Skip to content

Commit

Permalink
ROX-23709: Refactor authentication handler (#1789)
Browse files Browse the repository at this point in the history
  • Loading branch information
kovayur authored May 22, 2024
1 parent 0328362 commit cdc535a
Show file tree
Hide file tree
Showing 16 changed files with 239 additions and 123 deletions.
18 changes: 9 additions & 9 deletions .secrets.baseline
Original file line number Diff line number Diff line change
Expand Up @@ -377,63 +377,63 @@
"filename": "templates/service-template.yml",
"hashed_secret": "13032f402fed753c2248419ea4f69f99931f6dbc",
"is_verified": false,
"line_number": 511
"line_number": 516
},
{
"type": "Base64 High Entropy String",
"filename": "templates/service-template.yml",
"hashed_secret": "30025f80f6e22cdafb85db387d50f90ea884576a",
"is_verified": false,
"line_number": 511
"line_number": 516
},
{
"type": "Base64 High Entropy String",
"filename": "templates/service-template.yml",
"hashed_secret": "355f24fd038bcaf85617abdcaa64af51ed19bbcf",
"is_verified": false,
"line_number": 511
"line_number": 516
},
{
"type": "Base64 High Entropy String",
"filename": "templates/service-template.yml",
"hashed_secret": "3d8a1dcd2c3c765ce35c9a9552d23273cc4ddace",
"is_verified": false,
"line_number": 511
"line_number": 516
},
{
"type": "Base64 High Entropy String",
"filename": "templates/service-template.yml",
"hashed_secret": "4ac7b0522761eba972467942cd5cd7499dd2c361",
"is_verified": false,
"line_number": 511
"line_number": 516
},
{
"type": "Base64 High Entropy String",
"filename": "templates/service-template.yml",
"hashed_secret": "7639ab2a6bcf2ea30a055a99468c9cd844d4c22a",
"is_verified": false,
"line_number": 511
"line_number": 516
},
{
"type": "Base64 High Entropy String",
"filename": "templates/service-template.yml",
"hashed_secret": "b56360daf4793d2a74991a972b34d95bc00fb2da",
"is_verified": false,
"line_number": 511
"line_number": 516
},
{
"type": "Base64 High Entropy String",
"filename": "templates/service-template.yml",
"hashed_secret": "c9a73ef9ee8ce9f38437227801c70bcc6740d1a1",
"is_verified": false,
"line_number": 511
"line_number": 516
},
{
"type": "Secret Keyword",
"filename": "templates/service-template.yml",
"hashed_secret": "4e199b4a1c40b497a95fcd1cd896351733849949",
"is_verified": false,
"line_number": 695,
"line_number": 700,
"is_secret": false
}
],
Expand Down
12 changes: 5 additions & 7 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,6 @@ DOCKER_CONFIG ?= "${HOME}/.docker"
# Default Variables
ENABLE_OCM_MOCK ?= true
OCM_MOCK_MODE ?= emulate-server
JWKS_URL ?= "https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/certs"
GITOPS_CONFIG_FILE ?= ${PROJECT_PATH}/dev/config/gitops-config.yaml
DATAPLANE_CLUSTER_CONFIG_FILE ?= ${PROJECT_PATH}/dev/config/dataplane-cluster-configuration.yaml
PROVIDERS_CONFIG_FILE ?= ${PROJECT_PATH}/dev/config/provider-configuration.yaml
Expand Down Expand Up @@ -444,7 +443,9 @@ code/fix:
.PHONY: code/fix

run: fleet-manager db/migrate
./fleet-manager serve --dataplane-cluster-config-file $(DATAPLANE_CLUSTER_CONFIG_FILE)
./fleet-manager serve \
--dataplane-cluster-config-file $(DATAPLANE_CLUSTER_CONFIG_FILE) \
--dataplane-oidc-issuers-file ./dev/config/dataplane-oidc-issuers.yaml
.PHONY: run

