Merge pull request #148 from ImMin5/master

Add unset ExternalAuth api

src/spaceone/identity/connector/external_auth_plugin_connector.py

@@ -32,13 +32,22 @@ def init(self, options: dict, domain_id: str):
         except Exception as e:
             raise ERROR_AUTHENTICATION_FAILURE_PLUGIN(messsage=str(e))
 
-    def authorize(self, credentials, options, secret_data, domain_id, schema_id=None):
+    def authorize(
+        self,
+        credentials,
+        options,
+        secret_data,
+        domain_id,
+        schema_id=None,
+        metadata=None,
+    ):
         params = {
             "options": options,
             "secret_data": secret_data,
             "user_credentials": credentials,
             "schema_id": schema_id,
             "domain_id": domain_id,
+            "metadata": metadata or {},
         }
 
         try:

src/spaceone/identity/manager/external_auth_manager.py

@@ -55,6 +55,10 @@ def _rollback(old_data):
 
         return external_auth_vo
 
+    @staticmethod
+    def delete_external_auth_by_vo(external_auth_vo: ExternalAuth):
+        external_auth_vo.delete()
+
     def get_external_auth(self, domain_id: str) -> ExternalAuth:
         return self.external_auth_model.get(domain_id=domain_id)
 
@@ -63,7 +67,11 @@ def get_auth_info(self, domain_vo: Domain) -> dict:
 
         if external_auth_vos.count() > 0:
             external_auth_state = "ENABLED"
-            metadata = external_auth_vos[0].plugin_info.get("metadata", {})
+            plugin_info = external_auth_vos[0].plugin_info
+            metadata = plugin_info.get("metadata", {})
+            # if secret_id := plugin_info.get("secret_id"):
+            #     secret_mgr = SecretManager()
+            #     secret_data = secret_mgr.get_secret_data(secret_id, domain_vo.domain_id)
 
         else:
             external_auth_state = "DISABLED"

src/spaceone/identity/manager/secret_manager.py

@@ -13,6 +13,11 @@ def __init__(self, *args, **kwargs):
             "SpaceConnector", service="secret"
         )
 
+    def get_secret_data(self, secret_id: str, domain_id: str) -> dict:
+        return self.secret_conn.dispatch(
+            "Secret.get_data", {"secret_id": secret_id, "domain_id": domain_id}
+        )
+
     def create_trusted_secret(self, params: dict) -> dict:
         return self.secret_conn.dispatch("TrustedSecret.create", params)
 

src/spaceone/identity/manager/token_manager/external_token_manager.py

@@ -45,6 +45,7 @@ def authenticate(self, domain_id: str, **kwargs):
         endpoint, version = self.external_auth_mgr.get_auth_plugin_endpoint(
             self.domain.domain_id, self.external_auth.plugin_info
         )
+
         external_auth_user_info = self._authenticate_with_plugin(
             endpoint, credentials, domain_id
         )
@@ -96,11 +97,18 @@ def _authenticate_with_plugin(
         self, endpoint: str, credentials: dict, domain_id: str
     ) -> dict:
         options = self.external_auth.plugin_info.options
+        metadata = self.external_auth.plugin_info.metadata
 
         auth_plugin_conn = ExternalAuthPluginConnector()
         auth_plugin_conn.initialize(endpoint)
 
-        return auth_plugin_conn.authorize(credentials, options, {}, domain_id)
+        return auth_plugin_conn.authorize(
+            credentials=credentials,
+            secret_data={},
+            options=options,
+            domain_id=domain_id,
+            metadata=metadata,
+        )
 
     def _check_domain_state(self):
         external_auth_info = self.external_auth_mgr.get_auth_info(domain_vo=self.domain)

src/spaceone/identity/service/domain_service.py

@@ -11,8 +11,8 @@
 from spaceone.identity.manager.role_manager import RoleManager
 from spaceone.identity.manager.role_binding_manager import RoleBindingManager
 from spaceone.identity.manager.user_manager import UserManager
-from spaceone.identity.manager.system_manager import SystemManager
 from spaceone.identity.manager.config_manager import ConfigManager
+from spaceone.identity.manager.system_manager import SystemManager
 from spaceone.identity.model.domain.request import *
 from spaceone.identity.model.domain.response import *
 from spaceone.identity.error.error_domain import *
@@ -191,12 +191,12 @@ def get_auth_info(
 
         domain_vo = self.domain_mgr.get_domain_by_name(params.name)
         external_auth_mgr = ExternalAuthManager()
-        auth_info = external_auth_mgr.get_auth_info(domain_vo)
+        external_auth_info = external_auth_mgr.get_auth_info(domain_vo)
 
         config_mgr = ConfigManager()
-        auth_info["config"] = config_mgr.get_auth_config(domain_vo.domain_id)
+        external_auth_info["config"] = config_mgr.get_auth_config(domain_vo.domain_id)
 
-        return DomainAuthInfoResponse(**auth_info)
+        return DomainAuthInfoResponse(**external_auth_info)
 
     @transaction(exclude=["authentication", "authorization", "mutation"])
     @convert_model

src/spaceone/identity/service/external_auth_service.py

@@ -59,7 +59,10 @@ def unset(
             ExternalAuthResponse:
         """
 
-        return {}
+        external_auth_vo = self.external_auth_mgr.get_external_auth(params.domain_id)
+        self.external_auth_mgr.delete_external_auth_by_vo(external_auth_vo)
+
+        return {"domain_id": params.domain_id, "state": "DISABLED"}
 
     @transaction(permission="identity:ExternalAuth.read", role_types=["DOMAIN_ADMIN"])
     @convert_model
@@ -73,5 +76,11 @@ def get(self, params: ExternalAuthGetRequest) -> Union[ExternalAuthResponse, dic
             ExternalAuthResponse:
         """
 
-        external_auth_vo = self.external_auth_mgr.get_external_auth(params.domain_id)
-        return ExternalAuthResponse(**external_auth_vo.to_dict())
+        external_auth_vos = self.external_auth_mgr.filter_external_auth(
+            domain_id=params.domain_id
+        )
+        if external_auth_vos.count() > 0:
+            external_auth_vo = external_auth_vos[0]
+            return ExternalAuthResponse(**external_auth_vo.to_dict())
+        else:
+            return {"domain_id": params.domain_id, "state": "DISABLED"}