Merge branch 'master' into dev

Azure · Aug 16, 2017 · 77a5260 · 77a5260
2 parents 0d346a5 + 48a8154
commit 77a5260
Show file tree

Hide file tree

Showing 14 changed files with 432 additions and 16 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -2,7 +2,9 @@ sudo: false
 
 language: go
 
-go: 1.8
+  - 1.8
+  - 1.7
+  - 1.6
 
 install:
   - go get -u github.com/golang/lint/golint

diff --git a/autorest/authorization.go b/autorest/authorization.go
@@ -3,10 +3,18 @@ package autorest
 import (
 	"fmt"
 	"net/http"
+	"net/url"
+	"strings"
 
 	"github.com/Azure/go-autorest/autorest/adal"
 )
 
+const (
+	bearerChallengeHeader = "Www-Authenticate"
+	bearer                = "Bearer"
+	tenantID              = "tenantID"
+)
+
 // Authorizer is the interface that provides a PrepareDecorator used to supply request
 // authorization. Most often, the Authorizer decorator runs last so it has access to the full
 // state of the formed HTTP request.
@@ -55,3 +63,105 @@ func (ba *BearerAuthorizer) WithAuthorization() PrepareDecorator {
 		})
 	}
 }
+
+// BearerAuthorizerCallbackFunc is the authentication callback signature.
+type BearerAuthorizerCallbackFunc func(tenantID, resource string) (*BearerAuthorizer, error)
+
+// BearerAuthorizerCallback implements bearer authorization via a callback.
+type BearerAuthorizerCallback struct {
+	sender   Sender
+	callback BearerAuthorizerCallbackFunc
+}
+
+// NewBearerAuthorizerCallback creates a bearer authorization callback.  The callback
+// is invoked when the HTTP request is submitted.
+func NewBearerAuthorizerCallback(sender Sender, callback BearerAuthorizerCallbackFunc) *BearerAuthorizerCallback {
+	if sender == nil {
+		sender = &http.Client{}
+	}
+	return &BearerAuthorizerCallback{sender: sender, callback: callback}
+}
+
+// WithAuthorization returns a PrepareDecorator that adds an HTTP Authorization header whose value
+// is "Bearer " followed by the token.  The BearerAuthorizer is obtained via a user-supplied callback.
+//
+// By default, the token will be automatically refreshed through the Refresher interface.
+func (bacb *BearerAuthorizerCallback) WithAuthorization() PrepareDecorator {
+	return func(p Preparer) Preparer {
+		return PreparerFunc(func(r *http.Request) (*http.Request, error) {
+			// make a copy of the request and remove the body as it's not
+			// required and avoids us having to create a copy of it.
+			rCopy := *r
+			removeRequestBody(&rCopy)
+
+			resp, err := bacb.sender.Do(&rCopy)
+			if err == nil && resp.StatusCode == 401 {
+				defer resp.Body.Close()
+				if hasBearerChallenge(resp) {
+					bc, err := newBearerChallenge(resp)
+					if err != nil {
+						return r, err
+					}
+					if bacb.callback != nil {
+						ba, err := bacb.callback(bc.values[tenantID], bc.values["resource"])
+						if err != nil {
+							return r, err
+						}
+						return ba.WithAuthorization()(p).Prepare(r)
+					}
+				}
+			}
+			return r, err
+		})
+	}
+}
+
+// returns true if the HTTP response contains a bearer challenge
+func hasBearerChallenge(resp *http.Response) bool {
+	authHeader := resp.Header.Get(bearerChallengeHeader)
+	if len(authHeader) == 0 || strings.Index(authHeader, bearer) < 0 {
+		return false
+	}
