From 2d3cd91661670c7f753bcbd1660be9ff60fe686a Mon Sep 17 00:00:00 2001 From: Sergey Yelin Date: Mon, 27 Apr 2020 18:43:54 +0300 Subject: [PATCH] MSPF-532: get rid of rfc3339 (#473) * MSPF-532: Update image * MSPF-532: Remove rfc339 from capi * Upgrade libs * Update uac * Refactor auth code * Fix dialyzer errors --- Jenkinsfile | 2 +- Makefile | 2 +- apps/capi/src/capi.app.src | 1 - apps/capi/src/capi_auth.erl | 30 ++++++++++------- .../src/capi_handler_invoice_templates.erl | 2 +- apps/capi/src/capi_handler_reports.erl | 2 +- apps/capi/src/capi_handler_utils.erl | 10 ++---- apps/capi/src/capi_utils.erl | 24 ++++---------- apps/capi/test/capi_ct_helper.erl | 13 ++++---- .../test/capi_gracefull_shutdown_SUITE.erl | 8 ++--- apps/capi_client/src/capi_client_lib.erl | 8 +++-- rebar.config | 7 +--- rebar.lock | 32 ++++++++----------- 13 files changed, 60 insertions(+), 81 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 5442860..fc0a57a 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -33,7 +33,7 @@ build('capi', 'docker-host', finalHook) { sh 'make wc_xref' } runStage('pre-dialyze') { - withWsCache("_build/default/rebar3_22.2.6_plt") { + withWsCache("_build/default/rebar3_22.3.1_plt") { sh 'make wc_update_plt' } } diff --git a/Makefile b/Makefile index b60cede..a1715fe 100644 --- a/Makefile +++ b/Makefile @@ -19,7 +19,7 @@ SERVICE_IMAGE_PUSH_TAG ?= $(SERVICE_IMAGE_TAG) BASE_IMAGE_NAME := service-erlang BASE_IMAGE_TAG := da0ab769f01b650b389d18fc85e7418e727cbe96 -BUILD_IMAGE_TAG := 14519aa9b9c10f79081567d8add33cdf408dfbd2 +BUILD_IMAGE_TAG := 442c2c274c1d8e484e5213089906a4271641d95e CALL_ANYWHERE := \ submodules \ diff --git a/apps/capi/src/capi.app.src b/apps/capi/src/capi.app.src index e503c4c..e119e3d 100644 --- a/apps/capi/src/capi.app.src +++ b/apps/capi/src/capi.app.src @@ -22,7 +22,6 @@ jose, cowboy_cors, cowboy_access_log, - rfc3339, base64url, woody_user_identity, payproc_errors, diff --git a/apps/capi/src/capi_auth.erl b/apps/capi/src/capi_auth.erl index 9dc783e..95a0714 100644 --- a/apps/capi/src/capi_auth.erl +++ b/apps/capi/src/capi_auth.erl @@ -48,24 +48,20 @@ issue_access_token(PartyID, TokenSpec) -> -spec issue_access_token(PartyID :: binary(), token_spec(), map()) -> uac_authorizer_jwt:token(). issue_access_token(PartyID, TokenSpec, ExtraProperties) -> - {Claims0, DomainRoles, LifeTime} = resolve_token_spec(TokenSpec), - Claims = maps:merge(ExtraProperties, Claims0), + Claims = maps:merge( + ExtraProperties, + resolve_token_spec(TokenSpec) + ), capi_utils:unwrap(uac_authorizer_jwt:issue( capi_utils:get_unique_id(), - LifeTime, PartyID, - DomainRoles, Claims, ?SIGNEE )). -spec