minor changes

kube-tarian · Aug 19, 2023 · 214b9a6 · 214b9a6
1 parent 362d112
commit 214b9a6
Show file tree

Hide file tree

Showing 5 changed files with 121 additions and 33 deletions.
diff --git a/server/cmd/server/main.go b/server/cmd/server/main.go
@@ -58,12 +58,18 @@ func main() {
 	if err != nil {
 		log.Fatal("APIHandler initialization failed", err)
 	}
-
-	err = iamclient.RegisterWithIam(log)
+	IC, err := iamclient.NewClient(oryclient, log)
+	if err != nil {
+		log.Fatal("Error occured while created IAM client", err)
+	}
+	err = IC.RegisterWithIam()
 	if err != nil {
 		log.Fatal("Registering capten server as oauth client through IAM failed", err)
 	}
-
+	err = IC.RegisterRolesActions()
+	if err != nil {
+		log.Fatal("Registering Roles and Actions in IAM failed", err)
+	}
 	rpcServer, err := rpcapi.NewServer(log, serverStore, oryclient)
 	if err != nil {
 		log.Fatal("grpc server initialization failed", err)

diff --git a/server/go.mod b/server/go.mod
@@ -9,15 +9,15 @@ require (
 	github.com/gocql/gocql v1.3.1
 	github.com/golang/protobuf v1.5.3
 	github.com/google/uuid v1.3.0
-	github.com/intelops/go-common v1.0.15
+	github.com/intelops/go-common v1.0.17
 	github.com/kelseyhightower/envconfig v1.4.0
 	github.com/kube-tarian/kad/agent v0.0.0-20221228201013-ed4f78e4b887
-	github.com/ory/client-go v1.1.41
+	github.com/ory/client-go v1.1.49
 	github.com/pkg/errors v0.9.1
 	github.com/stargate/stargate-grpc-go-client v0.0.0-20220822130422-9a1c6261d4fa
 	github.com/stretchr/testify v1.8.2
-	golang.org/x/oauth2 v0.10.0
-	google.golang.org/grpc v1.55.0
+	golang.org/x/oauth2 v0.11.0
+	google.golang.org/grpc v1.57.0
 	google.golang.org/protobuf v1.31.0
 )
 
@@ -67,13 +67,13 @@ require (
 	github.com/sirupsen/logrus v1.9.0 // indirect
 	github.com/ugorji/go/codec v1.2.7 // indirect
 	go.opencensus.io v0.24.0 // indirect
-	golang.org/x/crypto v0.11.0 // indirect
-	golang.org/x/net v0.12.0 // indirect
-	golang.org/x/sys v0.10.0 // indirect
-	golang.org/x/text v0.11.0 // indirect
+	golang.org/x/crypto v0.12.0 // indirect
+	golang.org/x/net v0.14.0 // indirect
+	golang.org/x/sys v0.11.0 // indirect
+	golang.org/x/text v0.12.0 // indirect
 	golang.org/x/time v0.1.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect

diff --git a/server/go.sum b/server/go.sum
@@ -131,8 +131,8 @@ github.com/hashicorp/vault/api v1.9.2 h1:YjkZLJ7K3inKgMZ0wzCU9OHqc+UqMQyXsPXnf3C
 github.com/hashicorp/vault/api v1.9.2/go.mod h1:jo5Y/ET+hNyz+JnKDt8XLAdKs+AM0G5W0Vp1IrFI8N8=
 github.com/hashicorp/vault/api/auth/kubernetes v0.4.1 h1:amFWL1ZhwMWdmqvT51J9phXu835kY25wFfTrY/3yXd0=
 github.com/hashicorp/vault/api/auth/kubernetes v0.4.1/go.mod h1:ikWDT8Adnfvm+8DzKez50vvLD9GWD/unZfJxeqP09sU=
-github.com/intelops/go-common v1.0.15 h1:w5arGiN4bUxYNOK+Bhk3nUGgRy2mzrzyqMQSZHTLg5g=
-github.com/intelops/go-common v1.0.15/go.mod h1:MtFNUbf8Br2pyCB4cOOGXnLcODJm6oBgmpnWpnFUD4g=
+github.com/intelops/go-common v1.0.17 h1:eGMN915D+s0IxQr2P5Zi6cOoFSIlER8uMsPt6zLwBK8=
+github.com/intelops/go-common v1.0.17/go.mod h1:GDDr2xP2uqtjMgATC4BLDt29kC7W9R3EW+8Du2LlNt8=
 github.com/invopop/yaml v0.1.0 h1:YW3WGUoJEXYfzWBjn00zIlrw7brGVD0fUKRYDPAPhrc=
 github.com/invopop/yaml v0.1.0/go.mod h1:2XuRLgs/ouIrW3XNzuNj7J3Nvu/Dig5MXvbCEdiBN3Q=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
@@ -192,8 +192,8 @@ github.com/morikuni/aec v0.0.0-20170113033406-39771216ff4c h1:nXxl5PrvVm2L/wCy8d
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/image-spec v1.0.1 h1:JMemWkRwHx4Zj+fVxWoMCFm/8sYGGrUVojFA6h/TRcI=
 github.com/opencontainers/runc v1.0.0-rc95 h1:RMuWVfY3E1ILlVsC3RhIq38n4sJtlOFwU9gfFZSqrd0=
-github.com/ory/client-go v1.1.41 h1:dMt3jHpYeSVaNDrgfDrhYZuUYcfz9qry/G42zalsrTo=
-github.com/ory/client-go v1.1.41/go.mod h1:g5jXHLTrOo8479mSmgPbA9/QWnEgQ2K8pgsaOwhidRs=
+github.com/ory/client-go v1.1.49 h1:cHeiCxbtFOY+o/nQMpTlWLa6DFdTPfmrqyqcau/c+S4=
+github.com/ory/client-go v1.1.49/go.mod h1:txO25o+LB3I03DNgHV679Jnpx19/AYKIb2CY+GHQJGw=
 github.com/pelletier/go-toml/v2 v2.0.6 h1:nrzqCb7j9cDFj2coyLNLaZuJTLjWjlaz6nvTvIwycIU=
 github.com/pelletier/go-toml/v2 v2.0.6/go.mod h1:eumQOmlWiOPt5WriQQqoM5y18pDHwha2N+QD+EUNTek=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
@@ -242,8 +242,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
-golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA=
-golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio=
+golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk=
+golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
@@ -262,11 +262,11 @@ golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50=
-golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
+golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14=
+golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.10.0 h1:zHCpF2Khkwy4mMB4bv0U37YtJdTGW8jI0glAApi0Kh8=
-golang.org/x/oauth2 v0.10.0/go.mod h1:kTpgurOux7LqtuxjuyZa4Gj2gdezIt/jQtGnNFfypQI=
+golang.org/x/oauth2 v0.11.0 h1:vPL4xzxBM4niKCW6g9whtaWVXTJf1U5e4aZxxFx/gbU=
+golang.org/x/oauth2 v0.11.0/go.mod h1:LdF7O/8bLR/qWK9DrpXmbHLTouvRHK0SgJl0GmDBchk=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -290,8 +290,8 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA=
-golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM=
+golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
@@ -301,8 +301,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4=
-golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc=
+golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.1.0 h1:xYY+Bajn2a7VBmTM5GikTmnK8ZuX8YgnQCqZpbBNtmA=
 golang.org/x/time v0.1.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -322,15 +322,15 @@ google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCID
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4 h1:DdoeryqhaXp1LtT/emMP1BRJPHHKFi5akj/nbx/zNTA=
-google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4/go.mod h1:NWraEVixdDnqcqQ30jipen1STv2r/n24Wb7twVTGR4s=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19 h1:0nDDozoAU19Qb2HwhXadU8OcsiO/09cnTqhUtq2MEOM=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.55.0 h1:3Oj82/tFSCeUrRTg/5E/7d/W5A1tj6Ky1ABAuZuv5ag=
-google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8=
+google.golang.org/grpc v1.57.0 h1:kfzNeI/klCGD2YPMUlaGNT3pxvYfga7smW3Vth8Zsiw=
+google.golang.org/grpc v1.57.0/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=

diff --git a/server/pkg/iam-client/client.go b/server/pkg/iam-client/client.go
@@ -3,19 +3,48 @@ package iamclient
 import (
 	"context"
 
+	cm "github.com/intelops/go-common/iam"
 	"github.com/intelops/go-common/logging"
 	"github.com/kelseyhightower/envconfig"
 	"github.com/kube-tarian/kad/server/pkg/credential"
+	oryclient "github.com/kube-tarian/kad/server/pkg/ory-client"
 	iampb "github.com/kube-tarian/kad/server/pkg/pb/iampb"
+	"github.com/pkg/errors"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials/insecure"
+	"google.golang.org/grpc/metadata"
 )
 
 type Config struct {
 	IamURL string `envconfig:"IAM_URL" required:"true"`
 }
+type Client struct {
+	oryClient oryclient.OryClient
+	log       logging.Logger
+	oryURL    string
+	oryPAT    string
+}
 
-func RegisterWithIam(log logging.Logger) error {
+func NewClient(ory oryclient.OryClient, log logging.Logger) (*Client, error) {
+	cfg, err := ory.GetOryEnv()
+	if err != nil {
+		return nil, err
+	}
+	serviceCredential, err := credential.GetServiceUserCredential(context.Background(),
+		cfg.OryEntityName, cfg.CredentialIdentifier)
+	if err != nil {
+		return nil, err
+	}
+	oryPAT := serviceCredential.AdditionalData["ORY_PAT"]
+	oryURL := serviceCredential.AdditionalData["ORY_URL"]
+	return &Client{
+		oryClient: ory,
+		log:       log,
+		oryURL:    oryURL,
+		oryPAT:    oryPAT,
+	}, nil
+}
+func (c *Client) RegisterWithIam() error {
 	cfg, err := getIamEnv()
 	if err != nil {
 		return err
@@ -27,7 +56,7 @@ func RegisterWithIam(log logging.Logger) error {
 		return err
 	}
 	iamclient := iampb.NewOauthServiceClient(conn)
-	log.Info("Registering capten as client in ory through...")
+	c.log.Info("Registering capten as client in ory through...")
 	oauthClientReq := &iampb.CreateClientCredentialsClientRequest{
 		ClientName: "CaptenServer",
 	}
@@ -49,3 +78,48 @@ func getIamEnv() (*Config, error) {
 	}
 	return cfg, nil
 }
+
+// at the line cm.WithIamYamlPath("provide the yaml location here"),
+// the roles and actions should be added to ConfigMap
+// the the location should be provided
+func (c *Client) RegisterRolesActions() error {
+	cfg, err := getIamEnv()
+	if err != nil {
+		return err
+	}
+
+	iamURL := cfg.IamURL
+	grpcOpts := []grpc.DialOption{
+		grpc.WithTransportCredentials(insecure.NewCredentials()),
+	}
+	// Create an instance of IamConn with desired options
+	// the order of calling the options should be same as given in example
+	iamConn := cm.NewIamConn(
+		cm.WithGrpcDialOption(grpcOpts...),
+		cm.WithIamAddress(iamURL),
+		// TODO: here need to add the roles and actions yaml location
+		cm.WithIamYamlPath("provide the yaml location here"),
+	)
+	ctx := context.Background()
+	tkn, err := c.oryClient.GetCaptenServiceRegOauthToken()
+	if err != nil {
+		err = errors.WithMessage(err, "error getting capten service reg oauth token")
+		return err
+	}
+	if tkn == nil {
+		return errors.New("capten service reg oauth token is nil")
+	}
+	md := metadata.Pairs(
+		"oauth_token", *tkn,
+		"ory_url", c.oryURL,
+		"ory_pat", c.oryPAT,
+	)
+	newCtx := metadata.NewOutgoingContext(ctx, md)
+	// Update action roles
+	err = iamConn.UpdateActionRoles(newCtx)
+	if err != nil {
+		c.log.Errorf("Failed to update action roles: %v", err)
+		return err
+	}
+	return nil
+}
diff --git a/server/pkg/ory-client/client.go b/server/pkg/ory-client/client.go
@@ -51,6 +51,8 @@ type OryClient interface {
 	GetSessionTokenFromContext(ctx context.Context) (string, error)
 	Authorize(ctx context.Context, accessToken string) (context.Context, error)
 	UnaryInterceptor(ctx context.Context, method string, req, reply interface{}, cc *grpc.ClientConn, invoker grpc.UnaryInvoker, opts ...grpc.CallOption) error
+	GetCaptenServiceRegOauthToken() (*string, error)
+	GetOryEnv() (*Config, error)
 }
 
 // NewOryClient returns a OryClient interface
@@ -75,14 +77,20 @@ func NewOryClient(log logging.Logger) (OryClient, error) {
 	}, nil
 }
 
+func (c *Client) GetOryEnv() (*Config, error) {
+	cfg := &Config{}
+	if err := envconfig.Process("", cfg); err != nil {
+		return nil, err
+	}
+	return cfg, nil
+}
 func getOryEnv() (*Config, error) {
 	cfg := &Config{}
 	if err := envconfig.Process("", cfg); err != nil {
 		return nil, err
 	}
 	return cfg, nil
 }
-
 func getTokenEnv() (*TokenConfig, error) {
 	cfg := &TokenConfig{}
 	if err := envconfig.Process("", cfg); err != nil {