Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add static init for instances of Partition and Authentication #766

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

feat: add static init for instances of Partition and Authentication #766

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
548873f
feat: add static init for instances of Partition and Authentication
aneojgurhem Oct 4, 2024
3234a1c
fix: use role mapping
aneojgurhem Oct 9, 2024
33ea992
docs: apply suggested improvements
aneojgurhem Oct 9, 2024
ba0f910
fix: replace ObjectId by strings so that insertion during collection …
aneojgurhem Oct 11, 2024
25f3765
docs: command -> env var
aneojgurhem Oct 16, 2024
f1f6168
refactor: logging level in warning
aneojgurhem Oct 16, 2024
43f6401
refactor: use int as Id for Roles, Auth and Users (breaks db scheme)
aneojgurhem Oct 16, 2024
a8e1249
refactor: change log level for warning when collection already exists
aneojgurhem Oct 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions .docs/content/1.concepts/3.authentication.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -125,21 +125,21 @@ InitServices__Authentication__Roles__1='{"Name": "Role2", "Permissions": ["Submi

#### Specify users

To specify a user with the name "User1" with the role "Role1", use the following command:
To specify a user with the name "User1" with the role "Role1", use the following environment variable:

```bash
InitServices__Authentication__Users__0='{"Name": "User1", "Roles": ["Role1"]})'
```

#### Specify certificates

To insert a certificate with Common Name "CN1" and Fingerprint "FP1" associated with the User called "User1", use the following command:
To insert a certificate with Common Name "CN1" and Fingerprint "FP1" associated with the User called "User1", use the following environment variable:

```javascript
InitServices__Authentication__UserCertificates__0='{"User": "User1", "CN": "CN1", "Fingerprint": "FP1"}'
```

