Skip to content

Commit 505f876

Browse files
sergeybykovsergeybykov
authored
Add a server option for setting authorizer (#829)
1 parent 84053ea commit 505f876

File tree

4 files changed

+22
-5
lines changed

4 files changed

+22
-5
lines changed

cmd/server/main.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@ import (
3131

3232
"github.com/urfave/cli"
3333

34+
"go.temporal.io/server/common/authorization"
3435
"go.temporal.io/server/common/headers"
3536
_ "go.temporal.io/server/common/persistence/sql/sqlplugin/mysql" // needed to load mysql plugin
3637
_ "go.temporal.io/server/common/persistence/sql/sqlplugin/postgresql" // needed to load postgresql plugin
@@ -100,6 +101,7 @@ func buildCLI() *cli.App {
100101
temporal.ForServices(services),
101102
temporal.WithConfigLoader(configDir, env, zone),
102103
temporal.InterruptOn(temporal.InterruptCh()),
104+
temporal.WithAuthorizer(authorization.NewNopAuthorizer()),
103105
)
104106

105107
err := s.Start()

temporal/server.go

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -316,7 +316,12 @@ func (s *Server) getServiceParams(
316316

317317
params.ArchiverProvider = provider.NewArchiverProvider(s.so.config.Archival.History.Provider, s.so.config.Archival.Visibility.Provider)
318318
params.PersistenceConfig.TransactionSizeLimit = dc.GetIntProperty(dynamicconfig.TransactionSizeLimit, common.DefaultTransactionSizeLimit)
319-
params.Authorizer = authorization.NewNopAuthorizer()
319+
320+
if s.so.authorizer != nil {
321+
params.Authorizer = s.so.authorizer
322+
} else {
323+
params.Authorizer = authorization.NewNopAuthorizer()
324+
}
320325

321326
return &params, nil
322327
}

temporal/server_option.go

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,7 @@
2525
package temporal
2626

2727
import (
28+
"go.temporal.io/server/common/authorization"
2829
"go.temporal.io/server/common/service/config"
2930
)
3031

@@ -59,3 +60,10 @@ func InterruptOn(interruptCh <-chan interface{}) ServerOption {
5960
s.interruptCh = interruptCh
6061
})
6162
}
63+
64+
// Sets low level authorizer to allow/deny all API calls
65+
func WithAuthorizer(authorizer authorization.Authorizer) ServerOption {
66+
return newApplyFuncContainer(func(s *serverOptions) {
67+
s.authorizer = authorizer
68+
})
69+
}

temporal/server_options.go

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -27,15 +27,17 @@ package temporal
2727
import (
2828
"fmt"
2929

30+
"go.temporal.io/server/common/authorization"
3031
"go.temporal.io/server/common/service/config"
3132
)
3233

3334
type (
3435
serverOptions struct {
35-
config *config.Config
36-
configDir string
37-
env string
38-
zone string
36+
config *config.Config
37+
authorizer authorization.Authorizer
38+
configDir string
39+
env string
40+
zone string
3941

4042
serviceNames []string
4143

0 commit comments

Comments
 (0)