[incubator-openwhisk] branch master updated: Use the authentication provider to retrieve the identity of the namespace. (#3892)

markusthoemmes Tue, 24 Jul 2018 08:11:41 -0700

This is an automated email from the ASF dual-hosted git repository.

markusthoemmes pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-openwhisk.git



The following commit(s) were added to refs/heads/master by this push:
     new d8c881a  Use the authentication provider to retrieve the identity of 
the namespace. (#3892)
d8c881a is described below

commit d8c881a941ba692a2fc4811537c086d92360fc09
Author: Martin Henke <martin.he...@web.de>
AuthorDate: Tue Jul 24 17:11:23 2018 +0200

    Use the authentication provider to retrieve the identity of the namespace. 
(#3892)
    
    Unauthenticated web actions will use the authentication provider configured 
in the SPI to create the namespace based Identity
---
 .../controller/BasicAuthenticationDirective.scala  |  4 ++++
 .../scala/whisk/core/controller/RestAPIs.scala     | 24 +++++++++++++++++++++-
 .../scala/whisk/core/controller/WebActions.scala   |  7 ++++++-
 3 files changed, 33 insertions(+), 2 deletions(-)

diff --git 
a/core/controller/src/main/scala/whisk/core/controller/BasicAuthenticationDirective.scala
 
b/core/controller/src/main/scala/whisk/core/controller/BasicAuthenticationDirective.scala
index 90cf006..7bc5e32 100644
--- 
a/core/controller/src/main/scala/whisk/core/controller/BasicAuthenticationDirective.scala
+++ 
b/core/controller/src/main/scala/whisk/core/controller/BasicAuthenticationDirective.scala
@@ -73,6 +73,10 @@ object BasicAuthenticationDirective extends 
AuthenticationDirectiveProvider {
     }
   }
 
+  def identityByNamespace(namespace: EntityName)(implicit transid: 
TransactionId, authStore: AuthStore) = {
+    Identity.get(authStore, namespace)
+  }
+
   def authenticate(implicit transid: TransactionId,
                    authStore: AuthStore,
                    logging: Logging): AuthenticationDirective[Identity] = {
diff --git 
a/core/controller/src/main/scala/whisk/core/controller/RestAPIs.scala 
b/core/controller/src/main/scala/whisk/core/controller/RestAPIs.scala
index cae3910..c21e112 100644
--- a/core/controller/src/main/scala/whisk/core/controller/RestAPIs.scala
+++ b/core/controller/src/main/scala/whisk/core/controller/RestAPIs.scala
@@ -40,7 +40,7 @@ import whisk.core.{ConfigKeys, WhiskConfig}
 import whisk.http.Messages
 import whisk.spi.{Spi, SpiLoader}
 
-import scala.concurrent.ExecutionContext
+import scala.concurrent.{ExecutionContext, Future}
 import scala.util.{Failure, Success, Try}
 
 /**
@@ -320,7 +320,29 @@ class RestAPIVersion(config: WhiskConfig, apiPath: String, 
apiVersion: String)(
 }
 
 trait AuthenticationDirectiveProvider extends Spi {
+
+  /**
+   * Returns an authentication directive used to validate the
+   * passed user credentials.
+   * At runtime the directive returns an user identity
+   * which is passed to the following routes.
+   *
+   * @return authentication directive used to verify the user credentials
+   */
   def authenticate(implicit transid: TransactionId,
                    authStore: AuthStore,
                    logging: Logging): AuthenticationDirective[Identity]
+
+  /**
+   * Retrieves an Identity based on a given namespace name.
+   *
+   * For use-cases of anonymous invocation (i.e. WebActions),
+   * we need to an identity based on a given namespace-name to
+   * give the invocation all the context needed.
+   *
+   * @param namespace the namespace that the identity will be based on
+   * @return identity based on the given namespace
+   */
+  def identityByNamespace(namespace: EntityName)(implicit transid: 
TransactionId,
+                                                 authStore: AuthStore): 
Future[Identity]
 }
diff --git 
a/core/controller/src/main/scala/whisk/core/controller/WebActions.scala 
b/core/controller/src/main/scala/whisk/core/controller/WebActions.scala
index 2878c66..f373a1f 100644
--- a/core/controller/src/main/scala/whisk/core/controller/WebActions.scala
+++ b/core/controller/src/main/scala/whisk/core/controller/WebActions.scala
@@ -55,6 +55,7 @@ import whisk.core.entity.types._
 import whisk.http.ErrorResponse.terminate
 import whisk.http.Messages
 import whisk.http.LenientSprayJsonSupport._
+import whisk.spi.SpiLoader
 import whisk.utils.JsHelpers._
 
 protected[controller] sealed class WebApiDirectives(prefix: String = "__ow_") {
@@ -360,6 +361,9 @@ trait WhiskWebActionsApi extends Directives with 
ValidateRequestSize with PostAc
   /** Store for identities. */
   protected val authStore: AuthStore
 
+  /** Configured authentication provider. */
+  protected val authenticationProvider = 
SpiLoader.get[AuthenticationDirectiveProvider]
+
   /** The prefix for web invokes e.g., /web. */
   private lazy val webRoutePrefix = {
     
pathPrefix(webInvokePathSegments.map(_segmentStringToPathMatcher(_)).reduceLeft(_
 / _))
@@ -457,7 +461,8 @@ trait WhiskWebActionsApi extends Directives with 
ValidateRequestSize with PostAc
    * This method is factored out to allow mock testing.
    */
   protected def getIdentity(namespace: EntityName)(implicit transid: 
TransactionId): Future[Identity] = {
-    Identity.get(authStore, namespace)
+
+    authenticationProvider.identityByNamespace(namespace)(transid, authStore)
   }
 
   private def handleMatch(namespaceSegment: String,

[incubator-openwhisk] branch master updated: Use the authentication provider to retrieve the identity of the namespace. (#3892)

Reply via email to