This is an automated email from the ASF dual-hosted git repository. littlecui pushed a commit to branch mod in repository https://gitbox.apache.org/repos/asf/servicecomb-service-center.git
commit 873f6a3db4c89c7cb04b1918c3499949eccb8344 Author: little-cui <sure_0...@qq.com> AuthorDate: Mon Jan 9 12:05:01 2023 +0800 return 'no permission' when discover provider in specify env --- server/plugin/auth/buildin/parser_test.go | 6 +- server/plugin/auth/buildin/service_parser.go | 21 ++++- server/plugin/auth/buildin/service_parser_test.go | 99 +++++++++++++++++++++++ 3 files changed, 122 insertions(+), 4 deletions(-) diff --git a/server/plugin/auth/buildin/parser_test.go b/server/plugin/auth/buildin/parser_test.go index 0341fc54..eff630eb 100644 --- a/server/plugin/auth/buildin/parser_test.go +++ b/server/plugin/auth/buildin/parser_test.go @@ -18,18 +18,18 @@ package buildin_test import ( - discosvc "github.com/apache/servicecomb-service-center/server/service/disco" - _ "github.com/apache/servicecomb-service-center/test" - "context" "net/http" "strings" "testing" + _ "github.com/apache/servicecomb-service-center/test" + "github.com/apache/servicecomb-service-center/pkg/rest" "github.com/apache/servicecomb-service-center/pkg/util" "github.com/apache/servicecomb-service-center/server/plugin/auth" "github.com/apache/servicecomb-service-center/server/plugin/auth/buildin" + discosvc "github.com/apache/servicecomb-service-center/server/service/disco" rbacsvc "github.com/apache/servicecomb-service-center/server/service/rbac" "github.com/go-chassis/cari/discovery" "github.com/stretchr/testify/assert" diff --git a/server/plugin/auth/buildin/service_parser.go b/server/plugin/auth/buildin/service_parser.go index b9c68c31..66c730a8 100644 --- a/server/plugin/auth/buildin/service_parser.go +++ b/server/plugin/auth/buildin/service_parser.go @@ -37,6 +37,7 @@ const ( LabelAppID = "appId" LabelServiceName = "serviceName" QueryEnv = "env" + HeaderConsumerID = "X-ConsumerId" ) var ( @@ -126,10 +127,15 @@ func ByServiceKey(r *http.Request) (*auth.ResourceScope, error) { return nil, ErrCtxMatchPatternNotFound } + env, err := fromServiceKeyEnv(r, query.Get(QueryEnv)) + if err != nil { + return nil, err + } + return &auth.ResourceScope{ Type: rbacmodel.GetResource(apiPath), Labels: []map[string]string{{ - LabelEnvironment: query.Get(QueryEnv), + LabelEnvironment: env, LabelAppID: query.Get(LabelAppID), LabelServiceName: query.Get(LabelServiceName), }}, @@ -137,6 +143,19 @@ func ByServiceKey(r *http.Request) (*auth.ResourceScope, error) { }, nil } +func fromServiceKeyEnv(r *http.Request, def string) (string, error) { + env := def + consumerID := r.Header.Get(HeaderConsumerID) + if len(consumerID) != 0 { + service, err := datasource.GetMetadataManager().GetService(r.Context(), &discovery.GetServiceRequest{ServiceId: consumerID}) + if err != nil { + return "", err + } + env = service.Environment + } + return env, nil +} + func ByRequestBody(r *http.Request) (*auth.ResourceScope, error) { if r.Method == http.MethodGet { // get or list by query string diff --git a/server/plugin/auth/buildin/service_parser_test.go b/server/plugin/auth/buildin/service_parser_test.go new file mode 100644 index 00000000..943fd030 --- /dev/null +++ b/server/plugin/auth/buildin/service_parser_test.go @@ -0,0 +1,99 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package buildin_test + +import ( + "context" + "net/http" + "testing" + + "github.com/apache/servicecomb-service-center/pkg/rest" + "github.com/apache/servicecomb-service-center/server/plugin/auth/buildin" + discosvc "github.com/apache/servicecomb-service-center/server/service/disco" + rbacsvc "github.com/apache/servicecomb-service-center/server/service/rbac" + pb "github.com/go-chassis/cari/discovery" + "github.com/stretchr/testify/assert" +) + +func init() { + rbacsvc.InitResourceMap() +} + +func TestByServiceKey(t *testing.T) { + t.Run("discover nothing should return empty scope", func(t *testing.T) { + req, _ := http.NewRequest(http.MethodGet, buildin.APIDiscovery, nil) + req = req.WithContext(context.WithValue(req.Context(), rest.CtxMatchPattern, buildin.APIDiscovery)) + resp, err := buildin.ByServiceKey(req) + assert.NoError(t, err) + assert.NotNil(t, resp) + assert.Equal(t, "service", resp.Type) + assert.Equal(t, "get", resp.Verb) + assert.NotEmpty(t, resp.Labels) + labels := resp.Labels[0] + assert.Equal(t, "", labels["environment"]) + assert.Equal(t, "", labels["appId"]) + assert.Equal(t, "", labels["serviceName"]) + }) + + t.Run("discover provider 'test' should return 'test' scope", func(t *testing.T) { + req, _ := http.NewRequest(http.MethodGet, buildin.APIDiscovery+"?appId=default&serviceName=test", nil) + + service, err := discosvc.RegisterService(req.Context(), &pb.CreateServiceRequest{Service: &pb.MicroService{ + ServiceName: "consumer", + }}) + assert.NoError(t, err) + defer discosvc.UnregisterService(req.Context(), &pb.DeleteServiceRequest{ServiceId: service.ServiceId}) + + req.Header.Set("X-ConsumerId", service.ServiceId) + req = req.WithContext(context.WithValue(req.Context(), rest.CtxMatchPattern, buildin.APIDiscovery)) + resp, err := buildin.ByServiceKey(req) + assert.NoError(t, err) + assert.NotNil(t, resp) + assert.Equal(t, "service", resp.Type) + assert.Equal(t, "get", resp.Verb) + assert.NotEmpty(t, resp.Labels) + labels := resp.Labels[0] + assert.Equal(t, "", labels["environment"]) + assert.Equal(t, "default", labels["appId"]) + assert.Equal(t, "test", labels["serviceName"]) + }) + + t.Run("discover provider 'test' in development env should return 'test' scope", func(t *testing.T) { + req, _ := http.NewRequest(http.MethodGet, buildin.APIDiscovery+"?appId=default&serviceName=test", nil) + + service, err := discosvc.RegisterService(req.Context(), &pb.CreateServiceRequest{Service: &pb.MicroService{ + Environment: "development", + ServiceName: "consumer", + }}) + assert.NoError(t, err) + defer discosvc.UnregisterService(req.Context(), &pb.DeleteServiceRequest{ServiceId: service.ServiceId}) + + req.Header.Set("X-ConsumerId", service.ServiceId) + req = req.WithContext(context.WithValue(req.Context(), rest.CtxMatchPattern, buildin.APIDiscovery)) + resp, err := buildin.ByServiceKey(req) + assert.NoError(t, err) + assert.NotNil(t, resp) + assert.Equal(t, "service", resp.Type) + assert.Equal(t, "get", resp.Verb) + assert.NotEmpty(t, resp.Labels) + labels := resp.Labels[0] + assert.Equal(t, "development", labels["environment"]) + assert.Equal(t, "default", labels["appId"]) + assert.Equal(t, "test", labels["serviceName"]) + }) +}