From 100fa65a351cbe116ba4f787b3dce7040e19b7b9 Mon Sep 17 00:00:00 2001 From: Philipp Thun Date: Wed, 5 Jul 2023 16:37:41 +0200 Subject: [PATCH] Refactoring UAA client While working on the "Support UAA identity zones in CC" PoC [1], I did some refactoring that I would like to keep although the PoC is not going to get implemented (see [2]). [1] https://github.com/cloudfoundry/cloud_controller_ng/pull/3341 [2] https://github.com/cloudfoundry/uaa/issues/2505 --- app/actions/role_create.rb | 10 ++++--- .../runtime/mixins/uaa_origin_validator.rb | 2 +- .../runtime/organizations_controller.rb | 10 +++---- app/controllers/runtime/spaces_controller.rb | 12 ++++----- app/controllers/runtime/users_controller.rb | 10 +++---- app/controllers/v3/roles_controller.rb | 12 +++++---- app/fetchers/user_list_fetcher.rb | 8 +++--- app/models/runtime/user.rb | 4 +-- lib/cloud_controller/dependency_locator.rb | 8 +++--- .../security/security_context_configurer.rb | 2 +- lib/cloud_controller/uaa/uaa_token_decoder.rb | 6 ++--- .../documentation/organizations_api_spec.rb | 16 ++++++------ spec/api/documentation/spaces_api_spec.rb | 12 ++++----- spec/request/organizations_spec.rb | 2 +- spec/request/roles_spec.rb | 2 +- spec/unit/actions/organization_create_spec.rb | 2 +- spec/unit/actions/role_create_spec.rb | 2 +- spec/unit/actions/role_delete_spec.rb | 2 +- .../v3/organizations_controller_spec.rb | 2 +- .../include_role_user_decorator_spec.rb | 2 +- .../dependency_locator_spec.rb | 26 +++++++++---------- .../security_context_configurer_spec.rb | 2 +- spec/unit/lib/uaa/uaa_token_cache_spec.rb | 7 +---- spec/unit/lib/uaa/uaa_token_decoder_spec.rb | 2 +- 24 files changed, 81 insertions(+), 82 deletions(-) diff --git a/app/actions/role_create.rb b/app/actions/role_create.rb index 6074c1f3b5a..e18470d5c41 100644 --- a/app/actions/role_create.rb +++ b/app/actions/role_create.rb @@ -14,8 +14,7 @@ def initialize(message, user_audit_info) def create_space_role(type:, user:, space:) error!("Users cannot be assigned roles in a space if they do not have a role in that space's organization.") unless space.in_organization?(user) - uaa_client = CloudController::DependencyLocator.instance.uaa_client - UsernamePopulator.new(uaa_client).transform(user) + UsernamePopulator.new(uaa_username_lookup_client).transform(user) case type when RoleTypes::SPACE_AUDITOR @@ -34,8 +33,7 @@ def create_space_role(type:, user:, space:) end def create_organization_role(type:, user:, organization:) - uaa_client = CloudController::DependencyLocator.instance.uaa_client - UsernamePopulator.new(uaa_client).transform(user) + UsernamePopulator.new(uaa_username_lookup_client).transform(user) case type when RoleTypes::ORGANIZATION_USER @@ -124,5 +122,9 @@ def organization_validation_error!(type, error, user, organization) def error!(message) raise Error.new(message) end + + def uaa_username_lookup_client + CloudController::DependencyLocator.instance.uaa_username_lookup_client + end end end diff --git a/app/controllers/runtime/mixins/uaa_origin_validator.rb b/app/controllers/runtime/mixins/uaa_origin_validator.rb index 5bb45e703ca..026d456d629 100644 --- a/app/controllers/runtime/mixins/uaa_origin_validator.rb +++ b/app/controllers/runtime/mixins/uaa_origin_validator.rb @@ -1,7 +1,7 @@ module VCAP::CloudController module UaaOriginValidator def validate_origin_for_username!(origin, username) - origins_for_username = @uaa_client.origins_for_username(username) + origins_for_username = @uaa_username_lookup_client.origins_for_username(username) if origin.present? unless origins_for_username.include?(origin) message = "username: '#{username}', origin: '#{origin}'" diff --git a/app/controllers/runtime/organizations_controller.rb b/app/controllers/runtime/organizations_controller.rb index 140959f7e17..a1bb4693184 100644 --- a/app/controllers/runtime/organizations_controller.rb +++ b/app/controllers/runtime/organizations_controller.rb @@ -11,7 +11,7 @@ class OrganizationsController < RestController::ModelController def self.dependencies %i[ username_and_roles_populating_collection_renderer - uaa_client + uaa_username_lookup_client services_event_repository user_event_repository organization_event_repository @@ -21,7 +21,7 @@ def self.dependencies def inject_dependencies(dependencies) super @user_roles_collection_renderer = dependencies.fetch(:username_and_roles_populating_collection_renderer) - @uaa_client = dependencies.fetch(:uaa_client) + @uaa_username_lookup_client = dependencies.fetch(:uaa_username_lookup_client) @services_event_repository = dependencies.fetch(:services_event_repository) @user_event_repository = dependencies.fetch(:user_event_repository) @organization_event_repository = dependencies.fetch(:organization_event_repository) @@ -194,7 +194,7 @@ def get_memory_usage(guid) begin validate_origin_for_username!