Line data Source code
1 : use std::{collections::HashMap, net::SocketAddr};
2 :
3 : use anyhow::Context;
4 : use arc_swap::ArcSwapOption;
5 :
6 : use crate::{
7 : compute::ConnCfg,
8 : console::{
9 : messages::{ColdStartInfo, EndpointJwksResponse, MetricsAuxInfo},
10 : NodeInfo,
11 : },
12 : intern::{BranchIdInt, BranchIdTag, EndpointIdTag, InternId, ProjectIdInt, ProjectIdTag},
13 : RoleName,
14 : };
15 :
16 : use super::jwt::{AuthRule, FetchAuthRules, JwkCache};
17 :
18 : pub struct LocalBackend {
19 : pub(crate) jwks_cache: JwkCache,
20 : pub(crate) node_info: NodeInfo,
21 : }
22 :
23 : impl LocalBackend {
24 0 : pub fn new(postgres_addr: SocketAddr) -> Self {
25 0 : LocalBackend {
26 0 : jwks_cache: JwkCache::default(),
27 0 : node_info: NodeInfo {
28 0 : config: {
29 0 : let mut cfg = ConnCfg::new();
30 0 : cfg.host(&postgres_addr.ip().to_string());
31 0 : cfg.port(postgres_addr.port());
32 0 : cfg
33 0 : },
34 0 : // TODO(conrad): make this better reflect compute info rather than endpoint info.
35 0 : aux: MetricsAuxInfo {
36 0 : endpoint_id: EndpointIdTag::get_interner().get_or_intern("local"),
37 0 : project_id: ProjectIdTag::get_interner().get_or_intern("local"),
38 0 : branch_id: BranchIdTag::get_interner().get_or_intern("local"),
39 0 : cold_start_info: ColdStartInfo::WarmCached,
40 0 : },
41 0 : allow_self_signed_compute: false,
42 0 : },
43 0 : }
44 0 : }
45 : }
46 :
47 : #[derive(Clone, Copy)]
48 : pub(crate) struct StaticAuthRules;
49 :
50 : pub static JWKS_ROLE_MAP: ArcSwapOption<JwksRoleSettings> = ArcSwapOption::const_empty();
51 :
52 : #[derive(Debug, Clone)]
53 : pub struct JwksRoleSettings {
54 : pub roles: HashMap<RoleName, EndpointJwksResponse>,
55 : pub project_id: ProjectIdInt,
56 : pub branch_id: BranchIdInt,
57 : }
58 :
59 : impl FetchAuthRules for StaticAuthRules {
60 0 : async fn fetch_auth_rules(&self, role_name: RoleName) -> anyhow::Result<Vec<AuthRule>> {
61 0 : let mappings = JWKS_ROLE_MAP.load();
62 0 : let role_mappings = mappings
63 0 : .as_deref()
64 0 : .and_then(|m| m.roles.get(&role_name))
65 0 : .context("JWKs settings for this role were not configured")?;
66 0 : let mut rules = vec![];
67 0 : for setting in &role_mappings.jwks {
68 0 : rules.push(AuthRule {
69 0 : id: setting.id.clone(),
70 0 : jwks_url: setting.jwks_url.clone(),
71 0 : audience: setting.jwt_audience.clone(),
72 0 : });
73 0 : }
74 :
75 0 : Ok(rules)
76 0 : }
77 : }
|
