Skip to content

refactor: flexible Authorization header type of HTTP request#3190

Merged
rina23q merged 3 commits intothin-edge:mainfrom
rina23q:refactor/3036/jwt_retriever_returns_header_value
Oct 21, 2024
Merged

refactor: flexible Authorization header type of HTTP request#3190
rina23q merged 3 commits intothin-edge:mainfrom
rina23q:refactor/3036/jwt_retriever_returns_header_value

Conversation

@rina23q
Copy link
Copy Markdown
Member

@rina23q rina23q commented Oct 16, 2024
edited
Loading

Proposed changes

Pure refactoring PR to make a progress of #3036 easier.

  • Now C8YJwtRetriever returns HeaderMap, previously it was just JWT token (String).
  • Deprecate Auth enum in downloader so that downloader can accept any headers easily
  • Remove unused functions in 897c102

Why this refactoring is needed?
#3036 needs to introduce Basic authentication instead of JWT token authentication. However, the current implementation, especially HTTP APIs, are designed to use Authorization header together with JWT token. Since the JWT actor is actually a server trait, for basic authentication, we can just implement a server trait.

Question:
The JWT token inplementation in c8y_remote_access_plugin seems duplicated to C8YJwtRetriever implementation...

Types of changes

  • Bugfix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Improvement (general improvements like code refactoring that doesn't explicitly fix a bug or add any new functionality)
  • Documentation Update (if none of the other choices apply)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

Paste Link to the issue

#3036

Checklist

  • I have read the CONTRIBUTING doc
  • I have signed the CLA (in all commits with git commit -s)
  • I ran cargo fmt as mentioned in CODING_GUIDELINES
  • I used cargo clippy as mentioned in CODING_GUIDELINES
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate)

Further comments

@rina23q rina23q temporarily deployed to Test Pull Request October 16, 2024 17:49 — with GitHub Actions Inactive
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Oct 16, 2024
edited
Loading

Robot Results

✅ Passed ❌ Failed ⏭️ Skipped Total Pass % ⏱️ Duration
508 0 2 508 100 1h27m40.911290999s

@rina23q rina23q force-pushed the refactor/3036/jwt_retriever_returns_header_value branch from 95d782a to 02a3a44 Compare October 16, 2024 18:32
@rina23q rina23q temporarily deployed to Test Pull Request October 16, 2024 18:32 — with GitHub Actions Inactive
@codecov
Copy link
Copy Markdown

codecov bot commented Oct 16, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 69.37500% with 49 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
...rates/extensions/c8y_http_proxy/src/credentials.rs 6.06% 30 Missing and 1 partial ⚠️
crates/extensions/c8y_http_proxy/src/actor.rs 58.82% 3 Missing and 4 partials ⚠️
crates/extensions/c8y_http_proxy/src/tests.rs 89.74% 0 Missing and 4 partials ⚠️
crates/extensions/c8y_auth_proxy/src/tokens.rs 50.00% 0 Missing and 3 partials ⚠️
crates/extensions/c8y_auth_proxy/src/actor.rs 0.00% 2 Missing ⚠️
...rates/extensions/c8y_firmware_manager/src/tests.rs 88.88% 0 Missing and 1 partial ⚠️
...ates/extensions/c8y_firmware_manager/src/worker.rs 80.00% 0 Missing and 1 partial ⚠️
Additional details and impacted files

📢 Thoughts on this report? Let us know!

@reubenmiller
Copy link
Copy Markdown
Contributor

reubenmiller commented Oct 17, 2024
edited
Loading

@rina23q @didier-wenzek @albinsuresh Wouldn't it make more sense to have a generic "Add N Headers"...that way we could write providers to inject any required headers and not assume it was just be the "Authorization" header?

didier-wenzek
didier-wenzek reviewed Oct 17, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@didier-wenzek didier-wenzek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Question:
The JWT token implementation in c8y_remote_access_plugin seems duplicated to C8YJwtRetriever implementation...

This is not a duplicate, just a difference on the API level which is used. The c8y_remote_access_plugin directly invokes C8yMqttJwtTokenRetriever::get_jwt_token() instead as wrapping this call behind an actor as done by C8YJwtRetriever.

=> The implication for that refactoring PR is that the difference between the misc auth method has to be addressed in the c8y_api with a facade over the ``C8yMqttJwtTokenRetrieverand aBasicAuthRetriver`. Both returning an authentication header ready to be used.

crates/extensions/c8y_http_proxy/src/credentials.rs
@@ -32,16 +32,17 @@ impl C8YJwtRetriever {

#[async_trait]
impl Server for C8YJwtRetriever {
Copy link
Copy Markdown
Contributor

@didier-wenzek didier-wenzek Oct 17, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adding the new C8YBasicAuthProvider in this PR would really help to validate the refactoring, even if not use yet.

Copy link
Copy Markdown
Contributor

@didier-wenzek didier-wenzek Oct 21, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, I should have remove this comment which is conflicting with my other comment #3190 (review), telling that:

the difference between the misc auth method has to be addressed in the c8y_api with a facade over the C8yMqttJwtTokenRetriever and a BasicAuthRetriver. Both returning an authentication header ready to be used.

Anyway. This can be done in the next step.

@rina23q
Copy link
Copy Markdown
Member Author

rina23q commented Oct 17, 2024
edited
Loading

@rina23q @didier-wenzek @albinsuresh Wouldn't it make more sense to have a generic "Add N Headers"...that way we could write providers to inject any required headers and not assume it was just be the "Authorization" header?

Ah like returning ({header_key}, {header_value}), e.g. ("Authorization", "Bearer XXX")?

So it means C8YJwtRetriever returns Result<(String, String), HeaderError> instead of Result<String, AuthError>.

Or even getting a help from the http crate's HeaderName and HeaderValue, it can be Result<(HeaderName, HeaderValue), Error).

@reubenmiller
Copy link
Copy Markdown
Contributor

reubenmiller commented Oct 17, 2024

@rina23q @didier-wenzek @albinsuresh Wouldn't it make more sense to have a generic "Add N Headers"...that way we could write providers to inject any required headers and not assume it was just be the "Authorization" header?

Ah like returning ({header_key}, {header_value}), e.g. ("Authorization", "Bearer XXX")?

So it means C8YJwtRetriever returns Result<(String, String), HeaderError> instead of Result<String, AuthError>.

Or even getting a help from the http crate's HeaderName and HeaderValue, it can be Result<(HeaderName, HeaderValue), Error).

Or even better, it results a vector of header name/value 's)...As some more complicated authenticated mechanisms need to set multiple header properties, for example AWS S3 API allows users to also add x-* headers to add some additional options.

@rina23q
Copy link
Copy Markdown
Member Author

rina23q commented Oct 17, 2024

Or even better, it results a vector of header name/value 's)...As some more complicated authenticated mechanisms need to set multiple header properties, for example AWS S3 API allows users to also add x-* headers to add some additional options.

Then this HeaderMap is the way to go 👍

@rina23q rina23q temporarily deployed to Test Pull Request October 20, 2024 13:29 — with GitHub Actions Inactive
@rina23q rina23q requested a review from reubenmiller as a code owner October 20, 2024 17:58
@rina23q rina23q temporarily deployed to Test Pull Request October 20, 2024 17:58 — with GitHub Actions Inactive
@rina23q rina23q requested a review from didier-wenzek October 20, 2024 18:50
@rina23q
Copy link
Copy Markdown
Member Author

rina23q commented Oct 20, 2024

Then this HeaderMap is the way to go 👍

This change is done in e7b8724.

Also, I removed unused code in 897c102. If they should stay in our code, please inform me. Then I can revert in that case.

didier-wenzek
didier-wenzek approved these changes Oct 21, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@didier-wenzek didier-wenzek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved. This refactoring PR is a nice progress forward.

Also, I removed unused code in 897c102. If they should stay in our code, please inform me. Then I can revert in that case.

Removing dead code is always a good thing.

crates/extensions/c8y_http_proxy/src/credentials.rs
@@ -32,16 +32,17 @@ impl C8YJwtRetriever {

#[async_trait]
impl Server for C8YJwtRetriever {
Copy link
Copy Markdown
Contributor

@didier-wenzek didier-wenzek Oct 21, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, I should have remove this comment which is conflicting with my other comment #3190 (review), telling that:

the difference between the misc auth method has to be addressed in the c8y_api with a facade over the C8yMqttJwtTokenRetriever and a BasicAuthRetriver. Both returning an authentication header ready to be used.

Anyway. This can be done in the next step.

@rina23q
refactor: flexible Authorization header type of HTTP request
0a39802 
- Change JWT token retriever actor to return "Bearer {token}",
previously it was just "{token}"
- Deprecate Auth enum in downloader so that downloader can
accept any authorization header value easily

Signed-off-by: Rina Fujino <rina.fujino.23@gmail.com>
@rina23q
refactor: remove unused C8YRestRequest items and functions
a34f6ad 
Signed-off-by: Rina Fujino <rina.fujino.23@gmail.com>
@rina23q
refactor: Introduce HttpHeaderRetriever, abstraction of auth retriever
9711f81 
HttpHeaderRetriever returns HeaderMap. So, C8YJwtRetriever now returns
HeaderMap. The retrieved JWT token is included in the map.
In the future, there will be C8YBasicAuthRetriever, which will also
returns HeaderMap.

Signed-off-by: Rina Fujino <rina.fujino.23@gmail.com>
@rina23q rina23q force-pushed the refactor/3036/jwt_retriever_returns_header_value branch from e7b8724 to 9711f81 Compare October 21, 2024 10:16
@rina23q rina23q temporarily deployed to Test Pull Request October 21, 2024 10:16 — with GitHub Actions Inactive
@rina23q rina23q added this pull request to the merge queue Oct 21, 2024
Merged via the queue into thin-edge:main with commit 30962e6 Oct 21, 2024
@rina23q rina23q deleted the refactor/3036/jwt_retriever_returns_header_value branch August 8, 2025 11:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@didier-wenzek didier-wenzek didier-wenzek approved these changes

@albinsuresh albinsuresh Awaiting requested review from albinsuresh albinsuresh is a code owner

@jarhodes314 jarhodes314 Awaiting requested review from jarhodes314 jarhodes314 is a code owner

@reubenmiller reubenmiller Awaiting requested review from reubenmiller reubenmiller is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rina23q @reubenmiller @didier-wenzek