From 52cb33770b1f5e0215305e67582843f055e0b435 Mon Sep 17 00:00:00 2001 From: Folke Behrens Date: Tue, 27 Aug 2024 14:12:42 +0200 Subject: [PATCH] proxy: Rename backend types and variants as prep for refactor (#8845) * AuthBackend enum to AuthBackendType * BackendType enum to Backend * Link variants to Web * Adjust messages, comments, etc. --- proxy/README.md | 2 +- proxy/src/auth.rs | 8 +-- proxy/src/auth/backend.rs | 80 +++++++++++----------- proxy/src/auth/backend/{link.rs => web.rs} | 16 ++--- proxy/src/auth/password_hack.rs | 2 +- proxy/src/bin/local_proxy.rs | 2 +- proxy/src/bin/proxy.rs | 27 ++++---- proxy/src/compute.rs | 4 +- proxy/src/config.rs | 4 +- proxy/src/console/messages.rs | 2 +- proxy/src/console/mgmt.rs | 2 +- proxy/src/context.rs | 2 +- proxy/src/proxy/tests.rs | 4 +- proxy/src/serverless/backend.rs | 8 +-- 14 files changed, 84 insertions(+), 79 deletions(-) rename proxy/src/auth/backend/{link.rs => web.rs} (87%) diff --git a/proxy/README.md b/proxy/README.md index afc8b77db8..8d850737be 100644 --- a/proxy/README.md +++ b/proxy/README.md @@ -6,7 +6,7 @@ Proxy binary accepts `--auth-backend` CLI option, which determines auth scheme a new SCRAM-based console API; uses SNI info to select the destination project (endpoint soon) * postgres uses postgres to select auth secrets of existing roles. Useful for local testing -* link +* web (or link) sends login link for all usernames Also proxy can expose following services to the external world: diff --git a/proxy/src/auth.rs b/proxy/src/auth.rs index f3ecedb839..7c408f817c 100644 --- a/proxy/src/auth.rs +++ b/proxy/src/auth.rs @@ -1,7 +1,7 @@ //! Client authentication mechanisms. pub mod backend; -pub use backend::BackendType; +pub use backend::Backend; mod credentials; pub(crate) use credentials::{ @@ -31,7 +31,7 @@ pub(crate) type Result = std::result::Result; #[derive(Debug, Error)] pub(crate) enum AuthErrorImpl { #[error(transparent)] - Link(#[from] backend::LinkAuthError), + Web(#[from] backend::WebAuthError), #[error(transparent)] GetAuthInfo(#[from] console::errors::GetAuthInfoError), @@ -114,7 +114,7 @@ impl> From for AuthError { impl UserFacingError for AuthError { fn to_string_client(&self) -> String { match self.0.as_ref() { - AuthErrorImpl::Link(e) => e.to_string_client(), + AuthErrorImpl::Web(e) => e.to_string_client(), AuthErrorImpl::GetAuthInfo(e) => e.to_string_client(), AuthErrorImpl::Sasl(e) => e.to_string_client(), AuthErrorImpl::AuthFailed(_) => self.to_string(), @@ -132,7 +132,7 @@ impl UserFacingError for AuthError { impl ReportableError for AuthError { fn get_error_kind(&self) -> crate::error::ErrorKind { match self.0.as_ref() { - AuthErrorImpl::Link(e) => e.get_error_kind(), + AuthErrorImpl::Web(e) => e.get_error_kind(), AuthErrorImpl::GetAuthInfo(e) => e.get_error_kind(), AuthErrorImpl::Sasl(e) => e.get_error_kind(), AuthErrorImpl::AuthFailed(_) => crate::error::ErrorKind::User, diff --git a/proxy/src/auth/backend.rs b/proxy/src/auth/backend.rs index 77dea39fdc..1d28c6df31 100644 --- a/proxy/src/auth/backend.rs +++ b/proxy/src/auth/backend.rs @@ -1,19 +1,19 @@ mod classic; mod hacks; pub mod jwt; -mod link; pub mod local; +mod web; use std::net::IpAddr; use std::sync::Arc; use std::time::Duration; use ipnet::{Ipv4Net, Ipv6Net}; -pub(crate) use link::LinkAuthError; use local::LocalBackend; use tokio::io::{AsyncRead, AsyncWrite}; use tokio_postgres::config::AuthKeys; use tracing::{info, warn}; +pub(crate) use web::WebAuthError; use crate::auth::credentials::check_peer_addr_is_in_list; use crate::auth::{validate_password_and_exchange, AuthError}; @@ -65,11 +65,11 @@ impl std::ops::Deref for MaybeOwned<'_, T> { /// * However, when we