feat: remove service account support (#426)

* feat: remove service account support
Unleash · Feb 27, 2024 · 8996a80 · 8996a80
1 parent 15c43c0
commit 8996a80
Show file tree

Hide file tree

Showing 9 changed files with 14 additions and 442 deletions.
diff --git a/server/src/admin_api.rs b/server/src/admin_api.rs
diff --git a/server/src/builder.rs b/server/src/builder.rs
@@ -154,7 +154,6 @@ async fn build_edge(args: &EdgeArgs) -> EdgeResult<EdgeInfo> {
             )
         })
         .map(|c| c.with_custom_client_headers(args.custom_client_headers.clone()))
-        .map(|c| c.with_service_account_token(args.service_account_token.clone()))
         .map(Arc::new)
         .map_err(|_| EdgeError::InvalidServerUrl(args.upstream_url.clone()))?;
 

diff --git a/server/src/cli.rs b/server/src/cli.rs
@@ -150,10 +150,6 @@ pub struct EdgeArgs {
     #[clap(long, env)]
     pub upstream_certificate_file: Option<PathBuf>,
 
-    /// Service account token. Used to create client tokens if receiving a frontend token we don't have data for
-    #[clap(long, global = true, env)]
-    pub service_account_token: Option<String>,
-
     /// Timeout for requests to the upstream server
     #[clap(long, env, default_value_t = 5)]
     pub upstream_request_timeout: i64,

diff --git a/server/src/error.rs b/server/src/error.rs
@@ -112,7 +112,6 @@ pub enum EdgeError {
     TlsError,
     TokenParseError(String),
     ContextParseError,
-    ServiceAccountTokenNotEnabled,
     TokenValidationError(StatusCode),
 }
 
@@ -175,12 +174,6 @@ impl Display for EdgeError {
             EdgeError::ContextParseError => {
                 write!(f, "Failed to parse query parameters to frontend api")
             }
-            EdgeError::ServiceAccountTokenNotEnabled => {
-                write!(
-                    f,
-                    "No service account token was given at startup. Do not know how to proceed"
-                )
-            }
             EdgeError::HealthCheckError(message) => {
                 write!(f, "{message}")
             }
@@ -232,7 +225,6 @@ impl ResponseError for EdgeError {
             EdgeError::ClientCertificateError(_) => StatusCode::INTERNAL_SERVER_ERROR,
             EdgeError::FrontendNotYetHydrated(_) => StatusCode::NETWORK_AUTHENTICATION_REQUIRED,
             EdgeError::ContextParseError => StatusCode::BAD_REQUEST,
-            EdgeError::ServiceAccountTokenNotEnabled => StatusCode::NETWORK_AUTHENTICATION_REQUIRED,
             EdgeError::EdgeMetricsRequestError(status_code, _) => *status_code,
             EdgeError::HealthCheckError(_) => StatusCode::INTERNAL_SERVER_ERROR,
             EdgeError::ReadyCheckError(_) => StatusCode::INTERNAL_SERVER_ERROR,

diff --git a/server/src/http/feature_refresher.rs b/server/src/http/feature_refresher.rs
@@ -5,7 +5,7 @@ use actix_web::http::header::EntityTag;
 use chrono::Utc;
 use dashmap::DashMap;
 use reqwest::StatusCode;
-use tracing::{debug, error, info};
+use tracing::{debug, error, info, warn};
 use unleash_types::client_features::Segment;
 use unleash_types::client_metrics::ClientApplication;
 use unleash_types::{
@@ -18,7 +18,7 @@ use super::unleash_client::UnleashClient;
 use crate::error::{EdgeError, FeatureError};
 use crate::filters::{filter_client_features, FeatureFilterSet};
 use crate::types::{
-    build, ClientTokenRequest, ClientTokenResponse, EdgeResult, TokenType, TokenValidationStatus,
+    build, EdgeResult, TokenType, TokenValidationStatus,
 };
 use crate::{
     persistence::EdgePersistence,
@@ -205,15 +205,6 @@ impl FeatureRefresher {
         self.hydrate_new_tokens().await;
     }
 
-    pub(crate) async fn forward_request_for_client_token(
-        &self,
-        client_token_request: ClientTokenRequest,
-    ) -> EdgeResult<ClientTokenResponse> {
-        self.unleash_client
-            .forward_request_for_client_token(client_token_request)
-            .await
-    }
-
     pub(crate) async fn create_client_token_for_fe_token(
         &self,
         token: EdgeToken,
@@ -222,17 +213,16 @@ impl FeatureRefresher {
             && token.token_type == Some(TokenType::Frontend)
         {
             if !self.frontend_token_is_covered_by_client_token(&token) {
-                debug!("The frontend token access is not covered by our current client tokens");
-                let client_token = self
-                    .unleash_client
-                    .get_client_token_for_unhydrated_frontend_token(token)
-                    .await?;
-                let _ = self.register_and_hydrate_token(&client_token).await;
+                warn!("The frontend token access is not covered by our current client tokens");
+                Err(EdgeError::EdgeTokenError)
             } else {
                 debug!("It is already covered by an existing client token. Doing nothing");
+                Ok(())
             }
+        } else {
+            debug!("Token is not validated or is not a frontend token. Doing nothing");
+            Ok(())
         }
-        Ok(())
     }
 
     pub(crate) async fn features_for_filter(