Richard Scothern
GitHub
commit
b89a594355
|
|
@ -183,6 +183,18 @@ func filterAccessList(ctx context.Context, scope string, requestedAccessList []a
|
||||||
return grantedAccessList
|
return grantedAccessList
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type acctSubject struct{}
|
||||||
|
|
||||||
|
func (acctSubject) String() string { return "acctSubject" }
|
||||||
|
|
||||||
|
type requestedAccess struct{}
|
||||||
|
|
||||||
|
func (requestedAccess) String() string { return "requestedAccess" }
|
||||||
|
|
||||||
|
type grantedAccess struct{}
|
||||||
|
|
||||||
|
func (grantedAccess) String() string { return "grantedAccess" }
|
||||||
|
|
||||||
// getToken handles authenticating the request and authorizing access to the
|
// getToken handles authenticating the request and authorizing access to the
|
||||||
// requested scopes.
|
// requested scopes.
|
||||||
func (ts *tokenServer) getToken(ctx context.Context, w http.ResponseWriter, r *http.Request) {
|
func (ts *tokenServer) getToken(ctx context.Context, w http.ResponseWriter, r *http.Request) {
|
||||||
|
|
@ -225,17 +237,17 @@ func (ts *tokenServer) getToken(ctx context.Context, w http.ResponseWriter, r *h
|
||||||
|
|
||||||
username := context.GetStringValue(ctx, "auth.user.name")
|
username := context.GetStringValue(ctx, "auth.user.name")
|
||||||
|
|
||||||
ctx = context.WithValue(ctx, "acctSubject", username)
|
ctx = context.WithValue(ctx, acctSubject{}, username)
|
||||||
ctx = context.WithLogger(ctx, context.GetLogger(ctx, "acctSubject"))
|
ctx = context.WithLogger(ctx, context.GetLogger(ctx, acctSubject{}))
|
||||||
|
|
||||||
context.GetLogger(ctx).Info("authenticated client")
|
context.GetLogger(ctx).Info("authenticated client")
|
||||||
|
|
||||||
ctx = context.WithValue(ctx, "requestedAccess", requestedAccessList)
|
ctx = context.WithValue(ctx, requestedAccess{}, requestedAccessList)
|
||||||
ctx = context.WithLogger(ctx, context.GetLogger(ctx, "requestedAccess"))
|
ctx = context.WithLogger(ctx, context.GetLogger(ctx, requestedAccess{}))
|
||||||
|
|
||||||
grantedAccessList := filterAccessList(ctx, username, requestedAccessList)
|
grantedAccessList := filterAccessList(ctx, username, requestedAccessList)
|
||||||
ctx = context.WithValue(ctx, "grantedAccess", grantedAccessList)
|
ctx = context.WithValue(ctx, grantedAccess{}, grantedAccessList)
|
||||||
ctx = context.WithLogger(ctx, context.GetLogger(ctx, "grantedAccess"))
|
ctx = context.WithLogger(ctx, context.GetLogger(ctx, grantedAccess{}))
|
||||||
|
|
||||||
token, err := ts.issuer.CreateJWT(username, service, grantedAccessList)
|
token, err := ts.issuer.CreateJWT(username, service, grantedAccessList)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
@ -347,17 +359,17 @@ func (ts *tokenServer) postToken(ctx context.Context, w http.ResponseWriter, r *
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
ctx = context.WithValue(ctx, "acctSubject", subject)
|
ctx = context.WithValue(ctx, acctSubject{}, subject)
|
||||||
ctx = context.WithLogger(ctx, context.GetLogger(ctx, "acctSubject"))
|
ctx = context.WithLogger(ctx, context.GetLogger(ctx, acctSubject{}))
|
||||||
|
|
||||||
context.GetLogger(ctx).Info("authenticated client")
|
context.GetLogger(ctx).Info("authenticated client")
|
||||||
|
|
||||||
ctx = context.WithValue(ctx, "requestedAccess", requestedAccessList)
|
ctx = context.WithValue(ctx, requestedAccess{}, requestedAccessList)
|
||||||
ctx = context.WithLogger(ctx, context.GetLogger(ctx, "requestedAccess"))
|
ctx = context.WithLogger(ctx, context.GetLogger(ctx, requestedAccess{}))
|
||||||
|
|
||||||
grantedAccessList := filterAccessList(ctx, subject, requestedAccessList)
|
grantedAccessList := filterAccessList(ctx, subject, requestedAccessList)
|
||||||
ctx = context.WithValue(ctx, "grantedAccess", grantedAccessList)
