Skip to content

Commit 3f02930

Browse files
fsaminfsamin
authored
feat(api): check consumer service definition on signin (#6119)
Signed-off-by: francois samin <[email protected]>
1 parent a73cbcb commit 3f02930

File tree

3 files changed

+59
-38
lines changed

3 files changed

+59
-38
lines changed

engine/api/auth_builtin.go

+27-12
Original file line numberDiff line numberDiff line change
@@ -60,6 +60,32 @@ func (api *API) postAuthBuiltinSigninHandler() service.Handler {
6060
return sdk.NewError(sdk.ErrForbidden, err)
6161
}
6262

63+
// Check if the consumer is associated to a service
64+
srvInput, hasService := req["service"]
65+
var srv sdk.Service
66+
if hasService {
67+
btes, err := json.Marshal(srvInput)
68+
if err != nil {
69+
return sdk.NewError(sdk.ErrWrongRequest, err)
70+
}
71+
if err := sdk.JSONUnmarshal(btes, &srv); err != nil {
72+
return sdk.NewError(sdk.ErrWrongRequest, err)
73+
}
74+
if consumer.ServiceName != nil && *consumer.ServiceName != srv.Name {
75+
return sdk.NewErrorFrom(sdk.ErrForbidden, "service name %q doesn't match with consumer %q", srv.Name, *consumer.ServiceName)
76+
}
77+
if consumer.ServiceType != nil && *consumer.ServiceType != srv.Type {
78+
return sdk.NewErrorFrom(sdk.ErrForbidden, "service type %q doesn't match with consumer %q", srv.Type, *consumer.ServiceType)
79+
}
80+
if consumer.ServiceRegion != nil && *consumer.ServiceRegion != *srv.Region {
81+
return sdk.NewErrorFrom(sdk.ErrForbidden, "service region %q doesn't match with consumer %q", srv.Type, *consumer.ServiceRegion)
82+
}
83+
} else {
84+
if consumer.ServiceName != nil || consumer.ServiceType != nil || consumer.ServiceRegion != nil {
85+
return sdk.NewErrorFrom(sdk.ErrForbidden, "signing request doesn't match with consumer %q service definition. missing service payload", consumer.Name)
86+
}
87+
}
88+
6389
// Generate a new session for consumer
6490
session, err := authentication.NewSession(ctx, tx, consumer, driver.GetSessionDuration())
6591
if err != nil {
@@ -104,18 +130,7 @@ func (api *API) postAuthBuiltinSigninHandler() service.Handler {
104130
ctx = context.WithValue(ctx, contextDriverManifest, driverManifest)
105131

106132
// If the Signin has a *service* Payload, we have to perform the service registration
107-
srvInput, has := req["service"]
108-
var srv sdk.Service
109-
if has {
110-
btes, err := json.Marshal(srvInput)
111-
if err != nil {
112-
return sdk.NewError(sdk.ErrWrongRequest, err)
113-
}
114-
115-
if err := sdk.JSONUnmarshal(btes, &srv); err != nil {
116-
return sdk.NewError(sdk.ErrWrongRequest, err)
117-
}
118-
133+
if hasService {
119134
ctx = context.WithValue(ctx, cdslog.AuthServiceName, srv.Name)
120135
SetTracker(w, cdslog.AuthServiceName, srv.Name)
121136

engine/api/auth_local.go

+6
Original file line numberDiff line numberDiff line change
@@ -134,6 +134,9 @@ func initBuiltinConsumersFromStartupConfig(ctx context.Context, tx gorpmapper.Sq
134134

135135
// Create the consumers provided by the startup configuration
136136
for _, cfg := range startupConfig.Consumers {
137+
if cfg.Name == "" {
138+
continue
139+
}
137140
var scopes sdk.AuthConsumerScopeDetails
138141

139142
switch cfg.Type {
@@ -153,6 +156,7 @@ func initBuiltinConsumersFromStartupConfig(ctx context.Context, tx gorpmapper.Sq
153156
scopes = sdk.NewAuthConsumerScopeDetails(sdk.AuthConsumerScopeService)
154157
}
155158

