-
Notifications
You must be signed in to change notification settings - Fork 550
/
interceptor.go
35 lines (28 loc) · 1.15 KB
/
interceptor.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
package auth
import (
"context"
"github.com/flyteorg/flyte/flytestdlib/logger"
"google.golang.org/grpc"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
)
func BlanketAuthorization(ctx context.Context, req interface{}, _ *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (
resp interface{}, err error) {
identityContext := IdentityContextFromContext(ctx)
if identityContext.IsEmpty() {
return handler(ctx, req)
}
if !identityContext.Scopes().Has(ScopeAll) {
logger.Debugf(ctx, "authenticated user doesn't have required scope")
return nil, status.Errorf(codes.Unauthenticated, "authenticated user doesn't have required scope")
}
return handler(ctx, req)
}
// ExecutionUserIdentifierInterceptor injects identityContext.UserID() to identityContext.executionIdentity
func ExecutionUserIdentifierInterceptor(ctx context.Context, req interface{}, _ *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (
resp interface{}, err error) {
identityContext := IdentityContextFromContext(ctx)
identityContext = identityContext.WithExecutionUserIdentifier(identityContext.UserID())
ctx = identityContext.WithContext(ctx)
return handler(ctx, req)
}