Skip to content

Commit

Permalink
Merge pull request #444 from aserto-dev/custom-headers
Browse files Browse the repository at this point in the history 
Support custom headers to directory and authorizer
  • Loading branch information
@ronenh
ronenh authored Aug 20, 2024
2 parents 94e508e + 7b4f40e commit df2b525
Show file tree
Hide file tree
Showing 5 changed files with 91 additions and 91 deletions.
3 changes: 1 addition & 2 deletions cmd/topaz-db/cmd/sync.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@ import (
eds "github.com/aserto-dev/go-edge-ds"
"github.com/aserto-dev/go-edge-ds/pkg/datasync"
"github.com/aserto-dev/go-edge-ds/pkg/directory"
dsc "github.com/aserto-dev/topaz/pkg/cli/clients/directory"

"github.com/rs/zerolog"
)
Expand All @@ -31,7 +30,7 @@ func (cmd *SyncCmd) Run(ctx context.Context) error {
}

// create client conn
conn, err := dsc.NewConn(&cmd.Config)
conn, err := cmd.Config.Connect(ctx)
if err != nil {
return err
}
Expand Down
13 changes: 7 additions & 6 deletions pkg/app/directory/simple_resolver.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (

client "github.com/aserto-dev/go-aserto"
dsr3 "github.com/aserto-dev/go-directory/aserto/directory/reader/v3"
"github.com/pkg/errors"
"google.golang.org/grpc"

"github.com/aserto-dev/topaz/resolvers"
Expand All @@ -30,12 +31,12 @@ func NewResolver(logger *zerolog.Logger, cfg *client.Config) resolvers.Directory
func connect(logger *zerolog.Logger, cfg *client.Config) (*grpc.ClientConn, error) {
logger.Debug().Str("tenant-id", cfg.TenantID).Str("addr", cfg.Address).Str("apiKey", cfg.APIKey).Bool("insecure", cfg.Insecure).Msg("GetDS")

conn, err := client.NewConnection(
client.WithAddr(cfg.Address),
client.WithAPIKeyAuth(cfg.APIKey),
client.WithTenantID(cfg.TenantID),
client.WithInsecure(cfg.Insecure),
)
opts, err := cfg.ToConnectionOptions(client.NewDialOptionsProvider())
if err != nil {
return nil, errors.Wrap(err, "failed to create connection options")
}

conn, err := client.NewConnection(opts...)
if err != nil {
return nil, err
}
Expand Down
74 changes: 37 additions & 37 deletions pkg/cli/clients/authorizer/client.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,47 +16,19 @@ import (
)

type Config struct {
Host string `flag:"host" short:"H" default:"${authorizer_svc}" env:"TOPAZ_AUTHORIZER_SVC" help:"authorizer service address"`
APIKey string `flag:"api-key" short:"k" default:"${authorizer_key}" env:"TOPAZ_AUTHORIZER_KEY" help:"authorizer API key"`
Token string `flag:"token" default:"${authorizer_token}" env:"TOPAZ_AUTHORIZER_TOKEN" help:"authorizer OAuth2.0 token" hidden:""`
Insecure bool `flag:"insecure" short:"i" default:"${insecure}" env:"TOPAZ_INSECURE" help:"skip TLS verification"`
TenantID string `flag:"tenant-id" help:"" default:"${tenant_id}" env:"ASERTO_TENANT_ID" `
Host string `flag:"host" short:"H" default:"${authorizer_svc}" env:"TOPAZ_AUTHORIZER_SVC" help:"authorizer service address"`
APIKey string `flag:"api-key" short:"k" default:"${authorizer_key}" env:"TOPAZ_AUTHORIZER_KEY" help:"authorizer API key"`
Token string `flag:"token" default:"${authorizer_token}" env:"TOPAZ_AUTHORIZER_TOKEN" help:"authorizer OAuth2.0 token" hidden:""`
Insecure bool `flag:"insecure" short:"i" default:"${insecure}" env:"TOPAZ_INSECURE" help:"skip TLS verification"`
TenantID string `flag:"tenant-id" help:"" default:"${tenant_id}" env:"ASERTO_TENANT_ID" `
Headers map[string]string `flag:"headers" env:"TOPAZ_AUTHORIZER_HEADERS" help:"additional headers to send to the authorizer service"`
}

type Client struct {
conn *grpc.ClientConn
Authorizer az2.AuthorizerClient
}

func NewConn(cfg *Config) (*grpc.ClientConn, error) {
if cfg.Host == "" {
return nil, fmt.Errorf("no host specified")
}

if err := cfg.validate(); err != nil {
return nil, err
}

opts := []client.ConnectionOption{
client.WithAddr(cfg.Host),
client.WithInsecure(cfg.Insecure),
}

if cfg.APIKey != "" {
opts = append(opts, client.WithAPIKeyAuth(cfg.APIKey))
}

if cfg.Token != "" {
opts = append(opts, client.WithTokenAuth(cfg.Token))
}

if cfg.TenantID != "" {
opts = append(opts, client.WithTenantID(cfg.TenantID))
}

return client.NewConnection(opts...)
}

func New(conn *grpc.ClientConn) *Client {
return &Client{
conn: conn,
Expand All @@ -65,17 +37,27 @@ func New(conn *grpc.ClientConn) *Client {
}

func NewClient(c *cc.CommonCtx, cfg *Config) (*Client, error) {
conn, err := NewConn(cfg)
conn, err := cfg.Connect(c.Context)
if err != nil {
return nil, err
}

return New(conn), nil
}

func (cfg *Config) validate() error {
ctx := context.Background()
func (cfg *Config) Connect(ctx context.Context) (*grpc.ClientConn, error) {
if cfg.Host == "" {
return nil, fmt.Errorf("no host specified")
}

if err := cfg.validate(ctx); err != nil {
return nil, err
}

return cfg.connect()
}

func (cfg *Config) validate(ctx context.Context) error {
tlsConf, err := grpcurl.ClientTLSConfig(cfg.Insecure, "", "", "")
if err != nil {
return errors.Wrap(err, "failed to create TLS config")
Expand All @@ -97,3 +79,21 @@ func (cfg *Config) validate() error {

return nil
}

func (cfg *Config) connect() (*grpc.ClientConn, error) {
clientCfg := &client.Config{
Address: cfg.Host,
Insecure: cfg.Insecure,
APIKey: cfg.APIKey,
Token: cfg.Token,
TenantID: cfg.TenantID,
Headers: cfg.Headers,
}

opts, err := clientCfg.ToConnectionOptions(client.NewDialOptionsProvider())
if err != nil {
return nil, errors.Wrap(err, "failed to create directory connection options")
}

return client.NewConnection(opts...)
}
74 changes: 37 additions & 37 deletions pkg/cli/clients/directory/client.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,11 +21,12 @@ import (
)

type Config struct {
Host string `flag:"host" short:"H" default:"${directory_svc}" env:"TOPAZ_DIRECTORY_SVC" help:"directory service address"`
APIKey string `flag:"api-key" short:"k" default:"${directory_key}" env:"TOPAZ_DIRECTORY_KEY" help:"directory API key"`
Token string `flag:"token" default:"${directory_token}" env:"TOPAZ_DIRECTORY_TOKEN" help:"directory OAuth2.0 token" hidden:""`
Insecure bool `flag:"insecure" short:"i" default:"${insecure}" env:"TOPAZ_INSECURE" help:"skip TLS verification"`
TenantID string `flag:"tenant-id" help:"" default:"${tenant_id}" env:"ASERTO_TENANT_ID" `
Host string `flag:"host" short:"H" default:"${directory_svc}" env:"TOPAZ_DIRECTORY_SVC" help:"directory service address"`
APIKey string `flag:"api-key" short:"k" default:"${directory_key}" env:"TOPAZ_DIRECTORY_KEY" help:"directory API key"`
Token string `flag:"token" default:"${directory_token}" env:"TOPAZ_DIRECTORY_TOKEN" help:"directory OAuth2.0 token" hidden:""`
Insecure bool `flag:"insecure" short:"i" default:"${insecure}" env:"TOPAZ_INSECURE" help:"skip TLS verification"`
TenantID string `flag:"tenant-id" help:"" default:"${tenant_id}" env:"ASERTO_TENANT_ID" `
Headers map[string]string `flag:"headers" env:"TOPAZ_DIRECTORY_HEADERS" help:"additional headers to send to the directory service"`
}

