Skip to content

Commit

Permalink
Convert Domain.owner -> users
Browse files Browse the repository at this point in the history
  • Loading branch information
suprjinx committed Sep 10, 2024
1 parent ded236f commit 9ba8f9e
Show file tree
Hide file tree
Showing 11 changed files with 60 additions and 92 deletions.
16 changes: 4 additions & 12 deletions app/interactors/authorize_request.rb
Original file line number Diff line number Diff line change
Expand Up @@ -3,20 +3,12 @@ class AuthorizeRequest
include FailOnError

def call
authorize!(context.identity, context.request)
end

private

def authorize!(identity, cert_req)
cert_req.fqdns.each do |fqdn|
context.request.fqdns.each do |fqdn|
domain = Domain.where(fqdn: fqdn).first
raise AuthError unless domain.present? &&
(domain.owner == identity.subject ||
(domain.group_delegation &&
(domain.groups & identity.groups).any?))
raise AuthError unless domain.present?
raise AuthError unless (domain.users_array & [ context.identity.subject ]).any? ||
(domain.group_delegation && (domain.groups_array & context.identity.groups).any?)
end
nil
end

end
2 changes: 2 additions & 0 deletions app/interactors/fail_on_error.rb
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ module FailOnError
included do
around do |interactor|
interactor.call
rescue Interactor::Failure => e
raise e
rescue => e
Rails.logger.error("Error in #{self.class.name}: #{e.class.name} - #{e.message}")
context.fail!(error: e)
Expand Down
13 changes: 10 additions & 3 deletions app/interactors/refresh_domain.rb
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,16 @@ class RefreshDomain

def call
domain_info = Services::DomainOwnershipService.new.get_domain_info(context.request.fqdn)
Domain.first_or_create(fqdn: context.request.fqdn).update!(
group_delegation: domain_info["ownerDelegatedRequestsToTeam"]
groups: domain_info["autoApprovedGroups"]
domain_record = Domain.first_or_create(fqdn: context.request.fqdn)

if !domain_info || domain_info["isDeleted"]
domain_record.delete
return
end

domain_record.update!(
group_delegation: domain_info["ownerDelegatedRequestsToTeam"],
groups: domain_info["autoApprovedGroups"],
users: domain_info["autoApprovedServiceAccounts"]
)
rescue => e
Expand Down
2 changes: 0 additions & 2 deletions app/lib/services/domain_ownership_service.rb
Original file line number Diff line number Diff line change
@@ -1,11 +1,9 @@
module Services
class DomainOwnershipService

def initialize
end

def get_domain_info
end

end
end
12 changes: 6 additions & 6 deletions app/models/domain.rb
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
class Domain < ApplicationRecord
serialize :groups, :users, coder: YAML, type: Array
before_save :clean_users_groups

validates :fqdn, presence: true

def clean_users_groups
self.groups = groups.sort.uniq
self.users = users.sort.uniq
def groups_array
(groups || "").split(",").sort.uniq
end

def users_array
(users || "").split(",").sort.uniq
end
end
2 changes: 1 addition & 1 deletion db/schema.rb

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion db/seeds.rb
Original file line number Diff line number Diff line change
Expand Up @@ -10,5 +10,5 @@

# this seed is for development only
if Rails.env.development?
Domain.first_or_create!(fqdn: "example.com", owner: "[email protected]")
Domain.first_or_create!(fqdn: "example.com", users: "[email protected]")
end
12 changes: 5 additions & 7 deletions test/fixtures/domains.yml
Original file line number Diff line number Diff line change
@@ -1,18 +1,16 @@
owner_match:
fqdn: example.com
owner: [email protected]
users: [email protected]
group_delegation: false

group_match:
fqdn: example2.com
owner: [email protected]
users: [email protected]
group_delegation: true
groups:
- "group1"
groups: group1

