diff --git a/Makefile b/Makefile index db8dfc3..18af5a4 100644 --- a/Makefile +++ b/Makefile @@ -2,8 +2,8 @@ GO_LINT := $(GOPATH)/bin/golint GO_GLIDE := $(GOPATH)/bin/glide GO_BINDATA := $(GOPATH)/bin/go-bindata DATA_FILES := ./utilities/openapi.yaml ./utilities/contribute.yaml -SRC := *.go ./utilities/*.go ./warden/*.go -PACKAGES := ./ ./utilities/ ./warden/ +SRC := *.go ./utilities/*.go ./doorman/*.go +PACKAGES := ./ ./utilities/ ./doorman/ main: vendor utilities/bindata.go $(SRC) CGO_ENABLED=0 go build -o main *.go diff --git a/warden/warden.go b/doorman/doorman.go similarity index 71% rename from warden/warden.go rename to doorman/doorman.go index 642c2f8..75b4198 100644 --- a/warden/warden.go +++ b/doorman/doorman.go @@ -1,4 +1,4 @@ -package warden +package doorman import ( "encoding/json" @@ -20,30 +20,30 @@ import ( // DefaultPoliciesFilename is the default policies filename. const DefaultPoliciesFilename string = "policies.yaml" -// ContextKey is the Gin context key to obtain the *Warden instance. -const ContextKey string = "warden" +// ContextKey is the Gin context key to obtain the *Doorman instance. +const ContextKey string = "doorman" const maxInt int64 = 1<<63 - 1 -// Config contains the settings of the warden. +// Config contains the settings of the doorman. type Config struct { PoliciesFilename string JWTIssuer string } -// Warden is the backend in charge of checking requests against policies. -type Warden struct { +// Doorman is the backend in charge of checking requests against policies. +type Doorman struct { l ladon.Ladon Manager ladon.Manager Config *Config } -// New instantiates a new warden. -func New(config *Config) *Warden { +// New instantiates a new doorman. +func New(config *Config) *Doorman { l := ladon.Ladon{ Manager: manager.NewMemoryManager(), } - w := &Warden{l, l.Manager, config} + w := &Doorman{l, l.Manager, config} if err := w.LoadPolicies(config.PoliciesFilename); err != nil { log.Fatal(err.Error()) } @@ -51,12 +51,12 @@ func New(config *Config) *Warden { } // IsAllowed is responsible for deciding if subject can perform action on a resource with a context. -func (warden *Warden) IsAllowed(request *ladon.Request) error { - return warden.l.IsAllowed(request) +func (doorman *Doorman) IsAllowed(request *ladon.Request) error { + return doorman.l.IsAllowed(request) } // LoadPolicies reads policies from the YAML file. -func (warden *Warden) LoadPolicies(filename string) error { +func (doorman *Doorman) LoadPolicies(filename string) error { // If not specified, read it from ENV or read local `.policies.yaml` if filename == "" { filename = os.Getenv("POLICIES_FILE") @@ -95,19 +95,19 @@ func (warden *Warden) LoadPolicies(filename string) error { } // Clear every existing policy, and load new ones. - existing, err := warden.Manager.GetAll(0, maxInt) + existing, err := doorman.Manager.GetAll(0, maxInt) if err != nil { return err } for _, pol := range existing { - err := warden.Manager.Delete(pol.GetID()) + err := doorman.Manager.Delete(pol.GetID()) if err != nil { return err } } for _, pol := range policies { log.Info("Load policy ", pol.GetID()+": ", pol.GetDescription()) - err := warden.Manager.Create(pol) + err := doorman.Manager.Create(pol) if err != nil { return