@@ -26,7 +26,7 @@ import (
2626 "math/rand"
2727 "os"
2828 "path/filepath"
29- "reflect "
29+ "strconv "
3030 "strings"
3131 "time"
3232
@@ -439,6 +439,11 @@ func parseAction(cmd *cobra.Command, args []string, update bool) (*whisk.Action,
439439 }
440440
441441 action .Annotations = annotations .(whisk.KeyValueArr )
442+ var requireWhiskAuth = action .Annotations .FindKeyValue (WEB_SECURE_ANNOT )
443+ _ , isNumberFormat := action .Annotations [requireWhiskAuth ].Value .(json.Number )
444+ if requireWhiskAuth > - 1 && isNumberFormat {
445+ action .Annotations .AddOrReplace (& whisk.KeyValue {Key : WEB_SECURE_ANNOT , Value : string (action .Annotations [requireWhiskAuth ].Value .(json.Number ))})
446+ }
442447 }
443448
444449 if len (Flags .action .kind ) > 0 && len (Flags .action .docker ) > 0 {
@@ -573,7 +578,7 @@ func augmentWebSecureArg(cmd *cobra.Command, args []string, originalAction *whis
573578 augmentedAction .Annotations = augmentedAction .Annotations .AppendKeyValueArr (getWebSecureAnnotations (existingAction ))
574579 }
575580 }
576- augmentedAction .Annotations = updateWebSecureAnnotation (Flags .action .websecure , augmentedAction .Annotations )
581+ augmentedAction .Annotations = updateWebSecureAnnotation (Flags .action .websecure , augmentedAction .Annotations , existingAction )
577582 }
578583
579584 whisk .Debug (whisk .DbgInfo , "augmentWebSecureArg: Augmented action struct: %#v\n " , augmentedAction )
@@ -849,49 +854,75 @@ func getWebSecureAnnotations(action *whisk.Action) whisk.KeyValueArr {
849854 return webKvArr [0 :j ]
850855}
851856
857+ func getNewSecret (secret interface {}) string {
858+ _ , isJSONNum := secret .(json.Number )
859+ _ , isInt := secret .(int64 )
860+ if isJSONNum {
861+ return string (secret .(json.Number ))
862+ } else if isInt {
863+ return strconv .FormatInt (secret .(int64 ), 10 )
864+ }
865+ return secret .(string )
866+ }
867+
852868/*
853869 * Update the existing annotations with the web security annotation
854870 * If the current web security setting and existing setting are the "same", keep the existing value
855871 * -> checking for the same "--web-secure true" setting means just checking if the two values are integers
856872 * If the current web security setting is "false", remove any existing setting
857873 */
858- func updateWebSecureAnnotation (websecure string , annotations whisk.KeyValueArr ) whisk.KeyValueArr {
859- secureSecret := webSecureSecret (websecure ) // will be false when "--web-secure false"
860- existingSecret := annotations .GetValue (WEB_SECURE_ANNOT )
861- _ , disableSecurity := secureSecret .(bool )
862- _ , newSecretIsInt := secureSecret .(int64 )
863- var existingSecretIsInt bool = false
864- if existingSecret != nil {
865- _ , existingSecretIsInt = existingSecret .(json.Number )
866- }
867-
868- if existingSecretIsInt && newSecretIsInt {
869- whisk .Debug (whisk .DbgInfo , "Retaining existing secret number\n " )
870- } else if existingSecret != nil && disableSecurity {
871- whisk .Debug (whisk .DbgInfo , "disabling web-secure; deleting annotation: %v\n " , WEB_SECURE_ANNOT )
872- annotations = deleteKey (WEB_SECURE_ANNOT , annotations )
874+ func updateWebSecureAnnotation (websecure string , annotations whisk.KeyValueArr , existingAction * whisk.Action ) whisk.KeyValueArr {
875+ secureSecret , secureSecretIsRandomlyGenerated := webSecureSecret (websecure )
876+ userProvidedSecret := annotations .GetValue (WEB_SECURE_ANNOT )
877+ //There is no existing action. So we create require-whisk-auth value based on user input.
878+ if existingAction == nil {
879+ whisk .Debug (whisk .DbgInfo , "Creating secure secret for user based on their input.\n " )
880+ if userProvidedSecret != nil {
881+ whisk .Debug (whisk .DbgInfo , "Setting %v annotation; new secret %v\n " , WEB_SECURE_ANNOT , userProvidedSecret )
882+ annotations = annotations .AddOrReplace (& whisk.KeyValue {Key : WEB_SECURE_ANNOT , Value : getNewSecret (userProvidedSecret )})
883+ return annotations
884+ }
885+ whisk .Debug (whisk .DbgInfo , "Setting %v annotation; new secret %v\n " , WEB_SECURE_ANNOT , secureSecret )
886+ annotations = annotations .AddOrReplace (& whisk.KeyValue {Key : WEB_SECURE_ANNOT , Value : getNewSecret (secureSecret )})
873887 } else {
874- whisk .Debug (whisk .DbgInfo , "Setting %v annotation; prior secret %v new secret %v\n " ,
875- WEB_SECURE_ANNOT , reflect .TypeOf (existingSecret ), reflect .TypeOf (secureSecret ))
876- annotations = annotations .AddOrReplace (& whisk.KeyValue {Key : WEB_SECURE_ANNOT , Value : secureSecret })
888+ existingSecret := existingAction .Annotations .GetValue (WEB_SECURE_ANNOT )
889+ _ , disableSecurity := secureSecret .(bool )
890+ if existingSecret != nil && disableSecurity {
891+ whisk .Debug (whisk .DbgInfo , "disabling web-secure; deleting annotation: %v\n " , WEB_SECURE_ANNOT )
892+ annotations = deleteKey (WEB_SECURE_ANNOT , annotations )
893+ return annotations
894+ }
895+ //if existingAction secret is not the same with annotations secret, this means user updated the secret using annotation
896+ if existingSecret != annotations .GetValue (WEB_SECURE_ANNOT ) {
897+ whisk .Debug (whisk .DbgInfo , "User updates action using --web-secure true -a require-whisk-auth secureKkeyVal. Setting %v annotation; new secret %v\n " , WEB_SECURE_ANNOT , annotations .GetValue (WEB_SECURE_ANNOT ))
898+ annotations = annotations .AddOrReplace (& whisk.KeyValue {Key : WEB_SECURE_ANNOT , Value : getNewSecret (annotations .GetValue (WEB_SECURE_ANNOT ))})
899+ } else {
900+ //new secret is randomly generated, then user typed true
901+ if secureSecretIsRandomlyGenerated {
902+ whisk .Debug (whisk .DbgInfo , "User updates action using --web-secure true without explicitly setting require-whisk-auth annotation. Retaining original action require-whisk-auth value\n " )
903+ } else {
904+ //new secret is not randomly generated, then user typed string.
905+ whisk .Debug (whisk .DbgInfo , "User updates action using --web-secure string. Setting %v annotation; new secret %v\n " , WEB_SECURE_ANNOT , secureSecret )
906+ annotations = annotations .AddOrReplace (& whisk.KeyValue {Key : WEB_SECURE_ANNOT , Value : getNewSecret (secureSecret )})
907+ }
908+ }
877909 }
878-
879910 return annotations
880911}
881912
882913//
883- // Generate a secret according to the --web-secure setting
884- // true: return a random int64
885- // false: return false, meaning no secret was returned
886- // string: return the same string
887- func webSecureSecret (webSecureMode string ) interface {} {
914+ // Generate a secret according to the --web-secure setting and return an indication of whether a random number is generated as secure key
915+ // true: return a random int64 and true
916+ // false: return false and false
917+ // string: return the same string and false
918+ func webSecureSecret (webSecureMode string ) ( interface {}, bool ) {
888919 switch strings .ToLower (webSecureMode ) {
889920 case "true" :
890- return genWebActionSecureKey ()
921+ return genWebActionSecureKey (), true
891922 case "false" :
892- return false
923+ return false , false
893924 default :
894- return webSecureMode
925+ return webSecureMode , false
895926 }
896927}
897928
0 commit comments