substitute `T` with [`ComputeUserInfoMaybeEndpoint`], /// this helps us provide the credentials only to those auth /// backends which require them for the authentication process. -pub enum BackendType<'a, T, D> { +pub enum Backend<'a, T, D> { /// Cloud API (V2). Console(MaybeOwned<'a, ConsoleBackend>, T), /// Authentication via a web browser. - Link(MaybeOwned<'a, url::ApiUrl>, D), + Web(MaybeOwned<'a, url::ApiUrl>, D), /// Local proxy uses configured auth credentials and does not wake compute Local(MaybeOwned<'a, LocalBackend>), } @@ -82,7 +82,7 @@ pub(crate) trait TestBackend: Send + Sync + 'static { ) -> Result<(CachedAllowedIps, Option), console::errors::GetAuthInfoError>; } -impl std::fmt::Display for BackendType<'_, (), ()> { +impl std::fmt::Display for Backend<'_, (), ()> { fn fmt(&self, fmt: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { match self { Self::Console(api, ()) => match &**api { @@ -96,44 +96,44 @@ impl std::fmt::Display for BackendType<'_, (), ()> { #[cfg(test)] ConsoleBackend::Test(_) => fmt.debug_tuple("Test").finish(), }, - Self::Link(url, ()) => fmt.debug_tuple("Link").field(&url.as_str()).finish(), + Self::Web(url, ()) => fmt.debug_tuple("Web").field(&url.as_str()).finish(), Self::Local(_) => fmt.debug_tuple("Local").finish(), } } } -impl BackendType<'_, T, D> { +impl Backend<'_, T, D> { /// Very similar to [`std::option::Option::as_ref`]. /// This helps us pass structured config to async tasks. - pub(crate) fn as_ref(&self) -> BackendType<'_, &T, &D> { + pub(crate) fn as_ref(&self) -> Backend<'_, &T, &D> { match self { - Self::Console(c, x) => BackendType::Console(MaybeOwned::Borrowed(c), x), - Self::Link(c, x) => BackendType::Link(MaybeOwned::Borrowed(c), x), - Self::Local(l) => BackendType::Local(MaybeOwned::Borrowed(l)), + Self::Console(c, x) => Backend::Console(MaybeOwned::Borrowed(c), x), + Self::Web(c, x) => Backend::Web(MaybeOwned::Borrowed(c), x), + Self::Local(l) => Backend::Local(MaybeOwned::Borrowed(l)), } } } -impl<'a, T, D> BackendType<'a, T, D> { +impl<'a, T, D> Backend<'a, T, D> { /// Very similar to [`std::option::Option::map`]. - /// Maps [`BackendType`] to [`BackendType`] by applying + /// Maps [`Backend`] to [`Backend`] by applying /// a function to a contained value. - pub(crate) fn map(self, f: impl FnOnce(T) -> R) -> BackendType<'a, R, D> { + pub(crate) fn map(self, f: impl FnOnce(T) -> R) -> Backend<'a, R, D> { match self { - Self::Console(c, x) => BackendType::Console(c, f(x)), - Self::Link(c, x) => BackendType::Link(c, x), - Self::Local(l) => BackendType::Local(l), + Self::Console(c, x) => Backend::Console(c, f(x)), + Self::Web(c, x) => Backend::Web(c, x), + Self::Local(l) => Backend::Local(l), } } } -impl<'a, T, D, E> BackendType<'a, Result, D> { +impl<'a, T, D, E> Backend<'a, Result, D> { /// Very similar to [`std::option::Option::transpose`]. /// This is most useful for error handling. - pub(crate) fn transpose(self) -> Result, E> { + pub(crate) fn transpose(self) -> Result, E> { match self { - Self::Console(c, x) => x.map(|x| BackendType::Console(c, x)), - Self::Link(c, x) => Ok(BackendType::Link(c, x)), - Self::Local(l) => Ok(BackendType::Local(l)), + Self::Console(c, x) => x.map(|x| Backend::Console(c, x)), + Self::Web(c, x) => Ok(Backend::Web(c, x)), + Self::Local(l) => Ok(Backend::Local(l)), } } } @@ -403,12 +403,12 @@ async fn authenticate_with_secret( classic::authenticate(ctx, info, client, config, secret).await } -impl<'a> BackendType<'a, ComputeUserInfoMaybeEndpoint, &()> { +impl<'a> Backend<'a, ComputeUserInfoMaybeEndpoint, &()> { /// Get username from the credentials. pub(crate) fn get_user(&self) -> &str { match self { Self::Console(_, user_info) => &user_info.user, - Self::Link(_, ()) => "link", + Self::Web(_, ()) => "web", Self::Local(_) => "local", } } @@ -422,7 +422,7 @@ impl<'a> BackendType<'a, ComputeUserInfoMaybeEndpoint, &()> { allow_cleartext: bool, config: &'static AuthenticationConfig, endpoint_rate_limiter: Arc, - ) -> auth::Result> { + ) -> auth::Result> { let res = match self { Self::Console(api, user_info) => { info!