Add authz bundle url to env

env/iasConfig.go

@@ -39,8 +39,9 @@ type Identity interface {
 	GetCertificate() string             // Returns the client certificate. Optional
 	GetKey() string                     // Returns the client certificate key. Optional
 	GetCertificateExpiresAt() string    // Returns the client certificate expiration time. Optional
-	GetAuthorizationInstanceID() string // Returns the AMS instance id if authorization is enabled
 	IsCertificateBased() bool           // Returns true, in case GetCertificate() and GetKey returns non-empty values
+	GetAuthorizationInstanceID() string // Returns the AMS instance id if authorization is enabled
+	GetAuthorizationBundleURL() string  // Returns the AMS Bundle URL if authorization is enabled
 }
 
 // DefaultIdentity represents the parsed credentials from the ias binding
@@ -57,6 +58,7 @@ type DefaultIdentity struct {
 	Key                     string    `json:"key"`
 	CertificateExpiresAt    string    `json:"certificate_expires_at"`
 	AuthorizationInstanceID string    `json:"authorization_instance_id"`
+	AuthorizationBundleURL  string    `json:"authorization_bundle_url"`
 }
 
 // ParseIdentityConfig parses the IAS config from the applications environment
@@ -239,3 +241,8 @@ func (c DefaultIdentity) GetCertificateExpiresAt() string {
 func (c DefaultIdentity) GetAuthorizationInstanceID() string {
 	return c.AuthorizationInstanceID
 }
+
+// GetAuthorizationBundleURL implements the env.Identity interface.
+func (c DefaultIdentity) GetAuthorizationBundleURL() string {
+	return c.AuthorizationBundleURL
+}

env/iasConfig_test.go

@@ -23,6 +23,7 @@ var testConfig = &DefaultIdentity{
 	ZoneUUID:                uuid.MustParse("bef12345-de57-480f-be92-1d8c1c7abf16"),
 	AppTID:                  "70cd0de3-528a-4655-b56a-5862591def5c",
 	AuthorizationInstanceID: "8d5423d7-bda4-461c-9670-1b9adc142f0a",
+	AuthorizationBundleURL:  "https://mytenant.accounts400.ondemand.com/sap/ams/v1/bundles",
 }
 
