Skip to content

Commit

Permalink
feat(MCSPAuthenticator): add new authenticator for Multi-Cloud Saas P…
Browse files Browse the repository at this point in the history
…latform

This commit introduces the new MCSPAuthenticator that can be used
to exchange an apikey for an MCSP access token using the Multi-Cloud Saas Platform
authentication token server's 'POST /siusermgr/api/1.0/apikeys/token' operation.

Signed-off-by: Phil Adams <[email protected]>
  • Loading branch information
padamstx committed Nov 6, 2023
1 parent 3466fcd commit 87fe96a
Show file tree
Hide file tree
Showing 8 changed files with 1,256 additions and 19 deletions.
92 changes: 76 additions & 16 deletions .secrets.baseline
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"files": "go.sum|package-lock.json|^.secrets.baseline$",
"lines": null
},
"generated_at": "2023-09-22T20:47:15Z",
"generated_at": "2023-11-06T17:25:56Z",
"plugins_used": [
{
"name": "AWSKeyDetector"
Expand Down Expand Up @@ -247,26 +247,26 @@
"verified_result": null
},
{
"hashed_secret": "f2e7745f43b0ef0e2c2faf61d6c6a28be2965750",
"hashed_secret": "2a68d46242baf9214502d1dc240a9075a7c6ed55",
"is_secret": false,
"is_verified": false,
"line_number": 71,
"line_number": 79,
"type": "Secret Keyword",
"verified_result": null
},
{
"hashed_secret": "2a68d46242baf9214502d1dc240a9075a7c6ed55",
"hashed_secret": "333f0f8814d63e7268f80e1e65e7549137d2350c",
"is_secret": false,
"is_verified": false,
"line_number": 79,
"line_number": 88,
"type": "Secret Keyword",
"verified_result": null
},
{
"hashed_secret": "333f0f8814d63e7268f80e1e65e7549137d2350c",
"hashed_secret": "f2e7745f43b0ef0e2c2faf61d6c6a28be2965750",
"is_secret": false,
"is_verified": false,
"line_number": 88,
"line_number": 92,
"type": "Secret Keyword",
"verified_result": null
}
Expand Down Expand Up @@ -320,15 +320,15 @@
"hashed_secret": "d4c3d66fd0c38547a3c7a4c6bdc29c36911bc030",
"is_secret": false,
"is_verified": false,
"line_number": 45,
"line_number": 46,
"type": "Secret Keyword",
"verified_result": null
},
{
"hashed_secret": "8318df9ecda039deac9868adf1944a29a95c7114",
"is_secret": false,
"is_verified": false,
"line_number": 48,
"line_number": 49,
"type": "Secret Keyword",
"verified_result": null
}
Expand Down Expand Up @@ -637,6 +637,66 @@
"verified_result": null
}
],
"core/mcsp_authenticator.go": [
{
"hashed_secret": "347cd9c53ff77d41a7b22aa56c7b4efaf54658e3",
"is_secret": false,
"is_verified": false,
"line_number": 279,
"type": "Secret Keyword",
"verified_result": null
}
],
"core/mcsp_authenticator_test.go": [
{
"hashed_secret": "fd08cd887ed1de2f2d3e175117ff607ca65187ae",
"is_secret": false,
"is_verified": false,
"line_number": 35,
"type": "Secret Keyword",
"verified_result": null
},
{
"hashed_secret": "d03d939c22ad66a948ec8b4649add9b12b8a3cf6",
"is_secret": false,
"is_verified": false,
"line_number": 38,
"type": "JSON Web Token",
"verified_result": null
},
{
"hashed_secret": "5dcb6cb71ea20f1a58387e3d36d77bd123eb9f3b",
"is_secret": false,
"is_verified": false,
"line_number": 39,
"type": "JSON Web Token",
"verified_result": null
},
{
"hashed_secret": "65e496a8c40e0364f378688b5e612a2386ad38d1",
"is_secret": false,
"is_verified": false,
"line_number": 646,
"type": "Secret Keyword",
"verified_result": null
},
{
"hashed_secret": "4c809455939f19c33c732b56a8417e509f4885e8",
"is_secret": false,
"is_verified": false,
"line_number": 647,
"type": "Secret Keyword",
"verified_result": null
},
{
"hashed_secret": "32e8612d8ca77c7ea8374aa7918db8e5df9252ed",
"is_secret": false,
"is_verified": false,
"line_number": 669,
"type": "Secret Keyword",
"verified_result": null
}
],
"core/utils_test.go": [
{
"hashed_secret": "0266262f439c732a31b9353ced05c9e777a07c54",
Expand Down Expand Up @@ -741,34 +801,34 @@
"verified_result": null
},
{
"hashed_secret": "f2e7745f43b0ef0e2c2faf61d6c6a28be2965750",
"hashed_secret": "4e44e97dae1aa4e93c01536f48bbd8602133a86d",
"is_secret": false,
"is_verified": false,
"line_number": 54,
"line_number": 66,
"type": "Secret Keyword",
"verified_result": null
},
{
"hashed_secret": "4e44e97dae1aa4e93c01536f48bbd8602133a86d",
"hashed_secret": "00cafd126182e8a9e7c01bb2f0dfd00496be724f",
"is_secret": false,
"is_verified": false,
"line_number": 66,
"line_number": 85,
"type": "Secret Keyword",
"verified_result": null
},
{
"hashed_secret": "00cafd126182e8a9e7c01bb2f0dfd00496be724f",
"hashed_secret": "f2e7745f43b0ef0e2c2faf61d6c6a28be2965750",
"is_secret": false,
"is_verified": false,
"line_number": 85,
"line_number": 90,
"type": "Secret Keyword",
"verified_result": null
},
{
"hashed_secret": "9e2659aa7e2b335ec6bdcf180f3b6f41f5191af5",
"is_secret": false,
"is_verified": false,
"line_number": 90,
"line_number": 96,
"type": "Secret Keyword",
"verified_result": null
}
Expand Down
4 changes: 3 additions & 1 deletion core/authenticator_factory.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
package core

