fix: add oidc params to vex walker

Fixes #547 again Signed-off-by: Jim Crossley <jim@crossleys.org>
trustification · Sep 21, 2023 · 3d29d1d · 3d29d1d
1 parent fc9deaf
commit 3d29d1d
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 3 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/vexination/walker/Cargo.toml b/vexination/walker/Cargo.toml
@@ -10,6 +10,7 @@ tokio = { version = "1.0", features = ["full"] }
 log = "0.4"
 reqwest = { version = "0.11", features = ["json", "stream"] }
 trustification-infrastructure = { path = "../../infrastructure" }
+trustification-auth = { path = "../../auth" }
 clap = { version = "4", features = ["derive"] }
 anyhow = "1"
 sha2 = "0.10"

diff --git a/vexination/walker/src/lib.rs b/vexination/walker/src/lib.rs
@@ -11,6 +11,7 @@ use std::{
 use csaf_walker::validation::ValidationOptions;
 use prometheus::Registry;
 use time::{Date, Month, UtcOffset};
+use trustification_auth::client::OpenIdTokenProviderConfigArguments;
 use trustification_infrastructure::{Infrastructure, InfrastructureConfig};
 use url::Url;
 
@@ -44,6 +45,10 @@ pub struct Run {
 
     #[command(flatten)]
     pub infra: InfrastructureConfig,
+
+    /// OIDC client
+    #[command(flatten)]
+    pub(crate) oidc: OpenIdTokenProviderConfigArguments,
 }
 
 impl Run {
@@ -53,6 +58,8 @@ impl Run {
                 "vexination-walker",
                 |_context| async { Ok(()) },
                 |context| async move {
+                    let provider = self.oidc.clone().into_provider_or_devmode(self.devmode).await?;
+
                     let validation_date: Option<SystemTime> = match (self.policy_date, self.v3_signatures) {
                         (_, true) => Some(SystemTime::from(
                             Date::from_calendar_date(2007, Month::January, 1)
@@ -68,7 +75,7 @@ impl Run {
 
                     let options = ValidationOptions { validation_date };
 
-                    server::run(self.workers, self.source, self.sink, options).await
+                    server::run(self.workers, self.source, self.sink, provider, options).await
                 },
             )
             .await?;

diff --git a/vexination/walker/src/server.rs b/vexination/walker/src/server.rs
@@ -7,32 +7,48 @@ use csaf_walker::{
     validation::{ValidatedAdvisory, ValidationError, ValidationOptions, ValidationVisitor},
     walker::Walker,
 };
+use reqwest::StatusCode;
 use serde::Deserialize;
 use tokio::sync::{Mutex, RwLock};
+use trustification_auth::client::TokenInjector;
+use trustification_auth::client::TokenProvider;
 
 pub async fn run(
     workers: usize,
     source: url::Url,
     sink: url::Url,
+    provider: Arc<dyn TokenProvider>,
     options: ValidationOptions,
 ) -> Result<(), anyhow::Error> {
     let fetcher = Fetcher::new(Default::default()).await?;
 
     let validation = ValidationVisitor::new(|advisory: Result<ValidatedAdvisory, ValidationError>| {
         let sink = sink.clone();
+        let provider = provider.clone();
         async move {
             match advisory {
                 Ok(ValidatedAdvisory { retrieved }) => {
                     let data = retrieved.data;
                     match serde_json::from_slice::<csaf::Csaf>(&data) {
-                        Ok(doc) => match reqwest::Client::new().post(sink).json(&doc).send().await {
-                            Ok(_) => {
+                        Ok(doc) => match reqwest::Client::new()
+                            .post(sink)
+                            .json(&doc)
+                            .inject_token(&provider)
+                            .await
+                            .unwrap()
+                            .send()
+                            .await
+                        {
+                            Ok(r) if r.status() == StatusCode::CREATED => {
                                 log::info!(
                                     "VEX ({}) of size {} stored successfully",
                                     doc.document.tracking.id,
                                     &data[..].len()
                                 );
                             }
+                            Ok(r) => {
+                                log::warn!("(Skipped) Error storing VEX: {}", r.status());
+                            }
                             Err(e) => {
                                 log::warn!("(Skipped) Error storing VEX: {e:?}");
                             }