apps/core
1
0
Fork 0
mirror of https://github.com/datarhei/core.git synced 2025-10-06 00:17:07 +08:00
Code Issues Packages Projects Releases Wiki Activity

Simplify IAM user config, only create users and policies if not previously run

Browse Source
This commit is contained in:
Ingo Oppermann
2023-05-24 22:28:24 +02:00
parent 9f1071bf1a
commit 10df8d51b1
6 changed files with 179 additions and 322 deletions
Download Patch File Download Diff File Expand all files Collapse all files

129
app/api/api.go
View File

@@ -389,13 +389,7 @@ func (a *api) start() error {
Superuser: true, Superuser: true,
Auth: iam.UserAuth{ Auth: iam.UserAuth{
API: iam.UserAuthAPI{ API: iam.UserAuthAPI{
Userpass: iam.UserAuthPassword{ Auth0: iam.UserAuthAPIAuth0{},
Enable: cfg.API.Auth.Enable,
Password: cfg.API.Auth.Password,
},
Auth0: iam.UserAuthAPIAuth0{
Enable: cfg.API.Auth.Auth0.Enable,
},
}, },
Services: iam.UserAuthServices{ Services: iam.UserAuthServices{
Token: []string{ Token: []string{
@@ -406,6 +400,10 @@ func (a *api) start() error {
}, },
} }
if cfg.API.Auth.Enable {
superuser.Auth.API.Password = cfg.API.Auth.Password
}
if cfg.API.Auth.Auth0.Enable { if cfg.API.Auth.Auth0.Enable {
superuser.Auth.API.Auth0.User = cfg.API.Auth.Auth0.Tenants[0].Users[0] superuser.Auth.API.Auth0.User = cfg.API.Auth.Auth0.Tenants[0].Users[0]
superuser.Auth.API.Auth0.Tenant = iam.Auth0Tenant{ superuser.Auth.API.Auth0.Tenant = iam.Auth0Tenant{
@@ -415,8 +413,32 @@ func (a *api) start() error {
} }
} }
// Create policies and users in order to mimic the behaviour before IAM fs, err := fs.NewRootedDiskFilesystem(fs.RootedDiskConfig{
Root: filepath.Join(cfg.DB.Dir, "iam"),
})
if err != nil {
return err
}
secret := rand.String(32)
if len(cfg.API.Auth.JWT.Secret) != 0 {
secret = cfg.API.Auth.Username + cfg.API.Auth.Password + cfg.API.Auth.JWT.Secret
}
manager, err := iam.NewIAM(iam.Config{
FS: fs,
Superuser: superuser,
JWTRealm: "datarhei-core",
JWTSecret: secret,
Logger: a.log.logger.core.WithComponent("IAM"),
})
if err != nil {
return fmt.Errorf("iam: %w", err)
}
// Check if there are already file created by IAM. If not, create policies
// and users based on the config in order to mimic the behaviour before IAM.
if len(fs.List("/", "/*.json")) == 0 {
policies := []iam.Policy{ policies := []iam.Policy{
{ {
Name: "$anon", Name: "$anon",
@@ -438,35 +460,16 @@ func (a *api) start() error {
}, },
} }
users := []iam.User{} users := map[string]iam.User{}
if !cfg.Storage.Memory.Auth.Enable { if cfg.Storage.Memory.Auth.Enable && cfg.Storage.Memory.Auth.Username != superuser.Name {
policies = append(policies, iam.Policy{ users[cfg.Storage.Memory.Auth.Username] = iam.User{
Name: "$anon",
Domain: "$none",
Resource: "fs:/memfs/**",
Actions: []string{"ANY"},
})
} else {
if cfg.Storage.Memory.Auth.Username != superuser.Name {
users = append(users, iam.User{
Name: cfg.Storage.Memory.Auth.Username, Name: cfg.Storage.Memory.Auth.Username,
Auth: iam.UserAuth{ Auth: iam.UserAuth{
Services: iam.UserAuthServices{ Services: iam.UserAuthServices{
Basic: []iam.UserAuthPassword{ Basic: []string{cfg.Storage.Memory.Auth.Password},
