SMQ-2568 - Check Domain enabled / disabled status during Authn or Aut…

…hz (absmach#2586) Signed-off-by: Felix Gateru <[email protected]> Signed-off-by: Arvindh <[email protected]> Co-authored-by: Arvindh <[email protected]>
ianmuchyri · Dec 24, 2024 · 8e552d0 · 8e552d0
1 parent 4f73a52
commit 8e552d0
Show file tree

Hide file tree

Showing 50 changed files with 1,344 additions and 305 deletions.
diff --git a/api/grpc/domains/v1/domains.pb.go b/api/grpc/domains/v1/domains.pb.go
diff --git a/api/grpc/domains/v1/domains_grpc.pb.go b/api/grpc/domains/v1/domains_grpc.pb.go
diff --git a/channels/middleware/authorization.go b/channels/middleware/authorization.go
@@ -81,7 +81,6 @@ func AuthorizationMiddleware(svc channels.Service, repo channels.Repository, aut
 }
 
 func (am *authorizationMiddleware) CreateChannels(ctx context.Context, session authn.Session, chs ...channels.Channel) ([]channels.Channel, error) {
-	// If domain is disabled , then this authorization will fail for all non-admin domain users
 	if err := am.extAuthorize(ctx, channels.DomainOpCreateChannel, authz.PolicyReq{
 		Domain:      session.DomainID,
 		SubjectType: policies.UserType,

diff --git a/cmd/bootstrap/main.go b/cmd/bootstrap/main.go
@@ -25,6 +25,7 @@ import (
 	authsvcAuthn "github.com/absmach/supermq/pkg/authn/authsvc"
 	smqauthz "github.com/absmach/supermq/pkg/authz"
 	authsvcAuthz "github.com/absmach/supermq/pkg/authz/authsvc"
+	domainsAuthz "github.com/absmach/supermq/pkg/domains/grpcclient"
 	"github.com/absmach/supermq/pkg/events"
 	"github.com/absmach/supermq/pkg/events/store"
 	"github.com/absmach/supermq/pkg/grpcclient"
@@ -48,12 +49,13 @@ import (
 )
 
 const (
-	svcName        = "bootstrap"
-	envPrefixDB    = "SMQ_BOOTSTRAP_DB_"
-	envPrefixHTTP  = "SMQ_BOOTSTRAP_HTTP_"
-	envPrefixAuth  = "SMQ_AUTH_GRPC_"
-	defDB          = "bootstrap"
-	defSvcHTTPPort = "9013"
+	svcName          = "bootstrap"
+	envPrefixDB      = "SMQ_BOOTSTRAP_DB_"
+	envPrefixHTTP    = "SMQ_BOOTSTRAP_HTTP_"
+	envPrefixAuth    = "SMQ_AUTH_GRPC_"
+	envPrefixDomains = "SMQ_DOMAINS_GRPC_"
+	defDB            = "bootstrap"
+	defSvcHTTPPort   = "9013"
 
 	stream   = "events.supermq.clients"
 	streamID = "supermq.bootstrap"
@@ -148,7 +150,21 @@ func main() {
 	logger.Info("AuthN successfully connected to auth gRPC server " + authnClient.Secure())
 	defer authnClient.Close()
 
-	authz, authzClient, err := authsvcAuthz.NewAuthorization(ctx, grpcCfg)
+	domsGrpcCfg := grpcclient.Config{}
+	if err := env.ParseWithOptions(&domsGrpcCfg, env.Options{Prefix: envPrefixDomains}); err != nil {
+		logger.Error(fmt.Sprintf("failed to load domains gRPC client configuration : %s", err))
+		exitCode = 1
+		return
+	}
+	domainsAuthz, _, domainsHandler, err := domainsAuthz.NewAuthorization(ctx, domsGrpcCfg)
+	if err != nil {
+		logger.Error(err.Error())
+		exitCode = 1
+		return
+	}
+	defer domainsHandler.Close()
+
+	authz, authzClient, err := authsvcAuthz.NewAuthorization(ctx, grpcCfg, domainsAuthz)
 	if err != nil {
 		logger.Error(err.Error())
 		exitCode = 1

