From fb2cfcf4905cc01a321df23147ffffa183b0dafb Mon Sep 17 00:00:00 2001 From: Paul Masurel Date: Mon, 4 Nov 2024 09:49:21 +0900 Subject: [PATCH] authorization as a layer --- quickwit/Cargo.lock | 4 + quickwit/quickwit-auth/Cargo.toml | 5 + .../quickwit-auth/src/authorization_layer.rs | 51 ++++++++ quickwit/quickwit-auth/src/community.rs | 4 + quickwit/quickwit-auth/src/enterprise.rs | 6 + quickwit/quickwit-auth/src/lib.rs | 3 +- .../example/src/codegen/hello.rs | 30 +++-- quickwit/quickwit-codegen/src/codegen.rs | 18 +-- .../src/codegen/ingest_service.rs | 21 +-- .../src/codegen/quickwit/quickwit.cluster.rs | 4 +- .../quickwit/quickwit.control_plane.rs | 36 ++---- .../codegen/quickwit/quickwit.developer.rs | 4 +- .../src/codegen/quickwit/quickwit.indexing.rs | 4 +- .../quickwit/quickwit.ingest.ingester.rs | 48 +++---- .../quickwit/quickwit.ingest.router.rs | 7 +- .../codegen/quickwit/quickwit.metastore.rs | 120 +++++------------- 16 files changed, 168 insertions(+), 197 deletions(-) create mode 100644 quickwit/quickwit-auth/src/authorization_layer.rs diff --git a/quickwit/Cargo.lock b/quickwit/Cargo.lock index 5a90536790e..28ce6fdd52b 100644 --- a/quickwit/Cargo.lock +++ b/quickwit/Cargo.lock @@ -5952,11 +5952,15 @@ name = "quickwit-auth" version = "0.8.0" dependencies = [ "biscuit-auth", + "futures", "http 0.2.12", + "pin-project", + "quickwit-common", "serde", "thiserror", "tokio", "tonic", + "tower", "tracing", ] diff --git a/quickwit/quickwit-auth/Cargo.toml b/quickwit/quickwit-auth/Cargo.toml index ea2013777c5..3ffdef60696 100644 --- a/quickwit/quickwit-auth/Cargo.toml +++ b/quickwit/quickwit-auth/Cargo.toml @@ -9,13 +9,18 @@ authors.workspace = true license.workspace = true [dependencies] +tower = { workspace = true} biscuit-auth = { workspace = true, optional=true } +futures = { workspace = true } http = { workspace = true } serde = { workspace = true } thiserror = { workspace = true } tonic = { workspace = true } tokio = { workspace = true } tracing = { workspace = true } +pin-project = { workspace = true } + +quickwit-common = { workspace = true } [features] enterprise = ["biscuit-auth"] diff --git a/quickwit/quickwit-auth/src/authorization_layer.rs b/quickwit/quickwit-auth/src/authorization_layer.rs new file mode 100644 index 00000000000..3131bef4715 --- /dev/null +++ b/quickwit/quickwit-auth/src/authorization_layer.rs @@ -0,0 +1,51 @@ +use std::fmt; +use std::task::{Context, Poll}; + +use futures::future::Either; +use quickwit_common::tower::RpcName; +use tower::{Layer, Service}; + +use crate::AuthorizationError; + +pub struct AuthorizationLayer; + +impl Layer for AuthorizationLayer { + type Service = AuthorizationService; + + fn layer(&self, service: S) -> Self::Service { + AuthorizationService { service } + } +} + +#[derive(Clone)] +pub struct AuthorizationService { + service: S, +} + +impl Service for AuthorizationService +where + S: Service, + S::Future: Send + 'static, + S::Response: Send + 'static, + S::Error: From + Send + 'static, + Request: fmt::Debug + Send + RpcName + crate::Authorization + 'static, +{ + type Response = S::Response; + type Error = S::Error; + type Future = + futures::future::Either>, S::Future>; + + fn poll_ready(&mut self, cx: &mut Context<'_>) -> Poll> { + self.service.poll_ready(cx) + } + + fn call(&mut self, request: Request) -> Self::Future { + if let Err(authorization_err) = crate::authorize_request(&request) { + let err = S::Error::from(authorization_err); + let result: Result = Err(err); + return Either::Left(futures::future::ready(result)); + } + let service_fut = self.service.call(request); + Either::Right(service_fut) + } +} diff --git a/quickwit/quickwit-auth/src/community.rs b/quickwit/quickwit-auth/src/community.rs index 7be01328fde..48576639c7f 100644 --- a/quickwit/quickwit-auth/src/community.rs +++ b/quickwit/quickwit-auth/src/community.rs @@ -85,3 +85,7 @@ pub fn execute_with_authorization(_: AuthorizationToken, f: F) -> impl Fut where F: Future { f } + +pub fn authorize_request(_req: &R) -> Result<(), AuthorizationError> { + Ok(()) +} diff --git a/quickwit/quickwit-auth/src/enterprise.rs b/quickwit/quickwit-auth/src/enterprise.rs index fd81ab73e49..e1aa02e4436 100644 --- a/quickwit/quickwit-auth/src/enterprise.rs +++ b/quickwit/quickwit-auth/src/enterprise.rs @@ -215,6 +215,12 @@ pub fn authorize_stream( Ok(()) } +pub fn authorize_request(req: &R) -> Result<(), AuthorizationError> { + AUTHORIZATION_TOKEN + .try_with(|auth_token| authorize(req, auth_token)) + .unwrap_or(Err(AuthorizationError::AuthorizationTokenMissing)) +} + pub fn execute_with_authorization( token: AuthorizationToken, f: F, diff --git a/quickwit/quickwit-auth/src/lib.rs b/quickwit/quickwit-auth/src/lib.rs index cccaf68989a..23206c0b434 100644 --- a/quickwit/quickwit-auth/src/lib.rs +++ b/quickwit/quickwit-auth/src/lib.rs @@ -17,7 +17,7 @@ // You should have received a copy of the GNU Affero General Public License // along with this program. If not, see . -use serde::{Deserialize, Serialize}; +mod authorization_layer; #[cfg(not(feature = "enterprise"))] #[path = "community.rs"] @@ -28,6 +28,7 @@ mod implementation; mod implementation; pub use implementation::*; +use serde::{Deserialize, Serialize}; #[derive(thiserror::Error, Debug, Clone, Copy, Serialize, Deserialize, Eq, PartialEq)] pub enum AuthorizationError { diff --git a/quickwit/quickwit-codegen/example/src/codegen/hello.rs b/quickwit/quickwit-codegen/example/src/codegen/hello.rs index 83b8cb40bb0..c12d635e581 100644 --- a/quickwit/quickwit-codegen/example/src/codegen/hello.rs +++ b/quickwit/quickwit-codegen/example/src/codegen/hello.rs @@ -811,9 +811,10 @@ impl hello_grpc_server::HelloGrpc for HelloGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; - quickwit_auth::execute_with_authorization(auth_token, self.inner.0.hello(req)) + quickwit_auth::execute_with_authorization( + auth_token, + self.inner.0.hello(request.into_inner()), + ) .await .map(tonic::Response::new) .map_err(crate::error::grpc_error_to_grpc_status) @@ -823,9 +824,10 @@ impl hello_grpc_server::HelloGrpc for HelloGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; - quickwit_auth::execute_with_authorization(auth_token, self.inner.0.goodbye(req)) + quickwit_auth::execute_with_authorization( + auth_token, + self.inner.0.goodbye(request.into_inner()), + ) .await .map(tonic::Response::new) .map_err(crate::error::grpc_error_to_grpc_status) @@ -836,12 +838,16 @@ impl hello_grpc_server::HelloGrpc for HelloGrpcServerAdapter { request: tonic::Request>, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = { - let streaming: tonic::Streaming<_> = request.into_inner(); - quickwit_common::ServiceStream::from(streaming) - }; - quickwit_auth::authorize_stream::(&auth_token)?; - quickwit_auth::execute_with_authorization(auth_token, self.inner.0.ping(req)) + quickwit_auth::execute_with_authorization( + auth_token, + self + .inner + .0 + .ping({ + let streaming: tonic::Streaming<_> = request.into_inner(); + quickwit_common::ServiceStream::from(streaming) + }), + ) .await .map(|stream| tonic::Response::new( stream.map_err(crate::error::grpc_error_to_grpc_status), diff --git a/quickwit/quickwit-codegen/src/codegen.rs b/quickwit/quickwit-codegen/src/codegen.rs index 26d284e54ba..361cd21189b 100644 --- a/quickwit/quickwit-codegen/src/codegen.rs +++ b/quickwit/quickwit-codegen/src/codegen.rs @@ -1246,9 +1246,7 @@ fn generate_grpc_server_adapter_methods(context: &CodegenContext) -> TokenStream } } } else { - quote! { - request.into_inner() - } + quote! { request.into_inner() } }; let response_type = if syn_method.server_streaming { let associated_type_name = quote::format_ident!("{}Stream", syn_method.proto_name); @@ -1271,24 +1269,12 @@ fn generate_grpc_server_adapter_methods(context: &CodegenContext) -> TokenStream quote! { tonic::Response::new } }; - let authorize_block = if syn_method.client_streaming { - let stream_item = &syn_method.request_type; - quote! { - quickwit_auth::authorize_stream::<#stream_item>(&auth_token)?; - } - } else { - quote! { - quickwit_auth::authorize(&req, &auth_token)?; - } - }; let method = quote! { #associated_type async fn #method_name(&self, request: tonic::Request<#request_type>) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = #method_arg; - #authorize_block; - quickwit_auth::execute_with_authorization(auth_token, self.inner.0.