From 478ae74e49f713aed0fa83d6937974c1632a69ac Mon Sep 17 00:00:00 2001 From: Johannes Batzill Date: Tue, 18 Jul 2023 16:45:33 -0700 Subject: [PATCH 1/2] make grants optional for pat/sat create APIs --- .../controller/serviceaccount/create_token.go | 7 ++++--- .../api/controller/user/create_access_token.go | 7 ++++--- internal/token/token.go | 18 +----------------- types/enum/token.go | 3 --- 4 files changed, 9 insertions(+), 26 deletions(-) diff --git a/internal/api/controller/serviceaccount/create_token.go b/internal/api/controller/serviceaccount/create_token.go index 4477397c3..e1c9a79ca 100644 --- a/internal/api/controller/serviceaccount/create_token.go +++ b/internal/api/controller/serviceaccount/create_token.go @@ -17,9 +17,10 @@ import ( ) type CreateTokenInput struct { - UID string `json:"uid"` - Lifetime time.Duration `json:"lifetime"` - Grants enum.AccessGrant `json:"grants"` + UID string `json:"uid"` + Lifetime time.Duration `json:"lifetime"` + // TODO: Added to unblock UI - Depending on product decision remove default value, or remove Grants completely. + Grants enum.AccessGrant `json:"grants" default:"9223372036854775807"` } // CreateToken creates a new service account access token. diff --git a/internal/api/controller/user/create_access_token.go b/internal/api/controller/user/create_access_token.go index 89d9bacd2..9425b84f0 100644 --- a/internal/api/controller/user/create_access_token.go +++ b/internal/api/controller/user/create_access_token.go @@ -17,9 +17,10 @@ import ( ) type CreateTokenInput struct { - UID string `json:"uid"` - Lifetime time.Duration `json:"lifetime"` - Grants enum.AccessGrant `json:"grants"` + UID string `json:"uid"` + Lifetime time.Duration `json:"lifetime"` + // TODO: Added to unblock UI - Depending on product decision remove default value, or remove Grants completely. + Grants enum.AccessGrant `json:"grants" default:"9223372036854775807"` } /* diff --git a/internal/token/token.go b/internal/token/token.go index c70a3420d..401f41a55 100644 --- a/internal/token/token.go +++ b/internal/token/token.go @@ -15,8 +15,7 @@ import ( ) const ( - userTokenLifeTime time.Duration = 24 * time.Hour // 1 day. - oathTokenLifeTime time.Duration = 30 * time.Minute // 30 min. + userTokenLifeTime time.Duration = 24 * time.Hour // 1 day. ) func CreateUserSession(ctx context.Context, tokenStore store.TokenStore, @@ -64,21 +63,6 @@ func CreateSAT(ctx context.Context, tokenStore store.TokenStore, ) } -func CreateOAuth(ctx context.Context, tokenStore store.TokenStore, - createdBy *types.Principal, createdFor *types.User, - name string, grants enum.AccessGrant) (*types.Token, string, error) { - return Create( - ctx, - tokenStore, - enum.TokenTypeOAuth2, - createdBy, - createdFor.ToPrincipal(), - name, - oathTokenLifeTime, - grants, - ) -} - func Create(ctx context.Context, tokenStore store.TokenStore, tokenType enum.TokenType, createdBy *types.Principal, createdFor *types.Principal, uid string, lifetime time.Duration, grants enum.AccessGrant) (*types.Token, string, error) { diff --git a/types/enum/token.go b/types/enum/token.go index ebfa1b177..518d24497 100644 --- a/types/enum/token.go +++ b/types/enum/token.go @@ -16,7 +16,4 @@ const ( // TokenTypeSAT is a service account access token. TokenTypeSAT TokenType = "sat" - - // TokenTypeOAuth2 is the token returned to an oauth client. - TokenTypeOAuth2 TokenType = "oauth2" ) From ac84328a6b710d4d559182b9f4cda1e665ee149d Mon Sep 17 00:00:00 2001 From: Johannes Batzill Date: Tue, 18 Jul 2023 16:54:40 -0700 Subject: [PATCH 2/2] remove default value and allow empty grants --- internal/api/controller/serviceaccount/create_token.go | 10 +++++----- internal/api/controller/user/create_access_token.go | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/internal/api/controller/serviceaccount/create_token.go b/internal/api/controller/serviceaccount/create_token.go index e1c9a79ca..dfa3ebd4c 100644 --- a/internal/api/controller/serviceaccount/create_token.go +++ b/internal/api/controller/serviceaccount/create_token.go @@ -17,10 +17,9 @@ import ( ) type CreateTokenInput struct { - UID string `json:"uid"` - Lifetime time.Duration `json:"lifetime"` - // TODO: Added to unblock UI - Depending on product decision remove default value, or remove Grants completely. - Grants enum.AccessGrant `json:"grants" default:"9223372036854775807"` + UID string `json:"uid"` + Lifetime time.Duration `json:"lifetime"` + Grants enum.AccessGrant `json:"grants"` } // CreateToken creates a new service account access token. @@ -37,7 +36,8 @@ func (c *Controller) CreateToken(ctx context.Context, session *auth.Session, if err = check.TokenLifetime(in.Lifetime); err != nil { return nil, err } - if err = check.AccessGrant(in.Grants, false); err != nil { + // TODO: Added to unblock UI - Depending on product decision enforce grants, or remove Grants completely. + if err = check.AccessGrant(in.Grants, true); err != nil { return nil, err } diff --git a/internal/api/controller/user/create_access_token.go b/internal/api/controller/user/create_access_token.go index 9425b84f0..2d69762b3 100644 --- a/internal/api/controller/user/create_access_token.go +++ b/internal/api/controller/user/create_access_token.go @@ -17,10 +17,9 @@ import ( ) type CreateTokenInput struct { - UID string `json:"uid"` - Lifetime time.Duration `json:"lifetime"` - // TODO: Added to unblock UI - Depending on product decision remove default value, or remove Grants completely. - Grants enum.AccessGrant `json:"grants" default:"9223372036854775807"` + UID string `json:"uid"` + Lifetime time.Duration `json:"lifetime"` + Grants enum.AccessGrant `json:"grants"` } /* @@ -44,7 +43,8 @@ func (c *Controller) CreateAccessToken(ctx context.Context, session *auth.Sessio if err = check.TokenLifetime(in.Lifetime); err != nil { return nil, err } - if err = check.AccessGrant(in.Grants, false); err != nil { + // TODO: Added to unblock UI - Depending on product decision enforce grants, or remove Grants completely. + if err = check.AccessGrant(in.Grants, true); err != nil { return nil, err }