Merge pull request #309 from Kuadrant/raw-http-authz-attrs

HTTP request attributes passed in the call for the raw HTTP authorization check

Author: guicassolato

pkg/service/auth.go

@@ -91,11 +91,6 @@ func (a *AuthService) ServeHTTP(resp http.ResponseWriter, req *http.Request) {
 		return
 	}
 
-	if req.Header.Get("Content-Type") != "application/json" {
-		closeWithStatus(envoy_type.StatusCode_BadRequest, resp, ctx, nil)
-		return
-	}
-
 	var payload []byte
 	var err error
 
@@ -110,13 +105,25 @@ func (a *AuthService) ServeHTTP(resp http.ResponseWriter, req *http.Request) {
 	}
 
 	metrics.ReportTimedMetric(httpServerDuration, func() {
+		headers := make(map[string]string)
+		for key, values := range req.Header {
+			headers[strings.ToLower(key)] = strings.Join(values, " ")
+		}
+
 		checkRequest := &envoy_auth.CheckRequest{
 			Attributes: &envoy_auth.AttributeContext{
 				Request: &envoy_auth.AttributeContext_Request{
 					Http: &envoy_auth.AttributeContext_HttpRequest{
-						Id:   requestId,
-						Host: req.Host,
-						Body: string(payload),
+						Id:       requestId,
+						Method:   req.Method,
+						Headers:  headers,
+						Path:     path,
+						Host:     req.Host,
+						Scheme:   req.URL.Scheme,
+						Query:    req.URL.Query().Encode(),
+						Fragment: req.URL.Fragment,
+						Protocol: req.Proto,
+						Body:     string(payload),
 					},
 				},
 			},

pkg/service/auth_test.go

@@ -17,6 +17,8 @@ import (
 	"github.com/kuadrant/authorino/pkg/evaluators"
 	"github.com/kuadrant/authorino/pkg/evaluators/authorization"
 	"github.com/kuadrant/authorino/pkg/evaluators/identity"
+	"github.com/kuadrant/authorino/pkg/evaluators/response"
+	"github.com/kuadrant/authorino/pkg/json"
 
 	envoy_core "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
 	envoy_auth "github.com/envoyproxy/go-control-plane/envoy/service/auth/v3"
@@ -200,18 +202,6 @@ func TestAuthServiceRawHTTPAuthorization_WithQueryString(t *testing.T) {
 	assert.Equal(t, response.Code, 200)
 }
 
-func TestAuthServiceRawHTTPAuthorization_UnsupportedContentType(t *testing.T) {
-	mockController := gomock.NewController(t)
-	defer mockController.Finish()
-	cacheMock := mock_cache.NewMockCache(mockController)
-	authService := &AuthService{Cache: cacheMock}
-	request, _ := http.NewRequest("POST", "http://myapp.io/check", bytes.NewReader([]byte(`{}`)))
-	request.Header = map[string][]string{"Content-Type": {"text/plain"}}
-	response := gohttptest.NewRecorder()
-	authService.ServeHTTP(response, request)
-	assert.Equal(t, response.Code, 400)
-}
-
 type notReadable struct{}
 
 func (n *notReadable) Read(_ []byte) (int, error) {
@@ -230,6 +220,30 @@ func TestAuthServiceRawHTTPAuthorization_UnreadableBody(t *testing.T) {
 	assert.Equal(t, response.Code, 400)
 }
 
+func TestAuthServiceRawHTTPAuthorization_WithHeaders(t *testing.T) {
+	mockController := gomock.NewController(t)
+	defer mockController.Finish()
+
+	authConfig := mockAnonymousAccessAuthConfig()
+	authConfig.ResponseConfigs = []auth.AuthConfigEvaluator{&evaluators.ResponseConfig{
+		Name:       "x-auth-data",
+		Wrapper:    "httpHeader",
+		WrapperKey: "x-auth-data",
+		DynamicJSON: &response.DynamicJSON{
+			Properties: []json.JSONProperty{{Name: "headers", Value: json.JSONValue{Pattern: "context.request.http.headers"}}},
+		},
+	}}
+	cacheMock := mock_cache.NewMockCache(mockController)
+	cacheMock.EXPECT().Get("myapp.io").Return(authConfig)
+	authService := &AuthService{Cache: cacheMock}
+	request, _ := http.NewRequest("POST", "http://myapp.io/check", bytes.NewReader([]byte(`{}`)))
+	request.Header = map[string][]string{"Content-Type": {"application/json"}, "Authorization": {"Bearer secret"}}
+	response := gohttptest.NewRecorder()
+	authService.ServeHTTP(response, request)
+	assert.Equal(t, response.Code, 200)
+	assert.Equal(t, response.Header().Get("X-Auth-Data"), `{"headers":{"authorization":"Bearer secret","content-type":"application/json"}}`)
+}
+
 func TestAuthServiceRawHTTPAuthorization_K8sAdmissionReviewAuthorized(t *testing.T) {
 	mockController := gomock.NewController(t)
 	defer mockController.Finish()