Prevent to change Server's trust domain #644
Conversation
…t domains Signed-off-by: Marcos Yacob <marcos@scytale.io>
Signed-off-by: Marcos Yacob <marcos@scytale.io>
MarcosDY
requested review from
amartinezfayo,
azdagron,
evan2645,
martincapello and
walmav
as code owners
| @@ -26,9 +26,22 @@ import ( | |||
| "github.com/spiffe/spire/pkg/server/svid" | |||
| "google.golang.org/grpc" | |||
|
|
|||
| "errors" | |||
|
|
|||
| "github.com/spiffe/spire/proto/server/datastore" | |||
There was a problem hiding this comment.
nit: looks like these imports ended up in the wrong place
pkg/server/server.go
Outdated
| const ( | ||
| invalidTrustDomainAttestedNode = "An attested node with trust domain '%v' has been detected, " + | ||
| "which does not match the configured trust domain of '%v'. If you want to change the trust domain, " + | ||
| "please delete all existing attested nodes" |
There was a problem hiding this comment.
I don't think this is currently possible? #27 is related
pkg/server/server.go
Outdated
| fetchResponse, err := ds.ListRegistrationEntries(ctx, &datastore.ListRegistrationEntriesRequest{}) | ||
| if err != nil { | ||
| s.config.Log.Error(err) | ||
| return errors.New("error trying to fetch entries") |
There was a problem hiding this comment.
Why not return the error here instead of logging it and returning a different one? Or something like this
return fmt.Errorf("check existing entries: %v", err)
pkg/server/server.go
Outdated
| func (s *Server) validateTrustDomain(ctx context.Context, ds datastore.DataStore) error { | ||
| trustDomain := s.config.TrustDomain.Host | ||
|
|
||
| fetchResponse, err := ds.ListRegistrationEntries(ctx, &datastore.ListRegistrationEntriesRequest{}) |
There was a problem hiding this comment.
I think this will be problematic for production deployments, since we will be scanning the whole table every time we start/restart... we should add a pagination option or something (perhaps as part of a separate PR/Issue?)
pkg/server/server.go
Outdated
| func validateSpiffeId(spiffeId string, trustDomain string, errMsg string) error { | ||
| id, err := url.Parse(spiffeId) | ||
| if err != nil { | ||
| return fmt.Errorf("could not parse SPIFFE ID: %v", err) |
There was a problem hiding this comment.
it would be good if we could include more information here... that it is a registration entry that is bad, and perhaps the entry ID so the user can inspect it/delete it
…s a node with different trust domain Signed-off-by: Marcos Yacob <marcos@scytale.io>
Signed-off-by: Marcos Yacob <marcos@scytale.io>
Signed-off-by: Marcos Yacob <marcos@scytale.io>
| @@ -189,14 +189,21 @@ message BySelectors { | |||
| MatchBehavior match = 2; | |||
| } | |||
|
|
|||
| message Pagination { | |||
| uint32 token = 1; | |||
There was a problem hiding this comment.
i think a string "token" is more flexible... what do others think?
There was a problem hiding this comment.
Agree that was my first approach too
There was a problem hiding this comment.
My only gripe is that the sql plugin code is a little pointier when this is a string because we have to convert it and check for errors in a spot that would otherwise be error-free
There was a problem hiding this comment.
yes, I added a parser, to prevent it to happens, basically parse to int and put that int into select, and an error is returned in case parse is not valid
| if err := entryTx.Where(entryIDs).Find(&models).Error; err != nil { | ||
| return nil, sqlError.Wrap(err) | ||
| db := entryTx.Where(entryIDs) | ||
| if err := findRegisteredEntries(req, db, &models); err != nil { |
There was a problem hiding this comment.
i think this is less confusing with a functional approach:
models, pagination, err := findRegisteredEntries(db, req.Pagination)
if err != nil {
| } | ||
|
|
||
| // update pagination token based in last result in returned list | ||
| func updatePaginationToken(p *datastore.Pagination, entries *[]RegisteredEntry) { |
There was a problem hiding this comment.
it's seems weird to take a pointer to a slice...
pkg/server/server_test.go
Outdated
| "io/ioutil" | ||
| "net/url" | ||
| "os" | ||
| "testing" | ||
|
|
||
| "fmt" |
There was a problem hiding this comment.
"fmt" and "bytes" should be grouped with the rest of the std imports
| @@ -347,6 +347,19 @@ func (s *DataStore) ListRegistrationEntries(ctx context.Context, | |||
| s.mu.Lock() | |||
| defer s.mu.Unlock() | |||
|
|
|||
| // no pagination allow for this fake, for now it return only one page | |||
There was a problem hiding this comment.
should we implement pagination in the fake datastore so the server startup code that paginates entries for trust domain validation can be tested?
…aginate entries Signed-off-by: Marcos Yacob <marcos@scytale.io>
Signed-off-by: Marcos Yacob <marcos@scytale.io>
Signed-off-by: Marcos Yacob <marcos@scytale.io>
pkg/server/server.go
Outdated
| trustDomain := s.config.TrustDomain.Host | ||
|
|
||
| var token string | ||
| // Repeat until no more results are returned |
There was a problem hiding this comment.
I don't think we need to iterate over all the entries... perhaps we just make the request with PageSize 1 and call it a day? Same for attested nodes
| @@ -189,14 +189,21 @@ message BySelectors { | |||
| MatchBehavior match = 2; | |||
| } | |||
|
|
|||
| message Pagination { | |||
| uint32 token = 1; | |||
There was a problem hiding this comment.
My only gripe is that the sql plugin code is a little pointier when this is a string because we have to convert it and check for errors in a spot that would otherwise be error-free
Signed-off-by: Marcos Yacob <marcos@scytale.io>
| @@ -656,8 +666,14 @@ func listAttestedNodes(tx *gorm.DB, req *datastore.ListAttestedNodesRequest) (*d | |||
| return nil, sqlError.Wrap(err) | |||
| } | |||
|
|
|||
| if p != nil && p.PageSize > 0 && len(models) > 0 { | |||
| lastEntry := (models)[len(models)-1] | |||
There was a problem hiding this comment.
nit: () on (models) is unnecessary
Signed-off-by: Marcos Yacob <marcos@scytale.io>
Validate Server's trust domain using persisted attestation nodes and registration entries