Merge pull request #170 from whdalsrnt/master

feat: apply internal authentication

src/spaceone/identity/service/app_service.py

@@ -262,7 +262,7 @@ def get(self, params: AppGetRequest) -> Union[AppResponse, dict]:
         )
         return AppResponse(**app_vo.to_dict())
 
-    @transaction(exclude=["authentication", "authorization", "mutation"])
+    @transaction(role_types=["INTERNAL"])
     @convert_model
     def check(self, params: AppCheckRequest) -> Union[CheckAppResponse, dict]:
         """Get API Key

src/spaceone/identity/service/domain_service.py

@@ -4,6 +4,7 @@
 from spaceone.core.service import *
 from spaceone.core.service.utils import *
 from spaceone.core import utils
+from spaceone.core.auth.jwt import JWTAuthenticator
 
 from spaceone.identity.manager.external_auth_manager import ExternalAuthManager
 from spaceone.identity.manager.domain_manager import DomainManager
@@ -212,6 +213,13 @@ def get_public_key(
             DomainSecretResponse:
         """
 
+        # Check System Token
+        token = self.transaction.get_meta("token")
+        root_domain_id = SystemManager.get_root_domain_id()
+        root_pub_jwk = self.domain_secret_mgr.get_domain_public_key(root_domain_id)
+        JWTAuthenticator(root_pub_jwk).validate(token)
+
+        # Get Public Key from Domain
         pub_jwk = self.domain_secret_mgr.get_domain_public_key(params.domain_id)
         return DomainSecretResponse(
             public_key=utils.dump_json(pub_jwk), domain_id=params.domain_id

src/spaceone/identity/service/system_service.py

@@ -3,6 +3,7 @@
 
 from spaceone.core.service import *
 from spaceone.core.service.utils import *
+from spaceone.core.auth.jwt import JWTAuthenticator
 
 from spaceone.identity.manager.domain_manager import DomainManager
 from spaceone.identity.manager.domain_secret_manager import DomainSecretManager
@@ -18,9 +19,6 @@
 _LOGGER = logging.getLogger(__name__)
 
 
-@authentication_handler
-@authorization_handler
-@mutation_handler
 @event_handler
 class SystemService(BaseService):
     resource = "System"
@@ -32,7 +30,7 @@ def __init__(self, *args, **kwargs):
         self.user_mgr = UserManager()
         self.role_manager = RoleManager()
 
-    @transaction(exclude=["authentication", "authorization", "mutation"])
+    @transaction()
     @convert_model
     def init(self, params: SystemInitRequest) -> Union[SystemResponse, dict]:
         """Init System
@@ -56,12 +54,18 @@ def init(self, params: SystemInitRequest) -> Union[SystemResponse, dict]:
                 {"domain_id": root_domain_id, "name": "root"}
             )
 
+            self.domain_secret_mgr.delete_domain_secret(root_domain_vo.domain_id)
             self.domain_secret_mgr.create_domain_secret(root_domain_vo)
 
         else:
             if params.force is False:
                 raise ERROR_SYSTEM_ALREADY_INITIALIZED()
 
+            # Check System Token
+            token = self.transaction.get_meta("token")
+            root_pub_jwk = self.domain_secret_mgr.get_domain_public_key(root_domain_id)
+            JWTAuthenticator(root_pub_jwk).validate(token)
+
             root_domain_vo = root_domain_vos[0]
 
             _LOGGER.debug(

src/spaceone/identity/service/workspace_service.py

@@ -142,9 +142,7 @@ def get(self, params: WorkspaceGetRequest) -> Union[WorkspaceResponse, dict]:
         )
         return WorkspaceResponse(**workspace_vo.to_dict())
 
-    @transaction(
-        exclude=["authentication", "authorization", "mutation"],
-    )
+    @transaction(role_types=["INTERNAL"])
     @convert_model
     def check(self, params: WorkspaceCheckRequest) -> None:
         """Check workspace