resolve_token_spec(token_spec()) -> - {claims(), uac_authorizer_jwt:domains(), uac_authorizer_jwt:expiration()}. + claims(). resolve_token_spec({invoice, InvoiceID}) -> - Claims = - #{ - <<"cons">> => <<"client">> % token consumer - }, DomainRoles = #{ <<"common-api">> => uac_acl:from_list([ {[{invoices, InvoiceID}] , read }, @@ -75,7 +71,11 @@ resolve_token_spec({invoice, InvoiceID}) -> ]) }, Expiration = {lifetime, ?DEFAULT_INVOICE_ACCESS_TOKEN_LIFETIME}, - {Claims, DomainRoles, Expiration}; + #{ + <<"exp">> => Expiration, + <<"resource_access">> => DomainRoles, + <<"cons">> => <<"client">> % token consumer + }; resolve_token_spec({invoice_tpl, InvoiceTplID}) -> DomainRoles = #{ <<"common-api">> => uac_acl:from_list([ @@ -83,7 +83,10 @@ resolve_token_spec({invoice_tpl, InvoiceTplID}) -> {[party, {invoice_templates, InvoiceTplID}, invoice_template_invoices], write} ]) }, - {#{}, DomainRoles, unlimited}; + #{ + <<"exp">> => unlimited, + <<"resource_access">> => DomainRoles + }; resolve_token_spec({customer, CustomerID}) -> DomainRoles = #{ <<"common-api">> => uac_acl:from_list([ @@ -94,7 +97,10 @@ resolve_token_spec({customer, CustomerID}) -> ]) }, Expiration = {lifetime, ?DEFAULT_CUSTOMER_ACCESS_TOKEN_LIFETIME}, - {#{}, DomainRoles, Expiration}. + #{ + <<"exp">> => Expiration, + <<"resource_access">> => DomainRoles + }. %% diff --git a/apps/capi/src/capi_handler_invoice_templates.erl b/apps/capi/src/capi_handler_invoice_templates.erl index 43e52ef..b3d8e7b 100644 --- a/apps/capi/src/capi_handler_invoice_templates.erl +++ b/apps/capi/src/capi_handler_invoice_templates.erl @@ -155,7 +155,7 @@ process_request('CreateInvoiceWithTemplate' = OperationID, Req, Context) -> process_request('GetInvoicePaymentMethodsByTemplateID', Req, Context) -> InvoiceTemplateID = maps:get('invoiceTemplateID', Req), - Timestamp = capi_utils:unwrap(rfc3339:format(erlang:system_time())), + Timestamp = genlib_rfc3339:format_relaxed(erlang:system_time(microsecond), microsecond), {ok, Party} = capi_handler_utils:get_my_party(Context), Revision = Party#domain_Party.revision, Args = [InvoiceTemplateID, Timestamp, {revision, Revision}], diff --git a/apps/capi/src/capi_handler_reports.erl b/apps/capi/src/capi_handler_reports.erl index 93afafe..2f96004 100644 --- a/apps/capi/src/capi_handler_reports.erl +++ b/apps/capi/src/capi_handler_reports.erl @@ -135,7 +135,7 @@ generate_report_presigned_url(FileID, Context) -> get_default_url_lifetime() -> Now = erlang:system_time(second), Lifetime = application:get_env(capi, reporter_url_lifetime, ?DEFAULT_URL_LIFETIME), - capi_utils:unwrap(rfc3339:format(Now + Lifetime, second)). + genlib_rfc3339:format_relaxed(Now + Lifetime, second). %% diff --git a/apps/capi/src/capi_handler_utils.erl b/apps/capi/src/capi_handler_utils.erl index 56cb6b0..560419a 