error!(message)
raise Error.new(message)
end

def uaa_username_lookup_client
CloudController::DependencyLocator.instance.uaa_username_lookup_client
end
end
end
2 changes: 1 addition & 1 deletion app/controllers/runtime/mixins/uaa_origin_validator.rb
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
module VCAP::CloudController
module UaaOriginValidator
def validate_origin_for_username!(origin, username)
origins_for_username = @uaa_client.origins_for_username(username)
origins_for_username = @uaa_username_lookup_client.origins_for_username(username)
if origin.present?
unless origins_for_username.include?(origin)
message = "username: '#{username}', origin: '#{origin}'"
Expand Down
10 changes: 5 additions & 5 deletions app/controllers/runtime/organizations_controller.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ class OrganizationsController < RestController::ModelController
def self.dependencies
%i[
username_and_roles_populating_collection_renderer
uaa_client
uaa_username_lookup_client
services_event_repository
user_event_repository
organization_event_repository
Expand All @@ -21,7 +21,7 @@ def self.dependencies
def inject_dependencies(dependencies)
super
@user_roles_collection_renderer = dependencies.fetch(:username_and_roles_populating_collection_renderer)
@uaa_client = dependencies.fetch(:uaa_client)
@uaa_username_lookup_client = dependencies.fetch(:uaa_username_lookup_client)
@services_event_repository = dependencies.fetch(:services_event_repository)
@user_event_repository = dependencies.fetch(:user_event_repository)
@organization_event_repository = dependencies.fetch(:organization_event_repository)
Expand Down Expand Up @@ -194,7 +194,7 @@ def get_memory_usage(guid)

begin
validate_origin_for_username!(origin, username)
user_id = @uaa_client.id_for_username(username, origin: origin.presence)
user_id = @uaa_username_lookup_client.id_for_username(username, origin: origin.presence)
rescue UaaUnavailable
raise CloudController::Errors::ApiError.new_from_details('UaaUnavailable')
end
Expand All @@ -204,7 +204,7 @@ def get_memory_usage(guid)
end

define_method("add_#{role}_by_user_id") do |guid, user_id|
username = @uaa_client.usernames_for_ids([user_id])[user_id]
username = @uaa_username_lookup_client.usernames_for_ids([user_id])[user_id]

add_role(guid, role, user_id, username || '')
end
Expand All @@ -227,7 +227,7 @@ def get_memory_usage(guid)

begin
validate_origin_for_username!(origin, username)
user_id = @uaa_client.id_for_username(username, origin: origin.presence)
user_id = @uaa_username_lookup_client.id_for_username(username, origin: origin.presence)
rescue UaaUnavailable
raise CloudController::Errors::ApiError.new_from_details('UaaUnavailable')
end
Expand Down
12 changes: 6 additions & 6 deletions app/controllers/runtime/spaces_controller.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ class SpacesController < RestController::ModelController
include UaaOriginValidator

def self.dependencies
%i[space_event_repository username_and_roles_populating_collection_renderer uaa_client
%i[space_event_repository username_and_roles_populating_collection_renderer uaa_username_lookup_client
services_event_repository user_event_repository app_event_repository route_event_repository]
end

Expand Down Expand Up @@ -53,7 +53,7 @@ def inject_dependencies(dependencies)
@space_event_repository = dependencies.fetch(:space_event_repository)
@user_event_repository = dependencies.fetch(:user_event_repository)
@user_roles_collection_renderer = dependencies.fetch(:username_and_roles_populating_collection_renderer)
@uaa_client = dependencies.fetch(:uaa_client)
@uaa_username_lookup_client = dependencies.fetch(:uaa_username_lookup_client)
@services_event_repository = dependencies.fetch(:services_event_repository)
@app_event_repository = dependencies.fetch(:app_event_repository)
@route_event_repository = dependencies.fetch(:route_event_repository)
Expand Down Expand Up @@ -198,7 +198,7 @@ def delete(guid)

begin
validate_origin_for_username!(origin, username)
user_id = @uaa_client.id_for_username(username, origin: origin.presence)
user_id = @uaa_username_lookup_client.id_for_username(username, origin: origin.presence)
rescue UaaUnavailable
raise CloudController::Errors::ApiError.new_from_details('UaaUnavailable')
end
Expand All @@ -208,7 +208,7 @@ def delete(guid)
end

define_method("add_#{role}_by_user_id") do |guid, user_id|
username = @uaa_client.usernames_for_ids([user_id])[user_id]
username = @uaa_username_lookup_client.usernames_for_ids([user_id])[user_id]

add_role(guid, role, user_id, username || '')
end
Expand All @@ -231,7 +231,7 @@ def delete(guid)

begin
validate_origin_for_username!(origin, username)
user_id = @uaa_client.id_for_username(username, origin: origin.presence)
user_id = @uaa_username_lookup_client.id_for_username(username, origin: origin.presence)
rescue UaaUnavailable
raise CloudController::Errors::ApiError.new_from_details('UaaUnavailable')
end
Expand All @@ -254,7 +254,7 @@ def delete(guid)
find_guid_and_validate_access(:update, guid)
end

username = @uaa_client.usernames_for_ids([user_id])[user_id]
username = @uaa_username_lookup_client.usernames_for_ids([user_id])[user_id]
remove_role(space, role, user_id, username || '')

