-
Notifications
You must be signed in to change notification settings - Fork 51
/
metadata.go
94 lines (75 loc) · 2.35 KB
/
metadata.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
package metadata
import (
"context"
"encoding/json"
"sync"
"time"
"go.aporeto.io/trireme-lib/controller/internal/enforcer/apiauth"
"go.aporeto.io/trireme-lib/common"
"go.aporeto.io/trireme-lib/controller/internal/enforcer/applicationproxy/serviceregistry"
"go.aporeto.io/trireme-lib/policy"
)
// Client is a metadata client.
type Client struct {
puContext string
registry *serviceregistry.Registry
tokenIssuer common.ServiceTokenIssuer
certPEM []byte
keyPEM []byte
sync.RWMutex
}
// NewClient returns a new metadata client
func NewClient(puContext string, r *serviceregistry.Registry, t common.ServiceTokenIssuer) *Client {
return &Client{
puContext: puContext,
registry: r,
tokenIssuer: t,
}
}
// UpdateSecrets updates the secrets of the client.
func (c *Client) UpdateSecrets(cert, key []byte) {
c.Lock()
defer c.Unlock()
c.certPEM = cert
c.keyPEM = key
}
// GetCertificate returns back the certificate.
func (c *Client) GetCertificate() []byte {
c.RLock()
defer c.RUnlock()
return c.certPEM
}
// GetPrivateKey returns the private key associated with this service.
func (c *Client) GetPrivateKey() []byte {
c.RLock()
defer c.RUnlock()
return c.keyPEM
}
// GetCurrentPolicy returns the current policy of the datapath. It returns
// the marshalled policy as well as the original object for any farther processing.
func (c *Client) GetCurrentPolicy() ([]byte, *policy.PUPolicyPublic, error) {
sctx, err := c.registry.RetrieveServiceByID(c.puContext)
if err != nil {
return nil, nil, err
}
plc := sctx.PU.Policy.ToPublicPolicy()
plc.ServicesCertificate = ""
plc.ServicesPrivateKey = ""
data, err := json.MarshalIndent(plc, " ", " ")
if err != nil {
data = []byte("Internal Server Error")
}
return data, plc, nil
}
// IssueToken issues an OAUTH token for this PU for the desired audience
// and validity. The request will use the token issuer to contact the OIDC
// provider and issue the token.
func (c *Client) IssueToken(ctx context.Context, stype common.ServiceTokenType, audience string, validity time.Duration) (string, error) {
return c.tokenIssuer.Issue(ctx, c.puContext, stype, audience, validity)
}
// Authorize request will use the enforcerd databases and context to authorize
// an http request given the provided credentials.
func (c *Client) Authorize(request *apiauth.Request) error {
// TODO
return nil
}