 func TestParseIdentityConfig(t *testing.T) {
@@ -35,13 +36,13 @@ func TestParseIdentityConfig(t *testing.T) {
 	}{
 		{
 			name:    "[CF] single identity service instance bound",
-			env:     "{\"identity\":[{\"binding_name\":null,\"credentials\":{\"clientid\":\"cef76757-de57-480f-be92-1d8c1c7abf16\",\"clientsecret\":\"[the_CLIENT.secret:3[/abc\",\"domains\":[\"accounts400.ondemand.com\",\"my.arbitrary.domain\"],\"token_url\":\"https://mytenant.accounts400.ondemand.com/oauth2/token\",\"url\":\"https://mytenant.accounts400.ondemand.com\",\"zone_uuid\":\"bef12345-de57-480f-be92-1d8c1c7abf16\", \"app_tid\":\"70cd0de3-528a-4655-b56a-5862591def5c\", \"authorization_instance_id\":\"8d5423d7-bda4-461c-9670-1b9adc142f0a\"},\"instance_name\":\"my-ams-instance\",\"label\":\"identity\",\"name\":\"my-ams-instance\",\"plan\":\"application\",\"provider\":null,\"syslog_drain_url\":null,\"tags\":[\"ias\"],\"volume_mounts\":[]}]}",
+			env:     `{"identity":[{"binding_name":null,"credentials":{"clientid":"cef76757-de57-480f-be92-1d8c1c7abf16","clientsecret":"[the_CLIENT.secret:3[/abc","domains":["accounts400.ondemand.com","my.arbitrary.domain"],"token_url":"https://mytenant.accounts400.ondemand.com/oauth2/token","url":"https://mytenant.accounts400.ondemand.com","zone_uuid":"bef12345-de57-480f-be92-1d8c1c7abf16", "app_tid":"70cd0de3-528a-4655-b56a-5862591def5c", "authorization_instance_id":"8d5423d7-bda4-461c-9670-1b9adc142f0a", "authorization_bundle_url":"https://mytenant.accounts400.ondemand.com/sap/ams/v1/bundles"},"instance_name":"my-ams-instance","label":"identity","name":"my-ams-instance","plan":"application","provider":null,"syslog_drain_url":null,"tags":["ias"],"volume_mounts":[]}]}`,
 			want:    testConfig,
 			wantErr: false,
 		},
 		{
 			name:    "[CF] multiple identity service bindings",
-			env:     "{\"identity\":[{\"binding_name\":null,\"credentials\":{\"clientid\":\"cef76757-de57-480f-be92-1d8c1c7abf16\",\"clientsecret\":\"[the_CLIENT.secret:3[/abc\",\"domains\":[\"accounts400.ondemand.com\",\"my.arbitrary.domain\"],\"token_url\":\"https://mytenant.accounts400.ondemand.com/oauth2/token\",\"url\":\"https://mytenant.accounts400.ondemand.com\"},\"instance_name\":\"my-ams-instance\",\"label\":\"identity\",\"name\":\"my-ams-instance\",\"plan\":\"application\",\"provider\":null,\"syslog_drain_url\":null,\"tags\":[\"ias\"],\"volume_mounts\":[]},{\"binding_name\":null,\"credentials\":{\"clientid\":\"cef76757-de57-480f-be92-1d8c1c7abf16\",\"clientsecret\":\"the_CLIENT.secret:3[/abc\",\"domain\":\"accounts400.ondemand.com\",\"token_url\":\"https://mytenant.accounts400.ondemand.com/oauth2/token\",\"url\":\"https://mytenant.accounts400.ondemand.com\"},\"instance_name\":\"my-ams-instance\",\"label\":\"identity\",\"name\":\"my-ams-instance\",\"plan\":\"application\",\"provider\":null,\"syslog_drain_url\":null,\"tags\":[\"ias\"],\"volume_mounts\":[]}]}",
+			env:     `{"identity":[{"binding_name":null,"credentials":{"clientid":"cef76757-de57-480f-be92-1d8c1c7abf16","clientsecret":"[the_CLIENT.secret:3[/abc","domains":["accounts400.ondemand.com","my.arbitrary.domain"],"token_url":"https://mytenant.accounts400.ondemand.com/oauth2/token","url":"https://mytenant.accounts400.ondemand.com"},"instance_name":"my-ams-instance","label":"identity","name":"my-ams-instance","plan":"application","provider":null,"syslog_drain_url":null,"tags":["ias"],"volume_mounts":[]},{"binding_name":null,"credentials":{"clientid":"cef76757-de57-480f-be92-1d8c1c7abf16","clientsecret":"the_CLIENT.secret:3[/abc","domain":"accounts400.ondemand.com","token_url":"https://mytenant.accounts400.ondemand.com/oauth2/token","url":"https://mytenant.accounts400.ondemand.com"},"instance_name":"my-ams-instance","label":"identity","name":"my-ams-instance","plan":"application","provider":null,"syslog_drain_url":null,"tags":["ias"],"volume_mounts":[]}]}`,
 			want:    nil,
 			wantErr: true,
 		},

env/testdata/k8s/single-instance-onecredentialsfile/service-instance/credentials

@@ -7,5 +7,6 @@
     "url": "https://mytenant.accounts400.ondemand.com",
     "zone_uuid": "bef12345-de57-480f-be92-1d8c1c7abf16",
     "app_tid": "70cd0de3-528a-4655-b56a-5862591def5c",
-    "authorization_instance_id": "8d5423d7-bda4-461c-9670-1b9adc142f0a"
+    "authorization_instance_id": "8d5423d7-bda4-461c-9670-1b9adc142f0a",
+    "authorization_bundle_url": "https://mytenant.accounts400.ondemand.com/sap/ams/v1/bundles"
 }

env/testdata/k8s/single-instance/service-instance/authorization_bundle_url

@@ -0,0 +1 @@
+https://mytenant.accounts400.ondemand.com/sap/ams/v1/bundles

mocks/mockServer.go

@@ -315,6 +315,7 @@ type MockConfig struct {
 	Key                     string
 	CertificateExpiresAt    string
 	AuthorizationInstanceID string
+	AuthorizationBundleURL  string
 }
 
 // GetClientID implements the env.Identity interface.
@@ -380,6 +381,9 @@ func (c MockConfig) IsCertificateBased() bool {
 // GetAuthorizationInstanceID implements the env.Identity interface.
 func (c MockConfig) GetAuthorizationInstanceID() string { return c.AuthorizationInstanceID }
 
+// GetAuthorizationInstanceID implements the env.Identity interface.
+func (c MockConfig) GetAuthorizationBundleURL() string { return c.AuthorizationBundleURL }
+
 // JSONWebKeySet represents the data which is returned by the tenants /oauth2/certs endpoint
 type JSONWebKeySet struct {
 	Keys []*JSONWebKey `json:"keys"`