[HTTP::NO_CONTENT, nil]
Expand Down
10 changes: 5 additions & 5 deletions app/controllers/runtime/users_controller.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ class UsersController < RestController::ModelController
def self.dependencies
%i[
username_populating_collection_renderer
uaa_client
uaa_username_lookup_client
username_populating_object_renderer
user_event_repository
]
Expand Down Expand Up @@ -45,7 +45,7 @@ def delete(guid)
def inject_dependencies(dependencies)
super
@object_renderer = dependencies[:username_populating_object_renderer]
@uaa_client = dependencies.fetch(:uaa_client)
@uaa_username_lookup_client = dependencies.fetch(:uaa_username_lookup_client)
@collection_renderer = dependencies[:username_populating_collection_renderer]
@user_event_repository = dependencies.fetch(:user_event_repository)
end
Expand Down Expand Up @@ -113,7 +113,7 @@ def inject_dependencies(dependencies)
def remove_related(related_guid, name, user_guid, find_model=model)
response = super(related_guid, name, user_guid, find_model)
user = User.first(guid: user_guid)
user.username = @uaa_client.usernames_for_ids([user.guid])[user.guid] || ''
user.username = @uaa_username_lookup_client.usernames_for_ids([user.guid])[user.guid] || ''

if find_model == Space
@user_event_repository.record_space_role_remove(
Expand All @@ -139,7 +139,7 @@ def remove_related(related_guid, name, user_guid, find_model=model)
def add_space_role(user_guid, relationship, space_guid)
space = Space.first(guid: space_guid)
user = User.first(guid: user_guid)
user.username = @uaa_client.usernames_for_ids([user.guid])[user.guid] || ''
user.username = @uaa_username_lookup_client.usernames_for_ids([user.guid])[user.guid] || ''

@request_attrs = { 'space' => space_guid, verb: 'add', relation: relationship, related_guid: space_guid }

Expand Down Expand Up @@ -176,7 +176,7 @@ def add_space_role(user_guid, relationship, space_guid)
def add_organization_role(user_guid, relationship, org_guid)
organization = Organization.first(guid: org_guid)
user = User.first(guid: user_guid)
user.username = @uaa_client.usernames_for_ids([user.guid])[user.guid] || ''
user.username = @uaa_username_lookup_client.usernames_for_ids([user.guid])[user.guid] || ''

@request_attrs = { 'organization' => org_guid, verb: 'add', relation: relationship, related_guid: org_guid }

Expand Down
12 changes: 7 additions & 5 deletions app/controllers/v3/roles_controller.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -127,8 +127,7 @@ def fetch_readable_user(user_guid)

def fetch_role_owner_with_name(role)
user = User.first(id: role.user_id)
uaa_client = CloudController::DependencyLocator.instance.uaa_client
UsernamePopulator.new(uaa_client).transform(user)
UsernamePopulator.new(uaa_username_lookup_client).transform(user)
user
end

Expand Down Expand Up @@ -175,11 +174,10 @@ def unprocessable_space_user!

def lookup_user_guid_in_uaa(username, given_origin, creating_space_role: false)
FeatureFlag.raise_unless_enabled!(:set_roles_by_username)
uaa_client = CloudController::DependencyLocator.instance.uaa_client

origin = given_origin
if given_origin.nil?
origins = uaa_client.origins_for_username(username).sort
origins = uaa_username_lookup_client.origins_for_username(username).sort

if origins.length > 1
unprocessable!(
Expand All @@ -190,11 +188,15 @@ def lookup_user_guid_in_uaa(username, given_origin, creating_space_role: false)
origin = origins[0]
end

guid = uaa_client.id_for_username(username, origin:)
guid = uaa_username_lookup_client.id_for_username(username, origin:)
return guid if guid

unprocessable_space_user! if creating_space_role
unprocessable!("No user exists with the username '#{username}' and origin '#{origin}'.") if given_origin
unprocessable!("No user exists with the username '#{username}'.")
end

def uaa_username_lookup_client
CloudController::DependencyLocator.instance.uaa_username_lookup_client
end
end
8 changes: 4 additions & 4 deletions app/fetchers/user_list_fetcher.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,12 +13,12 @@ def fetch_all(message, readable_users_dataset)

def filter(message, dataset)
if message.requested?(:usernames)
guids = uaa_client.ids_for_usernames_and_origins(message.usernames, message.origins)
guids = uaa_username_lookup_client.ids_for_usernames_and_origins(message.usernames, message.origins)
dataset = dataset.where(guid: guids)
end

if message.requested?(:partial_usernames)
guids = uaa_client.ids_for_usernames_and_origins(message.partial_usernames, message.origins, false)
guids = uaa_username_lookup_client.ids_for_usernames_and_origins(message.partial_usernames, message.origins, false)
dataset = dataset.where(guid: guids)
end

