Add grant for canSubscribeMetrics. (#795)

* Add grant for canSubscribeMetrics. * Move can subscribe metrics to video grant. * generated protobuf * set CanSubscribeMetrics from permissions * generated protobuf --------- Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
livekit · Sep 19, 2024 · 05e541c · 05e541c
1 parent 9c4dc63
commit 05e541c
Show file tree

Hide file tree

Showing 41 changed files with 1,289 additions and 1,129 deletions.
diff --git a/agent/token.go b/agent/token.go
@@ -17,6 +17,7 @@ func BuildAgentToken(apiKey, secret, roomName, participantIdentity, participantN
 		CanPublishData:       &permissions.CanPublishData,
 		Hidden:               permissions.Hidden,
 		CanUpdateOwnMetadata: &permissions.CanUpdateMetadata,
+		CanSubscribeMetrics:  &permissions.CanSubscribeMetrics,
 	}
 
 	at := auth.NewAccessToken(apiKey, secret).

diff --git a/auth/grants.go b/auth/grants.go
@@ -23,6 +23,42 @@ import (
 	"github.com/livekit/protocol/livekit"
 )
 
+type ClaimGrants struct {
+	Identity string      `json:"-"`
+	Name     string      `json:"name,omitempty"`
+	Kind     string      `json:"kind,omitempty"`
+	Video    *VideoGrant `json:"video,omitempty"`
+	SIP      *SIPGrant   `json:"sip,omitempty"`
+	// for verifying integrity of the message body
+	Sha256   string `json:"sha256,omitempty"`
+	Metadata string `json:"metadata,omitempty"`
+	// Key/value attributes to attach to the participant
+	Attributes map[string]string `json:"attributes,omitempty"`
+}
+
+func (c *ClaimGrants) SetParticipantKind(kind livekit.ParticipantInfo_Kind) {
+	c.Kind = kindFromProto(kind)
+}
+
+func (c *ClaimGrants) GetParticipantKind() livekit.ParticipantInfo_Kind {
+	return kindToProto(c.Kind)
+}
+
+func (c *ClaimGrants) Clone() *ClaimGrants {
+	if c == nil {
+		return nil
+	}
+
+	clone := *c
+	clone.Video = c.Video.Clone()
+	clone.SIP = c.SIP.Clone()
+	clone.Attributes = maps.Clone(c.Attributes)
+
+	return &clone
+}
+
+// -------------------------------------------------------------
+
 type VideoGrant struct {
 	// actions on rooms
 	RoomCreate bool `json:"roomCreate,omitempty"`
@@ -57,48 +93,9 @@ type VideoGrant struct {
 	// indicates that the holder can register as an Agent framework worker
 	// it is also set on all participants that are joining as Agent
 	Agent bool `json:"agent,omitempty"`
-}
 
-type SIPGrant struct {
-	// Admin grants access to all SIP features.
-	Admin bool `json:"admin,omitempty"`
-
-	// Call allows making outbound SIP calls.
-	Call bool `json:"call,omitempty"`
-}
-
-type ClaimGrants struct {
-	Identity string      `json:"-"`
-	Name     string      `json:"name,omitempty"`
-	Kind     string      `json:"kind,omitempty"`
-	Video    *VideoGrant `json:"video,omitempty"`
-	SIP      *SIPGrant   `json:"sip,omitempty"`
-	// for verifying integrity of the message body
-	Sha256   string `json:"sha256,omitempty"`
-	Metadata string `json:"metadata,omitempty"`
-	// Key/value attributes to attach to the participant
-	Attributes map[string]string `json:"attributes,omitempty"`
-}
-
-func (c *ClaimGrants) SetParticipantKind(kind livekit.ParticipantInfo_Kind) {
-	c.Kind = kindFromProto(kind)
-}
-
-func (c *ClaimGrants) GetParticipantKind() livekit.ParticipantInfo_Kind {
-	return kindToProto(c.Kind)
-}
-
-func (c *ClaimGrants) Clone() *ClaimGrants {
-	if c == nil {
-		return nil
-	}
-
-	clone := *c
-	clone.Video = c.Video.Clone()
-	clone.SIP = c.SIP.Clone()
-	clone.Attributes = maps.Clone(c.Attributes)
-
-	return &clone
+	// if a participant can subscribe to metrics
+	CanSubscribeMetrics *bool `json:"canSubscribeMetrics,omitempty"`
 }
 
 func (v *VideoGrant) SetCanPublish(val bool) {
@@ -124,6 +121,10 @@ func (v *VideoGrant) SetCanUpdateOwnMetadata(val bool) {
 	v.CanUpdateOwnMetadata = &val
 }
 