To insert an entry matching all certificates with Common Name "CN1" associated with the User called "User1", use the following command:
To insert an entry matching all certificates with Common Name "CN1" associated with the User called "User1", use the following environment variable:

```javascript
InitServices__Authentication__UserCertificates__0='{"User": "User1", "CN": "CN1"}'
Expand Down
2 changes: 1 addition & 1 deletion Adaptors/MongoDB/src/AuthenticationTable.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -183,7 +183,7 @@ await authCollectionProvider_.Init(cancellationToken)
}

/// <inheritdoc />
public async Task<UserAuthenticationResult?> GetIdentityFromUserAsync(string? id,
public async Task<UserAuthenticationResult?> GetIdentityFromUserAsync(int? id,
string? username,
CancellationToken cancellationToken = default)
{
Expand Down
24 changes: 12 additions & 12 deletions Adaptors/MongoDB/src/Common/MongoCollectionProvider.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -124,9 +124,9 @@ await mongoDatabase.CreateCollectionAsync(model.CollectionName,
catch (Exception ex)
{
lastException = ex;
logger.LogDebug(ex,
"Retrying to create Collection {CollectionName}",
model.CollectionName);
logger.LogWarning(ex,
"Retrying to create Collection {CollectionName}",
model.CollectionName);
await Task.Delay(1000 * collectionRetry,
cancellationToken)
.ConfigureAwait(false);
Expand Down Expand Up @@ -171,9 +171,9 @@ await model.InitializeIndexesAsync(session,
catch (Exception ex)
{
lastException = ex;
logger.LogDebug(ex,
"Retrying to Initialize indexes for {CollectionName} collection",
model.CollectionName);
logger.LogWarning(ex,
"Retrying to Initialize indexes for {CollectionName} collection",
model.CollectionName);
await Task.Delay(1000 * indexRetry,
cancellationToken)
.ConfigureAwait(false);
Expand All @@ -195,9 +195,9 @@ await model.ShardCollectionAsync(session,
catch (Exception ex)
{
lastException = ex;
logger.LogDebug(ex,
"Retrying to shard {CollectionName} collection",
model.CollectionName);
logger.LogWarning(ex,
"Retrying to shard {CollectionName} collection",
model.CollectionName);
await Task.Delay(1000 * indexRetry,
cancellationToken)
.ConfigureAwait(false);
Expand Down Expand Up @@ -226,9 +226,9 @@ await model.InitializeCollectionAsync(session,
catch (Exception ex)
{
lastException = ex;
logger.LogDebug(ex,
"Retrying to initialize {CollectionName} collection",
model.CollectionName);
logger.LogWarning(ex,
"Retrying to initialize {CollectionName} collection",
model.CollectionName);
await Task.Delay(1000 * indexRetry,
cancellationToken)
.ConfigureAwait(false);
Expand Down
8 changes: 4 additions & 4 deletions Adaptors/MongoDB/src/Table/DataModel/Auth/PipelineIntermediates.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,8 +33,8 @@ namespace ArmoniK.Core.Adapters.MongoDB.Table.DataModel.Auth;
/// <param name="UserData">List of users that have the id UserId</param>
[BsonIgnoreExtraElements]
public record AuthDataAfterLookup([property: BsonId]
string AuthId,
string UserId,
int AuthId,
int UserId,
string Cn,
string Fingerprint,
UserData[] UserData);
Expand All @@ -47,7 +47,7 @@ public record AuthDataAfterLookup([property: BsonId]
/// <param name="Roles">List of roles of the user</param>
[BsonIgnoreExtraElements]
public record UserDataAfterLookup([property: BsonId]
string UserId,
int UserId,
string Username,
IEnumerable<RoleData> Roles);

Expand All @@ -59,7 +59,7 @@ public record UserDataAfterLookup([property: BsonId]
/// <param name="Roles">User's roles</param>
/// <param name="Permissions">User's permissions</param>
public record MongoAuthResult([property: BsonId]
string Id,
int Id,
string Username,
IEnumerable<string> Roles,
IEnumerable<string> Permissions)
Expand Down
14 changes: 7 additions & 7 deletions Adaptors/MongoDB/tests/BsonSerializerTest.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -239,12 +239,12 @@ public void SerializeTaskDataModel()
[Test]
public void SerializeUserDataModel()
{
var udm = new UserData("UserId",
var udm = new UserData(0,
"Username",
new[]
{
"RoleId1",
"RoleId2",
0,
1,
});
var serialized = udm.ToBson();

Expand All @@ -267,7 +267,7 @@ public void SerializeUserDataModel()
[Test]
public void SerializeRoleDataModel()
{
var rdm = new RoleData("RoleId",
var rdm = new RoleData(0,
"RoleName",
new[]
{
Expand Down Expand Up @@ -295,8 +295,8 @@ public void SerializeRoleDataModel()
[Test]
public void SerializeAuthDataModel()
{
