Skip to content

Commit

Permalink
(feat) add in m2m auth for api-server
Browse files Browse the repository at this point in the history
  • Loading branch information
tphoney committed Nov 12, 2024
1 parent 68b22c0 commit 8c1f529
Show file tree
Hide file tree
Showing 4 changed files with 20 additions and 42 deletions.
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
.DS_Store
__debug_bin
__debug_bin*
.vagrant
output
vendor
Expand Down
55 changes: 15 additions & 40 deletions cmd/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,14 +19,11 @@ import (
"github.com/overmindtech/discovery"
"github.com/overmindtech/sdp-go"
"github.com/overmindtech/sdp-go/auth"
"github.com/overmindtech/sdp-go/sdpconnect"
log "github.com/sirupsen/logrus"
"github.com/spf13/cobra"
"github.com/spf13/pflag"
"github.com/spf13/viper"
"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"
"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp"
"golang.org/x/oauth2"
)

var cfgFile string
Expand All @@ -51,8 +48,6 @@ var rootCmd = &cobra.Command{
natsServers := viper.GetStringSlice("nats-servers")
natsJWT := viper.GetString("nats-jwt")
natsNKeySeed := viper.GetString("nats-nkey-seed")
apiKey := viper.GetString("api-key")
app := viper.GetString("app")
healthCheckPort := viper.GetInt("health-check-port")
natsConnectionName := viper.GetString("nats-connection-name")

Expand Down Expand Up @@ -94,56 +89,36 @@ var rootCmd = &cobra.Command{
"aws-profile": awsAuthConfig.Profile,
"auto-config": awsAuthConfig.AutoConfig,
"health-check-port": healthCheckPort,
"app": app,
"app": engineConfig.App,
"source-name": engineConfig.SourceName,
"source-uuid": engineConfig.SourceUUID,
}).Info("Got config")

// Determine the required Overmind URLs
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
defer cancel()
oi, err := sdp.NewOvermindInstance(ctx, app)
if err != nil {
log.WithError(err).Fatal("Could not determine Overmind instance URLs")
}

// Validate the auth params and create a token client if we are using
// auth
var natsTokenClient auth.TokenClient
var authenticatedClient http.Client
var tokenClient auth.TokenClient
var heartbeatOptions *discovery.HeartbeatOptions
if apiKey != "" {
natsTokenClient, err = auth.NewAPIKeyClient(oi.ApiUrl.String(), apiKey)

if engineConfig.ApiKey != "" || engineConfig.SourceAccessToken != "" {
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
defer cancel()
oi, err := sdp.NewOvermindInstance(ctx, engineConfig.App)
if err != nil {
sentry.CaptureException(err)

log.WithError(err).Fatal("Could not create API key client")
log.WithError(err).Fatal("Could not determine Overmind instance URLs")
}

tokenSource := auth.NewAPIKeyTokenSource(apiKey, oi.ApiUrl.String())
transport := oauth2.Transport{
Source: tokenSource,
Base: http.DefaultTransport,
}
authenticatedClient = http.Client{
Transport: otelhttp.NewTransport(&transport),
}

heartbeatOptions = &discovery.HeartbeatOptions{
ManagementClient: sdpconnect.NewManagementServiceClient(
&authenticatedClient,
oi.ApiUrl.String(),
),
Frequency: time.Second * 30,
tokenClient, heartbeatOptions, err = engineConfig.CreateClients(oi)
if err != nil {
sentry.CaptureException(err)
log.WithError(err).Fatal("could not auth create clients")
}
} else if natsJWT != "" || natsNKeySeed != "" {
natsTokenClient, err = createTokenClient(natsJWT, natsNKeySeed)
tokenClient, err = createTokenClient(natsJWT, natsNKeySeed)
log.Info("Using NATS authentication, no heartbeat will be sent")

if err != nil {
log.WithError(err).Fatal("Error validating NATS authentication info")
}
} else {
log.Fatal("No authentication method was provided")
}

natsOptions := auth.NATSOptions{
Expand All @@ -155,7 +130,7 @@ var rootCmd = &cobra.Command{
MaxReconnects: -1,
ReconnectWait: 1 * time.Second,
ReconnectJitter: 1 * time.Second,
TokenClient: natsTokenClient,
TokenClient: tokenClient,
}

rateLimitContext, rateLimitCancel := context.WithCancel(context.Background())
Expand Down
4 changes: 2 additions & 2 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ require (
github.com/micahhausler/aws-iam-policy v0.4.2
github.com/nats-io/jwt/v2 v2.7.2
github.com/nats-io/nkeys v0.4.7
github.com/overmindtech/discovery v0.31.1
github.com/overmindtech/discovery v0.31.2
github.com/overmindtech/sdp-go v0.99.0
github.com/overmindtech/sdpcache v1.6.4
github.com/sirupsen/logrus v1.9.3
Expand All @@ -52,7 +52,7 @@ require (
go.opentelemetry.io/otel/sdk v1.31.0
go.opentelemetry.io/otel/trace v1.31.0
go.uber.org/automaxprocs v1.6.0
golang.org/x/oauth2 v0.24.0
golang.org/x/oauth2 v0.24.0 // indirect
google.golang.org/protobuf v1.35.1
)

Expand Down
2 changes: 2 additions & 0 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -156,6 +156,8 @@ github.com/nats-io/nuid v1.0.1 h1:5iA8DT8V7q8WK2EScv2padNa/rTESc1KdnPw4TC2paw=
github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c=
github.com/overmindtech/discovery v0.31.1 h1:4/zwDSt99aFj2T3TJZnUywb1gkSsmW4eVWveIdygXF4=
github.com/overmindtech/discovery v0.31.1/go.mod h1:9Y97Ynm15PTRSt/lsZQ68JTpgIngupxDDGdHdAFFCxE=
github.com/overmindtech/discovery v0.31.2 h1:tLR1LxHwbpHSiboZiYA+5loxav9YJj1ZCMWyNrBF4e0=
github.com/overmindtech/discovery v0.31.2/go.mod h1:9Y97Ynm15PTRSt/lsZQ68JTpgIngupxDDGdHdAFFCxE=
github.com/overmindtech/sdp-go v0.99.0 h1:DUeyG4irY8li4p+pv1LH403J3Do8QVYrREB2b2bhd00=
github.com/overmindtech/sdp-go v0.99.0/go.mod h1:cEdHMqGWE8+fdKcNqSps5SjD02Zu0aSvXh+3q9rpySc=
github.com/overmindtech/sdpcache v1.6.4 h1:MJoYBDqDE3s8FrRzZ0RPgFiH39HWI/Mv2ImH1NdLT8k=
Expand Down

0 comments on commit 8c1f529

Please sign in to comment.