Enhance RProxy authorization to use request method

Authorization filter now takes into account the
request method. The desired method can now be
added to the authorization file defaulting to
GET if not supplied. The request URI & method
can now be checked against the authorization
configuration along with the needed permissions.

Issue-ID: AAF-786

Change-Id: I25f6f2180ac9d94a30ca5ba1aa349fb424c18d81
Signed-off-by: IanB <IanB@amdocs.com>

1 files changed, 9 insertions, 0 deletions

diff --git a/sidecar/rproxy/config/auth/uri-authorization.json b/sidecar/rproxy/config/auth/uri-authorization.json
index 61ea9e6..208db1a 100644
--- a/sidecar/rproxy/config/auth/uri-authorization.json
+++ b/sidecar/rproxy/config/auth/uri-authorization.json
@@ -7,6 +7,14 @@
     },
     {
       "uri": "\/single\/permission\/required$",
+      "method": "GET",
+      "permissions": [
+        "test.single.access\\|single\\|permission"
+       ]
+    },    
+    {
+      "uri": "\/single\/permission\/required$",
+      "method": "PUT|POST",
       "permissions": [
         "test.single.access\\|single\\|permission"
        ]
@@ -92,6 +100,7 @@
     },
     {
       "uri": "\/aai\/v13\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*",
+      "method": "GET",
       "permissions": [
         "test.auth.access\\|clouds\\|read",
         "test.auth.access\\|tenants\\|read"