feat: modify token injection when use SpaceConnector

cloudforet-io · Dec 20, 2023 · 31d0369 · 31d0369
1 parent 94baebf
commit 31d0369
Show file tree

Hide file tree

Showing 4 changed files with 78 additions and 71 deletions.
diff --git a/src/spaceone/plugin/conf/global_conf.py b/src/spaceone/plugin/conf/global_conf.py
@@ -1,58 +1,45 @@
 DATABASE_AUTO_CREATE_INDEX = True
 DATABASES = {
-    'default': {
-        'db': 'plugin',
-        'host': 'localhost',
-        'port': 27017,
-        'username': 'plugin',
-        'password': ''
+    "default": {
+        "db": "plugin",
+        "host": "localhost",
+        "port": 27017,
+        "username": "plugin",
+        "password": "",
     }
 }
 
 CACHES = {
-    'default': {},
-    'local': {
-        'backend': 'spaceone.core.cache.local_cache.LocalCache',
-        'max_size': 128,
-        'ttl': 300
-    }
+    "default": {},
+    "local": {
+        "backend": "spaceone.core.cache.local_cache.LocalCache",
+        "max_size": 128,
+        "ttl": 300,
+    },
 }
 
 CONNECTORS = {
-    'IdentityConnector': {
-        'endpoint': {
-            'v1': 'grpc://identity:50051'
-        }
-    },
-    'pluginConnector': {
-    },
-    'RepositoryConnector': {
-        'endpoint': {
-            'v1': 'grpc://repository:50051'
-        }
-    },
-    'SpaceConnector': {
-        'backend': 'spaceone.core.connector.space_connector.SpaceConnector',
-        'endpoints': {
-            'identity': 'grpc://identity:50051',
-            'repository': 'grpc://repository:50051',
-            'secret': 'grpc://secret:50051',
-        }
+    "IdentityConnector": {"endpoint": {"v1": "grpc://identity:50051"}},
+    "pluginConnector": {},
+    "RepositoryConnector": {"endpoint": {"v1": "grpc://repository:50051"}},
+    "SpaceConnector": {
+        "backend": "spaceone.core.connector.space_connector:SpaceConnector",
+        "endpoints": {
+            "identity": "grpc://identity:50051",
+            "repository": "grpc://repository:50051",
+            "secret": "grpc://secret:50051",
+        },
     },
 }
 
-HANDLERS = {
-}
+HANDLERS = {}
 
-ENDPOINTS = {
-}
+ENDPOINTS = {}
 
-LOG = {
-}
+LOG = {}
 
 QUEUES = {}
 SCHEDULERS = {}
 WORKERS = {}
 TOKEN = ""
 TOKEN_INFO = {}
-
diff --git a/src/spaceone/plugin/manager/identity_manager.py b/src/spaceone/plugin/manager/identity_manager.py
@@ -1,12 +1,13 @@
 from spaceone.core.manager import BaseManager
 from spaceone.core.connector.space_connector import SpaceConnector
 
-class IdentityManager(BaseManager):
 
+class IdentityManager(BaseManager):
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
-        self.identity_connector: SpaceConnector = self.locator.get_connector('SpaceConnector', service='identity')
+        self.identity_connector: SpaceConnector = self.locator.get_connector(
+            SpaceConnector, service="identity"
+        )
 
     def list_domains(self, query):
-        print(query)
-        return self.identity_connector.dispatch('Domain.list', {'query': query})
+        return self.identity_connector.dispatch("Domain.list", {"query": query})
diff --git a/src/spaceone/plugin/manager/repository_manager.py b/src/spaceone/plugin/manager/repository_manager.py
@@ -1,33 +1,45 @@
 import logging
+from typing import Union
 
 from spaceone.core.cache import cacheable
 from spaceone.core.manager import BaseManager
 from spaceone.plugin.error import *
 from spaceone.core.connector.space_connector import SpaceConnector
 
