Skip to content

feat(sdk): Include auth token in grpc #367

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dmihalcik-virtru merged 104 commits into from
Mar 19, 2024
Merged

feat(sdk): Include auth token in grpc #367

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
104 commits
Select commit Hold shift + click to select a range
5f4b064
feat: verify and validate access tokens on service calls
strantalis Feb 27, 2024
c952554
add autnInterceptor
strantalis Feb 27, 2024
5358a10
save
strantalis Feb 29, 2024
6a1c022
Merge branch 'main' into feat/authn-support
strantalis Feb 29, 2024
f6b84c1
save progress
strantalis Mar 1, 2024
2d38e69
remove testIDP var
strantalis Mar 1, 2024
d7e4b82
cleanup
strantalis Mar 1, 2024
7aa3273
comments
strantalis Mar 1, 2024
e99dcfc
comment
strantalis Mar 1, 2024
68d96f9
unit tests for access token verification and validation
strantalis Mar 2, 2024
f361f20
Merge branch 'main' into feat/authn-support
strantalis Mar 2, 2024
10be45c
updated configuration docs
strantalis Mar 2, 2024
7bb68e3
registered authn check as handler in mux chain
strantalis Mar 2, 2024
717485f
rename authN config field and remove left over log line
strantalis Mar 6, 2024
43db635
Merge branch 'main' into feat/authn-support
strantalis Mar 6, 2024
7d783cd
Merge branch 'main' into feat/authn-support
strantalis Mar 7, 2024
42f7daf
move authn to internal
strantalis Mar 7, 2024
72791c7
Merge branch 'main' into feat/authn-support
strantalis Mar 7, 2024
3394384
fix authn test
strantalis Mar 7, 2024
0c54866
only set issuer in platform welknown config
strantalis Mar 7, 2024
99c3153
fix loading authn with handler
strantalis Mar 7, 2024
f2947b3
fix grpccurl step
strantalis Mar 7, 2024
510562f
fix healthcheck grpccurl call
strantalis Mar 7, 2024
a0f6e75
didn't save
strantalis Mar 7, 2024
58d209c
disable auth for service extension test
strantalis Mar 7, 2024
0f8ce82
need to set mux to handler on server start
strantalis Mar 7, 2024
f29f471
Merge branch 'main' into feat/authn-support
strantalis Mar 7, 2024
629ad2f
try nohub
strantalis Mar 7, 2024
5091e2f
try just go start to see errors
strantalis Mar 7, 2024
2c03635
pause on starting opentdf
strantalis Mar 7, 2024
b077792
disable auth in example config
strantalis Mar 7, 2024
29abfbb
Merge branch 'main' into feat/authn-support
strantalis Mar 7, 2024
1599c15
Update internal/auth/authn.go
strantalis Mar 7, 2024
d93e257
Merge branch 'main' into feat/authn-support
strantalis Mar 7, 2024
1169de3
Merge branch 'feat/authn-support' of github.com:opentdf/opentdf-v2-po…
strantalis Mar 7, 2024
acd90fd
Update internal/server/server.go
strantalis Mar 8, 2024
b7b034d
Merge branch 'main' into feat/authn-support
strantalis Mar 8, 2024
eb3ee6f
take a function so that callers can use this the way that they want
mkleene Mar 8, 2024
fac35c5
rename
mkleene Mar 8, 2024
83e2c42
add this
mkleene Mar 8, 2024
12dc95b
Revert "fix(sdk): temporarily move unwrapper creation into options fu…
mkleene Mar 8, 2024
bdace36
this seems a little cleaner to me
mkleene Mar 8, 2024
1d7d5cd
Merge remote-tracking branch 'origin/main' into change-unwrapper-crea…
mkleene Mar 8, 2024
48042b9
add comment and better assertion
mkleene Mar 8, 2024
169fdb7
Merge remote-tracking branch 'origin/change-unwrapper-creation' into …
mkleene Mar 8, 2024
c4dd18f
adding a token appears to work from the client side
mkleene Mar 8, 2024
cf2ce7b
Merge remote-tracking branch 'origin/main' into include-auth-token-in…
mkleene Mar 8, 2024
24a6727
Merge branch 'main' into feat/authn-support
strantalis Mar 11, 2024
0b8bf9d
add interceptor to add tokens to outgoing client requests
mkleene Mar 11, 2024
7200b61
we don't need duplicates
mkleene Mar 11, 2024
7558c97
move this
mkleene Mar 11, 2024
3a83cef
lint