Expand All @@ -34,8 +34,8 @@ def filter(message, dataset)
super(message, dataset, User)
end

def uaa_client
CloudController::DependencyLocator.instance.uaa_client
def uaa_username_lookup_client
CloudController::DependencyLocator.instance.uaa_username_lookup_client
end
end
end
Expand Down
4 changes: 2 additions & 2 deletions app/models/runtime/user.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -239,8 +239,8 @@ def readable_users(can_read_globally)
end

def self.uaa_users_info(user_guids)
uaa_client = CloudController::DependencyLocator.instance.uaa_client
uaa_client.users_for_ids(user_guids)
uaa_username_lookup_client = CloudController::DependencyLocator.instance.uaa_username_lookup_client
uaa_username_lookup_client.users_for_ids(user_guids)
end

def self.user_visibility_filter(_)
Expand Down
8 changes: 4 additions & 4 deletions lib/cloud_controller/dependency_locator.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -234,7 +234,7 @@ def object_renderer
end

def username_populating_object_renderer
create_object_renderer(object_transformer: UsernamePopulator.new(uaa_client))
create_object_renderer(object_transformer: UsernamePopulator.new(uaa_username_lookup_client))
end

def service_key_credential_object_renderer
Expand All @@ -250,22 +250,22 @@ def large_paginated_collection_renderer
end

def username_populating_collection_renderer
create_paginated_collection_renderer(collection_transformer: UsernamePopulator.new(uaa_client))
create_paginated_collection_renderer(collection_transformer: UsernamePopulator.new(uaa_username_lookup_client))
end

def service_key_credential_collection_renderer
create_paginated_collection_renderer(collection_transformer: CredhubCredentialPopulator.new(credhub_client))
end

def username_and_roles_populating_collection_renderer
create_paginated_collection_renderer(collection_transformer: UsernamesAndRolesPopulator.new(uaa_client))
create_paginated_collection_renderer(collection_transformer: UsernamesAndRolesPopulator.new(uaa_username_lookup_client))
end

def router_group_type_populating_collection_renderer
create_paginated_collection_renderer(collection_transformer: RouterGroupTypePopulator.new(routing_api_client))
end

def uaa_client
def uaa_username_lookup_client
UaaClient.new(
uaa_target: config.get(:uaa, :internal_url),
client_id: config.get(:cloud_controller_username_lookup_client_name),
Expand Down
2 changes: 1 addition & 1 deletion lib/cloud_controller/security/security_context_configurer.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ def decode_token(header_token)
end

def is_user_in_uaadb?(id)
CloudController::DependencyLocator.instance.uaa_client.usernames_for_ids(Array(id)).present?
CloudController::DependencyLocator.instance.uaa_username_lookup_client.usernames_for_ids(Array(id)).present?
end

def is_uuid_shaped?(id)
Expand Down
6 changes: 3 additions & 3 deletions lib/cloud_controller/uaa/uaa_token_decoder.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,11 +105,11 @@ def symmetric_key2
end

def asymmetric_key
@asymmetric_key ||= UaaVerificationKeys.new(uaa_client.info)
@asymmetric_key ||= UaaVerificationKeys.new(uaa_username_lookup_client.info)
end

def uaa_client
::CloudController::DependencyLocator.instance.uaa_client
def uaa_username_lookup_client
::CloudController::DependencyLocator.instance.uaa_username_lookup_client
end

def uaa_issuer
Expand Down
16 changes: 8 additions & 8 deletions spec/api/documentation/organizations_api_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -164,7 +164,7 @@
put 'v2/organizations/:guid/users' do
example 'Associate User with the Organization by Username' do
uaa_client = double(:uaa_client)
allow(CloudController::DependencyLocator.instance).to receive(:uaa_client).and_return(uaa_client)
allow(CloudController::DependencyLocator.instance).to receive(:uaa_username_lookup_client).and_return(uaa_client)
allow(uaa_client).to receive_messages(id_for_username: 'user-guid', origins_for_username: ['uaa'])