|
ctx = context.WithValue(ctx, grantedAccess{}, grantedAccessList)
|
||||||
ctx = context.WithLogger(ctx, context.GetLogger(ctx, "grantedAccess"))
|
ctx = context.WithLogger(ctx, context.GetLogger(ctx, grantedAccess{}))
|
||||||
|
|
||||||
token, err := ts.issuer.CreateJWT(subject, service, grantedAccessList)
|
token, err := ts.issuer.CreateJWT(subject, service, grantedAccessList)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
||||||
|
|
@ -16,7 +16,7 @@ func TestSillyAccessController(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||||
ctx := context.WithValue(nil, "http.request", r)
|
ctx := context.WithRequest(context.Background(), r)
|
||||||
authCtx, err := ac.Authorized(ctx)
|
authCtx, err := ac.Authorized(ctx)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
switch err := err.(type) {
|
switch err := err.(type) {
|
||||||
|
|
|
||||||
|
|
@ -354,7 +354,7 @@ func TestAccessController(t *testing.T) {
|
||||||
Action: "baz",
|
Action: "baz",
|
||||||
}
|
}
|
||||||
|
|
||||||
ctx := context.WithValue(nil, "http.request", req)
|
ctx := context.WithRequest(context.Background(), req)
|
||||||
authCtx, err := accessController.Authorized(ctx, testAccess)
|
authCtx, err := accessController.Authorized(ctx, testAccess)
|
||||||
challenge, ok := err.(auth.Challenge)
|
challenge, ok := err.(auth.Challenge)
|
||||||
if !ok {
|
if !ok {
|
||||||
|
|
|
||||||
|
|
@ -461,6 +461,8 @@ func (app *App) configureEvents(configuration *configuration.Configuration) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type redisStartAtKey struct{}
|
||||||
|
|
||||||
func (app *App) configureRedis(configuration *configuration.Configuration) {
|
func (app *App) configureRedis(configuration *configuration.Configuration) {
|
||||||
if configuration.Redis.Addr == "" {
|
if configuration.Redis.Addr == "" {
|
||||||
ctxu.GetLogger(app).Infof("redis not configured")
|
ctxu.GetLogger(app).Infof("redis not configured")
|
||||||
|
|
@ -470,11 +472,11 @@ func (app *App) configureRedis(configuration *configuration.Configuration) {
|
||||||
pool := &redis.Pool{
|
pool := &redis.Pool{
|
||||||
Dial: func() (redis.Conn, error) {
|
Dial: func() (redis.Conn, error) {
|
||||||
// TODO(stevvooe): Yet another use case for contextual timing.
|
// TODO(stevvooe): Yet another use case for contextual timing.
|
||||||
ctx := context.WithValue(app, "redis.connect.startedat", time.Now())
|
ctx := context.WithValue(app, redisStartAtKey{}, time.Now())
|
||||||
|
|
||||||
done := func(err error) {
|
done := func(err error) {
|
||||||
logger := ctxu.GetLoggerWithField(ctx, "redis.connect.duration",
|
logger := ctxu.GetLoggerWithField(ctx, "redis.connect.duration",
|
||||||
ctxu.Since(ctx, "redis.connect.startedat"))
|
ctxu.Since(ctx, redisStartAtKey{}))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Errorf("redis: error connecting: %v", err)
|
logger.Errorf("redis: error connecting: %v", err)
|
||||||
} else {
|
} else {
|
||||||
|
|
@ -707,6 +709,18 @@ func (app *App) dispatcher(dispatch dispatchFunc) http.Handler {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type errCodeKey struct{}
|
||||||
|
|
||||||
|
func (errCodeKey) String() string { return "err.code" }
|
||||||
|
|
||||||
|
type errMessageKey struct{}
|
||||||
|
|
||||||
|
func (errMessageKey) String() string { return "err.message" }
|
||||||
|
|
||||||
|
type errDetailKey struct{}
|
||||||
|
|
||||||
|
func (errDetailKey) String() string { return "err.detail" }
|
||||||
|
|
||||||
func (app *App) logError(context context.Context, errors errcode.Errors) {
|
func (app *App) logError(context context.Context, errors errcode.Errors) {
|
||||||
for _, e1 := range errors {
|
for _, e1 := range errors {
|
||||||
var c ctxu.Context
|
var c ctxu.Context
|
||||||
|
|
@ -714,23 +728,23 @@ func (app *App) logError(context context.Context, errors errcode.Errors) {
