Commit 5a9aeb47 authored by Anthony Lichnewsky's avatar Anthony Lichnewsky
Browse files

minimal set of changes to remove segfault in GCE / GCS (direct or via SD )...

minimal set of changes to remove segfault in GCE / GCS (direct or via SD ) segfaults, missing Bearer scheme on service calls Authorization headers
parent 997b1672
Pipeline #41399 passed with stages
in 13 minutes and 57 seconds
......@@ -103,7 +103,8 @@ namespace seismicdrive {
if (!_sd_auth_provider.get()) {
throw SDException(sdmex::sdmanager::AuthProviderUndefined());
}
return _sd_auth_provider->getAuthToken();
HTTPRequest request;
return _sd_auth_provider->getAuthToken(&request);
}
std::string getSDUrl() const {
......
......@@ -35,8 +35,12 @@ AuthProvider::AuthProvider(const std::string &sdurl, const std::string &sdapikey
std::string AuthProvider::getGcsAuthTokenImpl(const std::string &sd_suproject_resource,
bool readonly,
GcsAuthProvider &gcs_auth) {
// this Authorization callback needs to return a valid Authorization header. not just the token
auto acb = [this]() -> std::string {
return getAuthToken();
HTTPRequest request;
auto t = getAuthToken( &request );
return t.rfind("Bearer ", 0) == t.npos ? "Bearer " + t : t;
};
gcs_auth.setLogStatus(log.isEnabled());
return gcs_auth.getToken(sdurl, sdapikey, acb, sd_suproject_resource, readonly);
......
......@@ -37,7 +37,7 @@ class AuthProvider
virtual ~AuthProvider() {}
// Returns the short-term authentication bearer token.
virtual std::string getAuthToken(HTTPRequest *request = nullptr) = 0;
virtual std::string getAuthToken(HTTPRequest *request ) = 0;
// Returns the short-term gcs authentication token;
virtual std::string getGcsAuthTokenImpl(const std::string &sd_suproject_resource,
......
......@@ -33,7 +33,7 @@ namespace seismicdrive {
public:
DirectAuthProvider(const std::string& sdurl, const std::string& sdapikey, const std::string& token);
std::string getAuthToken(HTTPRequest *request = nullptr) override;
std::string getAuthToken(HTTPRequest *request) override;
void refreshAuthToken(const std::string &token) override;
};
......
......@@ -110,7 +110,7 @@ namespace seismicdrive {
static bool isRunningInGCE = false;
if (!isRunningInGCE) {
isRunningInGCE = checkForGCEInstance();
isRunningInGCE = checkForGCEInstance(request);
}
if (isRunningInGCE) {
getTokenFromGce(request);
......@@ -126,7 +126,8 @@ namespace seismicdrive {
std::string GoogleAuthProvider::getGcsAuthTokenImpl(const std::string &/*sd_suproject_resource*/,
bool /*readonly*/,
GcsAuthProvider &/*gcs_auth*/) {
return getAuthToken();
HTTPRequest request;
return getAuthToken( &request );
}
void GoogleAuthProvider::getTokenFromGce(HTTPRequest *request) {
......
......@@ -49,7 +49,7 @@ namespace seismicdrive {
public:
GoogleAuthProvider() {}
std::string getAuthToken(HTTPRequest *request = nullptr) override;
std::string getAuthToken(HTTPRequest *request) override;
std::string getGcsAuthTokenImpl(const std::string &sd_suproject_resource,
bool readonly,
......
......@@ -42,7 +42,7 @@ namespace seismicdrive {
const std::string &sdapikey,
const std::string &imp_token);
std::string getAuthToken(HTTPRequest *request = nullptr) override;
std::string getAuthToken(HTTPRequest *request) override;
void refreshAuthToken(const std::string &token) override;
};
......
......@@ -118,6 +118,20 @@ public:
_headers[sdutils::toLower(key)] = value;
}
/**
* @details use an user-provided function to produce a valid HTTP Authorization header
* so for an HTTP request requiring a basic scheme ( https://datatracker.ietf.org/doc/html/rfc7617 )
* it need to return "Basic token_value"
*
* for an HTTP request requiring an OAuth2 bearer token ( https://datatracker.ietf.org/doc/html/rfc6750 )
* it needs to return "Bearer token_value"
*
* ditto for a Digest, AWS4-HMAC-SHA256 or whatever other authentication framework.
*
* @param callback
*
* @todo : describe failure modes. ( this issues an authentication call and returns the value of an authorization header)
*/
void set_auth_callback( std::function<std::string()> callback ){
_auth_callback = callback;
}
......
......@@ -29,7 +29,8 @@ using namespace seismicdrive;
void test_auth_provider(AuthProvider *auth, const std::string &resource, bool readonly) {
std::cout << line(50);
auto token = auth->getAuthToken();
HTTPRequest request;
auto token = auth->getAuthToken(&request);
std::cout << "Auth Token: ";
std::cout << token << '\n';
std::cout << "Gcs Token: ";
......
......@@ -52,7 +52,8 @@ TEST(DirectAuthProviderTest, direct_auth_provider) {
delete auth5;
// Test Auth Token
ASSERT_EQ(auth->getAuthToken(), test_token);
HTTPRequest request;
ASSERT_EQ(auth->getAuthToken(&request), test_token);
// Test GCS token
GcsAuthProviderMock gcs;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment