8000 fix(api): use consumer name instead of username if service or worker … · ovh/cds@c4f892c · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Commit c4f892c

Browse files
richardltfsamin
richardlt
authored and
fsamin
committed
fix(api): use consumer name instead of username if service or worker (#4909)
1 parent d9a2517 commit c4f892c

18 files changed

+199
-192
lines changed

engine/api/api_helper.go

Lines changed: 24 additions & 54 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,6 @@ import (
99

1010
"github.com/ovh/cds/engine/api/group"
1111
"github.com/ovh/cds/engine/api/services"
12-
"github.com/ovh/cds/engine/api/worker"
1312
"github.com/ovh/cds/sdk"
1413
"github.com/ovh/cds/sdk/log"
1514
)
@@ -52,6 +51,30 @@ func isAdmin(ctx context.Context) bool {
5251
return c.Admin()
5352
}
5453

54+
func isService(ctx context.Context) bool {
55+
c := getAPIConsumer(ctx)
56+
if c == nil {
57+
return false
58+
}
59+
return c.Service != nil
60+
}
61+
62+
func isWorker(ctx context.Context) bool {
63+
c := getAPIConsumer(ctx)
64+
if c == nil {
65+
return false
66+
}
67+
return c.Worker != nil
68+
}
69+
70+
func isHatchery(ctx context.Context) bool {
71+
c := getAPIConsumer(ctx)
72+
if c == nil {
73+
return false
74+
}
75+
return c.Service != nil && c.Service.Type == services.TypeHatchery
76+
}
77+
5578
func getAPIConsumer(c context.Context) *sdk.AuthConsumer {
5679
i := c.Value(contextAPIConsumer)
5780
if i == nil {
@@ -108,56 +131,3 @@ func (a *API) mustDBWithCtx(ctx context.Context) *gorp.DbMap {
108131

109132
return db
110133
}
111-
112-
func (a *API) isService(ctx context.Context) (*sdk.Service, bool) {
113-
db := a.mustDBWithCtx(ctx)
114-
session := getAuthSession(ctx)
115-
if session == nil {
116-
return nil, false
117-
}
118-
119-
s, err := services.LoadByConsumerID(ctx, db, session.ConsumerID)
120-
if err != nil {
121-
log.Info(ctx, "unable to get service from session %s: %v", session.ID, err)
122-
return nil, false
123-
}
124-
return s, true
125-
}
126-
127-
func (a *API) isWorker(ctx context.Context) (*sdk.Worker, bool) {
128-
db := a.mustDBWithCtx(ctx)
129-
s := getAuthSession(ctx)
130-
if s == nil {
131-
return nil, false
132-
}
133-
w, err := worker.LoadByConsumerID(ctx, db, s.ConsumerID)
134-
if sdk.ErrorIs(err, sdk.ErrNotFound) {
135-
return nil, false
136-
}
137-
if err != nil {
138-
log.Warning(ctx, "unable to get worker from session %s: %v", s.ID, err)
139-
return nil, false
140-
}
141-
if w == nil {
142-
return nil, false
143-
}
144-
return w, true
145-
}
146-
147-
func (a *API) isHatchery(ctx context.Context) (*sdk.Service, bool) {
148-
db := a.mustDBWithCtx(ctx)
149-
session := getAuthSession(ctx)
150-
if session == nil {
151-
return nil, false
152-
}
153-
154-
s, err := services.LoadByConsumerID(ctx, db, session.ConsumerID)
155-
if err != nil {
156-
log.Warning(ctx, "unable to get hatchery from session %s: %v", session.ID, err)
157-
return nil, false
158-
}
159-
if s.Type != services.TypeHatchery {
160-
return nil, false
161-
}
162-
return s, true
163-
}

engine/api/cache.go

Lines changed: 9 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ import (
1414

1515
func (api *API) postPushCacheHandler() service.Handler {
1616
return func(ctx context.Context, w http.ResponseWriter, r *http.Request) error {
17-
if _, isWorker := api.isWorker(ctx); !isWorker {
17+
if isWorker := isWorker(ctx); !isWorker {
1818
return sdk.WithStack(sdk.ErrForbidden)
1919
}
2020

@@ -24,11 +24,11 @@ func (api *API) postPushCacheHandler() service.Handler {
2424
// check tag name pattern
2525
regexp := sdk.NamePatternRegex
2626
if !regexp.MatchString(tag) {
27-
return sdk.ErrInvalidName
27+
return sdk.WithStack(sdk.ErrInvalidName)
2828
}
2929

