Refactor logrus to zerolog and add authentication

.github/workflows/radix-vulnerability-scanner-api-pr.yml

@@ -22,16 +22,13 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 2
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v5
         with:
           go-version: '1.21'
-      - name: Install dependencies
-        run: go mod download
-      - name: Install GolangCI Lint
-        run: curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.55.2
-
       - name: golangci-lint
-        run: golangci-lint run --timeout=30m --max-same-issues=0 --out-format=github-actions
+        uses: golangci/golangci-lint-action@v4
+        with:
+          version: v1.55.2
 
   test:
     name: Unit Test

.golangci.yaml

@@ -0,0 +1,16 @@
+run:
+  timeout: 30m
+
+linters:
+  enable:
+    - errcheck
+    - gosimple
+    - govet
+    - ineffassign
+    - staticcheck
+    - unused
+    - zerologlint
+
+linters-settings:
+  issues:
+    max-same-issues: 0

Makefile

@@ -28,7 +28,7 @@ mocks: bootstrap
 	mockgen -source ./repository/repository.go -destination ./repository/mock/repository.go -package mock
 	mockgen -source ./service/radixapi.go -destination ./service/mock/radixapi.go -package mock
 	mockgen -source ./radix_api/generated_client/client/environment/environment_client.go -destination ./radix_api/mock_client/client/environment/environment_client.go -package environmentmock
-	mockgen -source ./router/authorization.go -destination ./router/mock/authorization.go -package mock
+	mockgen -source ./utils/auth/auth_provider.go -destination ./utils/auth/mock/auth_provider.go -package mock
 
 HAS_SWAGGER       := $(shell command -v swagger;)
 HAS_GOLANGCI_LINT := $(shell command -v golangci-lint;)

api/errors/errors.go

@@ -5,7 +5,7 @@ import (
 	"net/http"
 
 	"github.com/gin-gonic/gin"
-	"github.com/sirupsen/logrus"
+	"github.com/rs/zerolog"
 )
 
 var (
@@ -52,9 +52,8 @@ func WrapError(err error, apiError *apiError) error {
 func HandleErrorJSON(c *gin.Context, err error) {
 	var apiErr APIError
 
-	logrus.Errorf("error: %v", err)
-
 	if !errors.As(err, &apiErr) {
+		zerolog.Ctx(c.Request.Context()).Error().Err(err).Msg(err.Error())
 		apiErr = ErrInternalServerError
 	}
 

api/vulnerability/controller_test.go

@@ -13,7 +13,7 @@ import (
 	handlerMock "github.com/equinor/radix-vulnerability-scanner-api/api/vulnerability/mock"
 	"github.com/equinor/radix-vulnerability-scanner-api/models"
 	"github.com/equinor/radix-vulnerability-scanner-api/router"
-	routerMock "github.com/equinor/radix-vulnerability-scanner-api/router/mock"
+	authprovidermock "github.com/equinor/radix-vulnerability-scanner-api/utils/auth/mock"
 	"github.com/golang/mock/gomock"
 	"github.com/stretchr/testify/suite"
 )
@@ -24,27 +24,29 @@ func Test_ControllerTestSuite(t *testing.T) {
 
 type controllerTestSuite struct {
 	suite.Suite
-	handler        *handlerMock.MockHandler
-	tokenValidator *routerMock.MockTokenValidator
+	handler      *handlerMock.MockHandler
+	authProvider *authprovidermock.MockAuthProvider
+	idToken      *authprovidermock.MockIDToken
 }
 
 func (s *controllerTestSuite) SetupTest() {
 	ctrl := gomock.NewController(s.T())
 	s.handler = handlerMock.NewMockHandler(ctrl)
-	s.tokenValidator = routerMock.NewMockTokenValidator(ctrl)
+	s.authProvider = authprovidermock.NewMockAuthProvider(ctrl)
+	s.idToken = authprovidermock.NewMockIDToken(ctrl)
 }
 
 func (s *controllerTestSuite) Test_GetApplicationVulnerabilitySummaries() {
 	rootPath, appName, token := "/api/any", "anyapp", "anytoken"
-	user := &models.User{RawToken: token}
+	user := &models.User{RawToken: token, Identity: s.idToken}
 	w := httptest.NewRecorder()
 	expected := []*apiModels.EnvironmentVulnerabilities{}
 
 	s.handler.EXPECT().GetApplicationVulnerabilitySummaries(gomock.Any(), user, appName).Return(expected, nil)
-	s.tokenValidator.EXPECT().ValidateToken(gomock.Any()).Return(user, nil)
+	s.authProvider.EXPECT().VerifyToken(gomock.Any(), gomock.Any()).Return(s.idToken, nil)
 
 	sut := NewController(s.handler)
-	router := router.NewServer("anycluster", rootPath, s.tokenValidator, sut)
+	router := router.NewServer("anycluster", rootPath, s.authProvider, sut)
 	req, _ := http.NewRequest("GET", path.Join(rootPath, fmt.Sprintf("applications/vulnerabilities/%s", appName)), nil)
 	req.Header["Authorization"] = []string{"Bearer " + token}
 	router.ServeHTTP(w, req)
@@ -57,14 +59,14 @@ func (s *controllerTestSuite) Test_GetApplicationVulnerabilitySummaries() {
 
 func (s *controllerTestSuite) Test_GetApplicationVulnerabilitySummaries_ApiError_NotFound() {
 	rootPath, appName := "/api/any", "anyapp"
-	user := &models.User{}
+	user := &models.User{RawToken: "anytoken", Identity: s.idToken}
 	w := httptest.NewRecorder()
 
 	s.handler.EXPECT().GetApplicationVulnerabilitySummaries(gomock.Any(), user, appName).Return(nil, apiErrors.ErrNotFound)
-	s.tokenValidator.EXPECT().ValidateToken(gomock.Any()).Return(user, nil)
+	s.authProvider.EXPECT().VerifyToken(gomock.Any(), gomock.Any()).Return(s.idToken, nil)
 
 	sut := NewController(s.handler)
-	router := router.NewServer("anycluster", rootPath, s.tokenValidator, sut)
+	router := router.NewServer("anycluster", rootPath, s.authProvider, sut)
 	req, _ := http.NewRequest("GET", path.Join(rootPath, fmt.Sprintf("applications/vulnerabilities/%s", appName)), nil)
 	req.Header["Authorization"] = []string{"Bearer anytoken"}
 	router.ServeHTTP(w, req)
@@ -73,15 +75,15 @@ func (s *controllerTestSuite) Test_GetApplicationVulnerabilitySummaries_ApiError
 
 func (s *controllerTestSuite) Test_GetEnvironmentVulnerabilitySummary() {
 	rootPath, appName, envName, token := "/api/any", "anyapp", "anyenv", "anytoken"
-	user := &models.User{RawToken: token}
+	user := &models.User{RawToken: token, Identity: s.idToken}
 	w := httptest.NewRecorder()
 	expected := apiModels.EnvironmentVulnerabilities{Name: "name"}
 
 	s.handler.EXPECT().GetEnvironmentVulnerabilitySummary(gomock.Any(), user, appName, envName).Return(&expected, nil)
-	s.tokenValidator.EXPECT().ValidateToken(gomock.Any()).Return(user, nil)
+	s.authProvider.EXPECT().VerifyToken(gomock.Any(), gomock.Any()).Return(s.idToken, nil)
 
 	sut := NewController(s.handler)
-	router := router.NewServer("anycluster", rootPath, s.tokenValidator, sut)
+	router := router.NewServer("anycluster", rootPath, s.authProvider, sut)
 	req, _ := http.NewRequest("GET", path.Join(rootPath, fmt.Sprintf("applications/%s/environments/%s", appName, envName)), nil)
 	req.Header["Authorization"] = []string{"Bearer " + token}
 	router.ServeHTTP(w, req)
@@ -93,14 +95,13 @@ func (s *controllerTestSuite) Test_GetEnvironmentVulnerabilitySummary() {
 
 func (s *controllerTestSuite) Test_GetEnvironmentVulnerabilitySummary_ApiError_NotFound() {
 	rootPath, appName, envName := "/api/any", "anyapp", "anyenv"
-	user := &models.User{}
 	w := httptest.NewRecorder()
 
