-
Notifications
You must be signed in to change notification settings - Fork 417
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* lower level on auth success from info to debug (fixes #5820) * don't log stacktraces on auth errors (as requested on slack). we do this by introducing an `AuthError` type instead of using `anyhow` and `bail`. * return errors that have been censored for improved security.
- Loading branch information
Showing
10 changed files
with
105 additions
and
75 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,22 +1,21 @@ | ||
use anyhow::{bail, Result}; | ||
use utils::auth::{Claims, Scope}; | ||
use utils::auth::{AuthError, Claims, Scope}; | ||
use utils::id::TenantId; | ||
|
||
pub fn check_permission(claims: &Claims, tenant_id: Option<TenantId>) -> Result<()> { | ||
pub fn check_permission(claims: &Claims, tenant_id: Option<TenantId>) -> Result<(), AuthError> { | ||
match (&claims.scope, tenant_id) { | ||
(Scope::Tenant, None) => { | ||
bail!("Attempt to access management api with tenant scope. Permission denied") | ||
} | ||
(Scope::Tenant, None) => Err(AuthError( | ||
"Attempt to access management api with tenant scope. Permission denied".into(), | ||
)), | ||
(Scope::Tenant, Some(tenant_id)) => { | ||
if claims.tenant_id.unwrap() != tenant_id { | ||
bail!("Tenant id mismatch. Permission denied") | ||
return Err(AuthError("Tenant id mismatch. Permission denied".into())); | ||
} | ||
Ok(()) | ||
} | ||
(Scope::PageServerApi, None) => Ok(()), // access to management api for PageServerApi scope | ||
(Scope::PageServerApi, Some(_)) => Ok(()), // access to tenant api using PageServerApi scope | ||
(Scope::SafekeeperData, _) => { | ||
bail!("SafekeeperData scope makes no sense for Pageserver") | ||
} | ||
(Scope::SafekeeperData, _) => Err(AuthError( | ||
"SafekeeperData scope makes no sense for Pageserver".into(), | ||
)), | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,19 +1,20 @@ | ||
use anyhow::{bail, Result}; | ||
use utils::auth::{Claims, Scope}; | ||
use utils::auth::{AuthError, Claims, Scope}; | ||
use utils::id::TenantId; | ||
|
||
pub fn check_permission(claims: &Claims, tenant_id: Option<TenantId>) -> Result<()> { | ||
pub fn check_permission(claims: &Claims, tenant_id: Option<TenantId>) -> Result<(), AuthError> { | ||
match (&claims.scope, tenant_id) { | ||
(Scope::Tenant, None) => { | ||
bail!("Attempt to access management api with tenant scope. Permission denied") | ||
} | ||
(Scope::Tenant, None) => Err(AuthError( | ||
"Attempt to access management api with tenant scope. Permission denied".into(), | ||
)), | ||
(Scope::Tenant, Some(tenant_id)) => { | ||
if claims.tenant_id.unwrap() != tenant_id { | ||
bail!("Tenant id mismatch. Permission denied") | ||
return Err(AuthError("Tenant id mismatch. Permission denied".into())); | ||
} | ||
Ok(()) | ||
} | ||
(Scope::PageServerApi, _) => bail!("PageServerApi scope makes no sense for Safekeeper"), | ||
(Scope::PageServerApi, _) => Err(AuthError( | ||
"PageServerApi scope makes no sense for Safekeeper".into(), | ||
)), | ||
(Scope::SafekeeperData, _) => Ok(()), | ||
} | ||
} |
Oops, something went wrong.
ea118a2
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
2438 tests run: 2317 passed, 0 failed, 121 skipped (full report)
Code coverage (full report)
functions
:54.7% (8899 of 16272 functions)
lines
:81.6% (51228 of 62754 lines)
ea118a2 at 2023-11-08T17:44:45.186Z :recycle: