X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/783f215608cc94f1dd7450e802ecf8b4b06f1cf9..4e03c16ce84982605e8f5b2a56dd19ab0a11980c:/lib/controller/rpc/conn.go

diff --git a/lib/controller/rpc/conn.go b/lib/controller/rpc/conn.go
index b32717f9a0..cb23c7fad1 100644
--- a/lib/controller/rpc/conn.go
+++ b/lib/controller/rpc/conn.go
@@ -8,6 +8,7 @@ import (
 	"context"
 	"crypto/tls"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"io"
 	"net"
@@ -17,15 +18,21 @@ import (
 	"time"
 
 	"git.curoverse.com/arvados.git/sdk/go/arvados"
+	"git.curoverse.com/arvados.git/sdk/go/auth"
 )
 
-type contextKey string
-
-const ContextKeyCredentials contextKey = "credentials"
-
 type TokenProvider func(context.Context) ([]string, error)
 
+func PassthroughTokenProvider(ctx context.Context) ([]string, error) {
+	if incoming, ok := auth.FromContext(ctx); !ok {
+		return nil, errors.New("no token provided")
+	} else {
+		return incoming.Tokens, nil
+	}
+}
+
 type Conn struct {
+	SendHeader    http.Header
 	clusterID     string
 	httpClient    http.Client
 	baseURL       url.URL
@@ -55,8 +62,11 @@ func NewConn(clusterID string, url *url.URL, insecure bool, tp TokenProvider) *C
 		}
 	}
 	return &Conn{
-		clusterID:     clusterID,
-		httpClient:    http.Client{Transport: transport},
+		clusterID: clusterID,
+		httpClient: http.Client{
+			CheckRedirect: func(req *http.Request, via []*http.Request) error { return http.ErrUseLastResponse },
+			Transport:     transport,
+		},
 		baseURL:       *url,
 		tokenProvider: tp,
 	}
@@ -64,21 +74,22 @@ func NewConn(clusterID string, url *url.URL, insecure bool, tp TokenProvider) *C
 
 func (conn *Conn) requestAndDecode(ctx context.Context, dst interface{}, ep arvados.APIEndpoint, body io.Reader, opts interface{}) error {
 	aClient := arvados.Client{
-		Client:  &conn.httpClient,
-		Scheme:  conn.baseURL.Scheme,
-		APIHost: conn.baseURL.Host,
+		Client:     &conn.httpClient,
+		Scheme:     conn.baseURL.Scheme,
+		APIHost:    conn.baseURL.Host,
+		SendHeader: conn.SendHeader,
 	}
 	tokens, err := conn.tokenProvider(ctx)
 	if err != nil {
 		return err
 	} else if len(tokens) > 0 {
-		ctx = context.WithValue(ctx, "Authorization", "Bearer "+tokens[0])
+		ctx = arvados.ContextWithAuthorization(ctx, "Bearer "+tokens[0])
 	} else {
 		// Use a non-empty auth string to ensure we override
 		// any default token set on aClient -- and to avoid
 		// having the remote prompt us to send a token by
 		// responding 401.
-		ctx = context.WithValue(ctx, "Authorization", "Bearer -")
+		ctx = arvados.ContextWithAuthorization(ctx, "Bearer -")
 	}
 
 	// Encode opts to JSON and decode from there to a
@@ -115,6 +126,41 @@ func (conn *Conn) requestAndDecode(ctx context.Context, dst interface{}, ep arva
 	return aClient.RequestAndDecodeContext(ctx, dst, ep.Method, path, body, params)
 }
 
+func (conn *Conn) BaseURL() url.URL {
+	return conn.baseURL
+}
+
+func (conn *Conn) ConfigGet(ctx context.Context) (json.RawMessage, error) {
+	ep := arvados.EndpointConfigGet
+	var resp json.RawMessage
+	err := conn.requestAndDecode(ctx, &resp, ep, nil, nil)
+	return resp, err
+}
+
+func (conn *Conn) Login(ctx context.Context, options arvados.LoginOptions) (arvados.LoginResponse, error) {
+	ep := arvados.EndpointLogin
+	var resp arvados.LoginResponse
+	err := conn.requestAndDecode(ctx, &resp, ep, nil, options)
+	resp.RedirectLocation = conn.relativeToBaseURL(resp.RedirectLocation)
+	return resp, err
+}
+
+// If the given location is a valid URL and its origin is the same as
+// conn.baseURL, return it as a relative URL. Otherwise, return it
+// unmodified.
+func (conn *Conn) relativeToBaseURL(location string) string {
+	u, err := url.Parse(location)
+	if err == nil && u.Scheme == conn.baseURL.Scheme && strings.ToLower(u.Host) == strings.ToLower(conn.baseURL.Host) {
+		u.Opaque = ""
+		u.Scheme = ""
+		u.User = nil
+		u.Host = ""
+		return u.String()
+	} else {
+		return location
+	}
+}
+
 func (conn *Conn) CollectionCreate(ctx context.Context, options arvados.CreateOptions) (arvados.Collection, error) {
 	ep := arvados.EndpointCollectionCreate
 	var resp arvados.Collection
@@ -268,3 +314,15 @@ func (conn *Conn) APIClientAuthorizationCurrent(ctx context.Context, options arv
 	err := conn.requestAndDecode(ctx, &resp, ep, nil, options)
 	return resp, err
 }
+
+type UserSessionCreateOptions struct {
+	AuthInfo map[string]interface{} `json:"auth_info"`
+	ReturnTo string                 `json:"return_to"`
+}
+
+func (conn *Conn) UserSessionCreate(ctx context.Context, options UserSessionCreateOptions) (arvados.LoginResponse, error) {
+	ep := arvados.APIEndpoint{Method: "POST", Path: "auth/controller/callback"}
+	var resp arvados.LoginResponse
+	err := conn.requestAndDecode(ctx, &resp, ep, nil, options)
+	return resp, err
+}