( @@ -441,15 +441,15 @@ impl<'a> BackendType<'a, ComputeUserInfoMaybeEndpoint, &()> { endpoint_rate_limiter, ) .await?; - BackendType::Console(api, credentials) + Backend::Console(api, credentials) } // NOTE: this auth backend doesn't use client credentials. - Self::Link(url, ()) => { - info!("performing link authentication"); + Self::Web(url, ()) => { + info!("performing web authentication"); - let info = link::authenticate(ctx, &url, client).await?; + let info = web::authenticate(ctx, &url, client).await?; - BackendType::Link(url, info) + Backend::Web(url, info) } Self::Local(_) => { return Err(auth::AuthError::bad_auth_method("invalid for local proxy")) @@ -461,14 +461,14 @@ impl<'a> BackendType<'a, ComputeUserInfoMaybeEndpoint, &()> { } } -impl BackendType<'_, ComputeUserInfo, &()> { +impl Backend<'_, ComputeUserInfo, &()> { pub(crate) async fn get_role_secret( &self, ctx: &RequestMonitoring, ) -> Result { match self { Self::Console(api, user_info) => api.get_role_secret(ctx, user_info).await, - Self::Link(_, ()) => Ok(Cached::new_uncached(None)), + Self::Web(_, ()) => Ok(Cached::new_uncached(None)), Self::Local(_) => Ok(Cached::new_uncached(None)), } } @@ -479,21 +479,21 @@ impl BackendType<'_, ComputeUserInfo, &()> { ) -> Result<(CachedAllowedIps, Option), GetAuthInfoError> { match self { Self::Console(api, user_info) => api.get_allowed_ips_and_secret(ctx, user_info).await, - Self::Link(_, ()) => Ok((Cached::new_uncached(Arc::new(vec![])), None)), + Self::Web(_, ()) => Ok((Cached::new_uncached(Arc::new(vec![])), None)), Self::Local(_) => Ok((Cached::new_uncached(Arc::new(vec![])), None)), } } } #[async_trait::async_trait] -impl ComputeConnectBackend for BackendType<'_, ComputeCredentials, NodeInfo> { +impl ComputeConnectBackend for Backend<'_, ComputeCredentials, NodeInfo> { async fn wake_compute( &self, ctx: &RequestMonitoring, ) -> Result { match self { Self::Console(api, creds) => api.wake_compute(ctx, &creds.info).await, - Self::Link(_, info) => Ok(Cached::new_uncached(info.clone())), + Self::Web(_, info) => Ok(Cached::new_uncached(info.clone())), Self::Local(local) => Ok(Cached::new_uncached(local.node_info.clone())), } } @@ -501,21 +501,23 @@ impl ComputeConnectBackend for BackendType<'_, ComputeCredentials, NodeInfo> { fn get_keys(&self) -> &ComputeCredentialKeys { match self { Self::Console(_, creds) => &creds.keys, - Self::Link(_, _) => &ComputeCredentialKeys::None, + Self::Web(_, _) => &ComputeCredentialKeys::None, Self::Local(_) => &ComputeCredentialKeys::None, } } } #[async_trait::async_trait] -impl ComputeConnectBackend for BackendType<'_, ComputeCredentials, &()> { +impl ComputeConnectBackend for Backend<'_, ComputeCredentials, &()> { async fn wake_compute( &self, ctx: &RequestMonitoring, ) -> Result { match self { Self::Console(api, creds) => api.wake_compute(ctx, &creds.info).await, - Self::Link(_, ()) => unreachable!("link auth flow doesn't support waking the compute"), + Self::Web(_, ()) => { + unreachable!("web auth flow doesn't support waking the compute") + } Self::Local(local) => Ok(Cached::new_uncached(local.node_info.clone())), } } @@ -523,7 +525,7 @@ impl ComputeConnectBackend for BackendType<'_, ComputeCredentials, &()> { fn get_keys(&self) -> &ComputeCredentialKeys { match self { Self::Console(_, creds) => &creds.keys, - Self::Link(_, ()) => &ComputeCredentialKeys::None, + Self::Web(_, ()) => &ComputeCredentialKeys::None, Self::Local(_) => &ComputeCredentialKeys::None, } } diff --git a/proxy/src/auth/backend/link.rs b/proxy/src/auth/backend/web.rs similarity index 87% rename from proxy/src/auth/backend/link.rs rename to proxy/src/auth/backend/web.rs index 19515f95a8..58a4bef62e 100644 --- a/proxy/src/auth/backend/link.rs +++ b/proxy/src/auth/backend/web.rs @@ -13,7 +13,7 @@ use tokio_postgres::config::SslMode; use tracing::{info, info_span}; #[derive(Debug, Error)] -pub(crate) enum LinkAuthError { +pub(crate) enum WebAuthError { #[error(transparent)] WaiterRegister(#[from] waiters::RegisterError), @@ -24,18 +24,18 @@ pub(crate) enum LinkAuthError { Io(#[from] std::io::Error), } -impl UserFacingError for LinkAuthError { +impl UserFacingError for WebAuthError { fn to_string_client(&self) -> String { "Internal error".to_string() } } -impl ReportableError for LinkAuthError { +impl ReportableError for WebAuthError { fn get_error_kind(&self) -> crate::error::ErrorKind { match self { - LinkAuthError::WaiterRegister(_) => crate::error::ErrorKind::Service, - LinkAuthError::WaiterWait(_) => crate::error::ErrorKind::Service, - LinkAuthError::Io(_) => crate::error::ErrorKind::ClientDisconnect, + Self::WaiterRegister(_) => crate::error::ErrorKind::Service, + Self::WaiterWait(_) => crate::error::ErrorKind::Service, + Self::Io(_) => crate::error::ErrorKind::ClientDisconnect, } } } @@ -74,7 +74,7 @@ pub(super) async fn authenticate( } }; - let span = info_span!("link", psql_session_id = &psql_session_id); + let span = info_span!("web", psql_session_id = &psql_session_id); let greeting = hello_message(link_uri, &psql_session_id); // Give user a URL to spawn a new database. @@ -87,7 +87,7 @@ pub(super) async fn authenticate( // Wait for web console response (see `mgmt`). info!(parent: &span, "waiting for console's reply..."); - let db_info = waiter.await.map_err(LinkAuthError::from)?; + let db_info = waiter.await.map_err(WebAuthError::from)?; client.write_message_noflush(&Be::NoticeResponse("Connecting to database."))?; diff --git a/proxy/src/auth/password_hack.rs b/proxy/src/auth/password_hack.rs index 3f5d006f7b..8585b8ff48 100644 --- a/proxy/src/auth/password_hack.rs +++ b/proxy/src/auth/password_hack.rs @@ -1,5 +1,5 @@ //! Payload for ad hoc authentication method for clients that don't support SNI. -//! See the `impl` for [`super::backend::BackendType`]. +//! See the `impl` for [`super::backend::Backend`]. //! Read more: . //! UPDATE (Mon Aug 8 13:20:34 UTC 2022): the payload format has been simplified. diff --git a/proxy/src/bin/local_proxy.rs b/proxy/src/bin/local_proxy.rs index 8acba33bac..08effeff99 100644 --- a/proxy/src/bin/local_proxy.rs +++ b/proxy/src/bin/local_proxy.rs @@ -212,7 +212,7 @@ fn build_config(args: &LocalProxyCliArgs) -> anyhow::Result<&'static ProxyConfig Ok(Box::leak(Box::new(ProxyConfig { tls_config: None, - auth_backend: proxy::auth::BackendType::Local(proxy::auth::backend::MaybeOwned::Owned( + auth_backend: proxy::auth::Backend::Local(proxy::auth::backend::MaybeOwned::Owned( LocalBackend::new(args.compute), )), metric_collection: None, diff --git a/proxy/src/bin/proxy.rs b/proxy/src/bin/proxy.rs index 1f45a33ed5..7706a1f7cd 100644 --- a/proxy/src/bin/proxy.rs +++ b/proxy/src/bin/proxy.rs @@ -60,11 +60,14 @@ use clap::{Parser, ValueEnum}; static GLOBAL: tikv_jemallocator::Jemalloc = tikv_jemallocator::Jemalloc; #[derive(Clone, Debug, ValueEnum)] -enum AuthBackend { +enum AuthBackendType { Console, #[cfg(feature = "testing")] Postgres, - Link, + // clap only shows the name, not the alias, in usage