(origin, username) - user_id = @uaa_client.id_for_username(username, origin: origin.presence) + user_id = @uaa_username_lookup_client.id_for_username(username, origin: origin.presence) rescue UaaUnavailable raise CloudController::Errors::ApiError.new_from_details('UaaUnavailable') end @@ -204,7 +204,7 @@ def get_memory_usage(guid) end define_method("add_#{role}_by_user_id") do |guid, user_id| - username = @uaa_client.usernames_for_ids([user_id])[user_id] + username = @uaa_username_lookup_client.usernames_for_ids([user_id])[user_id] add_role(guid, role, user_id, username || '') end @@ -227,7 +227,7 @@ def get_memory_usage(guid) begin validate_origin_for_username!(origin, username) - user_id = @uaa_client.id_for_username(username, origin: origin.presence) + user_id = @uaa_username_lookup_client.id_for_username(username, origin: origin.presence) rescue UaaUnavailable raise CloudController::Errors::ApiError.new_from_details('UaaUnavailable') end diff --git a/app/controllers/runtime/spaces_controller.rb b/app/controllers/runtime/spaces_controller.rb index ae52be13e54..7ca42c79abf 100644 --- a/app/controllers/runtime/spaces_controller.rb +++ b/app/controllers/runtime/spaces_controller.rb @@ -8,7 +8,7 @@ class SpacesController < RestController::ModelController include UaaOriginValidator def self.dependencies - %i[space_event_repository username_and_roles_populating_collection_renderer uaa_client + %i[space_event_repository username_and_roles_populating_collection_renderer uaa_username_lookup_client services_event_repository user_event_repository app_event_repository route_event_repository] end @@ -53,7 +53,7 @@ def inject_dependencies(dependencies) @space_event_repository = dependencies.fetch(:space_event_repository) @user_event_repository = dependencies.fetch(:user_event_repository) @user_roles_collection_renderer = dependencies.fetch(:username_and_roles_populating_collection_renderer) - @uaa_client = dependencies.fetch(:uaa_client) + @uaa_username_lookup_client = dependencies.fetch(:uaa_username_lookup_client) @services_event_repository = dependencies.fetch(:services_event_repository) @app_event_repository = dependencies.fetch(:app_event_repository) @route_event_repository = dependencies.fetch(:route_event_repository) @@ -198,7 +198,7 @@ def delete(guid) begin validate_origin_for_username!(origin, username) - user_id = @uaa_client.id_for_username(username, origin: origin.presence) + user_id = @uaa_username_lookup_client.id_for_username(username, origin: origin.presence) rescue UaaUnavailable raise CloudController::Errors::ApiError.new_from_details('UaaUnavailable') end @@ -208,7 +208,7 @@ def delete(guid) end define_method("add_#{role}_by_user_id") do |guid, user_id| - username = @uaa_client.usernames_for_ids([user_id])[user_id] + username = @uaa_username_lookup_client.usernames_for_ids([user_id])[user_id] add_role(guid, role, user_id, username || '') end @@ -231,7 +231,7 @@ def delete(guid) begin validate_origin_for_username!(origin, username) - user_id = @uaa_client.id_for_username(username, origin: origin.presence) + user_id = @uaa_username_lookup_client.id_for_username(username, origin: origin.presence) rescue UaaUnavailable raise CloudController::Errors::ApiError.new_from_details('UaaUnavailable') end @@ -254,7 +254,7 @@ def delete(guid) find_guid_and_validate_access(:update, guid) end - username = @uaa_client.usernames_for_ids([user_id])[user_id] + username = @uaa_username_lookup_client.usernames_for_ids([user_id])[user_id] remove_role(space, role, user_id, username || '') [HTTP::NO_CONTENT, nil] diff --git a/app/controllers/runtime/users_controller.rb b/app/controllers/runtime/users_controller.rb index 18a36d3d94e..cdb0730c585 100644 --- a/app/controllers/runtime/users_controller.rb +++ b/app/controllers/runtime/users_controller.rb @@ -3,7 +3,7 @@ class UsersController < RestController::ModelController def self.dependencies %i[ username_populating_collection_renderer - uaa_client + uaa_username_lookup_client username_populating_object_renderer user_event_repository ] @@ -45,7 +45,7 @@ def delete(guid) def inject_dependencies(dependencies) super @object_renderer = dependencies[:username_populating_object_renderer] - @uaa_client = dependencies.fetch(:uaa_client) + @uaa_username_lookup_client = dependencies.fetch(:uaa_username_lookup_client) @collection_renderer = dependencies[:username_populating_collection_renderer] @user_event_repository = dependencies.fetch(:user_event_repository) end @@ -113,7 +113,7 @@ def inject_dependencies(dependencies) def remove_related(related_guid, name, user_guid, find_model=model) response = super(related_guid, name, user_guid, find_model) user = User.first(guid: user_guid) - user.username = @uaa_client.usernames_for_ids([user.guid])[user.guid] || '' + user.username = @uaa_username_lookup_client.usernames_for_ids([user.guid])[user.guid] || '' if find_model == Space @user_event_repository.record_space_role_remove( @@ -139,7 +139,7 @@ def remove_related(related_guid, name, user_guid, find_model=model) def add_space_role(user_guid, relationship, space_guid) space = Space.first(guid: space_guid) user = User.first(guid: user_guid) - user.username = @uaa_client.usernames_for_ids([user.guid])[user.guid] || '' + user.username = @uaa_username_lookup_client.usernames_for_ids([user.guid])[user.guid] || '' @request_attrs = { 'space' => space_guid, verb: 'add', relation: relationship, related_guid: space_guid } @@ -176,7 +176,7 @@ def add_space_role(user_guid, relationship, space_guid) def add_organization_role(user_guid, relationship, org_guid) organization = Organization.first(guid: org_guid) user = User.first(guid: user_guid) - user.username = @uaa_client.usernames_for_ids([user.guid])[user.guid] || '' + user.username = @uaa_username_lookup_client.usernames_for_ids([user.guid])[user.guid] || '' @request_attrs = { 'organization' => org_guid, verb: 'add', relation: relationship, related_guid: org_guid } diff --git a/app/controllers/v3/roles_controller.rb b/app/controllers/v3/roles_controller.rb index 97498494e9b..c1a783e7a65 100644 --- a/app/controllers/v3/roles_controller.rb +++ b/app/controllers/v3/roles_controller.rb @@ -127,8 +127,7 @@ def fetch_readable_user(user_guid) def fetch_role_owner_with_name(role) user = User.first(id: role.user_id) - uaa_client = CloudController::DependencyLocator.instance.uaa_client - UsernamePopulator.new(uaa_client).transform(user) + UsernamePopulator.new(uaa_username_lookup_client).transform(user) user end @@ -175,11 +174,10 @@ def unprocessable_space_user! def lookup_user_guid_in_uaa(username, given_origin, creating_space_role: false) FeatureFlag.raise_unless_enabled!(:set_roles_by_username) - uaa_client = CloudController::DependencyLocator.instance.uaa_client origin = given_origin if given_origin.nil? - origins = uaa_client.origins_for_username(username).sort + origins = uaa_username_lookup_client.origins_for_username(username).sort if origins.length > 1 unprocessable!( @@ -190,11 +188,15 @@ def lookup_user_guid_in_uaa(username, given_origin, creating_space_role: false) origin = origins[0] end - guid = uaa_client.id_for_username(username, origin:) + guid = uaa_username_lookup_client.id_for_username(username, origin:) return guid if guid unprocessable_space_user! if creating_space_role unprocessable!("No user exists with the username '#{username}' and origin '#{origin}'.") if given_origin unprocessable!("No user exists with the username '#{username}'.") end + + def uaa_username_lookup_client + CloudController::DependencyLocator.instance.uaa_username_lookup_client + end end diff --git a/app/fetchers/user_list_fetcher.rb b/app/fetchers/user_list_fetcher.rb index 8d63cd129f8..5e19995d482 100644 --- a/app/fetchers/user_list_fetcher.rb +++ b/app/fetchers/user_list_fetcher.rb @@ -13,12 +13,12 @@ def fetch_all(message, readable_users_dataset) def filter(message, dataset) if message.requested?(:usernames) - guids = uaa_client.ids_for_usernames_and_origins(message.usernames, message.origins) + guids = uaa_username_lookup_client.ids_for_usernames_and_origins(message.usernames, message.origins) dataset = dataset.where(guid: guids) end if message.requested?