159+
svcType := string(cfg.Type)
156160
var c = sdk.AuthConsumer{
157161
ID: cfg.ID,
158162
Name: cfg.Name,
@@ -164,6 +168,8 @@ func initBuiltinConsumersFromStartupConfig(ctx context.Context, tx gorpmapper.Sq
164168
GroupIDs: []int64{group.SharedInfraGroup.ID},
165169
ScopeDetails: scopes,
166170
ValidityPeriods: sdk.NewAuthConsumerValidityPeriod(time.Unix(startupConfig.IAT, 0), 2*365*24*time.Hour), // Default validity period is two years
171+
ServiceName: &cfg.Name,
172+
ServiceType: &svcType,
167173
}
168174

169175
if err := authentication.InsertConsumer(ctx, tx, &c); err != nil {

engine/config.go

+26-26
Original file line numberDiff line numberDiff line change
@@ -347,7 +347,7 @@ func configSetStartupData(conf *Configuration) (string, error) {
347347
if conf.UI != nil {
348348
var cfg = api.StartupConfigConsumer{
349349
ID: sdk.UUID(),
350-
Name: "ui",
350+
Name: conf.UI.Name,
351351
Description: "Autogenerated configuration for ui service",
352352
Type: api.StartupConfigConsumerTypeUI,
353353
}
@@ -370,7 +370,7 @@ func configSetStartupData(conf *Configuration) (string, error) {
370370
if h.Local != nil {
371371
var cfg = api.StartupConfigConsumer{
372372
ID: sdk.UUID(),
373-
Name: "hatchery:local",
373+
Name: h.Local.Name,
374374
Description: "Autogenerated configuration for local hatchery",
375375
Type: api.StartupConfigConsumerTypeHatchery,
376376
}
@@ -395,7 +395,7 @@ func configSetStartupData(conf *Configuration) (string, error) {
395395
if h.Openstack != nil {
396396
var cfg = api.StartupConfigConsumer{
397397
ID: sdk.UUID(),
398-
Name: "hatchery:openstack",
398+
Name: h.Openstack.Name,
399399
Description: "Autogenerated configuration for openstack hatchery",
400400
Type: api.StartupConfigConsumerTypeHatchery,
401401
}
@@ -420,7 +420,7 @@ func configSetStartupData(conf *Configuration) (string, error) {
420420
if h.VSphere != nil {
421421
var cfg = api.StartupConfigConsumer{
422422
ID: sdk.UUID(),
423-
Name: "hatchery:vsphere",
423+
Name: h.VSphere.Name,
424424
Description: "Autogenerated configuration for vsphere hatchery",
425425
Type: api.StartupConfigConsumerTypeHatchery,
426426
}
@@ -446,7 +446,7 @@ func configSetStartupData(conf *Configuration) (string, error) {
446446
if h.Swarm != nil {
447447
var cfg = api.StartupConfigConsumer{
448448
ID: sdk.UUID(),
449-
Name: "hatchery:swarm",
449+
Name: h.Swarm.Name,
450450
Description: "Autogenerated configuration for swarm hatchery",
451451
Type: api.StartupConfigConsumerTypeHatchery,
452452
}
@@ -471,7 +471,7 @@ func configSetStartupData(conf *Configuration) (string, error) {
471471
if h.Marathon != nil {
472472
var cfg = api.StartupConfigConsumer{
473473
ID: sdk.UUID(),
474-
Name: "hatchery:marathon",
474+
Name: h.Marathon.Name,
475475
Description: "Autogenerated configuration for marathon hatchery",
476476
Type: api.StartupConfigConsumerTypeHatchery,
477477
}
@@ -496,7 +496,7 @@ func configSetStartupData(conf *Configuration) (string, error) {
496496
if h.Kubernetes != nil {
497497
var cfg = api.StartupConfigConsumer{
498498
ID: sdk.UUID(),
499-
Name: "hatchery:kubernetes",
499+
Name: h.Kubernetes.Name,
500500
Description: "Autogenerated configuration for kubernetes hatchery",
501501
Type: api.StartupConfigConsumerTypeHatchery,
502502
}
@@ -522,7 +522,7 @@ func configSetStartupData(conf *Configuration) (string, error) {
522522
if conf.Hooks != nil {
523523
var cfg = api.StartupConfigConsumer{