100644 --- a/apps/capi/src/capi_handler_utils.erl +++ b/apps/capi/src/capi_handler_utils.erl @@ -203,16 +203,10 @@ get_split_interval(SplitSize, year ) -> get_split_interval(SplitSize, day ) * integer(). get_time_diff(From, To) -> - {DateFrom, TimeFrom} = parse_rfc3339_datetime(From), - {DateTo, TimeTo} = parse_rfc3339_datetime(To), - UnixFrom = genlib_time:daytime_to_unixtime({DateFrom, TimeFrom}), - UnixTo = genlib_time:daytime_to_unixtime({DateTo, TimeTo}), + UnixFrom = genlib_rfc3339:parse(From, second), + UnixTo = genlib_rfc3339:parse(To, second), UnixTo - UnixFrom. -parse_rfc3339_datetime(DateTime) -> - {ok, {DateFrom, TimeFrom, _, _}} = rfc3339:parse(DateTime), - {DateFrom, TimeFrom}. - -spec collect_events( integer(), integer(), diff --git a/apps/capi/src/capi_utils.erl b/apps/capi/src/capi_utils.erl index 58c1bdb..7d8e01b 100644 --- a/apps/capi/src/capi_utils.erl +++ b/apps/capi/src/capi_utils.erl @@ -53,20 +53,8 @@ redact_match([Capture], Message) -> -spec to_universal_time(Timestamp :: binary()) -> TimestampUTC :: binary(). to_universal_time(Timestamp) -> - {ok, {Date, Time, Usec, TZOffset}} = rfc3339:parse(Timestamp), - Seconds = calendar:datetime_to_gregorian_seconds({Date, Time}), - %% The following crappy code is a dialyzer workaround - %% for the wrong rfc3339:parse/1 spec. - {DateUTC, TimeUTC} = calendar:gregorian_seconds_to_datetime( - case TZOffset of - _ when is_integer(TZOffset) -> - Seconds - (60 * TZOffset); - _ -> - Seconds - end - ), - {ok, TimestampUTC} = rfc3339:format({DateUTC, TimeUTC, Usec, 0}), - TimestampUTC. + Micros = genlib_rfc3339:parse(Timestamp, microsecond), + genlib_rfc3339:format_relaxed(Micros, microsecond). -spec unwrap(ok | {ok, Value} | {error, _Error}) -> Value | no_return(). @@ -114,7 +102,7 @@ try_parse_woody_default(DeadlineStr) -> catch error:{bad_deadline, _Reason} -> {error, bad_deadline}; - error:{badmatch, {error, baddate}} -> + error:{badmatch, _} -> {error, bad_deadline}; error:deadline_reached -> {error, bad_deadline} @@ -218,9 +206,9 @@ get_unique_id() -> -spec to_universal_time_test() -> _. to_universal_time_test() -> ?assertEqual(<<"2017-04-19T13:56:07Z">>, to_universal_time(<<"2017-04-19T13:56:07Z">>)), - ?assertEqual(<<"2017-04-19T13:56:07.530000Z">>, to_universal_time(<<"2017-04-19T13:56:07.53Z">>)), - ?assertEqual(<<"2017-04-19T10:36:07.530000Z">>, to_universal_time(<<"2017-04-19T13:56:07.53+03:20">>)), - ?assertEqual(<<"2017-04-19T17:16:07.530000Z">>, to_universal_time(<<"2017-04-19T13:56:07.53-03:20">>)). + ?assertEqual(<<"2017-04-19T13:56:07.530Z">>, to_universal_time(<<"2017-04-19T13:56:07.53Z">>)), + ?assertEqual(<<"2017-04-19T10:36:07.530Z">>, to_universal_time(<<"2017-04-19T13:56:07.53+03:20">>)), + ?assertEqual(<<"2017-04-19T17:16:07.530Z">>, to_universal_time(<<"2017-04-19T13:56:07.53-03:20">>)). -spec