This is an automated email from the ASF dual-hosted git repository.
littlecui pushed a commit to branch mod
in repository https://gitbox.apache.org/repos/asf/servicecomb-service-center.git
commit 873f6a3db4c89c7cb04b1918c3499949eccb8344
Author: little-cui <sure_0...@qq.com>
AuthorDate: Mon Jan 9 12:05:01 2023 +0800
return 'no permission' when discover provider in specify env
---
server/plugin/auth/buildin/parser_test.go | 6 +-
server/plugin/auth/buildin/service_parser.go | 21 ++++-
server/plugin/auth/buildin/service_parser_test.go | 99 +++++++++++++++++++++++
3 files changed, 122 insertions(+), 4 deletions(-)
diff --git a/server/plugin/auth/buildin/parser_test.go
b/server/plugin/auth/buildin/parser_test.go
index 0341fc54..eff630eb 100644
--- a/server/plugin/auth/buildin/parser_test.go
+++ b/server/plugin/auth/buildin/parser_test.go
@@ -18,18 +18,18 @@
package buildin_test
import (
- discosvc
"github.com/apache/servicecomb-service-center/server/service/disco"
- _ "github.com/apache/servicecomb-service-center/test"
-
"context"
"net/http"
"strings"
"testing"
+ _ "github.com/apache/servicecomb-service-center/test"
+
"github.com/apache/servicecomb-service-center/pkg/rest"
"github.com/apache/servicecomb-service-center/pkg/util"
"github.com/apache/servicecomb-service-center/server/plugin/auth"
"github.com/apache/servicecomb-service-center/server/plugin/auth/buildin"
+ discosvc
"github.com/apache/servicecomb-service-center/server/service/disco"
rbacsvc
"github.com/apache/servicecomb-service-center/server/service/rbac"
"github.com/go-chassis/cari/discovery"
"github.com/stretchr/testify/assert"
diff --git a/server/plugin/auth/buildin/service_parser.go
b/server/plugin/auth/buildin/service_parser.go
index b9c68c31..66c730a8 100644
--- a/server/plugin/auth/buildin/service_parser.go
+++ b/server/plugin/auth/buildin/service_parser.go
@@ -37,6 +37,7 @@ const (
LabelAppID = "appId"
LabelServiceName = "serviceName"
QueryEnv = "env"
+ HeaderConsumerID = "X-ConsumerId"
)
var (
@@ -126,10 +127,15 @@ func ByServiceKey(r *http.Request) (*auth.ResourceScope,
error) {
return nil, ErrCtxMatchPatternNotFound
}
+ env, err := fromServiceKeyEnv(r, query.Get(QueryEnv))
+ if err != nil {
+ return nil, err
+ }
+
return &auth.ResourceScope{
Type: rbacmodel.GetResource(apiPath),
Labels: []map[string]string{{
- LabelEnvironment: query.Get(QueryEnv),
+ LabelEnvironment: env,
LabelAppID: query.Get(LabelAppID),
LabelServiceName: query.Get(LabelServiceName),
}},
@@ -137,6 +143,19 @@ func ByServiceKey(r *http.Request) (*auth.ResourceScope,
error) {
}, nil
}
+func fromServiceKeyEnv(r *http.Request, def string) (string, error) {
+ env := def
+ consumerID := r.Header.Get(HeaderConsumerID)
+ if len(consumerID) != 0 {
+ service, err :=
datasource.GetMetadataManager().GetService(r.Context(),
&discovery.GetServiceRequest{ServiceId: consumerID})
+ if err != nil {
+ return "", err
+ }
+ env = service.Environment
+ }
+ return env, nil
+}
+
func ByRequestBody(r *http.Request) (*auth.ResourceScope, error) {
if r.Method == http.MethodGet {
// get or list by query string
diff --git a/server/plugin/auth/buildin/service_parser_test.go
b/server/plugin/auth/buildin/service_parser_test.go
new file mode 100644
index 00000000..943fd030
--- /dev/null
+++ b/server/plugin/auth/buildin/service_parser_test.go