(:partial_usernames) - guids = uaa_client.ids_for_usernames_and_origins(message.partial_usernames, message.origins, false) + guids = uaa_username_lookup_client.ids_for_usernames_and_origins(message.partial_usernames, message.origins, false) dataset = dataset.where(guid: guids) end @@ -34,8 +34,8 @@ def filter(message, dataset) super(message, dataset, User) end - def uaa_client - CloudController::DependencyLocator.instance.uaa_client + def uaa_username_lookup_client + CloudController::DependencyLocator.instance.uaa_username_lookup_client end end end diff --git a/app/models/runtime/user.rb b/app/models/runtime/user.rb index a12eed19955..70b4f74fc27 100644 --- a/app/models/runtime/user.rb +++ b/app/models/runtime/user.rb @@ -239,8 +239,8 @@ def readable_users(can_read_globally) end def self.uaa_users_info(user_guids) - uaa_client = CloudController::DependencyLocator.instance.uaa_client - uaa_client.users_for_ids(user_guids) + uaa_username_lookup_client = CloudController::DependencyLocator.instance.uaa_username_lookup_client + uaa_username_lookup_client.users_for_ids(user_guids) end def self.user_visibility_filter(_) diff --git a/lib/cloud_controller/dependency_locator.rb b/lib/cloud_controller/dependency_locator.rb index 803b762e2d6..0ea7d1bb46b 100644 --- a/lib/cloud_controller/dependency_locator.rb +++ b/lib/cloud_controller/dependency_locator.rb @@ -234,7 +234,7 @@ def object_renderer end def username_populating_object_renderer - create_object_renderer(object_transformer: UsernamePopulator.new(uaa_client)) + create_object_renderer(object_transformer: UsernamePopulator.new(uaa_username_lookup_client)) end def service_key_credential_object_renderer @@ -250,7 +250,7 @@ def large_paginated_collection_renderer end def username_populating_collection_renderer - create_paginated_collection_renderer(collection_transformer: UsernamePopulator.new(uaa_client)) + create_paginated_collection_renderer(collection_transformer: UsernamePopulator.new(uaa_username_lookup_client)) end def service_key_credential_collection_renderer @@ -258,14 +258,14 @@ def service_key_credential_collection_renderer end def username_and_roles_populating_collection_renderer - create_paginated_collection_renderer(collection_transformer: UsernamesAndRolesPopulator.new(uaa_client)) + create_paginated_collection_renderer(collection_transformer: UsernamesAndRolesPopulator.new(uaa_username_lookup_client)) end def router_group_type_populating_collection_renderer create_paginated_collection_renderer(collection_transformer: RouterGroupTypePopulator.new(routing_api_client)) end - def uaa_client + def uaa_username_lookup_client UaaClient.new( uaa_target: config.get(:uaa, :internal_url), client_id: config.get(:cloud_controller_username_lookup_client_name), diff --git a/lib/cloud_controller/security/security_context_configurer.rb b/lib/cloud_controller/security/security_context_configurer.rb index ddc25157c5c..cef91925e84 100644 --- a/lib/cloud_controller/security/security_context_configurer.rb +++ b/lib/cloud_controller/security/security_context_configurer.rb @@ -28,7 +28,7 @@ def decode_token(header_token) end def is_user_in_uaadb?(id) - CloudController::DependencyLocator.instance.uaa_client.usernames_for_ids(Array(id)).present? + CloudController::DependencyLocator.instance.uaa_username_lookup_client.usernames_for_ids(Array(id)).present? end def is_uuid_shaped?(id) diff --git a/lib/cloud_controller/uaa/uaa_token_decoder.rb b/lib/cloud_controller/uaa/uaa_token_decoder.rb index 385f1dde153..c1999798f81 100644 --- a/lib/cloud_controller/uaa/uaa_token_decoder.rb +++ b/lib/cloud_controller/uaa/uaa_token_decoder.rb @@ -105,11 +105,11 @@ def symmetric_key2 end def asymmetric_key - @asymmetric_key ||= UaaVerificationKeys.new(uaa_client.info) + @asymmetric_key ||= UaaVerificationKeys.new(uaa_username_lookup_client.info) end - def uaa_client - ::CloudController::DependencyLocator.instance.uaa_client + def uaa_username_lookup_client + ::CloudController::DependencyLocator.instance.uaa_username_lookup_client end def uaa_issuer diff --git a/spec/api/documentation/organizations_api_spec.rb b/spec/api/documentation/organizations_api_spec.rb index 884049c864c..0091d20285b 100644 --- a/spec/api/documentation/organizations_api_spec.rb +++ b/spec/api/documentation/organizations_api_spec.rb @@ -164,7 +164,7 @@ put 'v2/organizations/:guid/users' do example 'Associate User with the Organization by Username' do uaa_client = double(:uaa_client) - allow(CloudController::DependencyLocator.instance).to receive(:uaa_client).and_return(uaa_client) + allow(CloudController::DependencyLocator.instance).to receive(:uaa_username_lookup_client).and_return(uaa_client) allow(uaa_client).to receive_messages(id_for_username: 'user-guid', origins_for_username: ['uaa']) client.put "v2/organizations/#{organization.guid}/users", MultiJson.dump({ username: 'user@example.com' }, pretty: true), headers @@ -177,7 +177,7 @@ delete 'v2/organizations/:guid/users' do example 'Remove User with the Organization by Username' do uaa_client = double(:uaa_client) - allow(CloudController::DependencyLocator.instance).to