Merge pull request #1693 from birtony/claims-config

feat: loading claims from config file in login consent server
trustbloc · Jun 30, 2023 · f0d5388 · f0d5388
2 parents 02096df + ab3e0d3
commit f0d5388
Show file tree

Hide file tree

Showing 9 changed files with 204 additions and 53 deletions.
diff --git a/cmd/login-consent-server/main.go b/cmd/login-consent-server/main.go
diff --git a/cmd/login-consent-server/main_test.go b/cmd/login-consent-server/main_test.go
@@ -518,18 +518,87 @@ func TestConsentServer_ClaimData(t *testing.T) {
 
 	tests := []struct {
 		name           string
+		env            map[string]string
+		profile        string
+		claims         string
 		method         string
 		responseStatus int
+		err            string
 	}{
 		{
-			name:           "/claim-data Method not allowed",
+			name: "/claim-data Method not allowed",
+			env: map[string]string{
+				claimsConfigFilePathEnvKey: "claims-config.json",
+			},
+			profile:        "bank_issuer",
+			claims:         "{\"bank_issuer\": {}}",
 			method:         http.MethodGet,
 			responseStatus: http.StatusMethodNotAllowed,
+			err:            "",
+		},
+		{
+			name:           "/claim-data claims config file path env key is empty",
+			env:            map[string]string{},
+			profile:        "",
+			claims:         "",
+			method:         http.MethodPost,
+			responseStatus: http.StatusInternalServerError,
+			err:            "value is empty",
 		},
 		{
-			name:           "/claim-data POST SUCCESS",
+			name: "/claim-data claims config file is missing",
+			env: map[string]string{
+				claimsConfigFilePathEnvKey: "",
+			},
+			profile:        "",
+			claims:         "",
+			method:         http.MethodPost,
+			responseStatus: http.StatusInternalServerError,
+			err:            "error opening claims config file",
+		},
+		{
+			name: "/claim-data POST SUCCESS",
+			env: map[string]string{
+				claimsConfigFilePathEnvKey: "claims-config.json",
+			},
+			profile:        "bank_issuer",
+			claims:         "{\"bank_issuer\": {}}",
 			method:         http.MethodPost,
 			responseStatus: http.StatusOK,
+			err:            "",
+		},
+		{
+			name: "/claim-data POST missing corresponding claims",
+			env: map[string]string{
+				claimsConfigFilePathEnvKey: "claims-config.json",
+			},
+			profile:        "bank_issuer",
+			claims:         "{\"pr_card_issuer_jwtsd\": {}}",
+			method:         http.MethodPost,
+			responseStatus: http.StatusInternalServerError,
+			err:            "claims for profile bank_issuer are missing",
+		},
+		{
+			name: "/claim-data POST fails to decode claims",
+			env: map[string]string{
+				claimsConfigFilePathEnvKey: "claims-config.json",
+			},
+			profile:        "bank_issuer",
+			claims:         "{some non valid json}}",
+			method:         http.MethodPost,
+			responseStatus: http.StatusInternalServerError,
+			err:            "failed to decode claims",
+		},
+		{
+			name: "/claim-data POST SUCCESS (pr_card_issuer_jwtsd)",
+			env: map[string]string{
+				claimsConfigFilePathEnvKey: "claims-config.json",
+			},
+			profile:        "pr_card_issuer_jwtsd",
+			claims:         "{\"pr_card_issuer_jwtsd\": {}}",
+			method:         http.MethodPost,
+			responseStatus: http.StatusOK,
+			err:            "",
 		},
 	}
 
@@ -538,18 +607,46 @@ func TestConsentServer_ClaimData(t *testing.T) {
 	for _, test := range tests {
 		tc := test
 		t.Run(tc.name, func(t *testing.T) {
+			for k, v := range tc.env {
+				require.NoError(t, os.Setenv(k, v))
+			}
+
+			if len(tc.env[claimsConfigFilePathEnvKey]) > 0 {
+				_, err := os.Create(tc.env[claimsConfigFilePathEnvKey])
+				require.NoError(t, err)
+
+				if len(tc.profile) > 0 {
+					err := os.WriteFile(tc.env[claimsConfigFilePathEnvKey],
+						[]byte(tc.claims), 0o600)
+					require.NoError(t, err)
+				}
+			}
+
 			server, err := newConsentServer(testServer.URL, false, []string{})
 			require.NotNil(t, server)
 			require.NoError(t, err)
 
-			req, err := http.NewRequest(tc.method, "/claim-data", http.NoBody)
+			req, err := http.NewRequest(tc.method,
+				fmt.Sprintf("/claim-data?profile_id=%s", tc.profile), http.NoBody)
 			require.NoError(t, err)
 
 			res := httptest.NewRecorder()
 
 			server.claimData(res, req)
 
