Skip to content

Commit

Permalink
feat(lib/dl_zitadel): disable basic auth plug and set US Auth to regu…
Browse files Browse the repository at this point in the history
…lar (#503) (#504)

* feat(lib/dl_zitadel): disable basic auth plug and set US Auth to regular

* fix(lib/dl_zitadel): add common tenant

Co-authored-by: Dmitrii Ovsyannikov <[email protected]>
  • Loading branch information
robot-datalens-back and ovsds authored Jun 25, 2024
1 parent 4ecfb8d commit 5aa45c0
Show file tree
Hide file tree
Showing 4 changed files with 43 additions and 22 deletions.
26 changes: 15 additions & 11 deletions app/dl_control_api/dl_control_api/app_factory.py
Original file line number Diff line number Diff line change
Expand Up @@ -69,28 +69,31 @@ def set_up_environment(
testing_app_settings: Optional[ControlApiAppTestingsSettings] = None,
) -> EnvSetupResult:
us_auth_mode: USAuthMode
from dl_api_commons.flask.middlewares.trust_auth import TrustAuthService

TrustAuthService(
fake_user_id="_user_id_",
fake_user_name="_user_name_",
fake_tenant=None if testing_app_settings is None else testing_app_settings.fake_tenant,
).set_up(app)
us_auth_mode = USAuthMode.regular
auth_setup = self._setup_auth_middleware(app=app)

us_auth_mode_override = None if testing_app_settings is None else testing_app_settings.us_auth_mode_override
us_auth_mode = USAuthMode.master if us_auth_mode_override is None else us_auth_mode_override
if not auth_setup:
from dl_api_commons.flask.middlewares.trust_auth import TrustAuthService

self._setup_auth_middleware(app=app)
TrustAuthService(
fake_user_id="_user_id_",
fake_user_name="_user_name_",
fake_tenant=None if testing_app_settings is None else testing_app_settings.fake_tenant,
).set_up(app)

us_auth_mode_override = None if testing_app_settings is None else testing_app_settings.us_auth_mode_override
us_auth_mode = USAuthMode.master if us_auth_mode_override is None else us_auth_mode_override

result = EnvSetupResult(us_auth_mode=us_auth_mode)
return result

def _setup_auth_middleware(self, app: flask.Flask) -> None:
def _setup_auth_middleware(self, app: flask.Flask) -> bool:
self._settings: ControlApiAppSettingsOS

if self._settings.AUTH is None:
LOGGER.warning("No auth settings found, continuing without auth setup")
return
return False

# TODO: Add support for other auth types
assert self._settings.AUTH.TYPE == "ZITADEL"
Expand All @@ -116,3 +119,4 @@ def _setup_auth_middleware(self, app: flask.Flask) -> None:
token_storage=token_storage,
).set_up(app=app)
LOGGER.info("Zitadel auth setup complete")
return True
37 changes: 26 additions & 11 deletions app/dl_data_api/dl_data_api/app_factory.py
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,10 @@
from dl_configs.utils import get_root_certificates
from dl_constants.enums import ConnectionType
from dl_core.aio.middlewares.services_registry import services_registry_middleware
from dl_core.aio.middlewares.us_manager import service_us_manager_middleware
from dl_core.aio.middlewares.us_manager import (
service_us_manager_middleware,
us_manager_middleware,
)
from dl_core.services_registry.entity_checker import EntityUsageChecker
from dl_core.services_registry.env_manager_factory import InsecureEnvManagerFactory
from dl_core.services_registry.env_manager_factory_base import EnvManagerFactory
Expand Down Expand Up @@ -95,12 +98,17 @@ def set_up_environment(
)

# Auth middlewares
auth_mw_list = [
auth_trust_middleware(
fake_user_id="_user_id_",
fake_user_name="_user_name_",
)
]
auth_mw = self._get_auth_middleware()

if auth_mw is None:
auth_mw_list = [
auth_trust_middleware(
fake_user_id="_user_id_",
fake_user_name="_user_name_",
)
]
else:
auth_mw_list = [auth_mw]

# SR middlewares
sr_middleware_list = [
Expand All @@ -118,10 +126,17 @@ def set_up_environment(
crypto_keys_config=self._settings.CRYPTO_KEYS_CONFIG,
ca_data=ca_data,
)
usm_middleware_list = [
service_us_manager_middleware(us_master_token=self._settings.US_MASTER_TOKEN, **common_us_kw), # type: ignore # 2024-01-30 # TODO: Argument "us_master_token" to "service_us_manager_middleware" has incompatible type "str | None"; expected "str" [arg-type]
service_us_manager_middleware(us_master_token=self._settings.US_MASTER_TOKEN, as_user_usm=True, **common_us_kw), # type: ignore # 2024-01-30 # TODO: Argument "us_master_token" to "service_us_manager_middleware" has incompatible type "str | None"; expected "str" [arg-type]
]

if auth_mw is None:
usm_middleware_list = [
service_us_manager_middleware(us_master_token=self._settings.US_MASTER_TOKEN, **common_us_kw), # type: ignore # 2024-01-30 # TODO: Argument "us_master_token" to "service_us_manager_middleware" has incompatible type "str | None"; expected "str" [arg-type]
service_us_manager_middleware(us_master_token=self._settings.US_MASTER_TOKEN, as_user_usm=True, **common_us_kw), # type: ignore # 2024-01-30 # TODO: Argument "us_master_token" to "service_us_manager_middleware" has incompatible type "str | None"; expected "str" [arg-type]
]
else:
usm_middleware_list = [
us_manager_middleware(**common_us_kw), # type: ignore
service_us_manager_middleware(us_master_token=self._settings.US_MASTER_TOKEN, **common_us_kw), # type: ignore
]

result = EnvSetupResult(
auth_mw_list=auth_mw_list,
Expand Down
1 change: 1 addition & 0 deletions lib/dl_zitadel/dl_zitadel/middlewares/aiohttp.py
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,7 @@ async def inner(
app_request.temp_rci,
user_id=user_introspect_result.sub,
user_name=user_introspect_result.username,
tenant=dl_api_commons_base_models.TenantCommon(),
auth_data=middlewares_models.ZitadelAuthData(
service_access_token=await self._token_storage.get_token(),
user_access_token=user_access_token,
Expand Down
1 change: 1 addition & 0 deletions lib/dl_zitadel/dl_zitadel/middlewares/flask.py
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ def process(self) -> flask.Response | None:
temp_rci.clone(
user_id=user_introspect_result.sub,
user_name=user_introspect_result.username,
tenant=dl_api_commons_base_models.TenantCommon(),
auth_data=middlewares_models.ZitadelAuthData(
service_access_token=self._token_storage.get_token(),
user_access_token=user_access_token,
Expand Down

0 comments on commit 5aa45c0

Please sign in to comment.