From b34a1a67db847114f32e4d3fed99cc8f1bee769a Mon Sep 17 00:00:00 2001 From: Bo Yang Date: Wed, 24 May 2017 12:07:45 -0700 Subject: [PATCH 1/4] Add resourceUrn to authenticate context --- services/frontendhost/frontend.go | 8 ++++++-- services/storehost/storagemonitor.go | 3 ++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/services/frontendhost/frontend.go b/services/frontendhost/frontend.go index d1dd77b9..9d242838 100644 --- a/services/frontendhost/frontend.go +++ b/services/frontendhost/frontend.go @@ -44,6 +44,7 @@ import ( m "github.com/uber/cherami-thrift/.generated/go/metadata" "github.com/uber/cherami-thrift/.generated/go/shared" + "context" "github.com/uber-common/bark" "github.com/uber/tchannel-go/hyperbahn" "github.com/uber/tchannel-go/thrift" @@ -51,6 +52,7 @@ import ( const ( maxSizeCacheDestinationPathForUUID = 1000 + authContextResourceUrnKey = "resourceUrn" ) var nilRequestError = &c.BadRequestError{Message: `request must not be nil`} @@ -589,13 +591,15 @@ func (h *Frontend) CreateDestination(ctx thrift.Context, createRequest *c.Create lclLg := h.logger.WithField(common.TagDstPth, common.FmtDstPth(createRequest.GetPath())) - authSubject, err := h.GetAuthManager().Authenticate(ctx) + authResource := common.GetResourceURNCreateDestination(h.SCommon, createRequest.Path) + + authContext := context.WithValue(ctx, authContextResourceUrnKey, authResource) + authSubject, err := h.GetAuthManager().Authenticate(authContext) if err != nil { // TODO add metrics return nil, err } - authResource := common.GetResourceURNCreateDestination(h.SCommon, createRequest.Path) err = h.GetAuthManager().Authorize(authSubject, common.OperationCreate, common.Resource(authResource)) if err != nil { lclLg.WithField(common.TagSubject, authSubject).WithField(common.TagResource, authResource).Info("Not allowed to create destination") diff --git a/services/storehost/storagemonitor.go b/services/storehost/storagemonitor.go index b6551088..64a5e430 100644 --- a/services/storehost/storagemonitor.go +++ b/services/storehost/storagemonitor.go @@ -178,7 +178,8 @@ func (s *storageMonitor) checkStorage() { } else if availablePcnt < warningThreshold { s.logger.WithFields(bark.Fields{`filePath`: path, `availableMBs`: availableMBs, `totalMBs`: totalMBs, `availablePcnt`: availablePcnt}).Warn(`Available disk space lower than warning threshold`) } else { - s.logger.WithFields(bark.Fields{`filePath`: path, `availableMBs`: availableMBs, `totalMBs`: totalMBs, `availablePcnt`: availablePcnt}).Info(`Monitoring disk space`) } + s.logger.WithFields(bark.Fields{`filePath`: path, `availableMBs`: availableMBs, `totalMBs`: totalMBs, `availablePcnt`: availablePcnt}).Info(`Monitoring disk space`) + } } func (s *storageMonitor) doHouseKeeping() { From 3871dda39f813a74a63cd8d6607f41abc2478ac4 Mon Sep 17 00:00:00 2001 From: Bo Yang Date: Wed, 24 May 2017 14:36:02 -0700 Subject: [PATCH 2/4] Use type for context key --- services/frontendhost/frontend.go | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/services/frontendhost/frontend.go b/services/frontendhost/frontend.go index 9d242838..66e4607a 100644 --- a/services/frontendhost/frontend.go +++ b/services/frontendhost/frontend.go @@ -52,9 +52,12 @@ import ( const ( maxSizeCacheDestinationPathForUUID = 1000 - authContextResourceUrnKey = "resourceUrn" ) +type ContextKey string + +var ResourceUrnKey = ContextKey("resourceUrn") + var nilRequestError = &c.BadRequestError{Message: `request must not be nil`} var badRequestKafkaConfigError = &c.BadRequestError{Message: `kafka destination must set kafka cluster and topic, and may not be multi-zone`} var badRequestNonKafkaConfigError = &c.BadRequestError{Message: `non-Kafka destination must not set kafka cluster and topic`} @@ -593,7 +596,7 @@ func (h *Frontend) CreateDestination(ctx thrift.Context, createRequest *c.Create authResource := common.GetResourceURNCreateDestination(h.SCommon, createRequest.Path) - authContext := context.WithValue(ctx, authContextResourceUrnKey, authResource) + authContext := context.WithValue(ctx, ResourceUrnKey, authResource) authSubject, err := h.GetAuthManager().Authenticate(authContext) if err != nil { // TODO add metrics From 68664de35fd647b3d4c5e1a0a2a852db498f6426 Mon Sep 17 00:00:00 2001 From: Bo Yang Date: Wed, 24 May 2017 14:40:42 -0700 Subject: [PATCH 3/4] Add comment for public stuff in frontend.go --- services/frontendhost/frontend.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/services/frontendhost/frontend.go b/services/frontendhost/frontend.go index 66e4607a..61a90084 100644 --- a/services/frontendhost/frontend.go +++ b/services/frontendhost/frontend.go @@ -54,8 +54,10 @@ const ( maxSizeCacheDestinationPathForUUID = 1000 ) +// ContextKey is the type for context key type ContextKey string +// ResourceUrnKey is the context key name for resourceUrn var ResourceUrnKey = ContextKey("resourceUrn") var nilRequestError = &c.BadRequestError{Message: `request must not be nil`} From d3a24cd2069e478e09827d0f91e53c961696dbb0 Mon Sep 17 00:00:00 2001 From: Bo Yang Date: Wed, 24 May 2017 14:52:25 -0700 Subject: [PATCH 4/4] Reorganize import --- services/frontendhost/frontend.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/frontendhost/frontend.go b/services/frontendhost/frontend.go index 61a90084..9838df0e 100644 --- a/services/frontendhost/frontend.go +++ b/services/frontendhost/frontend.go @@ -21,6 +21,7 @@ package frontendhost import ( + "context" "crypto/sha1" "encoding/base64" "fmt" @@ -44,7 +45,6 @@ import ( m "github.com/uber/cherami-thrift/.generated/go/metadata" "github.com/uber/cherami-thrift/.generated/go/shared" - "context" "github.com/uber-common/bark" "github.com/uber/tchannel-go/hyperbahn" "github.com/uber/tchannel-go/thrift"