add service instance id to request context (#712)

Peripli · Oct 20, 2021 · 1a3ed39 · 1a3ed39
1 parent 8d681b0
commit 1a3ed39
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 1 deletion.
diff --git a/api/osb/context_signature_plugin.go b/api/osb/context_signature_plugin.go
@@ -16,7 +16,10 @@ import (
 	"github.com/Peripli/service-manager/pkg/web"
 )
 
-const ContextSignaturePluginName = "ContextSignaturePlugin"
+const (
+	ContextSignaturePluginName = "ContextSignaturePlugin"
+	ServiceInstanceIDFieldName = "service_instance_id"
+)
 
 type ContextSignaturePlugin struct {
 	contextSigner *ContextSigner
@@ -69,6 +72,10 @@ func (s *ContextSignaturePlugin) signContext(req *web.Request, next web.Handler)
 	}
 	contextMap := reqBodyMap["context"].(map[string]interface{})
 
+	if instanceID, ok := req.PathParams[InstanceIDPathParam]; ok {
+		contextMap[ServiceInstanceIDFieldName] = instanceID
+	}
+
 	err = s.contextSigner.Sign(req.Context(), contextMap)
 	if err != nil {
 		log.C(req.Context()).Errorf("failed to sign request context: %v", err)

diff --git a/storage/interceptors/smaap_service_binding_interceptor.go b/storage/interceptors/smaap_service_binding_interceptor.go
@@ -516,6 +516,7 @@ func (i *ServiceBindingInterceptor) prepareBindRequest(ctx context.Context, inst
 
 	//in case the private key is not provided we continue without adding the signature. this is useful in case we want to toggle off the feature
 	if i.contextSigner.ContextPrivateKey != "" {
+		context[osb.ServiceInstanceIDFieldName] = instance.ID
 		err := i.contextSigner.Sign(ctx, context)
 		if err != nil {
 			log.C(ctx).Errorf("failed to sign context: %v", err)

diff --git a/storage/interceptors/smaap_service_instance_interceptor.go b/storage/interceptors/smaap_service_instance_interceptor.go
@@ -769,6 +769,7 @@ func (i *ServiceInstanceInterceptor) prepareProvisionRequest(ctx context.Context
 
 	//in case the private key is not provided we continue without adding the signature. this is useful in case we want to toggle off the feature
 	if i.contextSigner.ContextPrivateKey != "" {
+		instanceContext[osb.ServiceInstanceIDFieldName] = instance.ID
 		err = i.contextSigner.Sign(ctx, instanceContext)
 		if err != nil {
 			log.C(ctx).Errorf("failed to sign context: %v", err)
@@ -872,6 +873,7 @@ func (i *ServiceInstanceInterceptor) prepareUpdateInstanceRequest(ctx context.Co
 
 	//in case the private key is not provided we continue without adding the signature. this is useful in case we want to toggle off the feature
 	if i.contextSigner.ContextPrivateKey != "" {
+		instanceContext[osb.ServiceInstanceIDFieldName] = instance.ID
 		err := i.contextSigner.Sign(ctx, instanceContext)
 		if err != nil {
 			log.C(ctx).Errorf("failed to sign context: %v", err)

diff --git a/test/common/context_signature.go b/test/common/context_signature.go
@@ -54,6 +54,10 @@ func GetVerifyContextHandlerFunc(publicKeyStr string) func(http.ResponseWriter,
 		signature, err := base64.StdEncoding.DecodeString(signatureBytes.String())
 		Expect(err).ToNot(HaveOccurred())
 
+		//verify service_instance_id is in the context
+		instanceID := gjson.GetBytes(bytes, "context.service_instance_id")
+		Expect(instanceID.Exists()).To(Equal(true), "context should have a service_instance_id field")
+
 		//decode the public key
 		key, err := base64.StdEncoding.DecodeString(publicKeyStr)
 		Expect(err).ToNot(HaveOccurred())