diff --git a/env/iasConfig.go b/env/iasConfig.go index 6f15b08..5bbd4bc 100644 --- a/env/iasConfig.go +++ b/env/iasConfig.go @@ -39,8 +39,9 @@ type Identity interface { GetCertificate() string // Returns the client certificate. Optional GetKey() string // Returns the client certificate key. Optional GetCertificateExpiresAt() string // Returns the client certificate expiration time. Optional - GetAuthorizationInstanceID() string // Returns the AMS instance id if authorization is enabled IsCertificateBased() bool // Returns true, in case GetCertificate() and GetKey returns non-empty values + GetAuthorizationInstanceID() string // Returns the AMS instance id if authorization is enabled + GetAuthorizationBundleURL() string // Returns the AMS Bundle URL if authorization is enabled } // DefaultIdentity represents the parsed credentials from the ias binding @@ -57,6 +58,7 @@ type DefaultIdentity struct { Key string `json:"key"` CertificateExpiresAt string `json:"certificate_expires_at"` AuthorizationInstanceID string `json:"authorization_instance_id"` + AuthorizationBundleURL string `json:"authorization_bundle_url"` } // ParseIdentityConfig parses the IAS config from the applications environment @@ -239,3 +241,8 @@ func (c DefaultIdentity) GetCertificateExpiresAt() string { func (c DefaultIdentity) GetAuthorizationInstanceID() string { return c.AuthorizationInstanceID } + +// GetAuthorizationBundleURL implements the env.Identity interface. +func (c DefaultIdentity) GetAuthorizationBundleURL() string { + return c.AuthorizationBundleURL +} diff --git a/env/iasConfig_test.go b/env/iasConfig_test.go index e3e7c08..ce5f74a 100644 --- a/env/iasConfig_test.go +++ b/env/iasConfig_test.go @@ -23,6 +23,7 @@ var testConfig = &DefaultIdentity{ ZoneUUID: uuid.MustParse("bef12345-de57-480f-be92-1d8c1c7abf16"), AppTID: "70cd0de3-528a-4655-b56a-5862591def5c", AuthorizationInstanceID: "8d5423d7-bda4-461c-9670-1b9adc142f0a", + AuthorizationBundleURL: "https://mytenant.accounts400.ondemand.com/sap/ams/v1/bundles", } func TestParseIdentityConfig(t *testing.T) { @@ -35,13 +36,13 @@ func TestParseIdentityConfig(t *testing.T) { }{ { name: "[CF] single identity service instance bound", - env: "{\"identity\":[{\"binding_name\":null,\"credentials\":{\"clientid\":\"cef76757-de57-480f-be92-1d8c1c7abf16\",\"clientsecret\":\"[the_CLIENT.secret:3[/abc\",\"domains\":[\"accounts400.ondemand.com\",\"my.arbitrary.domain\"],\"token_url\":\"https://mytenant.accounts400.ondemand.com/oauth2/token\",\"url\":\"https://mytenant.accounts400.ondemand.com\",\"zone_uuid\":\"bef12345-de57-480f-be92-1d8c1c7abf16\", \"app_tid\":\"70cd0de3-528a-4655-b56a-5862591def5c\", \"authorization_instance_id\":\"8d5423d7-bda4-461c-9670-1b9adc142f0a\"},\"instance_name\":\"my-ams-instance\",\"label\":\"identity\",\"name\":\"my-ams-instance\",\"plan\":\"application\",\"provider\":null,\"syslog_drain_url\":null,\"tags\":[\"ias\"],\"volume_mounts\":[]}]}", + env: `{"identity":[{"binding_name":null,"credentials":{"clientid":"cef76757-de57-480f-be92-1d8c1c7abf16","clientsecret":"[the_CLIENT.secret:3[/abc","domains":["accounts400.ondemand.com","my.arbitrary.domain"],"token_url":"https://mytenant.accounts400.ondemand.com/oauth2/token","url":"https://mytenant.accounts400.ondemand.com","zone_uuid":"bef12345-de57-480f-be92-1d8c1c7abf16", "app_tid":"70cd0de3-528a-4655-b56a-5862591def5c", "authorization_instance_id":"8d5423d7-bda4-461c-9670-1b9adc142f0a", "authorization_bundle_url":"https://mytenant.accounts400.ondemand.com/sap/ams/v1/bundles"},"instance_name":"my-ams-instance","label":"identity","name":"my-ams-instance","plan":"application","provider":null,"syslog_drain_url":null,"tags":["ias"],"volume_mounts":[]}]}`, want: testConfig, wantErr: false, }, { name: "[CF] multiple identity service bindings", - env: "{\"identity\":[{\"binding_name\":null,\"credentials\":{\"clientid\":\"cef76757-de57-480f-be92-1d8c1c7abf16\",\"clientsecret\":\"[the_CLIENT.secret:3[/abc\",\"domains\":[\"accounts400.ondemand.com\",\"my.arbitrary.domain\"],\"token_url\":\"https://mytenant.accounts400.ondemand.com/oauth2/token\",\"url\":\"https://mytenant.accounts400.ondemand.com\"},\"instance_name\":\"my-ams-instance\",\"label\":\"identity\",\"name\":\"my-ams-instance\",\"plan\":\"application\",\"provider\":null,\"syslog_drain_url\":null,\"tags\":[\"ias\"],\"volume_mounts\":[]},{\"binding_name\":null,\"credentials\":{\"clientid\":\"cef76757-de57-480f-be92-1d8c1c7abf16\",\"clientsecret\":\"the_CLIENT.secret:3[/abc\",\"domain\":\"accounts400.ondemand.com\",\"token_url\":\"https://mytenant.accounts400.ondemand.com/oauth2/token\",\"url\":\"https://mytenant.accounts400.ondemand.com\"},\"instance_name\":\"my-ams-instance\",\"label\":\"identity\",\"name\":\"my-ams-instance\",\"plan\":\"application\",\"provider\":null,\"syslog_drain_url\":null,\"tags\":[\"ias\"],\"volume_mounts\":[]}]}", + env: `{"identity":[{"binding_name":null,"credentials":{"clientid":"cef76757-de57-480f-be92-1d8c1c7abf16","clientsecret":"[the_CLIENT.secret:3[/abc","domains":["accounts400.ondemand.com","my.arbitrary.domain"],"token_url":"https://mytenant.accounts400.ondemand.com/oauth2/token","url":"https://mytenant.accounts400.ondemand.com"},"instance_name":"my-ams-instance","label":"identity","name":"my-ams-instance","plan":"application","provider":null,"syslog_drain_url":null,"tags":["ias"],"volume_mounts":[]},{"binding_name":null,"credentials":{"clientid":"cef76757-de57-480f-be92-1d8c1c7abf16","clientsecret":"the_CLIENT.secret:3[/abc","domain":"accounts400.ondemand.com","token_url":"https://mytenant.accounts400.ondemand.com/oauth2/token","url":"https://mytenant.accounts400.ondemand.com"},"instance_name":"my-ams-instance","label":"identity","name":"my-ams-instance","plan":"application","provider":null,"syslog_drain_url":null,"tags":["ias"],"volume_mounts":[]}]}`, want: nil, wantErr: true, }, diff --git a/env/testdata/k8s/single-instance-onecredentialsfile/service-instance/credentials b/env/testdata/k8s/single-instance-onecredentialsfile/service-instance/credentials index 44fa60b..bf6ffbd 100644 --- a/env/testdata/k8s/single-instance-onecredentialsfile/service-instance/credentials +++ b/env/testdata/k8s/single-instance-onecredentialsfile/service-instance/credentials @@ -7,5 +7,6 @@ "url": "https://mytenant.accounts400.ondemand.com", "zone_uuid": "bef12345-de57-480f-be92-1d8c1c7abf16", "app_tid": "70cd0de3-528a-4655-b56a-5862591def5c", - "authorization_instance_id": "8d5423d7-bda4-461c-9670-1b9adc142f0a" + "authorization_instance_id": "8d5423d7-bda4-461c-9670-1b9adc142f0a", + "authorization_bundle_url": "https://mytenant.accounts400.ondemand.com/sap/ams/v1/bundles" } \ No newline at end of file diff --git a/env/testdata/k8s/single-instance/service-instance/authorization_bundle_url b/env/testdata/k8s/single-instance/service-instance/authorization_bundle_url new file mode 100644 index 0000000..669611a --- /dev/null +++ b/env/testdata/k8s/single-instance/service-instance/authorization_bundle_url @@ -0,0 +1 @@ +https://mytenant.accounts400.ondemand.com/sap/ams/v1/bundles \ No newline at end of file diff --git a/mocks/mockServer.go b/mocks/mockServer.go index 0dcbaf0..27b4b2e 100644 --- a/mocks/mockServer.go +++ b/mocks/mockServer.go @@ -315,6 +315,7 @@ type MockConfig struct { Key string CertificateExpiresAt string AuthorizationInstanceID string + AuthorizationBundleURL string } // GetClientID implements the env.Identity interface. @@ -380,6 +381,9 @@ func (c MockConfig) IsCertificateBased() bool { // GetAuthorizationInstanceID implements the env.Identity interface. func (c MockConfig) GetAuthorizationInstanceID() string { return c.AuthorizationInstanceID } +// GetAuthorizationInstanceID implements the env.Identity interface. +func (c MockConfig) GetAuthorizationBundleURL() string { return c.AuthorizationBundleURL } + // JSONWebKeySet represents the data which is returned by the tenants /oauth2/certs endpoint type JSONWebKeySet struct { Keys []*JSONWebKey `json:"keys"`