mkleene Mar 11, 2024
0cb810d
Update token_adding_interceptor_test.go
mkleene Mar 11, 2024
8fdc8f6
Merge branch 'main' into include-auth-token-in-grpc
mkleene Mar 11, 2024
23eec93
code review points
mkleene Mar 11, 2024
673a1a1
Merge remote-tracking branch 'origin/include-auth-token-in-grpc' into…
mkleene Mar 11, 2024
78002c9
rename
mkleene Mar 11, 2024
96961c4
add DPoP validation
mkleene Mar 13, 2024
63edb54
Merge remote-tracking branch 'origin/main' into include-auth-token-in…
mkleene Mar 13, 2024
161b356
Merge branch 'feat/authn-support' into include-auth-token-in-grpc
mkleene Mar 13, 2024
4402da2
Merge remote-tracking branch 'origin/main' into include-auth-token-in…
mkleene Mar 13, 2024
f4ee37d
hide the `AsymDecryption` so that we can move the interface
mkleene Mar 13, 2024
d6bc47f
move the interface
mkleene Mar 13, 2024
4f7a68e
add some testing
mkleene Mar 14, 2024
5af9bdf
Merge remote-tracking branch 'origin/main' into include-auth-token-in…
mkleene Mar 14, 2024
479a477
not needed
mkleene Mar 14, 2024
020124c
do not want to change this
mkleene Mar 14, 2024
5149e25
not needed
mkleene Mar 14, 2024
a962511
add new files
mkleene Mar 14, 2024
c3af3e9
Delete sdk/token_adding_interceptor.go
mkleene Mar 14, 2024
74127ac
Delete sdk/token_adding_interceptor_test.go
mkleene Mar 14, 2024
0223827
name change
mkleene Mar 14, 2024
706106b
go mod tidy
mkleene Mar 14, 2024
8b86be9
wire this into the sdk
mkleene Mar 14, 2024
3a71108
oops
mkleene Mar 14, 2024
611cb80
missed a rename
mkleene Mar 14, 2024
369ae7d
see if this works
mkleene Mar 14, 2024
253c285
lint
mkleene Mar 14, 2024
c740e4a
lint
mkleene Mar 14, 2024
f2b50d8
more lint
mkleene Mar 14, 2024
d2b6706
more lint
mkleene Mar 14, 2024
5c655f4
Merge branch 'main' into include-auth-token-in-grpc
mkleene Mar 14, 2024
8e67b1a
Merge branch 'main' into include-auth-token-in-grpc
mkleene Mar 14, 2024
d8b3b9f
if they give us a token with a `cnf` reject it
mkleene Mar 15, 2024
c6588df
Merge remote-tracking branch 'origin/include-auth-token-in-grpc' into…
mkleene Mar 15, 2024
52dcf76
no need to add the DPoP token here
mkleene Mar 15, 2024
72427db
Merge branch 'main' into include-auth-token-in-grpc
mkleene Mar 15, 2024
3706ee6
move stuff and change the tests
mkleene Mar 18, 2024
6736b4a
use better methods
mkleene Mar 18, 2024
bbbc34d
add e2e test
mkleene Mar 18, 2024
6234d40
Merge remote-tracking branch 'origin/main' into include-auth-token-in…
mkleene Mar 18, 2024
72f4042
lint
mkleene Mar 18, 2024
75f7263
test
mkleene Mar 18, 2024
a7b06e5
see if that shows the line numbers
mkleene Mar 18, 2024
e3fe2ff
Revert "see if that shows the line numbers"
mkleene Mar 18, 2024
6dbe49f
just do not cast
mkleene Mar 18, 2024
573e4cf
Merge branch 'main' into include-auth-token-in-grpc
mkleene Mar 18, 2024
86bccba
refactor: Remove deps on backend-go
dmihalcik-virtru Mar 19, 2024
b7f1087
chore: DPoP capitalization nits
dmihalcik-virtru Mar 19, 2024
cf6425c
refactor: lets a function be a method
dmihalcik-virtru Mar 19, 2024
1a4e78d
refactor: reduce a warn logline to info
dmihalcik-virtru Mar 19, 2024
2dba7b8
chore: lint cleanup
dmihalcik-virtru Mar 19, 2024
4b7d915
chore: lint fixes
dmihalcik-virtru Mar 19, 2024
17e7046
ci: Fix invalid test
dmihalcik-virtru Mar 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 12 additions & 13 deletions examples/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@ require (
github.com/opentdf/platform/protocol/go v0.0.0-00010101000000-000000000000
github.com/opentdf/platform/sdk v0.0.0-00010101000000-000000000000
github.com/spf13/cobra v1.8.0
google.golang.org/grpc v1.61.0
google.golang.org/protobuf v1.32.0
google.golang.org/grpc v1.62.1
google.golang.org/protobuf v1.33.0
)

replace (
Expand All @@ -16,33 +16,32 @@ replace (
)

