mirror of
https://github.com/safedep/vet.git
synced 2025-12-10 13:43:01 -06:00
refactor: grpc client to separate cloud and sync API
This commit is contained in:
abhisek
parent
c0e915cfaa
commit
d016c63174
33
auth.go
33
auth.go
@ -2,6 +2,7 @@ package main
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"os"
|
||||
|
||||
"github.com/AlecAivazis/survey/v2"
|
||||
@ -15,20 +16,24 @@ import (
|
||||
var (
|
||||
authInsightApiBaseUrl string
|
||||
authControlPlaneApiBaseUrl string
|
||||
authSyncApiBaseUrl string
|
||||
authCommunity bool
|
||||
authTenantDomain string
|
||||
)
|
||||
|
||||
func newAuthCommand() *cobra.Command {
|
||||
cmd := &cobra.Command{
|
||||
Use: "auth",
|
||||
Short: "[Deprecated] Use cloud command",
|
||||
Short: "Configure vet authentication",
|
||||
RunE: func(cmd *cobra.Command, args []string) error {
|
||||
return errors.New("a valid sub-command is required")
|
||||
},
|
||||
}
|
||||
|
||||
cmd.PersistentFlags().StringVarP(&authControlPlaneApiBaseUrl, "control-plane", "",
|
||||
auth.DefaultControlTowerUrl(), "Base URL of Control Plane API")
|
||||
auth.ControlTowerUrl(), "Base URL of Control Plane API")
|
||||
cmd.PersistentFlags().StringVarP(&authSyncApiBaseUrl, "sync", "", auth.SyncApiUrl(),
|
||||
"Base URL of Sync API")
|
||||
|
||||
cmd.AddCommand(configureAuthCommand())
|
||||
cmd.AddCommand(verifyAuthCommand())
|
||||
@ -55,11 +60,31 @@ func configureAuthCommand() *cobra.Command {
|
||||
logger.Fatalf("Failed to setup auth: %v", err)
|
||||
}
|
||||
|
||||
if auth.TenantDomain() != "" && auth.TenantDomain() != authTenantDomain {
|
||||
ui.PrintWarning(fmt.Sprintf("Tenant domain mismatch. Existing: %s, New: %s, continue? ",
|
||||
auth.TenantDomain(), authTenantDomain))
|
||||
|
||||
var confirm bool
|
||||
err = survey.AskOne(&survey.Confirm{
|
||||
Message: "Do you want to continue?",
|
||||
}, &confirm)
|
||||
|
||||
if err != nil {
|
||||
logger.Fatalf("Failed to setup auth: %v", err)
|
||||
}
|
||||
|
||||
if !confirm {
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
err = auth.Configure(auth.Config{
|
||||
ApiUrl: authInsightApiBaseUrl,
|
||||
ApiKey: string(key),
|
||||
ControlPlaneApiUrl: authControlPlaneApiBaseUrl,
|
||||
SyncApiUrl: authSyncApiBaseUrl,
|
||||
Community: authCommunity,
|
||||
TenantDomain: authTenantDomain,
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
@ -71,11 +96,15 @@ func configureAuthCommand() *cobra.Command {
|
||||
},
|
||||
}
|
||||
|
||||
cmd.Flags().StringVarP(&authTenantDomain, "tenant-domain", "", "",
|
||||
"Tenant domain for SafeDep Cloud")
|
||||
cmd.Flags().StringVarP(&authInsightApiBaseUrl, "api", "", auth.DefaultApiUrl(),
|
||||
"Base URL of Insights API")
|
||||
cmd.Flags().BoolVarP(&authCommunity, "community", "", false,
|
||||
"Use community API endpoint for Insights")
|
||||
|
||||
_ = cmd.MarkFlagRequired("tenant-domain")
|
||||
|
||||
return cmd
|
||||
}
|
||||
|
||||
|
||||
@ -17,10 +17,10 @@ const (
|
||||
|
||||
defaultApiUrl = "https://api.safedep.io/insights/v1"
|
||||
defaultCommunityApiUrl = "https://api.safedep.io/insights-community/v1"
|
||||
defaultSyncApiUrl = "https://api.safedep.io/sync/v1"
|
||||
|
||||
// gRPC service base URL.