# Run Swagger and host the api docs
Expand Down Expand Up @@ -713,7 +714,7 @@ deploy/db:
# deploys the secrets required by the service to an OpenShift cluster
deploy/secrets:
@oc process -f ./templates/secrets-template.yml --local \
-p DATABASE_HOST="fleet-manager-db.$(NAMESPACE).svc.cluster.local" \
-p DATABASE_HOST="fleet-manager-db" \
-p OCM_SERVICE_CLIENT_ID="$(shell ([ -s './secrets/ocm-service.clientId' ] && [ -z '${OCM_SERVICE_CLIENT_ID}' ]) && cat ./secrets/ocm-service.clientId || echo '${OCM_SERVICE_CLIENT_ID}')" \
-p OCM_SERVICE_CLIENT_SECRET="$(shell ([ -s './secrets/ocm-service.clientSecret' ] && [ -z '${OCM_SERVICE_CLIENT_SECRET}' ]) && cat ./secrets/ocm-service.clientSecret || echo '${OCM_SERVICE_CLIENT_SECRET}')" \
-p OCM_SERVICE_TOKEN="$(shell ([ -s './secrets/ocm-service.token' ] && [ -z '${OCM_SERVICE_TOKEN}' ]) && cat ./secrets/ocm-service.token || echo '${OCM_SERVICE_TOKEN}')" \
Expand Down Expand Up @@ -763,7 +764,7 @@ endif
| oc apply -f - -n $(NAMESPACE)
.PHONY: deploy/gitops

# deploy service via templates to an OpenShift cluster
# deploy service via templates to a development Kubernetes/OpenShift cluster
deploy/service: FLEET_MANAGER_IMAGE ?= $(SHORT_IMAGE_REF)
deploy/service: IMAGE_TAG ?= $(image_tag)
deploy/service: FLEET_MANAGER_ENV ?= "development"
Expand All @@ -773,7 +774,6 @@ deploy/service: ENABLE_CENTRAL_LIFE_SPAN ?= "false"
deploy/service: CENTRAL_LIFE_SPAN ?= "48"
deploy/service: OCM_URL ?= "https://api.stage.openshift.com"
deploy/service: OCM_ADDON_SERVICE_URL ?= "https://api.stage.openshift.com"
deploy/service: TOKEN_ISSUER_URL ?= "https://sso.redhat.com/auth/realms/redhat-external"
deploy/service: SERVICE_PUBLIC_HOST_URL ?= "https://api.openshift.com"
deploy/service: ENABLE_TERMS_ACCEPTANCE ?= "false"
deploy/service: ENABLE_DENY_LIST ?= "false"
Expand Down Expand Up @@ -813,8 +813,6 @@ endif
-p OCM_URL="$(OCM_URL)" \
-p OCM_ADDON_SERVICE_URL="$(OCM_ADDON_SERVICE_URL)" \
-p AMS_URL="${AMS_URL}" \
-p JWKS_URL="$(JWKS_URL)" \
-p TOKEN_ISSUER_URL="${TOKEN_ISSUER_URL}" \
-p SERVICE_PUBLIC_HOST_URL="https://$(shell oc get routes/fleet-manager -o jsonpath="{.spec.host}" -n $(NAMESPACE))" \
-p OBSERVATORIUM_RHSSO_GATEWAY="${OBSERVATORIUM_RHSSO_GATEWAY}" \
-p OBSERVATORIUM_RHSSO_REALM="${OBSERVATORIUM_RHSSO_REALM}" \
Expand Down
4 changes: 4 additions & 0 deletions config/dataplane-oidc-issuers.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
---
# A list of DataPlane OpenID Connect issuers that should be verified for issued tokens.
# Endpoints in the list are represented by URLs that must match the iss claim in the access token.
[]
1 change: 1 addition & 0 deletions dev/config/dataplane-oidc-issuers.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
- https://127.0.0.1:6443
1 change: 0 additions & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ go 1.20
require (
github.com/DATA-DOG/go-sqlmock v1.5.2
github.com/antihax/optional v1.0.0
github.com/auth0/go-jwt-middleware/v2 v2.2.1
github.com/aws/aws-sdk-go v1.51.15
github.com/bxcodec/faker/v3 v3.8.1
github.com/caarlos0/env/v6 v6.10.1
Expand Down
3 changes: 0 additions & 3 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -74,8 +74,6 @@ github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAE
github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g=
github.com/antihax/optional v1.0.0 h1:xK2lYat7ZLaVVcIuj82J8kIro4V6kDe0AUDFboUCwcg=
github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
github.com/auth0/go-jwt-middleware/v2 v2.2.1 h1:pqxEIwlCztD0T9ZygGfOrw4NK/F9iotnCnPJVADKbkE=
github.com/auth0/go-jwt-middleware/v2 v2.2.1/go.mod h1:CSi0tuu0QrALbWdiQZwqFL8SbBhj4e2MJzkvNfjY0Us=
github.com/aws/aws-sdk-go v1.51.15 h1:rxRcn4hmkhxUfIQrmnFfOOW4NQRiRve7GlgQcor13JE=
github.com/aws/aws-sdk-go v1.51.15/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk=
Expand Down Expand Up @@ -1067,7 +1065,6 @@ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
gopkg.in/go-jose/go-jose.v2 v2.6.2 h1:Rl5+9rA0kG3vsO1qhncMPRT5eHICihAMQYJkD7u/i4M=
gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
gopkg.in/resty.v1 v1.12.0 h1:CuXP0Pjfw9rOuY6EP+UvtNvt5DSqHpIxILZKT/quCZI=
Expand Down
103 changes: 81 additions & 22 deletions internal/dinosaur/pkg/handlers/authentication.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,47 +2,106 @@ package handlers

