diff --git a/Cargo.lock b/Cargo.lock index 44a7fc8d4..ae4a08754 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -493,6 +493,7 @@ dependencies = [ "serde", "serde_json", "sqlparser", + "thiserror", "tokio", "tokio-stream", "tonic", @@ -2819,18 +2820,18 @@ dependencies = [ [[package]] name = "thiserror" -version = "1.0.44" +version = "1.0.47" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "611040a08a0439f8248d1990b111c95baa9c704c805fa1f62104b39655fd7f90" +checksum = "97a802ec30afc17eee47b2855fc72e0c4cd62be9b4efe6591edde0ec5bd68d8f" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.44" +version = "1.0.47" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "090198534930841fab3a5d1bb637cde49e339654e606195f8d9c76eeb081dc96" +checksum = "6bb623b56e39ab7dcd4b1b98bb6c8f8d907ed255b18de254088016b27a8ee19b" dependencies = [ "proc-macro2", "quote", diff --git a/kuksa_databroker/databroker/Cargo.toml b/kuksa_databroker/databroker/Cargo.toml index e550a19fc..a34a36138 100644 --- a/kuksa_databroker/databroker/Cargo.toml +++ b/kuksa_databroker/databroker/Cargo.toml @@ -53,6 +53,7 @@ regex = "1.7.1" jemallocator = { version = "0.5.0", optional = true } lazy_static = "1.4.0" +thiserror = "1.0.47" [features] default = ["tls"] diff --git a/kuksa_databroker/databroker/src/jwt/decoder.rs b/kuksa_databroker/databroker/src/authorization/jwt/decoder.rs similarity index 100% rename from kuksa_databroker/databroker/src/jwt/decoder.rs rename to kuksa_databroker/databroker/src/authorization/jwt/decoder.rs diff --git a/kuksa_databroker/databroker/src/jwt/mod.rs b/kuksa_databroker/databroker/src/authorization/jwt/mod.rs similarity index 100% rename from kuksa_databroker/databroker/src/jwt/mod.rs rename to kuksa_databroker/databroker/src/authorization/jwt/mod.rs diff --git a/kuksa_databroker/databroker/src/jwt/scope.rs b/kuksa_databroker/databroker/src/authorization/jwt/scope.rs similarity index 99% rename from kuksa_databroker/databroker/src/jwt/scope.rs rename to kuksa_databroker/databroker/src/authorization/jwt/scope.rs index 34feb1653..263b277d1 100644 --- a/kuksa_databroker/databroker/src/jwt/scope.rs +++ b/kuksa_databroker/databroker/src/authorization/jwt/scope.rs @@ -35,7 +35,7 @@ pub fn parse_whitespace_separated(scope: &str) -> Result, Error> { r"(?x) ^ (?P([^:]*)) # match action - + (?:: (?P ( @@ -49,7 +49,7 @@ pub fn parse_whitespace_separated(scope: &str) -> Result, Error> { ( [A-Z][a-zA-Z0-1]* | - \* + \* ) )* ) diff --git a/kuksa_databroker/databroker/src/authorization/mod.rs b/kuksa_databroker/databroker/src/authorization/mod.rs new file mode 100644 index 000000000..1edfa02fb --- /dev/null +++ b/kuksa_databroker/databroker/src/authorization/mod.rs @@ -0,0 +1,37 @@ +/******************************************************************************** +* Copyright (c) 2023 Contributors to the Eclipse Foundation +* +* See the NOTICE file(s) distributed with this work for additional +* information regarding copyright ownership. +* +* This program and the accompanying materials are made available under the +* terms of the Apache License 2.0 which is available at +* http://www.apache.org/licenses/LICENSE-2.0 +* +* SPDX-License-Identifier: Apache-2.0 +********************************************************************************/ + +use thiserror::Error; + +pub mod jwt; + +#[derive(Clone)] +#[allow(clippy::large_enum_variant)] +pub enum Authorization { + Disabled, + Enabled { token_decoder: jwt::Decoder }, +} + +#[derive(Error, Debug)] +pub enum Error { + #[error("Invalid public key")] + InvalidPublicKey, +} + +impl Authorization { + pub fn new(public_key: String) -> Result { + Ok(Authorization::Enabled { + token_decoder: jwt::Decoder::new(public_key).map_err(|_| Error::InvalidPublicKey)?, + }) + } +} diff --git a/kuksa_databroker/databroker/src/grpc/server.rs b/kuksa_databroker/databroker/src/grpc/server.rs index e8847aa80..fe97140c3 100644 --- a/kuksa_databroker/databroker/src/grpc/server.rs +++ b/kuksa_databroker/databroker/src/grpc/server.rs @@ -22,17 +22,11 @@ use tracing::{debug, info, warn}; use databroker_proto::{kuksa, sdv}; use crate::{ - broker, jwt, + authorization::Authorization, + broker, permissions::{self, Permissions}, }; -#[derive(Clone)] -#[allow(clippy::large_enum_variant)] -pub enum Authorization { - Disabled, - Enabled { token_decoder: jwt::Decoder }, -} - #[cfg(feature = "tls")] pub enum ServerTLS { Disabled, @@ -119,7 +113,7 @@ where builder = builder.tls_config(tls_config)?; } ServerTLS::Disabled => { - warn!("TLS is not enabled") + info!("TLS is not enabled") } } diff --git a/kuksa_databroker/databroker/src/lib.rs b/kuksa_databroker/databroker/src/lib.rs index 08069fac3..22beb49df 100644 --- a/kuksa_databroker/databroker/src/lib.rs +++ b/kuksa_databroker/databroker/src/lib.rs @@ -11,10 +11,10 @@ * SPDX-License-Identifier: Apache-2.0 ********************************************************************************/ +pub mod authorization; pub mod broker; pub mod glob; pub mod grpc; -pub mod jwt; pub mod permissions; pub mod query; pub mod types; diff --git a/kuksa_databroker/databroker/src/main.rs b/kuksa_databroker/databroker/src/main.rs index 14e5860e5..00015d9b6 100644 --- a/kuksa_databroker/databroker/src/main.rs +++ b/kuksa_databroker/databroker/src/main.rs @@ -15,8 +15,9 @@ #[global_allocator] static ALLOC: jemallocator::Jemalloc = jemallocator::Jemalloc; +use databroker::authorization::Authorization; use databroker::broker::RegistrationError; -use databroker::grpc::server::Authorization; + #[cfg(feature = "tls")] use databroker::grpc::server::ServerTLS; @@ -28,7 +29,7 @@ use tracing::{debug, error, info}; use clap::{Arg, ArgAction, Command}; -use databroker::{broker, grpc, jwt, permissions, vss}; +use databroker::{broker, grpc, permissions, vss}; // Hardcoded datapoints const DATAPOINTS: &[( @@ -391,9 +392,9 @@ async fn main() -> Result<(), Box> { } (None, None) => { warn!( - "Default behavior of accepting insecure connections \ - when TLS is not configured may change in the future! \ - Please use --insecure to explicitly enable this behavior." + "TLS is not enabled. Default behavior of accepting insecure connections \ + when TLS is not configured may change in the future! \ + Please use --insecure to explicitly enable this behavior." ); ServerTLS::Disabled } @@ -415,10 +416,7 @@ async fn main() -> Result<(), Box> { }; let authorization = match jwt_public_key { - Some(pub_key) => { - let token_decoder = jwt::Decoder::new(pub_key)?; - Authorization::Enabled { token_decoder } - } + Some(pub_key) => Authorization::new(pub_key)?, None => Authorization::Disabled, }; diff --git a/kuksa_databroker/databroker/tests/world/mod.rs b/kuksa_databroker/databroker/tests/world/mod.rs index 56edb45b4..bd8fd529d 100644 --- a/kuksa_databroker/databroker/tests/world/mod.rs +++ b/kuksa_databroker/databroker/tests/world/mod.rs @@ -195,7 +195,7 @@ impl DataBrokerWorld { grpc::server::serve_with_incoming_shutdown( tokio_stream::wrappers::TcpListenerStream::new(listener), data_broker, - grpc::server::Authorization::Disabled, + databroker::authorization::Authorization::Disabled, poll_fn(|cx| { let mut state = owned_state .lock()