feat(worker): add egress credentials option to proxy (#1531)

5 years ago · 8b5e4a175a
parent bc240da52b
commit 8b5e4a175a
4 changed files with 61 additions and 8 deletions
--- a/internal/servers/worker/common/common.go
+++ b/internal/servers/worker/common/common.go
@ -12,6 +12,3 @@ const (
 	// the worker
 	StatusTimeout = 5 * time.Second
 )
-
-// CredentialData represents the secret data of the credential
-type CredentialData interface{}
--- a/internal/servers/worker/proxy/options.go
+++ b/internal/servers/worker/proxy/options.go
@ -1,11 +1,35 @@
 package proxy

+import (
+	"github.com/hashicorp/boundary/internal/credential"
+)
+
 // Option - how Options are passed as arguments.
-type Option func(*options)
+type Option func(*Options)
+
+// GetOpts - iterate the inbound Options and return a struct.
+func GetOpts(opt ...Option) Options {
+	opts := getDefaultOptions()
+	for _, o := range opt {
+		o(&opts)
+	}
+	return opts
+}

-// options = how options are represented
-type options struct{}
+// Options = how options are represented
+type Options struct {
+	WithEgressCredentials []credential.Credential
+}
+
+func getDefaultOptions() Options {
+	return Options{
+		WithEgressCredentials: nil,
+	}
+}

-func getDefaultOptions() options {
-	return options{}
+// WithEgressCredentials provides an optional egress credentials to use when establishing a proxy
+func WithEgressCredentials(creds []credential.Credential) Option {
+	return func(o *Options) {
+		o.WithEgressCredentials = creds
+	}
 }
--- a/internal/servers/worker/proxy/options_test.go
+++ b/internal/servers/worker/proxy/options_test.go
@ -0,0 +1,30 @@
+package proxy
+
+import (
+	"testing"
+
+	"github.com/hashicorp/boundary/internal/credential"
+	"github.com/stretchr/testify/assert"
+)
+
+type cred struct {
+	id     string
+	secret string
+}
+
+func (c cred) GetPublicId() string           { return c.id }
+func (c cred) Secret() credential.SecretData { return c.secret }
+
+func Test_GetOpts(t *testing.T) {
+	t.Parallel()
+
+	t.Run("WithEgressCredentials", func(t *testing.T) {
+		assert := assert.New(t)
+		c := cred{id: "test", secret: "hello"}
+		opts := GetOpts(WithEgressCredentials([]credential.Credential{c}))
+		testOpts := getDefaultOptions()
+		assert.NotEqual(opts, testOpts)
+		testOpts.WithEgressCredentials = []credential.Credential{c}
+		assert.Equal(opts, testOpts)
+	})
+}
--- a/internal/servers/worker/proxy/tcp/tcp.go
+++ b/internal/servers/worker/proxy/tcp/tcp.go
@ -27,6 +27,8 @@ func init() {
 //
 // handleTcpProxyV1 blocks until an error (EOF on happy path) is received on either
 // connection.
+//
+// All options are ignored.
 func handleTcpProxyV1(ctx context.Context, conf proxy.Config, _ ...proxy.Option) {
 	const op = "tcp.HandleTcpProxyV1"
 	si := conf.SessionInfo