blop

quickwit-oss · Nov 5, 2024 · 2fa1338 · 2fa1338
1 parent 94b575a
commit 2fa1338
Show file tree

Hide file tree

Showing 12 changed files with 59 additions and 17 deletions.
diff --git a/quickwit/Cargo.lock b/quickwit/Cargo.lock
diff --git a/quickwit/quickwit-authorize/src/community.rs → ...t/quickwit-authorize/src/community/mod.rs b/quickwit/quickwit-authorize/src/community.rs → ...t/quickwit-authorize/src/community/mod.rs
diff --git a/...kwit-authorize/src/authorization_layer.rs → ...ize/src/enterprise/authorization_layer.rs b/...kwit-authorize/src/authorization_layer.rs → ...ize/src/enterprise/authorization_layer.rs
@@ -1,3 +1,22 @@
+// Copyright (C) 2024 Quickwit, Inc.
+//
+// Quickwit is offered under the AGPL v3.0 and as commercial software.
+// For commercial licensing, contact us at [email protected].
+//
+// AGPL:
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as
+// published by the Free Software Foundation, either version 3 of the
+// License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
 use std::fmt;
 use std::task::{Context, Poll};
 
@@ -7,6 +26,7 @@ use tower::{Layer, Service};
 
 use crate::AuthorizationError;
 
+#[derive(Clone, Copy, Debug)]
 pub struct AuthorizationLayer;
 
 impl<S: Clone> Layer<S> for AuthorizationLayer {

diff --git a/...kwit/quickwit-authorize/src/enterprise.rs → .../quickwit-authorize/src/enterprise/mod.rs b/...kwit/quickwit-authorize/src/enterprise.rs → .../quickwit-authorize/src/enterprise/mod.rs
@@ -19,10 +19,13 @@
 // components are licensed under the original license provided by the owner of the
 // applicable component.
 
+mod authorization_layer;
+
 use std::future::Future;
 use std::str::FromStr;
 use std::sync::{Arc, OnceLock};
 
+pub use authorization_layer::AuthorizationLayer;
 use biscuit_auth::macros::authorizer;
 use biscuit_auth::{Authorizer, Biscuit, RootKeyProvider};
 

diff --git a/quickwit/quickwit-authorize/src/lib.rs b/quickwit/quickwit-authorize/src/lib.rs
@@ -17,14 +17,12 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program. If not, see <http://www.gnu.org/licenses/>.
 
-mod authorization_layer;
-
 #[cfg(not(feature = "enterprise"))]
-#[path = "community.rs"]
+#[path = "community/mod.rs"]
 mod implementation;
 
 #[cfg(feature = "enterprise")]
-#[path = "enterprise.rs"]
+#[path = "enterprise/mod.rs"]
 mod implementation;
 
 pub use implementation::*;

diff --git a/quickwit/quickwit-cli/Cargo.toml b/quickwit/quickwit-cli/Cargo.toml
@@ -79,7 +79,7 @@ quickwit-metastore = { workspace = true, features = ["testsuite"] }
 quickwit-storage = { workspace = true, features = ["testsuite"] }
 
 [features]
-enterprise = ["quickwit-config/enterprise", "quickwit-ingest/enterprise", "quickwit-proto/enterprise"]
+enterprise = ["quickwit-config/enterprise", "quickwit-ingest/enterprise", "quickwit-proto/enterprise", "quickwit-serve/enterprise"]
 jemalloc = ["dep:tikv-jemalloc-ctl", "dep:tikv-jemallocator"]
 ci-test = []
 pprof = ["quickwit-serve/pprof"]

diff --git a/quickwit/quickwit-codegen/example/src/authorization.rs b/quickwit/quickwit-codegen/example/src/authorization.rs
@@ -15,7 +15,9 @@
 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 // SOFTWARE.
 
-use quickwit_authorize::{Authorization, AuthorizationError, AuthorizationToken, StreamAuthorization};
+use quickwit_authorize::{
+    Authorization, AuthorizationError, AuthorizationToken, StreamAuthorization,
+};
 
 use crate::{GoodbyeRequest, HelloRequest, PingRequest};
 
@@ -38,9 +40,7 @@ impl Authorization for GoodbyeRequest {
 }
 
 impl StreamAuthorization for PingRequest {
-    fn attenuate(
-        auth_token: AuthorizationToken,
-    ) -> Result<AuthorizationToken, AuthorizationError> {
+    fn attenuate(auth_token: AuthorizationToken) -> Result<AuthorizationToken, AuthorizationError> {
         Ok(auth_token)
     }
 }
diff --git a/quickwit/quickwit-ingest/src/authorize.rs b/quickwit/quickwit-ingest/src/authorize.rs
@@ -15,7 +15,7 @@
 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 // SOFTWARE.
 
