-
Notifications
You must be signed in to change notification settings - Fork 662
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MG-1955 - Bootstrap service is not synced to the latest changes of access control #2199
base: main
Are you sure you want to change the base?
Conversation
955c48b
to
36871a7
Compare
a419da6
to
1fbba5b
Compare
1c41e02
to
d51ce36
Compare
26959ac
to
2080e0a
Compare
c43e6eb
to
87c7b95
Compare
bootstrap/service.go
Outdated
for _, channel := range cfg.Channels { | ||
if channel.ID == "" || channel.ID == "invalid" { | ||
return Config{}, svcerr.ErrMalformedEntity | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This can be moved to API layer
bootstrap/service.go
Outdated
return Config{}, errors.Wrap(svcerr.ErrViewEntity, err) | ||
} | ||
|
||
if thing.DomainID != user.GetDomainId() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How this case will be possible?
Is there way to add to a thing which is not belongs same domain of user?
bootstrap/service.go
Outdated
if err != nil { | ||
return errors.Wrap(svcerr.ErrAuthentication, err) | ||
} | ||
_, err = bs.authorize(ctx, "", auth.UserType, auth.UsersKind, user.GetId(), auth.EditPermission, auth.DomainType, user.GetDomainId()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@JeffMboya Why we are checking the user have edit access to Domain ?
cf44a0a
to
7fb4b09
Compare
bootstrap/service.go
Outdated
if err != nil { | ||
return Config{}, errors.Wrap(svcerr.ErrAuthentication, err) | ||
} | ||
cfg, err := bs.configs.RetrieveByID(ctx, owner, id) | ||
|
||
// Retrieve the bootstrap configuration. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same as things service we need to authorize the users has ViewPermission
to the thing if the boostrap config has thingID
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This also applies to update operations EditPermission
e08a890
to
3a810ae
Compare
Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain access control Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain access control Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain access control Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain access control Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain access control Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add authorization to identify method Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add authorize method Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add authorize method Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add authorize method Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add policies Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Remove policies Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorization Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Add domain level authorizaton Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Fix: add error return value to identify function Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Fix: add error return value to identify function Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Refactor: replace domain_id with domainID Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Refactor: replace domain_id with domainID Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Refactor: replace domain_id with domainID Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Refactor: replace 'Owner' with 'DomainID' Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Refactor: replace 'Owner' with 'DomainID' Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Fix (configs.go): remove unused context Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Feature: add configs with same name in different domains Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Feature: add configs with same name in different domains Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Fix: failing test dues to renaming Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Refactor: rename domainid to domain_id Signed-off-by: JeffMboya <jangina.mboya@gmail.com> fix: handle malformed channel in addEndpoint Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: update authorization method parameters Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: remove unnecessary authorization checks Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: remove unnecessary authorization checks Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: remove unnecessary authorization checks Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: remove unnecessary authorization checks Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: remove unnecessary authorization checks Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: remove unnecessary authorization checks Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: remove unnecessary authorization checks Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: remove unnecessary authorization checks Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: remove unnecessary authorization checks Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Fix: failing tests Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Fix: failing tests Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Fix: failing tests Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: add testsutil package for generating UUIDs in tests Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: add empty channel tests Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: add valid request Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: remove comment Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: add authorization to view method Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: add authorization checks to UpdateCert, UpdateConnections, and Remove methods Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: add authorization checks to UpdateCert, UpdateConnections, and Remove methods Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: add authorization checks to UpdateCert, UpdateConnections, and Remove methods Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: add authorization checks to UpdateCert, UpdateConnections, and Remove methods Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: add authorization checks to UpdateCert, UpdateConnections, and Remove methods Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: add authorization checks to UpdateCert, UpdateConnections, and Remove methods Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: add authorization checks to UpdateCert, UpdateConnections, and Remove methods Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: add authorization checks to UpdateCert, UpdateConnections, and Remove methods Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: add authorization checks to UpdateCert, UpdateConnections, and Remove methods Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: add authorization checks to UpdateCert, UpdateConnections, and Remove methods Signed-off-by: JeffMboya <jangina.mboya@gmail.com> refactor: add authorization checks to UpdateCert, and UpdateConnections methods Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
bootstrap/service.go
Outdated
if err != nil { | ||
return errors.Wrap(svcerr.ErrAuthentication, err) | ||
} | ||
|
||
cfg.Owner = owner | ||
cfg.DomainID = user.GetDomainId() | ||
_, err = bs.authorize(ctx, "", auth.TokenKind, token, auth.EditPermission, auth.DomainType, cfg.DomainID) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since we have userID
from identify we can user usersKind
and userID
Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
… and Remove methods Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
… and Remove methods Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
@@ -36,6 +36,16 @@ func (req addReq) validate() error { | |||
return apiutil.ErrBearerKey | |||
} | |||
|
|||
if len(req.Channels) == 0 { | |||
return apiutil.ErrMissingID |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
return apiutil.ErrMissingID | |
return apiutil.ErrEmptyList |
if err != nil { | ||
return Config{}, errors.Wrap(svcerr.ErrAuthentication, err) | ||
} | ||
cfg, err := bs.configs.RetrieveByID(ctx, owner, id) | ||
_, err = bs.authorize(ctx, user.GetDomainId(), auth.UsersKind, user.GetId(), auth.ViewPermission, auth.ThingType, id) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should authorize if the bootstrap has a thingID
if err != nil { | ||
return Config{}, errors.Wrap(svcerr.ErrAuthentication, err) | ||
} | ||
cfg, err := bs.configs.UpdateCert(ctx, owner, thingID, clientCert, clientKey, caCert) | ||
_, err = bs.authorize(ctx, user.GetDomainId(), auth.UsersKind, user.GetId(), auth.EditPermission, auth.ThingType, thingID) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same
bootstrap/service.go
Outdated
|
||
j := 0 | ||
for _, config := range configsPage.Configs { | ||
_, err := bs.authorize(ctx, user.GetDomainId(), auth.UsersKind, user.GetId(), auth.ViewPermission, auth.ThingType, config.ThingID) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This doesn't seem good since we will make n calls to auth depending on the list of configs. You can check something like this #2168. So if they aren't domain admins they get basic information. @arvindh123 what do you think?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, This should be like, first we need to get all thingID
s from spiceDB for user and then pass the thingID
s to config repo to retrieve the bootstrap config
bootstrap/service.go
Outdated
|
||
j := 0 | ||
for _, config := range configsPage.Configs { | ||
_, err := bs.authorize(ctx, user.GetDomainId(), auth.UsersKind, user.GetId(), auth.ViewPermission, auth.ThingType, config.ThingID) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, This should be like, first we need to get all thingID
s from spiceDB for user and then pass the thingID
s to config repo to retrieve the bootstrap config
…meter Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
Signed-off-by: JeffMboya <jangina.mboya@gmail.com>
What type of PR is this?
This PR is a bug fix.
What does this do?
This PR ensures that users can only view bootstrap configurations of the things within their current domain. It also allows domain members with appropriate permissions to view configurations for things within the domain, regardless of who created the configuration.
Which issue(s) does this PR fix/relate to?
Have you included tests for your changes?
Yes, tests have been included in this PR.
Did you document any new/modified feature?
No new features were documented in this PR.