New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow dynamic publish permissions based on reply subjects of received msgs. #1081
Conversation
I will add support at JWT level after this lands. |
Also probably need a test for duplicate reply subjects and resetting of permissions. Also a more explicit test on the pruning. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Concerned about pubAllowed
now grabbing client's lock since that function may already be invoked under the lock in some cases (through canImport, etc..). Need to check that.
// dynamically, check to see if we are allowed here Avoid pcache. | ||
// We need to acquire the lock though. | ||
if !allowed && c.perms.resp != nil { | ||
c.mu.Lock() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That is going to be a problem. pubAllowed
is called by canImport
that is holding the connection's lock. Let's check that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok will take a closer look.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But then this means that when invoked from a route, that won't work. That is, if we allow these kind of permissions for routes, then they won't be checked.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
instead, I would have conditionally lock/unlock since in one case we already have the lock, other we don't.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I disallowed from cluster config.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
… msgs Signed-off-by: Derek Collison <derek@nats.io>
This allows a dynamic publish permission to be granted only to subjects that were delivered as reply subjects. We also allow more detailed permission on maximum number of messages that can use the permission and maximum amount of time the permission can be active.
Signed-off-by: Derek Collison derek@nats.io
/cc @nats-io/core