func NewRouter() *mux.Router {
router := mux.NewRouter().StrictSlash(true)
for _, route := range routes {
var handler http.Handler
var ap = authz.GetProvider()
if ap != nil {
ap.AddRestriction(route.Role, route.Method, route.Pattern)
}
handler = route.HandlerFunc
handler = util.NewTelemetry(handler, route.Name)
handler = authz.PermissionHandler(handler)
handler = util.LoggingHandler(handler)
router.
Methods(route.Method).
Path(route.Pattern).
Name(route.Name).
Handler(handler)
log.WithFields(log.Fields{
"path": route.Pattern,
"method": route.Method,
}).Infof("Added route %s", route.String())
}
return router
}
// Roles returns a list of applicable roles based on the username in the token
func Roles(w http.ResponseWriter, r *http.Request) {
var token string
t := r.Header.Get("Authorization")
if strings.HasPrefix(t, "Bearer ") {
token = strings.SplitAfter(t, "Bearer ")[1]
} else {
token = ""
}
w.Header().Set("Content-Type", "application/json; charset=UTF-8")
w.WriteHeader(http.StatusOK)
if err := json.NewEncoder(w).Encode(authz.GetProvider().GetRoles(token)); err != nil {
panic(err)
}
}
var _ = Describe("Authz", func() {
var (
provider authz.Provider
)
BeforeEach(func() {
viper.Reset()
})
Describe("Getting the provider", func() {
Context("Default provider is set", func() {
It("Should return nil", func() {
util.LoadConfigByPathWOExtension("authz/test_config_no-provider")
provider = authz.GetProvider()
Expect(provider).To(BeNil())
})
})
Context("Default provider is set", func() {
It("Should return simple provider", func() {
util.LoadConfigByPathWOExtension("test_config")
provider = authz.GetProvider()
Expect(provider.GetName()).To(Equal("simple"))
})
})
})
Describe("Provider authorization queries", func() {