Code improvements, fix linting & existing tests

Author: speza

handlers/auth.go

@@ -89,7 +89,6 @@ func AuthMiddleware(roleAuth *AuthConfig) echo.MiddlewareFunc {
 
 					policiesFromClaims, err := getPoliciesFromClaims(policies)
 					if err != nil {
-						gaia.Cfg.Logger.Error(err.Error())
 						return c.String(http.StatusForbidden, fmt.Sprintf("Permission denied for user %s. %s", username, err.Error()))
 					}
 

handlers/handler.go

@@ -4,17 +4,17 @@ import (
 	"net/http"
 	"time"
 
+	rice "github.com/GeertJohan/go.rice"
+	"github.com/labstack/echo"
+	"github.com/labstack/echo/middleware"
+
 	"github.com/gaia-pipeline/gaia"
 	"github.com/gaia-pipeline/gaia/handlers/providers/pipelines"
 	"github.com/gaia-pipeline/gaia/handlers/providers/workers"
 	"github.com/gaia-pipeline/gaia/helper/resourcehelper"
 	"github.com/gaia-pipeline/gaia/helper/rolehelper"
 	"github.com/gaia-pipeline/gaia/security/rbac"
 	"github.com/gaia-pipeline/gaia/services"
-
-	rice "github.com/GeertJohan/go.rice"
-	"github.com/labstack/echo"
-	"github.com/labstack/echo/middleware"
 )
 
 var (
@@ -55,7 +55,7 @@ func (s *GaiaHandler) InitHandlers(e *echo.Echo) error {
 		rbacHandler := newRBACHandler(storeService, rbacSvc, resourcehelper.NewMarshaller())
 		e.GET(p+"rbac/policy/:name", rbacHandler.RBACPolicyResourceGet)
 		e.POST(p+"rbac/policy", rbacHandler.RBACPolicyResourcePut)
-		e.PUT(p+"rbac/policy/:name/assign/:username", rbacHandler.AuthPolicyAssignmentPut)
+		e.PUT(p+"rbac/policy/:name/bind/:username", rbacHandler.RBACPolicyBindingPut)
 
 		// Pipelines
 		// Create pipeline provider

handlers/rbac.go

@@ -1,24 +1,24 @@
 package handlers
 
 import (
-	"github.com/gaia-pipeline/gaia/security/rbac"
 	"io/ioutil"
 	"net/http"
 
 	"github.com/labstack/echo"
 
 	"github.com/gaia-pipeline/gaia"
 	"github.com/gaia-pipeline/gaia/helper/resourcehelper"
-	gStore "github.com/gaia-pipeline/gaia/store"
+	"github.com/gaia-pipeline/gaia/security/rbac"
+	"github.com/gaia-pipeline/gaia/store"
 )
 
 type rbacHandler struct {
-	store          gStore.GaiaStore
+	store          store.RBACStore
 	svc            rbac.Service
 	rbacMarshaller resourcehelper.Marshaller
 }
 
-func newRBACHandler(store gStore.GaiaStore, svc rbac.Service, rbacMarshaller resourcehelper.Marshaller) *rbacHandler {
+func newRBACHandler(store store.RBACStore, svc rbac.Service, rbacMarshaller resourcehelper.Marshaller) *rbacHandler {
 	return &rbacHandler{store: store, svc: svc, rbacMarshaller: rbacMarshaller}
 }
 
@@ -63,11 +63,11 @@ func (h rbacHandler) RBACPolicyResourceGet(c echo.Context) error {
 	return c.String(http.StatusOK, string(bts))
 }
 
-func (h rbacHandler) AuthPolicyAssignmentPut(c echo.Context) error {
+func (h rbacHandler) RBACPolicyBindingPut(c echo.Context) error {
 	name := c.Param("name")
 	username := c.Param("username")
 
-	if err := h.store.RBACPolicyBindingsPut(username, name); err != nil {
+	if err := h.store.RBACPolicyBindingPut(username, name); err != nil {
 		gaia.Cfg.Logger.Error("failed to put auth assignment: " + err.Error())
 		return c.String(http.StatusBadRequest, "Error getting policy.")
 	}

handlers/user.go

@@ -46,7 +46,7 @@ func UserLogin(c echo.Context) error {
 		return err
 	}
 
-	userPolicies, err := storeService.RBACPolicyBindingsGet(u.Username)
+	userPolicies, err := storeService.RBACPolicyBindingGetAll(u.Username)
 	if err != nil {
 		gaia.Cfg.Logger.Error("error getting policy bindings", "username", u.Username)
 		return c.String(http.StatusInternalServerError, "an error has occurred.")

