[jira] [Commented] (TINKERPOP-2747) Add function callback hooks for gremlin-go authentication

Mon, 13 Mar 2023 14:33:08 -0700 


    [ 
https://issues.apache.org/jira/browse/TINKERPOP-2747?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17699837#comment-17699837
 ] 

ASF GitHub Bot commented on TINKERPOP-2747:
-------------------------------------------

disq opened a new pull request, #1989:
URL: https://github.com/apache/tinkerpop/pull/1989

   This creates an `AuthInfoProvider` interface with the methods necessary to 
read credential/header information, changes the `AuthInfo` signature slightly 
to satisfy that interface, and updates call sites so that each call site calls 
the necessary interface method to re-read the credentials.
   
   The interface looks like:
   ```go
   type AuthInfoProvider interface {
        GetHeader() http.Header
        GetBasicAuth() (ok bool, username, password string)
   }
   ```
   
   It also adds a new `NewDynamicAuth(f func() AuthInfoProvider)` helper 
function that creates a generator based `AuthInfoProvider`, so that each time 
`GetHeader()` or `GetBasicAuth()` methods are called the given function is 
called to get a brand new `AuthInfoProvider` (which itself can be `AuthInfo` or 
something else) and the results are relayed to the caller.
   
   With this, `AuthInfo`-related constructors (`BasicAuthInfo()` and 
`HeaderAuthInfo()`) are unchanged, but there's now the ability to have any 
object provide the values (implementing `AuthInfoProvider`) and they are called 
on-demand for each connection attempt, as opposed to having them as static 
values.
   
   Note: This is my first contribution, and I couldn't get the local 
gremlin-server to play nicely to get the tests to run, but I've tried it 
elsewhere with AWS Neptune auth, like so:
   
   ```go
   // ... code to set up aws-sdk-v2 credential chain ...
                signer := v4.NewSigner()
   
                gen := func() gremlingo.AuthInfoProvider {
                        if err := signer.SignHTTP(ctx, cr, req, 
emptyStringSHA256, "neptune-db", "us-east-1", time.Now()); err != nil {
                                panic(err) // not ideal, but it's always nil
                        }
                        return gremlingo.HeaderAuthInfo(req.Header)
                }
                return gremlingo.NewDynamicAuth(gen), nil
   ```




> Add function callback hooks for gremlin-go authentication
> ---------------------------------------------------------
>
>                 Key: TINKERPOP-2747
>                 URL: https://issues.apache.org/jira/browse/TINKERPOP-2747
>             Project: TinkerPop
>          Issue Type: Improvement
>          Components: go
>            Reporter: Lyndon Bauto
>            Priority: Major
>
> Gremlin Go currently supports custom authentication headers.
>  
> For long running connections that reconnect over time, these headers can 
> expire.
>  
> We should allow injection of a function pointer to generate the header.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to