Module: Legate::Auth::HttpClientUtils

Defined in:

lib/legate/auth/http_client_utils.rb

Overview

Utility module for integrating authentication with HTTP clients. Provides methods for configuring Excon clients with authentication middleware.

Class Method Summary

• .authenticate_request(request, scheme:, credential:, **options) ⇒ Hash

  Apply authentication to a request using the given scheme and credential.

• .configure_connection(connection, scheme:, credential:, **options) ⇒ Excon::Connection

  Configure an Excon connection with authentication middleware.

• .create_api_key_connection(url, api_key:, location: 'header', name: 'X-API-Key', **options) ⇒ Excon::Connection

  Create a new Excon connection with API key authentication.

• .create_basic_auth_connection(url, username:, password:, **options) ⇒ Excon::Connection

  Create a new Excon connection with Basic authentication.

• .create_bearer_connection(url, token:, **options) ⇒ Excon::Connection

  Create a new Excon connection with bearer token authentication.

• .create_connection(url, scheme:, credential:, **options) ⇒ Excon::Connection

  Create a new Excon connection with authentication middleware.

• .create_connection_from_provider(url, provider_id, **options) ⇒ Excon::Connection

  Create a new Excon connection from a pre-configured authentication provider.

• .create_oauth2_connection(url, client_id:, client_secret:, authorization_url:, token_url:, scopes: nil, **options) ⇒ Excon::Connection

  Create a new Excon connection with OAuth2 authentication.

• .create_oidc_connection(url, client_id:, client_secret:, discovery_url:, **options) ⇒ Excon::Connection

  Create a new Excon connection with OpenID Connect authentication.

• .create_service_account_connection(url, service_account_key:, scopes: nil, audience: nil, **options) ⇒ Excon::Connection

  Create a new Excon connection with service account authentication.

Class Method Details

.authenticate_request(request, scheme:, credential:, **options) ⇒ Hash

Apply authentication to a request using the given scheme and credential

Parameters:

• request (Hash) —

  The request to authenticate

• scheme (Legate::Auth::Scheme) —

  The authentication scheme

• credential (Legate::Auth::Credential) —

  The credential

• options (Hash) —

  Additional options for authentication

Returns:

• (Hash) —

  The authenticated request

# File 'lib/legate/auth/http_client_utils.rb', line 331

def authenticate_request(request, scheme:, credential:, **options)
  # Extract token store and manager from options
  token_store = options[:token_store]
  token_manager = options[:token_manager]

  # Apply authentication
  ToolIntegration.apply_authentication(request, scheme, credential, token_store, token_manager)
end

.configure_connection(connection, scheme:, credential:, **options) ⇒ Excon::Connection

Configure an Excon connection with authentication middleware

Parameters:

• connection (Excon::Connection) —

  The Excon connection to configure

• scheme (Legate::Auth::Scheme) —

  The authentication scheme

• credential (Legate::Auth::Credential) —

  The credential

• options (Hash) —

  Additional options for the middleware

Returns:

• (Excon::Connection) —

  The configured connection

# File 'lib/legate/auth/http_client_utils.rb', line 20

def configure_connection(connection, scheme:, credential:, **options)
  # Create the middleware
  middleware = MiddlewareFactory.create(scheme: scheme, credential: credential, **options)

  # Add the middleware to the connection
  connection.data[:middlewares] ||= connection.data[:middlewares].dup

  # Remove any existing auth middleware of the same type
  connection.data[:middlewares].reject! { |m| m == middleware.class }

  # Add our middleware - ensure it's actually added to the stack
  connection.data[:middlewares] << middleware.class unless connection.data[:middlewares].include?(middleware.class)

  # Store the middleware instance in the connection
  connection.data[:auth_middleware] = middleware

  connection
end

.create_api_key_connection(url, api_key:, location: 'header', name: 'X-API-Key', **options) ⇒ Excon::Connection

Create a new Excon connection with API key authentication

Parameters:

• url (String) —

  The URL for the connection

• api_key (String) —

  The API key

• location (String) (defaults to: 'header') —

  Where to place the API key (‘header’, ‘query’, ‘cookie’)

• name (String) (defaults to: 'X-API-Key') —

  The name of the parameter/header

• options (Hash) —

  Additional options for the Excon connection and middleware

Returns:

• (Excon::Connection) —

  The configured connection

# File 'lib/legate/auth/http_client_utils.rb', line 63

def create_api_key_connection(url, api_key:, location: 'header', name: 'X-API-Key', **options)
  # Create the scheme
  scheme = Legate::Auth::Schemes::ApiKey.new

  # Create the credential
  credential = Legate::Auth::Credential.new(
    auth_type: :api_key,
    api_key: api_key,
    location: location,
    name: name
  )

  # Extract middleware options from the options hash
  middleware_options = extract_middleware_options(options)

  # Create the middleware using the factory
  middleware_instance = MiddlewareFactory.create(
    scheme: scheme,
    credential: credential,
    **middleware_options
  )

  # Prepare Excon options, ensuring we don't modify the original options hash directly
  excon_opts = options.dup
  # Remove our custom options that shouldn't be passed directly to Excon.new if they were in **options
  excon_opts.delete(:token_store) # Example, add others if necessary
  excon_opts.delete(:token_manager)
  excon_opts.delete(:session_service) # if MiddlewareFactory might add it to options
  # also retry options if they are only for our middleware and not excon directly
  %i[auto_retry max_retries backoff_strategy backoff_factor retry_non_idempotent retry_on].each do |k|
    excon_opts.delete(k)
  end

  # Add retry configuration for Idempotent middleware
  excon_opts[:retry_limit] = 3
  excon_opts[:retry_interval] = 0.5
  excon_opts[:idempotent] = true

  # Ensure SSL verification is enabled
  excon_opts[:ssl_verify_peer] = true

  # Increase default timeouts if not specified
  excon_opts[:connect_timeout] ||= 30
  excon_opts[:read_timeout] ||= 30
  excon_opts[:write_timeout] ||= 30

  # Create the connection with our middleware
  connection = Excon.new(url, excon_opts)

  # Configure the middleware stack
  connection.data[:middlewares] ||= connection.data[:middlewares].dup
  connection.data[:middlewares].reject! { |m| m == Legate::Auth::ExconMiddleware }

  # Add our middleware class to the stack
  unless connection.data[:middlewares].include?(Legate::Auth::ExconMiddleware)
    # Find the position after Idempotent middleware
    idempotent_index = connection.data[:middlewares].index(Excon::Middleware::Idempotent)
    if idempotent_index
      connection.data[:middlewares].insert(idempotent_index + 1, Legate::Auth::ExconMiddleware)
    else
      connection.data[:middlewares] << Legate::Auth::ExconMiddleware
    end
  end

  # Store the middleware configuration for use by the shell instance
  connection.data[:auth_middleware_config] = middleware_instance

  connection
end

.create_basic_auth_connection(url, username:, password:, **options) ⇒ Excon::Connection

Create a new Excon connection with Basic authentication

Parameters:

• url (String) —

  The URL for the connection

• username (String) —

  The username

• password (String) —

  The password

• options (Hash) —

  Additional options for the middleware and connection

Returns:

• (Excon::Connection) —

  The configured connection

# File 'lib/legate/auth/http_client_utils.rb', line 271

def create_basic_auth_connection(url, username:, password:, **options)
  # Extract middleware options from the options hash
  middleware_options = extract_middleware_options(options)

  # Create middleware using the factory
  middleware = MiddlewareFactory.create_basic_auth(
    username: username,
    password: password,
    **middleware_options
  )

  # Create the connection
  connection = Excon.new(url, options)

  # Add the middleware to the connection
  connection.data[:middlewares] ||= connection.data[:middlewares].dup
  connection.data[:middlewares].reject! { |m| m == Legate::Auth::ExconMiddleware }
  connection.data[:middlewares] << middleware.class unless connection.data[:middlewares].include?(middleware.class)

  # Store the middleware instance in the connection
  connection.data[:auth_middleware] = middleware

  connection
end

.create_bearer_connection(url, token:, **options) ⇒ Excon::Connection

Create a new Excon connection with bearer token authentication

Parameters:

• url (String) —

  The URL for the connection

• token (String) —

  The bearer token

• options (Hash) —

  Additional options for the Excon connection and middleware

Returns:

• (Excon::Connection) —

  The configured connection

# File 'lib/legate/auth/http_client_utils.rb', line 138

def create_bearer_connection(url, token:, **options)
  # Extract middleware options from the options hash
  middleware_options = extract_middleware_options(options)

  # Create middleware using the factory
  middleware = MiddlewareFactory.create_bearer(
    token: token,
    **middleware_options
  )

  # Create the connection
  connection = Excon.new(url, options)

  # Add the middleware to the connection
  connection.data[:middlewares] ||= connection.data[:middlewares].dup
  connection.data[:middlewares].reject! { |m| m == Legate::Auth::ExconMiddleware }
  connection.data[:middlewares] << middleware.class unless connection.data[:middlewares].include?(middleware.class)

  # Store the middleware instance in the connection
  connection.data[:auth_middleware] = middleware

  connection
end

.create_connection(url, scheme:, credential:, **options) ⇒ Excon::Connection

Create a new Excon connection with authentication middleware

Parameters:

• url (String) —

  The URL for the connection

• scheme (Legate::Auth::Scheme) —

  The authentication scheme

• credential (Legate::Auth::Credential) —

  The credential

• options (Hash) —

  Additional options for the Excon connection and middleware

Returns:

• (Excon::Connection) —

  The configured connection

# File 'lib/legate/auth/http_client_utils.rb', line 45

def create_connection(url, scheme:, credential:, **options)
  # Extract middleware options from the options hash
  middleware_options = extract_middleware_options(options)

  # Create the connection
  connection = Excon.new(url, options)

  # Configure the connection with authentication
  configure_connection(connection, scheme: scheme, credential: credential, **middleware_options)
end

.create_connection_from_provider(url, provider_id, **options) ⇒ Excon::Connection

Create a new Excon connection from a pre-configured authentication provider

Parameters:

• url (String) —

  The URL for the connection

• provider_id (String) —

  The ID of the pre-configured provider

• options (Hash) —

  Additional options for the middleware and connection

Returns:

• (Excon::Connection) —

  The configured connection

# File 'lib/legate/auth/http_client_utils.rb', line 301

def create_connection_from_provider(url, provider_id, **options)
  # Extract middleware options from the options hash
  middleware_options = extract_middleware_options(options)

  # Create middleware using the factory
  middleware = MiddlewareFactory.create_from_provider(
    provider_id,
    **middleware_options
  )

  # Create the connection
  connection = Excon.new(url, options)

  # Add the middleware to the connection
  connection.data[:middlewares] ||= connection.data[:middlewares].dup
  connection.data[:middlewares].reject! { |m| m == Legate::Auth::ExconMiddleware }
  connection.data[:middlewares] << middleware.class unless connection.data[:middlewares].include?(middleware.class)

  # Store the middleware instance in the connection
  connection.data[:auth_middleware] = middleware

  connection
end

.create_oauth2_connection(url, client_id:, client_secret:, authorization_url:, token_url:, scopes: nil, **options) ⇒ Excon::Connection

Create a new Excon connection with OAuth2 authentication

Parameters:

• url (String) —

  The URL for the connection

• client_id (String) —

  The OAuth client ID

• client_secret (String) —

  The OAuth client secret

• authorization_url (String) —

  The authorization URL for the OAuth provider

• token_url (String) —

  The token URL for the OAuth provider

• scopes (Array<String>, String, nil) (defaults to: nil) —

  The scopes to request

• options (Hash) —

  Additional options for the middleware and connection

Returns:

• (Excon::Connection) —

  The configured connection

# File 'lib/legate/auth/http_client_utils.rb', line 171

def create_oauth2_connection(url, client_id:, client_secret:, authorization_url:, token_url:, scopes: nil, **options)
  # Extract middleware options from the options hash
  middleware_options = extract_middleware_options(options)

  # Create middleware using the factory
  middleware = MiddlewareFactory.create_oauth2(
    client_id: client_id,
    client_secret: client_secret,
    authorization_url: authorization_url,
    token_url: token_url,
    scopes: scopes,
    **middleware_options
  )

  # Create the connection
  connection = Excon.new(url, options)

  # Add the middleware to the connection
  connection.data[:middlewares] ||= connection.data[:middlewares].dup
  connection.data[:middlewares].reject! { |m| m == Legate::Auth::ExconMiddleware }
  connection.data[:middlewares] << middleware.class unless connection.data[:middlewares].include?(middleware.class)

  # Store the middleware instance in the connection
  connection.data[:auth_middleware] = middleware

  connection
end

.create_oidc_connection(url, client_id:, client_secret:, discovery_url:, **options) ⇒ Excon::Connection

Create a new Excon connection with OpenID Connect authentication

Parameters:

• url (String) —

  The URL for the connection

• client_id (String) —

  The OIDC client ID

• client_secret (String) —

  The OIDC client secret

• discovery_url (String, nil) —

  The OIDC discovery URL

• options (Hash) —

  Additional options for the middleware and connection

Returns:

• (Excon::Connection) —

  The configured connection

# File 'lib/legate/auth/http_client_utils.rb', line 239

def create_oidc_connection(url, client_id:, client_secret:, discovery_url:, **options)
  # Extract middleware options from the options hash
  middleware_options = extract_middleware_options(options)

  # Create middleware using the factory
  middleware = MiddlewareFactory.create_oidc(
    client_id: client_id,
    client_secret: client_secret,
    discovery_url: discovery_url,
    **middleware_options
  )

  # Create the connection
  connection = Excon.new(url, options)

  # Add the middleware to the connection
  connection.data[:middlewares] ||= connection.data[:middlewares].dup
  connection.data[:middlewares].reject! { |m| m == Legate::Auth::ExconMiddleware }
  connection.data[:middlewares] << middleware.class unless connection.data[:middlewares].include?(middleware.class)

  # Store the middleware instance in the connection
  connection.data[:auth_middleware] = middleware

  connection
end

.create_service_account_connection(url, service_account_key:, scopes: nil, audience: nil, **options) ⇒ Excon::Connection

Create a new Excon connection with service account authentication

Parameters:

• url (String) —

  The URL for the connection

• service_account_key (String, Hash) —

  The service account key

• scopes (Array<String>, String, nil) (defaults to: nil) —

  The scopes to request

• audience (String, nil) (defaults to: nil) —

  The audience for the token

• options (Hash) —

  Additional options for the Excon connection and middleware

Returns:

• (Excon::Connection) —

  The configured connection

# File 'lib/legate/auth/http_client_utils.rb', line 206

def create_service_account_connection(url, service_account_key:, scopes: nil, audience: nil, **options)
  # Extract middleware options from the options hash
  middleware_options = extract_middleware_options(options)

  # Create middleware using the factory
  middleware = MiddlewareFactory.create_service_account(
    service_account_key: service_account_key,
    scopes: scopes,
    audience: audience,
    **middleware_options
  )

  # Create the connection
  connection = Excon.new(url, options)

  # Add the middleware to the connection
  connection.data[:middlewares] ||= connection.data[:middlewares].dup
  connection.data[:middlewares].reject! { |m| m == Legate::Auth::ExconMiddleware }
  connection.data[:middlewares] << middleware.class unless connection.data[:middlewares].include?(middleware.class)

  # Store the middleware instance in the connection
  connection.data[:auth_middleware] = middleware

  connection
end