var adm = new AuthData("AuthId",
"UserId",
var adm = new AuthData(1,
1,
"CN",
"Fingerprint");
var serialized = adm.ToBson();
Expand All @@ -319,7 +319,7 @@ public void SerializeAuthDataModel()
[Test]
public void SerializeUserAuthenticationResult()
{
var uirm = new UserAuthenticationResult("Id",
var uirm = new UserAuthenticationResult(0,
"Username",
new[]
{
Expand Down
4 changes: 2 additions & 2 deletions Common/src/Auth/Authentication/AuthData.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ namespace ArmoniK.Core.Common.Auth.Authentication;
/// fingerprint of the certificate. If null, this entry matches with every certificates
/// matching the Common Name
/// </param>
public record AuthData(string AuthId,
string UserId,
public record AuthData(int AuthId,
int UserId,
string Cn,
string? Fingerprint);
6 changes: 4 additions & 2 deletions Common/src/Auth/Authentication/Authenticator.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -242,7 +242,9 @@ protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
{
var prevIdentity = identity;
identity = await GetImpersonatedIdentityAsync(identity,
impersonationId,
impersonationId is null
? null
: int.Parse(impersonationId),
impersonationUsername)
.ConfigureAwait(false);
logger_.LogInformation("User with id {userId} and name {userName} impersonated the user with id {impersonatedId} and name {impersonatedName}. Authentication key : {keyHash}",
Expand Down Expand Up @@ -316,7 +318,7 @@ protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
/// or the impersonating user doesn't have the permissions to impersonate the specified user
/// </exception>
public async Task<ClaimsPrincipal> GetImpersonatedIdentityAsync(ClaimsPrincipal baseIdentity,
string? impersonationId,
int? impersonationId,
string? impersonationUsername,
CancellationToken cancellationToken = default)
{
Expand Down
2 changes: 1 addition & 1 deletion Common/src/Auth/Authentication/IAuthenticationTable.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ public interface IAuthenticationTable : IInitializable
/// <param name="username">User name</param>
/// <param name="cancellationToken">Cancellation token</param>
/// <returns>User authentication data matching the id, if not null, otherwise the username, null if not found</returns>
public Task<UserAuthenticationResult?> GetIdentityFromUserAsync(string? id,
public Task<UserAuthenticationResult?> GetIdentityFromUserAsync(int? id,
string? username,
CancellationToken cancellationToken = default);

Expand Down
2 changes: 1 addition & 1 deletion Common/src/Auth/Authentication/RoleData.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,6 @@ namespace ArmoniK.Core.Common.Auth.Authentication;
/// <param name="RoleId">Role Id</param>
/// <param name="RoleName">Role Name</param>
/// <param name="Permissions">Permissions list, as strings</param>
public record RoleData(string RoleId,
public record RoleData(int RoleId,
string RoleName,
string[] Permissions);
4 changes: 2 additions & 2 deletions Common/src/Auth/Authentication/UserAuthenticationResult.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ namespace ArmoniK.Core.Common.Auth.Authentication;
/// <param name="Username">User name</param>
/// <param name="Roles">User roles</param>
/// <param name="Permissions">User permissions</param>
public record UserAuthenticationResult(string Id,
public record UserAuthenticationResult(int Id,
string Username,
IEnumerable<string> Roles,
IEnumerable<string> Permissions)
Expand All @@ -36,7 +36,7 @@ public record UserAuthenticationResult(string Id,
/// Creates an empty result
/// </summary>
public UserAuthenticationResult()
: this("",
: this(0,
"",
Array.Empty<string>(),
Array.Empty<string>())
Expand Down
6 changes: 3 additions & 3 deletions Common/src/Auth/Authentication/UserData.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,6 @@ namespace ArmoniK.Core.Common.Auth.Authentication;
/// <param name="UserId">User Id</param>
/// <param name="Username">User name</param>
/// <param name="Roles">User roles</param>
public record UserData(string UserId,
string Username,
string[] Roles);
public record UserData(int UserId,
string Username,
int[] Roles);
2 changes: 1 addition & 1 deletion Common/src/Auth/Authentication/UserIdentity.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ public UserIdentity(UserAuthenticationResult userAuth,
/// <summary>
/// User Id
/// </summary>
public string UserId { get; set; }
public int UserId { get; set; }

