Dereference config schema and resolve issues (#282)

Resolves several documentation issues, see also: ory/docs#217 Closes #234 Closes #281
ory · Oct 26, 2019 · 8cf6868 · 8cf6868
1 parent 40e3b89
commit 8cf6868
Show file tree

Hide file tree

Showing 21 changed files with 992 additions and 169 deletions.
diff --git a/.schemas/config.schema.json b/.schemas/config.schema.json
diff --git a/.schemas/pipeline/authenticators.anonymous.schema.json b/.schemas/pipeline/authenticators.anonymous.schema.json
@@ -0,0 +1,5 @@
+{
+  "$id": "https://raw.githubusercontent.com/ory/oathkeeper/v0.32.1-beta.1/.schemas/authenticators.anonymous.schema.json",
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "$ref": "https://raw.githubusercontent.com/ory/oathkeeper/v0.32.1-beta.1/.schemas/config.schema.json#/definitions/configAuthenticatorsAnonymous"
+}
diff --git a/.schemas/pipeline/authenticators.cookie_session.schema.json b/.schemas/pipeline/authenticators.cookie_session.schema.json
@@ -0,0 +1,5 @@
+{
+  "$id": "https://raw.githubusercontent.com/ory/oathkeeper/v0.32.1-beta.1/.schemas/authenticators.cookie_session.schema.json",
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "$ref": "https://raw.githubusercontent.com/ory/oathkeeper/v0.32.1-beta.1/.schemas/config.schema.json#/definitions/configAuthenticatorsCookieSession"
+}
diff --git a/.schemas/pipeline/authenticators.jwt.schema.json b/.schemas/pipeline/authenticators.jwt.schema.json
@@ -0,0 +1,5 @@
+{
+  "$id": "https://raw.githubusercontent.com/ory/oathkeeper/v0.32.1-beta.1/.schemas/authenticators.jwt.schema.json",
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "$ref": "https://raw.githubusercontent.com/ory/oathkeeper/v0.32.1-beta.1/.schemas/config.schema.json#/definitions/configAuthenticatorsJwt"
+}
diff --git a/.schemas/pipeline/authenticators.noop.schema.json b/.schemas/pipeline/authenticators.noop.schema.json
@@ -0,0 +1,5 @@
+{
+  "$id": "https://raw.githubusercontent.com/ory/oathkeeper/v0.32.1-beta.1/.schemas/authenticators.noop.schema.json",
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "$ref": "https://raw.githubusercontent.com/ory/oathkeeper/v0.32.1-beta.1/.schemas/config.schema.json#/definitions/configAuthenticatorsAnonymous"
+}
diff --git a/.schemas/pipeline/authenticators.oauth2_client_credentials.schema.json b/.schemas/pipeline/authenticators.oauth2_client_credentials.schema.json
@@ -0,0 +1,5 @@
+{
+  "$id": "https://raw.githubusercontent.com/ory/oathkeeper/v0.32.1-beta.1/.schemas/authenticators.oauth2_client_credentials.schema.json",
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "$ref": "https://raw.githubusercontent.com/ory/oathkeeper/v0.32.1-beta.1/.schemas/config.schema.json#/definitions/configAuthenticatorsOauth2ClientCredentials"
+}
diff --git a/.schemas/pipeline/authenticators.oauth2_introspection.schema.json b/.schemas/pipeline/authenticators.oauth2_introspection.schema.json
@@ -0,0 +1,5 @@
+{
+  "$id": "https://raw.githubusercontent.com/ory/oathkeeper/v0.32.1-beta.1/.schemas/authenticators.oauth2_introspection.schema.json",
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "$ref": "https://raw.githubusercontent.com/ory/oathkeeper/v0.32.1-beta.1/.schemas/config.schema.json#/definitions/configAuthenticatorsOauth2Introspection"
+}
diff --git a/.schemas/pipeline/authenticators.unauthorized.schema.json b/.schemas/pipeline/authenticators.unauthorized.schema.json
@@ -0,0 +1,5 @@
+{
+  "$id": "https://raw.githubusercontent.com/ory/oathkeeper/v0.32.1-beta.1/.schemas/authenticators.unauthorized.schema.json",
