mirror of
https://github.com/digital-asset/daml.git
synced 2024-09-20 01:07:18 +03:00
use user token for trigger service sandbox test fixture (#13077)
In SandboxFixture when mixing in the auth middleware fixture, set up the ledger client with a user token instead of a claims token when not running in the claims-token-specific auth tests. Fixes #12831. * note about inClaims * prevent Product, Serializable warts with AuthServiceJWTPayload CHANGELOG_BEGIN CHANGELOG_END
This commit is contained in:
parent
d5bfefbc00
commit
7c1cf567ad
@ -11,7 +11,7 @@ import spray.json._
|
||||
import scala.util.Try
|
||||
|
||||
/** All the JWT payloads that can be used with the JWT auth service. */
|
||||
sealed trait AuthServiceJWTPayload
|
||||
sealed abstract class AuthServiceJWTPayload extends Product with Serializable
|
||||
|
||||
/** A JWT token payload constructed from custom claims specific to Daml ledgers.
|
||||
*
|
||||
|
@ -14,4 +14,5 @@ class TriggerServiceTestAuthClaims
|
||||
with AbstractTriggerServiceTestInMem
|
||||
with AbstractTriggerServiceTestAuthMiddleware {
|
||||
override protected[this] def oauth2YieldsUserTokens = false
|
||||
override protected[this] def sandboxClientTakesUserToken = false
|
||||
}
|
||||
|
@ -16,4 +16,5 @@ class TriggerServiceTestAuthWithOracleClaims
|
||||
with TriggerDaoOracleFixture
|
||||
with AbstractTriggerServiceTestAuthMiddleware {
|
||||
protected[this] override def oauth2YieldsUserTokens = false
|
||||
protected[this] override def sandboxClientTakesUserToken = false
|
||||
}
|
||||
|
@ -31,7 +31,7 @@ import com.daml.dbutils.{ConnectionPool, JdbcConfig}
|
||||
import com.daml.jwt.domain.DecodedJwt
|
||||
import com.daml.jwt.{JwtSigner, JwtVerifier, JwtVerifierBase}
|
||||
import com.daml.ledger.api.auth
|
||||
import com.daml.ledger.api.auth.{AuthServiceJWTCodec, CustomDamlJWTPayload}
|
||||
import com.daml.ledger.api.auth.{AuthServiceJWTCodec, CustomDamlJWTPayload, StandardJWTPayload}
|
||||
import com.daml.ledger.api.domain.LedgerId
|
||||
import com.daml.ledger.api.refinements.ApiTypes
|
||||
import com.daml.ledger.api.refinements.ApiTypes.ApplicationId
|
||||
@ -64,6 +64,7 @@ import eu.rekawek.toxiproxy._
|
||||
import io.grpc.Channel
|
||||
import org.scalactic.source
|
||||
import org.scalatest.{BeforeAndAfterAll, BeforeAndAfterEach, Suite, SuiteMixin}
|
||||
import scalaz.syntax.show._
|
||||
|
||||
import scala.collection.concurrent.TrieMap
|
||||
import scala.concurrent._
|
||||
@ -134,7 +135,11 @@ trait AbstractAuthFixture extends SuiteMixin {
|
||||
self: Suite =>
|
||||
|
||||
protected def authService: Option[auth.AuthService]
|
||||
protected def authToken(payload: CustomDamlJWTPayload): Option[String]
|
||||
protected[this] def authToken(
|
||||
admin: Boolean,
|
||||
actAs: List[ApiTypes.Party],
|
||||
readAs: List[ApiTypes.Party],
|
||||
): Option[String]
|
||||
protected def authConfig: AuthConfig
|
||||
}
|
||||
|
||||
@ -142,7 +147,11 @@ trait NoAuthFixture extends AbstractAuthFixture {
|
||||
self: Suite =>
|
||||
|
||||
protected override def authService: Option[auth.AuthService] = None
|
||||
protected override def authToken(payload: CustomDamlJWTPayload): Option[String] = None