#method_name(req)).await + quickwit_auth::execute_with_authorization(auth_token, self.inner.0.#method_name(#method_arg)).await .map(#into_response_type) .map_err(crate::error::grpc_error_to_grpc_status) } diff --git a/quickwit/quickwit-ingest/src/codegen/ingest_service.rs b/quickwit/quickwit-ingest/src/codegen/ingest_service.rs index 49e20a534be..65992ccaa2e 100644 --- a/quickwit/quickwit-ingest/src/codegen/ingest_service.rs +++ b/quickwit/quickwit-ingest/src/codegen/ingest_service.rs @@ -876,9 +876,10 @@ impl ingest_service_grpc_server::IngestServiceGrpc for IngestServiceGrpcServerAd request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; - quickwit_auth::execute_with_authorization(auth_token, self.inner.0.ingest(req)) + quickwit_auth::execute_with_authorization( + auth_token, + self.inner.0.ingest(request.into_inner()), + ) .await .map(tonic::Response::new) .map_err(crate::error::grpc_error_to_grpc_status) @@ -888,9 +889,10 @@ impl ingest_service_grpc_server::IngestServiceGrpc for IngestServiceGrpcServerAd request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; - quickwit_auth::execute_with_authorization(auth_token, self.inner.0.fetch(req)) + quickwit_auth::execute_with_authorization( + auth_token, + self.inner.0.fetch(request.into_inner()), + ) .await .map(tonic::Response::new) .map_err(crate::error::grpc_error_to_grpc_status) @@ -900,9 +902,10 @@ impl ingest_service_grpc_server::IngestServiceGrpc for IngestServiceGrpcServerAd request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; - quickwit_auth::execute_with_authorization(auth_token, self.inner.0.tail(req)) + quickwit_auth::execute_with_authorization( + auth_token, + self.inner.0.tail(request.into_inner()), + ) .await .map(tonic::Response::new) .map_err(crate::error::grpc_error_to_grpc_status) diff --git a/quickwit/quickwit-proto/src/codegen/quickwit/quickwit.cluster.rs b/quickwit/quickwit-proto/src/codegen/quickwit/quickwit.cluster.rs index 07ec4928ec1..a7a4e2388d0 100644 --- a/quickwit/quickwit-proto/src/codegen/quickwit/quickwit.cluster.rs +++ b/quickwit/quickwit-proto/src/codegen/quickwit/quickwit.cluster.rs @@ -544,11 +544,9 @@ for ClusterServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.fetch_cluster_state(req), + self.inner.0.fetch_cluster_state(request.into_inner()), ) .await .map(tonic::Response::new) diff --git a/quickwit/quickwit-proto/src/codegen/quickwit/quickwit.control_plane.rs b/quickwit/quickwit-proto/src/codegen/quickwit/quickwit.control_plane.rs index 780edd4b9ae..b6449a8bd42 100644 --- a/quickwit/quickwit-proto/src/codegen/quickwit/quickwit.control_plane.rs +++ b/quickwit/quickwit-proto/src/codegen/quickwit/quickwit.control_plane.rs @@ -1789,11 +1789,9 @@ for ControlPlaneServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.create_index(req), + self.inner.0.create_index(request.into_inner()), ) .await .map(tonic::Response::new) @@ -1807,11 +1805,9 @@ for ControlPlaneServiceGrpcServerAdapter { tonic::Status, > { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.update_index(req), + self.inner.0.update_index(request.into_inner()), ) .await .map(tonic::Response::new) @@ -1822,11 +1818,9 @@ for ControlPlaneServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.delete_index(req), + self.inner.0.delete_index(request.into_inner()), ) .await .map(tonic::Response::new) @@ -1837,11 +1831,9 @@ for ControlPlaneServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.add_source(req), + self.inner.0.add_source(request.into_inner()), ) .await .map(tonic::Response::new) @@ -1852,11 +1844,9 @@ for ControlPlaneServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.toggle_source(req), + self.inner.0.toggle_source(request.into_inner()), ) .await .map(tonic::Response::new) @@ -1867,11 +1857,9 @@ for ControlPlaneServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.delete_source(req), + self.inner.0.delete_source(request.into_inner()), ) .await .map(tonic::Response::new) @@ -1882,11 +1870,9 @@ for ControlPlaneServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.get_or_create_open_shards(req), + self.inner.0.get_or_create_open_shards(request.into_inner()), ) .await .map(tonic::Response::new) @@ -1897,11 +1883,9 @@ for ControlPlaneServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.advise_reset_shards(req), + self.inner.0.advise_reset_shards(request.into_inner()), ) .await .map(tonic::Response::new) @@ -1912,11 +1896,9 @@ for ControlPlaneServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.prune_shards(req), + self.inner.0.prune_shards(request.into_inner()), ) .await .map(tonic::Response::new) diff --git a/quickwit/quickwit-proto/src/codegen/quickwit/quickwit.developer.rs b/quickwit/quickwit-proto/src/codegen/quickwit/quickwit.developer.rs index ec25565eef2..1a98a47df7b 100644 --- a/quickwit/quickwit-proto/src/codegen/quickwit/quickwit.developer.rs +++ b/quickwit/quickwit-proto/src/codegen/quickwit/quickwit.developer.rs @@ -480,11 +480,9 @@ for DeveloperServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.get_debug_info(req), + self.inner.0.get_debug_info(request.into_inner()), ) .await .map(tonic::Response::new) diff --git a/quickwit/quickwit-proto/src/codegen/quickwit/quickwit.indexing.rs b/quickwit/quickwit-proto/src/codegen/quickwit/quickwit.indexing.rs index a6b7a2a0aee..793f4bffa72 100644 --- a/quickwit/quickwit-proto/src/codegen/quickwit/quickwit.indexing.rs +++ b/quickwit/quickwit-proto/src/codegen/quickwit/quickwit.indexing.rs @@ -493,11 +493,9 @@ for IndexingServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.apply_indexing_plan(req), + self.inner.0.apply_indexing_plan(request.into_inner()), ) .await .map(tonic::Response::new) diff --git a/quickwit/quickwit-proto/src/codegen/quickwit/quickwit.ingest.ingester.rs b/quickwit/quickwit-proto/src/codegen/quickwit/quickwit.ingest.ingester.rs index c5a230b7d09..bc5ae585cdf 100644 --- a/quickwit/quickwit-proto/src/codegen/quickwit/quickwit.ingest.ingester.rs +++ b/quickwit/quickwit-proto/src/codegen/quickwit/quickwit.ingest.ingester.rs @@ -2224,9 +2224,10 @@ for IngesterServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; - quickwit_auth::execute_with_authorization(auth_token, self.inner.0.persist(req)) + quickwit_auth::execute_with_authorization( + auth_token, + self.inner.0.persist(request.into_inner()), + ) .await .map(tonic::Response::new) .map_err(crate::error::grpc_error_to_grpc_status) @@ -2239,14 +2240,15 @@ for IngesterServiceGrpcServerAdapter { request: tonic::Request>, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = { - let streaming: tonic::Streaming<_> = request.into_inner(); - quickwit_common::ServiceStream::from(streaming) - }; - quickwit_auth::authorize_stream::(&auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.open_replication_stream(req), + self + .inner + .0 + .open_replication_stream({ + let streaming: tonic::Streaming<_> = request.into_inner(); + quickwit_common::ServiceStream::from(streaming) + }), ) .await .map(|stream| tonic::Response::new( @@ -2262,11 +2264,9 @@ for IngesterServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.open_fetch_stream(req), + self.inner.0.open_fetch_stream(request.into_inner()), ) .await .map(|stream| tonic::Response::new( @@ -2282,11 +2282,9 @@ for IngesterServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.open_observation_stream(req), + self.inner.0.open_observation_stream(request.into_inner()), ) .await .map(|stream| tonic::Response::new( @@ -2299,11 +2297,9 @@ for IngesterServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.init_shards(req), + self.inner.0.init_shards(request.into_inner()), ) .await .map(tonic::Response::new) @@ -2314,11 +2310,9 @@ for IngesterServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.retain_shards(req), + self.inner.0.retain_shards(request.into_inner()), ) .await .map(tonic::Response::new) @@ -2329,11 +2323,9 @@ for IngesterServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.truncate_shards(req), + self.inner.0.truncate_shards(request.into_inner()), ) .await .map(tonic::Response::new) @@ -2344,11 +2336,9 @@ for IngesterServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.close_shards(req), + self.inner.0.close_shards(request.into_inner()), ) .await .map(tonic::Response::new) @@ -2359,11 +2349,9 @@ for IngesterServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.decommission(req), + self.inner.0.decommission(request.into_inner()), ) .await .map(tonic::Response::new) diff --git a/quickwit/quickwit-proto/src/codegen/quickwit/quickwit.ingest.router.rs b/quickwit/quickwit-proto/src/codegen/quickwit/quickwit.ingest.router.rs index 405e9abe6f3..45440087454 100644 --- a/quickwit/quickwit-proto/src/codegen/quickwit/quickwit.ingest.router.rs +++ b/quickwit/quickwit-proto/src/codegen/quickwit/quickwit.ingest.router.rs @@ -606,9 +606,10 @@ for IngestRouterServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; - quickwit_auth::execute_with_authorization(auth_token, self.inner.0.ingest(req)) + quickwit_auth::execute_with_authorization( + auth_token, + self.inner.0.ingest(request.into_inner()), + ) .await .map(tonic::Response::new) .map_err(crate::error::grpc_error_to_grpc_status) diff --git a/quickwit/quickwit-proto/src/codegen/quickwit/quickwit.metastore.rs b/quickwit/quickwit-proto/src/codegen/quickwit/quickwit.metastore.rs index b923d5261f7..80ae0c04490 100644 --- a/quickwit/quickwit-proto/src/codegen/quickwit/quickwit.metastore.rs +++ b/quickwit/quickwit-proto/src/codegen/quickwit/quickwit.metastore.rs @@ -5358,11 +5358,9 @@ for MetastoreServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.create_index(req), + self.inner.0.create_index(request.into_inner()), ) .await .map(tonic::Response::new) @@ -5373,11 +5371,9 @@ for MetastoreServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.update_index(req), + self.inner.0.update_index(request.into_inner()), ) .await .map(tonic::Response::new) @@ -5388,11 +5384,9 @@ for MetastoreServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.index_metadata(req), + self.inner.0.index_metadata(request.into_inner()), ) .await .map(tonic::Response::new) @@ -5403,11 +5397,9 @@ for MetastoreServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.indexes_metadata(req), + self.inner.0.indexes_metadata(request.into_inner()), ) .await .map(tonic::Response::new) @@ -5418,11 +5410,9 @@ for MetastoreServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.list_indexes_metadata(req), + self.inner.0.list_indexes_metadata(request.into_inner()), ) .await .map(tonic::Response::new) @@ -5433,11 +5423,9 @@ for MetastoreServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.delete_index(req), + self.inner.0.delete_index(request.into_inner()), ) .await .map(tonic::Response::new) @@ -5451,11 +5439,9 @@ for MetastoreServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.list_splits(req), + self.inner.0.list_splits(request.into_inner()), ) .await .map(|stream| tonic::Response::new( @@ -5468,11 +5454,9 @@ for MetastoreServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.stage_splits(req), + self.inner.0.stage_splits(request.into_inner()), ) .await .map(tonic::Response::new) @@ -5483,11 +5467,9 @@ for MetastoreServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.publish_splits(req), + self.inner.0.publish_splits(request.into_inner()), ) .await .map(tonic::Response::new) @@ -5498,11 +5480,9 @@ for MetastoreServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.mark_splits_for_deletion(req), + self.inner.0.mark_splits_for_deletion(request.into_inner()), ) .await .map(tonic::Response::new) @@ -5513,11 +5493,9 @@ for MetastoreServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.delete_splits(req), + self.inner.0.delete_splits(request.into_inner()), ) .await .map(tonic::Response::new) @@ -5528,11 +5506,9 @@ for MetastoreServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.add_source(req), + self.inner.0.add_source(request.into_inner()), ) .await .map(tonic::Response::new) @@ -5543,11 +5519,9 @@ for MetastoreServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.toggle_source(req), + self.inner.0.toggle_source(request.into_inner()), ) .await .map(tonic::Response::new) @@ -5558,11 +5532,9 @@ for MetastoreServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.delete_source(req), + self.inner.0.delete_source(request.into_inner()), ) .await .map(tonic::Response::new) @@ -5573,11 +5545,9 @@ for MetastoreServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.reset_source_checkpoint(req), + self.inner.0.reset_source_checkpoint(request.into_inner()), ) .await .map(tonic::Response::new) @@ -5588,11 +5558,9 @@ for MetastoreServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.last_delete_opstamp(req), + self.inner.0.last_delete_opstamp(request.into_inner()), ) .await .map(tonic::Response::new) @@ -5603,11 +5571,9 @@ for MetastoreServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.create_delete_task(req), + self.inner.0.create_delete_task(request.into_inner()), ) .await .map(tonic::Response::new) @@ -5618,11 +5584,9 @@ for MetastoreServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.update_splits_delete_opstamp(req), + self.inner.0.update_splits_delete_opstamp(request.into_inner()), ) .await .map(tonic::Response::new) @@ -5633,11 +5597,9 @@ for MetastoreServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.list_delete_tasks(req), + self.inner.0.list_delete_tasks(request.into_inner()), ) .await .map(tonic::Response::new) @@ -5648,11 +5610,9 @@ for MetastoreServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.list_stale_splits(req), + self.inner.0.list_stale_splits(request.into_inner()), ) .await .map(tonic::Response::new) @@ -5663,11 +5623,9 @@ for MetastoreServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.open_shards(req), + self.inner.0.open_shards(request.into_inner()), ) .await .map(tonic::Response::new) @@ -5678,11 +5636,9 @@ for MetastoreServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.acquire_shards(req), + self.inner.0.acquire_shards(request.into_inner()), ) .await .map(tonic::Response::new) @@ -5693,11 +5649,9 @@ for MetastoreServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.delete_shards(req), + self.inner.0.delete_shards(request.into_inner()), ) .await .map(tonic::Response::new) @@ -5708,11 +5662,9 @@ for MetastoreServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.prune_shards(req), + self.inner.0.prune_shards(request.into_inner()), ) .await .map(tonic::Response::new) @@ -5723,11 +5675,9 @@ for MetastoreServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.list_shards(req), + self.inner.0.list_shards(request.into_inner()), ) .await .map(tonic::Response::new) @@ -5738,11 +5688,9 @@ for MetastoreServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.create_index_template(req), + self.inner.0.create_index_template(request.into_inner()), ) .await .map(tonic::Response::new) @@ -5753,11 +5701,9 @@ for MetastoreServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.get_index_template(req), + self.inner.0.get_index_template(request.into_inner()), ) .await .map(tonic::Response::new) @@ -5768,11 +5714,9 @@ for MetastoreServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.find_index_template_matches(req), + self.inner.0.find_index_template_matches(request.into_inner()), ) .await .map(tonic::Response::new) @@ -5783,11 +5727,9 @@ for MetastoreServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.list_index_templates(req), + self.inner.0.list_index_templates(request.into_inner()), ) .await .map(tonic::Response::new) @@ -5798,11 +5740,9 @@ for MetastoreServiceGrpcServerAdapter { request: tonic::Request, ) -> Result, tonic::Status> { let auth_token = quickwit_auth::get_auth_token(request.metadata())?; - let req = request.into_inner(); - quickwit_auth::authorize(&req, &auth_token)?; quickwit_auth::execute_with_authorization( auth_token, - self.inner.0.delete_index_templates(req), + self.inner.0.delete_index_templates(request.into_inner()), ) .await .map(tonic::Response::new)