feat: add fallback dialing support (#739)

* feat: add fallback dialing support Signed-off-by: dovholuknf <46322585+dovholuknf@users.noreply.github.com> * fix: remove unused import Signed-off-by: dovholuknf <46322585+dovholuknf@users.noreply.github.com> * fix: update mock with mockery Signed-off-by: dovholuknf <46322585+dovholuknf@users.noreply.github.com> * fix: fix tests Signed-off-by: dovholuknf <46322585+dovholuknf@users.noreply.github.com> * fix: fix tests again. remove unused field Signed-off-by: dovholuknf <46322585+dovholuknf@users.noreply.github.com> --------- Signed-off-by: dovholuknf <46322585+dovholuknf@users.noreply.github.com>
edgexfoundry · Jul 24, 2024 · bb94832 · bb94832
1 parent 5dc0b86
commit bb94832
Show file tree

Hide file tree

Showing 8 changed files with 74 additions and 11 deletions.
diff --git a/bootstrap/handlers/clients.go b/bootstrap/handlers/clients.go
@@ -18,6 +18,7 @@ package handlers
 import (
 	"context"
 	"fmt"
+	"net"
 	"sync"
 	"time"
 
@@ -76,6 +77,7 @@ func (cb *ClientsBootstrap) BootstrapHandler(
 				return false
 			} else {
 				sp.SetHttpTransport(rt) //only need to set the transport when using SecretProviderExt
+				sp.SetFallbackDialer(&net.Dialer{})
 			}
 
 			if !serviceInfo.UseMessageBus {

diff --git a/bootstrap/handlers/clients_test.go b/bootstrap/handlers/clients_test.go
@@ -211,6 +211,7 @@ func TestClientsBootstrapHandler(t *testing.T) {
 
 			secProviderExt := &mocks.SecretProviderExt{}
 			secProviderExt.On("SetHttpTransport", mock.Anything, mock.Anything).Return(nil)
+			secProviderExt.On("SetFallbackDialer", mock.Anything, mock.Anything).Return(nil)
 			secProviderExt.On("IsZeroTrustEnabled", mock.Anything, mock.Anything).Return(false)
 
 			dic := di.NewContainer(di.ServiceConstructorMap{
@@ -336,6 +337,7 @@ func TestCommandMessagingClientErrors(t *testing.T) {
 
 			secProviderExt := &mocks.SecretProviderExt{}
 			secProviderExt.On("SetHttpTransport", mock.Anything, mock.Anything).Return(nil)
+			secProviderExt.On("SetFallbackDialer", mock.Anything, mock.Anything).Return(nil)
 			secProviderExt.On("IsZeroTrustEnabled", mock.Anything, mock.Anything).Return(false)
 
 			dic := di.NewContainer(di.ServiceConstructorMap{

diff --git a/bootstrap/interfaces/mocks/SecretProviderExt.go b/bootstrap/interfaces/mocks/SecretProviderExt.go
diff --git a/bootstrap/interfaces/secret.go b/bootstrap/interfaces/secret.go
@@ -15,6 +15,7 @@
 package interfaces
 
 import (
+	"net"
 	"net/http"
 	"time"
 )
@@ -78,6 +79,12 @@ type SecretProviderExt interface {
 	// SetHttpTransport sets the http.RoundTripper to be used by http-based clients
 	SetHttpTransport(rt http.RoundTripper)
 
+	// FallbackDialer returns the dialer to use to establish connections when there is no zero trust service found/authorized
+	FallbackDialer() *net.Dialer
+
+	// SetFallbackDialer sets the dialer to use to establish connections when there is no zero trust service found/authorized
+	SetFallbackDialer(dialer *net.Dialer)
+
 	// IsZeroTrustEnabled returns whether zero trust principles are enabled
 	IsZeroTrustEnabled() bool
 

