From eba2bfec1e0cc74abfc2632413b176c33da81714 Mon Sep 17 00:00:00 2001 From: Sarvani Vakkalanka Date: Tue, 13 Dec 2016 10:10:17 -0800 Subject: [PATCH 1/7] Start using AuthProvider audiences. This change consumes the new audiences field that has been added in the AuthProvider message. The change is backward compatible and does the following: 1) Check if audiences is present in AuthProvider 2) If present, use it. Otherwise, use the audiences in AuthRequirement --- WORKSPACE | 2 +- contrib/endpoints/src/api_manager/config.cc | 13 ++++++++----- contrib/endpoints/src/api_manager/config_test.cc | 2 +- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/WORKSPACE b/WORKSPACE index ed7b1b60a7b..3f211badf0b 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -149,7 +149,7 @@ bind( new_git_repository( name = "googleapis_git", - commit = "6c1d6d4067364a21f8ffefa3401b213d652bf121", + commit = "db1d4547dc56a798915e0eb2c795585385922165", remote = "https://github.com/googleapis/googleapis.git", build_file = "third_party/BUILD.googleapis", ) diff --git a/contrib/endpoints/src/api_manager/config.cc b/contrib/endpoints/src/api_manager/config.cc index 9c9f4d10a1a..84ebb8be092 100644 --- a/contrib/endpoints/src/api_manager/config.cc +++ b/contrib/endpoints/src/api_manager/config.cc @@ -258,7 +258,7 @@ bool Config::LoadRpcMethods(ApiManagerEnvInterface *env, bool Config::LoadAuthentication(ApiManagerEnvInterface *env) { // Parsing auth config. const ::google::api::Authentication &auth = service_.authentication(); - map provider_id_issuer_map; + map provider_id_provider_map; for (const auto &provider : auth.providers()) { if (provider.id().empty()) { env->LogError("Missing id field in AuthProvider."); @@ -274,7 +274,7 @@ bool Config::LoadAuthentication(ApiManagerEnvInterface *env) { } else { SetJwksUri(provider.issuer(), string(), true); } - provider_id_issuer_map[provider.id()] = provider.issuer(); + provider_id_provider_map[provider.id()] = provider; } for (const auto &rule : auth.rules()) { @@ -296,12 +296,15 @@ bool Config::LoadAuthentication(ApiManagerEnvInterface *env) { env->LogError(error.c_str()); continue; } - auto issuer = utils::FindOrNull(provider_id_issuer_map, provider_id); - if (issuer == nullptr) { + auto provider = utils::FindOrNull(provider_id_provider_map, provider_id); + if (provider == nullptr) { std::string error = "Undefined provider_id: " + provider_id; env->LogError(error.c_str()); } else { - (*method)->addAudiencesForIssuer(*issuer, requirement.audiences()); + std::string audiences = provider->audiences().empty() + ? requirement.audiences() + : provider->audiences(); + (*method)->addAudiencesForIssuer(provider->issuer(), audiences); } } } diff --git a/contrib/endpoints/src/api_manager/config_test.cc b/contrib/endpoints/src/api_manager/config_test.cc index c072a2de3cb..ace0d2afc49 100644 --- a/contrib/endpoints/src/api_manager/config_test.cc +++ b/contrib/endpoints/src/api_manager/config_test.cc @@ -304,6 +304,7 @@ static const char auth_config[] = " id: \"provider-id1\"\n" " issuer: \"issuer1@gserviceaccount.com\"\n" " jwks_uri: \"https://www.googleapis.com/jwks_uri1\"\n" + " audiences: \"ok_audience1\"\n" " }\n" " providers {\n" " id: \"provider-id2\"\n" @@ -326,7 +327,6 @@ static const char auth_config[] = " selector: \"Xyz.Method1\"\n" " requirements {\n" " provider_id: \"provider-id1\"\n" - " audiences: \"ok_audience1\"\n" " }\n" " }\n" " rules {\n" From ca9ef3162ae9c17dd0fabc2281bf69b313591c3f Mon Sep 17 00:00:00 2001 From: Sarvani Vakkalanka Date: Tue, 13 Dec 2016 11:26:38 -0800 Subject: [PATCH 2/7] Address