redact_test() -> _. redact_test() -> diff --git a/apps/capi/test/capi_ct_helper.erl b/apps/capi/test/capi_ct_helper.erl index 8bd7f35..21276fa 100644 --- a/apps/capi/test/capi_ct_helper.erl +++ b/apps/capi/test/capi_ct_helper.erl @@ -133,15 +133,16 @@ issue_token(ACL, LifeTime, ExtraProperties) -> }. issue_token(PartyID, ACL, LifeTime, ExtraProperties) -> - Claims = maps:merge(#{?STRING => ?STRING}, ExtraProperties), - DomainRoles = #{ - <<"common-api">> => uac_acl:from_list(ACL) - }, + Claims = maps:merge(#{ + ?STRING => ?STRING, + <<"exp">> => LifeTime, + <<"resource_access">> => #{ + <<"common-api">> => uac_acl:from_list(ACL) + } + }, ExtraProperties), uac_authorizer_jwt:issue( capi_utils:get_unique_id(), - LifeTime, PartyID, - DomainRoles, Claims, capi ). diff --git a/apps/capi/test/capi_gracefull_shutdown_SUITE.erl b/apps/capi/test/capi_gracefull_shutdown_SUITE.erl index 5278ddd..9ddd67e 100644 --- a/apps/capi/test/capi_gracefull_shutdown_SUITE.erl +++ b/apps/capi/test/capi_gracefull_shutdown_SUITE.erl @@ -123,7 +123,7 @@ worker(Token, ParentPID) -> ParentPID ! {result, Result}. get_context(Token) -> - {ok, Deadline} = build_deadline(genlib_time:now()), + Deadline = build_deadline(genlib_time:now()), capi_ct_helper:get_context(Token, #{}, Deadline). get_token() -> @@ -135,8 +135,4 @@ get_token() -> Token. build_deadline(CurrentSeconds) -> - rfc3339:format( - genlib_time:unixtime_to_daytime( - genlib_time:add_hours(CurrentSeconds, 1) - ) - ). + genlib_rfc3339:format_relaxed(genlib_time:add_hours(CurrentSeconds, 1), second). diff --git a/apps/capi_client/src/capi_client_lib.erl b/apps/capi_client/src/capi_client_lib.erl index d8d933f..f592c47 100644 --- a/apps/capi_client/src/capi_client_lib.erl +++ b/apps/capi_client/src/capi_client_lib.erl @@ -60,8 +60,8 @@ prepare_param(Param) -> case Param of {limit, P} -> #{<<"limit">> => genlib:to_binary(P)}; {offset, P} -> #{<<"offset">> => genlib:to_binary(P)}; - {from_time, P} -> #{<<"fromTime">> => genlib_format:format_datetime_iso8601(P)}; - {to_time, P} -> #{<<"toTime">> => genlib_format:format_datetime_iso8601(P)}; + {from_time, P} -> #{<<"fromTime">> => format_datetime(P)}; + {to_time, P} -> #{<<"toTime">> => format_datetime(P)}; {status, P} -> #{<<"status">> => genlib:to_binary(P)}; {split_unit, P} -> #{<<"splitUnit">> => genlib:to_binary(P)}; {split_size, P} -> #{<<"splitSize">> => genlib:to_binary(P)}; @@ -195,3 +195,7 @@ decode_body(Body) when is_binary(Body) -> jsx:decode(Body, [return_maps]); decode_body(Body) -> Body. + +format_datetime(P) -> + Seconds = genlib_time:daytime_to_unixtime(P), + genlib_rfc3339:format_relaxed(Seconds, second). diff --git a/rebar.config b/rebar.config index 4d71928..a70c3f9 100644 --- a/rebar.config +++ b/rebar.config @@ -27,14 +27,9 @@ %% Common project dependencies. {deps, [ - {cowboy, "2.5.0"}, + {cowboy, "2.7.0"}, {jose, "1.7.9"}, {base64url, "0.0.1"}, - {rfc3339, - {git, "https://github.com/rbkmoney/rfc3339.git", - {branch, "master"} - } - }, {genlib, {git, "https://github.com/rbkmoney/genlib.git", {branch, "master"} diff --git a/rebar.lock b/rebar.lock index da4edd5..4344c86 100644 --- a/rebar.lock +++ b/rebar.lock @@ -11,7 +11,7 @@ {git,"https://github.com/rbkmoney/cg_mon.git", {ref,"5a87a37694e42b6592d3b4164ae54e0e87e24e18"}}, 1}, - {<<"cowboy">>,{pkg,<<"cowboy">>,<<"2.5.0">>},0}, + {<<"cowboy">>,{pkg,<<"cowboy">>,<<"2.7.0">>},0}, {<<"cowboy_access_log">>, {git,"git@github.com:rbkmoney/cowboy_access_log.git", {ref,"98e3b278e29da1bd298140349d68d8ebaeeec31e"}}, @@ -20,14 +20,14 @@ {git,"https://github.com/rbkmoney/cowboy_cors.git", {ref,"4cac7528845a8610d471b6fbb92321f79d93f0b8"}}, 0}, - {<<"cowlib">>,{pkg,<<"cowlib">>,<<"2.6.0">>},1}, + {<<"cowlib">>,{pkg,<<"cowlib">>,<<"2.8.0">>},1}, {<<"damsel">>, {git,"git@github.com:rbkmoney/damsel.git", {ref,"1a54c2a3c856901e03c09fc7c7f6c48db9663ce6"}}, 0}, {<<"dmt_client">>, {git,"git@github.com:rbkmoney/dmt_client.git", - {ref,"621fb49e9ca1b97b6fb1317d0287b5960cb3c2a7"}}, + {ref,"32b702a6a25b4019de95e916e86f9dffda3289e3"}}, 0}, {<<"dmt_core">>, {git,"git@github.com:rbkmoney/dmt_core.git", @@ -47,7 +47,7 @@ 1}, {<<"genlib">>, {git,"https://github.com/rbkmoney/genlib.git", - {ref,"f805a11f6e73faffb05656c5192fbe199df36f27"}}, + {ref,"54920e768a71f121304a5eda547ee60295398f3c"}}, 0}, {<<"gproc">>,{pkg,<<"gproc">>,<<"0.8.0">>},1}, {<<"gun">>, @@ -62,7 +62,7 @@ {<<"idna">>,{pkg,<<"idna">>,<<"6.0.0">>},1}, {<<"jesse">>, {git,"https://github.com/rbkmoney/jesse.git", - {ref,"723e835708a022bbce9e57807ecf220b00fb771a"}}, + {ref,"a21da0609e446f328c01b1a72191cda26a8969a4"}}, 0}, {<<"jose">>,{pkg,<<"jose">>,<<"1.7.9">>},0}, {<<"jsx">>,{pkg,<<"jsx">>,<<"2.8.2">>},0}, @@ -72,7 +72,7 @@ 0}, {<<"logger_logstash_formatter">>, {git,"git@github.com:rbkmoney/logger_logstash_formatter.git", - {ref,"4348f24487c400da0579032422d93acd89c6e121"}}, + {ref,"41e8e3cc3ba6d1f53f1f0a0c9eb07c32f0868205"}}, 0}, {<<"metrics">>,{pkg,<<"metrics">>,<<"1.0.1">>},1}, {<<"mimerl">>,{pkg,<<"mimerl">>,<<"1.2.0">>},1}, @@ -88,22 +88,18 @@ {git,"git@github.com:rbkmoney/payproc-errors-erlang.git", {ref,"77cc445a4bb1496854586853646e543579ac1212"}}, 0}, - {<<"ranch">>,{pkg,<<"ranch">>,<<"1.6.2">>},1}, + {<<"ranch">>,{pkg,<<"ranch">>,<<"1.7.1">>},1}, {<<"reporter_proto">>, {git,"git@github.com:rbkmoney/reporter-proto.git", {ref,"c5ac89c368c4d3de5f1cd96062d57a3c4a120113"}}, 