3030
if r.Body == nil {
31-
return sdk.ErrWrongRequest
31+
return sdk.WithStack(sdk.ErrWrongRequest)
3232
}
3333
defer r.Body.Close()
3434

@@ -44,7 +44,7 @@ func (api *API) postPushCacheHandler() service.Handler {
4444
}
4545

4646
if _, err := storageDriver.Store(&cacheObject, r.Body); err != nil {
47-
return sdk.WrapError(err, "postPushCacheHandler>Cannot store cache")
47+
return sdk.WrapError(err, "cannot store cache")
4848
}
4949

5050
return nil
@@ -53,7 +53,7 @@ func (api *API) postPushCacheHandler() service.Handler {
5353

5454
func (api *API) getPullCacheHandler() service.Handler {
5555
return func(ctx context.Context, w http.ResponseWriter, r *http.Request) error {
56-
if _, isWorker := api.isWorker(ctx); !isWorker {
56+
if isWorker := isWorker(ctx); !isWorker {
5757
return sdk.WithStack(sdk.ErrForbidden)
5858
}
5959

@@ -63,7 +63,7 @@ func (api *API) getPullCacheHandler() service.Handler {
6363
// check tag name pattern
6464
regexp := sdk.NamePatternRegex
6565
if !regexp.MatchString(tag) {
66-
return sdk.ErrInvalidName
66+
return sdk.WithStack(sdk.ErrInvalidName)
6767
}
6868

6969
cacheObject := sdk.Cache{
@@ -101,13 +101,14 @@ func (api *API) getPullCacheHandler() service.Handler {
101101
if err := ioread.Close(); err != nil {
102102
return sdk.WrapError(err, "cannot close artifact")
103103
}
104+
104105
return nil
105106
}
106107
}
107108

108109
func (api *API) postPushCacheWithTempURLHandler() service.Handler {
109110
return func(ctx context.Context, w http.ResponseWriter, r *http.Request) error {
110-
if _, isWorker := api.isWorker(ctx); !isWorker {
111+
if isWorker := isWorker(ctx); !isWorker {
111112
return sdk.WithStack(sdk.ErrForbidden)
112113
}
113114

@@ -149,7 +150,7 @@ func (api *API) postPushCacheWithTempURLHandler() service.Handler {
149150

150151
func (api *API) getPullCacheWithTempURLHandler() service.Handler {
151152
return func(ctx context.Context, w http.ResponseWriter, r *http.Request) error {
152-
if _, isWorker := api.isWorker(ctx); !isWorker {
153+
if isWorker := isWorker(ctx); !isWorker {
153154
return sdk.WithStack(sdk.ErrForbidden)
154155
}
155156

engine/api/navbar/navbar.go

Lines changed: 7 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -5,25 +5,12 @@ import (
55

66
"github.com/go-gorp/gorp"
77

8-
"github.com/ovh/cds/engine/api/cache"
98
"github.com/ovh/cds/engine/api/database/gorpmapping"
109
"github.com/ovh/cds/engine/api/group"
1110
"github.com/ovh/cds/sdk"
1211
)
1312

14-
// LoadNavbarData returns just the needed data for the ui navbar
15-
func LoadNavbarData(db gorp.SqlExecutor, store cache.Store, u sdk.AuthentifiedUser) (data []sdk.NavbarProjectData, err error) {
16-
// Admin can gets all project
17-
// Users can gets only their projects
18-
19-
if u.Admin() {
20-
return loadNavbarAsAdmin(db, store, u)
21-
}
22-
23-
return loadNavbarAsUser(db, store, u)
24-
}
25-
26-
func loadNavbarAsAdmin(db gorp.SqlExecutor, store cache.Store, u sdk.AuthentifiedUser) (data []sdk.NavbarProjectData, err error) {
13+
func LoadNavbarAsAdmin(db gorp.SqlExecutor, userID int64) (data []sdk.NavbarProjectData, err error) {
2714
query := `
2815
(
2916
SELECT DISTINCT
@@ -61,9 +48,9 @@ func loadNavbarAsAdmin(db gorp.SqlExecutor, store cache.Store, u sdk.Authentifie
6148
)
6249
`
6350

64-
rows, err := db.Query(query, u.OldUserStruct.ID)
51+
rows, err := db.Query(query, userID)
6552
if err != nil {
66-
return data, err
53+
return data, sdk.WithStack(err)
6754
}
6855
defer rows.Close()
6956