code review comment --- contrib/endpoints/src/api_manager/config.cc | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/contrib/endpoints/src/api_manager/config.cc b/contrib/endpoints/src/api_manager/config.cc index 84ebb8be092..4cddb00b92b 100644 --- a/contrib/endpoints/src/api_manager/config.cc +++ b/contrib/endpoints/src/api_manager/config.cc @@ -258,7 +258,7 @@ bool Config::LoadRpcMethods(ApiManagerEnvInterface *env, bool Config::LoadAuthentication(ApiManagerEnvInterface *env) { // Parsing auth config. const ::google::api::Authentication &auth = service_.authentication(); - map provider_id_provider_map; + map provider_id_provider_map; for (const auto &provider : auth.providers()) { if (provider.id().empty()) { env->LogError("Missing id field in AuthProvider."); @@ -274,7 +274,7 @@ bool Config::LoadAuthentication(ApiManagerEnvInterface *env) { } else { SetJwksUri(provider.issuer(), string(), true); } - provider_id_provider_map[provider.id()] = provider; + provider_id_provider_map[provider.id()] = &provider; } for (const auto &rule : auth.rules()) { @@ -296,7 +296,8 @@ bool Config::LoadAuthentication(ApiManagerEnvInterface *env) { env->LogError(error.c_str()); continue; } - auto provider = utils::FindOrNull(provider_id_provider_map, provider_id); + auto provider = utils::FindPtrOrNull(provider_id_provider_map, + provider_id); if (provider == nullptr) { std::string error = "Undefined provider_id: " + provider_id; env->LogError(error.c_str()); From c2438b79466f4dca375962b690f1172deddbd88c Mon Sep 17 00:00:00 2001 From: Sarvani Vakkalanka Date: Tue, 13 Dec 2016 11:32:41 -0800 Subject: [PATCH 3/7] More code review comments addressed --- contrib/endpoints/src/api_manager/config.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/endpoints/src/api_manager/config.cc b/contrib/endpoints/src/api_manager/config.cc index 4cddb00b92b..dcd3d15dcc5 100644 --- a/contrib/endpoints/src/api_manager/config.cc +++ b/contrib/endpoints/src/api_manager/config.cc @@ -302,7 +302,7 @@ bool Config::LoadAuthentication(ApiManagerEnvInterface *env) { std::string error = "Undefined provider_id: " + provider_id; env->LogError(error.c_str()); } else { - std::string audiences = provider->audiences().empty() + const std::string &audiences = provider->audiences().empty() ? requirement.audiences() : provider->audiences(); (*method)->addAudiencesForIssuer(provider->issuer(), audiences); From ab52aa173f52fda15bf92a65483c3030f42c090e Mon Sep 17 00:00:00 2001 From: Sebastien Vas Date: Mon, 12 Dec 2016 16:30:24 -0800 Subject: [PATCH 4/7] Add initial travis-CI build config for bazel.build. --- .bazelrc | 2 ++ .bazelrc.travis | 12 ++++++++++++ .gitignore | 1 + .travis.yml | 40 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 55 insertions(+) create mode 100644 .bazelrc create mode 100644 .bazelrc.travis create mode 100644 .gitignore create mode 100644 .travis.yml diff --git a/.bazelrc b/.bazelrc new file mode 100644 index 00000000000..f8725e6d9df --- /dev/null +++ b/.bazelrc @@ -0,0 +1,2 @@ +test --test_output=errors +test --test_size_filters=-large,-enormous diff --git a/.bazelrc.travis b/.bazelrc.travis new file mode 100644 index 00000000000..c8875e98a98 --- /dev/null +++ b/.bazelrc.travis @@ -0,0 +1,12 @@ +# This is from Bazel's former travis setup, to avoid blowing up the RAM usage. +startup --host_jvm_args=-Xmx2500m +startup --host_jvm_args=-Xms2500m +startup --batch +test --ram_utilization_factor=10 + +# This is so we understand failures better +build --verbose_failures + +# Below this line, .travis.yml will cat the default bazelrc. +# This