diff --git a/bootstrap/secret/insecure.go b/bootstrap/secret/insecure.go
@@ -20,6 +20,7 @@ import (
 	"github.com/edgexfoundry/go-mod-bootstrap/v3/bootstrap/container"
 	"github.com/edgexfoundry/go-mod-bootstrap/v3/di"
 	"github.com/edgexfoundry/go-mod-core-contracts/v3/errors"
+	"net"
 	"net/http"
 	"strings"
 	"time"
@@ -262,3 +263,11 @@ func (p *InsecureProvider) IsZeroTrustEnabled() bool {
 func (p *InsecureProvider) EnableZeroTrust() {
 	//empty on purpose
 }
+
+func (p *InsecureProvider) FallbackDialer() *net.Dialer {
+	return &net.Dialer{}
+}
+
+func (p *InsecureProvider) SetFallbackDialer(_ *net.Dialer) {
+	//empty on purpose
+}
diff --git a/bootstrap/secret/jwtprovider.go b/bootstrap/secret/jwtprovider.go
@@ -15,22 +15,13 @@ import (
 
 type jwtSecretProvider struct {
 	secretProvider interfaces.SecretProviderExt
-	roundTripper_a http.RoundTripper
 }
 
 func NewJWTSecretProvider(secretProvider interfaces.SecretProviderExt) clientinterfaces.AuthenticationInjector {
 	return &jwtSecretProvider{
 		secretProvider: secretProvider,
 	}
 }
-func NewJWTSecretProviderWithRT(secretProvider interfaces.SecretProviderExt, roundTripper_b http.RoundTripper) clientinterfaces.AuthenticationInjector {
-	j := &jwtSecretProvider{
-		secretProvider: secretProvider,
-		roundTripper_a: roundTripper_b,
-	}
-	secretProvider.SetHttpTransport(roundTripper_b)
-	return j
-}
 
 func (self *jwtSecretProvider) AddAuthenticationData(req *http.Request) error {
 	if self.secretProvider == nil {

diff --git a/bootstrap/secret/secure.go b/bootstrap/secret/secure.go
@@ -20,6 +20,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"net"
 	"net/http"
 	"os"
 	"strings"
@@ -69,6 +70,7 @@ type SecureProvider struct {
 	securityRuntimeSecretTokenDuration gometrics.Timer
 	securityGetSecretDuration          gometrics.Timer
 	httpRoundTripper                   http.RoundTripper
+	fallbackDialer                     *net.Dialer
 	zeroTrustEnabled                   bool
 }
 
@@ -500,6 +502,18 @@ func (p *SecureProvider) SetHttpTransport(rt http.RoundTripper) {
 	}
 }
 
+func (p *SecureProvider) FallbackDialer() *net.Dialer {
+	return p.fallbackDialer
+}
+
+func (p *SecureProvider) SetFallbackDialer(dialer *net.Dialer) {
+	if p.fallbackDialer == nil {
+		p.fallbackDialer = dialer
+	} else {
+		p.lc.Warnf("refusing to override fallbackDialer, already set")
+	}
+}
+
 func (p *SecureProvider) IsZeroTrustEnabled() bool {
 	return p.zeroTrustEnabled
 }

diff --git a/bootstrap/zerotrust/zerotrust.go b/bootstrap/zerotrust/zerotrust.go
@@ -74,6 +74,14 @@ func HttpTransportFromClient(secretProvider interfaces.SecretProviderExt, client
 	return roundTripper, nil
 }
 
+type ZitiDialer struct {
+	underlayDialer *net.Dialer
+}
+
+func (z ZitiDialer) Dial(network, address string) (net.Conn, error) {
+	return z.underlayDialer.Dial(network, address)
+}
+
 func createZitifiedTransport(secretProvider interfaces.SecretProviderExt, ozController string) (http.RoundTripper, error) {
 	jwt, errJwt := secretProvider.GetSelfJWT()
 	if errJwt != nil {
@@ -87,9 +95,12 @@ func createZitifiedTransport(secretProvider interfaces.SecretProviderExt, ozCont
 	zitiContexts := ziti.NewSdkCollection()
 	zitiContexts.Add(ctx)
 
+	fallback := &ZitiDialer{
+		underlayDialer: secretProvider.FallbackDialer(),
+	}
 	zitiTransport := http.DefaultTransport.(*http.Transport).Clone() // copy default transport
 	zitiTransport.DialContext = func(ctx context.Context, network, addr string) (net.Conn, error) {
-		dialer := zitiContexts.NewDialerWithFallback(ctx /*&net.Dialer{}*/, nil)
+		dialer := zitiContexts.NewDialerWithFallback(ctx, fallback)
 		return dialer.Dial(network, addr)
 	}
 	return zitiTransport, nil