{
Enable: cfg.Storage.Memory.Auth.Enable,
Password: cfg.Storage.Memory.Auth.Password,
}, },
}, },
},
},
})
} else {
superuser.Auth.Services.Basic = append(superuser.Auth.Services.Basic, iam.UserAuthPassword{
Enable: cfg.Storage.Memory.Auth.Enable,
Password: cfg.Storage.Memory.Auth.Password,
})
} }
policies = append(policies, iam.Policy{ policies = append(policies, iam.Policy{
@@ -478,33 +481,20 @@ func (a *api) start() error {
} }
for _, s := range cfg.Storage.S3 { for _, s := range cfg.Storage.S3 {
if !s.Auth.Enable { if s.Auth.Enable && s.Auth.Username != superuser.Name {
policies = append(policies, iam.Policy{ user, ok := users[s.Auth.Username]
Name: "$anon", if !ok {
Domain: "$none", users[s.Auth.Username] = iam.User{
Resource: "fs:" + s.Mountpoint + "/**",
Actions: []string{"ANY"},
})
} else {
if s.Auth.Username != superuser.Name {
users = append(users, iam.User{
Name: s.Auth.Username, Name: s.Auth.Username,
Auth: iam.UserAuth{ Auth: iam.UserAuth{
Services: iam.UserAuthServices{ Services: iam.UserAuthServices{
Basic: []iam.UserAuthPassword{ Basic: []string{s.Auth.Password},
{
Enable: s.Auth.Enable,
Password: s.Auth.Password,
}, },
}, },
}, }
},
})
} else { } else {
superuser.Auth.Services.Basic = append(superuser.Auth.Services.Basic, iam.UserAuthPassword{ user.Auth.Services.Basic = append(user.Auth.Services.Basic, s.Auth.Password)
Enable: s.Auth.Enable, users[s.Auth.Username] = user
Password: s.Auth.Password,
})
} }
policies = append(policies, iam.Policy{ policies = append(policies, iam.Policy{
@@ -513,7 +503,6 @@ func (a *api) start() error {
Resource: "fs:" + s.Mountpoint + "/**", Resource: "fs:" + s.Mountpoint + "/**",
Actions: []string{"ANY"}, Actions: []string{"ANY"},
}) })
} }
} }
@@ -535,47 +524,23 @@ func (a *api) start() error {
}) })
} }
fs, err := fs.NewRootedDiskFilesystem(fs.RootedDiskConfig{
Root: filepath.Join(cfg.DB.Dir, "iam"),
})
if err != nil {
return err
}
secret := rand.String(32)
if len(cfg.API.Auth.JWT.Secret) != 0 {
secret = cfg.API.Auth.Username + cfg.API.Auth.Password + cfg.API.Auth.JWT.Secret
}
iam, err := iam.NewIAM(iam.Config{
FS: fs,
Superuser: superuser,
JWTRealm: "datarhei-core",
JWTSecret: secret,
Logger: a.log.logger.core.WithComponent("IAM"),
})
if err != nil {
return fmt.Errorf("iam: %w", err)
}
for _, user := range users { for _, user := range users {
if _, err := iam.GetIdentity(user.Name); err == nil { if _, err := manager.GetIdentity(user.Name); err == nil {
continue continue
} }
err := iam.CreateIdentity(user) err := manager.CreateIdentity(user)
if err != nil { if err != nil {
return fmt.Errorf("iam: %w", err) return fmt.Errorf("iam: %w", err)
} }
} }
iam.SaveIdentities()
for _, policy := range policies { for _, policy := range policies {
iam.AddPolicy(policy.Name, policy.Domain, policy.Resource, policy.Actions) manager.AddPolicy(policy.Name, policy.Domain, policy.Resource, policy.Actions)
}
} }
a.iam = iam a.iam = manager
} }
diskfs, err := fs.NewRootedDiskFilesystem(fs.RootedDiskConfig{ diskfs, err := fs.NewRootedDiskFilesystem(fs.RootedDiskConfig{

