add tests, rename

Signed-off-by: Katrina Rogan <[email protected]>
flyteorg · May 18, 2022 · dec1eaa · dec1eaa
1 parent 9e57435
commit dec1eaa
Show file tree

Hide file tree

Showing 5 changed files with 66 additions and 8 deletions.
diff --git a/auth/interceptor.go b/auth/interceptor.go
@@ -3,16 +3,13 @@ package auth
 import (
 	"context"
 
-	"github.com/flyteorg/flytestdlib/logger"
-
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 )
 
 func BlanketAuthorization(ctx context.Context, req interface{}, _ *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (
 	resp interface{}, err error) {
-	logger.Warnf(ctx, "** running blanket authorization")
 	identityContext := IdentityContextFromContext(ctx)
 	if identityContext.IsEmpty() {
 		return handler(ctx, req)

diff --git a/auth/interceptor_test.go b/auth/interceptor_test.go
@@ -0,0 +1,61 @@
+package auth
+
+import (
+	"context"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+	"k8s.io/apimachinery/pkg/util/sets"
+)
+
+func TestBlanketAuthorization(t *testing.T) {
+	t.Run("authenticated and authorized", func(t *testing.T) {
+		allScopes := sets.NewString(ScopeAll)
+		identityCtx := IdentityContext{
+			audience: "aud",
+			userID:   "uid",
+			appID:    "appid",
+			scopes:   &allScopes,
+		}
+		handlerCalled := false
+		handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+			handlerCalled = true
+			return nil, nil
+		}
+		ctx := context.WithValue(context.TODO(), ContextKeyIdentityContext, identityCtx)
+		_, err := BlanketAuthorization(ctx, nil, nil, handler)
+		assert.NoError(t, err)
+		assert.True(t, handlerCalled)
+	})
+	t.Run("unauthenticated", func(t *testing.T) {
+		handlerCalled := false
+		handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+			handlerCalled = true
+			return nil, nil
+		}
+		ctx := context.TODO()
+		_, err := BlanketAuthorization(ctx, nil, nil, handler)
+		assert.NoError(t, err)
+		assert.True(t, handlerCalled)
+	})
+	t.Run("authenticated and not authorized", func(t *testing.T) {
+		identityCtx := IdentityContext{
+			audience: "aud",
+			userID:   "uid",
+			appID:    "appid",
+		}
+		handlerCalled := false
+		handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+			handlerCalled = true
+			return nil, nil
+		}
+		ctx := context.WithValue(context.TODO(), ContextKeyIdentityContext, identityCtx)
+		_, err := BlanketAuthorization(ctx, nil, nil, handler)
+		asStatus, ok := status.FromError(err)
+		assert.True(t, ok)
+		assert.Equal(t, asStatus.Code(), codes.Unauthenticated)
+		assert.False(t, handlerCalled)
+	})
+}
diff --git a/pkg/rpc/adminservice/base.go b/pkg/rpc/adminservice/base.go
@@ -101,7 +101,7 @@ func NewAdminServer(ctx context.Context, pluginRegistry *plugins.Registry, confi
 	pluginRegistry.RegisterDefault(plugins.PluginIDWorkflowExecutor, workflowExecutor)
 
 	logger.Infof(ctx, "Registering default middleware with blanket auth validation")
-	pluginRegistry.RegisterDefault(plugins.PluginIDMiddleware, grpcmiddleware.ChainUnaryServer(auth.BlanketAuthorization))
+	pluginRegistry.RegisterDefault(plugins.PluginIDUnaryServiceMiddleware, grpcmiddleware.ChainUnaryServer(auth.BlanketAuthorization))
 
 	publisher := notifications.NewNotificationsPublisher(*configuration.ApplicationConfiguration().GetNotificationsConfig(), adminScope)
 	processor := notifications.NewNotificationsProcessor(*configuration.ApplicationConfiguration().GetNotificationsConfig(), adminScope)

diff --git a/pkg/server/service.go b/pkg/server/service.go
@@ -61,7 +61,7 @@ func newGRPCServer(ctx context.Context, pluginRegistry *plugins.Registry, cfg *c
 	var chainedUnaryInterceptors grpc.UnaryServerInterceptor
 	if cfg.Security.UseAuth {
 		logger.Infof(ctx, "Creating gRPC server with authentication")
-		middlewareInterceptors := plugins.Get[grpc.UnaryServerInterceptor](pluginRegistry, plugins.PluginIDMiddleware)
+		middlewareInterceptors := plugins.Get[grpc.UnaryServerInterceptor](pluginRegistry, plugins.PluginIDUnaryServiceMiddleware)
 		chainedUnaryInterceptors = grpcmiddleware.ChainUnaryServer(grpcprometheus.UnaryServerInterceptor,
 			auth.GetAuthenticationCustomMetadataInterceptor(authCtx),
 			grpcauth.UnaryServerInterceptor(auth.GetAuthenticationInterceptor(authCtx)),

diff --git a/plugins/registry.go b/plugins/registry.go
@@ -9,9 +9,9 @@ import (
 type PluginID = string
 
 const (
-	PluginIDWorkflowExecutor PluginID = "WorkflowExecutor"
-	PluginIDDataProxy        PluginID = "DataProxy"
-	PluginIDMiddleware       PluginID = "Middleware"
+	PluginIDWorkflowExecutor       PluginID = "WorkflowExecutor"
+	PluginIDDataProxy              PluginID = "DataProxy"
+	PluginIDUnaryServiceMiddleware PluginID = "UnaryServiceMiddleware"
 )
 
 type AtomicRegistry struct {