@@ -0,0 +1,99 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package buildin_test
+
+import (
+ "context"
+ "net/http"
+ "testing"
+
+ "github.com/apache/servicecomb-service-center/pkg/rest"
+
"github.com/apache/servicecomb-service-center/server/plugin/auth/buildin"
+ discosvc
"github.com/apache/servicecomb-service-center/server/service/disco"
+ rbacsvc
"github.com/apache/servicecomb-service-center/server/service/rbac"
+ pb "github.com/go-chassis/cari/discovery"
+ "github.com/stretchr/testify/assert"
+)
+
+func init() {
+ rbacsvc.InitResourceMap()
+}
+
+func TestByServiceKey(t *testing.T) {
+ t.Run("discover nothing should return empty scope", func(t *testing.T) {
+ req, _ := http.NewRequest(http.MethodGet, buildin.APIDiscovery,
nil)
+ req = req.WithContext(context.WithValue(req.Context(),
rest.CtxMatchPattern, buildin.APIDiscovery))
+ resp, err := buildin.ByServiceKey(req)
+ assert.NoError(t, err)
+ assert.NotNil(t, resp)
+ assert.Equal(t, "service", resp.Type)
+ assert.Equal(t, "get", resp.Verb)
+ assert.NotEmpty(t, resp.Labels)
+ labels := resp.Labels[0]
+ assert.Equal(t, "", labels["environment"])
+ assert.Equal(t, "", labels["appId"])
+ assert.Equal(t, "", labels["serviceName"])
+ })
+
+ t.Run("discover provider 'test' should return 'test' scope", func(t
*testing.T) {
+ req, _ := http.NewRequest(http.MethodGet,
buildin.APIDiscovery+"?appId=default&serviceName=test", nil)
+
+ service, err := discosvc.RegisterService(req.Context(),
&pb.CreateServiceRequest{Service: &pb.MicroService{
+ ServiceName: "consumer",
+ }})
+ assert.NoError(t, err)
+ defer discosvc.UnregisterService(req.Context(),
&pb.DeleteServiceRequest{ServiceId: service.ServiceId})
+
+ req.Header.Set("X-ConsumerId", service.ServiceId)
+ req = req.WithContext(context.WithValue(req.Context(),
rest.CtxMatchPattern, buildin.APIDiscovery))
+ resp, err := buildin.ByServiceKey(req)
+ assert.NoError(t, err)
+ assert.NotNil(t, resp)
+ assert.Equal(t, "service", resp.Type)
+ assert.Equal(t, "get", resp.Verb)
+ assert.NotEmpty(t, resp.Labels)
+ labels := resp.Labels[0]
+ assert.Equal(t, "", labels["environment"])
+ assert.Equal(t, "default", labels["appId"])
+ assert.Equal(t, "test", labels["serviceName"])
+ })
+
+ t.Run("discover provider 'test' in development env should return 'test'
scope", func(t *testing.T) {
+ req, _ := http.NewRequest(http.MethodGet,
buildin.APIDiscovery+"?appId=default&serviceName=test", nil)
+
+ service, err := discosvc.RegisterService(req.Context(),
&pb.CreateServiceRequest{Service: &pb.MicroService{
+ Environment: "development",
+ ServiceName: "consumer",
+ }})
+ assert.NoError(t, err)
+ defer discosvc.UnregisterService(req.Context(),
&pb.DeleteServiceRequest{ServiceId: service.ServiceId})
+
+ req.Header.Set("X-ConsumerId", service.ServiceId)
+ req = req.WithContext(context.WithValue(req.Context(),
rest.CtxMatchPattern, buildin.APIDiscovery))
+ resp, err := buildin.ByServiceKey(req)
+ assert.NoError(t, err)
+ assert.NotNil(t, resp)
+ assert.Equal(t, "service", resp.Type)
+ assert.Equal(t, "get", resp.Verb)
+ assert.NotEmpty(t, resp.Labels)
+ labels := resp.Labels[0]
+ assert.Equal(t, "development", labels["environment"])
+ assert.Equal(t, "default", labels["appId"])
+ assert.Equal(t, "test", labels["serviceName"])
+ })
+}