client.put "v2/organizations/#{organization.guid}/users", MultiJson.dump({ username: 'user@example.com' }, pretty: true), headers
Expand All @@ -177,7 +177,7 @@
delete 'v2/organizations/:guid/users' do
example 'Remove User with the Organization by Username' do
uaa_client = double(:uaa_client)
allow(CloudController::DependencyLocator.instance).to receive(:uaa_client).and_return(uaa_client)
allow(CloudController::DependencyLocator.instance).to receive(:uaa_username_lookup_client).and_return(uaa_client)
allow(uaa_client).to receive_messages(id_for_username: associated_user.guid, origins_for_username: ['uaa'])

client.delete "v2/organizations/#{organization.guid}/users", MultiJson.dump({ username: 'user@example.com' }, pretty: true), headers
Expand Down Expand Up @@ -217,7 +217,7 @@
put 'v2/organizations/:guid/managers' do
example 'Associate Manager with the Organization by Username' do
uaa_client = double(:uaa_client)
allow(CloudController::DependencyLocator.instance).to receive(:uaa_client).and_return(uaa_client)
allow(CloudController::DependencyLocator.instance).to receive(:uaa_username_lookup_client).and_return(uaa_client)
allow(uaa_client).to receive_messages(id_for_username: 'user-guid', origins_for_username: ['uaa'])

client.put "v2/organizations/#{organization.guid}/managers", MultiJson.dump({ username: 'user@example.com' }, pretty: true), headers
Expand All @@ -230,7 +230,7 @@
delete 'v2/organizations/:guid/managers' do
example 'Remove Manager with the Organization by Username' do
uaa_client = double(:uaa_client)
allow(CloudController::DependencyLocator.instance).to receive(:uaa_client).and_return(uaa_client)
allow(CloudController::DependencyLocator.instance).to receive(:uaa_username_lookup_client).and_return(uaa_client)
allow(uaa_client).to receive_messages(id_for_username: associated_manager_guid, origins_for_username: ['uaa'])

client.delete "v2/organizations/#{organization.guid}/managers", MultiJson.dump({ username: 'manage@example.com' }, pretty: true), headers
Expand Down Expand Up @@ -269,7 +269,7 @@
put 'v2/organizations/:guid/billing_managers' do
example 'Associate Billing Manager with the Organization by Username' do
uaa_client = double(:uaa_client)
allow(CloudController::DependencyLocator.instance).to receive(:uaa_client).and_return(uaa_client)
allow(CloudController::DependencyLocator.instance).to receive(:uaa_username_lookup_client).and_return(uaa_client)
allow(uaa_client).to receive_messages(id_for_username: 'user-guid', origins_for_username: ['uaa'])

client.put "v2/organizations/#{organization.guid}/billing_managers", MultiJson.dump({ username: 'user@example.com' }, pretty: true), headers
Expand All @@ -282,7 +282,7 @@
delete 'v2/organizations/:guid/billing_managers' do
example 'Remove Billing Manager with the Organization by Username' do
uaa_client = double(:uaa_client)
allow(CloudController::DependencyLocator.instance).to receive(:uaa_client).and_return(uaa_client)
allow(CloudController::DependencyLocator.instance).to receive(:uaa_username_lookup_client).and_return(uaa_client)
allow(uaa_client).to receive_messages(id_for_username: associated_billing_manager_guid, origins_for_username: ['uaa'])

client.delete "v2/organizations/#{organization.guid}/billing_managers", MultiJson.dump({ username: 'billing_manager@example.com' }, pretty: true), headers
Expand Down Expand Up @@ -321,7 +321,7 @@
put 'v2/organizations/:guid/auditors' do
example 'Associate Auditor with the Organization by Username' do
uaa_client = double(:uaa_client)
allow(CloudController::DependencyLocator.instance).to receive(:uaa_client).and_return(uaa_client)
allow(CloudController::DependencyLocator.instance).to receive(:uaa_username_lookup_client).and_return(uaa_client)
allow(uaa_client).to receive_messages(id_for_username: 'user-guid', origins_for_username: ['uaa'])

client.put "v2/organizations/#{organization.guid}/auditors", MultiJson.dump({ username: 'user@example.com' }, pretty: true), headers
Expand All @@ -334,7 +334,7 @@
delete 'v2/organizations/:guid/auditors' do
example 'Remove Auditor with the Organization by Username' do
uaa_client = double(:uaa_client)
allow(CloudController::DependencyLocator.instance).to receive(:uaa_client).and_return(uaa_client)
allow(CloudController::DependencyLocator.instance).to receive(:uaa_username_lookup_client).and_return(uaa_client)
allow(uaa_client).to receive_messages(id_for_username: associated_auditor_guid, origins_for_username: ['uaa'])

client.delete "v2/organizations/#{organization.guid}/auditors", MultiJson.dump({ username: 'auditor@example.com' }, pretty: true), headers
Expand Down
Loading

0 comments on commit 100fa65

Please sign in to comment.