46
http/api/iam.go
View File

@@ -14,28 +14,22 @@ func (u *IAMUser) Marshal(user iam.User, policies []iam.Policy) {
u.Superuser = user.Superuser u.Superuser = user.Superuser
u.Auth = IAMUserAuth{ u.Auth = IAMUserAuth{
API: IAMUserAuthAPI{ API: IAMUserAuthAPI{
Userpass: IAMUserAuthPassword{ Password: user.Auth.API.Password,
Enable: user.Auth.API.Userpass.Enable,
Password: user.Auth.API.Userpass.Password,
},
Auth0: IAMUserAuthAPIAuth0{ Auth0: IAMUserAuthAPIAuth0{
Enable: false, User: user.Auth.API.Auth0.User,
User: "", Tenant: IAMAuth0Tenant{
Tenant: IAMAuth0Tenant{}, Domain: user.Auth.API.Auth0.Tenant.Domain,
Audience: user.Auth.API.Auth0.Tenant.Audience,
ClientID: user.Auth.API.Auth0.Tenant.ClientID,
},
}, },
}, },
Services: IAMUserAuthServices{ Services: IAMUserAuthServices{
Basic: user.Auth.Services.Basic,
Token: user.Auth.Services.Token, Token: user.Auth.Services.Token,
}, },
} }
for _, basic := range user.Auth.Services.Basic {
u.Auth.Services.Basic = append(u.Auth.Services.Basic, IAMUserAuthPassword{
Enable: basic.Enable,
Password: basic.Password,
})
}
for _, p := range policies { for _, p := range policies {
u.Policies = append(u.Policies, IAMPolicy{ u.Policies = append(u.Policies, IAMPolicy{
Domain: p.Domain, Domain: p.Domain,
@@ -51,12 +45,8 @@ func (u *IAMUser) Unmarshal() (iam.User, []iam.Policy) {
Superuser: u.Superuser, Superuser: u.Superuser,
Auth: iam.UserAuth{ Auth: iam.UserAuth{
API: iam.UserAuthAPI{ API: iam.UserAuthAPI{
Userpass: iam.UserAuthPassword{ Password: u.Auth.API.Password,
Enable: u.Auth.API.Userpass.Enable,
Password: u.Auth.API.Userpass.Password,
},
Auth0: iam.UserAuthAPIAuth0{ Auth0: iam.UserAuthAPIAuth0{
Enable: u.Auth.API.Auth0.Enable,
User: u.Auth.API.Auth0.User, User: u.Auth.API.Auth0.User,
Tenant: iam.Auth0Tenant{ Tenant: iam.Auth0Tenant{
Domain: u.Auth.API.Auth0.Tenant.Domain, Domain: u.Auth.API.Auth0.Tenant.Domain,
@@ -66,18 +56,12 @@ func (u *IAMUser) Unmarshal() (iam.User, []iam.Policy) {
}, },
}, },
Services: iam.UserAuthServices{ Services: iam.UserAuthServices{
Basic: u.Auth.Services.Basic,
Token: u.Auth.Services.Token, Token: u.Auth.Services.Token,
}, },
}, },
} }
for _, basic := range u.Auth.Services.Basic {
iamuser.Auth.Services.Basic = append(iamuser.Auth.Services.Basic, iam.UserAuthPassword{
Enable: basic.Enable,
Password: basic.Password,
})
}
iampolicies := []iam.Policy{} iampolicies := []iam.Policy{}
for _, p := range u.Policies { for _, p := range u.Policies {
@@ -98,26 +82,20 @@ type IAMUserAuth struct {
} }
type IAMUserAuthAPI struct { type IAMUserAuthAPI struct {
Userpass IAMUserAuthPassword `json:"userpass"` Password string `json:"userpass"`
Auth0 IAMUserAuthAPIAuth0 `json:"auth0"` Auth0 IAMUserAuthAPIAuth0 `json:"auth0"`
} }
type IAMUserAuthAPIAuth0 struct { type IAMUserAuthAPIAuth0 struct {
Enable bool `json:"enable"`
User string `json:"user"` User string `json:"user"`
Tenant IAMAuth0Tenant `json:"tenant"` Tenant IAMAuth0Tenant `json:"tenant"`
} }
type IAMUserAuthServices struct { type IAMUserAuthServices struct {
Basic []IAMUserAuthPassword `json:"basic"` Basic []string `json:"basic"`
Token []string `json:"token"` Token []string `json:"token"`
} }
type IAMUserAuthPassword struct {
Enable bool `json:"enable"`
Password string `json:"password"`
}
type IAMAuth0Tenant struct { type IAMAuth0Tenant struct {
Domain string `json:"domain"` Domain string `json:"domain"`
Audience string `json:"audience"` Audience string `json:"audience"`

