| #ifndef THIRD_PARTY_MILOTIC_INTERNAL_CC_AUTHZ_CONFIG_GENERATOR_H_ |
| #define THIRD_PARTY_MILOTIC_INTERNAL_CC_AUTHZ_CONFIG_GENERATOR_H_ |
| |
| #include <optional> |
| #include <string> |
| #include <string_view> |
| |
| #include "gmi/machine_identity.pb.h" |
| #include "one/offline_node_entities.pb.h" |
| #include "absl/strings/string_view.h" |
| #include "nlohmann/json.hpp" |
| |
| namespace milotic::authz { |
| |
| struct GeneratorOptions { |
| std::string gmi_path; |
| std::string server_cert_path; |
| std::string authz_configuration_path; |
| std::string offline_node_entities_path; |
| }; |
| |
| // This class reads the GMI file and the authorization configuration template |
| // defined in [1], and generates various authorization related configuration |
| // (OAuth Configuration, Redfish Registry, etc) |
| // [1] |
| // https://source.corp.google.com/piper///depot/google3/third_party/milotic/internal/auth_config/schema |
| |
| class ConfigGenerator { |
| public: |
| // Returns a non-empty JSON object on success otherwise an error happens. |
| static nlohmann::json GenerateConfiguration(const GeneratorOptions& options); |
| |
| // Returns a configuration that rejects every client. |
| static nlohmann::json EmptyConfiguration(); |
| |
| protected: |
| // Returns a non-empty struct on success otherwise an error happens. |
| static std::optional<::security_prodid::GoogleMachineIdentityProto> |
| GetGmiDataFromGmi(const std::string& gmi_path); |
| |
| // Reads the base configuration file as a JSON object. Adds configurations |
| // that needs runtime substitutions. Returns a non-empty JSON object on |
| // success otherwise an error happens. |
| static nlohmann::json ReadConfigAndAddRuntimeSubstitutions( |
| const std::string& base_config_path, bool in_hwops_state, |
| const production_msv::node_entities_proto::OfflineNodeEntityInformation& |
| one); |
| |
| // Find the json pointer to insert or replace the machine manager resource |
| // owner. |
| static nlohmann::json::json_pointer FindLocalNodeInOwners( |
| const nlohmann::json& root, std::string_view hostname); |
| |
| // Find the json pointer to insert or replace the machine manager exchange |
| // mapping. |
| static nlohmann::json::json_pointer FindLocalNodeInExchangeMappings( |
| const nlohmann::json& root, std::string_view hostname); |
| |
| static nlohmann::json::json_pointer FindLocalNodeInExchangeMappings( |
| const nlohmann::json& root, std::string_view hostname, |
| std::string_view node_redfish_role); |
| |
| // Utility function to add/update compute node mapping in the config. |
| // If the compute node mapping does not exist, it adds the mapping to the |
| // policy file. If the compute node mapping already exists, do nothing as we |
| // now use entity based mappings and don't want a duplicate peer based |
| // mapping. |
| static void UpdateComputeNodeMappingsInRoot( |
| nlohmann::json& root, bool in_hwops_state, |
| const production_msv::node_entities_proto::OfflineNodeEntityInformation& |
| one); |
| |
| // Utility function to add/update machine manager mapping in the config. |
| // If the machine manager mapping does not exist, it adds the mapping to the |
| // policy file. If the machine manager mapping already exists, do nothing as |
| // we now use entity based mappings and don't want a duplicate peer based |
| // mapping. |
| static void UpdateMachineManagerMappingsInRoot( |
| nlohmann::json& root, bool in_hwops_state, |
| const production_msv::node_entities_proto::OfflineNodeEntityInformation& |
| one); |
| }; |
| |
| } // namespace milotic::authz |
| |
| #endif // THIRD_PARTY_MILOTIC_INTERNAL_CC_AUTHZ_CONFIG_GENERATOR_H_ |
