Line data Source code
1 : use std::net::SocketAddr;
2 :
3 : use arc_swap::ArcSwapOption;
4 : use tokio::sync::Semaphore;
5 :
6 : use super::jwt::{AuthRule, FetchAuthRules};
7 : use crate::auth::backend::jwt::FetchAuthRulesError;
8 : use crate::compute::ConnCfg;
9 : use crate::compute_ctl::ComputeCtlApi;
10 : use crate::context::RequestMonitoring;
11 : use crate::control_plane::messages::{ColdStartInfo, EndpointJwksResponse, MetricsAuxInfo};
12 : use crate::control_plane::NodeInfo;
13 : use crate::intern::{BranchIdTag, EndpointIdTag, InternId, ProjectIdTag};
14 : use crate::url::ApiUrl;
15 : use crate::{http, EndpointId};
16 :
17 : pub struct LocalBackend {
18 : pub(crate) initialize: Semaphore,
19 : pub(crate) compute_ctl: ComputeCtlApi,
20 : pub(crate) node_info: NodeInfo,
21 : }
22 :
23 : impl LocalBackend {
24 0 : pub fn new(postgres_addr: SocketAddr, compute_ctl: ApiUrl) -> Self {
25 0 : LocalBackend {
26 0 : initialize: Semaphore::new(1),
27 0 : compute_ctl: ComputeCtlApi {
28 0 : api: http::Endpoint::new(compute_ctl, http::new_client()),
29 0 : },
30 0 : node_info: NodeInfo {
31 0 : config: {
32 0 : let mut cfg = ConnCfg::new();
33 0 : cfg.host(&postgres_addr.ip().to_string());
34 0 : cfg.port(postgres_addr.port());
35 0 : cfg
36 0 : },
37 0 : // TODO(conrad): make this better reflect compute info rather than endpoint info.
38 0 : aux: MetricsAuxInfo {
39 0 : endpoint_id: EndpointIdTag::get_interner().get_or_intern("local"),
40 0 : project_id: ProjectIdTag::get_interner().get_or_intern("local"),
41 0 : branch_id: BranchIdTag::get_interner().get_or_intern("local"),
42 0 : cold_start_info: ColdStartInfo::WarmCached,
43 0 : },
44 0 : allow_self_signed_compute: false,
45 0 : },
46 0 : }
47 0 : }
48 : }
49 :
50 : #[derive(Clone, Copy)]
51 : pub(crate) struct StaticAuthRules;
52 :
53 : pub static JWKS_ROLE_MAP: ArcSwapOption<EndpointJwksResponse> = ArcSwapOption::const_empty();
54 :
55 : impl FetchAuthRules for StaticAuthRules {
56 0 : async fn fetch_auth_rules(
57 0 : &self,
58 0 : _ctx: &RequestMonitoring,
59 0 : _endpoint: EndpointId,
60 0 : ) -> Result<Vec<AuthRule>, FetchAuthRulesError> {
61 0 : let mappings = JWKS_ROLE_MAP.load();
62 0 : let role_mappings = mappings
63 0 : .as_deref()
64 0 : .ok_or(FetchAuthRulesError::RoleJwksNotConfigured)?;
65 0 : let mut rules = vec![];
66 0 : for setting in &role_mappings.jwks {
67 0 : rules.push(AuthRule {
68 0 : id: setting.id.clone(),
69 0 : jwks_url: setting.jwks_url.clone(),
70 0 : audience: setting.jwt_audience.clone(),
71 0 : role_names: setting.role_names.clone(),
72 0 : });
73 0 : }
74 :
75 0 : Ok(rules)
76 0 : }
77 : }
|