+	return true
+}
+
+type bearerChallenge struct {
+	values map[string]string
+}
+
+func newBearerChallenge(resp *http.Response) (bc bearerChallenge, err error) {
+	challenge := strings.TrimSpace(resp.Header.Get(bearerChallengeHeader))
+	trimmedChallenge := challenge[len(bearer)+1:]
+
+	// challenge is a set of key=value pairs that are comma delimited
+	pairs := strings.Split(trimmedChallenge, ",")
+	if len(pairs) < 1 {
+		err = fmt.Errorf("challenge '%s' contains no pairs", challenge)
+		return bc, err
+	}
+
+	bc.values = make(map[string]string)
+	for i := range pairs {
+		trimmedPair := strings.TrimSpace(pairs[i])
+		pair := strings.Split(trimmedPair, "=")
+		if len(pair) == 2 {
+			// remove the enclosing quotes
+			key := strings.Trim(pair[0], "\"")
+			value := strings.Trim(pair[1], "\"")
+
+			switch key {
+			case "authorization", "authorization_uri":
+				// strip the tenant ID from the authorization URL
+				asURL, err := url.Parse(value)
+				if err != nil {
+					return bc, err
+				}
+				bc.values[tenantID] = asURL.Path[1:]
+			default:
+				bc.values[key] = value
+			}
+		}
+	}
+
+	return bc, err
+}
diff --git a/autorest/authorization_test.go b/autorest/authorization_test.go
@@ -135,3 +135,40 @@ func TestServicePrincipalTokenWithAuthorizationReturnsErrorIfConnotRefresh(t *te
 		t.Fatal("azure: BearerAuthorizer#WithAuthorization failed to return an error when refresh fails")
 	}
 }
+
+func TestBearerAuthorizerCallback(t *testing.T) {
+	tenantString := "123-tenantID-456"
+	resourceString := "https://fake.resource.net"
+
+	s := mocks.NewSender()
+	resp := mocks.NewResponseWithStatus("401 Unauthorized", http.StatusUnauthorized)
+	mocks.SetResponseHeader(resp, bearerChallengeHeader, bearer+" \"authorization\"=\"https://fake.net/"+tenantString+"\",\"resource\"=\""+resourceString+"\"")
+	s.AppendResponse(resp)
+
+	auth := NewBearerAuthorizerCallback(s, func(tenantID, resource string) (*BearerAuthorizer, error) {
+		if tenantID != tenantString {
+			t.Fatal("BearerAuthorizerCallback: bad tenant ID")
+		}
+		if resource != resourceString {
+			t.Fatal("BearerAuthorizerCallback: bad resource")
+		}
+
+		oauthConfig, err := adal.NewOAuthConfig(TestActiveDirectoryEndpoint, tenantID)
+		if err != nil {
+			t.Fatalf("azure: NewOAuthConfig returned an error (%v)", err)
+		}
+
+		spt, err := adal.NewServicePrincipalToken(*oauthConfig, "id", "secret", resource)
+		if err != nil {
+			t.Fatalf("azure: NewServicePrincipalToken returned an error (%v)", err)
+		}
+
+		spt.SetSender(s)
+		return NewBearerAuthorizer(spt), nil
+	})
+
+	_, err := Prepare(mocks.NewRequest(), auth.WithAuthorization())
+	if err == nil {
+		t.Fatal("azure: BearerAuthorizerCallback#WithAuthorization failed to return an error when refresh fails")
+	}
+}
diff --git a/autorest/client.go b/autorest/client.go
@@ -35,6 +35,7 @@ var (
 
 	statusCodesForRetry = []int{
 		http.StatusRequestTimeout,      // 408
+		http.StatusTooManyRequests,     // 429
 		http.StatusInternalServerError, // 500
 		http.StatusBadGateway,          // 502
 		http.StatusServiceUnavailable,  // 503

diff --git a/autorest/date/unixtime_test.go b/autorest/date/unixtime_test.go
@@ -1,3 +1,5 @@
+// +build go1.7
+
 package date
 
