From 13e3c24f4bb27376af084a4e8fa422270cdb85cd Mon Sep 17 00:00:00 2001
From: Rui Yang <ryang@pivotal.io>
Date: Mon, 4 Nov 2019 17:06:23 -0500
Subject: [PATCH] append role to space guids

Signed-off-by: Rui Yang <ryang@pivotal.io>
Co-authored-by: Joshua Winters <jwinters@pivotal.io>
---
 connector/cf/cf.go      | 27 +++++++++++++++------------
 connector/cf/cf_test.go | 10 ++++++++--
 2 files changed, 23 insertions(+), 14 deletions(-)

diff --git a/connector/cf/cf.go b/connector/cf/cf.go
index 6b33ebe1..67c3d567 100644
--- a/connector/cf/cf.go
+++ b/connector/cf/cf.go
@@ -68,6 +68,7 @@ type Space struct {
 	Name    string
 	Guid    string
 	OrgGuid string
+	Role    string
 }
 
 type Org struct {
@@ -192,7 +193,7 @@ func (c *cfConnector) LoginURL(scopes connector.Scopes, callbackURL, state strin
 	return oauth2Config.AuthCodeURL(state), nil
 }
 
-func fetchRoleSpaces(baseUrl, path string, client *http.Client) ([]Space, error) {
+func fetchRoleSpaces(baseUrl, path, role string, client *http.Client) ([]Space, error) {
 	var spaces []Space
 
 	resources, err := fetchResources(baseUrl, path, client)
@@ -205,6 +206,7 @@ func fetchRoleSpaces(baseUrl, path string, client *http.Client) ([]Space, error)
 			Name:    resource.Entity.Name,
 			Guid:    resource.Metadata.Guid,
 			OrgGuid: resource.Entity.OrganizationGuid,
+			Role:    role,
 		})
 	}
 
@@ -268,32 +270,33 @@ func getGroupsClaims(orgs []Org, spaces []Space) []string {
 
 	var (
 		orgMap       = map[string]string{}
-		orgSpaces    = map[string][]string{}
+		orgSpaces    = map[string][]Space{}
 		groupsClaims = map[string]bool{}
 	)
 
 	for _, org := range orgs {
 		orgMap[org.Guid] = org.Name
-		orgSpaces[org.Name] = []string{}
+		orgSpaces[org.Name] = []Space{}
 		groupsClaims[org.Guid] = true
 		groupsClaims[org.Name] = true
 	}
 
 	for _, space := range spaces {
 		orgName := orgMap[space.OrgGuid]
-		orgSpaces[orgName] = append(orgSpaces[orgName], space.Name)
+		orgSpaces[orgName] = append(orgSpaces[orgName], space)
 		groupsClaims[space.Guid] = true
+		groupsClaims[fmt.Sprintf("%s:%s", space.Guid, space.Role)] = true
 	}
 
-	for orgName, spaceNames := range orgSpaces {
-		for _, spaceName := range spaceNames {
-			groupsClaims[fmt.Sprintf("%s:%s", orgName, spaceName)] = true
+	for orgName, spaces := range orgSpaces {
+		for _, space := range spaces {
+			groupsClaims[fmt.Sprintf("%s:%s", orgName, space.Name)] = true
 		}
 	}
 
 	var groups []string
-	for k, _ := range groupsClaims {
-		groups = append(groups, k)
+	for group, _ := range groupsClaims {
+		groups = append(groups, group)
 	}
 
 	sort.Strings(groups)
@@ -362,17 +365,17 @@ func (c *cfConnector) HandleCallback(s connector.Scopes, r *http.Request) (ident
 			return identity, fmt.Errorf("failed to fetch organizaitons: %v", err)
 		}
 
-		developerSpaces, err := fetchRoleSpaces(c.apiURL, devPath, client)
+		developerSpaces, err := fetchRoleSpaces(c.apiURL, devPath, "developer", client)
 		if err != nil {
 			return identity, fmt.Errorf("failed to fetch spaces for developer roles: %v", err)
 		}
 
-		auditorSpaces, err := fetchRoleSpaces(c.apiURL, auditorPath, client)
+		auditorSpaces, err := fetchRoleSpaces(c.apiURL, auditorPath, "auditor", client)
 		if err != nil {
 			return identity, fmt.Errorf("failed to fetch spaces for developer roles: %v", err)
 		}
 
-		managerSpaces, err := fetchRoleSpaces(c.apiURL, managerPath, client)
+		managerSpaces, err := fetchRoleSpaces(c.apiURL, managerPath, "manager", client)
 		if err != nil {
 			return identity, fmt.Errorf("failed to fetch spaces for developer roles: %v", err)
 		}
diff --git a/connector/cf/cf_test.go b/connector/cf/cf_test.go
index 40daa7c7..f6014230 100644
--- a/connector/cf/cf_test.go
+++ b/connector/cf/cf_test.go
@@ -48,7 +48,7 @@ func TestHandleCallback(t *testing.T) {
 		identity, err := cfConn.HandleCallback(connector.Scopes{Groups: true}, req)
 		expectEqual(t, err, nil)
 
-		expectEqual(t, len(identity.Groups), 12)
+		expectEqual(t, len(identity.Groups), 18)
 		expectEqual(t, identity.Groups[0], "some-org-guid-1")
 		expectEqual(t, identity.Groups[1], "some-org-guid-2")
 		expectEqual(t, identity.Groups[2], "some-org-guid-3")
@@ -60,7 +60,13 @@ func TestHandleCallback(t *testing.T) {
 		expectEqual(t, identity.Groups[8], "some-org-name-3")
 		expectEqual(t, identity.Groups[9], "some-org-name-4")
 		expectEqual(t, identity.Groups[10], "some-space-guid-1")
-		expectEqual(t, identity.Groups[11], "some-space-guid-2")
+		expectEqual(t, identity.Groups[11], "some-space-guid-1:auditor")
+		expectEqual(t, identity.Groups[12], "some-space-guid-1:developer")
+		expectEqual(t, identity.Groups[13], "some-space-guid-1:manager")
+		expectEqual(t, identity.Groups[14], "some-space-guid-2")
+		expectEqual(t, identity.Groups[15], "some-space-guid-2:auditor")
+		expectEqual(t, identity.Groups[16], "some-space-guid-2:developer")
+		expectEqual(t, identity.Groups[17], "some-space-guid-2:manager")
 	})
 
 	t.Run("CallbackWithoutGroupsScope", func(t *testing.T) {