cloudapi: Add x-rh-identity header filter

2021-05-26 15:06:13 +02:00 · 2021-05-26 15:06:13 +02:00 · 19db3ff1d4
commit 19db3ff1d4
parent 2a42d05a10
4 changed files with 112 additions and 15 deletions
--- a/cmd/osbuild-composer/composer.go
+++ b/cmd/osbuild-composer/composer.go
@ -111,17 +111,21 @@ func (c *Composer) InitAPI(cert, key string, l net.Listener) error {
 	c.api = cloudapi.NewServer(c.workers, c.rpm, c.distros)
 	c.koji = kojiapi.NewServer(c.logger, c.workers, c.rpm, c.distros)

-	tlsConfig, err := createTLSConfig(&connectionConfig{
-		CACertFile:     c.config.Koji.CA,
-		ServerKeyFile:  key,
-		ServerCertFile: cert,
-		AllowedDomains: c.config.Koji.AllowedDomains,
-	})
-	if err != nil {
-		return fmt.Errorf("Error creating TLS configuration: %v", err)
-	}
+	if len(c.config.ComposerAPI.IdentityFilter) > 0 {
+		c.apiListener = l
+	} else {
+		tlsConfig, err := createTLSConfig(&connectionConfig{
+			CACertFile:     c.config.Koji.CA,
+			ServerKeyFile:  key,
+			ServerCertFile: cert,
+			AllowedDomains: c.config.Koji.AllowedDomains,
+		})
+		if err != nil {
+			return fmt.Errorf("Error creating TLS configuration: %v", err)
+		}

-	c.apiListener = tls.NewListener(l, tlsConfig)
+		c.apiListener = tls.NewListener(l, tlsConfig)
+	}

 	return nil
 }
@ -195,7 +199,7 @@ func (c *Composer) Start() error {
 			// Add a "/" here, because http.ServeMux expects the
 			// trailing slash for rooted subtrees, whereas the
 			// handler functions don't.
-			mux.Handle(apiRoute+"/", c.api.Handler(apiRoute))
+			mux.Handle(apiRoute+"/", c.api.Handler(apiRoute, c.config.ComposerAPI.IdentityFilter))
 			mux.Handle(kojiRoute+"/", c.koji.Handler(kojiRoute))

 			s := &http.Server{