-
 _LOGGER = logging.getLogger(__name__)
 
 
 class RepositoryManager(BaseManager):
-
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
-        self.repo_connector: SpaceConnector = self.locator.get_connector('SpaceConnector', service='repository')
+        self.repo_connector: SpaceConnector = self.locator.get_connector(
+            SpaceConnector, service="repository"
+        )
 
-    def get_plugin(self, plugin_id, domain_id):
-        return self.repo_connector.dispatch('Plugin.get', {'plugin_id': plugin_id, 'domain_id': domain_id})
+    def get_plugin(self, plugin_id: str, domain_id, token: str) -> dict:
+        return self.repo_connector.dispatch(
+            "Plugin.get", {"plugin_id": plugin_id}, token=token, x_domain_id=domain_id
+        )
 
-    def check_plugin_version(self, plugin_id, version, domain_id):
-        response = self.repo_connector.dispatch('Plugin.get_versions', {'plugin_id': plugin_id, 'domain_id': domain_id})
+    def check_plugin_version(self, plugin_id, version, token: str) -> None:
+        response = self.repo_connector.dispatch(
+            "Plugin.get_versions", {"plugin_id": plugin_id}, token=token
+        )
 
-        if version not in response.get('results', []):
+        if version not in response.get("results", []):
             raise ERROR_INVALID_PLUGIN_VERSION(plugin_id=plugin_id, version=version)
 
-    @cacheable(key='plugin-latest-version:{domain_id}:{plugin_id}', expire=600)
-    def get_plugin_latest_version(self, plugin_id, domain_id):
-        response = self.repo_connector.dispatch('Plugin.get_versions', {'plugin_id': plugin_id, 'domain_id': domain_id})
-        versions = response.get('results', [])
+    @cacheable(key="plugin-latest-version:{domain_id}:{plugin_id}", expire=600)
+    def get_plugin_latest_version(
+        self, plugin_id: str, domain_id: str, token: str
+    ) -> Union[str, None]:
+        response = self.repo_connector.dispatch(
+            "Plugin.get_versions",
+            {"plugin_id": plugin_id},
+            token=token,
+            x_domain_id=domain_id,
+        )
+        versions = response.get("results", [])
         if versions:
             return versions[0]
         else:

diff --git a/src/spaceone/plugin/service/plugin_service.py b/src/spaceone/plugin/service/plugin_service.py
@@ -16,7 +16,7 @@
 @event_handler
 class PluginService(BaseService):
     resource = "Plugin"
-    
+
     def __init__(self, metadata):
         super().__init__(metadata)
         self.supervisor_mgr: SupervisorManager = self.locator.get_manager(
@@ -47,8 +47,9 @@ def get_plugin_endpoint(self, params: dict):
         if params.get("upgrade_mode") == "MANUAL" and params.get("version") is None:
             raise ERROR_REQUIRED_PARAMETER(key="version")
 
-        params.update({"version": self._get_plugin_version(params)})
-        return self._get_plugin_endpoint(params)
+        token = self.transaction.get_meta("token")
+        params.update({"version": self._get_plugin_version(params, token)})
+        return self._get_plugin_endpoint(params, token)
 
     @transaction(
         permission="plugin:Plugin.read", role_types=["DOMAIN_ADMIN", "WORKSPACE_OWNER"]
@@ -68,19 +69,21 @@ def get_plugin_metadata(self, params: dict):
         plugin_id = params["plugin_id"]
         domain_id = params["domain_id"]
         options = params.get("options", {})
+        token = self.transaction.get_meta("token")
 
         if params.get("upgrade_mode") == "MANUAL" and params.get("version") is None:
             raise ERROR_REQUIRED_PARAMETER(key="version")
 
