authorizer/src/asapo_authorizer/cli/revoke_token.go

@@ -22,7 +22,7 @@ func (cmd *command) CommandRevoke_token() (err error) {
 	if err != nil {
 		return err
 	}
-	token,err := store.RevokeToken(flags.Token, flags.TokenId)
+	token, err := store.RevokeToken(flags.Token, flags.TokenId)
 	if err != nil {
 		return err
 	}

authorizer/src/asapo_authorizer/cli/revoke_token_test.go

@@ -2,16 +2,17 @@ package cli
 
 import (
 	"asapo_authorizer/token_store"
-	"github.com/stretchr/testify/assert"
 	"testing"
+
+	"github.com/stretchr/testify/assert"
 )
 
 func TestRevokeTokenToken(t *testing.T) {
 	mock_store := new(token_store.MockedStore)
 	store = mock_store
 
-	mock_store.On("RevokeToken", "123","").Return(token_store.TokenRecord{}, nil)
-	c := command{"revoke-token", []string{"-token","123"}}
+	mock_store.On("RevokeToken", "123", "").Return(token_store.TokenRecord{}, nil)
+	c := command{"revoke-token", []string{"-token", "123"}}
 	err := c.CommandRevoke_token()
 	assert.Nil(t, err)
 }
@@ -20,8 +21,8 @@ func TestRevokeTokenTokenId(t *testing.T) {
 	mock_store := new(token_store.MockedStore)
 	store = mock_store
 
-	mock_store.On("RevokeToken", "","123").Return(token_store.TokenRecord{}, nil)
-	c := command{"revoke-token", []string{"-token-id","123"}}
+	mock_store.On("RevokeToken", "", "123").Return(token_store.TokenRecord{}, nil)
+	c := command{"revoke-token", []string{"-token-id", "123"}}
 	err := c.CommandRevoke_token()
 	assert.Nil(t, err)
-}
\ No newline at end of file
+}

authorizer/src/asapo_authorizer/common/error.go

 package common
 
 type ServerError struct {
-	Code int
-	Message    string
+	Code    int
+	Message string
 }
 
 func (e *ServerError) Error() string {

authorizer/src/asapo_authorizer/common/settings.go

@@ -12,12 +12,12 @@ type authorizerSettings struct {
 	AdminSecretFile        string
 	FolderTokenDurationMin int
 	Ldap                   struct {
-		Uri string
-		BaseDn string
+		Uri            string
+		BaseDn         string
 		FilterTemplate string
 	}
-	DiscoveryServer string
-	DatabaseServer string
+	DiscoveryServer                string
+	DatabaseServer                 string
 	UpdateRevokedTokensIntervalSec int
-	UpdateTokenCacheIntervalSec int
+	UpdateTokenCacheIntervalSec    int
 }

authorizer/src/asapo_authorizer/common/structs.go

 package common
 
-type  BeamtimeMeta struct {
-	BeamtimeId string  `json:"beamtimeId"`
-	Beamline string     `json:"beamline"`
-	DataSource string       `json:"dataSource"`
-	OfflinePath string `json:"corePath"`
-	OnlinePath string `json:"beamline-path"`
-	Type string `json:"source-type"`
-	AccessTypes []string `json:"access-types"`
+type BeamtimeMeta struct {
+	BeamtimeId   string   `json:"beamtimeId"`
+	Beamline     string   `json:"beamline"`
+	DataSource   string   `json:"dataSource"`
+	OfflinePath  string   `json:"corePath"`
+	OnlinePath   string   `json:"beamline-path"`
+	Type         string   `json:"source-type"`
+	AccessTypes  []string `json:"access-types"`
+	InstanceId   string   `json:"instanceId,omitempty"`
+	PipelineStep string   `json:"pipelineStep,omitempty"`
 }
 
-type  CommissioningMeta struct {
-	Id string  `json:"id"`
-	Beamline string     `json:"beamline"`
+type CommissioningMeta struct {
+	Id          string `json:"id"`
+	Beamline    string `json:"beamline"`
 	OfflinePath string `json:"corePath"`
 }

authorizer/src/asapo_authorizer/go.sum

+cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
+github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
+github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
+github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
+github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
+github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
+github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
+github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/go-ldap/ldap v3.0.3+incompatible h1:HTeSZO8hWMS1Rgb2Ziku6b8a7qRIZZMHjsvuZyatzwk=
 github.com/go-ldap/ldap v3.0.3+incompatible/go.mod h1:qfd9rJvER9Q0/D/Sqn1DfHRoBp40uXYvFoEVrNEPqRc=
 github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk=
@@ -32,12 +48,32 @@ github.com/gobuffalo/packd v0.1.0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWe
 github.com/gobuffalo/packr/v2 v2.0.9/go.mod h1:emmyGweYTm6Kdper+iywB6YK5YzuKchGtJQZ0Odn4pQ=
 github.com/gobuffalo/packr/v2 v2.2.0/go.mod h1:CaAwI0GPIAv+5wKLtv8Afwl+Cm78K/I/VCm/3ptBN+0=
 github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw=
+github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
+github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
+github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
+github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
+github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
+github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
+github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/snappy v0.0.1 h1:Qgr9rKW7uDUkrbSmQeiDsGa8SjGyCOGtuasMWwvp2P4=
 github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
+github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.2 h1:X2ev0eStA3AbceY54o37/0PQ/UWqKEiiO2dKL5OPaFM=
 github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
 github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
+github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
 github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4=
@@ -63,6 +99,8 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
@@ -80,6 +118,7 @@ github.com/stretchr/objx v0.1.1 h1:2vfRuCMp5sSVIDSqO8oNnWJq7mPa6KVP3iPIwFBuy8A=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
@@ -95,18 +134,35 @@ github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d h1:splanxYIlg+5LfHAM
 github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA=
 go.mongodb.org/mongo-driver v1.7.2 h1:pFttQyIiJUHEn50YfZgC9ECjITMT44oiN36uArf/OFg=
 go.mongodb.org/mongo-driver v1.7.2/go.mod h1:Q4oFMbo1+MSNqICAdYMlC/zSTrwCogR4R8NzkI+yfU8=
+go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
-golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073 h1:xMPOj6Pz6UipU1wXLkrtqpHbR0AVFnyPEQq/wRWz9lM=
 golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
+golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190412183630-56d357773e84/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e h1:vcxGaoTs7kV8m5Np9uUNQin4BrLOthgV7252N8V+FwY=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -114,24 +170,56 @@ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190419153524-e8e3143a4f4a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190531175056-4c3a928424d2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191026070338-33540a1f6037 h1:YyJpGZS1sBuBCzLAR1VEpK193GlqGZbnPFnPV/5Rsb4=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd h1:xhmwyvizuTgC2qz7ZlMluP20uW+C3Rm0FD/WLDX8884=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.5 h1:i6eZZ+zk0SOf0xgBpEpPD18qWcJda6q1sxt3S0kzyUQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
+golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190329151228-23e29df326fe/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190416151739-9c9e1878f421/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190420181800-aa740d480789/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190531172133-b3315ee88b7d/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
+google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
+google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
+google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
+google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
+google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
+google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE=
+google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
+google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
+google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
+google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
+google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
+google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d h1:TxyelI5cVkbREznMhfzycHdkp5cLA7DpE+GKjSslYhM=
 gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d/go.mod h1:cuepJuh7vyXfUyUwEgHQXw849cJrilpS5NeIjOWESAw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=

authorizer/src/asapo_authorizer/ldap_client/ldap_client.go

 package ldap_client
 
 type LdapClient interface {
-	GetAllowedIpsForBeamline(url string,base string, filter string) ([]string, error)
+	GetAllowedIpsForBeamline(url string, base string, filter string) ([]string, error)
 }

