proxy: handle authed snapshot request in grpcproxy

Like the previous commit 10f783efdd12, this commit lets grpcproxy forward an auth token supplied by its client in an explicit manner. snapshot is a stream RPC so this process is required like watch.
2024-09-27 06:25:44 +00:00 · 2017-08-25 15:19:42 +09:00 · 2017-08-25 15:19:42 +09:00 · e8c18e3368
commit e8c18e3368
parent c50960e39a
3 changed files with 11 additions and 5 deletions
--- a/proxy/grpcproxy/maintenance.go
+++ b/proxy/grpcproxy/maintenance.go
@ -42,6 +42,8 @@ func (mp *maintenanceProxy) Snapshot(sr *pb.SnapshotRequest, stream pb.Maintenan
 	ctx, cancel := context.WithCancel(stream.Context())
 	defer cancel()

+	ctx = withClientAuthToken(ctx, stream.Context())
+
 	sc, err := pb.NewMaintenanceClient(conn).Snapshot(ctx, sr)
 	if err != nil {
 		return err
--- a/proxy/grpcproxy/util.go
+++ b/proxy/grpcproxy/util.go
@ -32,6 +32,14 @@ func getAuthTokenFromClient(ctx context.Context) string {
 	return ""
 }

+func withClientAuthToken(ctx context.Context, ctxWithToken context.Context) context.Context {
+	token := getAuthTokenFromClient(ctxWithToken)
+	if token != "" {
+		ctx = context.WithValue(ctx, "token", token)
+	}
+	return ctx
+}
+
 type proxyTokenCredential struct {
 	token string
 }
--- a/proxy/grpcproxy/watch_broadcast.go
+++ b/proxy/grpcproxy/watch_broadcast.go
@ -58,11 +58,7 @@ func newWatchBroadcast(wp *watchProxy, w *watcher, update func(*watchBroadcast))
 			clientv3.WithCreatedNotify(),
 		}

-		// Forward a token from client to server.
-		token := getAuthTokenFromClient(w.wps.stream.Context())
-		if token != "" {
-			cctx = context.WithValue(cctx, "token", token)
-		}
+		cctx = withClientAuthToken(cctx, w.wps.stream.Context())

 		wch := wp.cw.Watch(cctx, w.wr.key, opts...)