Merge pull request #4 from rgooch/master

Switch to new repository golib/auth/userinfo.

Makefile

@@ -5,7 +5,7 @@ GOPATH ?= ${shell go env GOPATH}
 BINARY=cloud-gate
 #
 # # These are the values we want to pass for Version and BuildTime
-VERSION=0.7.7
+VERSION=1.0.0
 
 all:
 	@cd $(GOPATH)/src; go install github.com/Cloud-Foundations/cloud-gate/cmd/*

broker/aws/api.go

@@ -1,14 +1,13 @@
 package aws
 
 import (
-	"errors"
 	"sync"
 	"time"
 
 	"github.com/Cloud-Foundations/Dominator/lib/log"
 	"github.com/Cloud-Foundations/cloud-gate/broker"
 	"github.com/Cloud-Foundations/cloud-gate/broker/configuration"
-	"github.com/Cloud-Foundations/cloud-gate/lib/userinfo"
+	"github.com/Cloud-Foundations/golib/pkg/auth/userinfo"
 )
 
 type userAllowedCredentialsCacheEntry struct {
@@ -31,7 +30,8 @@ const defaultListRolesRoleName = "CPEBrokerRole"
 
 type Broker struct {
 	config                      *configuration.Configuration
-	userInfo                    userinfo.UserInfo
+	userInfo                    userinfo.UserGroupsGetter
+	rawUserInfo                 userinfo.UserGroupsGetter
 	credentialsFilename         string
 	logger                      log.DebugLogger
 	auditLogger                 log.DebugLogger
@@ -45,33 +45,16 @@ type Broker struct {
 	listRolesRoleName           string
 }
 
-func New(userInfo userinfo.UserInfo,
-	credentialsFilename string,
-	listRolesRoleName string,
-	logger log.DebugLogger, auditLogger log.DebugLogger) *Broker {
-	if listRolesRoleName == "" {
-		listRolesRoleName = defaultListRolesRoleName
-	}
-	return &Broker{userInfo: userInfo,
-		credentialsFilename:         credentialsFilename,
-		logger:                      logger,
-		auditLogger:                 auditLogger,
-		listRolesRoleName:           listRolesRoleName,
-		userAllowedCredentialsCache: make(map[string]userAllowedCredentialsCacheEntry),
-		accountRoleCache:            make(map[string]accountRoleCacheEntry),
-		isUnsealedChannel:           make(chan error, 1),
-		profileCredentials:          make(map[string]awsProfileEntry),
-	}
+func New(userInfo userinfo.UserGroupsGetter, credentialsFilename string,
+	listRolesRoleName string, logger log.DebugLogger,
+	auditLogger log.DebugLogger) *Broker {
+	return newBroker(userInfo, credentialsFilename, listRolesRoleName, logger,
+		auditLogger)
 }
 
 func (b *Broker) UpdateConfiguration(
 	config *configuration.Configuration) error {
-	if config == nil {
-		return errors.New("nill config passed")
-	}
-	b.logger.Debugf(1, "config=%+v", *config)
-	b.config = config
-	return nil
+	return b.updateConfiguration(config)
 }
 
 func (b *Broker) GetUserAllowedAccounts(username string) ([]broker.PermittedAccount, error) {

broker/aws/impl.go

@@ -17,6 +17,10 @@ import (
 	"golang.org/x/crypto/openpgp/armor"
 
 	"github.com/Cloud-Foundations/cloud-gate/broker"
+	"github.com/Cloud-Foundations/cloud-gate/broker/configuration"
+	"github.com/Cloud-Foundations/golib/pkg/auth/userinfo"
+	"github.com/Cloud-Foundations/golib/pkg/auth/userinfo/filter"
+	"github.com/Cloud-Foundations/golib/pkg/log"
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/credentials"
@@ -35,6 +39,26 @@ const (
 	masterAWSProfileName = "broker-master"
 )
 
