feat: Decide which backend to use, detecting the entityid to which the authn request is request is referred

peppelinux · peppelinux · commit ce9cd5dede37 · 2021-04-02T11:56:19.000+02:00
diff --git a/example/plugins/microservices/target_based_routing.yaml.example b/example/plugins/microservices/target_based_routing.yaml.example
@@ -0,0 +1,6 @@
+module: satosa.micro_services.custom_routing.DecideBackendByTarget
+name: TargetRouter
+config:
+  target_mapping:
+    "http://idpspid.testunical.it:8088": "spidSaml2" # map SAML entity with entity id 'target_id' to backend name
+    "http://eidas.testunical.it:8081/saml2/metadata": "eidasSaml2"
diff --git a/src/satosa/exception.py b/src/satosa/exception.py
@@ -31,6 +31,13 @@ class SATOSACriticalError(SATOSAError):
     pass
 
 
+class SATOSABackendNotFoundError(SATOSAError):
+    """
+    SATOSA Backend not existent/not found
+    """
+    pass
+
+
 class SATOSAUnknownError(SATOSAError):
     """
     SATOSA unknown error
diff --git a/src/satosa/micro_services/custom_routing.py b/src/satosa/micro_services/custom_routing.py
@@ -5,11 +5,73 @@
 from .base import RequestMicroService
 from ..exception import SATOSAConfigurationError
 from ..exception import SATOSAError
+from ..exception import SATOSABackendNotFoundError
 
 
 logger = logging.getLogger(__name__)
 
 
+class DecideBackendByTarget(RequestMicroService):
+    """
+    Select which backend should be used based on who is the SAML IDP
+    """
+
+    def __init__(self, config, *args, **kwargs):
+        """
+        Constructor.
+        :param config: mapping from requester identifier to
+        backend module name under the key 'requester_mapping'
+        :type config: Dict[str, Dict[str, str]]
+        """
+        super().__init__(*args, **kwargs)
+        self.target_mapping = config['target_mapping']
+
+
+    def get_backend_by_endpoint_path(self, context, native_backend,
+                                     backends):
+        """
+        Returns a new path and target_backend according to its maps
+
+        :type context: satosa.context.Context
+        :rtype: ((satosa.context.Context, Any) -> Any, Any)
+
+        :param context: The request context
+        :param native_backed: the backed that the proxy normally have been used
+        :param backends: list of all the backend configured in the proxy
+
+        :return: tuple or None
+        """
+        entity_id = context.request.get('entityID')
+        tr_backend = self.target_mapping.get(entity_id)
+        if not entity_id:
+            return
+        if entity_id not in self.target_mapping.keys():
+            return
+        if not tr_backend:
+            return
+
+        if not backends.get(tr_backend):
+            raise SATOSABackendNotFoundError(
+                f"'{tr_backend}' not found in proxy_conf.yaml"
+            )
+
+        if not backends.get(tr_backend):
+            raise SATOSABackendNotFoundError(
+                f"'{tr_backend}' not found in proxy_conf.yaml"
+            )
+
+        tr_path = context.path.replace(native_backend, tr_backend)
+        for endpoint in backends[tr_backend]['endpoints']:
+            # remove regex trailing chars
+            if tr_path == endpoint[0].strip('^').strip('$'):
+                msg = (f'Found DecideBackendByTarget ({self.name} microservice) '
+                       f'redirecting {entity_id} from {native_backend} '
+                       f'backend to {tr_backend}')
+                logger.info(msg)
+                return (tr_backend, tr_path)
+        return
+
+
 class DecideBackendByRequester(RequestMicroService):
     """
     Select which backend should be used based on who the requester is.
diff --git a/src/satosa/routing.py b/src/satosa/routing.py
@@ -158,6 +158,21 @@ def endpoint_routing(self, context):
         path_split = context.path.split("/")
         backend = path_split[0]
 
+        # Target router interception
+        trouter_microservice_name = 'TargetRouter'
+        if all((context.request,
+                context.request.get('entityID'),
+                (trouter_microservice_name in self.micro_services))):
+            tr_microservice = self.micro_services[trouter_microservice_name]['instance']
+            tr_result = tr_microservice.get_backend_by_endpoint_path(
+                            context, backend, self.backends
+                        )
+            if tr_result:
+                backend, context.path = tr_result
+                context.target_backend = backend
+                return self._find_registered_backend_endpoint(context)
+        # end Target router interception
+
         if backend in self.backends:
             context.target_backend = backend
         else:
