worker: Add identity filter and client oauth support

2021-06-07 09:33:21 +02:00 · 2021-06-07 09:33:21 +02:00 · 0ea31c39d5
commit 0ea31c39d5
parent 968e7b210f
11 changed files with 277 additions and 65 deletions
--- a/cmd/osbuild-composer/composer.go
+++ b/cmd/osbuild-composer/composer.go
@ -68,7 +68,7 @@ func NewComposer(config *ComposerConfigFile, stateDir, cacheDir string, logger *
 		return nil, fmt.Errorf("cannot create jobqueue: %v", err)
 	}

-	c.workers = worker.NewServer(c.logger, jobs, artifactsDir)
+	c.workers = worker.NewServer(c.logger, jobs, artifactsDir, c.config.WorkerAPI.IdentityFilter)

 	return &c, nil
 }
@ -135,17 +135,21 @@ func (c *Composer) InitLocalWorker(l net.Listener) {
 }

 func (c *Composer) InitRemoteWorkers(cert, key string, l net.Listener) error {
-	tlsConfig, err := createTLSConfig(&connectionConfig{
-		CACertFile:     c.config.Worker.CA,
-		ServerKeyFile:  key,
-		ServerCertFile: cert,
-		AllowedDomains: c.config.Worker.AllowedDomains,
-	})
-	if err != nil {
-		return fmt.Errorf("Error creating TLS configuration for remote worker API: %v", err)
-	}
+	if len(c.config.WorkerAPI.IdentityFilter) > 0 {
+		c.workerListener = l
+	} else {
+		tlsConfig, err := createTLSConfig(&connectionConfig{
+			CACertFile:     c.config.Worker.CA,
+			ServerKeyFile:  key,
+			ServerCertFile: cert,
+			AllowedDomains: c.config.Worker.AllowedDomains,
+		})
+		if err != nil {
+			return fmt.Errorf("Error creating TLS configuration for remote worker API: %v", err)
+		}

-	c.workerListener = tls.NewListener(l, tlsConfig)
+		c.workerListener = tls.NewListener(l, tlsConfig)
+	}

 	return nil
 }
--- a/cmd/osbuild-composer/config.go
+++ b/cmd/osbuild-composer/config.go
@ -18,6 +18,9 @@ type ComposerConfigFile struct {
 	ComposerAPI struct {
 		IdentityFilter []string `toml:"identity_filter"`
 	} `toml:"composer_api"`
+	WorkerAPI struct {
+		IdentityFilter []string `toml:"identity_filter"`
+	} `toml:"worker_api"`
 }

 func LoadConfig(name string) (*ComposerConfigFile, error) {