-        params.update({"version": self._get_plugin_version(params)})
-        plugin_endpoint_info = self._get_plugin_endpoint(params)
-        api_class = self._get_plugin_api_class(plugin_id, domain_id)
+        params.update({"version": self._get_plugin_version(params, token)})
+
+        plugin_endpoint_info = self._get_plugin_endpoint(params, token)
+        api_class = self._get_plugin_api_class(plugin_id, domain_id, token)
         init_response = self.plugin_mgr.init_plugin(
             plugin_endpoint_info.get("endpoint"), api_class, options
         )
         return init_response.get("metadata", {})
 
-    def _get_plugin_endpoint(self, params):
+    def _get_plugin_endpoint(self, params: dict, token: str):
         plugin_id = params["plugin_id"]
         labels = params.get("labels", {})
         version = params.get("version")
@@ -104,7 +107,7 @@ def _get_plugin_endpoint(self, params):
 
         # There is no installed plugin
         # Check plugin_id, version is valid or not
-        self._check_plugin(plugin_id, version, domain_id)
+        self._check_plugin(plugin_id, version, token)
 
         # Create or Fail
         matched_supervisors = self.supervisor_mgr.get_matched_supervisors(
@@ -122,15 +125,15 @@ def _get_plugin_endpoint(self, params):
 
         raise ERROR_NO_POSSIBLE_SUPERVISOR(params=params)
 
-    def _get_plugin_version(self, params):
+    def _get_plugin_version(self, params: dict, token: str):
         plugin_id = params["plugin_id"]
         upgrade_mode = params.get("upgrade_mode", "MANUAL")
         version = params.get("version")
         domain_id = params["domain_id"]
 
         if upgrade_mode == "AUTO":
             latest_version = self.repository_mgr.get_plugin_latest_version(
-                plugin_id, domain_id
+                plugin_id, domain_id, token
             )
 
             if version is None and latest_version is None:
@@ -144,8 +147,8 @@ def _get_plugin_version(self, params):
             else:
                 raise ERROR_REQUIRED_PARAMETER(key="version")
 
-    def _get_plugin_api_class(self, plugin_id, domain_id):
-        plugin_info = self.repository_mgr.get_plugin(plugin_id, domain_id)
+    def _get_plugin_api_class(self, plugin_id: str, domain_id: str, token: str):
+        plugin_info = self.repository_mgr.get_plugin(plugin_id, domain_id, token)
         service_type = plugin_info["service_type"]
         return service_type.split(".")[1]
 
@@ -262,19 +265,19 @@ def _select_one(choice_list, algorithm="random"):
             return random.choice(choice_list)
         _LOGGER.error(f"[_select_one] unimplemented algorithm: {algorithm}")
 
-    def _check_plugin(self, plugin_id, version, domain_id):
+    def _check_plugin(self, plugin_id: str, version: str, token: str):
         """Check plugin_id:version exist or not"""
         repo_mgr = self.locator.get_manager("RepositoryManager")
         # Check plugin_id
         try:
-            repo_mgr.get_plugin(plugin_id, domain_id)
+            repo_mgr.get_plugin(plugin_id, token)
         except Exception as e:
             _LOGGER.error(f"[_check_plugin] {plugin_id} does not exist")
             raise ERROR_PLUGIN_NOT_FOUND(plugin_id=plugin_id)
 
         # Check version
         try:
-            repo_mgr.check_plugin_version(plugin_id, version, domain_id)
+            repo_mgr.check_plugin_version(plugin_id, version, token)
         except Exception as e:
             raise ERROR_INVALID_PLUGIN_VERSION(plugin_id=plugin_id, version=version)
 
@@ -314,8 +317,12 @@ def verify(self, params: dict):
             "domain_id": params["domain_id"],
         }
 
-        plugin_endpoint_info = self._get_plugin_endpoint(requested_params)
-        api_class = self._get_plugin_api_class(params["plugin_id"], params["domain_id"])
+        token = self.transaction.get_meta("token")
+
+        plugin_endpoint_info = self._get_plugin_endpoint(requested_params, token)
+        api_class = self._get_plugin_api_class(
+            params["plugin_id"], params["domain_id"], token
+        )
 
         # secret
         if "secret_id" in params: