Line data Source code
1 : use std::net::SocketAddr;
2 :
3 : use arc_swap::ArcSwapOption;
4 : use tokio::sync::Semaphore;
5 :
6 : use super::jwt::{AuthRule, FetchAuthRules};
7 : use crate::auth::backend::jwt::FetchAuthRulesError;
8 : use crate::compute::ConnCfg;
9 : use crate::compute_ctl::ComputeCtlApi;
10 : use crate::context::RequestMonitoring;
11 : use crate::control_plane::messages::{ColdStartInfo, EndpointJwksResponse, MetricsAuxInfo};
12 : use crate::control_plane::NodeInfo;
13 : use crate::http;
14 : use crate::intern::{BranchIdTag, EndpointIdTag, InternId, ProjectIdTag};
15 : use crate::types::EndpointId;
16 : use crate::url::ApiUrl;
17 :
18 : pub struct LocalBackend {
19 : pub(crate) initialize: Semaphore,
20 : pub(crate) compute_ctl: ComputeCtlApi,
21 : pub(crate) node_info: NodeInfo,
22 : }
23 :
24 : impl LocalBackend {
25 0 : pub fn new(postgres_addr: SocketAddr, compute_ctl: ApiUrl) -> Self {
26 0 : LocalBackend {
27 0 : initialize: Semaphore::new(1),
28 0 : compute_ctl: ComputeCtlApi {
29 0 : api: http::Endpoint::new(compute_ctl, http::new_client()),
30 0 : },
31 0 : node_info: NodeInfo {
32 0 : config: {
33 0 : let mut cfg = ConnCfg::new();
34 0 : cfg.host(&postgres_addr.ip().to_string());
35 0 : cfg.port(postgres_addr.port());
36 0 : cfg
37 0 : },
38 0 : // TODO(conrad): make this better reflect compute info rather than endpoint info.
39 0 : aux: MetricsAuxInfo {
40 0 : endpoint_id: EndpointIdTag::get_interner().get_or_intern("local"),
41 0 : project_id: ProjectIdTag::get_interner().get_or_intern("local"),
42 0 : branch_id: BranchIdTag::get_interner().get_or_intern("local"),
43 0 : cold_start_info: ColdStartInfo::WarmCached,
44 0 : },
45 0 : allow_self_signed_compute: false,
46 0 : },
47 0 : }
48 0 : }
49 : }
50 :
51 : #[derive(Clone, Copy)]
52 : pub(crate) struct StaticAuthRules;
53 :
54 : pub static JWKS_ROLE_MAP: ArcSwapOption<EndpointJwksResponse> = ArcSwapOption::const_empty();
55 :
56 : impl FetchAuthRules for StaticAuthRules {
57 0 : async fn fetch_auth_rules(
58 0 : &self,
59 0 : _ctx: &RequestMonitoring,
60 0 : _endpoint: EndpointId,
61 0 : ) -> Result<Vec<AuthRule>, FetchAuthRulesError> {
62 0 : let mappings = JWKS_ROLE_MAP.load();
63 0 : let role_mappings = mappings
64 0 : .as_deref()
65 0 : .ok_or(FetchAuthRulesError::RoleJwksNotConfigured)?;
66 0 : let mut rules = vec![];
67 0 : for setting in &role_mappings.jwks {
68 0 : rules.push(AuthRule {
69 0 : id: setting.id.clone(),
70 0 : jwks_url: setting.jwks_url.clone(),
71 0 : audience: setting.jwt_audience.clone(),
72 0 : role_names: setting.role_names.clone(),
73 0 : });
74 0 : }
75 :
76 0 : Ok(rules)
77 0 : }
78 : }
|