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "$ref": "https://raw.githubusercontent.com/ory/oathkeeper/v0.32.1-beta.1/.schemas/config.schema.json#/definitions/configAuthenticatorsAnonymous"
+}
diff --git a/.schemas/pipeline/authorizers.allow.schema.json b/.schemas/pipeline/authorizers.allow.schema.json
@@ -0,0 +1,4 @@
+{
+  "$id": "https://raw.githubusercontent.com/ory/oathkeeper/v0.32.1-beta.1/.schemas/authorizers.allow.schema.json",
+  "$schema": "http://json-schema.org/draft-07/schema#"
+}
diff --git a/.schemas/pipeline/authorizers.deny.schema.json b/.schemas/pipeline/authorizers.deny.schema.json
@@ -0,0 +1,4 @@
+{
+  "$id": "https://raw.githubusercontent.com/ory/oathkeeper/v0.32.1-beta.1/.schemas/authorizers.deny.schema.json",
+  "$schema": "http://json-schema.org/draft-07/schema#"
+}
diff --git a/.schemas/pipeline/authorizers.keto_engine_acp_ory.schema.json b/.schemas/pipeline/authorizers.keto_engine_acp_ory.schema.json
@@ -0,0 +1,5 @@
+{
+  "$id": "https://raw.githubusercontent.com/ory/oathkeeper/v0.32.1-beta.1/.schemas/authorizers.keto_engine_acp_ory.schema.json",
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "$ref": "https://raw.githubusercontent.com/ory/oathkeeper/v0.32.1-beta.1/.schemas/config.schema.json#/definitions/configAuthorizersKetoEngineAcpOry"
+}
diff --git a/.schemas/pipeline/mutators.cookie.schema.json b/.schemas/pipeline/mutators.cookie.schema.json
@@ -0,0 +1,5 @@
+{
+  "$id": "https://raw.githubusercontent.com/ory/oathkeeper/v0.32.1-beta.1/.schemas/mutators.cookie.schema.json",
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "$ref": "https://raw.githubusercontent.com/ory/oathkeeper/v0.32.1-beta.1/.schemas/config.schema.json#/definitions/configMutatorsCookie"
+}
diff --git a/.schemas/pipeline/mutators.header.schema.json b/.schemas/pipeline/mutators.header.schema.json
@@ -0,0 +1,5 @@
+{
+  "$id": "https://raw.githubusercontent.com/ory/oathkeeper/v0.32.1-beta.1/.schemas/mutators.header.schema.json",
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "$ref": "https://raw.githubusercontent.com/ory/oathkeeper/v0.32.1-beta.1/.schemas/config.schema.json#/definitions/configMutatorsHeader"
+}
diff --git a/.schemas/pipeline/mutators.hydrator.schema.json b/.schemas/pipeline/mutators.hydrator.schema.json
@@ -0,0 +1,5 @@
+{
+  "$id": "https://raw.githubusercontent.com/ory/oathkeeper/v0.32.1-beta.1/.schemas/mutators.hydrator.schema.json",
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "$ref": "https://raw.githubusercontent.com/ory/oathkeeper/v0.32.1-beta.1/.schemas/config.schema.json#/definitions/configMutatorsHydrator"
+}
diff --git a/.schemas/pipeline/mutators.id_token.schema.json b/.schemas/pipeline/mutators.id_token.schema.json
@@ -0,0 +1,5 @@
+{
+  "$id": "https://raw.githubusercontent.com/ory/oathkeeper/v0.32.1-beta.1/.schemas/mutators.id_token.schema.json",
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "$ref": "https://raw.githubusercontent.com/ory/oathkeeper/v0.32.1-beta.1/.schemas/config.schema.json#/definitions/configMutatorsIdToken"
+}
diff --git a/.schemas/pipeline/mutators.noop.schema.json b/.schemas/pipeline/mutators.noop.schema.json
@@ -0,0 +1,4 @@
+{
+  "$id": "https://raw.githubusercontent.com/ory/oathkeeper/v0.32.1-beta.1/.schemas/mutators.noop.schema.json",
+  "$schema": "http://json-schema.org/draft-07/schema#"
+}
diff --git a/docs/.oathkeeper.yaml b/docs/.oathkeeper.yaml
@@ -176,7 +176,7 @@ authenticators:
         # REQUIRED IF ENABLED - The OAuth 2.0 Client Secret to be used for the OAuth 2.0 Client Credentials Grant.
         client_secret: some_secret
 