 import (

diff --git a/autorest/retriablerequest.go b/autorest/retriablerequest.go
@@ -0,0 +1,38 @@
+package autorest
+
+import (
+	"bytes"
+	"io"
+	"io/ioutil"
+	"net/http"
+)
+
+// NewRetriableRequest returns a wrapper around an HTTP request that support retry logic.
+func NewRetriableRequest(req *http.Request) *RetriableRequest {
+	return &RetriableRequest{req: req}
+}
+
+// Request returns the wrapped HTTP request.
+func (rr *RetriableRequest) Request() *http.Request {
+	return rr.req
+}
+
+func (rr *RetriableRequest) prepareFromByteReader() (err error) {
+	// fall back to making a copy (only do this once)
+	b := []byte{}
+	if rr.req.ContentLength > 0 {
+		b = make([]byte, rr.req.ContentLength)
+		_, err = io.ReadFull(rr.req.Body, b)
+		if err != nil {
+			return err
+		}
+	} else {
+		b, err = ioutil.ReadAll(rr.req.Body)
+		if err != nil {
+			return err
+		}
+	}
+	rr.br = bytes.NewReader(b)
+	rr.req.Body = ioutil.NopCloser(rr.br)
+	return err
+}
diff --git a/autorest/retriablerequest_1.7.go b/autorest/retriablerequest_1.7.go
@@ -0,0 +1,44 @@
+// +build !go1.8
+
+package autorest
+
+import (
+	"bytes"
+	"net/http"
+)
+
+// RetriableRequest provides facilities for retrying an HTTP request.
+type RetriableRequest struct {
+	req   *http.Request
+	br    *bytes.Reader
+	reset bool
+}
+
+// Prepare signals that the request is about to be sent.
+func (rr *RetriableRequest) Prepare() (err error) {
+	// preserve the request body; this is to support retry logic as
+	// the underlying transport will always close the reqeust body
+	if rr.req.Body != nil {
+		if rr.reset {
+			if rr.br != nil {
+				_, err = rr.br.Seek(0, 0 /*io.SeekStart*/)
+			}
+			rr.reset = false
+			if err != nil {
+				return err
+			}
+		}
+		if rr.br == nil {
+			// fall back to making a copy (only do this once)
+			err = rr.prepareFromByteReader()
+		}
+		// indicates that the request body needs to be reset
+		rr.reset = true
+	}
+	return err
+}
+
+func removeRequestBody(req *http.Request) {
+	req.Body = nil
+	req.ContentLength = 0
+}
diff --git a/autorest/retriablerequest_1.8.go b/autorest/retriablerequest_1.8.go
@@ -0,0 +1,56 @@
+// +build go1.8
+
+package autorest
+
+import (
+	"bytes"
+	"io"
+	"net/http"
+)
+
+// RetriableRequest provides facilities for retrying an HTTP request.
+type RetriableRequest struct {
+	req   *http.Request
+	rc    io.ReadCloser
+	br    *bytes.Reader
+	reset bool
+}
+
+// Prepare signals that the request is about to be sent.
+func (rr *RetriableRequest) Prepare() (err error) {
+	// preserve the request body; this is to support retry logic as
+	// the underlying transport will always close the reqeust body
+	if rr.req.Body != nil {
+		if rr.reset {
+			if rr.rc != nil {
+				rr.req.Body = rr.rc
+			} else if rr.br != nil {
+				_, err = rr.br.Seek(0, io.SeekStart)
+			}
+			rr.reset = false
+			if err != nil {
+				return err
+			}
+		}
+		if rr.req.GetBody != nil {
+			// this will allow us to preserve the body without having to
+			// make a copy.  note we need to do this on each iteration
+			rr.rc, err = rr.req.GetBody()
+			if err != nil {
+				return err
+			}
+		} else if rr.br == nil {
+			// fall back to making a copy (only do this once)
+			err = rr.prepareFromByteReader()
+		}
+		// indicates that the request body needs to be reset
+		rr.reset = true
+	}
+	return err
+}
+
+func removeRequestBody(req *http.Request) {
+	req.Body = nil
+	req.GetBody = nil
+	req.ContentLength = 0
+}