pba: Support address with gRPC dialer scheme

TheThingsNetwork · Jun 30, 2023 · 9dfcfb5 · 9dfcfb5
1 parent 7361cf1
commit 9dfcfb5
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 1 deletion.
diff --git a/pkg/packetbroker/token.go b/pkg/packetbroker/token.go
@@ -72,6 +72,12 @@ func WithAudienceFromAddresses(addresses ...string) TokenOption {
  if addr == "" {
  continue
  }
+ u, err := url.Parse(addr)
+ // If the address is a valid URL with scheme and host, use the host part as the address.
+ // This is to support gRPC dialer schemes like passthrough:///host:port
+ if err == nil && u.Scheme != "" && strings.HasPrefix(addr, u.Scheme+":///") {
+ addr = addr[len(u.Scheme)+4:]
+ }
  if h, _, err := net.SplitHostPort(addr); err == nil {
  addr = h
  }
@@ -110,7 +116,7 @@ func TokenSource(ctx context.Context, clientID, clientSecret string, opts ...Tok
  return config.TokenSource(ctx)
 }
 
-// TokenNetworkClaims defines a Packet Broker network identifier.
+// TokenNetworkClaim defines a Packet Broker network identifier.
 type TokenNetworkClaim struct {
  NetID uint32 `json:"nid"`
  TenantID string `json:"tid"`

diff --git a/pkg/packetbroker/token_test.go b/pkg/packetbroker/token_test.go
@@ -85,6 +85,39 @@ func TestToken(t *testing.T) {
  return a.So(claims.PacketBroker.Cluster, should.BeFalse)
  },
  },
+ {
+ name: "SuccessWithDialerScheme",
+ clientID: "test",
+ clientSecret: "secret",
+ opts: []packetbroker.TokenOption{
+ packetbroker.WithScope(packetbroker.ScopeNetworks),
+ packetbroker.WithAudienceFromAddresses("passthrough:///iam.packetbroker.net:443"),
+ },
+ tokenRequestAssertion: func(a *assertions.Assertion, vars url.Values) bool {
+ return a.So(vars["scope"], should.Resemble, []string{"networks"}) &&
+ a.So(vars["audience"], should.Resemble, []string{"iam.packetbroker.net"})
+ },
+ tokenClaims: func() packetbroker.IAMTokenClaims {
+ return packetbroker.IAMTokenClaims{
+ Networks: []packetbroker.TokenNetworkClaim{
+ {
+ NetID: 0x000013,
+ TenantID: "ttn",
+ },
+ },
+ }
+ },
+ audience: "iam.packetbroker.net",
+ tokenAssertion: func(a *assertions.Assertion, token string) bool {
+ id, err := packetbroker.UnverifiedNetworkIdentifier(token)
+ return a.So(err, should.BeNil) &&
+ a.So(id.NetId, should.Equal, 0x000013) &&
+ a.So(id.TenantId, should.Equal, "ttn")
+ },
+ tokenClaimsAssertion: func(a *assertions.Assertion, claims packetbroker.TokenClaims) bool {
+ return a.So(claims.PacketBroker.Cluster, should.BeFalse)
+ },
+ },
  {
  name: "BadRequest",
  clientID: "test",