github.com/aporeto-inc/trireme-lib@v10.358.0+incompatible/controller/internal/enforcer/metadata/metadata.go (about)

     1  package metadata
     2  
     3  import (
     4  	"context"
     5  	"encoding/json"
     6  	"sync"
     7  	"time"
     8  
     9  	"go.aporeto.io/enforcerd/trireme-lib/controller/internal/enforcer/apiauth"
    10  
    11  	"go.aporeto.io/enforcerd/trireme-lib/common"
    12  	"go.aporeto.io/enforcerd/trireme-lib/controller/internal/enforcer/applicationproxy/serviceregistry"
    13  	"go.aporeto.io/enforcerd/trireme-lib/policy"
    14  )
    15  
    16  // Client is a metadata client.
    17  type Client struct {
    18  	puContext   string
    19  	tokenIssuer common.ServiceTokenIssuer
    20  	certPEM     []byte
    21  	keyPEM      []byte
    22  
    23  	sync.RWMutex
    24  }
    25  
    26  // NewClient returns a new metadata client
    27  func NewClient(puContext string, t common.ServiceTokenIssuer) *Client {
    28  	return &Client{
    29  		puContext:   puContext,
    30  		tokenIssuer: t,
    31  	}
    32  }
    33  
    34  // UpdateSecrets updates the secrets of the client.
    35  func (c *Client) UpdateSecrets(cert, key []byte) {
    36  	c.Lock()
    37  	defer c.Unlock()
    38  
    39  	c.certPEM = cert
    40  	c.keyPEM = key
    41  }
    42  
    43  // GetCertificate returns back the certificate.
    44  func (c *Client) GetCertificate() []byte {
    45  	c.RLock()
    46  	defer c.RUnlock()
    47  
    48  	return c.certPEM
    49  }
    50  
    51  // GetPrivateKey returns the private key associated with this service.
    52  func (c *Client) GetPrivateKey() []byte {
    53  	c.RLock()
    54  	defer c.RUnlock()
    55  
    56  	return c.keyPEM
    57  }
    58  
    59  // GetCurrentPolicy returns the current policy of the datapath. It returns
    60  // the marshalled policy as well as the original object for any farther processing.
    61  func (c *Client) GetCurrentPolicy() ([]byte, *policy.PUPolicyPublic, error) {
    62  
    63  	sctx, err := serviceregistry.Instance().RetrieveServiceByID(c.puContext)
    64  	if err != nil {
    65  		return nil, nil, err
    66  	}
    67  
    68  	plc := sctx.PU.Policy.ToPublicPolicy()
    69  	plc.ServicesCertificate = ""
    70  	plc.ServicesPrivateKey = ""
    71  	data, err := json.MarshalIndent(plc, "  ", "  ")
    72  	if err != nil {
    73  		data = []byte("Internal Server Error")
    74  	}
    75  
    76  	return data, plc, nil
    77  }
    78  
    79  // IssueToken issues an OAUTH token for this PU for the desired audience
    80  // and validity. The request will use the token issuer to contact the OIDC
    81  // provider and issue the token.
    82  func (c *Client) IssueToken(ctx context.Context, stype common.ServiceTokenType, audience string, validity time.Duration) (string, error) {
    83  	return c.tokenIssuer.Issue(ctx, c.puContext, stype, audience, validity)
    84  }
    85  
    86  // Authorize request will use the enforcerd databases and context to authorize
    87  // an http request given the provided credentials.
    88  func (c *Client) Authorize(request *apiauth.Request) error {
    89  
    90  	// TODO
    91  	return nil
    92  }