-	s.handler.EXPECT().GetEnvironmentVulnerabilitySummary(gomock.Any(), user, appName, envName).Return(nil, apiErrors.ErrNotFound)
-	s.tokenValidator.EXPECT().ValidateToken(gomock.Any()).Return(user, nil)
+	s.handler.EXPECT().GetEnvironmentVulnerabilitySummary(gomock.Any(), gomock.Any(), appName, envName).Return(nil, apiErrors.ErrNotFound)
+	s.authProvider.EXPECT().VerifyToken(gomock.Any(), gomock.Any()).Return(s.idToken, nil)
 
 	sut := NewController(s.handler)
-	router := router.NewServer("anycluster", rootPath, s.tokenValidator, sut)
+	router := router.NewServer("anycluster", rootPath, s.authProvider, sut)
 	req, _ := http.NewRequest("GET", path.Join(rootPath, fmt.Sprintf("applications/%s/environments/%s", appName, envName)), nil)
 	req.Header["Authorization"] = []string{"Bearer anytoken"}
 	router.ServeHTTP(w, req)
@@ -109,15 +110,15 @@ func (s *controllerTestSuite) Test_GetEnvironmentVulnerabilitySummary_ApiError_N
 
 func (s *controllerTestSuite) Test_GetComponentVulnerabilities() {
 	rootPath, appName, envName, compName, token := "/api/any", "anyapp", "anyenv", "anyComp", "anytoken"
-	user := &models.User{RawToken: token}
+	user := &models.User{RawToken: token, Identity: s.idToken}
 	w := httptest.NewRecorder()
 	expected := apiModels.ImageWithLastScan{Image: apiModels.Image{ImageName: "anyimage"}}
 
 	s.handler.EXPECT().GetComponentVulnerabilities(gomock.Any(), user, appName, envName, compName).Return(&expected, nil)
-	s.tokenValidator.EXPECT().ValidateToken(gomock.Any()).Return(user, nil)
+	s.authProvider.EXPECT().VerifyToken(gomock.Any(), gomock.Any()).Return(s.idToken, nil)
 
 	sut := NewController(s.handler)
-	router := router.NewServer("anycluster", rootPath, s.tokenValidator, sut)
+	router := router.NewServer("anycluster", rootPath, s.authProvider, sut)
 	req, _ := http.NewRequest("GET", path.Join(rootPath, fmt.Sprintf("applications/%s/environments/%s/components/%s", appName, envName, compName)), nil)
 	req.Header["Authorization"] = []string{"Bearer " + token}
 	router.ServeHTTP(w, req)
@@ -129,14 +130,13 @@ func (s *controllerTestSuite) Test_GetComponentVulnerabilities() {
 
 func (s *controllerTestSuite) Test_GetComponentVulnerabilities_ApiError_NotFound() {
 	rootPath, appName, envName, compName := "/api/any", "anyapp", "anyenv", "anycomp"
-	user := &models.User{}
 	w := httptest.NewRecorder()
 
 	s.handler.EXPECT().GetComponentVulnerabilities(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, apiErrors.ErrNotFound)
-	s.tokenValidator.EXPECT().ValidateToken(gomock.Any()).Return(user, nil)
+	s.authProvider.EXPECT().VerifyToken(gomock.Any(), gomock.Any()).Return(s.idToken, nil)
 
 	sut := NewController(s.handler)
-	router := router.NewServer("anycluster", rootPath, s.tokenValidator, sut)
+	router := router.NewServer("anycluster", rootPath, s.authProvider, sut)
 	req, _ := http.NewRequest("GET", path.Join(rootPath, fmt.Sprintf("applications/%s/environments/%s/components/%s", appName, envName, compName)), nil)
 	req.Header["Authorization"] = []string{"Bearer anytoken"}
 	router.ServeHTTP(w, req)
@@ -145,15 +145,15 @@ func (s *controllerTestSuite) Test_GetComponentVulnerabilities_ApiError_NotFound
 
 func (s *controllerTestSuite) Test_GetJobVulnerabilities() {
 	rootPath, appName, envName, compName, token := "/api/any", "anyapp", "anyenv", "anyComp", "anytoken"
-	user := &models.User{RawToken: token}
+	user := &models.User{RawToken: token, Identity: s.idToken}
 	w := httptest.NewRecorder()
 	expected := apiModels.ImageWithLastScan{Image: apiModels.Image{ImageName: "anyimage"}}
 
