From 5aa45c0fd024bcc73fec48763cc11552e564a944 Mon Sep 17 00:00:00 2001 From: robot-datalens-back <151861227+robot-datalens-back@users.noreply.github.com> Date: Tue, 25 Jun 2024 12:31:47 +0300 Subject: [PATCH] feat(lib/dl_zitadel): disable basic auth plug and set US Auth to regular (#503) (#504) * feat(lib/dl_zitadel): disable basic auth plug and set US Auth to regular * fix(lib/dl_zitadel): add common tenant Co-authored-by: Dmitrii Ovsyannikov --- .../dl_control_api/app_factory.py | 26 +++++++------ app/dl_data_api/dl_data_api/app_factory.py | 37 +++++++++++++------ .../dl_zitadel/middlewares/aiohttp.py | 1 + .../dl_zitadel/middlewares/flask.py | 1 + 4 files changed, 43 insertions(+), 22 deletions(-) diff --git a/app/dl_control_api/dl_control_api/app_factory.py b/app/dl_control_api/dl_control_api/app_factory.py index f068b49bd..7ff8e5f5d 100644 --- a/app/dl_control_api/dl_control_api/app_factory.py +++ b/app/dl_control_api/dl_control_api/app_factory.py @@ -69,28 +69,31 @@ def set_up_environment( testing_app_settings: Optional[ControlApiAppTestingsSettings] = None, ) -> EnvSetupResult: us_auth_mode: USAuthMode - from dl_api_commons.flask.middlewares.trust_auth import TrustAuthService - TrustAuthService( - fake_user_id="_user_id_", - fake_user_name="_user_name_", - fake_tenant=None if testing_app_settings is None else testing_app_settings.fake_tenant, - ).set_up(app) + us_auth_mode = USAuthMode.regular + auth_setup = self._setup_auth_middleware(app=app) - us_auth_mode_override = None if testing_app_settings is None else testing_app_settings.us_auth_mode_override - us_auth_mode = USAuthMode.master if us_auth_mode_override is None else us_auth_mode_override + if not auth_setup: + from dl_api_commons.flask.middlewares.trust_auth import TrustAuthService - self._setup_auth_middleware(app=app) + TrustAuthService( + fake_user_id="_user_id_", + fake_user_name="_user_name_", + fake_tenant=None if testing_app_settings is None else testing_app_settings.fake_tenant, + ).set_up(app) + + us_auth_mode_override = None if testing_app_settings is None else testing_app_settings.us_auth_mode_override + us_auth_mode = USAuthMode.master if us_auth_mode_override is None else us_auth_mode_override result = EnvSetupResult(us_auth_mode=us_auth_mode) return result - def _setup_auth_middleware(self, app: flask.Flask) -> None: + def _setup_auth_middleware(self, app: flask.Flask) -> bool: self._settings: ControlApiAppSettingsOS if self._settings.AUTH is None: LOGGER.warning("No auth settings found, continuing without auth setup") - return + return False # TODO: Add support for other auth types assert self._settings.AUTH.TYPE == "ZITADEL" @@ -116,3 +119,4 @@ def _setup_auth_middleware(self, app: flask.Flask) -> None: token_storage=token_storage, ).set_up(app=app) LOGGER.info("Zitadel auth setup complete") + return True diff --git a/app/dl_data_api/dl_data_api/app_factory.py b/app/dl_data_api/dl_data_api/app_factory.py index 5595adb4f..db221121f 100644 --- a/app/dl_data_api/dl_data_api/app_factory.py +++ b/app/dl_data_api/dl_data_api/app_factory.py @@ -22,7 +22,10 @@ from dl_configs.utils import get_root_certificates from dl_constants.enums import ConnectionType from dl_core.aio.middlewares.services_registry import services_registry_middleware -from dl_core.aio.middlewares.us_manager import service_us_manager_middleware +from dl_core.aio.middlewares.us_manager import ( + service_us_manager_middleware, + us_manager_middleware, +) from dl_core.services_registry.entity_checker import EntityUsageChecker from dl_core.services_registry.env_manager_factory import InsecureEnvManagerFactory from dl_core.services_registry.env_manager_factory_base import EnvManagerFactory @@ -95,12 +98,17 @@ def set_up_environment( ) # Auth middlewares - auth_mw_list = [ - auth_trust_middleware( - fake_user_id="_user_id_", - fake_user_name="_user_name_", - ) - ] + auth_mw = self._get_auth_middleware() + + if auth_mw is None: + auth_mw_list = [ + auth_trust_middleware( + fake_user_id="_user_id_", + fake_user_name="_user_name_", + ) + ] + else: + auth_mw_list = [auth_mw] # SR middlewares sr_middleware_list = [ @@ -118,10 +126,17 @@ def set_up_environment( crypto_keys_config=self._settings.CRYPTO_KEYS_CONFIG, ca_data=ca_data, ) - usm_middleware_list = [ - service_us_manager_middleware(us_master_token=self._settings.US_MASTER_TOKEN, **common_us_kw), # type: ignore # 2024-01-30 # TODO: Argument "us_master_token" to "service_us_manager_middleware" has incompatible type "str | None"; expected "str" [arg-type] - service_us_manager_middleware(us_master_token=self._settings.US_MASTER_TOKEN, as_user_usm=True, **common_us_kw), # type: ignore # 2024-01-30 # TODO: Argument "us_master_token" to "service_us_manager_middleware" has incompatible type "str | None"; expected "str" [arg-type] - ] + + if auth_mw is None: + usm_middleware_list = [ + service_us_manager_middleware(us_master_token=self._settings.US_MASTER_TOKEN, **common_us_kw), # type: ignore # 2024-01-30 # TODO: Argument "us_master_token" to "service_us_manager_middleware" has incompatible type "str | None"; expected "str" [arg-type] + service_us_manager_middleware(us_master_token=self._settings.US_MASTER_TOKEN, as_user_usm=True, **common_us_kw), # type: ignore # 2024-01-30 # TODO: Argument "us_master_token" to "service_us_manager_middleware" has incompatible type "str | None"; expected "str" [arg-type] + ] + else: + usm_middleware_list = [ + us_manager_middleware(**common_us_kw), # type: ignore + service_us_manager_middleware(us_master_token=self._settings.US_MASTER_TOKEN, **common_us_kw), # type: ignore + ] result = EnvSetupResult( auth_mw_list=auth_mw_list, diff --git a/lib/dl_zitadel/dl_zitadel/middlewares/aiohttp.py b/lib/dl_zitadel/dl_zitadel/middlewares/aiohttp.py index 456db5cf2..2c5a663cc 100644 --- a/lib/dl_zitadel/dl_zitadel/middlewares/aiohttp.py +++ b/lib/dl_zitadel/dl_zitadel/middlewares/aiohttp.py @@ -63,6 +63,7 @@ async def inner( app_request.temp_rci, user_id=user_introspect_result.sub, user_name=user_introspect_result.username, + tenant=dl_api_commons_base_models.TenantCommon(), auth_data=middlewares_models.ZitadelAuthData( service_access_token=await self._token_storage.get_token(), user_access_token=user_access_token, diff --git a/lib/dl_zitadel/dl_zitadel/middlewares/flask.py b/lib/dl_zitadel/dl_zitadel/middlewares/flask.py index 1d098f64a..f7a92065d 100644 --- a/lib/dl_zitadel/dl_zitadel/middlewares/flask.py +++ b/lib/dl_zitadel/dl_zitadel/middlewares/flask.py @@ -56,6 +56,7 @@ def process(self) -> flask.Response | None: temp_rci.clone( user_id=user_introspect_result.sub, user_name=user_introspect_result.username, + tenant=dl_api_commons_base_models.TenantCommon(), auth_data=middlewares_models.ZitadelAuthData( service_access_token=self._token_storage.get_token(), user_access_token=user_access_token,