Skip to content

Start using AuthProvider audiences. #13

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
sarvaniv wants to merge 9 commits into from
Closed

Start using AuthProvider audiences. #13

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
eba2bfe
Start using AuthProvider audiences.
sarvaniv Dec 13, 2016
ca9ef31
Address code review comment
sarvaniv Dec 13, 2016
c2438b7
More code review comments addressed
sarvaniv Dec 13, 2016
ab52aa1
Add initial travis-CI build config for bazel.build.
sebastienvas Dec 13, 2016
d1a67c6
Merge pull request #12 from sebastienvas/travis
sebastienvas Dec 13, 2016
af9709d
Start using AuthProvider audiences.
sarvaniv Dec 13, 2016
c1c644d
Address code review comment
sarvaniv Dec 13, 2016
137e25b
More code review comments addressed
sarvaniv Dec 13, 2016
0c0c76f
Merge branch 'bug_33486639' of https://github.com/sarvaniv/proxy into…
sarvaniv Dec 13, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .bazelrc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
test --test_output=errors
test --test_size_filters=-large,-enormous
12 changes: 12 additions & 0 deletions .bazelrc.travis
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# This is from Bazel's former travis setup, to avoid blowing up the RAM usage.
startup --host_jvm_args=-Xmx2500m
startup --host_jvm_args=-Xms2500m
startup --batch
test --ram_utilization_factor=10

# This is so we understand failures better
build --verbose_failures

# Below this line, .travis.yml will cat the default bazelrc.
# This is needed so Bazel starts with the base workspace in its
# package path.
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
/bazel-*
40 changes: 40 additions & 0 deletions .travis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
sudo: required
dist: xenial

lang: go

go:
- 1.7.x

jdk:
- oraclejdk8

env:
- BAZEL_VERSION=0.4.2

addons:
apt:
packages:
- wget

cache:
directories:
- $HOME/bazel/install
- $HOME/bazel/outbase

before_install:
- mkdir -p ${HOME}/bazel/install
- cd ${HOME}/bazel/install
- wget --no-clobber "https://github.com/bazelbuild/bazel/releases/download/${BAZEL_VERSION}/bazel_${BAZEL_VERSION}-linux-x86_64.deb"
- chmod +x bazel_${BAZEL_VERSION}-linux-x86_64.deb
- sudo dpkg -i bazel_${BAZEL_VERSION}-linux-x86_64.deb
- sudo apt-get -f install -qqy uuid-dev
- cd ${TRAVIS_BUILD_DIR}
- mv .bazelrc .bazelrc.orig
- cat .bazelrc.travis .bazelrc.orig > .bazelrc

script:
- bazel --output_base=${HOME}/bazel/outbase test //...

notifications:
slack: istio-dev:wEEEbaabdP5ieCgDOFetA9nX
2 changes: 1 addition & 1 deletion WORKSPACE
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,7 @@ bind(

new_git_repository(
name = "googleapis_git",
commit = "6c1d6d4067364a21f8ffefa3401b213d652bf121",
commit = "db1d4547dc56a798915e0eb2c795585385922165",
remote = "https://github.com/googleapis/googleapis.git",
build_file = "third_party/BUILD.googleapis",
)
Expand Down
14 changes: 9 additions & 5 deletions contrib/endpoints/src/api_manager/config.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -258,7 +258,7 @@ bool Config::LoadRpcMethods(ApiManagerEnvInterface *env,
bool Config::LoadAuthentication(ApiManagerEnvInterface *env) {
// Parsing auth config.
const ::google::api::Authentication &auth = service_.authentication();
map<string, string> provider_id_issuer_map;
map<string, const ::google::api::AuthProvider*> provider_id_provider_map;
for (const auto &provider : auth.providers()) {
Copy link
Copy Markdown
Contributor

@qiwzhang qiwzhang Dec 13, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You don't need to make a copy, just use const provider*

if (provider.id().empty()) {
env->LogError("Missing id field in AuthProvider.");
Expand All @@ -274,7 +274,7 @@ bool Config::LoadAuthentication(ApiManagerEnvInterface *env) {
} else {
SetJwksUri(provider.issuer(), string(), true);
}
provider_id_issuer_map[provider.id()] = provider.issuer();
provider_id_provider_map[provider.id()] = &provider;
}

for (const auto &rule : auth.rules()) {
Expand All @@ -296,12 +296,16 @@ bool Config::LoadAuthentication(ApiManagerEnvInterface *env) {
env->LogError(error.c_str());
continue;
}
auto issuer = utils::FindOrNull(provider_id_issuer_map, provider_id);
if (issuer == nullptr) {
auto provider = utils::FindPtrOrNull(provider_id_provider_map,
provider_id);
if (provider == nullptr) {
std::string error = "Undefined provider_id: " + provider_id;
env->LogError(error.c_str());
} else {
(*method)->addAudiencesForIssuer(*issuer, requirement.audiences());
const std::string &audiences = provider->audiences().empty()
? requirement.audiences()
Copy link
Copy Markdown
Contributor

@qiwzhang qiwzhang Dec 13, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

const string&

Copy link
Copy Markdown
Contributor Author

@sarvaniv sarvaniv Dec 13, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

: provider->audiences();
(*method)->addAudiencesForIssuer(provider->issuer(), audiences);
}
}
}
Expand Down
2 changes: 1 addition & 1 deletion contrib/endpoints/src/api_manager/config_test.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -304,6 +304,7 @@ static const char auth_config[] =
" id: \"provider-id1\"\n"
" issuer: \"issuer1@gserviceaccount.com\"\n"
" jwks_uri: \"https://www.googleapis.com/jwks_uri1\"\n"
" audiences: \"ok_audience1\"\n"
Copy link
Copy Markdown
Contributor

@qiwzhang qiwzhang Dec 13, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we add a test case with provider without audience bur requirement has.?

Copy link
Copy Markdown
Contributor Author

@sarvaniv sarvaniv Dec 13, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is already there. There are two apis with AuthRequirements and both have audiences right now. I have just moved one out to AuthProvider and the other one has AuthRequirements audience set.

" }\n"
" providers {\n"
" id: \"provider-id2\"\n"
Expand All @@ -326,7 +327,6 @@ static const char auth_config[] =
" selector: \"Xyz.Method1\"\n"
" requirements {\n"
" provider_id: \"provider-id1\"\n"
" audiences: \"ok_audience1\"\n"
" }\n"
" }\n"
" rules {\n"
Expand Down