TD-400: Add context helpers for token access (#11)

2024-11-06 00:25:18 +00:00 · 2022-09-19 17:15:36 +00:00 · 2022-09-19 17:15:36 +00:00 · 79d9d0144e
commit 79d9d0144e
parent 5b3b5c7160
3 changed files with 47 additions and 6 deletions
--- a/Dockerfile.dev
+++ b/Dockerfile.dev
@ -1,10 +1,10 @@
 ARG OTP_VERSION

 FROM docker.io/library/erlang:${OTP_VERSION}
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]

 # Install thrift compiler
 ARG THRIFT_VERSION
-
 ARG TARGETARCH
 RUN wget -q -O- "https://github.com/valitydev/thrift/releases/download/${THRIFT_VERSION}/thrift-${THRIFT_VERSION}-linux-${TARGETARCH}.tar.gz" \
    | tar -xvz -C /usr/local/bin/
@ -14,4 +14,4 @@ ENV CHARSET=UTF-8
 ENV LANG=C.UTF-8

 # Set runtime
-CMD /bin/bash
+CMD ["/bin/bash"]
--- a/src/bouncer_context_helpers.erl
+++ b/src/bouncer_context_helpers.erl
@ -44,7 +44,13 @@
 }.

 -type token() :: #{
-    id => id()
+    id => id(),
+    access => [resource_access()]
+}.
+
+-type resource_access() :: #{
+    id => id(),
+    roles => [binary()]
 }.

 -type auth_scope() :: #{
@ -205,7 +211,25 @@ maybe_marshal_entity(Entity) ->
    #base_Entity{id = EntityID}.

 marshal_token(Token) ->
-    #ctx_v1_Token{id = maybe_get_param(id, Token)}.
+    TokenAccess = maybe_get_param(access, Token),
+    #ctx_v1_Token{
+        id = maybe_get_param(id, Token),
+        access = maybe(TokenAccess, fun marshal_token_access/1)
+    }.
+
+marshal_token_access(TokenAccess) ->
+    [marshal_resource_access(ResourceAccess) || ResourceAccess <- TokenAccess].
+
+marshal_resource_access(ResourceAccess) ->
+    ID = maybe_get_param(id, ResourceAccess),
+    Roles = maybe_get_param(roles, ResourceAccess),
+    #ctx_v1_ResourceAccess{
+        id = ID,
+        roles = maybe(Roles, fun marshal_token_access_roles/1)
+    }.
+
+marshal_token_access_roles(TokenAccessRoles) when is_list(TokenAccessRoles) ->
+    TokenAccessRoles.

 maybe_marshal_auth_scopes(undefined) ->
    undefined;
--- a/test/bouncer_client_SUITE.erl
+++ b/test/bouncer_client_SUITE.erl
@ -237,6 +237,12 @@ validate_env_fragment(C) ->
 validate_auth_fragment(C) ->
    Method = <<"someMethod">>,
    TokenID = <<"📟"/utf8>>,
+    TokenAccess = [
+        #{
+            id => <<"some-api">>,
+            roles => [<<"do-nothing">>]
+        }
+    ],
    _ = mock_services(
        [
            {bouncer, fun('Judge', {_RulesetID, Fragments}) ->
@ -245,7 +251,15 @@ validate_auth_fragment(C) ->
                    #ctx_v1_ContextFragment{
                        auth = #ctx_v1_Auth{
                            method = Method,
-                            token = #ctx_v1_Token{id = TokenID}
+                            token = #ctx_v1_Token{
+                                id = TokenID,
+                                access = [
+                                    #ctx_v1_ResourceAccess{
+                                        id = <<"some-api">>,
+                                        roles = [<<"do-nothing">>]
+                                    }
+                                ]
+                            }
                        }
                    },
                    Auth
@ -264,7 +278,10 @@ validate_auth_fragment(C) ->
            fragments => #{
                <<"auth">> => bouncer_context_helpers:make_auth_fragment(#{
                    method => Method,
-                    token => #{id => TokenID}
+                    token => #{
+                        id => TokenID,
+                        access => TokenAccess
+                    }
                })
            }
        },