require (
buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.32.0-20231115204500-e097f827e652.1 // indirect
buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.33.0-20240221180331-f05a6f4403ce.1 // indirect
github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
github.com/goccy/go-json v0.10.2 // indirect
github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
github.com/golang/protobuf v1.5.3 // indirect
github.com/golang/protobuf v1.5.4 // indirect
github.com/google/uuid v1.6.0 // indirect
github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.1 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/lestrrat-go/blackmagic v1.0.2 // indirect
github.com/lestrrat-go/httpcc v1.0.1 // indirect
github.com/lestrrat-go/httprc v1.0.4 // indirect
github.com/lestrrat-go/httprc v1.0.5 // indirect
github.com/lestrrat-go/iter v1.0.2 // indirect
github.com/lestrrat-go/jwx/v2 v2.0.19 // indirect
github.com/lestrrat-go/jwx/v2 v2.0.21 // indirect
github.com/lestrrat-go/option v1.0.1 // indirect
github.com/rogpeppe/go-internal v1.12.0 // indirect
github.com/russross/blackfriday/v2 v2.1.0 // indirect
github.com/segmentio/asm v1.2.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect
golang.org/x/crypto v0.18.0 // indirect
golang.org/x/net v0.20.0 // indirect
golang.org/x/oauth2 v0.16.0 // indirect
golang.org/x/sys v0.16.0 // indirect
golang.org/x/crypto v0.21.0 // indirect
golang.org/x/net v0.22.0 // indirect
golang.org/x/oauth2 v0.18.0 // indirect
golang.org/x/sys v0.18.0 // indirect
golang.org/x/text v0.14.0 // indirect
google.golang.org/appengine v1.6.8 // indirect
google.golang.org/genproto v0.0.0-20240125205218-1f4bbc51befe // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20240205150955-31a09d347014 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20240125205218-1f4bbc51befe // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20240311173647-c811ad7063a7 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20240311173647-c811ad7063a7 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
)
113 changes: 56 additions & 57 deletions examples/go.sum
View file
Open in desktop

Large diffs are not rendered by default.

1 change: 0 additions & 1 deletion go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@ require (
github.com/lestrrat-go/jwx/v2 v2.0.21
github.com/miekg/pkcs11 v1.1.1
github.com/open-policy-agent/opa v0.62.1
github.com/opentdf/backend-go v0.1.17
github.com/opentdf/platform/protocol/go v0.0.0-00010101000000-000000000000
github.com/opentdf/platform/sdk v0.0.0-00010101000000-000000000000
github.com/pressly/goose/v3 v3.19.1
Expand Down
2 changes: 0 additions & 2 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -258,8 +258,6 @@ github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQ
github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM=
github.com/opencontainers/runc v1.1.12 h1:BOIssBaW1La0/qbNZHXOOa71dZfZEQOzW7dqQf3phss=
github.com/opencontainers/runc v1.1.12/go.mod h1:S+lQwSfncpBha7XTy/5lBwWgm5+y5Ma/O44Ekby9FK8=
github.com/opentdf/backend-go v0.1.17 h1:RA/9Mj7OKycnvOrkIZTJCsSyROCcioXzzqMUlnCxP48=
github.com/opentdf/backend-go v0.1.17/go.mod h1:4RAZ3K19YOJkpxSh4jl6vtjOUkK3H/zqA32LeBf3CDQ=
github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs=
github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc=
github.com/ory/dockertest/v3 v3.10.0 h1:4K3z2VMe8Woe++invjaTB7VRyQXQy5UY+loujO4aNE4=
Expand Down
298 changes: 0 additions & 298 deletions internal/auth/authn_test.go
View file
Open in desktop

This file was deleted.

2 changes: 1 addition & 1 deletion internal/server/server.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ import (
"github.com/go-chi/cors"
protovalidate_middleware "github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors/protovalidate"
"github.com/grpc-ecosystem/grpc-gateway/v2/runtime"
"github.com/opentdf/platform/internal/auth"
"github.com/opentdf/platform/sdk/auth"
"github.com/valyala/fasthttp/fasthttputil"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials"
Expand Down
2 changes: 1 addition & 1 deletion pkg/server/start_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,10 @@ import (
"time"

"github.com/grpc-ecosystem/grpc-gateway/v2/runtime"
"github.com/opentdf/platform/internal/auth"
"github.com/opentdf/platform/internal/config"
"github.com/opentdf/platform/internal/server"
"github.com/opentdf/platform/pkg/serviceregistry"
"github.com/opentdf/platform/sdk/auth"
"github.com/stretchr/testify/assert"
"golang.org/x/exp/slog"
"google.golang.org/grpc"
Expand Down
Loading