import (
"fmt"
"net/http"
"strings"

"github.com/golang/glog"
sdk "github.com/openshift-online/ocm-sdk-go"
"github.com/openshift-online/ocm-sdk-go/authentication"
pkgErrors "github.com/pkg/errors"
"github.com/stackrox/acs-fleet-manager/internal/dinosaur/routes"
"github.com/stackrox/acs-fleet-manager/pkg/client/iam"
"github.com/stackrox/acs-fleet-manager/pkg/errors"
"github.com/stackrox/acs-fleet-manager/pkg/server"
)

// NewAuthenticationBuilder ...
func NewAuthenticationBuilder(ServerConfig *server.ServerConfig, IAMConfig *iam.IAMConfig) (*authentication.HandlerBuilder, error) {
type compositeAuthenticationHandler struct {
defaultHandler http.Handler
privateAPIHandler http.Handler
adminAPIHandler http.Handler
}

var (
adminAPIPrefix = fmt.Sprintf("^%s/%s/%s%s", routes.APIEndpoint, routes.FleetManagementAPIPrefix, routes.Version, routes.AdminAPIPrefix)
privateAPIPrefix = fmt.Sprintf("^%s/%s/%s%s", routes.APIEndpoint, routes.FleetManagementAPIPrefix, routes.Version, routes.PrivateAPIPrefix)
)

func (h *compositeAuthenticationHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
if strings.HasPrefix(r.URL.Path, adminAPIPrefix) {
h.adminAPIHandler.ServeHTTP(w, r)
return
}
if strings.HasPrefix(r.URL.Path, privateAPIPrefix) {
h.privateAPIHandler.ServeHTTP(w, r)
return
}
h.defaultHandler.ServeHTTP(w, r)
}