-use quickwit_authorize::::{Authorization, AuthorizationError, AuthorizationToken};
+use quickwit_authorize::{Authorization, AuthorizationError, AuthorizationToken};
 
 use crate::{FetchRequest, IngestRequest, TailRequest};
 

diff --git a/quickwit/quickwit-proto/Cargo.toml b/quickwit/quickwit-proto/Cargo.toml
@@ -12,6 +12,7 @@ license.workspace = true
 [dependencies]
 anyhow = { workspace = true }
 async-trait = { workspace = true }
+biscuit-auth = { workspace = true, optional = true }
 bytes = { workspace = true }
 bytesize = { workspace = true }
 bytestring = { workspace = true }
@@ -53,4 +54,4 @@ quickwit-codegen = { workspace = true }
 [features]
 postgres = ["sea-query", "sqlx"]
 testsuite = ["mockall", "futures"]
-enterprise = [ "quickwit-authorize/enterprise"]
+enterprise = [ "quickwit-authorize/enterprise", "dep:biscuit-auth"]
diff --git a/quickwit/quickwit-proto/src/authorization.rs b/quickwit/quickwit-proto/src/authorization.rs
@@ -1,8 +1,11 @@
 use std::time::{Duration, SystemTime};
 
-use biscuit_auth::builder_ext::BuilderExt;
-use biscuit_auth::macros::*;
-use quickwit_authorize::::{Authorization, AuthorizationError, AuthorizationToken, StreamAuthorization};
+pub use biscuit_auth;
+pub use biscuit_auth::builder_ext::BuilderExt;
+pub use biscuit_auth::macros::*;
+use quickwit_authorize::{
+    Authorization, AuthorizationError, AuthorizationToken, StreamAuthorization,
+};
 
 use crate::cluster::FetchClusterStateRequest;
 use crate::control_plane::{AdviseResetShardsRequest, GetOrCreateOpenShardsRequest};

diff --git a/quickwit/quickwit-serve/Cargo.toml b/quickwit/quickwit-serve/Cargo.toml
@@ -50,6 +50,7 @@ warp = { workspace = true }
 zstd = { workspace = true }
 
 quickwit-actors = { workspace = true }
+quickwit-authorize = { workspace = true, features = ["enterprise"], optional = true }
 quickwit-cluster = { workspace = true }
 quickwit-common = { workspace = true }
 quickwit-config = { workspace = true }
@@ -97,4 +98,5 @@ quickwit-storage = { workspace = true, features = ["testsuite"] }
 pprof = [
   "dep:pprof"
 ]
+enterprise = ["dep:quickwit-authorize"]
 testsuite = []
diff --git a/quickwit/quickwit-serve/src/lib.rs b/quickwit/quickwit-serve/src/lib.rs
@@ -429,10 +429,23 @@ pub async fn serve_quickwit(
                 100
             };
             // These layers apply to all the RPCs of the metastore.
-            let shared_layer = ServiceBuilder::new()
+            let shared_layer_builder = ServiceBuilder::new()
                 .layer(METASTORE_GRPC_SERVER_METRICS_LAYER.clone())
-                .layer(LoadShedLayer::new(max_in_flight_requests))
-                .into_inner();
+                .layer(LoadShedLayer::new(max_in_flight_requests));
+
+            let shared_layer;
+
+            #[cfg(feature = "enterprise")]
+            {
+                use quickwit_authorize::AuthorizationLayer;
+                shared_layer = shared_layer_builder.layer(AuthorizationLayer).into_inner();
+            }
+
+            #[cfg(not(feature = "enterprise"))]
+            {
+                shared_layer = shared_layer_builder.into_inner();
+            }
+
             let broker_layer = EventListenerLayer::new(event_broker.clone());
             let metastore = MetastoreServiceClient::tower()
                 .stack_layer(shared_layer)