+func (v *VideoGrant) SetCanSubscribeMetrics(val bool) {
+	v.CanSubscribeMetrics = &val
+}
+
 func (v *VideoGrant) GetCanPublish() bool {
 	if v.CanPublish == nil {
 		return true
@@ -181,6 +182,13 @@ func (v *VideoGrant) GetCanUpdateOwnMetadata() bool {
 	return *v.CanUpdateOwnMetadata
 }
 
+func (v *VideoGrant) GetCanSubscribeMetrics() bool {
+	if v.CanSubscribeMetrics == nil {
+		return false
+	}
+	return *v.CanSubscribeMetrics
+}
+
 func (v *VideoGrant) MatchesPermission(permission *livekit.ParticipantPermission) bool {
 	if permission == nil {
 		return false
@@ -210,6 +218,9 @@ func (v *VideoGrant) MatchesPermission(permission *livekit.ParticipantPermission
 	if !slices.Equal(v.GetCanPublishSources(), permission.CanPublishSources) {
 		return false
 	}
+	if v.GetCanSubscribeMetrics() != permission.CanSubscribeMetrics {
+		return false
+	}
 
 	return true
 }
@@ -227,20 +238,21 @@ func (v *VideoGrant) UpdateFromPermission(permission *livekit.ParticipantPermiss
 	v.Hidden = permission.Hidden
 	v.Recorder = permission.Recorder
 	v.Agent = permission.Agent
+	v.SetCanSubscribeMetrics(permission.CanSubscribeMetrics)
 }
 
 func (v *VideoGrant) ToPermission() *livekit.ParticipantPermission {
-	pp := &livekit.ParticipantPermission{
-		CanPublish:        v.GetCanPublish(),
-		CanPublishData:    v.GetCanPublishData(),
-		CanSubscribe:      v.GetCanSubscribe(),
-		CanPublishSources: v.GetCanPublishSources(),
-		CanUpdateMetadata: v.GetCanUpdateOwnMetadata(),
-		Hidden:            v.Hidden,
-		Recorder:          v.Recorder,
-		Agent:             v.Agent,
-	}
-	return pp
+	return &livekit.ParticipantPermission{
+		CanPublish:          v.GetCanPublish(),
+		CanPublishData:      v.GetCanPublishData(),
+		CanSubscribe:        v.GetCanSubscribe(),
+		CanPublishSources:   v.GetCanPublishSources(),
+		CanUpdateMetadata:   v.GetCanUpdateOwnMetadata(),
+		Hidden:              v.Hidden,
+		Recorder:            v.Recorder,
+		Agent:               v.Agent,
+		CanSubscribeMetrics: v.GetCanSubscribeMetrics(),
+	}
 }
 
 func (v *VideoGrant) Clone() *VideoGrant {
@@ -278,6 +290,16 @@ func (v *VideoGrant) Clone() *VideoGrant {
 	return &clone
 }
 
+// ----------------------------------------------------------------
+
+type SIPGrant struct {
+	// Admin grants access to all SIP features.
+	Admin bool `json:"admin,omitempty"`
+
+	// Call allows making outbound SIP calls.
+	Call bool `json:"call,omitempty"`
+}
+
 func (s *SIPGrant) Clone() *SIPGrant {
 	if s == nil {
 		return nil
@@ -288,6 +310,8 @@ func (s *SIPGrant) Clone() *SIPGrant {
 	return &clone
 }
 
+// ------------------------------------------------------------------
+
 func sourceToString(source livekit.TrackSource) string {
 	return strings.ToLower(source.String())
 }

diff --git a/auth/grants_test.go b/auth/grants_test.go
@@ -54,17 +54,18 @@ func TestGrants(t *testing.T) {
 		tr := true
 		fa := false
 		video := &VideoGrant{
-			RoomCreate:     true,
-			RoomList:       false,
-			RoomRecord:     true,
-			RoomAdmin:      false,
-			RoomJoin:       true,
-			Room:           "room",
-			CanPublish:     &tr,
-			CanSubscribe:   &fa,
-			CanPublishData: nil,
-			Hidden:         true,
-			Recorder:       false,
+			RoomCreate:          true,
+			RoomList:            false,
+			RoomRecord:          true,
+			RoomAdmin:           false,
+			RoomJoin:            true,
+			Room:                "room",
+			CanPublish:          &tr,
+			CanSubscribe:        &fa,
+			CanPublishData:      nil,
+			Hidden:              true,
+			Recorder:            false,
+			CanSubscribeMetrics: &tr,
 		}
 		grants := &ClaimGrants{
 			Identity: "identity",

diff --git a/infra/link.pb.go b/infra/link.pb.go