From de3296ee35abfd64a2546d0366bb18982e8e48ed Mon Sep 17 00:00:00 2001 From: agelostsal Date: Mon, 13 Jul 2020 12:30:15 +0300 Subject: [PATCH 1/4] Fix for test stability --- authmethods/authmethods_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/authmethods/authmethods_test.go b/authmethods/authmethods_test.go index e4f22b2..933ba30 100644 --- a/authmethods/authmethods_test.go +++ b/authmethods/authmethods_test.go @@ -7,7 +7,6 @@ import ( "github.com/stretchr/testify/suite" "io" "io/ioutil" - "reflect" "testing" ) @@ -149,7 +148,8 @@ func (suite *AuthMethodsTestSuite) TestAuthMethodFIndAll() { mockstore.AuthMethods = []stores.QAuthMethod{} aMList2, err2 := AuthMethodFindAll(mockstore) - suite.True(reflect.DeepEqual(expAmList, aMList)) + suite.Equal(am1, aMList.AuthMethods[0]) + suite.Equal(am2, aMList.AuthMethods[1]) suite.Equal(0, len(aMList2.AuthMethods)) suite.Nil(err1) From a39e1449e933d2d828c21427952d27952089032d Mon Sep 17 00:00:00 2001 From: agelostsal Date: Mon, 5 Oct 2020 17:54:48 +0300 Subject: [PATCH 2/4] ARGO-2557 Make syslog logging configurable for AuthN --- README.md | 7 +++---- conf/argo-api-authn-config.template | 3 ++- config.json | 3 ++- config/config.go | 10 ++++++++++ config/config_test.go | 1 + config/configuration-test-files/test-conf.json | 3 ++- main.go | 6 ------ 7 files changed, 20 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 2b21ba2..6b5b3f3 100644 --- a/README.md +++ b/README.md @@ -32,10 +32,8 @@ Before you start, you need to issue a valid certificate. 4. Get dependencies(If you plan on contributing to the project else skip this step): - Argo-api-authN uses the dep tool for dependency handling. + Argo-api-authN uses the go modules tool for dependency handling. - - Install the dep tool. You can find instructions depending on your platform at [Dep](https://github.com/golang/dep). - 5. To build the service use the following command: `go build` @@ -83,7 +81,8 @@ Before you start, you need to issue a valid certificate. "service_types_retrieval_fields": { "ams": "token", "web-api": "api_key" - } + }, + "syslog_enabled": true } ``` diff --git a/conf/argo-api-authn-config.template b/conf/argo-api-authn-config.template index 440a95f..bfe5f94 100644 --- a/conf/argo-api-authn-config.template +++ b/conf/argo-api-authn-config.template @@ -13,5 +13,6 @@ "trust_unknown_cas": true, "verify_certificate": false, "service_types_paths": {"ams": "/v1/users:byUUID/{{identifier}}?key={{access_key}}"}, - "service_types_retrieval_fields": {"ams": "token"} + "service_types_retrieval_fields": {"ams": "token"}, + "syslog_enabled": false } diff --git a/config.json b/config.json index ee7c707..df4bfd8 100644 --- a/config.json +++ b/config.json @@ -19,5 +19,6 @@ "service_types_retrieval_fields": { "ams": "token", "web-api": "api_key" - } + }, + "syslog_enabled" : false } diff --git a/config/config.go b/config/config.go index 1d19e65..c4ee321 100644 --- a/config/config.go +++ b/config/config.go @@ -6,7 +6,9 @@ import ( "errors" "github.com/ARGOeu/argo-api-authn/utils" LOGGER "github.com/sirupsen/logrus" + lSyslog "github.com/sirupsen/logrus/hooks/syslog" "io/ioutil" + "log/syslog" "reflect" ) @@ -26,6 +28,7 @@ type Config struct { VerifyCertificate bool `json:"verify_certificate"` ServiceTypesPaths map[string]string `json:"service_types_paths" required:"true"` ServiceTypesRetrievalFields map[string]string `json:"service_types_retrieval_fields" required:"true"` + SyslogEnabled bool `json:"syslog_enabled"` } // ConfigSetUp unmarshals a json file specified by the input parameter into the config object @@ -42,6 +45,13 @@ func (cfg *Config) ConfigSetUp(path string) error { return errors.New("Something went wrong while marshaling the json data. Error: " + err.Error()) } + if cfg.SyslogEnabled { + hook, err := lSyslog.NewSyslogHook("", "", syslog.LOG_INFO, "") + if err == nil { + LOGGER.AddHook(hook) + } + } + if err = utils.ValidateRequired(*cfg); err != nil { return utils.StructGenericEmptyRequiredField("config", err.Error()) } diff --git a/config/config_test.go b/config/config_test.go index f402cae..8f4c84e 100644 --- a/config/config_test.go +++ b/config/config_test.go @@ -42,6 +42,7 @@ func (suite *ConfigTestSuite) TestConfigSetUp() { "ams": "token", "web-api": "api_key", }, + SyslogEnabled: true, } //tests the case of a malformed json diff --git a/config/configuration-test-files/test-conf.json b/config/configuration-test-files/test-conf.json index 61c2d4a..c48ae5c 100644 --- a/config/configuration-test-files/test-conf.json +++ b/config/configuration-test-files/test-conf.json @@ -19,5 +19,6 @@ "service_types_retrieval_fields": { "ams": "token", "web-api": "api_key" - } + }, + "syslog_enabled": true } diff --git a/main.go b/main.go index b8337d7..22b2bd0 100644 --- a/main.go +++ b/main.go @@ -16,16 +16,10 @@ import ( "github.com/ARGOeu/argo-api-authn/routing" "github.com/ARGOeu/argo-api-authn/stores" LOGGER "github.com/sirupsen/logrus" - lSyslog "github.com/sirupsen/logrus/hooks/syslog" - "log/syslog" ) func init() { LOGGER.SetFormatter(&LOGGER.TextFormatter{FullTimestamp: true, DisableColors: true}) - hook, err := lSyslog.NewSyslogHook("", "", syslog.LOG_INFO, "") - if err == nil { - LOGGER.AddHook(hook) - } } func main() { From ccf059f42d7d17f6bdc88c754e32fdf163f3df7e Mon Sep 17 00:00:00 2001 From: agelostsal Date: Thu, 8 Oct 2020 17:00:50 +0300 Subject: [PATCH 3/4] Authn FetchCRL nil pointer bug --- auth/revoke.go | 24 ++++++++++++++++-------- auth/revoke_test.go | 10 ++++++++++ 2 files changed, 26 insertions(+), 8 deletions(-) diff --git a/auth/revoke.go b/auth/revoke.go index cb23d09..71f6831 100644 --- a/auth/revoke.go +++ b/auth/revoke.go @@ -3,6 +3,7 @@ package auth import ( "crypto/x509" "crypto/x509/pkix" + "fmt" "github.com/ARGOeu/argo-api-authn/utils" LOGGER "github.com/sirupsen/logrus" "io/ioutil" @@ -17,7 +18,7 @@ func CRLCheckRevokedCert(cert *x509.Certificate) error { var err error var goMaxP, psi, csi int - var crtList *pkix.TBSCertificateList + var crtList pkix.TBSCertificateList var errChan = make(chan error) var doneChan = make(chan bool, 1) @@ -118,30 +119,37 @@ loop: } // FetchCRL fetches the CRL -func FetchCRL(url string) (*pkix.TBSCertificateList, error) { +func FetchCRL(url string) (pkix.TBSCertificateList, error) { var err error - var crtList *pkix.CertificateList var resp *http.Response var crlBytes []byte + var crtList = &pkix.CertificateList{} + // initialize the client and perform a get request to grab the crl - client := &http.Client{Timeout: time.Duration(60 * time.Second)} + client := &http.Client{Timeout: time.Duration(30 * time.Second)} if resp, err = client.Get(url); err != nil { - return &crtList.TBSCertList, err + LOGGER.Error(fmt.Errorf("Request to CRL: %v produced the following error, %v", url, err.Error())) + err := fmt.Errorf("Could not access CRL %v", url) + return pkix.TBSCertificateList{}, err } // read the response if crlBytes, err = ioutil.ReadAll(resp.Body); err != nil { - return &crtList.TBSCertList, err + err := fmt.Errorf("Reading CRL data: %v produced the following error, %v", url, err.Error()) + LOGGER.Error(err) + return pkix.TBSCertificateList{}, err } defer resp.Body.Close() // create the crl from the byte slice if crtList, err = x509.ParseCRL(crlBytes); err != nil { - return &crtList.TBSCertList, err + err := fmt.Errorf("Parsing CRL data: %v produced the following error, %v", url, err.Error()) + LOGGER.Error(err) + return pkix.TBSCertificateList{}, err } - return &crtList.TBSCertList, err + return crtList.TBSCertList, err } diff --git a/auth/revoke_test.go b/auth/revoke_test.go index 93f808a..486211c 100644 --- a/auth/revoke_test.go +++ b/auth/revoke_test.go @@ -3,7 +3,9 @@ package auth import ( "crypto/x509" "encoding/pem" + LOGGER "github.com/sirupsen/logrus" "github.com/stretchr/testify/suite" + "io/ioutil" "testing" ) @@ -124,8 +126,16 @@ func (suite *RevokeTestSuite) TestCRLCheckRevokedCert() { err3 := CRLCheckRevokedCert(crt) suite.Equal("Your certificate is invalid. No CRLDistributionPoints found on the certificate", err3.Error()) + + // test the case of an invalid CRL URL + crt = ParseCert(goodComodoCA) + crt.CRLDistributionPoints = []string{"https://unknown/unknown"} + err4 := CRLCheckRevokedCert(crt) + + suite.Equal("Could not access CRL https://unknown/unknown", err4.Error()) } func TestRevokeTestSuite(t *testing.T) { + LOGGER.SetOutput(ioutil.Discard) suite.Run(t, new(RevokeTestSuite)) } From fba890bd66f36ecda2f1f920a4cd4ff5502439b3 Mon Sep 17 00:00:00 2001 From: agelostsal Date: Wed, 18 Nov 2020 11:09:59 +0200 Subject: [PATCH 4/4] ARGO-2730 Production release for authn 0.1.5 --- argo-api-authn.spec | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/argo-api-authn.spec b/argo-api-authn.spec index 5bc0aae..f410e07 100644 --- a/argo-api-authn.spec +++ b/argo-api-authn.spec @@ -3,7 +3,7 @@ Name: argo-api-authn Summary: ARGO Authentication API. Map X509, OICD to token. -Version: 0.1.4 +Version: 0.1.5 Release: 1%{?dist} License: ASL 2.0 Buildroot: %{_tmppath}/%{name}-buildroot @@ -57,6 +57,8 @@ go clean %attr(0644,root,root) /usr/lib/systemd/system/argo-api-authn.service %changelog +* Wed Nov 18 2020 Agelos Tsalapatis - 0.1.5-1%{?dist} +- Release of argo-api-authn version 0.1.5 * Thu Jun 13 2019 Agelos Tsalapatis - 0.1.4-1%{?dist} - Release of argo-api-authn version 0.1.4 * Thu Jun 13 2019 Agelos Tsalapatis - 0.1.3-1%{?dist}