service: add signer option

Signed-off-by: Hank Donnay <hdonnay@redhat.com>
quay · Jan 10, 2023 · e08f397 · e08f397
1 parent 3b9ff6d
commit e08f397
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 16 deletions.
diff --git a/initialize/services.go b/initialize/services.go
@@ -179,11 +179,7 @@ func localIndexer(ctx context.Context, cfg *config.Config) (indexer.Service, err
 			}
 		}
 	}
-	tr := http.DefaultTransport.(*http.Transport).Clone()
-	// Use an empty claim because this shouldn't be talking to something that
-	// needs preconfigured authz. Callers should be providing credentials to the
-	// indexing process in the submitted manifest.
-	c, _, err := httputil.Client(tr, nil, cfg)
+	c, err := httputil.NewClient(ctx, cfg.Indexer.Airgap)
 	if err != nil {
 		return nil, mkErr(err)
 	}
@@ -210,16 +206,19 @@ func remoteIndexer(ctx context.Context, cfg *config.Config, addr string) (indexe
 }
 
 func remoteClient(ctx context.Context, cfg *config.Config, claim jwt.Claims, addr string) (*client.HTTP, error) {
-	tr := http.DefaultTransport.(*http.Transport).Clone()
-	c, auth, err := httputil.Client(tr, &claim, cfg)
-	switch {
-	case err != nil:
+	c, err := httputil.NewClient(ctx, false) // ???
+	if err != nil {
 		return nil, err
-	case !auth && cfg.Auth.Any():
-		return nil, errors.New("client authorization required but not provided")
-	default: // OK
 	}
-	return client.NewHTTP(ctx, client.WithAddr(addr), client.WithClient(c))
+	opts := []client.Option{client.WithAddr(addr), client.WithClient(c)}
+	if cfg.Auth.Any() {
+		s, err := httputil.NewSigner(ctx, cfg, claim)
+		if err != nil {
+			return nil, err
+		}
+		opts = append(opts, client.WithSigner(s))
+	}
+	return client.NewHTTP(ctx, opts...)
 }
 
 func localMatcher(ctx context.Context, cfg *config.Config) (matcher.Service, error) {
@@ -319,8 +318,11 @@ func localNotifier(ctx context.Context, cfg *config.Config, i indexer.Service, m
 		}
 	}
 
-	tr := http.DefaultTransport.(*http.Transport).Clone()
-	c, _, err := httputil.Client(tr, &notifierClaim, cfg)
+	c, err := httputil.NewClient(ctx, false) // No airgap flag.
+	if err != nil {
+		return nil, mkErr(err)
+	}
+	signer, err := httputil.NewSigner(ctx, cfg, notifierClaim)
 	if err != nil {
 		return nil, mkErr(err)
 	}
@@ -350,6 +352,7 @@ func localNotifier(ctx context.Context, cfg *config.Config, i indexer.Service, m
 		Indexer:          i,
 		Matcher:          m,
 		Client:           c,
+		Signer:           signer,
 		PollInterval:     cfg.Notifier.PollInterval,
 		DisableSummary:   cfg.Notifier.DisableSummary,
 		Webhook:          cfg.Notifier.Webhook,

diff --git a/notifier/service/notifier.go b/notifier/service/notifier.go
@@ -55,6 +55,7 @@ func (s *Notifier) DeleteNotifications(ctx context.Context, id uuid.UUID) error
 type Opts struct {
 	Matcher          matcher.Service
 	Indexer          indexer.Service
+	Signer           webhook.Signer
 	Client           *http.Client
 	Webhook          *config.Webhook
 	AMQP             *config.AMQP
@@ -100,7 +101,7 @@ func New(ctx context.Context, store notifier.Store, locks notifier.Locker, opts
 		zlog.Info(ctx).
 			Int("count", deliveries).
 			Msg("initializing webhook deliverers")
-		del, err = webhook.New(opts.Webhook, opts.Client)
+		del, err = webhook.New(opts.Webhook, opts.Client, opts.Signer)
 		if err != nil {
 			return nil, fmt.Errorf("failed to create webhook deliverer: %v", err)
 		}