// NewAuthenticationHandler creates a new instance of authentication handler
func NewAuthenticationHandler(IAMConfig *iam.IAMConfig, next http.Handler) (http.Handler, error) {
authnLogger, err := sdk.NewGlogLoggerBuilder().
InfoV(glog.Level(1)).
DebugV(glog.Level(5)).
Build()

if err != nil {
return nil, pkgErrors.Wrap(err, "unable to create authentication logger")
return nil, fmt.Errorf("unable to create authentication logger: %w", err)
}

authenticationBuilder := authentication.NewHandler()
defaultHandlerBuilder := authentication.NewHandler().
Logger(authnLogger).
KeysURL(IAMConfig.JwksURL). // ocm JWK JSON web token signing certificates URL
KeysFile(IAMConfig.JwksFile). // ocm JWK backup JSON web token signing certificates
KeysURL(IAMConfig.RedhatSSORealm.JwksEndpointURI). // sso JWK Cert URL
Error(fmt.Sprint(errors.ErrorUnauthenticated)).
Service(errors.ErrorCodePrefix).
Public(fmt.Sprintf("^%s/%s/?$", routes.APIEndpoint, routes.FleetManagementAPIPrefix)).
Public(fmt.Sprintf("^%s/%s/%s/?$", routes.APIEndpoint, routes.FleetManagementAPIPrefix, routes.Version)).
Public(fmt.Sprintf("^%s/%s/%s/openapi/?$", routes.APIEndpoint, routes.FleetManagementAPIPrefix, routes.Version)).
Public(fmt.Sprintf("^%s/%s/%s/errors/?[0-9]*", routes.APIEndpoint, routes.FleetManagementAPIPrefix, routes.Version))

// Add additional JWKS endpoints to the builder if there are any.
for _, jwksEndpointURI := range IAMConfig.AdditionalSSOIssuers.JWKSURIs {
authenticationBuilder.KeysURL(jwksEndpointURI)
}

return authenticationBuilder.
Logger(authnLogger).
KeysURL(ServerConfig.JwksURL). // ocm JWK JSON web token signing certificates URL
KeysFile(ServerConfig.JwksFile). // ocm JWK backup JSON web token signing certificates
KeysURL(IAMConfig.RedhatSSORealm.JwksEndpointURI). // sso JWK Cert URL
KeysURL(IAMConfig.InternalSSORealm.JwksEndpointURI). // internal sso (auth.redhat.com) JWK Cert URL
Error(fmt.Sprint(errors.ErrorUnauthenticated)).
Service(errors.ErrorCodePrefix).
Public(fmt.Sprintf("^%s/%s/?$", routes.APIEndpoint, routes.DinosaursFleetManagementAPIPrefix)).
Public(fmt.Sprintf("^%s/%s/%s/?$", routes.APIEndpoint, routes.DinosaursFleetManagementAPIPrefix, routes.Version)).
Public(fmt.Sprintf("^%s/%s/%s/openapi/?$", routes.APIEndpoint, routes.DinosaursFleetManagementAPIPrefix, routes.Version)).
Public(fmt.Sprintf("^%s/%s/%s/errors/?[0-9]*", routes.APIEndpoint, routes.DinosaursFleetManagementAPIPrefix, routes.Version)),
nil
defaultHandlerBuilder.KeysURL(jwksEndpointURI)
}

defaultHandler, err := defaultHandlerBuilder.Next(next).Build()
if err != nil {
return nil, fmt.Errorf("unable to create default authN handler: %w", err)
}

privateAPIHandlerBuilder := authentication.NewHandler().
Logger(authnLogger).
KeysURL(IAMConfig.RedhatSSORealm.JwksEndpointURI).
Error(fmt.Sprint(errors.ErrorUnauthenticated)).
Service(errors.ErrorCodePrefix)

// Add additional JWKS endpoints to the builder if there are any.
for _, jwksEndpointURI := range IAMConfig.DataPlaneOIDCIssuers.JWKSURIs {
privateAPIHandlerBuilder.KeysURL(jwksEndpointURI)
}

privateAPIHandler, err := privateAPIHandlerBuilder.Next(next).Build()
if err != nil {
return nil, fmt.Errorf("unable to create private authN handler: %w", err)
}

adminAPIHandler, err := authentication.NewHandler().
Logger(authnLogger).
KeysURL(IAMConfig.JwksURL). // ocm JWK JSON web token signing certificates URL
KeysFile(IAMConfig.JwksFile). // ocm JWK backup JSON web token signing certificates
KeysURL(IAMConfig.InternalSSORealm.JwksEndpointURI). // internal sso (auth.redhat.com) JWK Cert URL
Error(fmt.Sprint(errors.ErrorUnauthenticated)).
Service(errors.ErrorCodePrefix).
Next(next).
Build()