text. + // TODO: swap name/alias and deprecate "link" + #[value(name("link"), alias("web"))] + Web, } /// Neon proxy/router @@ -77,8 +80,8 @@ struct ProxyCliArgs { /// listen for incoming client connections on ip:port #[clap(short, long, default_value = "127.0.0.1:4432")] proxy: String, - #[clap(value_enum, long, default_value_t = AuthBackend::Link)] - auth_backend: AuthBackend, + #[clap(value_enum, long, default_value_t = AuthBackendType::Web)] + auth_backend: AuthBackendType, /// listen for management callback connection on ip:port #[clap(short, long, default_value = "127.0.0.1:7000")] mgmt: String, @@ -88,7 +91,7 @@ struct ProxyCliArgs { /// listen for incoming wss connections on ip:port #[clap(long)] wss: Option, - /// redirect unauthenticated users to the given uri in case of link auth + /// redirect unauthenticated users to the given uri in case of web auth #[clap(short, long, default_value = "http://localhost:3000/psql_session/")] uri: String, /// cloud API endpoint for authenticating users @@ -470,7 +473,7 @@ async fn main() -> anyhow::Result<()> { )); } - if let auth::BackendType::Console(api, _) = &config.auth_backend { + if let auth::Backend::Console(api, _) = &config.auth_backend { if let proxy::console::provider::ConsoleBackend::Console(api) = &**api { match (redis_notifications_client, regional_redis_client.clone()) { (None, None) => {} @@ -575,7 +578,7 @@ fn build_config(args: &ProxyCliArgs) -> anyhow::Result<&'static ProxyConfig> { } let auth_backend = match &args.auth_backend { - AuthBackend::Console => { + AuthBackendType::Console => { let wake_compute_cache_config: CacheOptions = args.wake_compute_cache.parse()?; let project_info_cache_config: ProjectInfoCacheOptions = args.project_info_cache.parse()?; @@ -624,18 +627,18 @@ fn build_config(args: &ProxyCliArgs) -> anyhow::Result<&'static ProxyConfig> { wake_compute_endpoint_rate_limiter, ); let api = console::provider::ConsoleBackend::Console(api); - auth::BackendType::Console(MaybeOwned::Owned(api), ()) + auth::Backend::Console(MaybeOwned::Owned(api), ()) } #[cfg(feature = "testing")] - AuthBackend::Postgres => { + AuthBackendType::Postgres => { let url = args.auth_endpoint.parse()?; let api = console::provider::mock::Api::new(url); let api = console::provider::ConsoleBackend::Postgres(api); - auth::BackendType::Console(MaybeOwned::Owned(api), ()) + auth::Backend::Console(MaybeOwned::Owned(api), ()) } - AuthBackend::Link => { + AuthBackendType::Web => { let url = args.uri.parse()?; - auth::BackendType::Link(MaybeOwned::Owned(url), ()) + auth::Backend::Web(MaybeOwned::Owned(url), ()) } }; diff --git a/proxy/src/compute.rs b/proxy/src/compute.rs index 246501a21e..8d3cb8ee3c 100644 --- a/proxy/src/compute.rs +++ b/proxy/src/compute.rs @@ -124,13 +124,13 @@ impl ConnCfg { /// Apply startup message params to the connection config. pub(crate) fn set_startup_params(&mut self, params: &StartupMessageParams) { // Only set `user` if it's not present in the config. - // Link auth flow takes username from the console's response. + // Web auth flow takes username from the console's response. if let (None, Some(user)) = (self.get_user(), params.get("user")) { self.user(user); } // Only set `dbname` if it's not present in the config. - // Link auth flow takes dbname from the console's response. + // Web auth flow takes dbname from the console's response. if let (None, Some(dbname)) = (self.get_dbname(), params.get("database")) { self.dbname(dbname); } diff --git a/proxy/src/config.rs b/proxy/src/config.rs index 6c42fb8d19..d7fc6eee22 100644 --- a/proxy/src/config.rs +++ b/proxy/src/config.rs @@ -25,7 +25,7 @@ use x509_parser::oid_registry; pub struct ProxyConfig { pub tls_config: Option, - pub auth_backend: auth::BackendType<'static, (), ()>, + pub auth_backend: auth::Backend<'static, (), ()>, pub metric_collection: Option, pub allow_self_signed_compute: bool, pub http_config: HttpConfig, @@ -247,7 +247,7 @@ impl CertResolver { let common_name = pem.subject().to_string(); - // We only use non-wildcard certificates in link proxy so it seems okay to treat them the same as + // We only use non-wildcard certificates in web auth proxy so it seems okay to treat them the same as // wildcard ones as we don't use SNI there. That treatment only affects certificate selection, so // verify-full will still check wildcard match. Old coding here just ignored non-wildcard common names // and passed None instead, which blows up number of cases downstream code should handle. Proper coding diff --git a/proxy/src/console/messages.rs b/proxy/src/console/messages.rs index 0df1a450ac..a48c7316f6 100644 --- a/proxy/src/console/messages.rs +++ b/proxy/src/console/messages.rs @@ -243,7 +243,7 @@ pub(crate) struct WakeCompute { pub(crate) aux: MetricsAuxInfo, } -/// Async response which concludes the link auth flow. +/// Async response which concludes the web auth flow. /// Also known as `kickResponse` in the console. #[derive(Debug, Deserialize)] pub(crate) struct KickSession<'a> { diff --git a/proxy/src/console/mgmt.rs b/proxy/src/console/mgmt.rs index f318ac529b..2ed4f5f206 100644 --- a/proxy/src/console/mgmt.rs +++ b/proxy/src/console/mgmt.rs @@ -25,7 +25,7 @@ pub(crate) fn notify(psql_session_id: &str, msg: ComputeReady) -> Result<(), wai } /// Console management API listener task. -/// It spawns console response handlers needed for the link auth. +/// It spawns console response handlers needed for the web auth. pub async fn task_main(listener: TcpListener) -> anyhow::Result { scopeguard::defer! { info!("mgmt has shut down"); diff --git a/proxy/src/context.rs b/proxy/src/context.rs index 9edba543fe..72e1fa1cee 100644 --- a/proxy/src/context.rs +++ b/proxy/src/context.rs @@ -72,7 +72,7 @@ struct RequestMonitoringInner { #[derive(Clone, Debug)] pub(crate) enum AuthMethod { - // aka link aka passwordless + // aka passwordless, fka link Web, ScramSha256, ScramSha256Plus, diff --git a/proxy/src/proxy/tests.rs b/proxy/src/proxy/tests.rs index b3b284ef27..4264dbae0f 100644 --- a/proxy/src/proxy/tests.rs +++ b/proxy/src/proxy/tests.rs @@ -544,8 +544,8 @@ fn helper_create_cached_node_info(cache: &'static NodeInfoCache) -> CachedNodeIn fn helper_create_connect_info( mechanism: &TestConnectMechanism, -) -> auth::BackendType<'static, ComputeCredentials, &()> { - let user_info = auth::BackendType::Console( +) -> auth::Backend<'static, ComputeCredentials, &()> { + let user_info = auth::Backend::Console( MaybeOwned::Owned(ConsoleBackend::Test(Box::new(mechanism.clone()))), ComputeCredentials { info: ComputeUserInfo { diff --git a/proxy/src/serverless/backend.rs b/proxy/src/serverless/backend.rs index 2699411c28..f24e0478be 100644 --- a/proxy/src/serverless/backend.rs +++ b/proxy/src/serverless/backend.rs @@ -105,13 +105,13 @@ impl PoolingBackend { jwt: &str, ) -> Result { match &self.config.auth_backend { - crate::auth::BackendType::Console(_, ()) => { + crate::auth::Backend::Console(_, ()) => { Err(AuthError::auth_failed("JWT login is not yet supported")) } - crate::auth::BackendType::Link(_, ()) => Err(AuthError::auth_failed( - "JWT login over link proxy is not supported", + crate::auth::Backend::Web(_, ()) => Err(AuthError::auth_failed( + "JWT login over web auth proxy is not supported", )), - crate::auth::BackendType::Local(cache) => { + crate::auth::Backend::Local(cache) => { cache .jwks_cache .check_jwt(