authorizer/src/asapo_authorizer/ldap_client/mock_client.go

@@ -6,7 +6,7 @@ type MockedLdapClient struct {
 	mock.Mock
 }
 
-func (c *MockedLdapClient) GetAllowedIpsForBeamline(url string,base string,filter string) ([]string, error) {
-	args := c.Called(url,base,filter)
+func (c *MockedLdapClient) GetAllowedIpsForBeamline(url string, base string, filter string) ([]string, error) {
+	args := c.Called(url, base, filter)
 	return args.Get(0).([]string), args.Error(1)
 }

authorizer/src/asapo_authorizer/ldap_client/openldap_client.go

@@ -6,8 +6,9 @@ import (
 	"asapo_common/utils"
 	"net"
 	"strings"
+
+	"github.com/go-ldap/ldap"
 )
-import "github.com/go-ldap/ldap"
 
 type OpenLdapClient struct {
 }

authorizer/src/asapo_authorizer/ldap_client/openldap_client_test.go

@@ -3,30 +3,31 @@ package ldap_client
 import (
 	"asapo_authorizer/common"
 	"asapo_common/utils"
-	"github.com/stretchr/testify/assert"
 	"testing"
+
+	"github.com/stretchr/testify/assert"
 )
 
 func TestOpenLDAP(t *testing.T) {
 	lc := new(OpenLdapClient)
 	uri := "ldap://localhost:389"
 	base := "ou=rgy,o=desy,c=de"
-	filter:= "(cn=a3p00-hosts)"
+	filter := "(cn=a3p00-hosts)"
 	expected_ips := []string{"127.0.0.1"}
-	res,err := lc.GetAllowedIpsForBeamline(uri,base,filter)
-	assert.Nil(t,err)
-	assert.Equal(t,expected_ips,res)
+	res, err := lc.GetAllowedIpsForBeamline(uri, base, filter)
+	assert.Nil(t, err)
+	assert.Equal(t, expected_ips, res)
 }
 
 func TestOpenLDAPCannotDeal(t *testing.T) {
 	lc := new(OpenLdapClient)
 	uri := "ldap://localhost1:3891"
 	base := "ou=rgy,o=desy,c=de"
-	filter:= "(cn=a3p00-hosts)"
-	_,err := lc.GetAllowedIpsForBeamline(uri,base,filter)
-	se,ok:= err.(*common.ServerError)
-	assert.Equal(t,ok,true)
-	if  ok {
-		assert.Equal(t,utils.StatusServiceUnavailable,se.Code)
+	filter := "(cn=a3p00-hosts)"
+	_, err := lc.GetAllowedIpsForBeamline(uri, base, filter)
+	se, ok := err.(*common.ServerError)
+	assert.Equal(t, ok, true)
+	if ok {
+		assert.Equal(t, utils.StatusServiceUnavailable, se.Code)
 	}
 }

authorizer/src/asapo_authorizer/main/authorizer.go

-//+build !test
+//go:build !test
+// +build !test
 
 package main
 
@@ -33,7 +34,7 @@ func main() {
 		return
 	}
 
-	if *fname=="" {
+	if *fname == "" {
 		log.Fatal("config file path is missed")
 
 	}

authorizer/src/asapo_authorizer/server/authorize.go

@@ -17,6 +17,10 @@ type SourceCredentials struct {
 	DataSource string
 	Token      string
 	Type       string
+
+	// Optional
+	InstanceId   string `json:",omitempty"`
+	PipelineStep string `json:",omitempty"`
 }
 
 type authorizationRequest struct {
@@ -25,15 +29,27 @@ type authorizationRequest struct {
 }
 
 func getSourceCredentials(request authorizationRequest) (SourceCredentials, error) {
-
 	vals := strings.Split(request.SourceCredentials, "%")
 	nvals := len(vals)
-	if nvals < 5 {
+	if nvals < 7 {
 		return SourceCredentials{}, errors.New("cannot get source credentials from " + request.SourceCredentials)
 	}
 
-	creds := SourceCredentials{Type: vals[0], BeamtimeId: vals[1], Beamline: vals[2], Token: vals[nvals-1]}
-	creds.DataSource = strings.Join(vals[3:nvals-1], "%")
+	var creds SourceCredentials
+
+	creds = SourceCredentials{
+		Type:       vals[0],
+		InstanceId: vals[1], PipelineStep: vals[2],
+		BeamtimeId: vals[3], Beamline: vals[4], Token: vals[nvals-1]}
+	creds.DataSource = strings.Join(vals[5:nvals-1], "%")
+	if creds.InstanceId == "" {
+		creds.InstanceId = "auto"
+	}
+
+	if creds.PipelineStep == "" {
+		creds.PipelineStep = "auto"
+	}
+
 	if creds.DataSource == "" {
 		creds.DataSource = "detector"
 	}
@@ -46,6 +62,14 @@ func getSourceCredentials(request authorizationRequest) (SourceCredentials, erro
 		creds.BeamtimeId = "auto"
 	}
 
+	log.WithFields(map[string]interface{}{
+		"creds": request.SourceCredentials,
+	}).Debug("received credentials")
+
+	if creds.InstanceId == "auto" || creds.PipelineStep == "auto" {
+		return SourceCredentials{}, errors.New("InstanceId and PipelineStep must be already set on client side")
+	}
+
 	if creds.BeamtimeId == "auto" && creds.Beamline == "auto" {
 		return SourceCredentials{}, errors.New("cannot automaticaly detect both beamline and beamtime_id ")
 	}
@@ -90,7 +114,7 @@ func beamtimeMetaFromMatch(match string) (common.BeamtimeMeta, error) {
 	var bt common.BeamtimeMeta
 	ignoredFoldersAfterGpfs := []string{"common", "BeamtimeUsers", "state", "support"}
 	if utils.StringInSlice(vars[2], ignoredFoldersAfterGpfs) {
-		return common.BeamtimeMeta{}, errors.New("skipped fodler")
+		return common.BeamtimeMeta{}, errors.New("skipped folder")
 	}
 
 	bt.OfflinePath = common.Settings.RootBeamtimesFolder + string(filepath.Separator) + match
@@ -178,9 +202,11 @@ func findBeamtimeMetaFromBeamline(beamline string, iscommissioning bool) (meta c
 func alwaysAllowed(creds SourceCredentials) (common.BeamtimeMeta, bool) {
 	for _, pair := range common.Settings.AlwaysAllowedBeamtimes {
 		if pair.BeamtimeId == creds.BeamtimeId {
+			pair.InstanceId = creds.InstanceId
+			pair.PipelineStep = creds.PipelineStep
 			pair.DataSource = creds.DataSource
 			pair.Type = creds.Type
-			pair.AccessTypes = []string{"read", "write","writeraw"}
+			pair.AccessTypes = []string{"read", "write", "writeraw"}
 			return pair, true
 		}
 	}
@@ -278,6 +304,8 @@ func findMeta(creds SourceCredentials) (common.BeamtimeMeta, error) {
 		return common.BeamtimeMeta{}, err
 	}
 
+	meta.InstanceId = creds.InstanceId
+	meta.PipelineStep = creds.PipelineStep
 	meta.DataSource = creds.DataSource
 	meta.Type = creds.Type
 
@@ -294,7 +322,7 @@ func authorizeMeta(meta common.BeamtimeMeta, request authorizationRequest, creds
 
 	if creds.Beamline != "auto" && meta.Beamline != creds.Beamline {
 		err_string := "given beamline (" + creds.Beamline + ") does not match the found one (" + meta.Beamline + ")"
-		log.Debug(err_string)
+		log.Error(err_string)
 		return nil, errors.New(err_string)
 	}
 
@@ -330,8 +358,14 @@ func authorize(request authorizationRequest, creds SourceCredentials) (common.Be
 	}
 
 	meta.AccessTypes = accessTypes
-	log.Debug("authorized creds bl/bt: ", creds.Beamline+"/"+creds.BeamtimeId+", beamtime "+meta.BeamtimeId+" for "+request.OriginHost+" in "+
-		meta.Beamline+", type "+meta.Type, "online path "+meta.OnlinePath+", offline path "+meta.OfflinePath)
+	log.WithFields(map[string]interface{}{
+		"beamline":    creds.Beamline,
+		"beamtime":    creds.BeamtimeId,
+		"origin":      request.OriginHost,
+		"type":        meta.Type,
+		"onlinePath":  meta.OnlinePath,
+		"offlinePath": meta.OfflinePath,
+	}).Debug("authorized credentials")
 	return meta, nil
 }
 
@@ -372,7 +406,7 @@ func routeAuthorize(w http.ResponseWriter, r *http.Request) {
 	}
 
 	w.WriteHeader(http.StatusOK)
-	w.Write([]byte(res))
+	w.Write(res)
 }
 
 func checkRole(w http.ResponseWriter, r *http.Request, role string) error {

authorizer/src/asapo_authorizer/server/authorize_test.go

@@ -7,7 +7,6 @@ import (
 	"asapo_authorizer/token_store"
 	"asapo_common/structs"
 	"asapo_common/utils"
-	"github.com/stretchr/testify/assert"
 	"io/ioutil"
 	"net/http"
 	"net/http/httptest"
@@ -15,6 +14,8 @@ import (
 	"path/filepath"
 	"strings"
 	"testing"
+
+	"github.com/stretchr/testify/assert"
 )
 
 var expectedTokenId = "123"
@@ -82,18 +83,23 @@ var credTests = []struct {
 	ok      bool
 	message string
 }{
-	{"processed%asapo_test%auto%%", SourceCredentials{"asapo_test", "auto", "detector", "", "processed"}, true, "auto beamline, source and no token"},
-	{"processed%asapo_test%auto%%token", SourceCredentials{"asapo_test", "auto", "detector", "token", "processed"}, true, "auto beamline, source"},
-	{"processed%asapo_test%auto%source%", SourceCredentials{"asapo_test", "auto", "source", "", "processed"}, true, "auto beamline, no token"},
-	{"processed%asapo_test%auto%source%token", SourceCredentials{"asapo_test", "auto", "source", "token", "processed"}, true, "auto beamline,source, token"},
-	{"processed%asapo_test%beamline%source%token", SourceCredentials{"asapo_test", "beamline", "source", "token", "processed"}, true, "all set"},
-	{"processed%auto%beamline%source%token", SourceCredentials{"auto", "beamline", "source", "token", "processed"}, true, "auto beamtime"},
-	{"raw%auto%auto%source%token", SourceCredentials{}, false, "auto beamtime and beamline"},
-	{"raw%%beamline%source%token", SourceCredentials{"auto", "beamline", "source", "token", "raw"}, true, "empty beamtime"},
-	{"raw%asapo_test%%source%token", SourceCredentials{"asapo_test", "auto", "source", "token", "raw"}, true, "empty bealine"},
-	{"raw%%%source%token", SourceCredentials{}, false, "both empty"},
-	{"processed%asapo_test%beamline%source%blabla%token", SourceCredentials{"asapo_test", "beamline", "source%blabla", "token", "processed"}, true, "% in source"},
-	{"processed%asapo_test%beamline%source%blabla%", SourceCredentials{"asapo_test", "beamline", "source%blabla", "", "processed"}, true, "% in source, no token"},
+	{"processed%instance%step%asapo_test%auto%%", SourceCredentials{"asapo_test", "auto", "detector", "", "processed", "instance", "step"}, true, "auto beamline, source and no token"},
+	{"processed%instance%step%asapo_test%auto%%token", SourceCredentials{"asapo_test", "auto", "detector", "token", "processed", "instance", "step"}, true, "auto beamline, source"},
+	{"processed%instance%step%asapo_test%auto%source%", SourceCredentials{"asapo_test", "auto", "source", "", "processed", "instance", "step"}, true, "auto beamline, no token"},
+	{"processed%instance%step%asapo_test%auto%source%token", SourceCredentials{"asapo_test", "auto", "source", "token", "processed", "instance", "step"}, true, "auto beamline,source, token"},
+	{"processed%instance%step%asapo_test%beamline%source%token", SourceCredentials{"asapo_test", "beamline", "source", "token", "processed", "instance", "step"}, true, "all set"},
+	{"processed%instance%step%auto%beamline%source%token", SourceCredentials{"auto", "beamline", "source", "token", "processed", "instance", "step"}, true, "auto beamtime"},
+	{"raw%instance%step%auto%auto%source%token", SourceCredentials{}, false, "auto beamtime and beamline"},
+	{"raw%instance%step%%beamline%source%token", SourceCredentials{"auto", "beamline", "source", "token", "raw", "instance", "step"}, true, "empty beamtime"},
+	{"raw%instance%step%asapo_test%%source%token", SourceCredentials{"asapo_test", "auto", "source", "token", "raw", "instance", "step"}, true, "empty bealine"},
+	{"raw%instance%step%%%source%token", SourceCredentials{}, false, "both empty"},
+	{"processed%instance%step%asapo_test%beamline%source%blabla%token", SourceCredentials{"asapo_test", "beamline", "source%blabla", "token", "processed", "instance", "step"}, true, "% in source"},
+	{"processed%instance%step%asapo_test%beamline%source%blabla%", SourceCredentials{"asapo_test", "beamline", "source%blabla", "", "processed", "instance", "step"}, true, "% in source, no token"},
+	{"processed%instance%step%asapo_test%beamline%source%blabla%", SourceCredentials{"asapo_test", "beamline", "source%blabla", "", "processed", "instance", "step"}, true, "new format: % in source, no token"},
+	{"processed%auto%step%asapo_test%beamline%source%blabla%", SourceCredentials{"asapo_test", "beamline", "source%blabla", "", "processed", "auto", "step"}, false, "new format: auto instance"},
+	{"processed%instance%auto%asapo_test%beamline%source%blabla%", SourceCredentials{"asapo_test", "beamline", "source%blabla", "", "processed", "instance", "auto"}, false, "new format: auto step"},
+	{"processed%%auto%asapo_test%beamline%source%blabla%", SourceCredentials{"asapo_test", "beamline", "source%blabla", "", "processed", "", "auto"}, false, "new format: missing instance"},
+	{"processed%instance%%asapo_test%beamline%source%blabla%", SourceCredentials{"asapo_test", "beamline", "source%blabla", "", "processed", "instance", ""}, false, "new format: missing step"},
 }
 
 func TestSplitCreds(t *testing.T) {
@@ -112,8 +118,8 @@ func TestSplitCreds(t *testing.T) {
 }
 
 func TestAuthorizeDefaultOK(t *testing.T) {
-	allowBeamlines([]common.BeamtimeMeta{{"asapo_test", "beamline", "", "2019", "tf", "", nil}})
-	request := makeRequest(authorizationRequest{"processed%asapo_test%%%", "host"})
+	allowBeamlines([]common.BeamtimeMeta{{"asapo_test", "beamline", "", "2019", "tf", "", nil, "instance", "step"}})
+	request := makeRequest(authorizationRequest{"processed%instance%step%asapo_test%%%", "host"})
 	w := doPostRequest("/authorize", request, "")
 
