Disable local directory services when using a remote directory (#375)

aserto-dev · May 8, 2024 · a02deb9 · a02deb9
1 parent 4d888c1
commit a02deb9
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 10 deletions.
diff --git a/pkg/app/console.go b/pkg/app/console.go
@@ -45,13 +45,19 @@ func (e *ConsoleService) Cleanups() []func() {
 }
 
 func (e *ConsoleService) PrepareConfig(cfg *config.Config) *handlers.TopazCfg {
+	directoryServiceURL := serviceAddress(fmt.Sprintf("https://%s", strings.Split(cfg.DirectoryResolver.Address, ":")[0]))
+
 	authorizerURL := ""
 	if serviceConfig, ok := cfg.APIConfig.Services[authorizerService]; ok {
 		authorizerURL = getGatewayAddress(serviceConfig)
 	}
+
 	readerURL := ""
 	if serviceConfig, ok := cfg.APIConfig.Services[readerService]; ok {
 		readerURL = getGatewayAddress(serviceConfig)
+		if cfg.DirectoryResolver.Address == serviceConfig.GRPC.ListenAddress {
+			directoryServiceURL = readerURL
+		}
 	}
 	writerURL := ""
 	if serviceConfig, ok := cfg.APIConfig.Services[writerService]; ok {
@@ -86,19 +92,12 @@ func (e *ConsoleService) PrepareConfig(cfg *config.Config) *handlers.TopazCfg {
 		}
 	}
 
-	directoryAPIKey := ""
-	if _, ok := cfg.APIConfig.Services[readerService]; ok {
-		for key := range cfg.Auth.APIKeys {
-			// we only need a key
-			directoryAPIKey = key
-			break
-		}
-	}
+	directoryAPIKey := cfg.DirectoryResolver.APIKey
 
 	return &handlers.TopazCfg{
 		AuthorizerServiceURL:        authorizerURL,
 		AuthorizerAPIKey:            authorizerAPIKey,
-		DirectoryServiceURL:         readerURL,
+		DirectoryServiceURL:         directoryServiceURL,
 		DirectoryAPIKey:             directoryAPIKey,
 		DirectoryTenantID:           cfg.DirectoryResolver.TenantID,
 		DirectoryReaderServiceURL:   readerURL,

diff --git a/pkg/app/topaz.go b/pkg/app/topaz.go
@@ -315,7 +315,11 @@ func (e *Topaz) GetDecisionLogger(cfg config.DecisionLogConfig) (decisionlog.Dec
 func (e *Topaz) validateConfig() error {
 	if readerConfig, ok := e.Configuration.APIConfig.Services["reader"]; ok {
 		if readerConfig.GRPC.ListenAddress != e.Configuration.DirectoryResolver.Address {
-			return errors.New("remote directory resolver address is different from reader grpc address")
+			for _, serviceName := range e.Services["edge"].AvailableServices() {
+				delete(e.Configuration.APIConfig.Services, serviceName)
+			}
+			delete(e.Services, "edge")
+			e.Logger.Info().Msg("disabling local directory services")
 		}
 	}