go.uber.org/cadence@v1.2.9/internal/common/auth/service_wrapper.go (about) 1 // Copyright (c) 2021 Uber Technologies, Inc. 2 // 3 // Permission is hereby granted, free of charge, to any person obtaining a copy 4 // of this software and associated documentation files (the "Software"), to deal 5 // in the Software without restriction, including without limitation the rights 6 // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 7 // copies of the Software, and to permit persons to whom the Software is 8 // furnished to do so, subject to the following conditions: 9 // 10 // The above copyright notice and this permission notice shall be included in 11 // all copies or substantial portions of the Software. 12 // 13 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 14 // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 18 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 19 // THE SOFTWARE. 20 21 package auth 22 23 import ( 24 "context" 25 26 "github.com/golang-jwt/jwt/v5" 27 "go.uber.org/cadence/.gen/go/cadence/workflowserviceclient" 28 "go.uber.org/cadence/.gen/go/shared" 29 "go.uber.org/yarpc" 30 ) 31 32 const ( 33 jwtHeaderName = "cadence-authorization" 34 ) 35 36 type workflowServiceAuthWrapper struct { 37 service workflowserviceclient.Interface 38 authProvider AuthorizationProvider 39 } 40 41 type AuthorizationProvider interface { 42 // GetAuthToken provides the OAuth authorization token 43 // It's called before every request to Cadence server, and sets the token in the request header. 44 GetAuthToken() ([]byte, error) 45 } 46 47 type JWTClaims struct { 48 jwt.RegisteredClaims 49 50 Sub string 51 Name string 52 Groups string // separated by space 53 Admin bool 54 TTL int64 55 } 56 57 // NewWorkflowServiceWrapper creates 58 func NewWorkflowServiceWrapper(service workflowserviceclient.Interface, authorizationProvider AuthorizationProvider) workflowserviceclient.Interface { 59 return &workflowServiceAuthWrapper{ 60 service: service, 61 authProvider: authorizationProvider, 62 } 63 } 64 65 func (w *workflowServiceAuthWrapper) getYarpcJWTHeader() (*yarpc.CallOption, error) { 66 token, err := w.authProvider.GetAuthToken() 67 if err != nil { 68 return nil, err 69 } 70 header := yarpc.WithHeader(jwtHeaderName, string(token)) 71 return &header, nil 72 } 73 74 func (w *workflowServiceAuthWrapper) DeprecateDomain(ctx context.Context, request *shared.DeprecateDomainRequest, opts ...yarpc.CallOption) error { 75 tokenHeader, err := w.getYarpcJWTHeader() 76 if err != nil { 77 return err 78 } 79 opts = append(opts, *tokenHeader) 80 err = w.service.DeprecateDomain(ctx, request, opts...) 81 return err 82 } 83 84 func (w *workflowServiceAuthWrapper) ListDomains(ctx context.Context, request *shared.ListDomainsRequest, opts ...yarpc.CallOption) (*shared.ListDomainsResponse, error) { 85 tokenHeader, err := w.getYarpcJWTHeader() 86 if err != nil { 87 return nil, err 88 } 89 opts = append(opts, *tokenHeader) 90 result, err := w.service.ListDomains(ctx, request, opts...) 91 92 return result, err 93 } 94 95 func (w *workflowServiceAuthWrapper) DescribeDomain(ctx context.Context, request *shared.DescribeDomainRequest, opts ...yarpc.CallOption) (*shared.DescribeDomainResponse, error) { 96 tokenHeader, err := w.getYarpcJWTHeader() 97 if err != nil { 98 return nil, err 99 } 100 opts = append(opts, *tokenHeader) 101 result, err := w.service.DescribeDomain(ctx, request, opts...) 102 return result, err 103 } 104 105 func (w *workflowServiceAuthWrapper) DescribeWorkflowExecution(ctx context.Context, request *shared.DescribeWorkflowExecutionRequest, opts ...yarpc.CallOption) (*shared.DescribeWorkflowExecutionResponse, error) { 106 tokenHeader, err := w.getYarpcJWTHeader() 107 if err != nil { 108 return nil, err 109 } 110 opts = append(opts, *tokenHeader) 111 result, err := w.service.DescribeWorkflowExecution(ctx, request, opts...) 112 return result, err 113 } 114 115 func (w *workflowServiceAuthWrapper) GetWorkflowExecutionHistory(ctx context.Context, request *shared.GetWorkflowExecutionHistoryRequest, opts ...yarpc.CallOption) (*shared.GetWorkflowExecutionHistoryResponse, error) { 116 tokenHeader, err := w.getYarpcJWTHeader() 117 if err != nil { 118 return nil, err 119 } 120 opts = append(opts, *tokenHeader) 121 result, err := w.service.GetWorkflowExecutionHistory(ctx, request, opts...) 122 return result, err 123 } 124 125 func (w *workflowServiceAuthWrapper) ListClosedWorkflowExecutions(ctx context.Context, request *shared.ListClosedWorkflowExecutionsRequest, opts ...yarpc.CallOption) (*shared.ListClosedWorkflowExecutionsResponse, error) { 126 tokenHeader, err := w.getYarpcJWTHeader() 127 if err != nil { 128 return nil, err 129 } 130 opts = append(opts, *tokenHeader) 131 result, err := w.service.ListClosedWorkflowExecutions(ctx, request, opts...) 132 return result, err 133 } 134 135 func (w *workflowServiceAuthWrapper) ListOpenWorkflowExecutions(ctx context.Context, request *shared.ListOpenWorkflowExecutionsRequest, opts ...yarpc.CallOption) (*shared.ListOpenWorkflowExecutionsResponse, error) { 136 tokenHeader, err := w.getYarpcJWTHeader() 137 if err != nil { 138 return nil, err 139 } 140 opts = append(opts, *tokenHeader) 141 result, err := w.service.ListOpenWorkflowExecutions(ctx, request, opts...) 142 return result, err 143 } 144 145 func (w *workflowServiceAuthWrapper) ListWorkflowExecutions(ctx context.Context, request *shared.ListWorkflowExecutionsRequest, opts ...yarpc.CallOption) (*shared.ListWorkflowExecutionsResponse, error) { 146 tokenHeader, err := w.getYarpcJWTHeader() 147 if err != nil { 148 return nil, err 149 } 150 opts = append(opts, *tokenHeader) 151 result, err := w.service.ListWorkflowExecutions(ctx, request, opts...) 152 return result, err 153 } 154 155 func (w *workflowServiceAuthWrapper) ListArchivedWorkflowExecutions(ctx context.Context, request *shared.ListArchivedWorkflowExecutionsRequest, opts ...yarpc.CallOption) (*shared.ListArchivedWorkflowExecutionsResponse, error) { 156 tokenHeader, err := w.getYarpcJWTHeader() 157 if err != nil { 158 return nil, err 159 } 160 opts = append(opts, *tokenHeader) 161 result, err := w.service.ListArchivedWorkflowExecutions(ctx, request, opts...) 162 return result, err 163 } 164 165 func (w *workflowServiceAuthWrapper) ScanWorkflowExecutions(ctx context.Context, request *shared.ListWorkflowExecutionsRequest, opts ...yarpc.CallOption) (*shared.ListWorkflowExecutionsResponse, error) { 166 tokenHeader, err := w.getYarpcJWTHeader() 167 if err != nil { 168 return nil, err 169 } 170 opts = append(opts, *tokenHeader) 171 result, err := w.service.ScanWorkflowExecutions(ctx, request, opts...) 172 return result, err 173 } 174 175 func (w *workflowServiceAuthWrapper) CountWorkflowExecutions(ctx context.Context, request *shared.CountWorkflowExecutionsRequest, opts ...yarpc.CallOption) (*shared.CountWorkflowExecutionsResponse, error) { 176 tokenHeader, err := w.getYarpcJWTHeader() 177 if err != nil { 178 return nil, err 179 } 180 opts = append(opts, *tokenHeader) 181 result, err := w.service.CountWorkflowExecutions(ctx, request, opts...) 182 return result, err 183 } 184 185 func (w *workflowServiceAuthWrapper) PollForActivityTask(ctx context.Context, request *shared.PollForActivityTaskRequest, opts ...yarpc.CallOption) (*shared.PollForActivityTaskResponse, error) { 186 tokenHeader, err := w.getYarpcJWTHeader() 187 if err != nil { 188 return nil, err 189 } 190 opts = append(opts, *tokenHeader) 191 result, err := w.service.PollForActivityTask(ctx, request, opts...) 192 return result, err 193 } 194 195 func (w *workflowServiceAuthWrapper) PollForDecisionTask(ctx context.Context, request *shared.PollForDecisionTaskRequest, opts ...yarpc.CallOption) (*shared.PollForDecisionTaskResponse, error) { 196 tokenHeader, err := w.getYarpcJWTHeader() 197 if err != nil { 198 return