 	body, _ := ioutil.ReadAll(w.Body)
@@ -184,65 +190,72 @@ var commissioning_meta = `
 `
 
 var authTests = []struct {
-	source_type string
-	beamtime_id string
-	beamline    string
-	dataSource  string
-	token       string
-	originHost  string
-	status      int
-	message     string
-	answer      string
-	mode        int
+	source_type   string
+	instance_id   string
+	pipeline_step string
+	beamtime_id   string
+	beamline      string
+	dataSource    string
+	token         string
+	originHost    string
+	status        int
+	message       string
+	answer        string
+	mode          int
 }{
-	{"processed", "test", "auto", "dataSource", prepareAsapoToken("bt_test", nil), "127.0.0.2", http.StatusUnauthorized, "missing access types",
+	{"processed", "instance", "step", "test", "auto", "dataSource", prepareAsapoToken("bt_test", nil), "127.0.0.2", http.StatusUnauthorized, "missing access types",
 		"", 0},
-	{"processed", "test", "auto", "dataSource", prepareAsapoToken("bt_test", []string{}), "127.0.0.2", http.StatusUnauthorized, "empty access types",
+	{"processed", "instance", "step", "test", "auto", "dataSource", prepareAsapoToken("bt_test", []string{}), "127.0.0.2", http.StatusUnauthorized, "empty access types",
 		"", 0},
-	{"processed", "test", "auto", "dataSource", prepareAsapoToken("bt_test", []string{"write"}), "127.0.0.2", http.StatusOK, "user source with correct token",
-		`{"beamtimeId":"test","beamline":"bl1","dataSource":"dataSource","corePath":"./tf/gpfs/bl1/2019/data/test","beamline-path":"","source-type":"processed","access-types":["write"]}`, 0},
-	{"processed", "test", "auto", "dataSource", prepareAsapoToken("bt_test", []string{"write"}), "127.0.0.2", http.StatusUnauthorized, "token was revoked",
+	{"processed", "instance", "step", "test", "auto", "dataSource", prepareAsapoToken("bt_test", []string{"write"}), "127.0.0.2", http.StatusOK, "user source with correct token",
+		`{"beamtimeId":"test","beamline":"bl1","dataSource":"dataSource","corePath":"./tf/gpfs/bl1/2019/data/test","beamline-path":"","source-type":"processed","access-types":["write"],"instanceId":"instance","pipelineStep":"step"}`, 0},
+	{"processed", "instance", "step", "test", "auto", "dataSource", prepareAsapoToken("bt_test", []string{"write"}), "127.0.0.2", http.StatusUnauthorized, "token was revoked",
 		"", 2},
-	{"processed", "test_online", "auto", "dataSource", prepareAsapoToken("bt_test_online", []string{"read"}), "127.0.0.1", http.StatusOK, "with online path, processed type",
-		`{"beamtimeId":"test_online","beamline":"bl1","dataSource":"dataSource","corePath":"./tf/gpfs/bl1/2019/data/test_online","beamline-path":"","source-type":"processed","access-types":["read"]}`, 0},
-	{"processed", "test1", "auto", "dataSource", prepareAsapoToken("bt_test1", []string{"read"}), "127.0.0.1", http.StatusUnauthorized, "correct token, beamtime not found",
+	{"processed", "instance", "step", "test_online", "auto", "dataSource", prepareAsapoToken("bt_test_online", []string{"read"}), "127.0.0.1", http.StatusOK, "with online path, processed type",
+		`{"beamtimeId":"test_online","beamline":"bl1","dataSource":"dataSource","corePath":"./tf/gpfs/bl1/2019/data/test_online","beamline-path":"","source-type":"processed","access-types":["read"],"instanceId":"instance","pipelineStep":"step"}`, 0},
+	{"processed", "instance", "step", "test1", "auto", "dataSource", prepareAsapoToken("bt_test1", []string{"read"}), "127.0.0.1", http.StatusUnauthorized, "correct token, beamtime not found",
 		"", 1},
-	{"processed", "test", "auto", "dataSource", prepareAsapoToken("wrong", []string{"read"}), "127.0.0.1", http.StatusUnauthorized, "user source with wrong token",
+	{"processed", "instance", "step", "test", "auto", "dataSource", prepareAsapoToken("wrong", []string{"read"}), "127.0.0.1", http.StatusUnauthorized, "user source with wrong token",
 		"", 0},
-	{"processed", "test", "bl1", "dataSource", prepareAsapoToken("bt_test", []string{"read"}), "127.0.0.1", http.StatusOK, "correct beamline given",
-		`{"beamtimeId":"test","beamline":"bl1","dataSource":"dataSource","corePath":"./tf/gpfs/bl1/2019/data/test","beamline-path":"","source-type":"processed","access-types":["read"]}`, 0},
-	{"processed", "test", "bl2", "dataSource", prepareAsapoToken("bt_test", []string{"read"}), "127.0.0.1", http.StatusUnauthorized, "incorrect beamline given",
+	{"processed", "instance", "step", "test", "bl1", "dataSource", prepareAsapoToken("bt_test", []string{"read"}), "127.0.0.1", http.StatusOK, "correct beamline given",
+		`{"beamtimeId":"test","beamline":"bl1","dataSource":"dataSource","corePath":"./tf/gpfs/bl1/2019/data/test","beamline-path":"","source-type":"processed","access-types":["read"],"instanceId":"instance","pipelineStep":"step"}`, 0},
+	{"processed", "instance", "step", "test", "bl2", "dataSource", prepareAsapoToken("bt_test", []string{"read"}), "127.0.0.1", http.StatusUnauthorized, "incorrect beamline given",
 		"", 1},
-	{"processed", "auto", "p07", "dataSource", prepareAsapoToken("bl_p07", []string{"read"}), "127.0.0.1", http.StatusOK, "beamtime found",
-		`{"beamtimeId":"11111111","beamline":"p07","dataSource":"dataSource","corePath":"asap3/petra3/gpfs/p07/2020/data/11111111","beamline-path":"","source-type":"processed","access-types":["read"]}`, 0},
-	{"processed", "auto", "p07", "dataSource", prepareAsapoToken("bl_p06", []string{"read"}), "127.0.0.1", http.StatusUnauthorized, "wrong token",
+	{"processed", "instance", "step", "auto", "p07", "dataSource", prepareAsapoToken("bl_p07", []string{"read"}), "127.0.0.1", http.StatusOK, "beamtime found",
+		`{"beamtimeId":"11111111","beamline":"p07","dataSource":"dataSource","corePath":"asap3/petra3/gpfs/p07/2020/data/11111111","beamline-path":"","source-type":"processed","access-types":["read"],"instanceId":"instance","pipelineStep":"step"}`, 0},
+	{"processed", "instance", "step", "auto", "p07", "dataSource", prepareAsapoToken("bl_p06", []string{"read"}), "127.0.0.1", http.StatusUnauthorized, "wrong token",
 		"", 0},
-	{"processed", "auto", "p08", "dataSource", prepareAsapoToken("bl_p08", []string{"read"}), "127.0.0.1", http.StatusUnauthorized, "beamtime not found",
+	{"processed", "instance", "step", "auto", "p08", "dataSource", prepareAsapoToken("bl_p08", []string{"read"}), "127.0.0.1", http.StatusUnauthorized, "beamtime not found",
 		"", 1},
-	{"raw", "test_online", "auto", "dataSource", "", "127.0.0.1", http.StatusOK, "raw type",
-		`{"beamtimeId":"test_online","beamline":"bl1","dataSource":"dataSource","corePath":"./tf/gpfs/bl1/2019/data/test_online","beamline-path":"./bl1/current","source-type":"raw","access-types":["read","write","writeraw"]}`, 0},
-	{"raw", "test_online", "auto", "dataSource", "", "127.0.0.1", http.StatusOK, "raw type",
-		`{"beamtimeId":"test_online","beamline":"bl1","dataSource":"dataSource","corePath":"./tf/gpfs/bl1/2019/data/test_online","beamline-path":"./bl1/current","source-type":"raw","access-types":["read","write","writeraw"]}`, 0},
-	{"raw", "auto", "p07", "dataSource", "", "127.0.0.1", http.StatusOK, "raw type, auto beamtime",
-		`{"beamtimeId":"11111111","beamline":"p07","dataSource":"dataSource","corePath":"asap3/petra3/gpfs/p07/2020/data/11111111","beamline-path":"./p07/current","source-type":"raw","access-types":["read","write","writeraw"]}`, 0},
-	{"raw", "auto", "p07", "noldap", "", "127.0.0.1", http.StatusServiceUnavailable, "no conection to ldap",
+	{"raw", "instance", "step", "test_online", "auto", "dataSource", "", "127.0.0.1", http.StatusOK, "raw type",
+		`{"beamtimeId":"test_online","beamline":"bl1","dataSource":"dataSource","corePath":"./tf/gpfs/bl1/2019/data/test_online","beamline-path":"./bl1/current","source-type":"raw","access-types":["read","write","writeraw"],"instanceId":"instance","pipelineStep":"step"}`, 0},
+	{"raw", "instance", "step", "test_online", "auto", "dataSource", "", "127.0.0.1", http.StatusOK, "raw type",
+		`{"beamtimeId":"test_online","beamline":"bl1","dataSource":"dataSource","corePath":"./tf/gpfs/bl1/2019/data/test_online","beamline-path":"./bl1/current","source-type":"raw","access-types":["read","write","writeraw"],"instanceId":"instance","pipelineStep":"step"}`, 0},
+	{"raw", "instance", "step", "auto", "p07", "dataSource", "", "127.0.0.1", http.StatusOK, "raw type, auto beamtime",
+		`{"beamtimeId":"11111111","beamline":"p07","dataSource":"dataSource","corePath":"asap3/petra3/gpfs/p07/2020/data/11111111","beamline-path":"./p07/current","source-type":"raw","access-types":["read","write","writeraw"],"instanceId":"instance","pipelineStep":"step"}`, 0},
+	{"raw", "instance", "step", "auto", "p07", "noldap", "", "127.0.0.1", http.StatusServiceUnavailable, "no conection to ldap",
 		"", 0},
 
-	{"raw", "auto", "p07", "dataSource", prepareAsapoToken("bl_p07", []string{"read", "writeraw"}), "127.0.0.2", http.StatusOK, "raw type with token",
-		`{"beamtimeId":"11111111","beamline":"p07","dataSource":"dataSource","corePath":"asap3/petra3/gpfs/p07/2020/data/11111111","beamline-path":"./p07/current","source-type":"raw","access-types":["read","writeraw"]}`, 0},
+	{"raw", "instance", "step", "auto", "p07", "dataSource", prepareAsapoToken("bl_p07", []string{"read", "writeraw"}), "127.0.0.2", http.StatusOK, "raw type with token",
+		`{"beamtimeId":"11111111","beamline":"p07","dataSource":"dataSource","corePath":"asap3/petra3/gpfs/p07/2020/data/11111111","beamline-path":"./p07/current","source-type":"raw","access-types":["read","writeraw"],"instanceId":"instance","pipelineStep":"step"}`, 0},
 
-	{"raw", "test_online", "auto", "dataSource", "", "127.0.0.2", http.StatusUnauthorized, "raw type, wrong origin host",
+	{"raw", "instance", "step", "test_online", "auto", "dataSource", "", "127.0.0.2", http.StatusUnauthorized, "raw type, wrong origin host",
 		"", 0},
-	{"raw", "test", "auto", "dataSource", prepareAsapoToken("bt_test", []string{"read"}), "127.0.0.1", http.StatusUnauthorized, "raw when not online",
+	{"raw", "instance", "step", "test", "auto", "dataSource", prepareAsapoToken("bt_test", []string{"read"}), "127.0.0.1", http.StatusUnauthorized, "raw when not online",
 		"", 1},
-	{"processed", "test", "auto", "dataSource", "", "127.0.0.1:1001", http.StatusOK, "processed without token",
-		`{"beamtimeId":"test","beamline":"bl1","dataSource":"dataSource","corePath":"./tf/gpfs/bl1/2019/data/test","beamline-path":"","source-type":"processed","access-types":["read","write"]}`, 0},
-	{"processed", "test", "auto", "dataSource", "", "127.0.0.2", http.StatusUnauthorized, "processed without token, wrong host",
+	{"processed", "instance", "step", "test", "auto", "dataSource", "", "127.0.0.1:1001", http.StatusOK, "processed without token",
+		`{"beamtimeId":"test","beamline":"bl1","dataSource":"dataSource","corePath":"./tf/gpfs/bl1/2019/data/test","beamline-path":"","source-type":"processed","access-types":["read","write"],"instanceId":"instance","pipelineStep":"step"}`, 0},
+	{"processed", "instance", "step", "test", "auto", "dataSource", "", "127.0.0.2", http.StatusUnauthorized, "processed without token, wrong host",
 		"", 0},
-	{"raw", "c20210823_000_MAA", "auto", "dataSource", "", "127.0.0.1", http.StatusOK, "raw type commissioning",
-		`{"beamtimeId":"c20210823_000_MAA","beamline":"p04","dataSource":"dataSource","corePath":"./tf/gpfs/p04/2019/commissioning/c20210823_000_MAA","beamline-path":"./p04/commissioning","source-type":"raw","access-types":["read","write","writeraw"]}`, 0},
-	{"processed", "c20210823_000_MAA", "auto", "dataSource", "", "127.0.0.1", http.StatusOK, "processed type commissioning",
-		`{"beamtimeId":"c20210823_000_MAA","beamline":"p04","dataSource":"dataSource","corePath":"./tf/gpfs/p04/2019/commissioning/c20210823_000_MAA","beamline-path":"","source-type":"processed","access-types":["read","write"]}`, 0},
+	{"raw", "instance", "step", "c20210823_000_MAA", "auto", "dataSource", "", "127.0.0.1", http.StatusOK, "raw type commissioning",
+		`{"beamtimeId":"c20210823_000_MAA","beamline":"p04","dataSource":"dataSource","corePath":"./tf/gpfs/p04/2019/commissioning/c20210823_000_MAA","beamline-path":"./p04/commissioning","source-type":"raw","access-types":["read","write","writeraw"],"instanceId":"instance","pipelineStep":"step"}`, 0},
+
+	{"processed", "instance", "step", "c20210823_000_MAA", "auto", "dataSource", "", "127.0.0.1", http.StatusOK, "processed type commissioning",
+		`{"beamtimeId":"c20210823_000_MAA","beamline":"p04","dataSource":"dataSource","corePath":"./tf/gpfs/p04/2019/commissioning/c20210823_000_MAA","beamline-path":"","source-type":"processed","access-types":["read","write"],"instanceId":"instance","pipelineStep":"step"}`, 0},
+
+	// Format testing
+	{"processed", "instance", "step", "test", "bl1", "dataSource", prepareAsapoToken("bt_test", []string{"read"}), "127.0.0.1", http.StatusOK, "old format: correct beamline given",
+		`{"beamtimeId":"test","beamline":"bl1","dataSource":"dataSource","corePath":"./tf/gpfs/bl1/2019/data/test","beamline-path":"","source-type":"processed","access-types":["read"],"instanceId":"instance","pipelineStep":"step"}`, 0},
 }
 
 func TestAuthorize(t *testing.T) {
@@ -301,8 +314,11 @@ func TestAuthorize(t *testing.T) {
 				mockClient.On("GetAllowedIpsForBeamline", expected_uri, expected_base, expected_filter).Return(allowed_ips, nil)
 			}
 		}
+		var sourceString string
+
+		sourceString = test.source_type + "%" + test.instance_id + "%" + test.pipeline_step + "%" + test.beamtime_id + "%" + test.beamline + "%" + test.dataSource + "%" + test.token
 