524524
ID: sdk.UUID(),
525-
Name: "hooks",
525+
Name: conf.Hooks.Name,
526526
Description: "Autogenerated configuration for hooks service",
527527
Type: api.StartupConfigConsumerTypeHooks,
528528
}
@@ -544,7 +544,7 @@ func configSetStartupData(conf *Configuration) (string, error) {
544544
if conf.Repositories != nil {
545545
var cfg = api.StartupConfigConsumer{
546546
ID: sdk.UUID(),
547-
Name: "repositories",
547+
Name: conf.Repositories.Name,
548548
Description: "Autogenerated configuration for repositories service",
549549
Type: api.StartupConfigConsumerTypeRepositories,
550550
}
@@ -566,7 +566,7 @@ func configSetStartupData(conf *Configuration) (string, error) {
566566
if conf.DatabaseMigrate != nil {
567567
var cfg = api.StartupConfigConsumer{
568568
ID: sdk.UUID(),
569-
Name: "migrate",
569+
Name: conf.DatabaseMigrate.Name,
570570
Description: "Autogenerated configuration for migrate service",
571571
Type: api.StartupConfigConsumerTypeDBMigrate,
572572
}
@@ -588,7 +588,7 @@ func configSetStartupData(conf *Configuration) (string, error) {
588588
if conf.VCS != nil {
589589
var cfg = api.StartupConfigConsumer{
590590
ID: sdk.UUID(),
591-
Name: "vcs",
591+
Name: conf.VCS.Name,
592592
Description: "Autogenerated configuration for vcs service",
593593
Type: api.StartupConfigConsumerTypeVCS,
594594
}
@@ -610,7 +610,7 @@ func configSetStartupData(conf *Configuration) (string, error) {
610610
if conf.CDN != nil {
611611
var cfg = api.StartupConfigConsumer{
612612
ID: sdk.UUID(),
613-
Name: "cdn",
613+
Name: conf.CDN.Name,
614614
Description: "Autogenerated configuration for cdn service",
615615
Type: api.StartupConfigConsumerTypeCDN,
616616
}
@@ -632,7 +632,7 @@ func configSetStartupData(conf *Configuration) (string, error) {
632632
if conf.ElasticSearch != nil {
633633
var cfg = api.StartupConfigConsumer{
634634
ID: sdk.UUID(),
635-
Name: "elasticsearch",
635+
Name: conf.ElasticSearch.Name,
636636
Description: "Autogenerated configuration for elasticSearch service",
637637
Type: api.StartupConfigConsumerTypeElasticsearch,
638638
}
@@ -678,7 +678,7 @@ func getInitTokenFromExistingConfiguration(conf Configuration) (string, error) {
678678
}
679679
var cfg = api.StartupConfigConsumer{
680680
ID: consumerID,
681-
Name: "ui",
681+
Name: conf.UI.Name,
682682
Description: "Autogenerated configuration for ui service",
683683
Type: api.StartupConfigConsumerTypeUI,
684684
}
@@ -696,7 +696,7 @@ func getInitTokenFromExistingConfiguration(conf Configuration) (string, error) {
696696
}
697697
var cfg = api.StartupConfigConsumer{
698698
ID: consumerID,
699-
Name: "hatchery:local",
699+
Name: h.Local.Name,
700700
Description: "Autogenerated configuration for local hatchery",
701701
Type: api.StartupConfigConsumerTypeHatchery,
702702
}
@@ -713,7 +713,7 @@ func getInitTokenFromExistingConfiguration(conf Configuration) (string, error) {
713713
}
714714
var cfg = api.StartupConfigConsumer{
715715
ID: consumerID,
716-
Name: "hatchery:openstack",
716+
Name: h.Openstack.Name,
717717
Description: "Autogenerated configuration for openstack hatchery",
718718
Type: api.StartupConfigConsumerTypeHatchery,
719719
}
@@ -730,7 +730,7 @@ func getInitTokenFromExistingConfiguration(conf Configuration) (string, error) {
730730
}
731731
var cfg = api.StartupConfigConsumer{
732732
ID: consumerID,
733-
Name: "hatchery:vsphere",
733+
Name: h.VSphere.Name,
734734