security/rbac/enforcer.go

@@ -15,18 +15,20 @@ var (
 	errResourceDeny      = errors.New("resource implicit deny")
 )
 
-type User struct {
-	Username string
-	Policies map[string]interface{}
-}
-
+// EnforcerConfig represents the config required for RBAC.
 type EnforcerConfig struct {
 	User      User
 	Namespace gaia.RBACPolicyNamespace
 	Action    gaia.RBACPolicyAction
 	Resource  gaia.RBACPolicyResource
 }
 
+// User represents the user to apply the enforcement to.
+type User struct {
+	Username string
+	Policies map[string]interface{}
+}
+
 // PolicyEnforcer is for enforcing RBAC Policies.
 type PolicyEnforcer interface {
 	Enforce(cfg EnforcerConfig) error
@@ -91,7 +93,7 @@ func (s *policyEnforcer) Evaluate(user User) (gaia.RBACEvaluatedPermissions, err
 
 	// Nothing in the cache, so start getting the policies for this user
 	var stmts []gaia.RBACPolicyStatementV1
-	for policyName, _ := range user.Policies {
+	for policyName := range user.Policies {
 		policyResource, _ := s.svc.GetPolicy(policyName)
 		stmts = append(stmts, policyResource.Statement...)
 	}

security/rbac/policies.go renamed to security/rbac/permissions.go

@@ -2,6 +2,7 @@ package rbac
 
 import (
 	"fmt"
+	
 	"github.com/gaia-pipeline/gaia"
 	"github.com/gaia-pipeline/gaia/store"
 )
@@ -15,12 +16,12 @@ type Service interface {
 }
 
 type service struct {
-	store               store.GaiaStore
+	store               store.RBACStore
 	evaluatedPermsCache Cache
 }
 
 // NewService creates a new RBAC Service.
-func NewService(store store.GaiaStore, cache Cache) Service {
+func NewService(store store.RBACStore, cache Cache) Service {
 	return &service{store: store, evaluatedPermsCache: cache}
 }
 

security/rbac/service.go

@@ -9,9 +9,17 @@ import (
 	"github.com/gaia-pipeline/gaia"
 )
 
-// RBACPolicyBindingsPut adds a new users policy assignments.
-func (s *BoltStore) RBACPolicyBindingsPut(username string, policy string) error {
-	existing, err := s.RBACPolicyBindingsGet(username)
+// RBACStore represents the interface for all RBAC store actions.
+type RBACStore interface {
+	RBACPolicyResourcePut(spec gaia.RBACPolicyResourceV1) error
+	RBACPolicyResourceGet(name string) (gaia.RBACPolicyResourceV1, error)
+	RBACPolicyBindingPut(username string, policy string) error
+	RBACPolicyBindingGetAll(username string) (map[string]interface{}, error)
+}
+
+// RBACPolicyBindingPut adds a new users policy assignments.
+func (s *BoltStore) RBACPolicyBindingPut(username string, policy string) error {
+	existing, err := s.RBACPolicyBindingGetAll(username)
 	if err != nil {
 		return fmt.Errorf("failed to get bindings: %v", err.Error())
 	}
@@ -29,8 +37,8 @@ func (s *BoltStore) RBACPolicyBindingsPut(username string, policy string) error
 	})
 }
 
-// RBACPolicyBindingsGet gets a users policy assignments.
-func (s *BoltStore) RBACPolicyBindingsGet(username string) (map[string]interface{}, error) {
+// RBACPolicyBindingGetAll gets a users policy assignments.
+func (s *BoltStore) RBACPolicyBindingGetAll(username string) (map[string]interface{}, error) {
 	assignment := make(map[string]interface{})
 
 	err := s.db.View(func(tx *bolt.Tx) error {

store/rbac.go

@@ -97,10 +97,7 @@ type GaiaStore interface {
 	WorkerGet(id string) (*gaia.Worker, error)
 	UpsertSHAPair(pair gaia.SHAPair) error
 	GetSHAPair(pipelineID int) (bool, gaia.SHAPair, error)
-	RBACPolicyResourcePut(spec gaia.RBACPolicyResourceV1) error
-	RBACPolicyResourceGet(name string) (gaia.RBACPolicyResourceV1, error)
-	RBACPolicyBindingsPut(username string, policy string) error
-	RBACPolicyBindingsGet(username string) (map[string]interface{}, error)
+	RBACStore
 }
 
 // Compile time interface compliance check for BoltStore. If BoltStore