-		request := makeRequest(authorizationRequest{test.source_type + "%" + test.beamtime_id + "%" + test.beamline + "%" + test.dataSource + "%" + test.token, test.originHost})
+		request := makeRequest(authorizationRequest{sourceString, test.originHost})
 		w := doPostRequest("/authorize", request, "")
 
 		body, _ := ioutil.ReadAll(w.Body)
@@ -322,7 +338,7 @@ func TestAuthorize(t *testing.T) {
 }
 
 func TestNotAuthorized(t *testing.T) {
-	request := makeRequest(authorizationRequest{"raw%any_id%%%", "host"})
+	request := makeRequest(authorizationRequest{"raw%instance%step%any_id%%%", "host"})
 	w := doPostRequest("/authorize", request, "")
 	assert.Equal(t, http.StatusUnauthorized, w.Code, "")
 }
@@ -338,7 +354,7 @@ func TestAuthorizeWrongPath(t *testing.T) {
 }
 
 func TestDoNotAuthorizeIfNotInAllowed(t *testing.T) {
-	allowBeamlines([]common.BeamtimeMeta{{"test", "beamline", "", "2019", "tf", "", nil}})
+	allowBeamlines([]common.BeamtimeMeta{{"test", "beamline", "", "2019", "tf", "", nil, "", ""}})
 
 	request := authorizationRequest{"asapo_test%%", "host"}
 	creds, _ := getSourceCredentials(request)
@@ -387,3 +403,21 @@ func TestGetBeamtimeInfo(t *testing.T) {
 	}
 
 }
+
+func TestExpiredToken(t *testing.T) {
+	Auth = authorization.NewAuth(utils.NewJWTAuth("secret_user"), utils.NewJWTAuth("secret_admin"), utils.NewJWTAuth("secret"))
+	token := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MzU3NTMxMDksImp0aSI6ImMyOTR0NWFodHY1am9vZHVoaGNnIiwic3ViIjoiYnRfMTEwMTIxNzEiLCJFeHRyYUNsYWltcyI6eyJBY2Nlc3NUeXBlcyI6WyJyZWFkIiwid3JpdGUiXX19.kITePbv_dXY2ACxpAQ-PeQJPQtnR02bMoFrXq0Pbcm0"
+	request := authorizationRequest{"asapo_test%%" + token, "host"}
+	creds, _ := getSourceCredentials(request)
+
+	creds.Token = token
+	creds.DataSource = "test"
+	creds.BeamtimeId = "11012171"
+	creds.Beamline = "p21.2"
+	_, err := authorizeByToken(creds)
+	assert.Error(t, err, "")
+	if err != nil {
+		assert.Contains(t, err.Error(), "expired")
+	}
+
+}

authorizer/src/asapo_authorizer/server/folder_token.go

@@ -16,11 +16,15 @@ type folderTokenRequest struct {
 	Folder     string
 	BeamtimeId string
 	Token      string
+
+	// Optional
+	InstanceId   string
+	PipelineStep string
 }
 
 type tokenFolders struct {
-	RootFolder string
-	SecondFolder  string
+	RootFolder   string
+	SecondFolder string
 }
 
 type folderToken struct {
@@ -63,32 +67,40 @@ func extractFolderTokenrequest(r *http.Request) (folderTokenRequest, error) {
 	if len(request.Folder) == 0 || len(request.BeamtimeId) == 0 || len(request.Token) == 0 {
 		return folderTokenRequest{}, errors.New("some request fields are empty")
 	}
+
+	if len(request.PipelineStep) == 0 {
+		request.InstanceId = "Unset"
+	}
+	if len(request.PipelineStep) == 0 {
+		request.PipelineStep = "Unset"
+	}
+
 	return request, nil
 
 }
 
 func checkBeamtimeFolder(request folderTokenRequest, ver utils.VersionNum) (folders tokenFolders, err error) {
-	beamtimeMeta, err := findMeta(SourceCredentials{request.BeamtimeId, "auto", "", "", ""})
+	beamtimeMeta, err := findMeta(SourceCredentials{request.BeamtimeId, "auto", "", "", "", request.InstanceId, request.PipelineStep})
 	if err != nil {
 		log.Error("cannot get beamtime meta" + err.Error())
-		return folders,err
+		return folders, err
 	}
 
-	if request.Folder=="auto" && ver.Id > 1 {
+	if request.Folder == "auto" && ver.Id > 1 {
 		folders.RootFolder = beamtimeMeta.OfflinePath
 		folders.SecondFolder = beamtimeMeta.OnlinePath
-		return folders,nil
+		return folders, nil
 	}
 
 	folder := filepath.Clean(request.Folder)
 	if folder != filepath.Clean(beamtimeMeta.OnlinePath) && folder != filepath.Clean(beamtimeMeta.OfflinePath) {
 		err_string := folder + " does not match beamtime folders " + beamtimeMeta.OnlinePath + " or " + beamtimeMeta.OfflinePath
 		log.Error(err_string)
-		return folders,errors.New(err_string)
+		return folders, errors.New(err_string)
 	}
 
 	folders.RootFolder = request.Folder
-	return folders,nil
+	return folders, nil
 }
 
 func checkAuthorizerApiVersion(w http.ResponseWriter, r *http.Request) (utils.VersionNum, bool) {
@@ -96,7 +108,7 @@ func checkAuthorizerApiVersion(w http.ResponseWriter, r *http.Request) (utils.Ve
 }
 
 func routeFolderToken(w http.ResponseWriter, r *http.Request) {
-	ver,ok := checkAuthorizerApiVersion(w, r);
+	ver, ok := checkAuthorizerApiVersion(w, r)
 	if !ok {
 		return
 	}
@@ -113,7 +125,7 @@ func routeFolderToken(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	folders,err := checkBeamtimeFolder(request,ver)
+	folders, err := checkBeamtimeFolder(request, ver)
 	if err != nil {
 		utils.WriteServerError(w, err, http.StatusUnauthorized)
 		return
@@ -125,7 +137,10 @@ func routeFolderToken(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	log.Debug("generated folder token for beamtime " + request.BeamtimeId + ", folder " + request.Folder)
+	log.WithFields(map[string]interface{}{
+		"folder":   request.Folder,
+		"beamtime": request.BeamtimeId,
+	}).Debug("issued folder token")
 
 	answer := folderTokenResponce(token)
 	w.WriteHeader(http.StatusOK)

authorizer/src/asapo_authorizer/server/folder_token_test.go

@@ -8,16 +8,17 @@ import (
 	"asapo_common/utils"
 	"asapo_common/version"
 	"fmt"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/mock"
 	"io/ioutil"
 	"net/http"
 	"os"
 	"path/filepath"
 	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/mock"
 )
 