-        # REQUIRED IF ENABLED - The OAuth 2.0 Scope to be requested during the OAuth 2.0 Client Credentials Grant.
+        # The OAuth 2.0 Scope to be requested during the OAuth 2.0 Client Credentials Grant.
         scope:
           - foo
           - bar

diff --git a/driver/configuration/provider_viper.go b/driver/configuration/provider_viper.go
@@ -243,15 +243,27 @@ func (v *ViperProvider) PipelineConfig(prefix, id string, override json.RawMessa
 		}
 	}
 
-	schema, err := schemas.Find(fmt.Sprintf("%s.%s.schema.json", prefix, id))
+	rawComponentSchema, err := schemas.Find(fmt.Sprintf("pipeline/%s.%s.schema.json", prefix, id))
 	if err != nil {
 		return errors.WithStack(err)
 	}
 
-	if result, err := gojsonschema.Validate(
-		gojsonschema.NewBytesLoader(schema),
-		gojsonschema.NewBytesLoader(marshalled),
-	); err != nil {
+	rawRootSchema, err := schemas.Find("config.schema.json")
+	if err != nil {
+		return errors.WithStack(err)
+	}
+
+	sbl := gojsonschema.NewSchemaLoader()
+	if err := sbl.AddSchemas(gojsonschema.NewBytesLoader(rawRootSchema)); err != nil {
+		return errors.WithStack(err)
+	}
+
+	schema, err := sbl.Compile(gojsonschema.NewBytesLoader(rawComponentSchema))
+	if err != nil {
+		return errors.WithStack(err)
+	}
+
+	if result, err := schema.Validate(gojsonschema.NewBytesLoader(marshalled)); err != nil {
 		return errors.WithStack(err)
 	} else if !result.Valid() {
 		return errors.WithStack(result.Errors())

diff --git a/driver/configuration/provider_viper_public_test.go b/driver/configuration/provider_viper_public_test.go
@@ -319,7 +319,7 @@ func TestAuthenticatorOAuth2TokenIntrospectionPreAuthorization(t *testing.T) {
 		{enabled: true, id: "a", secret: "b", turl: "", err: true},
 		{enabled: true, id: "", secret: "b", turl: "c", err: true},
 		{enabled: true, id: "a", secret: "", turl: "c", err: true},
-		{enabled: false, id: "a", secret: "b", turl: "c", err: false},
+		{enabled: false, id: "a", secret: "b", turl: "c", err: true},
 		{enabled: true, id: "a", secret: "b", turl: "https://some-url", err: false},
 	} {
 		t.Run(fmt.Sprintf("case=%d", k), func(t *testing.T) {

diff --git a/go.mod b/go.mod
@@ -9,7 +9,6 @@ require (
 	github.com/blang/semver v3.5.1+incompatible
 	github.com/bxcodec/faker v2.0.1+incompatible
 	github.com/cenkalti/backoff v2.1.1+incompatible
-	github.com/codegangsta/negroni v1.0.0 // indirect
 	github.com/dgrijalva/jwt-go v3.2.0+incompatible
 	github.com/fsnotify/fsnotify v1.4.7
 	github.com/ghodss/yaml v1.0.0

diff --git a/pipeline/authz/keto_engine_acp_ory.go b/pipeline/authz/keto_engine_acp_ory.go
@@ -200,5 +200,13 @@ func (a *AuthorizerKetoEngineACPORY) Config(config json.RawMessage) (*Authorizer
 		return nil, NewErrAuthorizerMisconfigured(a, err)
 	}
 
+	if c.RequiredAction == "" {
+		c.RequiredAction = "unset"
+	}
+
+	if c.RequiredResource == "" {
+		c.RequiredResource = "unset"
+	}
+
 	return &c, nil
 }