Skip to content
This repository has been archived by the owner on Dec 18, 2024. It is now read-only.

Commit

Permalink
[databroker] Refactor authorization
Browse files Browse the repository at this point in the history
  • Loading branch information
argerus committed Sep 5, 2023
1 parent 90b10ec commit e4fdad2
Show file tree
Hide file tree
Showing 10 changed files with 57 additions and 26 deletions.
9 changes: 5 additions & 4 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions kuksa_databroker/databroker/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@ regex = "1.7.1"

jemallocator = { version = "0.5.0", optional = true }
lazy_static = "1.4.0"
thiserror = "1.0.47"

[features]
default = ["tls"]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ pub fn parse_whitespace_separated(scope: &str) -> Result<Vec<Scope>, Error> {
r"(?x)
^
(?P<action>([^:]*)) # match action
(?::
(?P<path>
(
Expand All @@ -49,7 +49,7 @@ pub fn parse_whitespace_separated(scope: &str) -> Result<Vec<Scope>, Error> {
(
[A-Z][a-zA-Z0-1]*
|
\*
\*
)
)*
)
Expand Down
37 changes: 37 additions & 0 deletions kuksa_databroker/databroker/src/authorization/mod.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
/********************************************************************************
* Copyright (c) 2023 Contributors to the Eclipse Foundation
*
* See the NOTICE file(s) distributed with this work for additional
* information regarding copyright ownership.
*
* This program and the accompanying materials are made available under the
* terms of the Apache License 2.0 which is available at
* http://www.apache.org/licenses/LICENSE-2.0
*
* SPDX-License-Identifier: Apache-2.0
********************************************************************************/

use thiserror::Error;

pub mod jwt;

#[derive(Clone)]
#[allow(clippy::large_enum_variant)]
pub enum Authorization {
Disabled,
Enabled { token_decoder: jwt::Decoder },
}

#[derive(Error, Debug)]
pub enum Error {
#[error("Invalid public key")]
InvalidPublicKey,
}

impl Authorization {
pub fn new(public_key: String) -> Result<Authorization, Error> {
Ok(Authorization::Enabled {
token_decoder: jwt::Decoder::new(public_key).map_err(|_| Error::InvalidPublicKey)?,
})
}
}
12 changes: 3 additions & 9 deletions kuksa_databroker/databroker/src/grpc/server.rs
Original file line number Diff line number Diff line change
Expand Up @@ -22,17 +22,11 @@ use tracing::{debug, info, warn};
use databroker_proto::{kuksa, sdv};

use crate::{
broker, jwt,
authorization::Authorization,
broker,
permissions::{self, Permissions},
};

#[derive(Clone)]
#[allow(clippy::large_enum_variant)]
pub enum Authorization {
Disabled,
Enabled { token_decoder: jwt::Decoder },
}

#[cfg(feature = "tls")]
pub enum ServerTLS {
Disabled,
Expand Down Expand Up @@ -119,7 +113,7 @@ where
builder = builder.tls_config(tls_config)?;
}
ServerTLS::Disabled => {
warn!("TLS is not enabled")
info!("TLS is not enabled")
}
}

Expand Down
2 changes: 1 addition & 1 deletion kuksa_databroker/databroker/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,10 @@
* SPDX-License-Identifier: Apache-2.0
********************************************************************************/

pub mod authorization;
pub mod broker;
pub mod glob;
pub mod grpc;
pub mod jwt;
pub mod permissions;
pub mod query;
pub mod types;
Expand Down
16 changes: 7 additions & 9 deletions kuksa_databroker/databroker/src/main.rs
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,9 @@
#[global_allocator]
static ALLOC: jemallocator::Jemalloc = jemallocator::Jemalloc;

use databroker::authorization::Authorization;
use databroker::broker::RegistrationError;
use databroker::grpc::server::Authorization;

#[cfg(feature = "tls")]
use databroker::grpc::server::ServerTLS;

Expand All @@ -28,7 +29,7 @@ use tracing::{debug, error, info};

use clap::{Arg, ArgAction, Command};

use databroker::{broker, grpc, jwt, permissions, vss};
use databroker::{broker, grpc, permissions, vss};

// Hardcoded datapoints
const DATAPOINTS: &[(
Expand Down Expand Up @@ -391,9 +392,9 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
}
(None, None) => {
warn!(
"Default behavior of accepting insecure connections \
when TLS is not configured may change in the future! \
Please use --insecure to explicitly enable this behavior."
"TLS is not enabled. Default behavior of accepting insecure connections \
when TLS is not configured may change in the future! \
Please use --insecure to explicitly enable this behavior."
);
ServerTLS::Disabled
}
Expand All @@ -415,10 +416,7 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
};

let authorization = match jwt_public_key {
Some(pub_key) => {
let token_decoder = jwt::Decoder::new(pub_key)?;
Authorization::Enabled { token_decoder }
}
Some(pub_key) => Authorization::new(pub_key)?,
None => Authorization::Disabled,
};

Expand Down
2 changes: 1 addition & 1 deletion kuksa_databroker/databroker/tests/world/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -195,7 +195,7 @@ impl DataBrokerWorld {
grpc::server::serve_with_incoming_shutdown(
tokio_stream::wrappers::TcpListenerStream::new(listener),
data_broker,
grpc::server::Authorization::Disabled,
databroker::authorization::Authorization::Disabled,
poll_fn(|cx| {
let mut state = owned_state
.lock()
Expand Down

0 comments on commit e4fdad2

Please sign in to comment.