This repository has been archived by the owner on Jan 8, 2024. It is now read-only.
/
operation_auth.go
116 lines (99 loc) · 2.77 KB
/
operation_auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
package runner
import (
"context"
"github.com/hashicorp/go-hclog"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
"github.com/hashicorp/waypoint/internal/core"
pb "github.com/hashicorp/waypoint/pkg/server/gen"
serverptypes "github.com/hashicorp/waypoint/pkg/server/ptypes"
)
func (r *Runner) executeAuthOp(
ctx context.Context,
log hclog.Logger,
job *pb.Job,
project *core.Project,
) (*pb.Job_Result, error) {
op, ok := job.Operation.(*pb.Job_Auth)
if !ok {
// this shouldn't happen since the call to this function is gated
// on the above type match.
panic("operation not expected type")
}
app, err := project.App(job.Application.Application)
if err != nil {
return nil, err
}
cs, err := app.Components(ctx)
if err != nil {
return nil, err
}
for _, c := range cs {
defer c.Close()
}
var results []*pb.Job_AuthResult_Result
for _, c := range cs {
info := c.Info
if info == nil {
// Should never happen
continue
}
// If we have a ref set for a component then we only auth ones that match.
if op.Auth.Component != nil {
ptypeC := serverptypes.Component{Component: info}
if !ptypeC.Match(op.Auth.Component) {
continue
}
}
L := log.With("type", info.Type.String(), "name", info.Name)
L.Debug("checking auth")
// Start building our result. We append it right away. Since we're
// appending a pointer we can keep modifying it.
var result pb.Job_AuthResult_Result
results = append(results, &result)
result.Component = info
result.AuthSupported = app.CanAuth(c)
// Validate the auth
err := app.ValidateAuth(ctx, c)
result.CheckResult = err == nil
if err != nil {
st, _ := status.FromError(err)
result.CheckError = st.Proto()
}
L.Debug("auth result", "result", result.CheckResult, "error", result.CheckError)
// If we authed successfully or we're only checking, we're done.
if result.CheckResult || op.Auth.CheckOnly {
continue
}
// Attempt to authenticate
L.Trace("attempting auth")
authResult, err := app.Auth(ctx, c)
if err != nil {
st, _ := status.FromError(err)
result.AuthError = st.Proto()
}
if authResult != nil {
result.AuthCompleted = authResult.Authenticated
}
// If we did complete the auth, revalidate it.
if result.AuthCompleted {
err := app.ValidateAuth(ctx, c)
result.CheckResult = err == nil
if err != nil {
st, _ := status.FromError(err)
result.CheckError = st.Proto()
}
}
}
// If we referenced a component and have no results, then that component
// wasn't found and this is an error.
if op.Auth.Component != nil && len(results) == 0 {
return nil, status.Errorf(codes.FailedPrecondition,
"component to auth was not found for this app")
}
return &pb.Job_Result{
Auth: &pb.Job_AuthResult{
Results: results,
},
}, nil
}