10
http/middleware/iam/iam_test.go
View File

@@ -45,18 +45,10 @@ func getIAM() (iam.IAM, error) {
Name: "foobar", Name: "foobar",
Auth: iam.UserAuth{ Auth: iam.UserAuth{
API: iam.UserAuthAPI{ API: iam.UserAuthAPI{
Userpass: iam.UserAuthPassword{
Enable: true,
Password: "secret", Password: "secret",
}, },
},
Services: iam.UserAuthServices{ Services: iam.UserAuthServices{
Basic: []iam.UserAuthPassword{ Basic: []string{"secret"},
{
Enable: true,
Password: "secret",
},
},
}, },
}, },
}) })

74
iam/identity.go
View File

@@ -33,26 +33,20 @@ type UserAuth struct {
} }
type UserAuthAPI struct { type UserAuthAPI struct {
Userpass UserAuthPassword `json:"userpass"` Password string `json:"password"`
Auth0 UserAuthAPIAuth0 `json:"auth0"` Auth0 UserAuthAPIAuth0 `json:"auth0"`
} }
type UserAuthAPIAuth0 struct { type UserAuthAPIAuth0 struct {
Enable bool `json:"enable"`
User string `json:"user"` User string `json:"user"`
Tenant Auth0Tenant `json:"tenant"` Tenant Auth0Tenant `json:"tenant"`
} }
type UserAuthServices struct { type UserAuthServices struct {
Basic []UserAuthPassword `json:"basic"` Basic []string `json:"basic"`
Token []string `json:"token"` Token []string `json:"token"`
} }
type UserAuthPassword struct {
Enable bool `json:"enable"`
Password string `json:"password"`
}
func (u *User) validate() error { func (u *User) validate() error {
if len(u.Name) == 0 { if len(u.Name) == 0 {
return fmt.Errorf("the name is required") return fmt.Errorf("the name is required")
@@ -65,20 +59,6 @@ func (u *User) validate() error {
return fmt.Errorf("the name can only contain [%s]", chars) return fmt.Errorf("the name can only contain [%s]", chars)
} }
if u.Auth.API.Userpass.Enable && len(u.Auth.API.Userpass.Password) == 0 {
return fmt.Errorf("a password for API login is required")
}
if u.Auth.API.Auth0.Enable && len(u.Auth.API.Auth0.User) == 0 {
return fmt.Errorf("a user for Auth0 login is required")
}
for i, basic := range u.Auth.Services.Basic {
if basic.Enable && len(basic.Password) == 0 {
return fmt.Errorf("a password for service basic auth nr. %d is required", i)
}
}
return nil return nil
} }
@@ -141,11 +121,11 @@ func (i *identity) VerifyAPIPassword(password string) (bool, error) {
return false, fmt.Errorf("invalid identity") return false, fmt.Errorf("invalid identity")
} }
if !i.user.Auth.API.Userpass.Enable { if len(i.user.Auth.API.Password) == 0 {
return false, fmt.Errorf("authentication method disabled") return false, fmt.Errorf("authentication method disabled")
} }
return i.user.Auth.API.Userpass.Password == password, nil return i.user.Auth.API.Password == password, nil
} }
func (i *identity) VerifyAPIAuth0(jwt string) (bool, error) { func (i *identity) VerifyAPIAuth0(jwt string) (bool, error) {
@@ -156,7 +136,7 @@ func (i *identity) VerifyAPIAuth0(jwt string) (bool, error) {
return false, fmt.Errorf("invalid identity") return false, fmt.Errorf("invalid identity")
} }
if !i.user.Auth.API.Auth0.Enable { if len(i.user.Auth.API.Auth0.User) == 0 {
return false, fmt.Errorf("authentication method disabled") return false, fmt.Errorf("authentication method disabled")
} }
@@ -310,25 +290,18 @@ func (i *identity) VerifyServiceBasicAuth(password string) (bool, error) {
return false, fmt.Errorf("invalid identity") return false, fmt.Errorf("invalid identity")
} }
valid := false for _, pw := range i.user.Auth.Services.Basic {
if len(pw) == 0 {
for _, basic := range i.user.Auth.Services.Basic {
if !basic.Enable {
continue continue
} }
if basic.Password == password { if pw == password {
valid = true
break
}
}
if !valid {
return false, nil
}
return true, nil return true, nil
} }
}
return false, nil
}
func (i *identity) GetServiceBasicAuth() string { func (i *identity) GetServiceBasicAuth() string {
i.lock.RLock() i.lock.RLock()
@@ -338,12 +311,12 @@ func (i *identity) GetServiceBasicAuth() string {
return "" return ""
} }
for _, basic := range i.user.Auth.Services.Basic { for _, password := range i.user.Auth.Services.Basic {
if !basic.Enable { if len(password) == 0 {
continue continue
} }
return basic.Password return password
} }
return "" return ""
@@ -374,11 +347,15 @@ func (i *identity) GetServiceToken() string {
return "" return ""
} }
if len(i.user.Auth.Services.Token) == 0 { for _, token := range i.user.Auth.Services.Token {
return "" if len(token) == 0 {
continue
} }
return i.Name() + ":" + i.user.Auth.Services.Token[0] return i.Name() + ":" + token
}
return ""
} }
func (i *identity) isValid() bool { func (i *identity) isValid() bool {
@@ -469,6 +446,7 @@ func NewIdentityManager(config IdentityConfig) (IdentityManager, error) {
} }
im.root = identity im.root = identity
im.autosave = true
return im, nil return im, nil
} }
@@ -524,7 +502,7 @@ func (im *identityManager) create(u User) (*identity, error) {
u = u.clone() u = u.clone()
identity := u.marshalIdentity() identity := u.marshalIdentity()
if identity.user.Auth.API.Auth0.Enable { if len(identity.user.Auth.API.Auth0.User) != 0 {
if _, ok := im.auth0UserIdentityMap[identity.user.Auth.API.Auth0.User]; ok { if _, ok := im.auth0UserIdentityMap[identity.user.Auth.API.Auth0.User]; ok {
return nil, fmt.Errorf("the Auth0 user has already an identity") return nil, fmt.Errorf("the Auth0 user has already an identity")
} }
@@ -631,7 +609,7 @@ func (im *identityManager) delete(name string) error {
identity.valid = false identity.valid = false
identity.lock.Unlock() identity.lock.Unlock()
if !identity.user.Auth.API.Auth0.Enable { if len(identity.user.Auth.API.Auth0.User) == 0 {
if im.autosave { if im.autosave {
im.save(im.filePath) im.save(im.filePath)
} }
@@ -664,7 +642,7 @@ func (im *identityManager) delete(name string) error {
// find out if the tenant's clientid is still used somewhere else // find out if the tenant's clientid is still used somewhere else
found = false found = false
for _, i := range im.identities { for _, i := range im.identities {
if !i.user.Auth.API.Auth0.Enable { if len(i.user.Auth.API.Auth0.User) == 0 {
continue continue
} }