diff --git a/cmd/channels/main.go b/cmd/channels/main.go
@@ -29,6 +29,7 @@ import (
 	authsvcAuthn "github.com/absmach/supermq/pkg/authn/authsvc"
 	smqauthz "github.com/absmach/supermq/pkg/authz"
 	authsvcAuthz "github.com/absmach/supermq/pkg/authz/authsvc"
+	domainsAuthz "github.com/absmach/supermq/pkg/domains/grpcclient"
 	"github.com/absmach/supermq/pkg/grpcclient"
 	jaegerclient "github.com/absmach/supermq/pkg/jaeger"
 	"github.com/absmach/supermq/pkg/policies"
@@ -61,6 +62,7 @@ const (
 	envPrefixAuth    = "SMQ_AUTH_GRPC_"
 	envPrefixClients = "SMQ_CLIENTS_AUTH_GRPC_"
 	envPrefixGroups  = "SMQ_GROUPS_GRPC_"
+	envPrefixDomains = "SMQ_DOMAINS_GRPC_"
 	defDB            = "channels"
 	defSvcHTTPPort   = "9005"
 	defSvcGRPCPort   = "7005"
@@ -162,7 +164,21 @@ func main() {
 	defer authnClient.Close()
 	logger.Info("AuthN  successfully connected to auth gRPC server " + authnClient.Secure())
 
-	authz, authzClient, err := authsvcAuthz.NewAuthorization(ctx, grpcCfg)
+	domsGrpcCfg := grpcclient.Config{}
+	if err := env.ParseWithOptions(&domsGrpcCfg, env.Options{Prefix: envPrefixDomains}); err != nil {
+		logger.Error(fmt.Sprintf("failed to load domains gRPC client configuration : %s", err))
+		exitCode = 1
+		return
+	}
+	domAuthz, _, domainsHandler, err := domainsAuthz.NewAuthorization(ctx, domsGrpcCfg)
+	if err != nil {
+		logger.Error(err.Error())
+		exitCode = 1
+		return
+	}
+	defer domainsHandler.Close()
+
+	authz, authzClient, err := authsvcAuthz.NewAuthorization(ctx, grpcCfg, domAuthz)
 	if err != nil {
 		logger.Error(err.Error())
 		exitCode = 1

diff --git a/cmd/clients/main.go b/cmd/clients/main.go
@@ -32,6 +32,7 @@ import (
 	authsvcAuthn "github.com/absmach/supermq/pkg/authn/authsvc"
 	smqauthz "github.com/absmach/supermq/pkg/authz"
 	authsvcAuthz "github.com/absmach/supermq/pkg/authz/authsvc"
+	domainsAuthz "github.com/absmach/supermq/pkg/domains/grpcclient"
 	"github.com/absmach/supermq/pkg/grpcclient"
 	jaegerclient "github.com/absmach/supermq/pkg/jaeger"
 	"github.com/absmach/supermq/pkg/policies"
@@ -65,6 +66,7 @@ const (
 	envPrefixAuth      = "SMQ_AUTH_GRPC_"
 	envPrefixChannels  = "SMQ_CHANNELS_GRPC_"
 	envPrefixGroups    = "SMQ_GROUPS_GRPC_"
+	envPrefixDomains   = "SMQ_DOMAINS_GRPC_"
 	defDB              = "clients"
 	defSvcHTTPPort     = "9000"
 	defSvcAuthGRPCPort = "7000"
@@ -179,7 +181,21 @@ func main() {
 	defer authnClient.Close()
 	logger.Info("AuthN  successfully connected to auth gRPC server " + authnClient.Secure())
 
-	authz, authzClient, err := authsvcAuthz.NewAuthorization(ctx, grpcCfg)
+	domsGrpcCfg := grpcclient.Config{}
+	if err := env.ParseWithOptions(&domsGrpcCfg, env.Options{Prefix: envPrefixDomains}); err != nil {
+		logger.Error(fmt.Sprintf("failed to load domains gRPC client configuration : %s", err))
+		exitCode = 1
+		return
+	}
+	domAuthz, _, domainsHandler, err := domainsAuthz.NewAuthorization(ctx, domsGrpcCfg)
+	if err != nil {
+		logger.Error(err.Error())
+		exitCode = 1
+		return
+	}
+	defer domainsHandler.Close()
+
+	authz, authzClient, err := authsvcAuthz.NewAuthorization(ctx, grpcCfg, domAuthz)
 	if err != nil {
 		logger.Error(err.Error())
 		exitCode = 1