New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Accessor paths for lookup and revocation of tokens #1188
Merged
Merged
Changes from all commits
Commits
Show all changes
20 commits
Select commit
Hold shift + click to select a range
38a5d75
Introduced AccessorID in TokenEntry and returning it along with token
vishalnayak a713720
Create indexing from Accessor ID to Token ID
vishalnayak 4ed3a85
Clear the accessor index during revocation
vishalnayak c7033b1
placeholders for revoke-accessor and lookup-accessor
vishalnayak bb927e3
Implemented lookup-accessor as a token_store endpoint
vishalnayak 5dcc6f0
Implemented /auth/token/revoke-accessor in token_store
vishalnayak 048f3b2
Lay the foundation for returning proper HTTP status codes
vishalnayak 9da2929
Implemented /sys/capabilities-accessor and a way for setting HTTP err…
vishalnayak edfba16
ErrUserInput --> StatusBadRequest
vishalnayak 7b99652
Error text corrections and minor refactoring
vishalnayak 2a35de8
AccessorID --> Accessor, accessor_id --> accessor
vishalnayak c7c9e0b
New prefix for accessor indexes
vishalnayak 928d872
Add docs for new token endpoints
vishalnayak 16c4b52
Added docs for /sys/capabilities-accessor
vishalnayak a546823
Added tests for 'sys/capabilities-accessor' endpoint
vishalnayak 76900d6
Added tests for lookup-accessor and revoke-accessor endpoints
vishalnayak da9ad9c
Provide accessor to revove-accessor in the URL itself
vishalnayak d1d37d5
fix all the broken tests
vishalnayak 64bc542
Restore old regex expressions for token endpoints
vishalnayak b8bd534
In-URL accessor for auth/token/lookup-accessor endpoint
vishalnayak File filter
Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What happens if you have multiple types of errors generated? Which one trumps the other?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Only the latest error type will be considered. In order for this to work as expected, we should follow a practice, i.e. when
err != nil
, we should always doreturn err
instead ofreturn fmt.Errorf("err:%s",err)
. This way, the error type once set, will retain it's type all the way back into this method.Since we were only generating internal error till date, I guess it should be fine if we start this practice now. This might not affect any of the existing use-cases.
The status code is not being set anywhere after any call crosses core, except
logical.HTTPStatusCode
which is a different code flow.In case of multiple errors using multierror, the default case will be
StatusInternalServerError
. It makes sense as well. There will be more than one error and we'll not know which status to set (unless there are predefined priorities to status codes, are there?).Also, since multierror implements error interface, user will get to see the all the errors in a formatted manner, and hopefully not complain for the proper status code.