// (C) Copyright IBM Corp. 2019, 2021.
// (C) Copyright IBM Corp. 2019, 2023.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -58,6 +58,8 @@ func GetAuthenticatorFromEnvironment(credentialKey string) (authenticator Authen
authenticator, err = newVpcInstanceAuthenticatorFromMap(properties)
} else if strings.EqualFold(authType, AUTHTYPE_CP4D) {
authenticator, err = newCloudPakForDataAuthenticatorFromMap(properties)
} else if strings.EqualFold(authType, AUTHTYPE_MCSP) {
authenticator, err = newMCSPAuthenticatorFromMap(properties)
} else if strings.EqualFold(authType, AUTHTYPE_NOAUTH) {
authenticator, err = NewNoAuthAuthenticator()
} else {
Expand Down
25 changes: 24 additions & 1 deletion core/authenticator_factory_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

package core

// (C) Copyright IBM Corp. 2019.
// (C) Copyright IBM Corp. 2019, 2023.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -119,6 +119,18 @@ func TestGetAuthenticatorFromEnvironment1(t *testing.T) {
assert.Equal(t, "user1", iamAuth.ClientId)
assert.Equal(t, "secret1", iamAuth.ClientSecret)
assert.Equal(t, "https://iam.refresh-token.com", iamAuth.URL)

// MCSP Authenticator.
authenticator, err = GetAuthenticatorFromEnvironment("service10")
assert.Nil(t, err)
assert.NotNil(t, authenticator)
assert.Equal(t, AUTHTYPE_MCSP, authenticator.AuthenticationType())
mcspAuth, ok := authenticator.(*MCSPAuthenticator)
assert.True(t, ok)
assert.NotNil(t, mcspAuth)
assert.Equal(t, "my-api-key", mcspAuth.ApiKey)
assert.Equal(t, "https://mcsp.ibm.com", mcspAuth.URL)
assert.True(t, mcspAuth.DisableSSLVerification)
}

func TestGetAuthenticatorFromEnvironment2(t *testing.T) {
Expand Down Expand Up @@ -207,6 +219,17 @@ func TestGetAuthenticatorFromEnvironment2(t *testing.T) {
assert.True(t, ok)
assert.NotNil(t, containerAuth)
assert.Equal(t, "iam-user2", containerAuth.IAMProfileName)

authenticator, err = GetAuthenticatorFromEnvironment("service14")
assert.Nil(t, err)
assert.NotNil(t, authenticator)
assert.Equal(t, AUTHTYPE_MCSP, authenticator.AuthenticationType())
mcspAuth, ok := authenticator.(*MCSPAuthenticator)
assert.True(t, ok)
assert.NotNil(t, mcspAuth)
assert.Equal(t, "my-api-key", mcspAuth.ApiKey)
assert.Equal(t, "https://mcsp.ibm.com", mcspAuth.URL)
assert.True(t, mcspAuth.DisableSSLVerification)
}

func TestGetAuthenticatorFromEnvironment3(t *testing.T) {
Expand Down
4 changes: 4 additions & 0 deletions core/common_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,10 @@ var testEnvironment = map[string]string{
"SERVICE11_AUTH_TYPE": "bad_auth_type",
"SERVICE12_APIKEY": "my-apikey",
"SERVICE13_IAM_PROFILE_NAME": "iam-user2",
"SERVICE14_AUTH_TYPE": "mcsp",
"SERVICE14_AUTH_URL": "https://mcsp.ibm.com",
"SERVICE14_APIKEY": "my-api-key",
"SERVICE14_AUTH_DISABLE_SSL": "true",
}

// setTestEnvironment sets the environment variables described in our map.
Expand Down
3 changes: 2 additions & 1 deletion core/constants.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
package core

// (C) Copyright IBM Corp. 2019, 2022.
// (C) Copyright IBM Corp. 2019, 2023.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
Expand All @@ -23,6 +23,7 @@ const (
AUTHTYPE_CP4D = "cp4d"
AUTHTYPE_CONTAINER = "container"
AUTHTYPE_VPC = "vpc"
AUTHTYPE_MCSP = "mcsp"

// Names of properties that can be defined as part of an external configuration (credential file, env vars, etc.).
// Example: export MYSERVICE_URL=https://myurl
Expand Down
Loading

0 comments on commit 87fe96a

Please sign in to comment.