From 0d47bfcb86288b7ea8a9460510591b476da566b4 Mon Sep 17 00:00:00 2001 From: Mathieu Leplatre Date: Fri, 26 Jan 2018 00:42:41 +0100 Subject: [PATCH] Rename jwtIssuer to identityProvider (ref #80) --- README.md | 4 ++-- api/allowed_test.go | 2 +- api/openapi.yaml | 2 +- doorman/doorman.go | 2 +- doorman/doorman_ladon.go | 6 +++--- doorman/doorman_ladon_test.go | 6 +++--- examples/README.md | 4 ++-- examples/python/policies.yaml | 2 +- sample.yaml | 2 +- 9 files changed, 15 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index fc8ed48..6707aa5 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,7 @@ Policies are defined in YAML files for each consuming service, locally or in rem ```yaml service: https://service.stage.net -jwtIssuer: https://auth.mozilla.auth0.com/ +identityProvider: https://auth.mozilla.auth0.com/ tags: superusers: - userid:maria @@ -60,7 +60,7 @@ policies: ``` * **service**: the unique identifier of the service -* **jwtIssuer** (*optional*): when the issuer is set, *Doorman* will verify the JSON Web Token provided in the authorization request and extract the Identity Provider information from its payload +* **identityProvider** (*optional*): when the identify provider is not empty, *Doorman* will verify the Access Token or the ID Token provided in the authorization request to authenticate the request and obtain the subject profile information (*principals*) * **tags**: Local «groups» of principals in addition to the ones provided by the Identity Provider * **actions**: a domain-specific string representing an action that will be defined as allowed by a principal (eg. `publish`, `signoff`, …) * **resources**: a domain-specific string representing a resource. Preferably not a full URL to decouple from service API design (eg. `print:blackwhite:A4`, `category:homepage`, …). diff --git a/api/allowed_test.go b/api/allowed_test.go index 3c751cc..8af34bf 100644 --- a/api/allowed_test.go +++ b/api/allowed_test.go @@ -46,7 +46,7 @@ func TestAllowedVerifiesAuthentication(t *testing.T) { d.LoadPolicies(doorman.ServicesConfig{ doorman.ServiceConfig{ Service: "https://sample.yaml", - JWTIssuer: "https://auth.mozilla.auth0.com/", + IdentityProvider: "https://auth.mozilla.auth0.com/", Policies: doorman.Policies{ doorman.Policy{ Actions: []string{"update"}, diff --git a/api/openapi.yaml b/api/openapi.yaml index 89cc821..1b353c7 100644 --- a/api/openapi.yaml +++ b/api/openapi.yaml @@ -8,7 +8,7 @@ info: ```YAML service: https://api.service.org - jwtIssuer: https://auth.mozilla.auth0.com/ + identityProvider: https://auth.mozilla.auth0.com/ policies: - id: crud-articles diff --git a/doorman/doorman.go b/doorman/doorman.go index a1c83f0..dc91c77 100644 --- a/doorman/doorman.go +++ b/doorman/doorman.go @@ -40,7 +40,7 @@ type Policies []Policy type ServiceConfig struct { Source string Service string - JWTIssuer string `yaml:"jwtIssuer"` + IdentifyProvider string `yaml:"identifyProvider"` Tags Tags Policies Policies } diff --git a/doorman/doorman_ladon.go b/doorman/doorman_ladon.go index 547e8fa..91b4c86 100644 --- a/doorman/doorman_ladon.go +++ b/doorman/doorman_ladon.go @@ -66,9 +66,9 @@ func (doorman *LadonDoorman) LoadPolicies(configs ServicesConfig) error { return fmt.Errorf("duplicated service %q (source %q)", config.Service, config.Source) } - if config.JWTIssuer != "" { - log.Infof("Enable authentication from %q", config.JWTIssuer) - v, err := authn.NewAuthenticator(config.JWTIssuer) + if config.IdentityProvider != "" { + log.Infof("Enable authentication from %q", config.IdentityProvider) + v, err := authn.NewAuthenticator(config.IdentityProvider) if err != nil { return err } diff --git a/doorman/doorman_ladon_test.go b/doorman/doorman_ladon_test.go index 2081a22..0c6e423 100644 --- a/doorman/doorman_ladon_test.go +++ b/doorman/doorman_ladon_test.go @@ -16,7 +16,7 @@ func TestMain(m *testing.M) { sampleConfigs = ServicesConfig{ ServiceConfig{ Service: "https://sample.yaml", - JWTIssuer: "", + IdentityProvider: "", Tags: Tags{ "admins": Principals{"userid:maria"}, }, @@ -154,7 +154,7 @@ func TestBadServicesConfig(t *testing.T) { // Bad JWT issuer err = d.LoadPolicies(ServicesConfig{ ServiceConfig{ - JWTIssuer: "http://perlin-pinpin", + IdentityProvider: "http://perlin-pinpin", }, }) assert.NotNil(t, err) @@ -192,7 +192,7 @@ func TestLoadPoliciesTwice(t *testing.T) { // Load bad policies, does not affect existing. err := doorman.LoadPolicies(ServicesConfig{ ServiceConfig{ - JWTIssuer: "http://perlin-pinpin", + IdentityProvider: "http://perlin-pinpin", }, }) assert.Contains(t, err.Error(), "\"http://perlin-pinpin\" does not use the https:// scheme") diff --git a/examples/README.md b/examples/README.md index 59e1dba..e4e1e38 100644 --- a/examples/README.md +++ b/examples/README.md @@ -23,7 +23,7 @@ In the example below, we rely on the groups of given by the *Identity Provider* ```yaml service: gurghruin435u85O539g7cKvWBOI -jwtIssuer: https://auth.mozilla.auth0.com/ +identityProvider: https://auth.mozilla.auth0.com/ policies: - id: create-articles @@ -105,7 +105,7 @@ To do that, we define a tag `superuser` along with the intended principals in th ```yaml service: https://api.service.org -jwtIssuer: # disabled +identityProvider: # disabled tags: superuser: - userid:maria diff --git a/examples/python/policies.yaml b/examples/python/policies.yaml index b47c71a..fd48572 100644 --- a/examples/python/policies.yaml +++ b/examples/python/policies.yaml @@ -1,5 +1,5 @@ service: SLocf7Sa1ibd5GNJMMqO539g7cKvWBOI -jwtIssuer: https://auth.mozilla.auth0.com/ +identityProvider: https://auth.mozilla.auth0.com/ policies: - id: "hello" description: Allow everyone access hello diff --git a/sample.yaml b/sample.yaml index 9587078..d0fe310 100644 --- a/sample.yaml +++ b/sample.yaml @@ -1,5 +1,5 @@ service: https://sample.yaml -jwtIssuer: +identityProvider: tags: admins: - userid:maria