-
Notifications
You must be signed in to change notification settings - Fork 71
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: basic and no authentication integrated
- Loading branch information
1 parent
17c90f7
commit 1363d55
Showing
25 changed files
with
554 additions
and
301 deletions.
There are no files selected for viewing
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
""" | ||
Copyright (c) 2024 Aiven Ltd | ||
See LICENSE for details | ||
""" | ||
|
||
from fastapi import Depends, HTTPException, Security, status | ||
from fastapi.security import HTTPBasic, HTTPBasicCredentials | ||
from fastapi.security.base import SecurityBase | ||
from karapace.auth.auth import AuthenticationError, AuthenticatorAndAuthorizer, HTTPAuthorizer, NoAuthAndAuthz, User | ||
from karapace.dependencies.config_dependency import ConfigDependencyManager | ||
from typing import Annotated, Optional | ||
|
||
import logging | ||
|
||
LOG = logging.getLogger(__name__) | ||
|
||
|
||
class AuthorizationDependencyManager: | ||
AUTHORIZER: AuthenticatorAndAuthorizer | None = None | ||
AUTH_SET: bool = False | ||
SECURITY: SecurityBase | None = None | ||
|
||
@classmethod | ||
def get_authorizer(cls) -> AuthenticatorAndAuthorizer: | ||
if AuthorizationDependencyManager.AUTH_SET: | ||
assert AuthorizationDependencyManager.AUTHORIZER | ||
return AuthorizationDependencyManager.AUTHORIZER | ||
|
||
config = ConfigDependencyManager.get_config() | ||
if config.registry_authfile: | ||
AuthorizationDependencyManager.AUTHORIZER = HTTPAuthorizer(config.registry_authfile) | ||
else: | ||
# TODO: remove the need for empty authorization logic. | ||
AuthorizationDependencyManager.AUTHORIZER = NoAuthAndAuthz() | ||
AuthorizationDependencyManager.AUTH_SET = True | ||
return AuthorizationDependencyManager.AUTHORIZER | ||
|
||
|
||
AuthenticatorAndAuthorizerDep = Annotated[AuthenticatorAndAuthorizer, Depends(AuthorizationDependencyManager.get_authorizer)] | ||
|
||
# TODO Karapace can have authentication/authorization enabled or disabled. This code needs cleanup and better | ||
# injection mechanism, this is fast workaround for optional user authentication and authorization. | ||
SECURITY: SecurityBase | None = None | ||
config = ConfigDependencyManager.get_config() | ||
if config.registry_authfile: | ||
SECURITY = HTTPBasic(auto_error=False) | ||
|
||
def get_current_user( | ||
credentials: Annotated[Optional[HTTPBasicCredentials], Security(SECURITY)], | ||
authorizer: AuthenticatorAndAuthorizerDep, | ||
) -> User: | ||
if authorizer and not credentials: | ||
raise HTTPException( | ||
status_code=status.HTTP_401_UNAUTHORIZED, | ||
detail={"message": "Unauthorized"}, | ||
headers={"WWW-Authenticate": 'Basic realm="Karapace Schema Registry"'}, | ||
) | ||
assert authorizer is not None | ||
assert credentials is not None | ||
username: str = credentials.username | ||
password: str = credentials.password | ||
try: | ||
return authorizer.authenticate(username=username, password=password) | ||
except AuthenticationError: | ||
raise HTTPException( | ||
status_code=status.HTTP_401_UNAUTHORIZED, | ||
detail={"message": "Unauthorized"}, | ||
headers={"WWW-Authenticate": 'Basic realm="Karapace Schema Registry"'}, | ||
) | ||
|
||
else: | ||
|
||
def get_current_user() -> None: | ||
return None | ||
|
||
|
||
CurrentUserDep = Annotated[Optional[User], Depends(get_current_user)] |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
""" | ||
Copyright (c) 2024 Aiven Ltd | ||
See LICENSE for details | ||
""" | ||
|
||
from fastapi import Depends | ||
from karapace.config import Config | ||
from typing import Annotated | ||
|
||
import os | ||
|
||
env_file = os.environ.get("KARAPACE_DOTENV", None) | ||
|
||
|
||
class ConfigDependencyManager: | ||
CONFIG = Config(_env_file=env_file, _env_file_encoding="utf-8") | ||
|
||
@classmethod | ||
def get_config(cls) -> Config: | ||
return ConfigDependencyManager.CONFIG | ||
|
||
|
||
ConfigDep = Annotated[Config, Depends(ConfigDependencyManager.get_config)] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
""" | ||
Copyright (c) 2024 Aiven Ltd | ||
See LICENSE for details | ||
""" | ||
|
||
|
||
from fastapi import Depends | ||
from karapace.dependencies.config_dependency import ConfigDep | ||
from karapace.dependencies.schema_registry_dependency import SchemaRegistryDep | ||
from karapace.dependencies.stats_dependeny import StatsDep | ||
from karapace.schema_registry_apis import KarapaceSchemaRegistryController | ||
from typing import Annotated | ||
|
||
|
||
async def get_controller( | ||
config: ConfigDep, | ||
stats: StatsDep, | ||
schema_registry: SchemaRegistryDep, | ||
) -> KarapaceSchemaRegistryController: | ||
return KarapaceSchemaRegistryController(config=config, schema_registry=schema_registry, stats=stats) | ||
|
||
|
||
KarapaceSchemaRegistryControllerDep = Annotated[KarapaceSchemaRegistryController, Depends(get_controller)] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
""" | ||
Copyright (c) 2024 Aiven Ltd | ||
See LICENSE for details | ||
""" | ||
|
||
from fastapi import Depends | ||
from karapace.forward_client import ForwardClient | ||
from typing import Annotated | ||
|
||
FORWARD_CLIENT: ForwardClient | None = None | ||
|
||
|
||
def get_forward_client() -> ForwardClient: | ||
global FORWARD_CLIENT | ||
if not FORWARD_CLIENT: | ||
FORWARD_CLIENT = ForwardClient() | ||
return FORWARD_CLIENT | ||
|
||
|
||
ForwardClientDep = Annotated[ForwardClient, Depends(get_forward_client)] |
Oops, something went wrong.