Add limited support for Originating Identity

pivotal-cf · Oct 27, 2018 · e6cbefe · e6cbefe
1 parent 9ed104e
commit e6cbefe
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -28,6 +28,11 @@ Alternatively, if you already have a `*mux.Router` that you want to attach servi
 
 `NewFailureResponse()` allows you to return a custom error from any of the `ServiceBroker` interface methods which return an error. Within this you must define an error, a HTTP response status code and a logging key. You can also use the `NewFailureResponseBuilder()` to add a custom `Error:` value in the response, or indicate that the broker should return an empty response rather than the error message.
 
+## Originating Identity
+
+The request context for every request contains the unparsed `X-Broker-API-Originating-Identity` header under the key `originatingIdentityKey`.
+More details on how the Open Service Broker API manages request originating identity is available [here](https://github.com/openservicebrokerapi/servicebroker/blob/master/spec.md#originating-identity).
+
 ## Example Service Broker
 
 You can see the [cf-redis](https://github.com/pivotal-cf/cf-redis-broker/blob/2f0e9a8ebb1012a9be74bbef2d411b0b3b60352f/broker/broker.go) service broker uses the BrokerAPI package to create a service broker for Redis.
diff --git a/api.go b/api.go
@@ -16,6 +16,7 @@
 package brokerapi
 
 import (
+ "context"
  "encoding/json"
  "errors"
  "fmt"
@@ -39,6 +40,8 @@ const (
  lastBindingOperationLogKey = "lastBindingOperation"
  catalogLogKey = "catalog"
 
+ originatingIdentityKey = "originatingIdentity"
+
  instanceIDLogKey = "instance-id"
  instanceDetailsLogKey = "instance-details"
  bindingIDLogKey = "binding-id"
@@ -79,7 +82,10 @@ type BrokerCredentials struct {
 func New(serviceBroker ServiceBroker, logger lager.Logger, brokerCredentials BrokerCredentials) http.Handler {
  router := mux.NewRouter()
  AttachRoutes(router, serviceBroker, logger)
- return auth.NewWrapper(brokerCredentials.Username, brokerCredentials.Password).Wrap(router)
+
+ authMiddleware := auth.NewWrapper(brokerCredentials.Username, brokerCredentials.Password).Wrap
+ router.Use(authMiddleware, brokerApiOriginatingIdentityMiddleware)
+ return router
 }
 
 func AttachRoutes(router *mux.Router, serviceBroker ServiceBroker, logger lager.Logger) {
@@ -791,3 +797,11 @@ func checkBrokerAPIVersionHdr(req *http.Request) (brokerVersion, error) {
  }
  return version, nil
 }
+
+func brokerApiOriginatingIdentityMiddleware(next http.Handler) http.Handler {
+ return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+ originatingIdentity := req.Header.Get("X-Broker-API-Originating-Identity")
+ newCtx := context.WithValue(req.Context(), originatingIdentityKey, originatingIdentity)
+ next.ServeHTTP(w, req.WithContext(newCtx))
+ })
+}