|
||||
protected[this] override final def authToken(
|
||||
admin: Boolean,
|
||||
actAs: List[ApiTypes.Party],
|
||||
readAs: List[ApiTypes.Party],
|
||||
) = None
|
||||
protected override def authConfig: AuthConfig = NoAuth
|
||||
}
|
||||
|
||||
@ -154,12 +163,30 @@ trait AuthMiddlewareFixture
|
||||
self: Suite =>
|
||||
|
||||
protected def authService: Option[auth.AuthService] = Some(auth.AuthServiceJWT(authVerifier))
|
||||
protected def authToken(payload: CustomDamlJWTPayload): Option[String] = Some {
|
||||
|
||||
protected[this] override final def authToken(
|
||||
admin: Boolean,
|
||||
actAs: List[ApiTypes.Party],
|
||||
readAs: List[ApiTypes.Party],
|
||||
) = Some {
|
||||
val payload =
|
||||
if (sandboxClientTakesUserToken)
|
||||
StandardJWTPayload(userId = "", participantId = None, exp = None)
|
||||
else
|
||||
CustomDamlJWTPayload(
|
||||
ledgerId = None,
|
||||
applicationId = None,
|
||||
participantId = None,
|
||||
exp = None,
|
||||
admin = admin,
|
||||
actAs = ApiTypes.Party unsubst actAs,
|
||||
readAs = ApiTypes.Party unsubst readAs,
|
||||
)
|
||||
|
||||
val header = """{"alg": "HS256", "typ": "JWT"}"""
|
||||
val jwt = JwtSigner.HMAC256
|
||||
.sign(DecodedJwt(header, AuthServiceJWTCodec.compactPrint(payload)), authSecret)
|
||||
.toOption
|
||||
.get
|
||||
.fold(e => fail(e.shows), identity)
|
||||
jwt.value
|
||||
}
|
||||
protected def authConfig: AuthConfig = AuthMiddleware(authMiddlewareUri, authMiddlewareUri)
|
||||
@ -180,6 +207,7 @@ trait AuthMiddlewareFixture
|
||||
.withScheme("http")
|
||||
.withAuthority(authMiddleware.localAddress.getHostString, authMiddleware.localAddress.getPort)
|
||||
protected[this] def oauth2YieldsUserTokens: Boolean = true
|
||||
protected[this] def sandboxClientTakesUserToken: Boolean = true
|
||||
|
||||
private val authSecret: String = "secret"
|
||||
private var resource
|
||||
@ -284,17 +312,7 @@ trait SandboxFixture extends BeforeAndAfterAll with AbstractAuthFixture with Akk
|
||||
applicationId = ApplicationId.unwrap(applicationId),
|
||||
ledgerIdRequirement = LedgerIdRequirement.none,
|
||||
commandClient = CommandClientConfiguration.default,
|
||||
token = authToken(
|
||||
CustomDamlJWTPayload(
|
||||
ledgerId = None,
|
||||
applicationId = None,
|
||||
participantId = None,
|
||||
exp = None,
|
||||
admin = admin,
|
||||
actAs = ApiTypes.Party unsubst actAs,
|
||||
readAs = ApiTypes.Party unsubst readAs,
|
||||
)
|
||||
),
|
||||
token = authToken(admin, actAs = actAs, readAs = readAs),
|
||||
),
|
||||
)
|
||||
|
||||
|
@ -96,6 +96,11 @@ trait AbstractTriggerServiceTest
|
||||
self in testFn
|
||||
|
||||
protected[this] implicit final class `InClaims syntax`(private val self: ItVerbString) {
|
||||
|
||||
/** Like `in`, but disables tests that would require the oauth test server
|
||||
* to grant claims for the user tokens it manufactures; see
|
||||
* https://github.com/digital-asset/daml/issues/13076
|
||||
*/
|
||||
def inClaims(testFn: => Future[Assertion])(implicit pos: source.Position) =
|
||||
AbstractTriggerServiceTest.this.inClaims(self, testFn)
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user