/// <summary>
/// Transforms a UserAuthenticationResult into a list of claims to be used in an ClaimsIdentity
Expand Down
29 changes: 14 additions & 15 deletions Common/src/Injection/Options/Database/InitDatabase.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,6 @@
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.

using System;
using System.Collections.Generic;
using System.Linq;

Expand Down Expand Up @@ -67,34 +66,34 @@ public InitDatabase(InitServices initServices)

Roles = initServices.Authentication.Roles.Select(Role.FromJson)
.OrderBy(role => role.Name)
.Select(role => new RoleData(Guid.NewGuid()
.ToString(),
role.Name,
role.Permissions.ToArray()))
.Select((role,
i) => new RoleData(i,
role.Name,
role.Permissions.ToArray()))
.AsICollection();

var roleDic = Roles.ToDictionary(data => data.RoleName,
data => data.RoleId);

Users = initServices.Authentication.Users.Select(User.FromJson)
.OrderBy(user => user.Name)
.Select(user => new UserData(Guid.NewGuid()
.ToString(),
user.Name,
user.Roles.Select(roleName => roleDic[roleName])
.ToArray()))
.Select((user,
i) => new UserData(i,
user.Name,
user.Roles.Select(roleName => roleDic[roleName])
.ToArray()))
.AsICollection();

var userDic = Users.ToDictionary(data => data.Username,
data => data.UserId);

Auths = initServices.Authentication.UserCertificates.Select(Certificate.FromJson)
.OrderBy(certificate => (certificate.Fingerprint, certificate.CN))
.Select(certificate => new AuthData(Guid.NewGuid()
.ToString(),
userDic[certificate.User],
certificate.CN,
certificate.Fingerprint))
.Select((certificate,
i) => new AuthData(i,
userDic[certificate.User],
certificate.CN,
certificate.Fingerprint))
.AsICollection();

Partitions = initServices.Partitioning.Partitions.Select(Partition.FromJson)
Expand Down
16 changes: 8 additions & 8 deletions Common/tests/Auth/AuthenticationIntegrationTest.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -289,7 +289,7 @@ public enum ImpersonationType
NoImpersonate,
}

public const string AllRightsId = "AllRightsId";
public const int AllRightsId = 0;
public const string AllRightsUsername = "AllRightsUsername";
public const string AllRightsRole = "AllRights";

Expand All @@ -313,7 +313,7 @@ public enum ImpersonationType
ServicesPermissions.PermissionsLists[ServicesPermissions.All],
Authenticator.SchemeName),
// No Rights
new("NoRightsId1",
new(1,
"NoRightsUsername1",
new[]
{
Expand All @@ -327,7 +327,7 @@ public enum ImpersonationType
Array.Empty<Permission>(),
Authenticator.SchemeName),
// Can impersonate
new("CanImpersonateId1",
new(2,
"CanImpersonateUsername1",
new[]
{
Expand All @@ -346,14 +346,14 @@ public enum ImpersonationType
},
Authenticator.SchemeName),
// Has no certificate
new("NoCertificateId",
new(3,
"NoCertificateUsername",
Array.Empty<MockIdentity.MockCertificate>(),
Array.Empty<string>(),
Array.Empty<Permission>(),
null),
// Has half of the permissions
new("SomeRightsId",
new(4,
"SomeRightsUsername",
new[]
{
Expand All @@ -369,7 +369,7 @@ public enum ImpersonationType
index) => index % 2 == 0),
Authenticator.SchemeName),
// Has the other half of the permissions
new("OtherRightsId",
new(5,
"OtherRightsUsername",
new[]
{
Expand Down Expand Up @@ -422,9 +422,9 @@ public static Metadata GetHeaders(IdentityIndex index,
{
headers.Add(AuthenticatorOptions.DefaultAuth.ImpersonationIdHeader,
(int)impersonate < 0
? "DoesntExist"
? "404"
: Identities[(int)impersonate]
.UserId);
.UserId.ToString());
}
else if (impersonationType == ImpersonationType.ImpersonateUsername)
{
Expand Down
2 changes: 1 addition & 1 deletion Common/tests/Auth/MockAuthenticationTable.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ public Task Init(CancellationToken cancellationToken)
fingerprint))
?.ToUserAuthenticationResult());

public Task<UserAuthenticationResult?> GetIdentityFromUserAsync(string? id,
public Task<UserAuthenticationResult?> GetIdentityFromUserAsync(int? id,
string? username,
CancellationToken cancellationToken)
=> Task.FromResult(identities_.Find(i => id is not null
Expand Down
2 changes: 1 addition & 1 deletion Common/tests/Auth/MockIdentity.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ public class MockIdentity : UserIdentity
{
public readonly IEnumerable<MockCertificate> Certificates;

public MockIdentity(string userId,
public MockIdentity(int userId,
string username,
IEnumerable<MockCertificate> certificates,
IEnumerable<string> roles,
Expand Down
Loading