+func newBroker(userInfo userinfo.UserGroupsGetter, credentialsFilename string,
+	listRolesRoleName string, logger log.DebugLogger,
+	auditLogger log.DebugLogger) *Broker {
+	if listRolesRoleName == "" {
+		listRolesRoleName = defaultListRolesRoleName
+	}
+	return &Broker{
+		rawUserInfo:         userInfo,
+		credentialsFilename: credentialsFilename,
+		logger:              logger,
+		auditLogger:         auditLogger,
+		listRolesRoleName:   listRolesRoleName,
+		userAllowedCredentialsCache: make(
+			map[string]userAllowedCredentialsCacheEntry),
+		accountRoleCache:   make(map[string]accountRoleCacheEntry),
+		isUnsealedChannel:  make(chan error, 1),
+		profileCredentials: make(map[string]awsProfileEntry),
+	}
+}
+
 func (b *Broker) accountIDFromName(accountName string) (string, error) {
 	for _, account := range b.config.AWS.Account {
 		if account.Name == accountName {
@@ -418,8 +442,7 @@ func (b *Broker) getUserAllowedAccountsNonCached(username string) ([]broker.Perm
 	if b.config == nil {
 		return nil, errors.New("nil config")
 	}
-	prefix := b.config.AWS.GroupPrefix
-	userGroups, err := b.userInfo.GetUserGroups(username, &prefix)
+	userGroups, err := b.userInfo.GetUserGroups(username)
 	if err != nil {
 		return nil, err
 	}
@@ -598,3 +621,23 @@ func (b *Broker) generateTokenCredentials(accountName string, roleName string, u
 	b.auditLogger.Printf("Token credentials generated for: %s on account %s role %s", userName, accountName, roleName)
 	return &outVal, nil
 }
+
+func (b *Broker) updateConfiguration(
+	config *configuration.Configuration) error {
+	if config == nil {
+		return errors.New("nill config passed")
+	}
+	if config.AWS.GroupPrefix == "" {
+		b.userInfo = b.rawUserInfo
+	} else {
+		ui, err := filter.NewUserGroupsFilter(b.rawUserInfo,
+			"^"+config.AWS.GroupPrefix)
+		if err != nil {
+			return err
+		}
+		b.userInfo = ui
+	}
+	b.logger.Debugf(1, "config=%+v", *config)
+	b.config = config
+	return nil
+}

broker/httpd/api.go

@@ -25,7 +25,7 @@ import (
 	"github.com/Cloud-Foundations/cloud-gate/broker/configuration"
 	"github.com/Cloud-Foundations/cloud-gate/broker/staticconfiguration"
 	"github.com/Cloud-Foundations/cloud-gate/lib/constants"
-	"github.com/Cloud-Foundations/cloud-gate/lib/userinfo"
+	"github.com/Cloud-Foundations/golib/pkg/auth/userinfo"
 	"github.com/Cloud-Foundations/keymaster/lib/instrumentedwriter"
 )
 

broker/staticconfiguration/api.go

@@ -21,6 +21,7 @@ type BaseConfig struct {
 }
 
 type GitDatabaseConfig struct {
+	Branch                   string        `yaml:"branch"`
 	CheckInterval            time.Duration `yaml:"check_interval"`
 	LocalRepositoryDirectory string        `yaml:"local_repository_directory"`
 	RepositoryURL            string        `yaml:"repository_url"`

cloud-gate.spec

@@ -1,5 +1,5 @@
 Name:           cloud-gate
-Version:        0.7.7
+Version:        1.0.0
 Release:        1%{?dist}
 Summary:        Access broker for clouds
 

cmd/cloud-gate/main.go

@@ -21,9 +21,9 @@ import (
 	"github.com/Cloud-Foundations/cloud-gate/broker/configuration"
 	"github.com/Cloud-Foundations/cloud-gate/broker/httpd"
 	"github.com/Cloud-Foundations/cloud-gate/broker/staticconfiguration"
-	"github.com/Cloud-Foundations/cloud-gate/lib/userinfo"
-	"github.com/Cloud-Foundations/cloud-gate/lib/userinfo/gitdb"
-	"github.com/Cloud-Foundations/cloud-gate/lib/userinfo/ldap"
+	"github.com/Cloud-Foundations/golib/pkg/auth/userinfo"
+	"github.com/Cloud-Foundations/golib/pkg/auth/userinfo/gitdb"
+	"github.com/Cloud-Foundations/golib/pkg/auth/userinfo/ldap"
 	"github.com/Cloud-Foundations/tricorder/go/tricorder"
 )
 
@@ -40,6 +40,8 @@ func getUserInfo(config *staticconfiguration.StaticConfiguration,
 			strings.Split(config.Ldap.LDAPTargetURLs, ","),
 			config.Ldap.BindUsername,
 			config.Ldap.BindPassword,
+			config.Ldap.GroupSearchFilter,
+			config.Ldap.GroupSearchBaseDNs,
 			config.Ldap.UserSearchFilter,
 			config.Ldap.UserSearchBaseDNs,
 			uint(timeoutSecs), nil, logger)
@@ -50,6 +52,7 @@ func getUserInfo(config *staticconfiguration.StaticConfiguration,
 	}
 	if config.GitDB.LocalRepositoryDirectory != "" {
 		userInfo, err := gitdb.New(config.GitDB.RepositoryURL,
+			config.GitDB.Branch,
 			config.GitDB.LocalRepositoryDirectory,
 			config.GitDB.CheckInterval, logger)
 		if err != nil {