|
||||
defaultControlPlaneApiUrl = "https://api.safedep.io"
|
||||
defaultSyncApiUrl = "https://api.safedep.io"
|
||||
defaultControlPlaneApiUrl = "https://cloud.safedep.io"
|
||||
|
||||
homeRelativeConfigPath = ".safedep/vet-auth.yml"
|
||||
)
|
||||
@ -29,8 +29,9 @@ type Config struct {
|
||||
ApiUrl string `yaml:"api_url"`
|
||||
ApiKey string `yaml:"api_key"`
|
||||
Community bool `yaml:"community"`
|
||||
ControlPlaneApiUrl string `yaml:"cp_api_url"`
|
||||
ControlPlaneApiUrl string `yaml:"control_api_url"`
|
||||
SyncApiUrl string `yaml:"sync_api_url"`
|
||||
TenantDomain string `yaml:"tenant_domain"`
|
||||
}
|
||||
|
||||
// Global config to be used during runtime
|
||||
@ -53,7 +54,7 @@ func DefaultCommunityApiUrl() string {
|
||||
return defaultCommunityApiUrl
|
||||
}
|
||||
|
||||
func DefaultSyncApiUrl() string {
|
||||
func SyncApiUrl() string {
|
||||
if (globalConfig != nil) && (globalConfig.SyncApiUrl != "") {
|
||||
return globalConfig.SyncApiUrl
|
||||
}
|
||||
@ -61,7 +62,7 @@ func DefaultSyncApiUrl() string {
|
||||
return defaultSyncApiUrl
|
||||
}
|
||||
|
||||
func DefaultControlTowerUrl() string {
|
||||
func ControlTowerUrl() string {
|
||||
if (globalConfig != nil) && (globalConfig.ControlPlaneApiUrl != "") {
|
||||
return globalConfig.ControlPlaneApiUrl
|
||||
}
|
||||
@ -69,6 +70,14 @@ func DefaultControlTowerUrl() string {
|
||||
return defaultControlPlaneApiUrl
|
||||
}
|
||||
|
||||
func TenantDomain() string {
|
||||
if globalConfig != nil {
|
||||
return globalConfig.TenantDomain
|
||||
}
|
||||
|
||||
return ""
|
||||
}
|
||||
|
||||
func ApiUrl() string {
|
||||
if url, ok := os.LookupEnv(apiUrlEnvKey); ok {
|
||||
return url
|
||||
|
||||
@ -15,7 +15,15 @@ import (
|
||||
// Create a gRPC client connection for the control plane
|
||||
// based on available configuration
|
||||
func ControlPlaneClientConnection(name string) (*grpc.ClientConn, error) {
|
||||
parsedUrl, err := url.Parse(DefaultControlTowerUrl())
|
||||
return cloudClientConnection(name, ControlTowerUrl())
|
||||
}
|
||||
|
||||
func SyncClientConnection(name string) (*grpc.ClientConn, error) {
|
||||
return cloudClientConnection(name, SyncApiUrl())
|
||||
}
|
||||
|
||||
func cloudClientConnection(name, loc string) (*grpc.ClientConn, error) {
|
||||
parsedUrl, err := url.Parse(loc)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -27,13 +35,20 @@ func ControlPlaneClientConnection(name string) (*grpc.ClientConn, error) {
|
||||
|
||||
logger.Debugf("ControlTower host: %s, port: %s", host, port)
|
||||
|
||||
// For local development, we use the mock user.
|
||||
vetTenantId := os.Getenv("VET_CONTROL_TOWER_TENANT_ID")
|
||||
vetTenantMockUser := os.Getenv("VET_CONTROL_TOWER_MOCK_USER")
|
||||
vetTenantId := TenantDomain()
|
||||
tenantIdOverride := os.Getenv("VET_CONTROL_TOWER_TENANT_ID")
|
||||
|
||||
if tenantIdOverride != "" {
|
||||
vetTenantId = tenantIdOverride
|
||||
}
|
||||
|
||||
headers := http.Header{}
|
||||
headers.Set("x-tenant-id", vetTenantId)
|
||||
headers.Set("x-mock-user", vetTenantMockUser)
|
||||
|
||||
vetTenantMockUser := os.Getenv("VET_CONTROL_TOWER_MOCK_USER")
|
||||
if vetTenantMockUser != "" {
|
||||
headers.Set("x-mock-user", vetTenantMockUser)
|
||||
}
|
||||
|
||||
client, err := drygrpc.GrpcClient(name, host, port,
|
||||
ApiKey(), headers, []grpc.DialOption{})
|
||||
|
||||
4
scan.go
4
scan.go
@ -179,7 +179,7 @@ func listParsersCommand() *cobra.Command {
|
||||
func startScan() {
|
||||
if !disableAuthVerifyBeforeScan {
|
||||
err := auth.Verify(&auth.VerifyConfig{
|
||||
ControlPlaneApiUrl: auth.DefaultControlTowerUrl(),
|
||||
ControlPlaneApiUrl: auth.ControlTowerUrl(),
|
||||
})
|
||||
|
||||
// We will fallback to community mode by default to provide
|
||||
@ -396,7 +396,7 @@ func internalStartScan() error {
|
||||
}
|
||||
|
||||
if syncReport {
|
||||
clientConn, err := auth.ControlPlaneClientConnection("vet-sync")
|
||||
clientConn, err := auth.SyncClientConnection("vet-sync")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user