if err != nil {
return nil, fmt.Errorf("unable to create admin authN handler: %w", err)
}

return &compositeAuthenticationHandler{
defaultHandler: defaultHandler,
privateAPIHandler: privateAPIHandler,
adminAPIHandler: adminAPIHandler,
}, nil
}
11 changes: 5 additions & 6 deletions internal/dinosaur/pkg/routes/route_loader.go
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ func NewRouteLoader(s options) environments.RouteLoader {

// AddRoutes ...
func (s *options) AddRoutes(mainRouter *mux.Router) error {
basePath := fmt.Sprintf("%s/%s", routes.APIEndpoint, routes.DinosaursFleetManagementAPIPrefix)
basePath := fmt.Sprintf("%s/%s", routes.APIEndpoint, routes.FleetManagementAPIPrefix)
err := s.buildAPIBaseRouter(mainRouter, basePath, "fleet-manager.yaml")
if err != nil {
return err
Expand All @@ -93,7 +93,7 @@ func (s *options) buildAPIBaseRouter(mainRouter *mux.Router, basePath string, op
authorizeMiddleware := s.AccessControlListMiddleware.Authorize
requireOrgID := auth.NewRequireOrgIDMiddleware().RequireOrgID(errors.ErrorUnauthenticated)
requireIssuer := auth.NewRequireIssuerMiddleware().RequireIssuer(
append(s.IAMConfig.AdditionalSSOIssuers.GetURIs(), s.ServerConfig.TokenIssuerURL), errors.ErrorUnauthenticated)
append(s.IAMConfig.AdditionalSSOIssuers.GetURIs(), s.IAMConfig.RedhatSSORealm.ValidIssuerURI), errors.ErrorUnauthenticated)
requireTermsAcceptance := auth.NewRequireTermsAcceptanceMiddleware().RequireTermsAcceptance(s.ServerConfig.EnableTermsAcceptance, s.AMSClient, errors.ErrorTermsNotAccepted)

// base path.
Expand Down Expand Up @@ -157,8 +157,7 @@ func (s *options) buildAPIBaseRouter(mainRouter *mux.Router, basePath string, op
Name(logger.NewLogEvent("get-federate-metrics", "get federate metrics by id").ToString()).
Methods(http.MethodGet)
apiV1MetricsFederateRouter.Use(auth.NewRequireIssuerMiddleware().RequireIssuer(
append(s.IAMConfig.AdditionalSSOIssuers.GetURIs(), s.ServerConfig.TokenIssuerURL,
s.IAMConfig.RedhatSSORealm.ValidIssuerURI), errors.ErrorUnauthenticated))
append(s.IAMConfig.AdditionalSSOIssuers.GetURIs(), s.IAMConfig.RedhatSSORealm.ValidIssuerURI), errors.ErrorUnauthenticated))
apiV1MetricsFederateRouter.Use(requireOrgID)
apiV1MetricsFederateRouter.Use(authorizeMiddleware)

Expand Down Expand Up @@ -200,7 +199,7 @@ func (s *options) buildAPIBaseRouter(mainRouter *mux.Router, basePath string, op
// /agent-clusters/{id}
dataPlaneClusterHandler := handlers.NewDataPlaneClusterHandler(s.DataPlaneCluster)
dataPlaneCentralHandler := handlers.NewDataPlaneDinosaurHandler(s.DataPlaneCentralService, s.Central, s.ManagedCentralPresenter, s.GitopsProvider)
apiV1DataPlaneRequestsRouter := apiV1Router.PathPrefix("/agent-clusters").Subrouter()
apiV1DataPlaneRequestsRouter := apiV1Router.PathPrefix(routes.PrivateAPIPrefix).Subrouter()
apiV1DataPlaneRequestsRouter.HandleFunc("/{id}", dataPlaneClusterHandler.GetDataPlaneClusterConfig).
Name(logger.NewLogEvent("get-dataplane-cluster-config", "get dataplane cluster config by id").ToString()).
Methods(http.MethodGet)
Expand All @@ -225,7 +224,7 @@ func (s *options) buildAPIBaseRouter(mainRouter *mux.Router, basePath string, op
s.IAMConfig.RedhatSSORealm.ValidIssuerURI, s.FleetShardAuthZConfig)