no_match:
fqdn: example3.com
owner: [email protected]
users: [email protected]
group_delegation: true
groups:
- "group3"
groups: group3
44 changes: 24 additions & 20 deletions test/interactors/authorize_request_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -3,31 +3,35 @@
class AuthorizeRequestTest < ActiveSupport::TestCase
def setup
@domain = domains(:group_match)
@identity = Identity.new(subject: @domain.owner)
@identity = Identity.new(subject: @domain.users_array.first)
@cr = CertIssueRequest.new(common_name: @domain.fqdn)
@interactor = AuthorizeRequest
end

test "successful call" do
request = CertIssueRequest.new(common_name: @domain.fqdn)
srv = Minitest::Mock.new
srv.expect :authorize!, nil, [ @identity, @cr ]
Services::DomainOwnershipService.stub :new, srv do
context = @interactor.call(identity: @identity, request: @cr)
assert context.success?
end
test ".call with matching owner" do
rslt = @interactor.call(identity: @identity, request: @cr)
assert rslt.success?
end

test "unsuccessful call" do
request = CertIssueRequest.new(common_name: @domain.fqdn)
srv = Services::DomainOwnershipService.new
Services::DomainOwnershipService.stub :new, srv do
err = ->(_, _) { raise AuthError.new "no can do" }
srv.stub :authorize!, err do
context = @interactor.call(identity: @identity, request: @cr)
assert_not context.success?
assert_kind_of AuthError, context.error
end
end
test ".call with non-matching owner" do
@identity.subject = "[email protected]"
rslt = @interactor.call(identity: @identity, request: @cr)
assert_not rslt.success?
assert_kind_of AuthError, rslt.error
end

test ".call with matching group" do
@domain.update(users: "[email protected]")
@identity.groups = @domain.groups_array
rslt = @interactor.call(identity: @identity, request: @cr)
assert rslt.success?
end

test ".call with non-matching group" do
@domain.update(users: "[email protected]")
@identity.groups = [ "different_group" ]
rslt = @interactor.call(identity: @identity, request: @cr)
assert_not rslt.success?
assert_kind_of AuthError, rslt.error
end
end
31 changes: 0 additions & 31 deletions test/lib/services/domain_ownership_service_test.rb
Original file line number Diff line number Diff line change
@@ -1,35 +1,4 @@
require "test_helper"

class DomainOwnershipServiceTest < ActiveSupport::TestCase
def setup
@domain = domains(:group_match)
@identity = Identity.new(subject: @domain.owner)
@cr = CertIssueRequest.new(common_name: @domain.fqdn)
@ds = Services::DomainOwnershipService.new
end

test "#authorize! with matching owner" do
assert_nil(@ds.authorize!(@identity, @cr))
end

test "#authorize! with non-matching owner" do
@identity.subject = "[email protected]"
assert_raises(AuthError) do
@ds.authorize!(@identity, @cr)
end
end

test "#authorize! with matching group" do
@domain.update(owner: "[email protected]")
@identity.groups = @domain.groups
assert_nil(@ds.authorize!(@identity, @cr))
end

test "#authorize! with non-matching group" do
@domain.update(owner: "[email protected]")
@identity.groups = [ "different_group" ]
assert_raises(AuthError) do
@ds.authorize!(@identity, @cr)
end
end
end
16 changes: 7 additions & 9 deletions test/models/domain_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ class DomainTest < ActiveSupport::TestCase
def setup
@attributes = {
fqdn: "example4.com",
owner: "[email protected]"
users: "[email protected]"
}
@domain = Domain.new(@attributes)
end
Expand All @@ -26,15 +26,13 @@ def setup
assert_includes @domain.errors[:fqdn], "can't be blank"
end

test "#valid? should require an owner" do
@domain.owner = nil
assert_not @domain.valid?
assert_includes @domain.errors[:owner], "can't be blank"
test "#groups_array should sort dedupe groups" do
@domain.groups = "two,two,one"
assert_equal [ "one", "two" ], @domain.groups_array
end

test "before_save should sort and dedupe groups" do
@domain.groups = [ "two", "two", "one" ]
@domain.save
assert_equal [ "one", "two" ], @domain.groups
test "#users_array should sort dedupe users" do
@domain.users = "two,two,one"
assert_equal [ "one", "two" ], @domain.users_array
end
end

0 comments on commit 9ba8f9e

Please sign in to comment.