70
iam/identity_test.go
View File

@@ -22,41 +22,6 @@ func TestUserName(t *testing.T) {
require.Error(t, err) require.Error(t, err)
} }
func TestUserAuth(t *testing.T) {
user := User{
Name: "foobar",
}
err := user.validate()
require.NoError(t, err)
user.Auth.API.Userpass.Enable = true
err = user.validate()
require.Error(t, err)
user.Auth.API.Userpass.Password = "secret"
err = user.validate()
require.NoError(t, err)
user.Auth.API.Auth0.Enable = true
err = user.validate()
require.Error(t, err)
user.Auth.API.Auth0.User = "auth0|123456"
err = user.validate()
require.NoError(t, err)
user.Auth.Services.Basic = append(user.Auth.Services.Basic, UserAuthPassword{
Enable: true,
})
err = user.validate()
require.Error(t, err)
user.Auth.Services.Basic[0].Password = "secret"
err = user.validate()
require.NoError(t, err)
}
func TestIdentity(t *testing.T) { func TestIdentity(t *testing.T) {
user := User{ user := User{
Name: "foobar", Name: "foobar",
@@ -123,8 +88,7 @@ func TestIdentityAPIAuth(t *testing.T) {
require.False(t, ok) require.False(t, ok)
require.Error(t, err) require.Error(t, err)
identity.user.Auth.API.Userpass.Enable = true identity.user.Auth.API.Password = "secret"
identity.user.Auth.API.Userpass.Password = "secret"
ok, err = identity.VerifyAPIPassword("secret") ok, err = identity.VerifyAPIPassword("secret")
require.False(t, ok) require.False(t, ok)
@@ -136,14 +100,13 @@ func TestIdentityAPIAuth(t *testing.T) {
require.True(t, ok) require.True(t, ok)
require.NoError(t, err) require.NoError(t, err)
identity.user.Auth.API.Userpass.Enable = false identity.user.Auth.API.Password = ""
ok, err = identity.VerifyAPIPassword("secret") ok, err = identity.VerifyAPIPassword("secret")
require.False(t, ok) require.False(t, ok)
require.Error(t, err) require.Error(t, err)
identity.user.Auth.API.Userpass.Enable = true identity.user.Auth.API.Password = "terces"
identity.user.Auth.API.Userpass.Password = "terces"
ok, err = identity.VerifyAPIPassword("secret") ok, err = identity.VerifyAPIPassword("secret")
require.False(t, ok) require.False(t, ok)
@@ -161,10 +124,7 @@ func TestIdentityServiceBasicAuth(t *testing.T) {
require.False(t, ok) require.False(t, ok)
require.Error(t, err) require.Error(t, err)
identity.user.Auth.Services.Basic = append(identity.user.Auth.Services.Basic, UserAuthPassword{ identity.user.Auth.Services.Basic = append(identity.user.Auth.Services.Basic, "secret")
Enable: true,
Password: "secret",
})
ok, err = identity.VerifyServiceBasicAuth("secret") ok, err = identity.VerifyServiceBasicAuth("secret")
require.False(t, ok) require.False(t, ok)
@@ -176,14 +136,13 @@ func TestIdentityServiceBasicAuth(t *testing.T) {
require.True(t, ok) require.True(t, ok)
require.NoError(t, err) require.NoError(t, err)
identity.user.Auth.Services.Basic[0].Enable = false identity.user.Auth.Services.Basic[0] = ""
ok, err = identity.VerifyServiceBasicAuth("secret") ok, err = identity.VerifyServiceBasicAuth("secret")
require.False(t, ok) require.False(t, ok)
require.NoError(t, err) require.NoError(t, err)
identity.user.Auth.Services.Basic[0].Enable = true identity.user.Auth.Services.Basic[0] = "terces"
identity.user.Auth.Services.Basic[0].Password = "terces"
