Adding middleware to inject Auth token for internal requests to frontend

[iamrodrigo]

What changed?

Why?
For https://docs.google.com/document/d/1a-Xo9FSCLubYlIQHB_eX5j4Yv2GDv_82J94At2dAL3o/edit#

How did you test it?
Local test:

docker-compose -f docker/dev/cassandra-esv7-kafka.yml up

and start server with

./cadence-server --zone oauth start

then register a domain and start two workflows

$cadence --do sample d re
Domain sample successfully registered.

then use batch to terminate the two workflows

qlong@~/cadence:
(adding-middleware-for-frontend) $cadence --do sample wf start --wt wftype --et 100 --tl tasklist
Started Workflow Id: d202b1ef-69ec-4025-ac05-3b24ff58e7b9, run Id: 3d2a7f80-e046-4ba7-ad8b-4ae86c6033bf
qlong@~/cadence:
(adding-middleware-for-frontend) $cadence --do sample wf start --wt wftype --et 100
qlong@~/cadence:
(adding-middleware-for-frontend) $cadence --do sample wf start --wt wftype --et 100000 --tl abc
Started Workflow Id: 8873df2a-4bb7-4ff5-aa63-be089ddafbca, run Id: da1757bb-19bb-4e8e-86a0-3f415ca6a111

qlong@~/cadence:
(adding-middleware-for-frontend) $cadence --do sample wf list --op
  WORKFLOW TYPE |             WORKFLOW ID              |                RUN ID                | TASK LIST | START TIME | EXECUTION TIME
  wftype        | 8873df2a-4bb7-4ff5-aa63-be089ddafbca | da1757bb-19bb-4e8e-86a0-3f415ca6a111 | abc       | 14:50:47   | 14:50:47
  wftype        | d202b1ef-69ec-4025-ac05-3b24ff58e7b9 | 3d2a7f80-e046-4ba7-ad8b-4ae86c6033bf | tasklist  | 14:50:30   | 14:50:30

qlong@~/cadence:
(adding-middleware-for-frontend) $cadence --do sample wf batch start -q "WorkflowType='wftype'" --re test --bt terminate
This batch job will be operating on 2 workflows.
Please confirm[Yes/No]:yes
{
  "jobID": "da1b9b01-790f-4051-8ccc-8aa360aed5ee",
  "msg": "batch job is started"
}

and confirm it succeeded

qlong@~/cadence:
(adding-middleware-for-frontend) $cadence --do sample wf batch desc --jid da1b9b01-790f-4051-8ccc-8aa360aed5ee
{
  "msg": "batch job is finished successfully"
}

Potential risks

Release notes

Documentation Changes

[longquanzheng]

like the comment, use clusterMetadata.clusterInfomation..AuthorizationProvider

You may need to create a new wrapper to create AuthProvider based on the config as it will be used in clientBean.go

[iamrodrigo]

AuthorizationProvider is currently internal interface. I have a diff to expose it, in the meantime I'm pointing to local. Reminder to myself to delete this before final review

[iamrodrigo]

Do I need to run something to get the latest mock for this? Quoting you @longquanzheng

There are two implementation, one is mock. The real one is dnsYarpcDispatcherProvider.

[longquanzheng]

Also, don't forget to remove the private key from Authorizer config.
https://github.com/uber/cadence/blob/a58b8b9670417ccbf2cd021882e750f95d6fc508/common/config/config.go#L104

I thought we will use it in this PR but we changed our mind to make it separate(which is much better)

[iamrodrigo]

These file was modified after I ran make bins, not sure if it will break something. Same with the next modification

[longquanzheng]

Did you try “make fmt”?

[iamrodrigo]

I specifically made this new changes in a new commit just in case I need to revert :) I ran make fmt and I got make: Nothing to be done for 'fmt'. I reverted the last commit (removing all this changes) and tried make fmt and got the same message. Should I revert them manually?

[Groxx]

Seems like a go 1.17 thing: https://golang.org/doc/go1.17#build-lines

Since we're not officially on 1.17... tbh I'm not sure if we should do this or not. And I'm fairly surprised that go fmt does this since our stated version is 1.13, and older versions of go will not maintain them - if we ever change these build conditions and are not running <1.17, go fmt will ignore the new format, and 1.17+ will use the old (unmodified) conditions because it's now preferred.

[longquanzheng]

Are you referring to https://github.com/uber/cadence/blob/38881a8f996ce3230a77b7acc946438fbc532895/Dockerfile#L7

I think we should change it to 1.16.
@noiarek can you try using 1.16? If you use homebrew, there is a command to switch the go version.

Thanks @Groxx !

[Groxx]

I meant https://github.com/uber/cadence/blob/master/go.mod#L3 (actually go 1.12 apparently), but that works too / I imagine we build the tests from that dockerfile? If so, it wouldn't detect out-of-sync format directives without upgrading, yeah.

[iamrodrigo]

@Groxx I've installed go 1.16.7 and ran make fmt after it and I'm still getting this modifications. Any advice?

[longquanzheng]

It seems like this is due to some version upgrade in the proto tool, so I believe that's fine.
Cc @Groxx

[Groxx]

This shouldn't be affected unless the makefile's versioned proto tool was changed, which this diff doesn't do.

The two branches that are merged are identical though, possibly a newer go fmt -s did this?

[coveralls]

Pull Request Test Coverage Report for Build 86bab5c0-970a-4756-abf3-35a46567c138

• 18 of 56 (32.14%) changed or added relevant lines in 5 files are covered.
• 39 unchanged lines in 5 files lost coverage.
• Overall coverage increased (+0.005%) to 56.39%

---

Changes Missing Coverage	Covered Lines	Changed/Added Lines	%
common/authorization/authorizer.go	0	6	0.0%
cmd/server/cadence/server.go	0	11	0.0%
client/clientBean.go	12	33	36.36%

Files with Coverage Reduction	New Missed Lines	%
service/matching/matcher.go	2	91.46%
common/cache/lru.go	3	90.73%
common/persistence/nosql/nosqlplugin/cassandra/workflow.go	3	50.23%
common/persistence/nosql/nosqlplugin/cassandra/workflowUtils.go	12	77.74%
common/persistence/nosql/nosqlplugin/cassandra/workflowParsingUtils.go	19	87.01%

Totals
Change from base Build 46642510-b649-49f0-9d2a-494c9b9af33a:	0.005%
Covered Lines:	79100
Relevant Lines:	140274

---

💛 - Coveralls