receive(:uaa_client).and_return(uaa_client) + allow(CloudController::DependencyLocator.instance).to receive(:uaa_username_lookup_client).and_return(uaa_client) allow(uaa_client).to receive_messages(id_for_username: associated_user.guid, origins_for_username: ['uaa']) client.delete "v2/organizations/#{organization.guid}/users", MultiJson.dump({ username: 'user@example.com' }, pretty: true), headers @@ -217,7 +217,7 @@ put 'v2/organizations/:guid/managers' do example 'Associate Manager with the Organization by Username' do uaa_client = double(:uaa_client) - allow(CloudController::DependencyLocator.instance).to receive(:uaa_client).and_return(uaa_client) + allow(CloudController::DependencyLocator.instance).to receive(:uaa_username_lookup_client).and_return(uaa_client) allow(uaa_client).to receive_messages(id_for_username: 'user-guid', origins_for_username: ['uaa']) client.put "v2/organizations/#{organization.guid}/managers", MultiJson.dump({ username: 'user@example.com' }, pretty: true), headers @@ -230,7 +230,7 @@ delete 'v2/organizations/:guid/managers' do example 'Remove Manager with the Organization by Username' do uaa_client = double(:uaa_client) - allow(CloudController::DependencyLocator.instance).to receive(:uaa_client).and_return(uaa_client) + allow(CloudController::DependencyLocator.instance).to receive(:uaa_username_lookup_client).and_return(uaa_client) allow(uaa_client).to receive_messages(id_for_username: associated_manager_guid, origins_for_username: ['uaa']) client.delete "v2/organizations/#{organization.guid}/managers", MultiJson.dump({ username: 'manage@example.com' }, pretty: true), headers @@ -269,7 +269,7 @@ put 'v2/organizations/:guid/billing_managers' do example 'Associate Billing Manager with the Organization by Username' do uaa_client = double(:uaa_client) - allow(CloudController::DependencyLocator.instance).to receive(:uaa_client).and_return(uaa_client) + allow(CloudController::DependencyLocator.instance).to receive(:uaa_username_lookup_client).and_return(uaa_client) allow(uaa_client).to receive_messages(id_for_username: 'user-guid', origins_for_username: ['uaa']) client.put "v2/organizations/#{organization.guid}/billing_managers", MultiJson.dump({ username: 'user@example.com' }, pretty: true), headers @@ -282,7 +282,7 @@ delete 'v2/organizations/:guid/billing_managers' do example 'Remove Billing Manager with the Organization by Username' do uaa_client = double(:uaa_client) - allow(CloudController::DependencyLocator.instance).to receive(:uaa_client).and_return(uaa_client) + allow(CloudController::DependencyLocator.instance).to receive(:uaa_username_lookup_client).and_return(uaa_client) allow(uaa_client).to receive_messages(id_for_username: associated_billing_manager_guid, origins_for_username: ['uaa']) client.delete "v2/organizations/#{organization.guid}/billing_managers", MultiJson.dump({ username: 'billing_manager@example.com' }, pretty: true), headers @@ -321,7 +321,7 @@ put 'v2/organizations/:guid/auditors' do example 'Associate Auditor with the Organization by Username' do uaa_client = double(:uaa_client) - allow(CloudController::DependencyLocator.instance).to receive(:uaa_client).and_return(uaa_client) + allow(CloudController::DependencyLocator.instance).to receive(:uaa_username_lookup_client).and_return(uaa_client) allow(uaa_client).to receive_messages(id_for_username: 'user-guid', origins_for_username: ['uaa']) client.put "v2/organizations/#{organization.guid}/auditors", MultiJson.dump({ username: 'user@example.com' }, pretty: true), headers @@ -334,7 +334,7 @@ delete 'v2/organizations/:guid/auditors' do example 'Remove Auditor with the Organization by Username' do uaa_client = double(:uaa_client) - allow(CloudController::DependencyLocator.instance).to receive(:uaa_client).and_return(uaa_client) + allow(CloudController::DependencyLocator.instance).to receive(:uaa_username_lookup_client).and_return(uaa_client) allow(uaa_client).to receive_messages(id_for_username: associated_auditor_guid, origins_for_username: ['uaa']) client.delete "v2/organizations/#{organization.guid}/auditors", MultiJson.dump({ username: 'auditor@example.com' }, pretty: true), headers diff --git a/spec/api/documentation/spaces_api_spec.rb b/spec/api/documentation/spaces_api_spec.rb index 481ccd2ed34..34e7fe6b91f 100644 --- a/spec/api/documentation/spaces_api_spec.rb +++ b/spec/api/documentation/spaces_api_spec.rb @@ -136,7 +136,7 @@ def after_standard_model_delete(guid) put 'v2/spaces/:guid/developers' do example 'Associate Developer with the Space by Username' do uaa_client = double(:uaa_client) - allow(CloudController::DependencyLocator.instance).to receive(:uaa_client).and_return(uaa_client) + allow(CloudController::DependencyLocator.instance).to receive(:uaa_username_lookup_client).and_return(uaa_client) allow(uaa_client).to receive_messages(id_for_username: developer.guid, origins_for_username: ['uaa']) client.put "v2/spaces/#{space.guid}/developers", MultiJson.dump({ username: 'user@example.com' }, pretty: true), headers @@ -149,7 +149,7 @@ def after_standard_model_delete(guid) delete 'v2/spaces/:guid/developers' do example 'Remove Developer with the Space by Username' do uaa_client = double(:uaa_client) - allow(CloudController::DependencyLocator.instance).to receive(:uaa_client).and_return(uaa_client) + allow(CloudController::DependencyLocator.instance).to receive(:uaa_username_lookup_client).and_return(uaa_client) allow(uaa_client).to receive_messages(id_for_username: associated_developer.guid, origins_for_username: ['uaa']) client.delete "v2/spaces/#{space.guid}/developers", MultiJson.dump({ username: 'developer@example.com' }, pretty: true), headers @@ -192,7 +192,7 @@ def after_standard_model_delete(guid) put 'v2/spaces/:guid/managers' do example 'Associate Manager with the Space by Username' do uaa_client = double(:uaa_client) - allow(CloudController::DependencyLocator.instance).to receive(:uaa_client).and_return(uaa_client) + allow(CloudController::DependencyLocator.instance).to receive(:uaa_username_lookup_client).and_return(uaa_client) allow(uaa_client).to receive_messages(id_for_username: manager.guid, origins_for_username: ['uaa']) client.put "v2/spaces/#{space.guid}/managers", MultiJson.dump({ username: 'user@example.com' }, pretty: true), headers @@ -205,7 +205,7 @@ def after_standard_model_delete(guid) delete 'v2/spaces/:guid/managers' do example 'Remove Manager with the Space by Username' do uaa_client = double(:uaa_client) - allow(CloudController::DependencyLocator.instance).to receive(:uaa_client).and_return(uaa_client) + allow(CloudController::DependencyLocator.instance).to receive(:uaa_username_lookup_client).and_return(uaa_client) allow(uaa_client).to receive_messages(id_for_username: associated_manager.guid, origins_for_username: ['uaa']) client.delete "v2/spaces/#{space.guid}/managers", MultiJson.dump({ username: 'manager@example.com' }, pretty: true), headers @@ -248,7 +248,7 @@ def after_standard_model_delete(guid) put 'v2/spaces/:guid/auditors' do example 'Associate Auditor with the Space by Username' do uaa_client = double(:uaa_client) - allow(CloudController::DependencyLocator.instance).to receive(:uaa_client).and_return(uaa_client) + allow(CloudController::DependencyLocator.instance).to receive(:uaa_username_lookup_client).and_return(uaa_client) allow(uaa_client).to receive_messages(id_for_username: auditor.guid, origins_for_username: ['uaa']) client.put "v2/spaces/#{space.guid}/auditors", MultiJson.dump({ username: 'user@example.com' }, pretty: true), headers @@ -261,7 +261,7 @@ def after_standard_model_delete(guid) delete 'v2/spaces/:guid/auditors' do example 'Remove Auditor with the Space by Username' do uaa_client = double(:uaa_client) - allow(CloudController::DependencyLocator.instance).to receive(:uaa_client).and_return(uaa_client) + allow(CloudController::DependencyLocator.instance).to receive(:uaa_username_lookup_client).and_return(uaa_client) allow(uaa_client).to receive_messages(id_for_username: associated_auditor.guid, origins_for_username: ['uaa']) client.delete "v2/spaces/#{space.guid}/auditors", MultiJson.dump({ username: 'auditor@example.com' }, pretty: true), headers diff --git a/spec/request/organizations_spec.rb b/spec/request/organizations_spec.rb index 10b550df704..55aac49322e 100644 --- a/spec/request/organizations_spec.rb +++ b/spec/request/organizations_spec.rb @@ -19,7 +19,7 @@ module VCAP::CloudController Domain.dataset.destroy # this will clean up the seeded test domains TestConfig.override(kubernetes: {}) - allow(CloudController::DependencyLocator.instance).to receive(:uaa_client).and_return(uaa_client) + allow(CloudController::DependencyLocator.instance).to receive(:uaa_username_lookup_client).and_return(uaa_client) allow(uaa_client).to receive(:usernames_for_ids).with([user.guid]).and_return( { user.guid => 'Ragnaros' } ) diff --git a/spec/request/roles_spec.rb b/spec/request/roles_spec.rb index 117f33de57b..4c6fe122f1f 100644 --- a/spec/request/roles_spec.rb +++ b/spec/request/roles_spec.rb @@ -13,7 +13,7 @@ let(:uaa_client) { instance_double(VCAP::CloudController::UaaClient) } before