Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OIDC: Encapsulate static/dynamic tenants maps in TenantConfigBean #43007

Closed
wants to merge 1 commit into from
Closed

OIDC: Encapsulate static/dynamic tenants maps in TenantConfigBean #43007

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
56 changes: 29 additions & 27 deletions ...sions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/DefaultTenantConfigResolver.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,17 +119,18 @@ public OidcTenantConfig apply(OidcTenantConfig tenantConfig) {
final String tenantId = context.get(OidcUtils.TENANT_ID_ATTRIBUTE);

if (tenantId != null && !isTenantSetByAnnotation(context, tenantId)) {
TenantConfigContext tenantContext = tenantConfigBean.getDynamicTenantsConfig().get(tenantId);
// WARN: The order (check dynamic before static) is important!
var tenantContext = tenantConfigBean.getDynamicTenant(tenantId);
if (tenantContext != null) {
// Dynamic map may contain the static contexts initialized on demand,
if (tenantConfigBean.getStaticTenantsConfig().containsKey(tenantId)) {
if (tenantConfigBean.getStaticTenant(tenantId) != null) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please remove the comment above since it is no longer relevant

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#43110 removes it (the comment's still valid for this PR)

context.put(CURRENT_STATIC_TENANT_ID, tenantId);
}
return tenantContext.getOidcTenantConfig();
}
}

TenantConfigContext tenant = getStaticTenantContext(context);
var tenant = getStaticTenantContext(context);
if (tenant != null) {
tenantConfig = tenant.oidcConfig;
}
Expand All @@ -156,12 +157,11 @@ private Uni<TenantConfigContext> initializeStaticTenantIfContextNotReady(TenantC
if (tenantContext != null && !tenantContext.ready) {

// check if the connection has already been created
TenantConfigContext readyTenantContext = tenantConfigBean.getDynamicTenantsConfig()
.get(tenantContext.oidcConfig.tenantId.get());
var readyTenantContext = tenantConfigBean.getDynamicTenant(tenantContext.oidcConfig.tenantId.get());
if (readyTenantContext == null) {
LOG.debugf("Tenant '%s' is not initialized yet, trying to create OIDC connection now",
tenantContext.oidcConfig.tenantId.get());
return tenantConfigBean.getTenantConfigContextFactory().apply(tenantContext.oidcConfig);
return tenantConfigBean.createTenantContext(tenantContext.oidcConfig, false);
} else {
tenantContext = readyTenantContext;
}
Expand Down Expand Up @@ -206,7 +206,7 @@ private boolean isTenantSetByAnnotation(RoutingContext context, String tenantId)
}

private TenantConfigContext getStaticTenantContext(String tenantId) {
TenantConfigContext configContext = tenantId != null ? tenantConfigBean.getStaticTenantsConfig().get(tenantId) : null;
TenantConfigContext configContext = tenantId != null ? tenantConfigBean.getStaticTenant(tenantId) : null;
if (configContext == null) {
if (tenantId != null && !tenantId.isEmpty()) {
LOG.debugf(
Expand Down Expand Up @@ -255,7 +255,12 @@ private Uni<OidcTenantConfig> getDynamicTenantConfig(RoutingContext context) {
//shouldn't happen, but guard against it anyway
oidcConfig = Uni.createFrom().nullItem();
} else {
oidcConfig = oidcConfig.onItem().transform(cfg -> OidcUtils.resolveProviderConfig(cfg));
oidcConfig = oidcConfig.onItem().transform(new Function<OidcTenantConfig, OidcTenantConfig>() {
@Override
public OidcTenantConfig apply(OidcTenantConfig cfg) {
return OidcUtils.resolveProviderConfig(cfg);
}
});
}
context.put(CURRENT_DYNAMIC_TENANT_CONFIG, oidcConfig);
}
Expand All @@ -270,18 +275,18 @@ private Uni<TenantConfigContext> getDynamicTenantContext(RoutingContext context)
@Override
public Uni<? extends TenantConfigContext> apply(OidcTenantConfig tenantConfig) {
if (tenantConfig != null) {
String tenantId = tenantConfig.getTenantId()
var tenantId = tenantConfig.getTenantId()
.orElseThrow(() -> new OIDCException("Tenant configuration must have tenant id"));
TenantConfigContext tenantContext = tenantConfigBean.getDynamicTenantsConfig().get(tenantId);
var tenantContext = tenantConfigBean.getDynamicTenant(tenantId);
if (tenantContext == null) {
return tenantConfigBean.getTenantConfigContextFactory().apply(tenantConfig);
return tenantConfigBean.createTenantContext(tenantConfig, true);
} else {
return Uni.createFrom().item(tenantContext);
}
} else {
final String tenantId = context.get(OidcUtils.TENANT_ID_ATTRIBUTE);
String tenantId = context.get(OidcUtils.TENANT_ID_ATTRIBUTE);
if (tenantId != null && !isTenantSetByAnnotation(context, tenantId)) {
TenantConfigContext tenantContext = tenantConfigBean.getDynamicTenantsConfig().get(tenantId);
var tenantContext = tenantConfigBean.getDynamicTenant(tenantId);
if (tenantContext != null) {
return Uni.createFrom().item(tenantContext);
}
Expand Down Expand Up @@ -324,21 +329,22 @@ private static TenantResolver[] prepareStaticTenantResolvers(TenantConfigBean te
}

