github.com/NVIDIA/aistore@v1.3.23-0.20240517131212-7df6609be51d/api/authn/config.go

github.com/NVIDIA/aistore@v1.3.23-0.20240517131212-7df6609be51d/api/authn/config.go (about)

     1  // Package authn provides AuthN API over HTTP(S)
     2  /*
     3   * Copyright (c) 2018-2022, NVIDIA CORPORATION. All rights reserved.
     4   */
     5  package authn
     6  
     7  import (
     8  	"errors"
     9  	"fmt"
    10  	"strconv"
    11  	"sync"
    12  	"time"
    13  
    14  	"github.com/NVIDIA/aistore/cmn/cos"
    15  	"github.com/NVIDIA/aistore/cmn/debug"
    16  	"github.com/NVIDIA/aistore/cmn/jsp"
    17  )
    18  
    19  type (
    20  	Config struct {
    21  		sync.RWMutex `list:"omit"` // for cmn.IterFields
    22  		Log          LogConf       `json:"log"`
    23  		Net          NetConf       `json:"net"`
    24  		Server       ServerConf    `json:"auth"`
    25  		Timeout      TimeoutConf   `json:"timeout"`
    26  	}
    27  	LogConf struct {
    28  		Dir   string `json:"dir"`
    29  		Level string `json:"level"`
    30  	}
    31  	NetConf struct {
    32  		HTTP HTTPConf `json:"http"`
    33  	}
    34  	HTTPConf struct {
    35  		Port        int    `json:"port"`
    36  		UseHTTPS    bool   `json:"use_https"`
    37  		Certificate string `json:"server_crt"`
    38  		Key         string `json:"server_key"`
    39  	}
    40  	ServerConf struct {
    41  		Secret       string       `json:"secret"`
    42  		ExpirePeriod cos.Duration `json:"expiration_time"`
    43  	}
    44  	TimeoutConf struct {
    45  		Default cos.Duration `json:"default_timeout"`
    46  	}
    47  	ConfigToUpdate struct {
    48  		Server *ServerConfToSet `json:"auth"`
    49  	}
    50  	ServerConfToSet struct {
    51  		Secret       *string `json:"secret"`
    52  		ExpirePeriod *string `json:"expiration_time"`
    53  	}
    54  	// TokenList is a list of tokens pushed by authn
    55  	TokenList struct {
    56  		Tokens  []string `json:"tokens"`
    57  		Version int64    `json:"version,string"`
    58  	}
    59  )
    60  
    61  var (
    62  	_ jsp.Opts = (*Config)(nil)
    63  
    64  	authcfgJspOpts = jsp.Plain() // TODO: use CCSign(MetaverAuthNConfig)
    65  	authtokJspOpts = jsp.Plain() // ditto MetaverTokens
    66  )
    67  
    68  func (*Config) JspOpts() jsp.Options { return authcfgJspOpts }
    69  
    70  func (c *Config) Secret() (secret string) {
    71  	c.RLock()
    72  	secret = c.Server.Secret
    73  	c.RUnlock()
    74  	return
    75  }
    76  
    77  func (c *Config) Verbose() bool {
    78  	level, err := strconv.Atoi(c.Log.Level)
    79  	debug.AssertNoErr(err)
    80  	return level > 3
    81  }
    82  
    83  func (c *Config) ApplyUpdate(cu *ConfigToUpdate) error {
    84  	if cu.Server == nil {
    85  		return errors.New("configuration is empty")
    86  	}
    87  	c.Lock()
    88  	defer c.Unlock()
    89  	if cu.Server.Secret != nil {
    90  		if *cu.Server.Secret == "" {
    91  			return errors.New("secret not defined")
    92  		}
    93  		c.Server.Secret = *cu.Server.Secret
    94  	}
    95  	if cu.Server.ExpirePeriod != nil {
    96  		dur, err := time.ParseDuration(*cu.Server.ExpirePeriod)
    97  		if err != nil {
    98  			return fmt.Errorf("invalid time format %s, err: %v", *cu.Server.ExpirePeriod, err)
    99  		}
   100  		c.Server.ExpirePeriod = cos.Duration(dur)
   101  	}
   102  	return nil
   103  }