feat: DecideBackedByTarget microservice

Author: peppelinux

example/plugins/microservices/target_based_routing.yaml.example

@@ -0,0 +1,10 @@
+module: satosa.micro_services.custom_routing.DecideBackendByTarget
+name: TargetRouter
+config:
+
+  # the regex that will intercept http requests to be handled with this microservice
+  endpoint_path: ".*/disco"
+
+  target_mapping:
+    "http://idpspid.testunical.it:8088": "spidSaml2" # map SAML entity with entity id 'target_id' to backend name
+    "http://eidas.testunical.it:8081/saml2/metadata": "eidasSaml2"

src/satosa/micro_services/custom_routing.py

@@ -2,14 +2,103 @@
 from base64 import urlsafe_b64encode
 
 from satosa.context import Context
+from satosa.internal import InternalData
+
 from .base import RequestMicroService
 from ..exception import SATOSAConfigurationError
 from ..exception import SATOSAError
+from ..exception import SATOSAStateError
 
 
 logger = logging.getLogger(__name__)
 
 
+class CustomRoutingError(SATOSAError):
+    """
+    SATOSA exception raised by CustomRouting rules
+    """
+    pass
+
+
+class DecideBackendByTarget(RequestMicroService):
+    """
+    Select which backend should be used based on who is the SAML IDP
+    """
+
+    def __init__(self, config, *args, **kwargs):
+        """
+        Constructor.
+        :param config: microservice configuration loaded from yaml file
+        :type config: Dict[str, Dict[str, str]]
+        """
+        super().__init__(*args, **kwargs)
+        self.target_mapping = config['target_mapping']
+        self.endpoint_paths = config['endpoint_paths']
+        self.default_backend = config['default_backend']
+
+        if not isinstance(self.endpoint_paths, list):
+            raise SATOSAConfigurationError()
+
+    def register_endpoints(self):
+        """
+        URL mapping of additional endpoints this micro service needs to register for callbacks.
+
+        Example of a mapping from the url path '/callback' to the callback() method of a micro service:
+            reg_endp = [
+                ("^/callback1$", self.callback),
+            ]
+
+        :rtype List[Tuple[str, Callable[[satosa.context.Context, Any], satosa.response.Response]]]
+
+        :return: A list with functions and args bound to a specific endpoint url,
+                 [(regexp, Callable[[satosa.context.Context], satosa.response.Response]), ...]
+        """
+
+        # this intercepts disco response
+        return [
+            (path , self.backend_by_entityid)
+            for path in self.endpoint_paths
+        ]
+
+    def _get_backend(self, context:str, entity_id:str) -> str:
+        """
+        returns the Target Backend to use
+        """
+        return (
+            self.target_mapping.get(entity_id) or
+            self.default_backend
+        )
+
+    def backend_by_entityid(self, context):
+        entity_id = context.request.get('entityID')
+        tr_backend = self._get_backend(context, entity_id)
+
+        if not context.state.get('ROUTER'):
+            raise SATOSAStateError(
+                f"{self.__class__.__name__} "
+                "can't find any valid state in the context."
+            )
+
+        if entity_id:
+            context.internal_data['target_entity_id'] = entity_id
+            context.target_frontend = context.state['ROUTER']
+            native_backend = context.target_backend
+            msg = (f'Found DecideBackendByTarget ({self.name} microservice) '
+                   f'redirecting {entity_id} from {native_backend} '
+                   f'backend to {tr_backend}')
+            logger.info(msg)
+            context.target_backend = tr_backend
+        else:
+            raise CustomRoutingError(
+                f"{self.__class__.__name__} "
+                "can't find any valid entity_id in the context."
+            )
+
+        data_serialized = context.state.get(self.name, {}).get("internal", {})
+        data = InternalData.from_dict(data_serialized)
+        return super().process(context, data)
+
+
 class DecideBackendByRequester(RequestMicroService):
     """
     Select which backend should be used based on who the requester is.

tests/satosa/micro_services/test_custom_routing.py

@@ -3,9 +3,11 @@
 import pytest
 
 from satosa.context import Context
-from satosa.exception import SATOSAError, SATOSAConfigurationError
+from satosa.exception import SATOSAError, SATOSAConfigurationError, SATOSAStateError
 from satosa.internal import InternalData
 from satosa.micro_services.custom_routing import DecideIfRequesterIsAllowed
+from satosa.micro_services.custom_routing import DecideBackendByTarget
+from satosa.micro_services.custom_routing import CustomRoutingError
 
 TARGET_ENTITY = "entity1"
 
@@ -156,3 +158,77 @@ def test_missing_target_entity_id_from_context(self, context):
         req = InternalData(requester="test_requester")
         with pytest.raises(SATOSAError):
             decide_service.process(context, req)
+
+
+class TestDecideBackendByTarget:
+    rules = {
+        'default_backend': 'Saml2',
+        'endpoint_paths': ['.*/disco'],
+        'target_mapping': {'http://idpspid.testunical.it:8088': 'spidSaml2'}
+    }
+
+    def create_decide_service(self, rules):
+        decide_service = DecideBackendByTarget(
+                config=rules,
+                name="test_decide_service",
+                base_url="https://satosa.example.com"
+        )
+        decide_service.next = lambda ctx, data: data
+        return decide_service
+
+
+    def test_missing_state(self, target_context):
+        decide_service = self.create_decide_service(self.rules)
+        target_context.request = {
+            'entityID': 'http://idpspid.testunical.it:8088',
+        }
+        req = InternalData(requester="test_requester")
+        req.requester = "somebody else"
+        assert decide_service.process(target_context, req)
+
+        with pytest.raises(SATOSAStateError):
+            decide_service.backend_by_entityid(target_context)
+
+
+    def test_missing_entityid(self, target_context):
+        decide_service = self.create_decide_service(self.rules)
+        target_context.request = {
+            # 'entityID': None,
+        }
+        target_context.state['ROUTER'] = 'Saml2'
+
+        req = InternalData(requester="test_requester")
+        assert decide_service.process(target_context, req)
+
+        with pytest.raises(CustomRoutingError):
+            decide_service.backend_by_entityid(target_context)
+
+
+    def test_unmatching_target(self, target_context):
+        """
+            It would rely on the default backend
+        """
+        decide_service = self.create_decide_service(self.rules)
+        target_context.request = {
+            'entityID': 'unknow-entity-id',
+        }
+        target_context.state['ROUTER'] = 'Saml2'
+
+        req = InternalData(requester="test_requester")
+        assert decide_service.process(target_context, req)
+
+        res = decide_service.backend_by_entityid(target_context)
+        assert isinstance(res, InternalData)
+
+    def test_matching_target(self, target_context):
+        decide_service = self.create_decide_service(self.rules)
+        target_context.request = {
+            'entityID': 'http://idpspid.testunical.it:8088-entity-id'
+        }
+        target_context.state['ROUTER'] = 'Saml2'
+
+        req = InternalData(requester="test_requester")
+        req.requester = "somebody else"
+        assert decide_service.process(target_context, req)
+        res = decide_service.backend_by_entityid(target_context)
+        assert isinstance(res, InternalData)