Merge pull request #11 from xmidt-org/add-jwtxt-fetching

Fetch jwt txt record if configured.

config.go

@@ -54,7 +54,6 @@ type XmidtService struct {
 }
 
 type JwtTxtRedirector struct {
-	Required          bool
 	AllowedAlgorithms []string
 	Timeout           time.Duration
 	PEMs              []string
@@ -143,8 +142,7 @@ var defaultConfig = Config{
 	},
 	XmidtService: XmidtService{
 		JwtTxtRedirector: JwtTxtRedirector{
-			Required: true,
-			Timeout:  10 * time.Second,
+			Timeout: 10 * time.Second,
 			AllowedAlgorithms: []string{
 				"EdDSA",
 				"ES256", "ES384", "ES512",

credentials.go

@@ -76,6 +76,9 @@ func provideCredentials(in credsIn) (*credentials.Credentials, error) {
 	}
 
 	creds, err := credentials.New(opts...)
+	if err != nil {
+		return nil, err
+	}
 
 	in.LC.Append(fx.Hook{
 		OnStart: func(context.Context) error {

instructions.go

@@ -0,0 +1,72 @@
+// SPDX-FileCopyrightText: 2023 Comcast Cable Communications Management, LLC
+// SPDX-License-Identifier: Apache-2.0
+
+package main
+
+import (
+	"os"
+
+	"github.com/xmidt-org/xmidt-agent/internal/jwtxt"
+	"github.com/xmidt-org/xmidt-agent/internal/jwtxt/event"
+	"go.uber.org/fx"
+	"go.uber.org/zap"
+)
+
+type instructionsIn struct {
+	fx.In
+	Service XmidtService
+	ID      Identity
+	Logger  *zap.Logger
+}
+
+func provideInstructions(in instructionsIn) (*jwtxt.Instructions, error) {
+	// If no PEMs are provided then the jwtxt can't be used because it won't
+	// have any keys to use.
+	if in.Service.URL == "" ||
+		(in.Service.JwtTxtRedirector.PEMFiles == nil && in.Service.JwtTxtRedirector.PEMs == nil) {
+		return nil, nil
+	}
+	logger := in.Logger.Named("jwtxt")
+
+	opts := []jwtxt.Option{
+		jwtxt.BaseURL(in.Service.URL),
+		jwtxt.DeviceID(string(in.ID.DeviceID)),
+		jwtxt.Algorithms(in.Service.JwtTxtRedirector.AllowedAlgorithms...),
+		jwtxt.Timeout(in.Service.JwtTxtRedirector.Timeout),
+		jwtxt.WithFetchListener(event.FetchListenerFunc(
+			func(fe event.Fetch) {
+				logger.Info("fetch",
+					zap.String("fqdn", fe.FQDN),
+					zap.String("server", fe.Server),
+					zap.Bool("found", fe.Found),
+					zap.Bool("timeout", fe.Timeout),
+					zap.Time("prior_expiration", fe.PriorExpiration),
+					zap.Time("expiration", fe.Expiration),
+					zap.Bool("temporary_err", fe.TemporaryErr),
+					zap.String("endpoint", fe.Endpoint),
+					zap.ByteString("payload", fe.Payload),
+					zap.Error(fe.Err),
+				)
+			})),
+	}
+
+	if len(in.Service.JwtTxtRedirector.PEMs) > 0 {
+		pems := make([][]byte, 0, len(in.Service.JwtTxtRedirector.PEMs))
+		for _, pem := range in.Service.JwtTxtRedirector.PEMs {
+			pems = append(pems, []byte(pem))
+		}
+		opts = append(opts, jwtxt.WithPEMs(pems...))
+	}
+
+	if len(in.Service.JwtTxtRedirector.PEMFiles) > 0 {
+		for _, pemFile := range in.Service.JwtTxtRedirector.PEMFiles {
+			data, err := os.ReadFile(pemFile)
+			if err != nil {
+				return nil, err
+			}
+			opts = append(opts, jwtxt.WithPEMs(data))
+		}
+	}
+
+	return jwtxt.New(opts...)
+}

main.go

@@ -4,6 +4,7 @@
 package main
 
 import (
+	"context"
 	"fmt"
 	"os"
 
@@ -14,6 +15,7 @@ import (
 	_ "github.com/goschtalt/yaml-encoder"
 	"github.com/xmidt-org/sallust"
 	"github.com/xmidt-org/xmidt-agent/internal/credentials"
+	"github.com/xmidt-org/xmidt-agent/internal/jwtxt"
 
 	"go.uber.org/fx"
 	"go.uber.org/fx/fxevent"
@@ -69,6 +71,7 @@ func xmidtAgent(args []string) (*fx.App, error) {
 			provideLogger,
 			provideConfig,
 			provideCredentials,
+			provideInstructions,
 
 			goschtalt.UnmarshalFunc[sallust.Config]("logger", goschtalt.Optional()),
 			goschtalt.UnmarshalFunc[Identity]("identity"),
@@ -85,6 +88,14 @@ func xmidtAgent(args []string) (*fx.App, error) {
 			// For now require the credentials to be fetched this way.  Later
 			// Other services will depend on this.
 			func(*credentials.Credentials) {},
+
+			// TODO: Remove this, too.
+			func(i *jwtxt.Instructions) {
+				if i != nil {
+					s, _ := i.Endpoint(context.Background())
+					fmt.Println(s)
+				}
+			},
 		),
 	)