|
||||||
switch e1.(type) {
|
switch e1.(type) {
|
||||||
case errcode.Error:
|
case errcode.Error:
|
||||||
e, _ := e1.(errcode.Error)
|
e, _ := e1.(errcode.Error)
|
||||||
c = ctxu.WithValue(context, "err.code", e.Code)
|
c = ctxu.WithValue(context, errCodeKey{}, e.Code)
|
||||||
c = ctxu.WithValue(c, "err.message", e.Code.Message())
|
c = ctxu.WithValue(c, errMessageKey{}, e.Code.Message())
|
||||||
c = ctxu.WithValue(c, "err.detail", e.Detail)
|
c = ctxu.WithValue(c, errDetailKey{}, e.Detail)
|
||||||
case errcode.ErrorCode:
|
case errcode.ErrorCode:
|
||||||
e, _ := e1.(errcode.ErrorCode)
|
e, _ := e1.(errcode.ErrorCode)
|
||||||
c = ctxu.WithValue(context, "err.code", e)
|
c = ctxu.WithValue(context, errCodeKey{}, e)
|
||||||
c = ctxu.WithValue(c, "err.message", e.Message())
|
c = ctxu.WithValue(c, errMessageKey{}, e.Message())
|
||||||
default:
|
default:
|
||||||
// just normal go 'error'
|
// just normal go 'error'
|
||||||
c = ctxu.WithValue(context, "err.code", errcode.ErrorCodeUnknown)
|
c = ctxu.WithValue(context, errCodeKey{}, errcode.ErrorCodeUnknown)
|
||||||
c = ctxu.WithValue(c, "err.message", e1.Error())
|
c = ctxu.WithValue(c, errMessageKey{}, e1.Error())
|
||||||
}
|
}
|
||||||
|
|
||||||
c = ctxu.WithLogger(c, ctxu.GetLogger(c,
|
c = ctxu.WithLogger(c, ctxu.GetLogger(c,
|
||||||
"err.code",
|
errCodeKey{},
|
||||||
"err.message",
|
errMessageKey{},
|
||||||
"err.detail"))
|
errDetailKey{}))
|
||||||
ctxu.GetResponseLogger(c).Errorf("response completed with error")
|
ctxu.GetResponseLogger(c).Errorf("response completed with error")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -76,8 +76,8 @@ const noStorageClass = "NONE"
|
||||||
// validRegions maps known s3 region identifiers to region descriptors
|
// validRegions maps known s3 region identifiers to region descriptors
|
||||||
var validRegions = map[string]struct{}{}
|
var validRegions = map[string]struct{}{}
|
||||||
|
|
||||||
// validObjectAcls contains known s3 object Acls
|
// validObjectACLs contains known s3 object Acls
|
||||||
var validObjectAcls = map[string]struct{}{}
|
var validObjectACLs = map[string]struct{}{}
|
||||||
|
|
||||||
//DriverParameters A struct that encapsulates all of the driver parameters after all values have been set
|
//DriverParameters A struct that encapsulates all of the driver parameters after all values have been set
|
||||||
type DriverParameters struct {
|
type DriverParameters struct {
|
||||||
|
|
@ -97,7 +97,7 @@ type DriverParameters struct {
|
||||||
RootDirectory string
|
RootDirectory string
|
||||||
StorageClass string
|
StorageClass string
|
||||||
UserAgent string
|
UserAgent string
|
||||||
ObjectAcl string
|
ObjectACL string
|
||||||
}
|
}
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
|
|
@ -118,7 +118,7 @@ func init() {
|
||||||
validRegions[region] = struct{}{}
|
validRegions[region] = struct{}{}
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, objectAcl := range []string{
|
for _, objectACL := range []string{
|
||||||
s3.ObjectCannedACLPrivate,
|
s3.ObjectCannedACLPrivate,
|
||||||
s3.ObjectCannedACLPublicRead,
|
s3.ObjectCannedACLPublicRead,
|
||||||
s3.ObjectCannedACLPublicReadWrite,
|
s3.ObjectCannedACLPublicReadWrite,
|
||||||
|
|
@ -127,7 +127,7 @@ func init() {
|
||||||
s3.ObjectCannedACLBucketOwnerRead,
|
s3.ObjectCannedACLBucketOwnerRead,
|
||||||
s3.ObjectCannedACLBucketOwnerFullControl,
|
s3.ObjectCannedACLBucketOwnerFullControl,
|
||||||
} {
|
} {
|
||||||
validObjectAcls[objectAcl] = struct{}{}
|
validObjectACLs[objectACL] = struct{}{}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Register this as the default s3 driver in addition to s3aws
|
// Register this as the default s3 driver in addition to s3aws
|
||||||
|
|
@ -153,7 +153,7 @@ type driver struct {
