-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[CLOUDTRUST-2109] Load authorization from DB
- Loading branch information
Showing
5 changed files
with
511 additions
and
243 deletions.
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| package configuration | ||
|
|
||
| // RealmConfiguration struct | ||
| type RealmConfiguration struct { | ||
| DefaultClientID *string `json:"default_client_id,omitempty"` | ||
| DefaultRedirectURI *string `json:"default_redirect_uri,omitempty"` | ||
| APISelfAuthenticatorDeletionEnabled *bool `json:"api_self_authenticator_deletion_enabled,omitempty"` | ||
| APISelfPasswordChangeEnabled *bool `json:"api_self_password_change_enabled,omitempty"` | ||
| APISelfMailEditingEnabled *bool `json:"api_self_mail_editing_enabled,omitempty"` | ||
| APISelfAccountDeletionEnabled *bool `json:"api_self_account_deletion_enabled,omitempty"` | ||
| ShowAuthenticatorsTab *bool `json:"show_authenticators_tab,omitempty"` | ||
| ShowPasswordTab *bool `json:"show_password_tab,omitempty"` | ||
| ShowMailEditing *bool `json:"show_mail_editing,omitempty"` | ||
| ShowAccountDeletionButton *bool `json:"show_account_deletion_button,omitempty"` | ||
| RegisterExecuteActions *[]string `json:"register_execute_actions,omitempty"` | ||
| RedirectCancelledRegistrationURL *string `json:"redirect_cancelled_registration_url,omitempty"` | ||
| RedirectSuccessfulRegistrationURL *string `json:"redirect_successful_registration_url,omitempty"` | ||
| } | ||
|
|
||
| // Authorization struct | ||
| type Authorization struct { | ||
| RealmID *string `json:"realm_id"` | ||
| GroupName *string `json:"group_id"` | ||
| Action *string `json:"action"` | ||
| TargetRealmID *string `json:"target_realm_id,omitempty"` | ||
| TargetGroupName *string `json:"target_group_name,omitempty"` | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,102 @@ | ||
| package configuration | ||
|
|
||
| import ( | ||
| "context" | ||
| "database/sql" | ||
| "encoding/json" | ||
|
|
||
| "github.com/cloudtrust/common-service/database/sqltypes" | ||
| "github.com/cloudtrust/common-service/log" | ||
| ) | ||
|
|
||
| const ( | ||
| selectConfigStmt = `SELECT configuration FROM realm_configuration WHERE (realm_id = ?)` | ||
| selectAllAuthzStmt = `SELECT realm_id, group_name, action, target_realm_id, target_group_name FROM authorizations;` | ||
| ) | ||
|
|
||
| type ConfigurationReaderDBModule struct { | ||
| db sqltypes.CloudtrustDB | ||
| logger log.Logger | ||
| } | ||
|
|
||
| // NewConfigurationDBModule returns a ConfigurationDB module. | ||
| func NewConfigurationReaderDBModule(db sqltypes.CloudtrustDB, logger log.Logger) *ConfigurationReaderDBModule { | ||
| return &ConfigurationReaderDBModule{ | ||
| db: db, | ||
| logger: logger, | ||
| } | ||
| } | ||
|
|
||
| func (c *ConfigurationReaderDBModule) GetConfiguration(ctx context.Context, realmID string) (RealmConfiguration, error) { | ||
| var configJSON string | ||
| var config = RealmConfiguration{} | ||
| row := c.db.QueryRow(selectConfigStmt, realmID) | ||
|
|
||
| switch err := row.Scan(&configJSON); err { | ||
| case sql.ErrNoRows: | ||
| c.logger.Warn(ctx, "msg", "Realm Configuration not found in DB", "error", err.Error()) | ||
| return config, err | ||
|
|
||
| default: | ||
| if err != nil { | ||
| return config, err | ||
| } | ||
|
|
||
| err = json.Unmarshal([]byte(configJSON), &config) | ||
| return config, err | ||
| } | ||
| } | ||
|
|
||
| func (c *ConfigurationReaderDBModule) GetAuthorizations(ctx context.Context) ([]Authorization, error) { | ||
| // Get Authorizations from DB | ||
| rows, err := c.db.Query(selectAllAuthzStmt) | ||
| if err != nil { | ||
| c.logger.Warn(ctx, "msg", "Can't get authorizations", "error", err.Error()) | ||
| return nil, err | ||
| } | ||
| defer rows.Close() | ||
|
|
||
| var authz Authorization | ||
| var res = make([]Authorization, 0) | ||
| for rows.Next() { | ||
| authz, err = c.scanAuthorization(rows) | ||
| if err != nil { | ||
| c.logger.Warn(ctx, "msg", "Can't get authorizations. Scan failed", "error", err.Error()) | ||
| return nil, err | ||
| } | ||
| res = append(res, authz) | ||
| } | ||
|
|
||
| return res, nil | ||
| } | ||
|
|
||
| func (c *ConfigurationReaderDBModule) scanAuthorization(scanner sqltypes.SQLRow) (Authorization, error) { | ||
| var ( | ||
| realmID string | ||
| groupName string | ||
| action string | ||
| targetGroupName sql.NullString | ||
| targetRealmID sql.NullString | ||
| ) | ||
|
|
||
| err := scanner.Scan(&realmID, &groupName, &action, &targetRealmID, &targetGroupName) | ||
| if err != nil { | ||
| return Authorization{}, err | ||
| } | ||
|
|
||
| var authz = Authorization{ | ||
| RealmID: &realmID, | ||
| GroupName: &groupName, | ||
| Action: &action, | ||
| } | ||
|
|
||
| if targetRealmID.Valid { | ||
| authz.TargetRealmID = &targetRealmID.String | ||
| } | ||
|
|
||
| if targetGroupName.Valid { | ||
| authz.TargetGroupName = &targetGroupName.String | ||
| } | ||
|
|
||
| return authz, nil | ||
| } |
Oops, something went wrong.