mirror of
https://github.com/pomerium/pomerium.git
synced 2025-06-06 04:42:56 +02:00
move directory providers (#3633)
* remove directory providers and support for groups * idp: remove directory providers * better error messages * fix errors * restore postgres * fix test
This commit is contained in:
Caleb Doxsey
GitHub
parent
bb5c80bae9
commit
c178819875
78 changed files with 723 additions and 8703 deletions
|
|
@ -7,7 +7,6 @@ import (
|
|||
"context"
|
||||
"fmt"
|
||||
"net"
|
||||
"sync"
|
||||
|
||||
"github.com/rs/zerolog"
|
||||
"golang.org/x/sync/errgroup"
|
||||
|
|
@ -16,7 +15,6 @@ import (
|
|||
|
||||
"github.com/pomerium/pomerium/config"
|
||||
"github.com/pomerium/pomerium/internal/atomicutil"
|
||||
"github.com/pomerium/pomerium/internal/directory"
|
||||
"github.com/pomerium/pomerium/internal/events"
|
||||
"github.com/pomerium/pomerium/internal/identity"
|
||||
"github.com/pomerium/pomerium/internal/identity/manager"
|
||||
|
|
@ -41,9 +39,6 @@ type DataBroker struct {
|
|||
localGRPCServer *grpc.Server
|
||||
localGRPCConnection *grpc.ClientConn
|
||||
sharedKey *atomicutil.Value[[]byte]
|
||||
|
||||
mu sync.Mutex
|
||||
directoryProvider directory.Provider
|
||||
}
|
||||
|
||||
// New creates a new databroker service.
|
||||
|
|
@ -126,7 +121,6 @@ func (c *DataBroker) OnConfigChange(ctx context.Context, cfg *config.Config) {
|
|||
// Register registers all the gRPC services with the given server.
|
||||
func (c *DataBroker) Register(grpcServer *grpc.Server) {
|
||||
databroker.RegisterDataBrokerServiceServer(grpcServer, c.dataBrokerServer)
|
||||
directory.RegisterDirectoryServiceServer(grpcServer, c)
|
||||
registry.RegisterRegistryServer(grpcServer, c.dataBrokerServer)
|
||||
}
|
||||
|
||||
|
|
@ -163,30 +157,10 @@ func (c *DataBroker) update(ctx context.Context, cfg *config.Config) error {
|
|||
return fmt.Errorf("databroker: invalid oauth options: %w", err)
|
||||
}
|
||||
|
||||
clientSecret, err := cfg.Options.GetClientSecret()
|
||||
if err != nil {
|
||||
return fmt.Errorf("databroker: error retrieving IPD client secret: %w", err)
|
||||
}
|
||||
|
||||
directoryProvider := directory.GetProvider(directory.Options{
|
||||
ServiceAccount: cfg.Options.ServiceAccount,
|
||||
Provider: cfg.Options.Provider,
|
||||
ProviderURL: cfg.Options.ProviderURL,
|
||||
QPS: cfg.Options.GetQPS(),
|
||||
ClientID: cfg.Options.ClientID,
|
||||
ClientSecret: clientSecret,
|
||||
})
|
||||
c.mu.Lock()
|
||||
c.directoryProvider = directoryProvider
|
||||
c.mu.Unlock()
|
||||
|
||||
dataBrokerClient := databroker.NewDataBrokerServiceClient(c.localGRPCConnection)
|
||||
|
||||
options := []manager.Option{
|
||||
manager.WithDirectoryProvider(directoryProvider),
|
||||
manager.WithDataBrokerClient(dataBrokerClient),
|
||||
manager.WithGroupRefreshInterval(cfg.Options.RefreshDirectoryInterval),
|
||||
manager.WithGroupRefreshTimeout(cfg.Options.RefreshDirectoryTimeout),
|
||||
manager.WithEventManager(c.eventsMgr),
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ import (
|
|||
"strconv"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
"google.golang.org/grpc"
|
||||
"google.golang.org/grpc/codes"
|
||||
|
|
@ -89,7 +90,7 @@ func TestServerSync(t *testing.T) {
|
|||
require.NoError(t, err)
|
||||
_, err = client.Recv()
|
||||
require.Error(t, err)
|
||||
require.Equal(t, codes.Aborted, status.Code(err))
|
||||
assert.Equal(t, codes.Aborted.String(), status.Code(err).String())
|
||||
})
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,59 +0,0 @@
|
|||
package databroker
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
|
||||
"google.golang.org/grpc/codes"
|
||||
"google.golang.org/grpc/status"
|
||||
"google.golang.org/protobuf/types/known/emptypb"
|
||||
|
||||
"github.com/pomerium/pomerium/internal/directory/directoryerrors"
|
||||
"github.com/pomerium/pomerium/pkg/grpc/databroker"
|
||||
"github.com/pomerium/pomerium/pkg/grpc/directory"
|
||||
"github.com/pomerium/pomerium/pkg/protoutil"
|
||||
)
|
||||
|
||||
// RefreshUser refreshes a user's directory information.
|
||||
func (c *DataBroker) RefreshUser(ctx context.Context, req *directory.RefreshUserRequest) (*emptypb.Empty, error) {
|
||||
c.mu.Lock()
|
||||
dp := c.directoryProvider
|
||||
c.mu.Unlock()
|
||||
|
||||
if dp == nil {
|
||||
return nil, errors.New("no directory provider is available for refresh")
|
||||
}
|
||||
|
||||
u, err := dp.User(ctx, req.GetUserId(), req.GetAccessToken())
|
||||
// if the returned error signals we should prefer existing information
|
||||
if errors.Is(err, directoryerrors.ErrPreferExistingInformation) {
|
||||
_, err = c.dataBrokerServer.Get(ctx, &databroker.GetRequest{
|
||||
Type: protoutil.GetTypeURL(new(directory.User)),
|
||||
Id: req.GetUserId(),
|
||||
})
|
||||
switch status.Code(err) {
|
||||
case codes.OK:
|
||||
return new(emptypb.Empty), nil
|
||||
case codes.NotFound: // go ahead and save the user that was returned
|
||||
default:
|
||||
return nil, fmt.Errorf("databroker: error retrieving existing user record for refresh: %w", err)
|
||||
}
|
||||
} else if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
any := protoutil.NewAny(u)
|
||||
_, err = c.dataBrokerServer.Put(ctx, &databroker.PutRequest{
|
||||
Records: []*databroker.Record{{
|
||||
Type: any.GetTypeUrl(),
|
||||
Id: u.GetId(),
|
||||
Data: any,
|
||||
}},
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return new(emptypb.Empty), nil
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue