peridot
/
peridot
mirror of https://github.com/peridotbuild/peridot.git
7
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

kernelmanager: Force auth on Create/Update endpoints

This commit is contained in:
Mustafa Gezen 2023-10-06 13:14:13 +02:00
parent 8e80167da4
commit a3dca2b5ba
Signed by: mustafa
GPG Key ID: DCDF010D946438C1
2 changed files with 19 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
base/go/auth.go
View File

@ -164,6 +164,15 @@ func OidcGrpcInterceptor(details *OidcInterceptorDetails) (grpc.UnaryServerInter
return interceptor, nil
}
func UserFromContext(ctx context.Context) (UserInfo, error) {
user, ok := ctx.Value(UserContextKey).(UserInfo)
if !ok {
return nil, status.Error(codes.Unauthenticated, "missing user info")
}
return user, nil
}
// TestOidcProvider is a test implementation of OidcProvider
type TestOidcProvider struct {
// This interface is a pointer on purpose, so we can point it to

25
tools/kernelmanager/rpc/kernel.go
View File

@ -13,21 +13,6 @@ import (
"strings"
)
func getPrefixEnd(key []byte) []byte {
end := make([]byte, len(key))
copy(end, key)
for i := len(end) - 1; i >= 0; i-- {
if end[i] < 0xff {
end[i] = end[i] + 1
end = end[:i+1]
return end
}
}
// next prefix does not exist (e.g., 0xffff);
// default to WithFromKey policy
return []byte{0}
}
func (s *Server) ListKernels(ctx context.Context, req *kernelmanagerpb.ListKernelsRequest) (*kernelmanagerpb.ListKernelsResponse, error) {
// Min page size is 1, max page size is 100.
if req.PageSize < 1 {
@ -86,6 +71,11 @@ func (s *Server) GetKernel(ctx context.Context, req *kernelmanagerpb.GetKernelRe
}
func (s *Server) CreateKernel(ctx context.Context, req *kernelmanagerpb.CreateKernelRequest) (*kernelmanagerpb.Kernel, error) {
// Authenticate the request
if _, err := base.UserFromContext(ctx); err != nil {
return nil, err
}
if req.Kernel == nil {
return nil, status.Error(codes.InvalidArgument, "kernel must be provided")
}
@ -120,6 +110,11 @@ func (s *Server) CreateKernel(ctx context.Context, req *kernelmanagerpb.CreateKe
}
func (s *Server) UpdateKernel(ctx context.Context, req *kernelmanagerpb.UpdateKernelRequest) (*kernelmanagerpb.Kernel, error) {
// Authenticate the request
if _, err := base.UserFromContext(ctx); err != nil {
return nil, err
}
if req.Kernel == nil {
return nil, status.Error(codes.InvalidArgument, "kernel must be provided")
}