-
Notifications
You must be signed in to change notification settings - Fork 201
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Move AuthService and Claims * Move interceptor and authorization wrappers * Add artifact * Address review comments
- Loading branch information
1 parent
8cfbd50
commit e887318
Showing
34 changed files
with
139 additions
and
100 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
# Copyright (c) 2019 The DAML Authors. All rights reserved. | ||
# SPDX-License-Identifier: Apache-2.0 | ||
|
||
load( | ||
"//bazel_tools:scala.bzl", | ||
"da_scala_library", | ||
"da_scala_test_suite", | ||
) | ||
|
||
da_scala_library( | ||
name = "ledger-api-auth", | ||
srcs = glob(["src/main/scala/com/digitalasset/ledger/api/auth/**/*.scala"]), | ||
resources = glob(["src/main/resources/**/*"]), | ||
tags = ["maven_coordinates=com.digitalasset.ledger:ledger-api-auth:__VERSION__"], | ||
visibility = [ | ||
"//visibility:public", | ||
], | ||
runtime_deps = [], | ||
deps = [ | ||
"//daml-lf/data", | ||
"//ledger-api/grpc-definitions:ledger-api-scalapb", | ||
"//ledger-api/rs-grpc-akka", | ||
"//ledger-api/rs-grpc-bridge", | ||
"//ledger/ledger-api-akka", | ||
"//ledger/ledger-api-client", | ||
"//ledger/ledger-api-common", | ||
"//ledger/ledger-api-domain", | ||
"//ledger/ledger-api-scala-logging", | ||
"@maven//:com_typesafe_akka_akka_actor_2_12", | ||
"@maven//:com_typesafe_akka_akka_stream_2_12", | ||
"@maven//:io_grpc_grpc_api", | ||
"@maven//:io_grpc_grpc_context", | ||
"@maven//:io_grpc_grpc_core", | ||
"@maven//:io_grpc_grpc_services", | ||
"@maven//:org_scala_lang_modules_scala_java8_compat_2_12", | ||
"@maven//:org_slf4j_slf4j_api", | ||
], | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
# Ledger API authorization | ||
|
||
## General authorization in gRPC | ||
|
||
An `Interceptor` reads HTTP headers, and stores relevant information (e.g., claims) in a `Context`. | ||
|
||
GRPC services read the stored data from the `Context` in order to validate the requests. | ||
|
||
## Authorization in the ledger API | ||
|
||
The `AuthService` defines an interface for decoding HTTP headers into `Claims`. | ||
|
||
The ledger API server takes an `AuthService` implementation as an argument. | ||
|
||
The ledger API server uses a call interceptor and the given `AuthService` implementation to to store decoded `Claims` in the gRPC `Context`. | ||
|
||
All ledger API services use the `Claims` to validate their requests. |
2 changes: 1 addition & 1 deletion
2
...er/participant/state/v1/AuthService.scala → ...alasset/ledger/api/auth/AuthService.scala
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
5 changes: 2 additions & 3 deletions
5
.../authorization/auth/AuthServiceNone.scala → ...set/ledger/api/auth/AuthServiceNone.scala
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,16 +1,15 @@ | ||
// Copyright (c) 2019 The DAML Authors. All rights reserved. | ||
// SPDX-License-Identifier: Apache-2.0 | ||
|
||
package com.digitalasset.platform.server.api.authorization.auth | ||
package com.digitalasset.ledger.api.auth | ||
|
||
import java.util.concurrent.{CompletableFuture, CompletionStage} | ||
|
||
import com.daml.ledger.participant.state.v1.{AuthService, Claims} | ||
import io.grpc.Metadata | ||
|
||
/** An AuthService that rejects all calls by always returning an empty set of [[Claims]] */ | ||
object AuthServiceNone extends AuthService { | ||
override def decodeMetadata(headers: Metadata): CompletionStage[Claims] = { | ||
CompletableFuture.completedFuture(Claims.empty) | ||
} | ||
} | ||
} |
3 changes: 1 addition & 2 deletions
3
...uthorization/auth/AuthServiceStatic.scala → ...t/ledger/api/auth/AuthServiceStatic.scala
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
5 changes: 2 additions & 3 deletions
5
...horization/auth/AuthServiceWildcard.scala → ...ledger/api/auth/AuthServiceWildcard.scala
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,16 +1,15 @@ | ||
// Copyright (c) 2019 The DAML Authors. All rights reserved. | ||
// SPDX-License-Identifier: Apache-2.0 | ||
|
||
package com.digitalasset.platform.server.api.authorization.auth | ||
package com.digitalasset.ledger.api.auth | ||
|
||
import java.util.concurrent.{CompletableFuture, CompletionStage} | ||
|
||
import com.daml.ledger.participant.state.v1.{AuthService, Claims} | ||
import io.grpc.Metadata | ||
|
||
/** An AuthService that authorizes all calls by always returning a wildcard [[Claims]] */ | ||
object AuthServiceWildcard extends AuthService { | ||
override def decodeMetadata(headers: Metadata): CompletionStage[Claims] = { | ||
CompletableFuture.completedFuture(Claims.wildcard) | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
...thorization/AsyncForwardingListener.scala → ...interceptor/AsyncForwardingListener.scala
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
5 changes: 3 additions & 2 deletions
5
...thorization/ApiServiceAuthorization.scala → ...th/services/ApiServiceAuthorization.scala
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
5 changes: 2 additions & 3 deletions
5
...mmandCompletionServiceAuthorization.scala → ...mmandCompletionServiceAuthorization.scala
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
13 changes: 3 additions & 10 deletions
13
...ervices/CommandServiceAuthorization.scala → ...ervices/CommandServiceAuthorization.scala
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
5 changes: 2 additions & 3 deletions
5
...mmandSubmissionServiceAuthorization.scala → ...mmandSubmissionServiceAuthorization.scala
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
5 changes: 2 additions & 3 deletions
5
...erConfigurationServiceAuthorization.scala → ...erConfigurationServiceAuthorization.scala
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
7 changes: 3 additions & 4 deletions
7
.../LedgerIdentityServiceAuthorization.scala → .../LedgerIdentityServiceAuthorization.scala
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
5 changes: 2 additions & 3 deletions
5
...ckageManagementServiceAuthorization.scala → ...ckageManagementServiceAuthorization.scala
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
5 changes: 2 additions & 3 deletions
5
...ervices/PackageServiceAuthorization.scala → ...ervices/PackageServiceAuthorization.scala
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
15 changes: 3 additions & 12 deletions
15
...PartyManagementServiceAuthorization.scala → ...PartyManagementServiceAuthorization.scala
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.