do - allow(CloudController::DependencyLocator.instance).to receive(:uaa_client).and_return(uaa_client) + allow(CloudController::DependencyLocator.instance).to receive(:uaa_username_lookup_client).and_return(uaa_client) allow(uaa_client).to receive(:usernames_for_ids).with([user_with_role.guid]).and_return( { user_with_role.guid => 'mona' } ) diff --git a/spec/unit/actions/organization_create_spec.rb b/spec/unit/actions/organization_create_spec.rb index 4011ac13a7d..77e810e1d0e 100644 --- a/spec/unit/actions/organization_create_spec.rb +++ b/spec/unit/actions/organization_create_spec.rb @@ -12,7 +12,7 @@ module VCAP::CloudController subject(:org_create) { OrganizationCreate.new(user_audit_info:) } before do - allow(CloudController::DependencyLocator.instance).to receive(:uaa_client).and_return(uaa_client) + allow(CloudController::DependencyLocator.instance).to receive(:uaa_username_lookup_client).and_return(uaa_client) allow(uaa_client).to receive(:usernames_for_ids).with([user.guid]).and_return( { user.guid => 'Ragnaros' } ) diff --git a/spec/unit/actions/role_create_spec.rb b/spec/unit/actions/role_create_spec.rb index b194941fa16..983b6f29f9a 100644 --- a/spec/unit/actions/role_create_spec.rb +++ b/spec/unit/actions/role_create_spec.rb @@ -12,7 +12,7 @@ module VCAP::CloudController let(:uaa_client) { instance_double(VCAP::CloudController::UaaClient) } before do - allow(CloudController::DependencyLocator.instance).to receive(:uaa_client).and_return(uaa_client) + allow(CloudController::DependencyLocator.instance).to receive(:uaa_username_lookup_client).and_return(uaa_client) allow(uaa_client).to receive(:usernames_for_ids).with([user.guid]).and_return( { user.guid => 'mona' } ) diff --git a/spec/unit/actions/role_delete_spec.rb b/spec/unit/actions/role_delete_spec.rb index 2673606e399..2dd0b265e55 100644 --- a/spec/unit/actions/role_delete_spec.rb +++ b/spec/unit/actions/role_delete_spec.rb @@ -8,7 +8,7 @@ module VCAP::CloudController let(:uaa_client) { instance_double(VCAP::CloudController::UaaClient) } before do - allow(CloudController::DependencyLocator.instance).to receive(:uaa_client).and_return(uaa_client) + allow(CloudController::DependencyLocator.instance).to receive(:uaa_username_lookup_client).and_return(uaa_client) allow(user_with_role).to receive(:username).and_return('kiwi') end diff --git a/spec/unit/controllers/v3/organizations_controller_spec.rb b/spec/unit/controllers/v3/organizations_controller_spec.rb index 8cac156ca56..503a10baacb 100644 --- a/spec/unit/controllers/v3/organizations_controller_spec.rb +++ b/spec/unit/controllers/v3/organizations_controller_spec.rb @@ -10,7 +10,7 @@ before do set_current_user(user) - allow(CloudController::DependencyLocator.instance).to receive(:uaa_client).and_return(uaa_client) + allow(CloudController::DependencyLocator.instance).to receive(:uaa_username_lookup_client).and_return(uaa_client) allow(uaa_client).to receive(:usernames_for_ids).with([user.guid]).and_return( { user.guid => 'Ragnaros' } ) diff --git a/spec/unit/decorators/include_role_user_decorator_spec.rb b/spec/unit/decorators/include_role_user_decorator_spec.rb index 3716efd36cc..d260cd758d1 100644 --- a/spec/unit/decorators/include_role_user_decorator_spec.rb +++ b/spec/unit/decorators/include_role_user_decorator_spec.rb @@ -23,7 +23,7 @@ module VCAP::CloudController end before do - allow(CloudController::DependencyLocator.instance).to receive(:uaa_client).and_return(uaa_client) + allow(CloudController::DependencyLocator.instance).to receive(:uaa_username_lookup_client).and_return(uaa_client) allow(uaa_client).to receive(:users_for_ids).with([user1.guid, user2.guid]).and_return(user_uaa_info) end diff --git a/spec/unit/lib/cloud_controller/dependency_locator_spec.rb b/spec/unit/lib/cloud_controller/dependency_locator_spec.rb index e48239b7637..8e1b5d64978 100644 --- a/spec/unit/lib/cloud_controller/dependency_locator_spec.rb +++ b/spec/unit/lib/cloud_controller/dependency_locator_spec.rb @@ -259,9 +259,9 @@ expect(renderer.object_transformer).to be_a(VCAP::CloudController::UsernamePopulator) end - it 'uses the uaa_client for the populator' do + it 'uses the uaa_username_lookup_client for the populator' do uaa_client = double('uaa client') - expect(locator).to receive(:uaa_client).and_return(uaa_client) + expect(locator).to receive(:uaa_username_lookup_client).and_return(uaa_client) renderer = locator.username_populating_object_renderer expect(renderer.object_transformer.uaa_client).to eq(uaa_client) end @@ -273,9 +273,9 @@ expect(renderer.collection_transformer).to be_a(VCAP::CloudController::UsernamePopulator) end - it 'uses the uaa_client for the populator' do + it 'uses the uaa_username_lookup_client for the populator' do uaa_client = double('uaa client') - expect(locator).to receive(:uaa_client).and_return(uaa_client) + expect(locator).to receive(:uaa_username_lookup_client).and_return(uaa_client) renderer = locator.username_populating_collection_renderer expect(renderer.collection_transformer.uaa_client).to eq(uaa_client) end @@ -295,26 +295,26 @@ end end - describe '#uaa_client' do + describe '#uaa_username_lookup_client' do context 'when a CA file is not configured for the UAA' do before do TestConfig.override(uaa: { ca_file: nil, internal_url: TestConfig.config_instance.get(:uaa, :internal_url) }) end it 'returns a uaa client with credentials for looking up usernames' do - uaa_client = locator.uaa_client - expect(uaa_client.client_id).to eq(config.get(:cloud_controller_username_lookup_client_name)) - expect(uaa_client.secret).to eq(config.get(:cloud_controller_username_lookup_client_secret)) - expect(uaa_client.uaa_target).to eq(config.get(:uaa, :internal_url)) + uaa_username_lookup_client = locator.uaa_username_lookup_client + expect(uaa_username_lookup_client.client_id).to eq(config.get(:cloud_controller_username_lookup_client_name)) + expect(uaa_username_lookup_client.secret).to eq(config.get(:cloud_controller_username_lookup_client_secret)) + expect(uaa_username_lookup_client.uaa_target).to eq(config.get(:uaa, :internal_url)) end end context 'when a CA file is configured for the UAA' do it 'returns a uaa client with credentials for looking up usernames' do - uaa_client = locator.uaa_client - expect(uaa_client.client_id).to eq(config.get(:cloud_controller_username_lookup_client_name)) - expect(uaa_client.secret).to eq(config.get(:cloud_controller_username_lookup_client_secret)) - expect(uaa_client.uaa_target).to eq(config.get(:uaa, :internal_url)) + uaa_username_lookup_client = locator.uaa_username_lookup_client + expect(uaa_username_lookup_client.client_id).to eq(config.get(:cloud_controller_username_lookup_client_name)) + expect(uaa_username_lookup_client.secret).to eq(config.get(:cloud_controller_username_lookup_client_secret)) + expect(uaa_username_lookup_client.uaa_target).to eq(config.get(:uaa, :internal_url)) end end end diff --git a/spec/unit/lib/cloud_controller/security/security_context_configurer_spec.rb b/spec/unit/lib/cloud_controller/security/security_context_configurer_spec.rb index 00c203fbca4..f2c55060af8 100644 --- a/spec/unit/lib/cloud_controller/security/security_context_configurer_spec.rb +++ b/spec/unit/lib/cloud_controller/security/security_context_configurer_spec.rb @@ -93,7 +93,7 @@ module Security let(:uaa_client) { double(UaaClient) } before do - allow(CloudController::DependencyLocator.instance).to receive(:uaa_client). + allow(CloudController::DependencyLocator.instance).to receive(:uaa_username_lookup_client). and_return(uaa_client) end diff --git a/spec/unit/lib/uaa/uaa_token_cache_spec.rb b/spec/unit/lib/uaa/uaa_token_cache_spec.rb index 7ca5ef42518..ca595ee8790 100644 --- a/spec/unit/lib/uaa/uaa_token_cache_spec.rb +++ b/spec/unit/lib/uaa/uaa_token_cache_spec.rb @@ -2,12 +2,7 @@ module VCAP::CloudController RSpec.describe UaaTokenCache do - let(:url) { 'http://uaa.example.com' } - let(:client_id) { ' ' } - let(:secret) { 'secret_key' } - let(:expected_uaa_options) { { skip_ssl_validation: false, ssl_ca_file: 'path/to/ca/file', http_timeout: TestConfig.config_instance.get(:uaa, :client_timeout) } } - - subject(:uaa_client) { UaaClient.new(uaa_target: url, client_id: client_id, secret: secret, ca_file: 'path/to/ca/file') } + let(:client_id) { 'client-id' } before do UaaTokenCache.clear! diff --git a/spec/unit/lib/uaa/uaa_token_decoder_spec.rb b/spec/unit/lib/uaa/uaa_token_decoder_spec.rb index d51f4c4ec17..af94c53dca5 100644 --- a/spec/unit/lib/uaa/uaa_token_decoder_spec.rb +++ b/spec/unit/lib/uaa/uaa_token_decoder_spec.rb @@ -20,7 +20,7 @@ module VCAP::CloudController let(:logger) { double(Steno::Logger) } before do - allow(::CloudController::DependencyLocator.instance).to receive(:uaa_client).and_return(uaa_client) + allow(::CloudController::DependencyLocator.instance).to receive(:uaa_username_lookup_client).and_return(uaa_client) allow(uaa_client).to receive(:info).and_return(uaa_info) allow(Steno).to receive(:logger).with('cc.uaa_token_decoder').and_return(logger) # undo global stubbing in spec_helper.rb