type Client struct {
Expand All @@ -38,35 +39,6 @@ type Client struct {
Assertion dsa3.AssertionClient
}

func NewConn(cfg *Config) (*grpc.ClientConn, error) {
if cfg.Host == "" {
return nil, fmt.Errorf("no host specified")
}

if err := cfg.validate(); err != nil {
return nil, err
}

opts := []client.ConnectionOption{
client.WithAddr(cfg.Host),
client.WithInsecure(cfg.Insecure),
}

if cfg.APIKey != "" {
opts = append(opts, client.WithAPIKeyAuth(cfg.APIKey))
}

if cfg.Token != "" {
opts = append(opts, client.WithTokenAuth(cfg.Token))
}

if cfg.TenantID != "" {
opts = append(opts, client.WithTenantID(cfg.TenantID))
}

return client.NewConnection(opts...)
}

func New(conn *grpc.ClientConn) *Client {
return &Client{
conn: conn,
Expand All @@ -80,17 +52,27 @@ func New(conn *grpc.ClientConn) *Client {
}

func NewClient(c *cc.CommonCtx, cfg *Config) (*Client, error) {
conn, err := NewConn(cfg)
conn, err := cfg.Connect(c.Context)
if err != nil {
return nil, err
}

return New(conn), nil
}

func (cfg *Config) validate() error {
ctx := context.Background()
func (cfg *Config) Connect(ctx context.Context) (*grpc.ClientConn, error) {
if cfg.Host == "" {
return nil, fmt.Errorf("no host specified")
}

if err := cfg.validate(ctx); err != nil {
return nil, err
}

return cfg.connect()
}

func (cfg *Config) validate(ctx context.Context) error {
tlsConf, err := grpcurl.ClientTLSConfig(cfg.Insecure, "", "", "")
if err != nil {
return errors.Wrap(err, "failed to create TLS config")
Expand All @@ -112,3 +94,21 @@ func (cfg *Config) validate() error {

return nil
}

func (cfg *Config) connect() (*grpc.ClientConn, error) {
clientCfg := &client.Config{
Address: cfg.Host,
Insecure: cfg.Insecure,
APIKey: cfg.APIKey,
Token: cfg.Token,
TenantID: cfg.TenantID,
Headers: cfg.Headers,
}

opts, err := clientCfg.ToConnectionOptions(client.NewDialOptionsProvider())
if err != nil {
return nil, errors.Wrap(err, "failed to create directory connection options")
}

return client.NewConnection(opts...)
}
18 changes: 9 additions & 9 deletions plugins/edge/plugin.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -315,17 +315,17 @@ func (p *Plugin) exec(ctx context.Context, ds *directory.Directory, conn *grpc.C
}

func (p *Plugin) remoteDirectoryClient() (*grpc.ClientConn, error) {
opts := []client.ConnectionOption{
client.WithAddr(p.config.Addr),
client.WithInsecure(p.config.Insecure),
cfg := &client.Config{
Address: p.config.Addr,
Insecure: p.config.Insecure,
APIKey: p.config.APIKey,
TenantID: p.config.TenantID,
Headers: p.topazConfig.DirectoryResolver.Headers,
}

if p.config.APIKey != "" {
opts = append(opts, client.WithAPIKeyAuth(p.config.APIKey))
}

if p.config.TenantID != "" {
opts = append(opts, client.WithTenantID(p.config.TenantID))
opts, err := cfg.ToConnectionOptions(client.NewDialOptionsProvider())
if err != nil {
return nil, errors.Wrap(err, "failed to create connection options")
}

conn, err := client.NewConnection(opts...)
Expand Down

0 comments on commit df2b525

Please sign in to comment.