|
||||||
MultipartCopyThresholdSize int64
|
MultipartCopyThresholdSize int64
|
||||||
RootDirectory string
|
RootDirectory string
|
||||||
StorageClass string
|
StorageClass string
|
||||||
ObjectAcl string
|
ObjectACL string
|
||||||
}
|
}
|
||||||
|
|
||||||
type baseEmbed struct {
|
type baseEmbed struct {
|
||||||
|
|
@ -313,18 +313,18 @@ func FromParameters(parameters map[string]interface{}) (*Driver, error) {
|
||||||
userAgent = ""
|
userAgent = ""
|
||||||
}
|
}
|
||||||
|
|
||||||
objectAcl := s3.ObjectCannedACLPrivate
|
objectACL := s3.ObjectCannedACLPrivate
|
||||||
objectAclParam := parameters["objectacl"]
|
objectACLParam := parameters["objectacl"]
|
||||||
if objectAclParam != nil {
|
if objectACLParam != nil {
|
||||||
objectAclString, ok := objectAclParam.(string)
|
objectACLString, ok := objectACLParam.(string)
|
||||||
if !ok {
|
if !ok {
|
||||||
return nil, fmt.Errorf("Invalid value for objectacl parameter: %v", objectAclParam)
|
return nil, fmt.Errorf("Invalid value for objectacl parameter: %v", objectACLParam)
|
||||||
}
|
}
|
||||||
|
|
||||||
if _, ok = validObjectAcls[objectAclString]; !ok {
|
if _, ok = validObjectACLs[objectACLString]; !ok {
|
||||||
return nil, fmt.Errorf("Invalid value for objectacl parameter: %v", objectAclParam)
|
return nil, fmt.Errorf("Invalid value for objectacl parameter: %v", objectACLParam)
|
||||||
}
|
}
|
||||||
objectAcl = objectAclString
|
objectACL = objectACLString
|
||||||
}
|
}
|
||||||
|
|
||||||
params := DriverParameters{
|
params := DriverParameters{
|
||||||
|
|
@ -344,7 +344,7 @@ func FromParameters(parameters map[string]interface{}) (*Driver, error) {
|
||||||
fmt.Sprint(rootDirectory),
|
fmt.Sprint(rootDirectory),
|
||||||
storageClass,
|
storageClass,
|
||||||
fmt.Sprint(userAgent),
|
fmt.Sprint(userAgent),
|
||||||
objectAcl,
|
objectACL,
|
||||||
}
|
}
|
||||||
|
|
||||||
return New(params)
|
return New(params)
|
||||||
|
|
@ -459,7 +459,7 @@ func New(params DriverParameters) (*Driver, error) {
|
||||||
MultipartCopyThresholdSize: params.MultipartCopyThresholdSize,
|
MultipartCopyThresholdSize: params.MultipartCopyThresholdSize,
|
||||||
RootDirectory: params.RootDirectory,
|
RootDirectory: params.RootDirectory,
|
||||||
StorageClass: params.StorageClass,
|
StorageClass: params.StorageClass,
|
||||||
ObjectAcl: params.ObjectAcl,
|
ObjectACL: params.ObjectACL,
|
||||||
}
|
}
|
||||||
|
|
||||||
return &Driver{
|
return &Driver{
|
||||||
|
|
@ -912,7 +912,7 @@ func (d *driver) getContentType() *string {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (d *driver) getACL() *string {
|
func (d *driver) getACL() *string {
|
||||||
return aws.String(d.ObjectAcl)
|
return aws.String(d.ObjectACL)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (d *driver) getStorageClass() *string {
|
func (d *driver) getStorageClass() *string {
|
||||||
|
|
|
||||||
|
|
@ -33,7 +33,7 @@ func init() {
|
||||||
secure := os.Getenv("S3_SECURE")
|
secure := os.Getenv("S3_SECURE")
|
||||||
v4Auth := os.Getenv("S3_V4_AUTH")
|
v4Auth := os.Getenv("S3_V4_AUTH")
|
||||||
region := os.Getenv("AWS_REGION")
|
region := os.Getenv("AWS_REGION")
|
||||||
objectAcl := os.Getenv("S3_OBJECT_ACL")
|
objectACL := os.Getenv("S3_OBJECT_ACL")
|
||||||
root, err := ioutil.TempDir("", "driver-")
|
root, err := ioutil.TempDir("", "driver-")
|
||||||
regionEndpoint := os.Getenv("REGION_ENDPOINT")
|
regionEndpoint := os.Getenv("REGION_ENDPOINT")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
@ -83,7 +83,7 @@ func init() {
|
||||||
rootDirectory,
|
rootDirectory,
|
||||||
storageClass,
|
storageClass,
|
||||||
driverName + "-test",
|
driverName + "-test",
|
||||||
objectAcl,
|
objectACL,
|
||||||
}
|
}
|
||||||
|
|
||||||
return New(parameters)
|
return New(parameters)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue