feat: Tenant specific config support via .cac.toml #246
Conversation
ayushjain17
force-pushed
the
tenantConfig
branch
from
69bdf35
to
1268793
Compare
| @@ -17,4 +17,4 @@ path = "src/bin.rs" | |||
| clap = { version = "4.3.0", features = ["derive"] } | |||
| pest = "2.6" | |||
| pest_derive = "2.6" | |||
| toml = { version = "0.8.8", features = ["preserve_order"] } | |||
| toml = { workspace = true } | |||
There was a problem hiding this comment.
@ayushjain17 - Will this pick-up the preserve_order if someone just includes cac_toml outside of this workspace? Could we validate that?
There was a problem hiding this comment.
yes this will set the features for the crate, in the same way it is specified in the workspace Cargo.toml
have verified this
ayushjain17
force-pushed
the
tenantConfig
branch
2 times, most recently
from
d4fba6b
to
eda9cd5
Compare
| @@ -257,6 +257,46 @@ impl Display for RegexEnum { | |||
| } | |||
| } | |||
|
|
|||
| pub trait SuperpositionTenantConfig { | |||
There was a problem hiding this comment.
This could be a struct with pub members right? Why define tenant config as a trait behaviour? No one can implement this elsewhere and pass it around. Why are we making it generic? Note: If the answer summarizes to "We will need this in the future", my response is "lets add it in the future". This is unecessary code complexity right now
There was a problem hiding this comment.
I'm guessing this is because of internal asks for auth? The tenant config struct internal to Juspay will be different I'm assuming
| @@ -64,69 +48,16 @@ async fn main() -> Result<()> { | |||
| prefix => "/".to_owned() + prefix, | |||
| }; | |||
|
|
|||
| let cac_host: String = get_from_env_unsafe("CAC_HOST").expect("CAC host is not set"); | |||
| let cac_port: u16 = get_from_env_unsafe("PORT").unwrap_or(8080); | |||
ayushjain17
force-pushed
the
tenantConfig
branch
4 times, most recently
from
d223128
to
008b169
Compare
| .wrap_fn(|req, srv| { | ||
| let user = User::default(); | ||
| let state = req.app_data::<Data<AppState>>().unwrap(); |
There was a problem hiding this comment.
@ayushjain17 , can you explain why this change is needed?
| @@ -234,30 +244,48 @@ async fn create( | |||
| // creating variants' context in CAC | |||
| let http_client = reqwest::Client::new(); | |||
| let url = state.cac_host.clone() + "/context/bulk-operations"; | |||
| let headers_map = construct_header_map(tenant.as_str(), custom_headers.config_tags)?; | |||
| let user_str = serde_json::to_string(&user).map_err(|err| { | |||
There was a problem hiding this comment.
What are we trying to achieve with x-user header?
There was a problem hiding this comment.
Someone who has access for only making changes in experimentation and not in context-aware-config, for them all requests of experimenation would start failing as the when these api calls would be made to make changes in context-aware-config, the authorization would fail due to lack of access.
So Internal authorization has been added
Now since this Internal auth would not have the details of the current user, and on validating it would give the details of a super-user then the audit logs would show wrong info regarding the maker of the contexts in context-aware-config, so in this case since experimentation has already decoded the user, it just forwards the user data
And this user data is only to be consumed if the Internal auth check is successful
| "Authorization", | ||
| format!("{} {}", user.get_auth_type(), user.get_auth_token()), | ||
| header::AUTHORIZATION, | ||
| format!("Internal {}", state.superposition_token), |
There was a problem hiding this comment.
This is not a supported authentication scheme
https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication#authentication_schemes
There was a problem hiding this comment.
| None | ||
| } | ||
| }) | ||
| .collect::<Vec<_>>(); |
There was a problem hiding this comment.
nitpick: specify types here, makes it easy to read on a glance
| @@ -371,6 +399,16 @@ pub async fn conclude( | |||
| }; | |||
| operations.push(ContextAction::MOVE((context_id, context_move_req))); | |||
| } else { | |||
| let user_str = serde_json::to_string(&user).map_err(|err| { | |||
There was a problem hiding this comment.
Do we want to send the whole user object in the headers or only the email address?
There was a problem hiding this comment.
Whole user, as what all data would be needed later on the context api or which api being called would not be known
ayushjain17
force-pushed
the
tenantConfig
branch
from
008b169
to
665d8b0
Compare
Problem
Tenant specific configuration not present
Solution
Get tenant-config via cac using
cac_tomlwhich readsSuperposition.cac.toml