ok, err = identity.VerifyServiceBasicAuth("secret") ok, err = identity.VerifyServiceBasicAuth("secret")
require.False(t, ok) require.False(t, ok)
@@ -325,7 +284,6 @@ func TestCreateUserAuth0(t *testing.T) {
Auth: UserAuth{ Auth: UserAuth{
API: UserAuthAPI{ API: UserAuthAPI{
Auth0: UserAuthAPIAuth0{ Auth0: UserAuthAPIAuth0{
Enable: true,
User: "auth0|123456", User: "auth0|123456",
Tenant: Auth0Tenant{ Tenant: Auth0Tenant{
Domain: "example.com", Domain: "example.com",
@@ -344,7 +302,6 @@ func TestCreateUserAuth0(t *testing.T) {
Auth: UserAuth{ Auth: UserAuth{
API: UserAuthAPI{ API: UserAuthAPI{
Auth0: UserAuthAPIAuth0{ Auth0: UserAuthAPIAuth0{
Enable: true,
User: "auth0|123456", User: "auth0|123456",
Tenant: Auth0Tenant{ Tenant: Auth0Tenant{
Domain: "datarhei-demo.eu.auth0.com", Domain: "datarhei-demo.eu.auth0.com",
@@ -383,7 +340,6 @@ func TestCreateUserAuth0(t *testing.T) {
Auth: UserAuth{ Auth: UserAuth{
API: UserAuthAPI{ API: UserAuthAPI{
Auth0: UserAuthAPIAuth0{ Auth0: UserAuthAPIAuth0{
Enable: true,
User: "auth0|123456", User: "auth0|123456",
Tenant: Auth0Tenant{ Tenant: Auth0Tenant{
Domain: "datarhei-demo.eu.auth0.com", Domain: "datarhei-demo.eu.auth0.com",
@@ -402,7 +358,6 @@ func TestCreateUserAuth0(t *testing.T) {
Auth: UserAuth{ Auth: UserAuth{
API: UserAuthAPI{ API: UserAuthAPI{
Auth0: UserAuthAPIAuth0{ Auth0: UserAuthAPIAuth0{
Enable: true,
User: "auth0|987654", User: "auth0|987654",
Tenant: Auth0Tenant{ Tenant: Auth0Tenant{
Domain: "datarhei-demo.eu.auth0.com", Domain: "datarhei-demo.eu.auth0.com",
@@ -544,7 +499,6 @@ func TestUpdateUserAuth0(t *testing.T) {
Auth: UserAuth{ Auth: UserAuth{
API: UserAuthAPI{ API: UserAuthAPI{
Auth0: UserAuthAPIAuth0{ Auth0: UserAuthAPIAuth0{
Enable: true,
User: "auth0|123456", User: "auth0|123456",
Tenant: Auth0Tenant{ Tenant: Auth0Tenant{
Domain: "datarhei-demo.eu.auth0.com", Domain: "datarhei-demo.eu.auth0.com",
@@ -607,19 +561,11 @@ func TestRemoveUser(t *testing.T) {
Superuser: false, Superuser: false,
Auth: UserAuth{ Auth: UserAuth{
API: UserAuthAPI{ API: UserAuthAPI{
Userpass: UserAuthPassword{
Enable: true,
Password: "apisecret", Password: "apisecret",
},
Auth0: UserAuthAPIAuth0{}, Auth0: UserAuthAPIAuth0{},
}, },
Services: UserAuthServices{ Services: UserAuthServices{
Basic: []UserAuthPassword{ Basic: []string{"secret"},
{
Enable: true,
Password: "secret",
},
},
Token: []string{"tokensecret"}, Token: []string{"tokensecret"},
}, },
}, },
@@ -706,7 +652,6 @@ func TestRemoveUserAuth0(t *testing.T) {
Auth: UserAuth{ Auth: UserAuth{
API: UserAuthAPI{ API: UserAuthAPI{
Auth0: UserAuthAPIAuth0{ Auth0: UserAuthAPIAuth0{
Enable: true,
User: "auth0|123456", User: "auth0|123456",
Tenant: Auth0Tenant{ Tenant: Auth0Tenant{
Domain: "datarhei-demo.eu.auth0.com", Domain: "datarhei-demo.eu.auth0.com",
@@ -725,7 +670,6 @@ func TestRemoveUserAuth0(t *testing.T) {
Auth: UserAuth{ Auth: UserAuth{
API: UserAuthAPI{ API: UserAuthAPI{
Auth0: UserAuthAPIAuth0{ Auth0: UserAuthAPIAuth0{
Enable: true,
User: "auth0|987654", User: "auth0|987654",
Tenant: Auth0Tenant{ Tenant: Auth0Tenant{
Domain: "datarhei-demo.eu.auth0.com", Domain: "datarhei-demo.eu.auth0.com",

20
restream/rewrite/rewrite_test.go
View File

@@ -13,24 +13,24 @@ import (
func getIdentityManager(enableBasic bool) iam.IdentityManager { func getIdentityManager(enableBasic bool) iam.IdentityManager {
dummyfs, _ := fs.NewMemFilesystem(fs.MemConfig{}) dummyfs, _ := fs.NewMemFilesystem(fs.MemConfig{})
im, _ := iam.NewIdentityManager(iam.IdentityConfig{ superuser := iam.User{
FS: dummyfs,
Superuser: iam.User{
Name: "foobar", Name: "foobar",
Superuser: false, Superuser: false,
Auth: iam.UserAuth{ Auth: iam.UserAuth{
API: iam.UserAuthAPI{}, API: iam.UserAuthAPI{},
Services: iam.UserAuthServices{ Services: iam.UserAuthServices{
Basic: []iam.UserAuthPassword{
{
Enable: enableBasic,
Password: "basicauthpassword",
},
},
Token: []string{"servicetoken"}, Token: []string{"servicetoken"},
}, },
}, },
}, }
if enableBasic {
superuser.Auth.Services.Basic = []string{"basicauthpassword"}
}
im, _ := iam.NewIdentityManager(iam.IdentityConfig{
FS: dummyfs,
Superuser: superuser,
JWTRealm: "", JWTRealm: "",
JWTSecret: "", JWTSecret: "",
Logger: nil, Logger: nil,