Skip to content

Commit

Permalink
fix: make keycloak not call service when disabled
Browse files Browse the repository at this point in the history
  • Loading branch information
Pat Losoponkul committed Oct 11, 2023
1 parent 384f472 commit 35ec694
Show file tree
Hide file tree
Showing 5 changed files with 44 additions and 12 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -162,7 +162,9 @@ object MainApp extends ZIOAppDefault {
VerificationPolicyServiceImpl.layer,
WalletManagementServiceImpl.layer,
// authentication
AppModule.authenticatorLayer,
AppModule.builtInAuthenticatorLayer,
AppModule.keycloakAuthenticatorLayer,
DefaultAuthenticator.layer,
// grpc
GrpcModule.prismNodeStubLayer,
// storage
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ import zio.*
import zio.config.typesafe.TypesafeConfigSource
import zio.config.{ReadError, read}
import zio.http.Client
import io.iohk.atala.iam.authentication.oidc.KeycloakAuthenticator

object SystemModule {
val configLayer: Layer[ReadError[String], AppConfig] = ZLayer.fromZIO {
Expand All @@ -62,23 +63,34 @@ object AppModule {
val didJwtResolverLayer: URLayer[DIDService, JwtDidResolver] =
ZLayer.fromFunction(PrismDidResolver(_))

val authenticatorLayer: RLayer[
AppConfig & WalletManagementService & AuthenticationRepository & EntityService & Client,
DefaultAuthenticator & ApiKeyAuthenticator
val builtInAuthenticatorLayer: URLayer[
AppConfig & AuthenticationRepository & EntityService & WalletManagementService,
ApiKeyAuthenticator & AdminApiKeyAuthenticator
] =
ZLayer.makeSome[
AppConfig & WalletManagementService & AuthenticationRepository & EntityService & Client,
DefaultAuthenticator & ApiKeyAuthenticator
AppConfig & AuthenticationRepository & EntityService & WalletManagementService,
ApiKeyAuthenticator & AdminApiKeyAuthenticator
](
AdminConfig.layer,
ApiKeyConfig.layer,
KeycloakConfig.layer,
DefaultAuthenticator.layer,
AdminApiKeyAuthenticatorImpl.layer,
ApiKeyAuthenticatorImpl.layer,
KeycloakAuthenticatorImpl.layer,
KeycloakClientImpl.layer
)

val keycloakAuthenticatorLayer: RLayer[AppConfig & WalletManagementService & Client, KeycloakAuthenticator] =
ZLayer.fromZIO {
ZIO
.serviceWith[AppConfig](_.agent.authentication.keycloak.enabled)
.map { isEnabled =>
if (!isEnabled) KeycloakAuthenticatorImpl.disabled
else
ZLayer.makeSome[AppConfig & WalletManagementService & Client, KeycloakAuthenticator](
KeycloakConfig.layer,
KeycloakAuthenticatorImpl.layer,
KeycloakClientImpl.layer
)
}
}.flatten
}

object GrpcModule {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,11 @@ case class ApiKeyAuthenticatorImpl(
InvalidCredentials("API key is compromised")
}
}
} else ZIO.fail(AuthenticationMethodNotEnabled("Keycloak authentication is not enabled"))
} else {
ZIO.fail(
AuthenticationMethodNotEnabled(s"Authentication method not enabled: ${AuthenticationMethodType.ApiKey.value}")
)
}
}

protected[apikey] def provisionNewEntity(apiKey: String): IO[AuthenticationRepositoryError, Entity] = synchronized {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -90,4 +90,14 @@ class KeycloakAuthenticatorImpl(
object KeycloakAuthenticatorImpl {
val layer: RLayer[KeycloakClient & KeycloakConfig & WalletManagementService, KeycloakAuthenticator] =
ZLayer.fromFunction(KeycloakAuthenticatorImpl(_, _, _))

val disabled: ULayer[KeycloakAuthenticator] =
ZLayer.succeed {
val notEnabledError = ZIO.fail(AuthenticationMethodNotEnabled("Keycloak authentication is not enabled"))
new KeycloakAuthenticator {
override def isEnabled: Boolean = false
override def authenticate(token: String): IO[AuthenticationError, KeycloakEntity] = notEnabledError
override def authorize(entity: KeycloakEntity): IO[AuthenticationError, WalletId] = notEnabledError
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,11 @@ import io.iohk.atala.api.http.ErrorResponse
import io.iohk.atala.container.util.MigrationAspects.*
import io.iohk.atala.iam.authentication.AuthenticatorWithAuthZ
import io.iohk.atala.pollux.core.model.secret.CredentialDefinitionSecret
import io.iohk.atala.pollux.core.service.serdes.{ PrivateCredentialDefinitionSchemaSerDesV1, ProofKeyCredentialDefinitionSchemaSerDesV1, PublicCredentialDefinitionSerDesV1 }
import io.iohk.atala.pollux.core.service.serdes.{
PrivateCredentialDefinitionSchemaSerDesV1,
ProofKeyCredentialDefinitionSchemaSerDesV1,
PublicCredentialDefinitionSerDesV1
}
import io.iohk.atala.pollux.credentialdefinition.controller.CredentialDefinitionController
import io.iohk.atala.pollux.credentialdefinition.http.{CredentialDefinitionInput, CredentialDefinitionResponse}
import sttp.client3.basicRequest
Expand Down

0 comments on commit 35ec694

Please sign in to comment.