@@ -72,7 +59,7 @@ func loadNavbarAsAdmin(db gorp.SqlExecutor, store cache.Store, u sdk.Authentifie
7259
var favorite bool
7360
var name sql.NullString
7461
if err := rows.Scan(&key, &projectName, &projectDescription, &name, &favorite, &eltType); err != nil {
75-
return data, err
62+
return data, sdk.WithStack(err)
7663
}
7764

7865
projData := sdk.NavbarProjectData{
@@ -98,7 +85,7 @@ func loadNavbarAsAdmin(db gorp.SqlExecutor, store cache.Store, u sdk.Authentifie
9885
return data, nil
9986
}
10087

101-
func loadNavbarAsUser(db gorp.SqlExecutor, store cache.Store, u sdk.AuthentifiedUser) (data []sdk.NavbarProjectData, err error) {
88+
func LoadNavbarAsUser(db gorp.SqlExecutor, userID int64, groupIDs []int64) (data []sdk.NavbarProjectData, err error) {
10289
query := `
10390
(
10491
SELECT DISTINCT
@@ -160,7 +147,7 @@ func loadNavbarAsUser(db gorp.SqlExecutor, store cache.Store, u sdk.Authentified
160147
)
161148
`
162149

163-
rows, err := db.Query(query, u.OldUserStruct.ID, gorpmapping.IDsToQueryString(u.OldUserStruct.Groups.ToIDs()), group.SharedInfraGroup.ID)
150+
rows, err := db.Query(query, userID, gorpmapping.IDsToQueryString(groupIDs), group.SharedInfraGroup.ID)
164151
if err != nil {
165152
return data, sdk.WithStack(err)
166153
}
@@ -171,7 +158,7 @@ func loadNavbarAsUser(db gorp.SqlExecutor, store cache.Store, u sdk.Authentified
171158
var favorite bool
172159
var name sql.NullString
173160
if err := rows.Scan(&key, &projectName, &projectDescription, &name, &favorite, &eltType); err != nil {
174-
return data, err
161+
return data, sdk.WithStack(err)
175162
}
176163

177164
projData := sdk.NavbarProjectData{

engine/api/router_middleware_auth.go

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,9 @@ import (
1111

1212
"github.com/ovh/cds/engine/api/authentication"
1313
"github.com/ovh/cds/engine/api/observability"
14+
"github.com/ovh/cds/engine/api/services"
1415
"github.com/ovh/cds/engine/api/user"
16+
"github.com/ovh/cds/engine/api/worker"
1517
"github.com/ovh/cds/engine/service"
1618
"github.com/ovh/cds/sdk"
1719
"github.com/ovh/cds/sdk/log"
@@ -76,9 +78,25 @@ func (api *API) authMiddleware(ctx context.Context, w http.ResponseWriter, req *
7678
}
7779
// If the driver was disabled for the consumer that was found, ignore it
7880
if _, ok := api.AuthenticationDrivers[c.Type]; ok {
81+
// Add contacts for consumer's user
7982
if err := user.LoadOptions.WithContacts(ctx, api.mustDB(), c.AuthentifiedUser); err != nil {
8083
return ctx, err
8184
}
85+
86+
// Add service for consumer if exists
87+
s, err := services.LoadByConsumerID(ctx, api.mustDB(), c.ID)
88+
if err != nil && !sdk.ErrorIs(err, sdk.ErrNotFound) {
89+
return ctx, err
90+
}
91+
c.Service = s
92+
93+
// Add worker for consumer if exists
94+
w, err := worker.LoadByConsumerID(ctx, api.mustDB(), c.ID)
95+
if err != nil && !sdk.ErrorIs(err, sdk.ErrNotFound) {
96+
return ctx, err
97+
}
98+
c.Worker = w
99+
82100
consumer = c
83101
}
84102
}

engine/api/router_middleware_auth_permission.go

Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,9 +5,10 @@ import (
55
"strconv"
66

77
"github.com/ovh/cds/engine/api/authentication"
8-
"github.com/ovh/cds/engine/api/project"
98
"github.com/ovh/cds/engine/api/cache"
109
"github.com/ovh/cds/engine/api/observability"
10+
"github.com/ovh/cds/engine/api/project"
11+
"github.com/ovh/cds/engine/api/worker"
1112
"github.com/ovh/cds/engine/api/workflow"
1213

1314
"github.com/ovh/cds/engine/api/action"
@@ -69,7 +70,12 @@ func (api *API) checkJobIDPermissions(ctx context.Context, jobID string, perm in
6970

7071
// If the expected permission if >= RX and the consumer is a worker
7172
// We check that the worker has took this job
72-
if wk, isWorker := api.isWorker(ctx); isWorker && perm >= sdk.PermissionReadExecute {
73+
if isWorker := isWorker(ctx); isWorker && perm >= sdk.PermissionReadExecute {
74+
wk, err := worker.LoadByID(ctx, api.mustDB(), getAPIConsumer(ctx).Worker.ID)
75+
if err != nil {
76+
return err
77+
}
78+
7379
var ok bool
7480
k := cache.Key("api:workers", getAPIConsumer(ctx).ID, "perm", jobID)
7581
if has, _ := api.Cache.Get(k, &ok); ok && has {
@@ -98,13 +104,13 @@ func (api *API) checkProjectPermissions(ctx context.Context, projectKey string,
98104
ctx, end := observability.Span(ctx, "api.checkProjectPermissions")
99105
defer end()
100106

101-
if _, err := project.Load(api.mustDB(), api.Cache, projectKey); err != nil {
107+
if _, err := project.Load(api.mustDB(), api.Cache, projectKey); err != nil {
102108
return err
103109
}
104110

105111
perms, err := permission.LoadProjectMaxLevelPermission(ctx, api.mustDB(), []string{projectKey}, getAPIConsumer(ctx).GetGroupIDs())
106112
if err != nil {
107-
return sdk.WrapError(err, "cannot get max project permissions for %s", projectKey)
113+
return sdk.WrapError(err, "cannot get max project permissions for %s", projectKey)
108114
}
109115

110116
callerPermission := perms.Level(projectKey)

engine/api/services.go

Lines changed: 19 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -103,38 +103,42 @@ func (api *API) postServiceRegisterHandler() service.Handler {
103103

104104
func (api *API) postServiceHearbeatHandler() service.Handler {
105105
return func(ctx context.Context, w http.ResponseWriter, r *http.Request) error {
106+
if ok := isService(ctx); !ok {
107+
return sdk.WithStack(sdk.ErrForbidden)
108+
}
109+
110+
s, err := services.LoadByID(ctx, api.mustDB(), getAPIConsumer(ctx).Service.ID)
111+
if err != nil {
112+
return err
113+
}
114+
106115
var mon sdk.MonitoringStatus
107116
if err := service.UnmarshalBody(r, &mon); err != nil {
108-
return sdk.WithStack(err)
117+
return err
109118
}
110119

120+
// Update status to warn if service version != api version
111121
for i := range mon.Lines {
112-
s := &mon.Lines[i]
113-
if s.Component == "Version" {
114-
if sdk.VERSION != s.Value {
115-
s.Status = sdk.MonitoringStatusWarn
122+
if mon.Lines[i].Component == "Version" {
123+
if sdk.VERSION != mon.Lines[i].Value {
124+
mon.Lines[i].Status = sdk.MonitoringStatusWarn
116125
} else {
117-
s.Status = sdk.MonitoringStatusOK
126+
mon.Lines[i].Status = sdk.MonitoringStatusOK
118127
}
119128
break
120129
}
121130
}
122131

123132
tx, err := api.mustDB().Begin()
124133
if err != nil {
125-
return sdk.WrapError(err, "Cannot start transaction")
134+
return sdk.WithStack(err)
126135
}
127136
defer tx.Rollback() // nolint
128137

129-
srv, ok := api.isService(ctx)
130-
if !ok {
131-
return sdk.ErrForbidden
132-
}
138+
s.LastHeartbeat = time.Now()
139+
s.MonitoringStatus = mon
133140

134-
srv.LastHeartbeat = time.Now()
135-
srv.MonitoringStatus = mon
136-
137-
if err := services.Update(ctx, tx, srv); err != nil {
141+
if err := services.Update(ctx, tx, s); err != nil {
138142
return err
139143
}
140144

engine/api/services_test.go

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -84,5 +84,4 @@ func TestServicesHandlers(t *testing.T) {
8484
require.Equal(t, 204, rec.Code)
8585

8686
require.NoError(t, services.Delete(api.mustDB(), &srv))
87-
8887
}

0 commit comments

Comments
 (0)
0