adminCentralHandler := handlers.NewAdminCentralHandler(s.Central, s.AccountService, s.ProviderConfig, s.Telemetry)
adminRouter := apiV1Router.PathPrefix("/admin").Subrouter()
adminRouter := apiV1Router.PathPrefix(routes.AdminAPIPrefix).Subrouter()

adminRouter.Use(auth.NewRequireIssuerMiddleware().RequireIssuer(
[]string{s.IAMConfig.InternalSSORealm.ValidIssuerURI}, errors.ErrorNotFound))
Expand Down
2 changes: 0 additions & 2 deletions internal/dinosaur/providers.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@ import (
"github.com/stackrox/acs-fleet-manager/internal/dinosaur/pkg/config"
"github.com/stackrox/acs-fleet-manager/internal/dinosaur/pkg/environments"
"github.com/stackrox/acs-fleet-manager/internal/dinosaur/pkg/gitops"
"github.com/stackrox/acs-fleet-manager/internal/dinosaur/pkg/handlers"
"github.com/stackrox/acs-fleet-manager/internal/dinosaur/pkg/migrations"
"github.com/stackrox/acs-fleet-manager/internal/dinosaur/pkg/presenters"
"github.com/stackrox/acs-fleet-manager/internal/dinosaur/pkg/routes"
Expand Down Expand Up @@ -63,7 +62,6 @@ func ServiceProviders() di.Option {
di.Provide(services.NewClusterPlacementStrategy),
di.Provide(services.NewDataPlaneClusterService),
di.Provide(services.NewDataPlaneCentralService),
di.Provide(handlers.NewAuthenticationBuilder),
di.Provide(clusters.NewDefaultProviderFactory, di.As(new(clusters.ProviderFactory))),
di.Provide(routes.NewRouteLoader),
di.Provide(quota.NewDefaultQuotaServiceFactory),
Expand Down
8 changes: 5 additions & 3 deletions internal/dinosaur/routes/constants.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,9 @@ package routes

// Version ...
const (
Version = "v1"
APIEndpoint = "/api"
DinosaursFleetManagementAPIPrefix = "rhacs"
Version = "v1"
APIEndpoint = "/api"
FleetManagementAPIPrefix = "rhacs"
PrivateAPIPrefix = "/agent-clusters"
AdminAPIPrefix = "/admin"
)
5 changes: 2 additions & 3 deletions pkg/acl/access_control_list_middleware_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,9 @@ import (
"github.com/golang/glog"
"github.com/stackrox/acs-fleet-manager/internal/dinosaur"
"github.com/stackrox/acs-fleet-manager/pkg/acl"
"github.com/stackrox/acs-fleet-manager/pkg/server"

"github.com/stackrox/acs-fleet-manager/pkg/auth"
"github.com/stackrox/acs-fleet-manager/pkg/environments"
"github.com/stackrox/acs-fleet-manager/pkg/server"

. "github.com/onsi/gomega"
)
Expand All @@ -42,7 +41,7 @@ func TestMain(m *testing.M) {

func Test_AccessControlListMiddleware_UserHasNoAccess(t *testing.T) {
RegisterTestingT(t)
authHelper, err := auth.NewAuthHelper(jwtKeyFile, jwtCAFile, serverConfig.TokenIssuerURL)
authHelper, err := auth.NewAuthHelper(jwtKeyFile, jwtCAFile, "")
Expect(err).NotTo(HaveOccurred())

tests := []struct {
Expand Down
Loading

0 comments on commit cdc535a

Please sign in to comment.