From 436a60da9f47c383f4a34880a6650a3d29c7a887 Mon Sep 17 00:00:00 2001 From: catttam Date: Fri, 26 Jan 2024 12:13:03 +0100 Subject: [PATCH] Several changes --- pkg/handlers/create.go | 6 ++++-- pkg/utils/auth/multitenancy.go | 28 ++++++++++++++++++++-------- pkg/utils/auth/oidc.go | 2 +- 3 files changed, 25 insertions(+), 11 deletions(-) diff --git a/pkg/handlers/create.go b/pkg/handlers/create.go index 6785aea5..6d2570be 100644 --- a/pkg/handlers/create.go +++ b/pkg/handlers/create.go @@ -62,13 +62,15 @@ func MakeCreateHandler(cfg *types.Config, back types.ServerlessBackend) gin.Hand c.String(http.StatusInternalServerError, fmt.Sprintln("Missing EGI user uid")) } - mc, mcParsed := mcUntyped.(auth.MultitenancyConfig) + mc, mcParsed := mcUntyped.(*auth.MultitenancyConfig) uid, uidParsed := uidOrigin.(string) if !mcParsed { c.String(http.StatusInternalServerError, fmt.Sprintf("Error parsing multitenancy config: %v", mcParsed)) } + createLogger.Println("Multitenancy config: ", &mc) + if !uidParsed { c.String(http.StatusInternalServerError, fmt.Sprintf("Error parsing uid origin: %v", uidParsed)) } @@ -90,7 +92,7 @@ func MakeCreateHandler(cfg *types.Config, back types.ServerlessBackend) gin.Hand if err != nil { c.String(http.StatusBadRequest, fmt.Sprintln(err)) } - service.Labels["uid"] = uid + service.Labels["uid"] = auth.FormatUID(uid) service.AllowedUsers = append(service.AllowedUsers, uid) createLogger.Println("Creating service for user: ", uid) break diff --git a/pkg/utils/auth/multitenancy.go b/pkg/utils/auth/multitenancy.go index c956f446..7874d6d9 100644 --- a/pkg/utils/auth/multitenancy.go +++ b/pkg/utils/auth/multitenancy.go @@ -60,9 +60,19 @@ func (mc *MultitenancyConfig) ClearCache() { } func (mc *MultitenancyConfig) UserExists(uid string) bool { - for _, id := range mc.usersCache { - if id == uid { - return true + if len(mc.usersCache) < 1 { + // If the cache is empty check if a secret for the uid exists + secret_name := FormatUID(uid) + _, err := mc.kubeClientset.CoreV1().Secrets(ServicesNamespace).Get(context.TODO(), secret_name, metav1.GetOptions{}) + if err != nil { + return false + } + return true + } else { + for _, id := range mc.usersCache { + if id == uid { + return true + } } } return false @@ -88,13 +98,9 @@ func (mc *MultitenancyConfig) CheckUsersInCache(uids []string) []string { func (mc *MultitenancyConfig) CreateSecretForOIDC(uid string, sk string) error { - uidr, _ := regexp.Compile("[0-9a-z]+@") - idx := uidr.FindStringIndex(uid) - secret_name := uid[0 : idx[1]-1] - secret := &v1.Secret{ ObjectMeta: metav1.ObjectMeta{ - Name: secret_name, + Name: FormatUID(uid), Namespace: ServicesNamespace, }, StringData: map[string]string{ @@ -123,3 +129,9 @@ func GenerateRandomKey(length int) (string, error) { } return base64.RawURLEncoding.EncodeToString(key), nil } + +func FormatUID(uid string) string { + uidr, _ := regexp.Compile("[0-9a-z]+@") + idx := uidr.FindStringIndex(uid) + return uid[0 : idx[1]-1] +} diff --git a/pkg/utils/auth/oidc.go b/pkg/utils/auth/oidc.go index 3b4f832a..ed270375 100644 --- a/pkg/utils/auth/oidc.go +++ b/pkg/utils/auth/oidc.go @@ -124,7 +124,7 @@ func getOIDCMiddleware(kubeClientset *kubernetes.Clientset, minIOAdminClient *ut } oidcLogger.Printf("User %s already exists", uid) c.Set("uidOrigin", uid) - c.Set("multitenancyConfig", mc) + c.Set("multitenancyConfig", &mc) c.Next() } }