0}, - {<<"rfc3339">>, - {git,"https://github.com/rbkmoney/rfc3339.git", - {ref,"ee3a1a6b1ee60219c49fdcaa9f36a25e91962bb5"}}, - 0}, {<<"scoper">>, {git,"git@github.com:rbkmoney/scoper.git", {ref,"95643f40dd628c77f33f12be96cf1c39dccc9683"}}, 0}, {<<"snowflake">>, {git,"https://github.com/rbkmoney/snowflake.git", - {ref,"0a598108f6582affe3b4ae550fc5b9f2062e318a"}}, + {ref,"c34a962e17539e63a53f721cbf4ddcffeb0032a4"}}, 1}, {<<"ssl_verify_fun">>,{pkg,<<"ssl_verify_fun">>,<<"1.1.4">>},1}, {<<"thrift">>, @@ -112,16 +108,16 @@ 1}, {<<"uac">>, {git,"git@github.com:rbkmoney/erlang_uac.git", - {ref,"6bd5b5dfc62b8c2673e7360eb99f9092ae3c6e12"}}, + {ref,"dfeb52c2432864a0f4522f35405bb5361155f3e2"}}, 0}, {<<"unicode_util_compat">>,{pkg,<<"unicode_util_compat">>,<<"0.4.1">>},2}, {<<"woody">>, {git,"git@github.com:rbkmoney/woody_erlang.git", - {ref,"f2e56d8affcb57bdb603802362dc9d9058e2bddb"}}, + {ref,"8543878a5560a7828c71629d1f81270e5dcfd811"}}, 0}, {<<"woody_user_identity">>, {git,"git@github.com:rbkmoney/woody_erlang_user_identity.git", - {ref,"9c7ad2b8beac9c88c54594b264743dec7b9cf696"}}, + {ref,"0feebda4f7b4a9b5ee93cfe7b28d824a3dc2d8dc"}}, 0}]}. [ {pkg_hash,[ @@ -129,8 +125,8 @@ {<<"bear">>, <<"16264309AE5D005D03718A5C82641FCC259C9E8F09ADEB6FD79CA4271168656F">>}, {<<"cache">>, <<"3C11DBF4CD8FCD5787C95A5FB2A04038E3729CFCA0386016EEA8C953AB48A5AB">>}, {<<"certifi">>, <<"867CE347F7C7D78563450A18A6A28A8090331E77FA02380B4A21962A65D36EE5">>}, - {<<"cowboy">>, <<"4EF3AE066EE10FE01EA3272EDC8F024347A0D3EB95F6FBB9AED556DACBFC1337">>}, - {<<"cowlib">>, <<"8AA629F81A0FC189F261DC98A42243FA842625FEEA3C7EC56C48F4CCDB55490F">>}, + {<<"cowboy">>, <<"91ED100138A764355F43316B1D23D7FF6BDB0DE4EA618CB5D8677C93A7A2F115">>}, + {<<"cowlib">>, <<"FD0FF1787DB84AC415B8211573E9A30A3EBE71B5CBFF7F720089972B2319C8A4">>}, {<<"gproc">>, <<"CEA02C578589C61E5341FCE149EA36CCEF236CC2ECAC8691FBA408E7EA77EC2F">>}, {<<"hackney">>, <<"9F8F471C844B8CE395F7B6D8398139E26DDCA9EBC171A8B91342EE15A19963F4">>}, {<<"idna">>, <<"689C46CBCDF3524C44D5F3DDE8001F364CD7608A99556D8FBD8239A5798D4C10">>}, @@ -138,7 +134,7 @@ {<<"jsx">>, <<"7ACC7D785B5ABE8A6E9ADBDE926A24E481F29956DD8B4DF49E3E4E7BCC92A018">>}, {<<"metrics">>, <<"25F094DEA2CDA98213CECC3AEFF09E940299D950904393B2A29D191C346A8486">>}, {<<"mimerl">>, <<"67E2D3F571088D5CFD3E550C383094B47159F3EEE8FFA08E64106CDF5E981BE3">>}, - {<<"ranch">>, <<"6DB93C78F411EE033DBB18BA8234C5574883ACB9A75AF0FB90A9B82EA46AFA00">>}, + {<<"ranch">>, <<"6B1FAB51B49196860B733A49C07604465A47BDB78AA10C1C16A3D199F7F8C881">>}, {<<"ssl_verify_fun">>, <<"F0EAFFF810D2041E93F915EF59899C923F4568F4585904D010387ED74988E77B">>}, {<<"unicode_util_compat">>, <<"D869E4C68901DD9531385BB0C8C40444EBF624E60B6962D95952775CAC5E90CD">>}]} ].