+			if tc.err != "" {
+				require.Contains(t, res.Body.String(), tc.err)
+			}
 			require.Equal(t, tc.responseStatus, res.Code, res.Body.String())
+
+			for k := range tc.env {
+				require.NoError(t, os.Unsetenv(k))
+			}
+
+			if len(tc.env[claimsConfigFilePathEnvKey]) > 0 {
+				err = os.Remove(tc.env[claimsConfigFilePathEnvKey])
+				require.NoError(t, err)
+			}
 		})
 	}
 }

diff --git a/k8s/login-consent/kustomize/login-consent/base/claims-config.json b/k8s/login-consent/kustomize/login-consent/base/claims-config.json
@@ -0,0 +1 @@
+{}
diff --git a/k8s/login-consent/kustomize/login-consent/base/kustomization.yaml b/k8s/login-consent/kustomize/login-consent/base/kustomization.yaml
@@ -1,5 +1,6 @@
 #
 # Copyright SecureKey Technologies Inc. All Rights Reserved.
+# Copyright Gen Digital Inc. All Rights Reserved.
 #
 # SPDX-License-Identifier: Apache-2.0
 #
@@ -18,6 +19,9 @@ configMapGenerator:
 - envs:
   - login-consent.env
   name: login-consent-env
+- files:
+  - claims-config.json
+  name: login-consent-claims-config
 
 resources:
 - login-consent.yml

diff --git a/k8s/login-consent/kustomize/login-consent/base/login-consent.env b/k8s/login-consent/kustomize/login-consent/base/login-consent.env
@@ -1,8 +1,10 @@
 # 
 # Copyright SecureKey Technologies Inc. All Rights Reserved. 
-# 
+# Copyright Gen Digital Inc. All Rights Reserved.
+#
 # SPDX-License-Identifier: Apache-2.0 
 # 
 
 SERVE_PORT=8081
 ADMIN_URL=http://
+CLAIMS_CONFIG_FILE_PATH=
diff --git a/k8s/login-consent/kustomize/login-consent/base/login-consent.yml b/k8s/login-consent/kustomize/login-consent/base/login-consent.yml
@@ -1,5 +1,6 @@
 #
 # Copyright SecureKey Technologies Inc. All Rights Reserved.
+# Copyright Gen Digital Inc. All Rights Reserved.
 #
 # SPDX-License-Identifier: Apache-2.0
 #
@@ -19,6 +20,10 @@ spec:
       labels:
         app: login-consent
     spec:
+      volumes:
+        - name: config
+          configMap:
+            name: login-consent-claims-config
       containers:
       - name: login-consent
         envFrom:
@@ -30,6 +35,9 @@ spec:
           - containerPort: 8081
             protocol: TCP
             name: http-port
+        volumeMounts:
+          - name: config
+            mountPath: /etc/login-consent/config
 ---
 apiVersion: v1
 kind: Service

diff --git a/k8s/login-consent/kustomize/login-consent/overlays/common/claims-config.json b/k8s/login-consent/kustomize/login-consent/overlays/common/claims-config.json
diff --git a/k8s/login-consent/kustomize/login-consent/overlays/common/kustomization.yaml b/k8s/login-consent/kustomize/login-consent/overlays/common/kustomization.yaml
@@ -1,5 +1,6 @@
 #
 # Copyright SecureKey Technologies Inc. All Rights Reserved.
+# Copyright Gen Digital Inc. All Rights Reserved.
 #
 # SPDX-License-Identifier: Apache-2.0
 #
@@ -36,7 +37,10 @@ configMapGenerator:
   envs:
   - login-consent/login-consent.env
   name: login-consent-env
-
+- behavior: replace
+  files:
+  - claims-config.json
+  name: login-consent-claims-config
 
 resources:
 - ../../base

diff --git a/k8s/login-consent/kustomize/login-consent/overlays/common/login-consent/login-consent.env b/k8s/login-consent/kustomize/login-consent/overlays/common/login-consent/login-consent.env
@@ -1,8 +1,10 @@
 #
 # Copyright SecureKey Technologies Inc. All Rights Reserved.
+# Copyright Gen Digital Inc. All Rights Reserved.
 #
 # SPDX-License-Identifier: Apache-2.0
 #
 
 ADMIN_URL=https://hydra-admin.||DOMAIN||
 TLS_SYSTEMCERTPOOL=true
+CLAIMS_CONFIG_FILE_PATH=/etc/login-consent/config/claims-config.json