Adding support for DAPR_API_TOKEN (#359)

* Adding support for DAPR_API_TOKEN * adding retry back for this PR
2020-08-04 15:15:18 -07:00 · 2020-08-04 15:15:18 -07:00 · 1cd4500a2d
parent b6329539bc
commit 1cd4500a2d
3 changed files with 78 additions and 2 deletions
--- a/src/Dapr.Actors/DaprHttpInteractor.cs
+++ b/src/Dapr.Actors/DaprHttpInteractor.cs
@ -478,6 +478,14 @@ namespace Dapr.Actors
            {
                // Get the request using the Func as same request cannot be resent when retries are implemented.
                var request = requestFunc.Invoke();
+
+                // add token for dapr api token based authentication
+                var daprApiToken = Environment.GetEnvironmentVariable("DAPR_API_TOKEN");
+                if (daprApiToken != null)
+                {
+                    request.Headers.Add("dapr-api-token", daprApiToken);
+                }
+
                response = await this.httpClient.SendAsync(request, cancellationToken);
            }
            catch (AuthenticationException ex)
@ -494,7 +502,8 @@ namespace Dapr.Actors
            if (!response.IsSuccessStatusCode)
            {
                // RefreshSecurity Settings and try again,
-                if (response.StatusCode == HttpStatusCode.Forbidden)
+                if (response.StatusCode == HttpStatusCode.Forbidden ||
+                    response.StatusCode == HttpStatusCode.Unauthorized)
                {
                    // TODO Log
                    throw new AuthenticationException("Invalid client credentials");
--- a/src/Dapr.Client/DaprClientGrpc.cs
+++ b/src/Dapr.Client/DaprClientGrpc.cs
@ -521,7 +521,15 @@ namespace Dapr.Client
        /// <returns></returns>
        private async Task<TResponse> MakeGrpcCallHandleError<TResponse>(Func<CallOptions, AsyncUnaryCall<TResponse>> callFunc, CancellationToken cancellationToken = default)
        {
-            var callOptions = new CallOptions(cancellationToken: cancellationToken);
+            var callOptions = new CallOptions(headers: new Metadata(), cancellationToken: cancellationToken);
+
+            // add token for dapr api token based authentication
+            var daprApiToken = Environment.GetEnvironmentVariable("DAPR_API_TOKEN");
+
+            if (daprApiToken != null)
+            {
+                callOptions.Headers.Add("dapr-api-token", daprApiToken);
+            }

            // Common Exception Handling logic can be added here for all calls.
            return await callFunc.Invoke(callOptions);
--- a/test/Dapr.Client.Test/DaprApiTokenTest.cs
+++ b/test/Dapr.Client.Test/DaprApiTokenTest.cs
@ -0,0 +1,59 @@
+// ------------------------------------------------------------
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+// ------------------------------------------------------------
+
+namespace Dapr.Client.Test
+{
+    using System;
+    using System.Collections.Generic;
+    using System.Linq;
+    using System.Threading.Tasks;
+    using FluentAssertions;
+    using Grpc.Net.Client;
+    using Xunit;
+    using Autogenerated = Dapr.Client.Autogen.Grpc.v1;
+
+    public class DaprApiTokenTest
+    {
+        [Fact]
+        public async Task DaprCall_WithApiTokenEnvVar()
+        {
+            // Configure Client
+            Environment.SetEnvironmentVariable("DAPR_API_TOKEN", "test_token");
+            var httpClient = new TestHttpClient();
+            var daprClient = new DaprClientBuilder()
+                .UseGrpcChannelOptions(new GrpcChannelOptions { HttpClient = httpClient })
+                .Build();
+
+            var task = daprClient.GetSecretAsync("testStore", "test_key");
+
+            // Get Request and validate
+            httpClient.Requests.TryDequeue(out var entry).Should().BeTrue();
+            var request = await GrpcUtils.GetRequestFromRequestMessageAsync<Autogenerated.GetSecretRequest>(entry.Request);
+
+            entry.Request.Headers.TryGetValues("dapr-api-token", out var headerValues);
+            headerValues.Count().Should().Be(1);
+            headerValues.First().Should().Be("test_token");
+        }
+
+        [Fact]
+        public async Task DaprCall_WithoutApiTokenEnvVar()
+        {
+            // Configure Client
+            var httpClient = new TestHttpClient();
+            var daprClient = new DaprClientBuilder()
+                .UseGrpcChannelOptions(new GrpcChannelOptions { HttpClient = httpClient })
+                .Build();
+
+            var task = daprClient.GetSecretAsync("testStore", "test_key");
+
+            // Get Request and validate
+            httpClient.Requests.TryDequeue(out var entry).Should().BeTrue();
+            var request = await GrpcUtils.GetRequestFromRequestMessageAsync<Autogenerated.GetSecretRequest>(entry.Request);
+
+            entry.Request.Headers.TryGetValues("dapr-api-token", out var headerValues);
+            headerValues.Should().BeNull();
+        }
+    }
+}