is needed so Bazel starts with the base workspace in its +# package path. diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000000..a6ef824c1f8 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/bazel-* diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 00000000000..8471d0d3c61 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,40 @@ +sudo: required +dist: xenial + +lang: go + +go: + - 1.7.x + +jdk: + - oraclejdk8 + +env: + - BAZEL_VERSION=0.4.2 + +addons: + apt: + packages: + - wget + +cache: + directories: + - $HOME/bazel/install + - $HOME/bazel/outbase + +before_install: + - mkdir -p ${HOME}/bazel/install + - cd ${HOME}/bazel/install + - wget --no-clobber "https://github.com/bazelbuild/bazel/releases/download/${BAZEL_VERSION}/bazel_${BAZEL_VERSION}-linux-x86_64.deb" + - chmod +x bazel_${BAZEL_VERSION}-linux-x86_64.deb + - sudo dpkg -i bazel_${BAZEL_VERSION}-linux-x86_64.deb + - sudo apt-get -f install -qqy uuid-dev + - cd ${TRAVIS_BUILD_DIR} + - mv .bazelrc .bazelrc.orig + - cat .bazelrc.travis .bazelrc.orig > .bazelrc + +script: + - bazel --output_base=${HOME}/bazel/outbase test //... + +notifications: + slack: istio-dev:wEEEbaabdP5ieCgDOFetA9nX From af9709d2eff6c3881b40b3f31779de89c1fd8ad2 Mon Sep 17 00:00:00 2001 From: Sarvani Vakkalanka Date: Tue, 13 Dec 2016 10:10:17 -0800 Subject: [PATCH 5/7] Start using AuthProvider audiences. This change consumes the new audiences field that has been added in the AuthProvider message. The change is backward compatible and does the following: 1) Check if audiences is present in AuthProvider 2) If present, use it. Otherwise, use the audiences in AuthRequirement --- WORKSPACE | 2 +- contrib/endpoints/src/api_manager/config.cc | 13 ++++++++----- contrib/endpoints/src/api_manager/config_test.cc | 2 +- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/WORKSPACE b/WORKSPACE index ed7b1b60a7b..3f211badf0b 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -149,7 +149,7 @@ bind( new_git_repository( name = "googleapis_git", - commit = "6c1d6d4067364a21f8ffefa3401b213d652bf121", + commit = "db1d4547dc56a798915e0eb2c795585385922165", remote = "https://github.com/googleapis/googleapis.git", build_file = "third_party/BUILD.googleapis", ) diff --git a/contrib/endpoints/src/api_manager/config.cc b/contrib/endpoints/src/api_manager/config.cc index 9c9f4d10a1a..84ebb8be092 100644 --- a/contrib/endpoints/src/api_manager/config.cc +++ b/contrib/endpoints/src/api_manager/config.cc @@ -258,7 +258,7 @@ bool Config::LoadRpcMethods(ApiManagerEnvInterface *env, bool Config::LoadAuthentication(ApiManagerEnvInterface *env) { // Parsing auth config. const ::google::api::Authentication &auth = service_.authentication(); - map provider_id_issuer_map; + map provider_id_provider_map; for (const auto &provider : auth.providers()) { if (provider.id().empty()) { env->LogError("Missing id field in AuthProvider."); @@ -274,7 +274,7 @@ bool Config::LoadAuthentication(ApiManagerEnvInterface *env) { } else { SetJwksUri(provider.issuer(), string(), true); } - provider_id_issuer_map[provider.id()] = provider.issuer(); + provider_id_provider_map[provider.id()] = provider; } for (const auto &rule : auth.rules()) { @@ -296,12 +296,15 @@ bool Config::LoadAuthentication(ApiManagerEnvInterface *env) { env->LogError(error.c_str()); continue; } - auto issuer = utils::FindOrNull(provider_id_issuer_map, provider_id); - if (issuer == nullptr) { + auto provider = utils::FindOrNull(provider_id_provider_map, provider_id); + if (provider == nullptr) { std::string error = "Undefined provider_id: " + provider_id; env->LogError(error.c_str()); } else { - (*method)->addAudiencesForIssuer(*issuer, requirement.audiences()); + std::string audiences = provider->audiences().empty() + ? requirement.audiences() + : provider->audiences(); + (*method)->addAudiencesForIssuer(provider->issuer(), audiences); } } } diff --git a/contrib/endpoints/src/api_manager/config_test.cc b/contrib/endpoints/src/api_manager/config_test.cc index c072a2de3cb..ace0d2afc49 100644 --- a/contrib/endpoints/src/api_manager/config_test.cc +++ b/contrib/endpoints/src/api_manager/config_test.cc @@ -304,6 +304,7 @@ static const char auth_config[] = " id: \"provider-id1\"\n" " issuer: \"issuer1@gserviceaccount.com\"\n" " jwks_uri: \"https://www.googleapis.com/jwks_uri1\"\n" + " audiences: \"ok_audience1\"\n" " }\n" " providers {\n" " id: \"provider-id2\"\n" @@ -326,7 +327,6 @@ static const char auth_config[] = " selector: \"Xyz.Method1\"\n" " requirements {\n" " provider_id: \"provider-id1\"\n" - " audiences: \"ok_audience1\"\n" " }\n" " }\n" " rules {\n" From c1c644d176a32f8c6a39a5d314b90dac3c20d911 Mon Sep 17 00:00:00 2001 From: Sarvani Vakkalanka Date: Tue, 13 Dec 2016 11:26:38 -0800 Subject: [PATCH 6/7] Address code review comment --- contrib/endpoints/src/api_manager/config.cc | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/contrib/endpoints/src/api_manager/config.cc b/contrib/endpoints/src/api_manager/config.cc index 84ebb8be092..4cddb00b92b 100644 --- a/contrib/endpoints/src/api_manager/config.cc +++ b/contrib/endpoints/src/api_manager/config.cc @@ -258,7 +258,7 @@ bool Config::LoadRpcMethods(ApiManagerEnvInterface *env, bool Config::LoadAuthentication(ApiManagerEnvInterface *env) { // Parsing auth config. const ::google::api::Authentication &auth = service_.authentication(); - map provider_id_provider_map; + map provider_id_provider_map; for (const auto &provider : auth.providers()) { if (provider.id().empty()) { env->LogError("Missing id field in AuthProvider."); @@ -274,7 +274,7 @@ bool Config::LoadAuthentication(ApiManagerEnvInterface *env) { } else { SetJwksUri(provider.issuer(), string(), true); } - provider_id_provider_map[provider.id()] = provider; + provider_id_provider_map[provider.id()] = &provider; } for (const auto &rule : auth.rules()) { @@ -296,7 +296,8 @@ bool Config::LoadAuthentication(ApiManagerEnvInterface *env) { env->LogError(error.c_str()); continue; } - auto provider = utils::FindOrNull(provider_id_provider_map, provider_id); + auto provider = utils::FindPtrOrNull(provider_id_provider_map, + provider_id); if (provider == nullptr) { std::string error = "Undefined provider_id: " + provider_id; env->LogError(error.c_str()); From 137e25b82fb20fddeeae19ad22a7d5b796834a6c Mon Sep 17 00:00:00 2001 From: Sarvani Vakkalanka Date: Tue, 13 Dec 2016 11:32:41 -0800 Subject: [PATCH 7/7] More code review comments addressed --- contrib/endpoints/src/api_manager/config.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/endpoints/src/api_manager/config.cc b/contrib/endpoints/src/api_manager/config.cc index 4cddb00b92b..dcd3d15dcc5 100644 --- a/contrib/endpoints/src/api_manager/config.cc +++ b/contrib/endpoints/src/api_manager/config.cc @@ -302,7 +302,7 @@ bool Config::LoadAuthentication(ApiManagerEnvInterface *env) { std::string error = "Undefined provider_id: " + provider_id; env->LogError(error.c_str()); } else { - std::string audiences = provider->audiences().empty() + const std::string &audiences = provider->audiences().empty() ? requirement.audiences() : provider->audiences(); (*method)->addAudiencesForIssuer(provider->issuer(), audiences);