[GitHub] chetanmeh closed pull request #4005: Allow updating auth key for user with wskadmin-next

Fri, 14 Sep 2018 02:27:55 -0700 

chetanmeh closed pull request #4005: Allow updating auth key for user with 
wskadmin-next
URL: https://github.com/apache/incubator-openwhisk/pull/4005
 
 
   

This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:

As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):

diff --git a/tests/src/test/scala/whisk/core/database/UserCommandTests.scala 
b/tests/src/test/scala/whisk/core/database/UserCommandTests.scala
index 69cbb074e6..ee9c7e8078 100644
--- a/tests/src/test/scala/whisk/core/database/UserCommandTests.scala
+++ b/tests/src/test/scala/whisk/core/database/UserCommandTests.scala
@@ -68,6 +68,35 @@ class UserCommandTests extends FlatSpec with 
WhiskAdminCliTestBase {
     resultOk("user", "get", subject) shouldBe generatedKey
   }
 
+  it should "force update an existing user" in {
+    val subject = newSubject()
+    val oldKey = resultOk("user", "create", "--force", subject)
+    resultOk("user", "get", subject) shouldBe oldKey
+
+    // Force update with provided auth uuid:key
+    val key = BasicAuthenticationAuthKey()
+    val newKey = resultOk("user", "create", "--auth", key.compact, "--force", 
subject)
+    resultOk("user", "get", subject) shouldBe newKey
+    newKey shouldBe key.compact
+
+    // Force update without auth, uuid:key is randomly generated
+    val generatedKey = resultOk("user", "create", "--force", subject)
+    generatedKey should not be newKey
+    generatedKey should not be oldKey
+  }
+
+  it should "create a user or update an existing user with revoke flag" in {
+    val subject = newSubject()
+    val oldKey = resultOk("user", "create", "--revoke", subject)
+    resultOk("user", "get", subject) shouldBe oldKey
+    val newKey = resultOk("user", "create", "--revoke", subject)
+    resultOk("user", "get", subject) shouldBe newKey
+    val oldAuthKey = BasicAuthenticationAuthKey(oldKey)
+    val newAuthKey = BasicAuthenticationAuthKey(newKey)
+    newAuthKey.uuid shouldBe oldAuthKey.uuid
+    newAuthKey.key should not be oldAuthKey.key
+  }
+
   it should "add namespace to existing user" in {
     val subject = newSubject()
     val key = BasicAuthenticationAuthKey()
@@ -82,10 +111,20 @@ class UserCommandTests extends FlatSpec with 
WhiskAdminCliTestBase {
     //Adding same namespace should fail
     resultNotOk("user", "create", "--auth", key2.compact, "--namespace", 
"foo", subject) shouldBe CommandMessages.namespaceExists
 
+    //Adding same namespace with force flag should update the namespace with 
specified uuid:key
+    val newKey = resultOk("user", "create", "--force", "--auth", key2.compact, 
"--namespace", "foo", subject)
+    newKey shouldBe key2.compact
+
+    //Adding same namespace with force flag without auth should regenerate 
random uuid:key
+    val generatedKey = resultOk("user", "create", "--force", "--namespace", 
"foo", subject)
+    generatedKey should not be key2.compact
+    generatedKey should not be key.compact
+
     //It should be possible to lookup by new namespace
     implicit val tid = transid()
     val i = Identity.get(authStore, EntityName("foo")).futureValue
     i.subject.asString shouldBe subject
+    resultOk("user", "get", "--namespace", "foo", subject) shouldBe 
generatedKey
   }
 
   it should "not add namespace to a blocked user" in {
diff --git a/tools/admin/README-NEXT.md b/tools/admin/README-NEXT.md
index 30de6c3920..f46d442ffb 100644
--- a/tools/admin/README-NEXT.md
+++ b/tools/admin/README-NEXT.md
@@ -80,6 +80,14 @@ $ wskadmin-next user create userA -ns space1
 $ wskadmin-next user create userB -ns space1
 <prints new key specific to userB and space1>
 
+# force update a user with new uuid:key
+$ wskadmin-next user create -f userA
+<prints new UUID and new key>
+
+# revoke auth key of a user and regenerate a new key
+$ wskadmin-next user create -r userA
+<prints old UUID and new key>
+
 # list all users sharing a space
 $ wskadmin-next user list space1 -a
 <key for userA>   userA
diff --git a/tools/admin/src/main/scala/whisk/core/database/UserCommand.scala 
b/tools/admin/src/main/scala/whisk/core/database/UserCommand.scala
index b491e8f405..991b023a03 100644
--- a/tools/admin/src/main/scala/whisk/core/database/UserCommand.scala
+++ b/tools/admin/src/main/scala/whisk/core/database/UserCommand.scala
@@ -48,6 +48,10 @@ class UserCommand extends Subcommand("user") with 
WhiskCommand {
         short = 'u')
     val namespace =
       opt[String](descr = "create key for given namespace instead (defaults to 
subject id)", argName = "NAMESPACE")
+    val revoke =
+      opt[Boolean](descr = "revoke the current authorization key and generate 
a new key", short = 'r')
+    val force =
+      opt[Boolean](descr = "force update an existing subject authorization 
uuid:key", short = 'f')
     val subject = trailArg[String](descr = "the subject to create")
 
     validate(subject) { s =>
@@ -164,14 +168,23 @@ class UserCommand extends Subcommand("user") with 
WhiskCommand {
     authStore
       .get[ExtendedAuth](DocInfo(create.subject()))
       .flatMap { auth =>
+        val nsToUpdate = create.desiredNamespace(authKey).name
+        val existingNS = auth.namespaces.filter(_.namespace.name != nsToUpdate)
         if (auth.isBlocked) {
           Future.successful(Left(IllegalState(CommandMessages.subjectBlocked)))
-        } else if (auth.namespaces.exists(_.namespace.name == 
create.desiredNamespace(authKey).name)) {
-          
Future.successful(Left(IllegalState(CommandMessages.namespaceExists)))
-        } else {
-          val newNS = auth.namespaces + 
WhiskNamespace(create.desiredNamespace(authKey), authKey)
+        } else if (!auth.namespaces.exists(_.namespace.name == nsToUpdate) || 
create.force.isSupplied) {
+          val newNS = existingNS + 
WhiskNamespace(create.desiredNamespace(authKey), authKey)
           val newAuth = WhiskAuth(auth.subject, 
newNS).revision[WhiskAuth](auth.rev)
           authStore.put(newAuth).map(_ => Right(authKey.compact))
+        } else if (create.revoke.isSupplied) {
+          val updatedAuthKey = auth.namespaces.find(_.namespace.name == 
nsToUpdate).get.authkey
+          val newAuthKey = new BasicAuthenticationAuthKey(updatedAuthKey.uuid, 
Secret())
+
+          val newNS = existingNS + 
WhiskNamespace(create.desiredNamespace(newAuthKey), newAuthKey)
+          val newAuth = WhiskAuth(auth.subject, 
newNS).revision[WhiskAuth](auth.rev)
+          authStore.put(newAuth).map(_ => Right(newAuthKey.compact))
+        } else {
+          
Future.successful(Left(IllegalState(CommandMessages.namespaceExists)))
         }
       }
       .recoverWith {


 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

Reply via email to