Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Internal evaluation data API does not skip auth when evaluation is marked as excluded #3017

Closed
GeorgeMac opened this issue Apr 23, 2024 · 1 comment · Fixed by #3018
Closed

Internal evaluation data API does not skip auth when evaluation is marked as excluded #3017

GeorgeMac opened this issue Apr 23, 2024 · 1 comment · Fixed by #3018
Labels
bug

Comments

@GeorgeMac
Copy link
Contributor

Currently, when you mark the evaluation section of the API as excluded from authentication, it does not apply to the internal evaluation data API. This API is used to feed client-side evaluation with state. Meaning, you cannot publically expose evaluation state to client-side SDKs in this way.

flipt/internal/cmd/grpc.go

Lines 207 to 229 in 2490bb5

var (
fliptsrv = fliptserver.New(logger, store)
metasrv = metadata.New(cfg, info)
evalsrv = evaluation.New(logger, store)
evalDataSrv = evaluationdata.New(logger, store)
healthsrv = health.NewServer()
)
var (
// authOpts is a slice of options that will be passed to the authentication service.
// it's initialized with the default option of skipping authentication for the health service which should never require authentication.
authOpts = []containers.Option[authmiddlewaregrpc.InterceptorOptions]{
authmiddlewaregrpc.WithServerSkipsAuthentication(healthsrv),
}
skipAuthIfExcluded = func(server any, excluded bool) {
if excluded {
authOpts = append(authOpts, authmiddlewaregrpc.WithServerSkipsAuthentication(server))
}
}
)
skipAuthIfExcluded(fliptsrv, cfg.Authentication.Exclude.Management)
skipAuthIfExcluded(evalsrv, cfg.Authentication.Exclude.Evaluation)

We should update this skip check to also apply auth skipping to the internal data API.
@GeorgeMac GeorgeMac added the bug label Apr 23, 2024
@markphelps
Copy link
Collaborator

We should probably do a bug fix release off of the last release tag

@GeorgeMac GeorgeMac mentioned this issue Apr 23, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
Roadmap
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(cmd/grpc): skip eval data service when evaluation API auth excluded flipt-io/flipt
2 participants
@markphelps @GeorgeMac