Description: "Autogenerated configuration for vsphere hatchery",
735735
Type: api.StartupConfigConsumerTypeHatchery,
736736
}
@@ -747,7 +747,7 @@ func getInitTokenFromExistingConfiguration(conf Configuration) (string, error) {
747747
}
748748
var cfg = api.StartupConfigConsumer{
749749
ID: consumerID,
750-
Name: "hatchery:swarm",
750+
Name: h.Swarm.Name,
751751
Description: "Autogenerated configuration for swarm hatchery",
752752
Type: api.StartupConfigConsumerTypeHatchery,
753753
}
@@ -764,7 +764,7 @@ func getInitTokenFromExistingConfiguration(conf Configuration) (string, error) {
764764
}
765765
var cfg = api.StartupConfigConsumer{
766766
ID: consumerID,
767-
Name: "hatchery:marathon",
767+
Name: h.Marathon.Name,
768768
Description: "Autogenerated configuration for marathon hatchery",
769769
Type: api.StartupConfigConsumerTypeHatchery,
770770
}
@@ -781,7 +781,7 @@ func getInitTokenFromExistingConfiguration(conf Configuration) (string, error) {
781781
}
782782
var cfg = api.StartupConfigConsumer{
783783
ID: consumerID,
784-
Name: "hatchery:kubernetes",
784+
Name: h.Kubernetes.Name,
785785
Description: "Autogenerated configuration for kubernetes hatchery",
786786
Type: api.StartupConfigConsumerTypeHatchery,
787787
}
@@ -799,7 +799,7 @@ func getInitTokenFromExistingConfiguration(conf Configuration) (string, error) {
799799
}
800800
var cfg = api.StartupConfigConsumer{
801801
ID: consumerID,
802-
Name: "hooks",
802+
Name: conf.Hooks.Name,
803803
Description: "Autogenerated configuration for hooks service",
804804
Type: api.StartupConfigConsumerTypeHooks,
805805
}
@@ -816,7 +816,7 @@ func getInitTokenFromExistingConfiguration(conf Configuration) (string, error) {
816816
}
817817
var cfg = api.StartupConfigConsumer{
818818
ID: consumerID,
819-
Name: "repositories",
819+
Name: conf.Repositories.Name,
820820
Description: "Autogenerated configuration for repositories service",
821821
Type: api.StartupConfigConsumerTypeRepositories,
822822
}
@@ -833,7 +833,7 @@ func getInitTokenFromExistingConfiguration(conf Configuration) (string, error) {
833833
}
834834
var cfg = api.StartupConfigConsumer{
835835
ID: consumerID,
836-
Name: "migrate",
836+
Name: conf.DatabaseMigrate.Name,
837837
Description: "Autogenerated configuration for migrate service",
838838
Type: api.StartupConfigConsumerTypeDBMigrate,
839839
}
@@ -850,7 +850,7 @@ func getInitTokenFromExistingConfiguration(conf Configuration) (string, error) {
850850
}
851851
var cfg = api.StartupConfigConsumer{
852852
ID: consumerID,
853-
Name: "vcs",
853+
Name: conf.VCS.Name,
854854
Description: "Autogenerated configuration for vcs service",
855855
Type: api.StartupConfigConsumerTypeVCS,
856856
}
@@ -867,7 +867,7 @@ func getInitTokenFromExistingConfiguration(conf Configuration) (string, error) {
867867
}
868868
var cfg = api.StartupConfigConsumer{
869869
ID: consumerID,
870-
Name: "cdn",
870+
Name: conf.CDN.Name,
871871
Description: "Autogenerated configuration for cdn service",
872872
Type: api.StartupConfigConsumerTypeCDN,
873873
}
@@ -884,7 +884,7 @@ func getInitTokenFromExistingConfiguration(conf Configuration) (string, error) {
884884
}
885885
var cfg = api.StartupConfigConsumer{
886886
ID: consumerID,
887-
Name: "elasticsearch",
887+
Name: conf.ElasticSearch.Name,
888888
Description: "Autogenerated configuration for elasticSearch service",
889889
Type: api.StartupConfigConsumerTypeElasticsearch,
890890
}

0 commit comments

Comments
 (0)