nil, err 199 } 200 opts = append(opts, *tokenHeader) 201 result, err := w.service.PollForDecisionTask(ctx, request, opts...) 202 return result, err 203 } 204 205 func (w *workflowServiceAuthWrapper) RecordActivityTaskHeartbeat(ctx context.Context, request *shared.RecordActivityTaskHeartbeatRequest, opts ...yarpc.CallOption) (*shared.RecordActivityTaskHeartbeatResponse, error) { 206 tokenHeader, err := w.getYarpcJWTHeader() 207 if err != nil { 208 return nil, err 209 } 210 opts = append(opts, *tokenHeader) 211 result, err := w.service.RecordActivityTaskHeartbeat(ctx, request, opts...) 212 return result, err 213 } 214 215 func (w *workflowServiceAuthWrapper) RecordActivityTaskHeartbeatByID(ctx context.Context, request *shared.RecordActivityTaskHeartbeatByIDRequest, opts ...yarpc.CallOption) (*shared.RecordActivityTaskHeartbeatResponse, error) { 216 tokenHeader, err := w.getYarpcJWTHeader() 217 if err != nil { 218 return nil, err 219 } 220 opts = append(opts, *tokenHeader) 221 result, err := w.service.RecordActivityTaskHeartbeatByID(ctx, request, opts...) 222 return result, err 223 } 224 225 func (w *workflowServiceAuthWrapper) RegisterDomain(ctx context.Context, request *shared.RegisterDomainRequest, opts ...yarpc.CallOption) error { 226 tokenHeader, err := w.getYarpcJWTHeader() 227 if err != nil { 228 return err 229 } 230 opts = append(opts, *tokenHeader) 231 err = w.service.RegisterDomain(ctx, request, opts...) 232 return err 233 } 234 235 func (w *workflowServiceAuthWrapper) RequestCancelWorkflowExecution(ctx context.Context, request *shared.RequestCancelWorkflowExecutionRequest, opts ...yarpc.CallOption) error { 236 tokenHeader, err := w.getYarpcJWTHeader() 237 if err != nil { 238 return err 239 } 240 opts = append(opts, *tokenHeader) 241 err = w.service.RequestCancelWorkflowExecution(ctx, request, opts...) 242 return err 243 } 244 245 func (w *workflowServiceAuthWrapper) RespondActivityTaskCanceled(ctx context.Context, request *shared.RespondActivityTaskCanceledRequest, opts ...yarpc.CallOption) error { 246 tokenHeader, err := w.getYarpcJWTHeader() 247 if err != nil { 248 return err 249 } 250 opts = append(opts, *tokenHeader) 251 err = w.service.RespondActivityTaskCanceled(ctx, request, opts...) 252 return err 253 } 254 255 func (w *workflowServiceAuthWrapper) RespondActivityTaskCompleted(ctx context.Context, request *shared.RespondActivityTaskCompletedRequest, opts ...yarpc.CallOption) error { 256 tokenHeader, err := w.getYarpcJWTHeader() 257 if err != nil { 258 return err 259 } 260 opts = append(opts, *tokenHeader) 261 err = w.service.RespondActivityTaskCompleted(ctx, request, opts...) 262 return err 263 } 264 265 func (w *workflowServiceAuthWrapper) RespondActivityTaskFailed(ctx context.Context, request *shared.RespondActivityTaskFailedRequest, opts ...yarpc.CallOption) error { 266 tokenHeader, err := w.getYarpcJWTHeader() 267 if err != nil { 268 return err 269 } 270 opts = append(opts, *tokenHeader) 271 err = w.service.RespondActivityTaskFailed(ctx, request, opts...) 272 return err 273 } 274 275 func (w *workflowServiceAuthWrapper) RespondActivityTaskCanceledByID(ctx context.Context, request *shared.RespondActivityTaskCanceledByIDRequest, opts ...yarpc.CallOption) error { 276 tokenHeader, err := w.getYarpcJWTHeader() 277 if err != nil { 278 return err 279 } 280 opts = append(opts, *tokenHeader) 281 err = w.service.RespondActivityTaskCanceledByID(ctx, request, opts...) 282 return err 283 } 284 285 func (w *workflowServiceAuthWrapper) RespondActivityTaskCompletedByID(ctx context.Context, request *shared.RespondActivityTaskCompletedByIDRequest, opts ...yarpc.CallOption) error { 286 tokenHeader, err := w.getYarpcJWTHeader() 287 if err != nil { 288 return err 289 } 290 opts = append(opts, *tokenHeader) 291 err = w.service.RespondActivityTaskCompletedByID(ctx, request, opts...) 292 return err 293 } 294 295 func (w *workflowServiceAuthWrapper) RespondActivityTaskFailedByID(ctx