 	s.handler.EXPECT().GetJobVulnerabilities(gomock.Any(), user, appName, envName, compName).Return(&expected, nil)
-	s.tokenValidator.EXPECT().ValidateToken(gomock.Any()).Return(user, nil)
+	s.authProvider.EXPECT().VerifyToken(gomock.Any(), gomock.Any()).Return(s.idToken, nil)
 
 	sut := NewController(s.handler)
-	router := router.NewServer("anycluster", rootPath, s.tokenValidator, sut)
+	router := router.NewServer("anycluster", rootPath, s.authProvider, sut)
 	req, _ := http.NewRequest("GET", path.Join(rootPath, fmt.Sprintf("applications/%s/environments/%s/jobs/%s", appName, envName, compName)), nil)
 	req.Header["Authorization"] = []string{"Bearer " + token}
 	router.ServeHTTP(w, req)
@@ -165,14 +165,13 @@ func (s *controllerTestSuite) Test_GetJobVulnerabilities() {
 
 func (s *controllerTestSuite) Test_GetJobVulnerabilities_ApiError_NotFound() {
 	rootPath, appName, envName, compName := "/api/any", "anyapp", "anyenv", "anycomp"
-	user := &models.User{}
 	w := httptest.NewRecorder()
 
 	s.handler.EXPECT().GetJobVulnerabilities(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).Return(nil, apiErrors.ErrNotFound)
-	s.tokenValidator.EXPECT().ValidateToken(gomock.Any()).Return(user, nil)
+	s.authProvider.EXPECT().VerifyToken(gomock.Any(), gomock.Any()).Return(s.idToken, nil)
 
 	sut := NewController(s.handler)
-	router := router.NewServer("anycluster", rootPath, s.tokenValidator, sut)
+	router := router.NewServer("anycluster", rootPath, s.authProvider, sut)
 	req, _ := http.NewRequest("GET", path.Join(rootPath, fmt.Sprintf("applications/%s/environments/%s/jobs/%s", appName, envName, compName)), nil)
 	req.Header["Authorization"] = []string{"Bearer anytoken"}
 	router.ServeHTTP(w, req)

go.mod

@@ -5,18 +5,20 @@ go 1.21
 toolchain go1.21.0
 
 require (
+	github.com/coreos/go-oidc/v3 v3.9.0
+	github.com/equinor/radix-common v1.8.1
 	github.com/gin-contrib/cors v1.5.0
 	github.com/gin-gonic/gin v1.9.1
 	github.com/go-openapi/errors v0.21.0
 	github.com/go-openapi/runtime v0.26.2
 	github.com/go-openapi/strfmt v0.22.0
 	github.com/go-openapi/swag v0.22.7
 	github.com/go-openapi/validate v0.22.6
-	github.com/go-playground/validator/v10 v10.16.0
 	github.com/go-swagger/go-swagger v0.30.5
 	github.com/golang-jwt/jwt/v4 v4.5.0
 	github.com/golang/mock v1.6.0
-	github.com/sirupsen/logrus v1.9.3
+	github.com/rs/xid v1.5.0
+	github.com/rs/zerolog v1.32.0
 	github.com/spf13/pflag v1.0.5
 	github.com/stretchr/testify v1.8.4
 	gorm.io/driver/sqlserver v1.5.1
@@ -26,8 +28,25 @@ require (
 
 require (
 	github.com/chenzhuoyu/iasm v0.9.0 // indirect
+	github.com/elnormous/contenttype v1.0.4 // indirect
+	github.com/go-jose/go-jose/v3 v3.0.1 // indirect
+	github.com/go-playground/validator/v10 v10.16.0 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/uuid v1.5.0 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
 	go.opentelemetry.io/otel/metric v1.17.0 // indirect
+	golang.org/x/oauth2 v0.13.0 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	k8s.io/apimachinery v0.29.0 // indirect
+	k8s.io/klog/v2 v2.110.1 // indirect
+	k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
+	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
 )
 
 require (