Start using AuthProvider audiences. (envoyproxy#14)

* Start using AuthProvider audiences. This change consumes the new audiences field that has been added in the AuthProvider message. The change is backward compatible and does the following: 1) Check if audiences is present in AuthProvider 2) If present, use it. Otherwise, use the audiences in AuthRequirement * Address code review comment * More code review comments addressed
rshriram · Dec 13, 2016 · db51059 · db51059
1 parent d1a67c6
commit db51059
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 7 deletions.
diff --git a/WORKSPACE b/WORKSPACE
@@ -149,7 +149,7 @@ bind(
 
 new_git_repository(
     name = "googleapis_git",
-    commit = "6c1d6d4067364a21f8ffefa3401b213d652bf121",
+    commit = "db1d4547dc56a798915e0eb2c795585385922165",
     remote = "https://github.com/googleapis/googleapis.git",
     build_file = "third_party/BUILD.googleapis",
 )

diff --git a/contrib/endpoints/src/api_manager/config.cc b/contrib/endpoints/src/api_manager/config.cc
@@ -258,7 +258,7 @@ bool Config::LoadRpcMethods(ApiManagerEnvInterface *env,
 bool Config::LoadAuthentication(ApiManagerEnvInterface *env) {
   // Parsing auth config.
   const ::google::api::Authentication &auth = service_.authentication();
-  map<string, string> provider_id_issuer_map;
+  map<string, const ::google::api::AuthProvider*> provider_id_provider_map;
   for (const auto &provider : auth.providers()) {
     if (provider.id().empty()) {
       env->LogError("Missing id field in AuthProvider.");
@@ -274,7 +274,7 @@ bool Config::LoadAuthentication(ApiManagerEnvInterface *env) {
     } else {
       SetJwksUri(provider.issuer(), string(), true);
     }
-    provider_id_issuer_map[provider.id()] = provider.issuer();
+    provider_id_provider_map[provider.id()] = &provider;
   }
 
   for (const auto &rule : auth.rules()) {
@@ -296,12 +296,16 @@ bool Config::LoadAuthentication(ApiManagerEnvInterface *env) {
         env->LogError(error.c_str());
         continue;
       }
-      auto issuer = utils::FindOrNull(provider_id_issuer_map, provider_id);
-      if (issuer == nullptr) {
+      auto provider = utils::FindPtrOrNull(provider_id_provider_map,
+                                           provider_id);
+      if (provider == nullptr) {
         std::string error = "Undefined provider_id: " + provider_id;
         env->LogError(error.c_str());
       } else {
-        (*method)->addAudiencesForIssuer(*issuer, requirement.audiences());
+        const std::string &audiences = provider->audiences().empty()
+                              ? requirement.audiences()
+                              : provider->audiences();
+        (*method)->addAudiencesForIssuer(provider->issuer(), audiences);
       }
     }
   }

diff --git a/contrib/endpoints/src/api_manager/config_test.cc b/contrib/endpoints/src/api_manager/config_test.cc
@@ -304,6 +304,7 @@ static const char auth_config[] =
     "    id: \"provider-id1\"\n"
     "    issuer: \"issuer1@gserviceaccount.com\"\n"
     "    jwks_uri: \"https://www.googleapis.com/jwks_uri1\"\n"
+    "    audiences: \"ok_audience1\"\n"
     "  }\n"
     "  providers {\n"
     "    id: \"provider-id2\"\n"
@@ -326,7 +327,6 @@ static const char auth_config[] =
     "    selector: \"Xyz.Method1\"\n"
     "    requirements {\n"
     "      provider_id: \"provider-id1\"\n"
-    "      audiences: \"ok_audience1\"\n"
     "    }\n"
     "  }\n"
     "  rules {\n"