context.Context, request *shared.RespondActivityTaskFailedByIDRequest, opts ...yarpc.CallOption) error { 296 tokenHeader, err := w.getYarpcJWTHeader() 297 if err != nil { 298 return err 299 } 300 opts = append(opts, *tokenHeader) 301 err = w.service.RespondActivityTaskFailedByID(ctx, request, opts...) 302 return err 303 } 304 305 func (w *workflowServiceAuthWrapper) RespondDecisionTaskCompleted(ctx context.Context, request *shared.RespondDecisionTaskCompletedRequest, opts ...yarpc.CallOption) (*shared.RespondDecisionTaskCompletedResponse, error) { 306 tokenHeader, err := w.getYarpcJWTHeader() 307 if err != nil { 308 return nil, err 309 } 310 opts = append(opts, *tokenHeader) 311 response, err := w.service.RespondDecisionTaskCompleted(ctx, request, opts...) 312 return response, err 313 } 314 315 func (w *workflowServiceAuthWrapper) RespondDecisionTaskFailed(ctx context.Context, request *shared.RespondDecisionTaskFailedRequest, opts ...yarpc.CallOption) error { 316 tokenHeader, err := w.getYarpcJWTHeader() 317 if err != nil { 318 return err 319 } 320 opts = append(opts, *tokenHeader) 321 err = w.service.RespondDecisionTaskFailed(ctx, request, opts...) 322 return err 323 } 324 325 func (w *workflowServiceAuthWrapper) SignalWorkflowExecution(ctx context.Context, request *shared.SignalWorkflowExecutionRequest, opts ...yarpc.CallOption) error { 326 tokenHeader, err := w.getYarpcJWTHeader() 327 if err != nil { 328 return err 329 } 330 opts = append(opts, *tokenHeader) 331 err = w.service.SignalWorkflowExecution(ctx, request, opts...) 332 return err 333 } 334 335 func (w *workflowServiceAuthWrapper) SignalWithStartWorkflowExecution(ctx context.Context, request *shared.SignalWithStartWorkflowExecutionRequest, opts ...yarpc.CallOption) (*shared.StartWorkflowExecutionResponse, error) { 336 tokenHeader, err := w.getYarpcJWTHeader() 337 if err != nil { 338 return nil, err 339 } 340 opts = append(opts, *tokenHeader) 341 result, err := w.service.SignalWithStartWorkflowExecution(ctx, request, opts...) 342 return result, err 343 } 344 345 func (w *workflowServiceAuthWrapper) StartWorkflowExecution(ctx context.Context, request *shared.StartWorkflowExecutionRequest, opts ...yarpc.CallOption) (*shared.StartWorkflowExecutionResponse, error) { 346 tokenHeader, err := w.getYarpcJWTHeader() 347 if err != nil { 348 return nil, err 349 } 350 opts = append(opts, *tokenHeader) 351 result, err := w.service.StartWorkflowExecution(ctx, request, opts...) 352 return result, err 353 } 354 355 func (w *workflowServiceAuthWrapper) TerminateWorkflowExecution(ctx context.Context, request *shared.TerminateWorkflowExecutionRequest, opts ...yarpc.CallOption) error { 356 tokenHeader, err := w.getYarpcJWTHeader() 357 if err != nil { 358 return err 359 } 360 opts = append(opts, *tokenHeader) 361 err = w.service.TerminateWorkflowExecution(ctx, request, opts...) 362 return err 363 } 364 365 func (w *workflowServiceAuthWrapper) ResetWorkflowExecution(ctx context.Context, request *shared.ResetWorkflowExecutionRequest, opts ...yarpc.CallOption) (*shared.ResetWorkflowExecutionResponse, error) { 366 tokenHeader, err := w.getYarpcJWTHeader() 367 if err != nil { 368 return nil, err 369 } 370 opts = append(opts, *tokenHeader) 371 result, err := w.service.ResetWorkflowExecution(ctx, request, opts...) 372 return result, err 373 } 374 375 func (w *workflowServiceAuthWrapper) UpdateDomain(ctx context.Context, request *shared.UpdateDomainRequest, opts ...yarpc.CallOption) (*shared.UpdateDomainResponse, error) { 376 tokenHeader, err := w.getYarpcJWTHeader() 377 if err != nil { 378 return nil, err 379 } 380 opts = append(opts, *tokenHeader) 381 result, err := w.service.UpdateDomain(ctx, request, opts...) 382 return result, err 383 } 384 385 func (w *workflowServiceAuthWrapper) QueryWorkflow(ctx context.Context, request *shared.QueryWorkflowRequest, opts ...yarpc.CallOption) (*shared.QueryWorkflowResponse, error) { 386 tokenHeader, err := w.getYarpcJWTHeader() 387 if err != nil { 388 return nil, err 389 } 390 opts = append(opts, *tokenHeader) 391 result, err := w.service.QueryWorkflow(ctx, request, opts...) 392 return result, err 393 } 394 395 func (w *workflowServiceAuthWrapper) ResetStickyTaskList(ctx context.Context, request *shared.ResetStickyTaskListRequest, opts ...yarpc.CallOption) (*shared.ResetStickyTaskListResponse, error) { 396 tokenHeader, err := w.getYarpcJWTHeader() 397 if err != nil { 398 return nil, err 399 } 400 opts = append(opts, *tokenHeader) 401 result, err := w.service.ResetStickyTaskList(ctx, request, opts...) 402 return result, err 403 } 404 405 func (w *workflowServiceAuthWrapper) DescribeTaskList(ctx context.Context, request *shared.DescribeTaskListRequest, opts ...yarpc.CallOption) (*shared.DescribeTaskListResponse, error) { 406 tokenHeader, err := w.getYarpcJWTHeader() 407 if err != nil { 408 return nil, err 409 } 410 opts = append(opts, *tokenHeader) 411 result, err := w.service.DescribeTaskList(ctx, request, opts...) 412 return result, err 413 } 414 415 func (w *workflowServiceAuthWrapper) RespondQueryTaskCompleted(ctx context.Context, request *shared.RespondQueryTaskCompletedRequest, opts ...yarpc.CallOption) error { 416 tokenHeader, err := w.getYarpcJWTHeader() 417 if err != nil { 418 return err 419 } 420 opts = append(opts, *tokenHeader) 421 err = w.service.RespondQueryTaskCompleted(ctx, request, opts...) 422 return err 423 } 424 425 func (w *workflowServiceAuthWrapper) GetSearchAttributes(ctx context.Context, opts ...yarpc.CallOption) (*shared.GetSearchAttributesResponse, error) { 426 tokenHeader, err := w.getYarpcJWTHeader() 427 if err != nil { 428 return nil, err 429 } 430 opts = append(opts, *tokenHeader) 431 result, err := w.service.GetSearchAttributes(ctx, opts...) 432 return result, err 433 } 434 435 func (w *workflowServiceAuthWrapper) ListTaskListPartitions(ctx context.Context, request *shared.ListTaskListPartitionsRequest, opts ...yarpc.CallOption) (*shared.ListTaskListPartitionsResponse, error) { 436 tokenHeader, err := w.getYarpcJWTHeader() 437 if err != nil { 438 return nil, err 439 } 440 opts = append(opts, *tokenHeader) 441 result, err := w.service.ListTaskListPartitions(ctx, request, opts...) 442 return result, err 443 } 444 445 func (w *workflowServiceAuthWrapper) GetClusterInfo(ctx context.Context, opts ...yarpc.CallOption) (*shared.ClusterInfo, error) { 446 tokenHeader, err := w.getYarpcJWTHeader() 447 if err != nil { 448 return nil, err 449 } 450 opts = append(opts, *tokenHeader) 451 result, err := w.service.GetClusterInfo(ctx, opts...) 452 return result, err 453 } 454 455 func (w *workflowServiceAuthWrapper) GetTaskListsByDomain(ctx context.Context, request *shared.GetTaskListsByDomainRequest, opts ...yarpc.CallOption) (*shared.GetTaskListsByDomainResponse, error) { 456 tokenHeader, err := w.getYarpcJWTHeader() 457 if err != nil { 458 return nil, err 459 } 460 opts = append(opts, *tokenHeader) 461 result, err := w.service.GetTaskListsByDomain(ctx, request, opts...) 462 return result, err 463 } 464 465 func (w *workflowServiceAuthWrapper) RefreshWorkflowTasks(ctx context.Context, request *shared.RefreshWorkflowTasksRequest, opts ...yarpc.CallOption) error { 466 tokenHeader, err := w.getYarpcJWTHeader() 467 if err != nil { 468 return err 469 } 470 opts = append(opts, *tokenHeader) 471 err = w.service.RefreshWorkflowTasks(ctx, request, opts...) 472 return err 473 } 474 475 func (w *workflowServiceAuthWrapper) RestartWorkflowExecution(ctx context.Context, request *shared.RestartWorkflowExecutionRequest, opts ...yarpc.CallOption) (*shared.RestartWorkflowExecutionResponse, error) { 476 tokenHeader, err := w.getYarpcJWTHeader() 477 if err != nil { 478 return nil, err 479 } 480 opts = append(opts, *tokenHeader) 481 return w.service.RestartWorkflowExecution(ctx, request, opts...) 482 }