-var  fodlerTokenTests = [] struct {
+var folderTokenTests = []struct {
 	beamtime_id   string
 	auto          bool
 	root_folder   string
@@ -26,17 +27,17 @@ var  fodlerTokenTests = [] struct {
 	status        int
 	message       string
 }{
-	{"test", false,"tf/gpfs/bl1/2019/data/test", "", prepareAsapoToken("bt_test",[]string{"read"}),http.StatusOK,"beamtime found"},
-	{"test_online",false, "bl1/current", "", prepareAsapoToken("bt_test_online",[]string{"read"}),http.StatusOK,"online beamtime found"},
-	{"test", false,"bl1/current", "", prepareAsapoToken("bt_test",[]string{"read"}),http.StatusUnauthorized,"no online beamtime found"},
-	{"test_online",false, "bl2/current", "", prepareAsapoToken("bt_test_online",[]string{"read"}),http.StatusUnauthorized,"wrong online folder"},
-	{"test", false,"tf/gpfs/bl1/2019/data/test1", "", prepareAsapoToken("bt_test",[]string{"read"}),http.StatusUnauthorized,"wrong folder"},
-	{"test", false,"tf/gpfs/bl1/2019/data/test", "", prepareAsapoToken("bt_test1",[]string{"read"}),http.StatusUnauthorized,"wrong token"},
-	{"11111111", false,"tf/gpfs/bl1/2019/data/test", "", prepareAsapoToken("bt_11111111",[]string{"read"}),http.StatusBadRequest,"bad request"},
-
-	{"test", true,"tf/gpfs/bl1/2019/data/test", "", prepareAsapoToken("bt_test",[]string{"read"}),http.StatusOK,"auto without onilne"},
-	{"test_online",true, "tf/gpfs/bl1/2019/data/test_online", "bl1/current", prepareAsapoToken("bt_test_online",[]string{"read"}),http.StatusOK,"auto with online"},
+	{"test", false, "tf/gpfs/bl1/2019/data/test", "", prepareAsapoToken("bt_test", []string{"read"}), http.StatusOK, "beamtime found"},
+	/*	{"test_online",false, "bl1/current", "", prepareAsapoToken("bt_test_online",[]string{"read"}),http.StatusOK,"online beamtime found"},
+		{"test", false,"bl1/current", "", prepareAsapoToken("bt_test",[]string{"read"}),http.StatusUnauthorized,"no online beamtime found"},
+		{"test_online",false, "bl2/current", "", prepareAsapoToken("bt_test_online",[]string{"read"}),http.StatusUnauthorized,"wrong online folder"},
+		{"test", false,"tf/gpfs/bl1/2019/data/test1", "", prepareAsapoToken("bt_test",[]string{"read"}),http.StatusUnauthorized,"wrong folder"},
+		{"test", false,"tf/gpfs/bl1/2019/data/test", "", prepareAsapoToken("bt_test1",[]string{"read"}),http.StatusUnauthorized,"wrong token"},
+		{"11111111", false,"tf/gpfs/bl1/2019/data/test", "", prepareAsapoToken("bt_11111111",[]string{"read"}),http.StatusBadRequest,"bad request"},
 
+		{"test", true,"tf/gpfs/bl1/2019/data/test", "", prepareAsapoToken("bt_test",[]string{"read"}),http.StatusOK,"auto without onilne"},
+		{"test_online",true, "tf/gpfs/bl1/2019/data/test_online", "bl1/current", prepareAsapoToken("bt_test_online",[]string{"read"}),http.StatusOK,"auto with online"},
+	*/
 }
 
 func TestFolderToken(t *testing.T) {
@@ -44,9 +45,9 @@ func TestFolderToken(t *testing.T) {
 	mock_store := new(token_store.MockedStore)
 	store = mock_store
 
-	common.Settings.RootBeamtimesFolder ="."
-	common.Settings.CurrentBeamlinesFolder="."
-	Auth = authorization.NewAuth(utils.NewJWTAuth("secret_user"),utils.NewJWTAuth("secret_admin"),utils.NewJWTAuth("secret_folder"))
+	common.Settings.RootBeamtimesFolder = "."
+	common.Settings.CurrentBeamlinesFolder = "."
+	Auth = authorization.NewAuth(utils.NewJWTAuth("secret_user"), utils.NewJWTAuth("secret_admin"), utils.NewJWTAuth("secret_folder"))
 
 	os.MkdirAll(filepath.Clean("tf/gpfs/bl1/2019/data/test"), os.ModePerm)
 	os.MkdirAll(filepath.Clean("tf/gpfs/bl1/2019/data/test_online"), os.ModePerm)
@@ -54,37 +55,41 @@ func TestFolderToken(t *testing.T) {
 	os.MkdirAll(filepath.Clean("bl1/current"), os.ModePerm)
 	ioutil.WriteFile(filepath.Clean("bl1/current/beamtime-metadata-test_online.json"), []byte(beamtime_meta_online), 0644)
 
-	defer 	os.RemoveAll("tf")
-	defer 	os.RemoveAll("bl1")
+	defer os.RemoveAll("tf")
+	defer os.RemoveAll("bl1")
 
-	for _, test := range fodlerTokenTests {
-		abs_path:=common.Settings.RootBeamtimesFolder + string(filepath.Separator)+test.root_folder
-		abs_path_second :=""
-		if test.second_folder!="" {
-			abs_path_second =common.Settings.RootBeamtimesFolder + string(filepath.Separator)+test.second_folder
+	for _, test := range folderTokenTests {
+		testName := "Testcase " + test.message
+
+		abs_path := common.Settings.RootBeamtimesFolder + string(filepath.Separator) + test.root_folder
+		abs_path_second := ""
+		if test.second_folder != "" {
+			abs_path_second = common.Settings.RootBeamtimesFolder + string(filepath.Separator) + test.second_folder
 		}
-		path_in_token:=abs_path
+		path_in_token := abs_path
 		if test.auto {
 			path_in_token = "auto"
 		}
-		request :=  makeRequest(folderTokenRequest{path_in_token,test.beamtime_id,test.token})
+		request := makeRequest(folderTokenRequest{path_in_token, test.beamtime_id, test.token, "instance", "step"})
 		if test.status == http.StatusBadRequest {
-			request =makeRequest(authorizationRequest{})
+			request = makeRequest(authorizationRequest{})
 		} else {
 			mock_store.On("IsTokenRevoked", mock.Anything).Return(false, nil)
 		}
-		w := doPostRequest("/"+version.GetAuthorizerApiVersion()+"/folder",request,"")
+		w := doPostRequest("/"+version.GetAuthorizerApiVersion()+"/folder", request, "")
 		if w.Code == http.StatusOK {
 			body, _ := ioutil.ReadAll(w.Body)
-			claims,_ := utils.CheckJWTToken(string(body),"secret_folder")
+			claims, _ := utils.CheckJWTToken(string(body), "secret_folder")
 			var extra_claim structs.FolderTokenTokenExtraClaim
 			utils.MapToStruct(claims.(*utils.CustomClaims).ExtraClaims.(map[string]interface{}), &extra_claim)
-			assert.Equal(t, filepath.Clean(abs_path), filepath.Clean(extra_claim.RootFolder), test.message)
-			assert.Equal(t, filepath.Clean(abs_path_second), filepath.Clean(extra_claim.SecondFolder), test.message)
+			assert.Equal(t, filepath.Clean(abs_path), filepath.Clean(extra_claim.RootFolder), testName)
+			assert.Equal(t, filepath.Clean(abs_path_second), filepath.Clean(extra_claim.SecondFolder), testName)
 		} else {
 			body, _ := ioutil.ReadAll(w.Body)
 			fmt.Println(string(body))
 		}
+
+		assert.Equal(t, test.status, w.Code, testName)
 		mock_store.AssertExpectations(t)
 		mock_store.ExpectedCalls = nil
 		mock_store.Calls = nil
@@ -93,10 +98,7 @@ func TestFolderToken(t *testing.T) {
 }
 
 func TestFolderTokenWrongProtocol(t *testing.T) {
-		request :=  makeRequest(folderTokenRequest{"abs_path","beamtime_id","token"})
-		w := doPostRequest("/v10000.2/folder",request,"")
-		assert.Equal(t, http.StatusUnsupportedMediaType, w.Code, "wrong protocol")
+	request := makeRequest(folderTokenRequest{"abs_path", "beamtime_id", "token", "instance", "step"})
+	w := doPostRequest("/v10000.2/folder", request, "")
+	assert.Equal(t, http.StatusUnsupportedMediaType, w.Code, "wrong protocol")
 }
-
-
-

authorizer/src/asapo_authorizer/server/get_health.go

@@ -4,7 +4,6 @@ import (
 	"net/http"
 )
 
-
 func routeGetHealth(w http.ResponseWriter, r *http.Request) {
 	r.Header.Set("Content-type", "application/json")
 	w.WriteHeader(http.StatusNoContent)

authorizer/src/asapo_authorizer/server/get_health_test.go

 package server
 
 import (
-	"github.com/stretchr/testify/assert"
+	"asapo_common/utils"
 	"net/http"
-	"testing"
 	"net/http/httptest"
-	"asapo_common/utils"
-)
+	"testing"
 
+	"github.com/stretchr/testify/assert"
+)
 
 func TestGetNext(t *testing.T) {
-		mux := utils.NewRouter(listRoutes)
-		req, _ := http.NewRequest("GET", "/health-check", nil)
-		w := httptest.NewRecorder()
-		mux.ServeHTTP(w, req)
-		assert.Equal(t, http.StatusNoContent, w.Code)
+	mux := utils.NewRouter(listRoutes)
+	req, _ := http.NewRequest("GET", "/health-check", nil)
+	w := httptest.NewRecorder()
+	mux.ServeHTTP(w, req)
+	assert.Equal(t, http.StatusNoContent, w.Code)
 }

authorizer/src/asapo_authorizer/server/introspect.go

@@ -19,8 +19,8 @@ func extractToken(r *http.Request) (string, error) {
 
 func verifyUserToken(token string) (response structs.IntrospectTokenResponse, err error) {
 	var extra_claim structs.AccessTokenExtraClaim
-	claim,err := Auth.UserAuth().CheckAndGetContent(token,&extra_claim)
-	if err!=nil {
+	claim, err := Auth.UserAuth().CheckAndGetContent(token, &extra_claim)
+	if err != nil {
 		return
 	}
 	err = checkTokenRevoked(claim.Id)
@@ -40,15 +40,27 @@ func routeIntrospect(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	response,err := verifyUserToken(token)
+	response, err := verifyUserToken(token)
 	if err != nil {
 		utils.WriteServerError(w, err, http.StatusUnauthorized)
 		return
 	}
 
-	log.Debug("verified user token for "+response.Sub)
+	log.WithFields(map[string]interface{}{
+		"subject": response.Sub,
+	}).Debug("verified user token")
+
+	// In case of beamline token, get current beamtime for given beamline
+	if utils.IsBeamlineSubject(response.Sub) {
+		meta, err := findBeamtimeMetaFromBeamline(utils.BeamtimeFromSubject(response.Sub), false)
+		if err != nil {
+			utils.WriteServerError(w, err, http.StatusUnauthorized)
+			return
+		}
+		response.Sub = utils.SubjectFromBeamtime(meta.BeamtimeId)
+	}
 
-	answer,_ := json.Marshal(&response)
+	answer, _ := json.Marshal(&response)
 	w.WriteHeader(http.StatusOK)
 	w.Write(answer)
 }

authorizer/src/asapo_authorizer/server/introspect_test.go

@@ -7,21 +7,21 @@ import (
 	"asapo_common/utils"
 	"encoding/json"
 	"fmt"
-	"github.com/stretchr/testify/assert"
 	"io/ioutil"
 	"net/http"
 	"testing"
+
+	"github.com/stretchr/testify/assert"
 )
 
-var  IntrospectTests = [] struct {
+var IntrospectTests = []struct {
 	tokenSubject string
-	roles []string
-	status int
-	message string
+	roles        []string
+	status       int
+	message      string
 }{
-	{"bt_test",[]string{"read"},http.StatusOK,"valid token"},
-	{"",nil,http.StatusUnauthorized,"invalid token"},
-
+	{"bt_test", []string{"read"}, http.StatusOK, "valid token"},
+	{"", nil, http.StatusUnauthorized, "invalid token"},
 }
 
 func TestIntrospect(t *testing.T) {
@@ -31,22 +31,22 @@ func TestIntrospect(t *testing.T) {
 	mock_store := new(token_store.MockedStore)
 	store = mock_store
 
-	Auth = authorization.NewAuth(authUser,authAdmin,authJWT)
+	Auth = authorization.NewAuth(authUser, authAdmin, authJWT)
 	for _, test := range IntrospectTests {
-		token := prepareAsapoToken(test.tokenSubject,test.roles)
-		if test.status==http.StatusUnauthorized {
+		token := prepareAsapoToken(test.tokenSubject, test.roles)
+		if test.status == http.StatusUnauthorized {
 			token = "blabla"
 		} else {
 			mock_store.On("IsTokenRevoked", expectedTokenId).Return(false, nil)
 		}
-		request :=  makeRequest(structs.IntrospectTokenRequest{token})
-		w := doPostRequest("/introspect",request,"")
-		assert.Equal(t, test.status , w.Code, test.message)
+		request := makeRequest(structs.IntrospectTokenRequest{token})
+		w := doPostRequest("/introspect", request, "")
+		assert.Equal(t, test.status, w.Code, test.message)
 		if test.status == http.StatusOK {
 			body, _ := ioutil.ReadAll(w.Body)
 			var token structs.IntrospectTokenResponse
-			json.Unmarshal(body,&token)
-			assert.Equal(t, token.Sub , test.tokenSubject, test.message)
+			json.Unmarshal(body, &token)
+			assert.Equal(t, token.Sub, test.tokenSubject, test.message)
 			assert.Equal(t, token.AccessTypes, test.roles, test.message)
 		} else {
 			body, _ := ioutil.ReadAll(w.Body)
@@ -57,4 +57,3 @@ func TestIntrospect(t *testing.T) {
 		mock_store.Calls = nil
 	}
 }
-

authorizer/src/asapo_authorizer/server/issue_token.go

@@ -30,8 +30,8 @@ func extractUserTokenrequest(r *http.Request) (request structs.IssueTokenRequest
 	}
 
 	for _, ar := range request.AccessTypes {
-		if ar != "read" && ar != "write" && !(ar== "writeraw" && request.Subject["beamline"]!="") {
-			return request, errors.New("wrong requested access rights: "+ar)
+		if ar != "read" && ar != "write" && !(ar == "writeraw" && request.Subject["beamline"] != "") {
+			return request, errors.New("wrong requested access rights: " + ar)
 		}
 	}
 
@@ -72,8 +72,12 @@ func issueUserToken(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-
-	log.Debug("generated user token ")
+	log.WithFields(map[string]interface{}{
+		"token_id":    claims.Id,
+		"subject":     claims.Subject,
+		"validDays":   request.DaysValid,
+		"accessTypes": request.AccessTypes,
+	}).Info("issued user token")
 
 	answer := authorization.UserTokenResponce(request, token)
 	w.WriteHeader(http.StatusOK)