From 6fa2aa7b4a6a3427b608381ee8acb600f56628f9 Mon Sep 17 00:00:00 2001 From: Tomas Hozza Date: Fri, 3 Jun 2022 17:30:32 +0200 Subject: [PATCH] cloudapi: add helper method to extract tenant channel from `echo.Context` Extract the determination of tenant channel into a helper function. This will simplify handler and middleware methods, which won't have to implement the same logic by themselves. Fix the multi-tenancy unit test to pass the appropriate context when querying compose statuses, because the server that is being use has JWT enabled and expects the tenant to be set in it. --- internal/cloudapi/v2/handler.go | 13 +++--------- internal/cloudapi/v2/middleware.go | 21 +++++++++++++++++++ internal/cloudapi/v2/v2_multi_tenancy_test.go | 1 + 3 files changed, 25 insertions(+), 10 deletions(-) create mode 100644 internal/cloudapi/v2/middleware.go diff --git a/internal/cloudapi/v2/handler.go b/internal/cloudapi/v2/handler.go index 7c0d2b390..b01a378b4 100644 --- a/internal/cloudapi/v2/handler.go +++ b/internal/cloudapi/v2/handler.go @@ -14,7 +14,6 @@ import ( "github.com/google/uuid" "github.com/labstack/echo/v4" - "github.com/osbuild/osbuild-composer/internal/auth" "github.com/osbuild/osbuild-composer/internal/blueprint" "github.com/osbuild/osbuild-composer/internal/common" "github.com/osbuild/osbuild-composer/internal/distro" @@ -123,15 +122,9 @@ func (h *apiHandlers) PostCompose(ctx echo.Context) error { } // channel is empty if JWT is not enabled - var channel string - if h.server.config.JWTEnabled { - tenant, err := auth.GetFromClaims(ctx.Request().Context(), h.server.config.TenantProviderFields) - if err != nil { - return HTTPErrorWithInternal(ErrorTenantNotFound, err) - } - - // prefix the tenant to prevent collisions if support for specifying channels in a request is ever added - channel = "org-" + tenant + channel, err := h.server.getTenantChannel(ctx) + if err != nil { + return HTTPErrorWithInternal(ErrorTenantNotFound, err) } distribution := h.server.distros.GetDistro(request.Distribution) diff --git a/internal/cloudapi/v2/middleware.go b/internal/cloudapi/v2/middleware.go new file mode 100644 index 000000000..3d2336512 --- /dev/null +++ b/internal/cloudapi/v2/middleware.go @@ -0,0 +1,21 @@ +package v2 + +import ( + "github.com/labstack/echo/v4" + "github.com/osbuild/osbuild-composer/internal/auth" +) + +// getTenantChannel returns the tenant channel for the provided request context +func (s *Server) getTenantChannel(ctx echo.Context) (string, error) { + // channel is empty if JWT is not enabled + var channel string + if s.config.JWTEnabled { + tenant, err := auth.GetFromClaims(ctx.Request().Context(), s.config.TenantProviderFields) + if err != nil { + return "", err + } + // prefix the tenant to prevent collisions if support for specifying channels in a request is ever added + channel = "org-" + tenant + } + return channel, nil +} diff --git a/internal/cloudapi/v2/v2_multi_tenancy_test.go b/internal/cloudapi/v2/v2_multi_tenancy_test.go index 3a191f52e..08c884612 100644 --- a/internal/cloudapi/v2/v2_multi_tenancy_test.go +++ b/internal/cloudapi/v2/v2_multi_tenancy_test.go @@ -267,6 +267,7 @@ func TestMultitenancy(t *testing.T) { resp := test.APICall{ Handler: handler, Method: http.MethodGet, + Context: reqContext(c.orgID), Path: "/api/image-builder-composer/v2/composes/" + c.id.String(), ExpectedStatus: http.StatusOK, }.Do(t)