Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(security)!: Add authentication hooks to routes #1437

Merged
merged 1 commit into from
Jul 13, 2023
Merged

feat(security)!: Add authentication hooks to routes #1437

merged 1 commit into from
Jul 13, 2023

Conversation

bnevis-i
Copy link
Collaborator

@bnevis-i bnevis-i commented Jul 13, 2023
edited
Loading

BREAKING CHANGE: EdgeX standard routes will require authentication.
AddCustomRoute is a new interface method that enables adding authenticated routes.

Closes #1435

PR Checklist

Please check if your PR fulfills the following requirements:

  • I am not introducing a breaking change (if you are, flag in conventional commit message with BREAKING CHANGE: describing the break)
  • I am not introducing a new dependency (add notes below if you are)
  • I have added unit tests for the new feature or bug fix (if not, why?)
  • I have fully tested (add details below) this the new feature or bug fix (if not, why?)
  • I have opened a PR for the related docs change (if not, why?)

Testing Instructions

Not fully tested in a full running system, but have added unit tests (make test) and verified basic security functionality.

New Dependency Instructions (If applicable)

@codecov-commenter
Copy link

codecov-commenter commented Jul 13, 2023
edited
Loading

Codecov Report

Merging #1437 (fa33c88) into main (a0fbb63) will increase coverage by 0.04%.
The diff coverage is 64.70%.

❗ Your organization is not using the GitHub App Integration. As a result you may experience degraded service beginning May 15th. Please install the Github App Integration for your organization. Read more.

@@            Coverage Diff             @@
##             main    #1437      +/-   ##
==========================================
+ Coverage   66.79%   66.83%   +0.04%     
==========================================
  Files          36       36              
  Lines        3075     3088      +13     
==========================================
+ Hits         2054     2064      +10     
- Misses        888      891       +3     
  Partials      133      133
Impacted Files Coverage Δ
internal/webserver/server.go 20.45% <40.00%> (+2.16%) ⬆️
internal/app/service.go 57.52% <100.00%> (+0.89%) ⬆️

@bnevis-i
feat(security)!: Add authentication hooks to routes
fa33c88 
BREAKING CHANGE: EdgeX standard routes will require authentication.
AddCustomRoute is a new interface method that enables adding authenticated routes.

Closes #1435

Signed-off-by: Bryon Nevis <bryon.nevis@intel.com>
@bnevis-i
Copy link
Collaborator Author

@jim-wang-intel Added unit test.

jim-wang-intel
jim-wang-intel approved these changes Jul 13, 2023
View reviewed changes
Copy link
Contributor

@jim-wang-intel jim-wang-intel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@bnevis-i bnevis-i merged commit 1ff3b26 into edgexfoundry:main Jul 13, 2023
1 check passed
@bnevis-i bnevis-i deleted the issue-1435 branch July 13, 2023 23:17
lenny-goodell
lenny-goodell reviewed Jul 17, 2023
View reviewed changes
internal/app/service_test.go
Comment on lines +121 to +122
_ = sdk.AddCustomRoute("/test", interfaces.Unauthenticated, func(http.ResponseWriter, *http.Request) {}, http.MethodGet)
_ = router.Walk(func(route *mux.Route, router *mux.Router, ancestors []*mux.Route) error {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tests should always use verify no errors rather than ignore them.

err := ...
require.NoError(t, err)

internal/app/service_test.go
Comment on lines +142 to +143
_ = sdk.AddCustomRoute("/test", interfaces.Authenticated, func(http.ResponseWriter, *http.Request) {}, http.MethodGet)
_ = router.Walk(func(route *mux.Route, router *mux.Router, ancestors []*mux.Route) error {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same error check

pkg/interfaces/service.go
// ApplicationService defines the interface for an edgex Application Service
type ApplicationService interface {
// AppContext returns the application service context used to detect cancelled context when the service is terminating.
// Used by custom app service to appropriately exit any long-running functions.
AppContext() context.Context
// AddRoute a custom REST route to the application service's internal webserver
// AddRoute adds a custom REST route to the application service's internal webserver
// A reference to this ApplicationService is add the the context that is passed to the handler, which
// can be retrieved using the `AppService` key
AddRoute(route string, handler func(http.ResponseWriter, *http.Request), methods ...string) error
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Need to make this a Deprecated

@lenny-goodell
Copy link
Member

lenny-goodell commented Jul 19, 2023
edited
Loading

@bnevis-i Need a PR do document this new API

@bnevis-i bnevis-i mentioned this pull request Jul 19, 2023
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lenny-goodell lenny-goodell lenny-goodell left review comments

@jim-wang-intel jim-wang-intel jim-wang-intel approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Secure All HTTP routes when running in Secure Mode
4 participants
@bnevis-i @codecov-commenter @lenny-goodell @jim-wang-intel