proxy: handle authed snapshot request in grpcproxy

Like the previous commit 10f783e, this commit lets grpcproxy forward an auth token supplied by its client in an explicit manner. snapshot is a stream RPC so this process is required like watch.
etcd-io · Sep 20, 2017 · 6909932 · 6909932
1 parent 2d3d9b8
commit 6909932
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 5 deletions.
diff --git a/proxy/grpcproxy/maintenance.go b/proxy/grpcproxy/maintenance.go
@@ -42,6 +42,8 @@ func (mp *maintenanceProxy) Snapshot(sr *pb.SnapshotRequest, stream pb.Maintenan
 	ctx, cancel := context.WithCancel(stream.Context())
 	defer cancel()
 
+	ctx = withClientAuthToken(stream.Context())
+
 	sc, err := pb.NewMaintenanceClient(conn).Snapshot(ctx, sr)
 	if err != nil {
 		return err

diff --git a/proxy/grpcproxy/util.go b/proxy/grpcproxy/util.go
@@ -32,6 +32,14 @@ func getAuthTokenFromClient(ctx context.Context) string {
 	return ""
 }
 
+func withClientAuthToken(ctx context.Context) context.Context {
+	token := getAuthTokenFromClient(ctx)
+	if token != "" {
+		ctx = context.WithValue(ctx, "token", token)
+	}
+	return ctx
+}
+
 type proxyTokenCredential struct {
 	token string
 }

diff --git a/proxy/grpcproxy/watch_broadcast.go b/proxy/grpcproxy/watch_broadcast.go
@@ -58,11 +58,7 @@ func newWatchBroadcast(wp *watchProxy, w *watcher, update func(*watchBroadcast))
 			clientv3.WithCreatedNotify(),
 		}
 
-		// Forward a token from client to server.
-		token := getAuthTokenFromClient(w.wps.stream.Context())
-		if token != "" {
-			cctx = context.WithValue(cctx, "token", token)
-		}
+		cctx = withClientAuthToken(w.wps.stream.Context())
 
 		wch := wp.cw.Watch(cctx, w.wr.key, opts...)