err } @@ -116,19 +116,19 @@ func (warden *Warden) LoadPolicies(filename string) error { return nil } -// ContextMiddleware adds the Warden instance to the Gin context. -func ContextMiddleware(warden *Warden) gin.HandlerFunc { +// ContextMiddleware adds the Doorman instance to the Gin context. +func ContextMiddleware(doorman *Doorman) gin.HandlerFunc { return func(c *gin.Context) { - c.Set(ContextKey, warden) + c.Set(ContextKey, doorman) c.Next() } } -// SetupRoutes adds warden views to query the policies. -func SetupRoutes(r *gin.Engine, warden *Warden) { - r.Use(ContextMiddleware(warden)) - if warden.Config.JWTIssuer != "" { - r.Use(VerifyJWTMiddleware(warden.Config.JWTIssuer)) +// SetupRoutes adds doorman views to query the policies. +func SetupRoutes(r *gin.Engine, doorman *Doorman) { + r.Use(ContextMiddleware(doorman)) + if doorman.Config.JWTIssuer != "" { + r.Use(VerifyJWTMiddleware(doorman.Config.JWTIssuer)) } r.POST("/allowed", allowedHandler) } @@ -156,13 +156,13 @@ func allowedHandler(c *gin.Context) { accessRequest.Subject = payloadJWT.(*jwt.Claims).Subject } - warden := c.MustGet(ContextKey).(*Warden) - err := warden.IsAllowed(&accessRequest) + doorman := c.MustGet(ContextKey).(*Doorman) + err := doorman.IsAllowed(&accessRequest) allowed := (err == nil) // Show some debug information about matched policy. if allowed && gin.Mode() != gin.ReleaseMode { - policies, _ := warden.Manager.FindRequestCandidates(&accessRequest) + policies, _ := doorman.Manager.FindRequestCandidates(&accessRequest) matched := policies[0] log.Debug("Policy matched ", matched.GetID()+": ", matched.GetDescription()) } diff --git a/warden/warden_test.go b/doorman/doorman_test.go similarity index 85% rename from warden/warden_test.go rename to doorman/doorman_test.go index 24d8064..5f2622c 100644 --- a/warden/warden_test.go +++ b/doorman/doorman_test.go @@ -1,4 +1,4 @@ -package warden +package doorman import ( "bytes" @@ -38,28 +38,28 @@ func TestMain(m *testing.M) { os.Exit(m.Run()) } -func loadTempFile(warden *Warden, content []byte) error { +func loadTempFile(doorman *Doorman, content []byte) error { tmpfile, _ := ioutil.TempFile("", "") defer os.Remove(tmpfile.Name()) // clean up tmpfile.Write(content) tmpfile.Close() - return warden.LoadPolicies(tmpfile.Name()) + return doorman.LoadPolicies(tmpfile.Name()) } func TestLoadPolicies(t *testing.T) { - warden := New(&Config{"../policies.yaml", ""}) + doorman := New(&Config{"../policies.yaml", ""}) // Missing file var err error - err = warden.LoadPolicies("/tmp/unknown.yaml") + err = doorman.LoadPolicies("/tmp/unknown.yaml") assert.NotNil(t, err) // Bad YAML - err = loadTempFile(warden, []byte("$\\--xx")) + err = loadTempFile(doorman, []byte("$\\--xx")) assert.NotNil(t, err) // Bad policies - err = loadTempFile(warden, []byte(` + err = loadTempFile(doorman, []byte(` - id: "1" conditions: @@ -69,7 +69,7 @@ func TestLoadPolicies(t *testing.T) { assert.NotNil(t, err) // Duplicated ID - err = loadTempFile(warden, []byte(` + err = loadTempFile(doorman, []byte(` - id: "1" effect: allow @@ -95,7 +95,7 @@ func performAllowed(t *testing.T, r *gin.Engine, body io.Reader, expected int, r require.Nil(t, err) } -func TestWardenGet(t *testing.T) { +func TestDoormanGet(t *testing.T) { r := gin.New() SetupRoutes(r, New(&defaultConfig)) @@ -103,7 +103,7 @@ func TestWardenGet(t *testing.T) { assert.Equal(t, w.Code, http.StatusNotFound) } -func TestWardenEmpty(t *testing.T) { +func TestDoormanEmpty(t *testing.T) { r := gin.New() SetupRoutes(r, New(&defaultConfig)) @@ -112,7 +112,7 @@ func TestWardenEmpty(t *testing.T) { assert.Equal(t, response.Message, "Missing body") } -func TestWardenInvalidJSON(t *testing.T) { +func TestDoormanInvalidJSON(t *testing.T) { r := gin.New() SetupRoutes(r, New(&defaultConfig)) @@ -122,11 +122,11 @@ func TestWardenInvalidJSON(t *testing.T) { assert.Contains(t, response.Message, "invalid character ';'") } -func TestWardenAllowed(t *testing.T) { +func TestDoormanAllowed(t *testing.T) { r := gin.New() - warden := New(&defaultConfig) - warden.LoadPolicies(samplePoliciesFile) - SetupRoutes(r, warden) + doorman := New(&defaultConfig) + doorman.LoadPolicies(samplePoliciesFile) + SetupRoutes(r, doorman) for _, request := range []*ladon.Request{ // Policy #1 @@ -180,11 +180,11 @@ func TestWardenAllowed(t *testing.T) { } } -func TestWardenNotAllowed(t *testing.T) { +func TestDoormanNotAllowed(t *testing.T) { r := gin.New() - warden := New(&defaultConfig) - warden.LoadPolicies(samplePoliciesFile) - SetupRoutes(r, warden) + doorman := New(&defaultConfig) + doorman.LoadPolicies(samplePoliciesFile) + SetupRoutes(r, doorman) for _, request := range []*ladon.Request{ // Policy #1 diff --git a/warden/jwt.go b/doorman/jwt.go similarity index 98% rename from warden/jwt.go rename to doorman/jwt.go index 69213bd..5ad5943 100644 --- a/warden/jwt.go +++ b/doorman/jwt.go @@ -1,4 +1,4 @@ -package warden +package doorman import ( "net/http" diff --git a/warden/jwt_test.go b/doorman/jwt_test.go similarity index 97% rename from warden/jwt_test.go rename to doorman/jwt_test.go index d2fa2b0..9e31fb4 100644 --- a/warden/jwt_test.go +++ b/doorman/jwt_test.go @@ -1,4 +1,4 @@ -package warden +package doorman import ( "net/http" @@ -8,7 +8,7 @@ import ( "github.com/stretchr/testify/require" ) -// TestMain defined in warden_test.go +// TestMain defined in doorman_test.go // func TestMain(m *testing.M) {} func TestVerifyJWT(t *testing.T) { diff --git a/main.go b/main.go index e35fea9..e658676 100644 --- a/main.go +++ b/main.go @@ -9,7 +9,7 @@ import ( "go.mozilla.org/mozlogrus" "github.com/leplatrem/iam/utilities" - "github.com/leplatrem/iam/warden" + "github.com/leplatrem/iam/doorman" ) func init() { @@ -49,13 +49,13 @@ func setupRouter() *gin.Engine { r.Use(gin.Logger()) } - // Setup warden with default config (read policies from disk) - config := &warden.Config{ + // Setup doorman with default config (read policies from disk) + config := &doorman.Config{ PoliciesFilename: "", JWTIssuer: os.Getenv("JWT_ISSUER"), } - w := warden.New(config) - warden.SetupRoutes(r, w) + w := doorman.New(config) + doorman.SetupRoutes(r, w) utilities.SetupRoutes(r) diff --git a/utilities/openapi.yaml b/utilities/openapi.yaml index 509d99e..c10ac9a 100644 --- a/utilities/openapi.yaml +++ b/utilities/openapi.yaml @@ -11,7 +11,7 @@ info: tags: - name: Utilities -- name: Warden +- name: Doorman paths: /__heartbeat__: @@ -123,4 +123,4 @@ paths: allowed: type: boolean tags: - - Warden + - Doorman