// 2. path-matching tenant resolver
var pathMatchingTenantResolver = PathMatchingTenantResolver.of(tenantConfigBean.getStaticTenantsConfig(), rootPath,
var staticTenants = tenantConfigBean.getStaticTenantsConfig();
var pathMatchingTenantResolver = PathMatchingTenantResolver.of(staticTenants, rootPath,
tenantConfigBean.getDefaultTenant());
if (pathMatchingTenantResolver != null) {
staticTenantResolvers.add(pathMatchingTenantResolver);
}

// 3. default static tenant resolver
if (!tenantConfigBean.getStaticTenantsConfig().isEmpty()) {
if (!staticTenants.isEmpty()) {
staticTenantResolvers.add(defaultStaticTenantResolver);
}

// 4. issuer-based tenant resolver
if (resolveTenantsWithIssuer) {
IssuerBasedTenantResolver.addIssuerBasedTenantResolver(staticTenantResolvers,
tenantConfigBean.getStaticTenantsConfig(), tenantConfigBean.getDefaultTenant());
staticTenants, tenantConfigBean.getDefaultTenant());
}

return staticTenantResolvers.toArray(new TenantResolver[0]);
Expand All @@ -351,7 +357,7 @@ public String resolve(RoutingContext context) {
String[] pathSegments = context.request().path().split("/");
if (pathSegments.length > 0) {
String lastPathSegment = pathSegments[pathSegments.length - 1];
if (tenantConfigBean.getStaticTenantsConfig().containsKey(lastPathSegment)) {
if (tenantConfigBean.getStaticTenant(lastPathSegment) != null) {
LOG.debugf(
"Tenant id '%s' is selected on the '%s' request path", lastPathSegment, context.normalizedPath());
return lastPathSegment;
Expand Down Expand Up @@ -390,14 +396,13 @@ public String resolve(RoutingContext context) {
return null;
}

private static ImmutablePathMatcher.ImmutablePathMatcherBuilder<String> addPath(String tenant, OidcTenantConfig config,
private static void addPath(String tenant, OidcTenantConfig config,
ImmutablePathMatcher.ImmutablePathMatcherBuilder<String> builder) {
if (config != null && config.tenantPaths.isPresent()) {
for (String path : config.tenantPaths.get()) {
builder.addPath(path, tenant);
}
}
return builder;
}
}

Expand All @@ -406,14 +411,11 @@ public OidcTenantConfig getResolvedConfig(String sessionTenantId) {
return tenantConfigBean.getDefaultTenant().getOidcTenantConfig();
}

if (tenantConfigBean.getStaticTenantsConfig().containsKey(sessionTenantId)) {
return tenantConfigBean.getStaticTenantsConfig().get(sessionTenantId).getOidcTenantConfig();
}

if (tenantConfigBean.getDynamicTenantsConfig().containsKey(sessionTenantId)) {
return tenantConfigBean.getDynamicTenantsConfig().get(sessionTenantId).getOidcTenantConfig();
var tenant = tenantConfigBean.getStaticTenant(sessionTenantId);
if (tenant == null) {
tenant = tenantConfigBean.getDynamicTenant(sessionTenantId);
}
return null;
return tenant != null ? tenant.getOidcTenantConfig() : null;
}

public String getRootPath() {
Expand Down Expand Up @@ -449,7 +451,7 @@ public String resolve(RoutingContext context) {
if (tenantContext.getOidcMetadata().getIssuer().equals(iss)) {
OidcUtils.storeExtractedBearerToken(context, token);

final String tenantId = tenantContext.oidcConfig.tenantId.get();
final String tenantId = tenantContext.oidcConfig.tenantId.orElseThrow();
LOG.debugf("Resolved the '%s' OIDC tenant based on the matching issuer '%s'", tenantId, iss);
return tenantId;
}
Expand Down
Loading