Merge branch 'master' into qlong-cli-version

cadence-workflow · Jul 23, 2021 · a3c20bc · a3c20bc
2 parents 2109d0e + 989e35c
commit a3c20bc
Show file tree

Hide file tree

Showing 128 changed files with 7,031 additions and 5,181 deletions.
diff --git a/.gen/go/shared/shared.go b/.gen/go/shared/shared.go
diff --git a/.gen/proto/admin/v1/service.pb.go b/.gen/proto/admin/v1/service.pb.go
diff --git a/.gen/proto/admin/v1/service.pb.yarpc.go b/.gen/proto/admin/v1/service.pb.yarpc.go
diff --git a/.gen/proto/history/v1/service.pb.go b/.gen/proto/history/v1/service.pb.go
diff --git a/.gen/proto/history/v1/service.pb.yarpc.go b/.gen/proto/history/v1/service.pb.yarpc.go
diff --git a/.gen/proto/shared/v1/queue.pb.go b/.gen/proto/shared/v1/queue.pb.go
diff --git a/.gen/proto/shared/v1/queue.pb.yarpc.go b/.gen/proto/shared/v1/queue.pb.yarpc.go
diff --git a/cmd/server/cadence/server.go b/cmd/server/cadence/server.go
@@ -216,7 +216,7 @@ func (s *server) startService() common.Daemon {
 	params.ArchiverProvider = provider.NewArchiverProvider(s.cfg.Archival.History.Provider, s.cfg.Archival.Visibility.Provider)
 	params.PersistenceConfig.TransactionSizeLimit = dc.GetIntProperty(dynamicconfig.TransactionSizeLimit, common.DefaultTransactionSizeLimit)
 	params.PersistenceConfig.ErrorInjectionRate = dc.GetFloat64Property(dynamicconfig.PersistenceErrorInjectionRate, 0)
-	params.Authorizer = authorization.NewNopAuthorizer()
+	params.Authorizer = authorization.NewAuthorizer(s.cfg.Authorization, params.Logger)
 	params.BlobstoreClient, err = filestore.NewFilestoreClient(s.cfg.Blobstore.Filestore)
 	if err != nil {
 		log.Printf("failed to create file blobstore client, will continue startup without it: %v", err)

diff --git a/cmd/server/main.go b/cmd/server/main.go
@@ -25,6 +25,7 @@ import (
 
 	"github.com/uber/cadence/cmd/server/cadence"
 	"github.com/uber/cadence/common/metrics"
+	_ "github.com/uber/cadence/common/persistence/nosql/nosqlplugin/cassandra"              // needed to load cassandra plugin
 	_ "github.com/uber/cadence/common/persistence/nosql/nosqlplugin/cassandra/gocql/public" // needed to load the default gocql client
 	_ "github.com/uber/cadence/common/persistence/sql/sqlplugin/mysql"                      // needed to load mysql plugin
 	_ "github.com/uber/cadence/common/persistence/sql/sqlplugin/postgres"                   // needed to load postgres plugin

diff --git a/common/authorization/authorizer.go b/common/authorization/authorizer.go
@@ -35,6 +35,15 @@ const (
 	DecisionAllow
 )
 
+const (
+	// PermissionRead means the user can write on the domain level APIs
+	PermissionRead Permission = iota + 1
+	// PermissionWrite means the user can write on the domain level APIs
+	PermissionWrite
+	// PermissionAdmin means the user can read+write on the domain level APIs
+	PermissionAdmin
+)
+
 type (
 	// Attributes is input for authority to make decision.
 	// It can be extended in future if required auth on resources like WorkflowType and TaskList
@@ -43,6 +52,7 @@ type (
 		APIName    string
 		DomainName string
 		TaskList   *types.TaskList
+		Permission Permission
 	}
 
 	// Result is result from authority.
@@ -52,8 +62,24 @@ type (
 
 	// Decision is enum type for auth decision
 	Decision int
+
+	// Permission is enum type for auth permission
+	Permission int
 )
 
+func NewPermission(permission string) Permission {
+	switch permission {
+	case "read":
+		return PermissionRead
+	case "write":
+		return PermissionWrite
+	case "admin":
+		return PermissionAdmin
+	default:
+		return -1
+	}
+}
+
 // Authorizer is an interface for authorization
 type Authorizer interface {
 	Authorize(ctx context.Context, attributes *Attributes) (Result, error)

diff --git a/...ce/nosql/nosqlplugin/cassandra/session.go → common/authorization/factory.go b/...ce/nosql/nosqlplugin/cassandra/session.go → common/authorization/factory.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2020 Uber Technologies, Inc.
+// Copyright (c) 2021 Uber Technologies, Inc.
 //
 // Permission is hereby granted, free of charge, to any person obtaining a copy
 // of this software and associated documentation files (the "Software"), to deal
@@ -18,35 +18,18 @@
 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 // THE SOFTWARE.
 
-package cassandra
+package authorization
 
 import (
-	"time"
-
 	"github.com/uber/cadence/common/config"
-	"github.com/uber/cadence/common/persistence/nosql/nosqlplugin/cassandra/gocql"
-)
-
-const (
-	defaultSessionTimeout = 10 * time.Second
+	"github.com/uber/cadence/common/log"
 )
 
-// CreateSession creates a new session
-// TODO this will be converted to private later, after all cassandra code moved to plugin pkg
-func CreateSession(cfg config.Cassandra) (gocql.Session, error) {
-	return gocql.NewClient().CreateSession(gocql.ClusterConfig{
-		Hosts:             cfg.Hosts,
-		Port:              cfg.Port,
-		User:              cfg.User,
-		Password:          cfg.Password,
-		Keyspace:          cfg.Keyspace,
-		Region:            cfg.Region,
-		Datacenter:        cfg.Datacenter,
-		MaxConns:          cfg.MaxConns,
-		TLS:               cfg.TLS,
-		ProtoVersion:      cfg.ProtoVersion,
-		Consistency:       gocql.LocalQuorum,
-		SerialConsistency: gocql.LocalSerial,
-		Timeout:           defaultSessionTimeout,
-	})
+func NewAuthorizer(authorization config.Authorization, logger log.Logger) Authorizer {
+	switch true {
+	case authorization.OAuthAuthorizer.Enable:
+		return NewOAuthAuthorizer(authorization.OAuthAuthorizer, logger)
+	default:
+		return NewNopAuthorizer()
+	}
 }