diff --git a/cmd/osbuild-composer/composer.go b/cmd/osbuild-composer/composer.go index 8eae9ba1e..5560767fc 100644 --- a/cmd/osbuild-composer/composer.go +++ b/cmd/osbuild-composer/composer.go @@ -104,22 +104,18 @@ func (c *Composer) InitAPI(cert, key string, l net.Listener) error { c.api = cloudapi.NewServer(c.workers, c.rpm, c.distros) c.koji = kojiapi.NewServer(c.logger, c.workers, c.rpm, c.distros) - if len(c.config.ComposerAPI.IdentityFilter) > 0 { - c.apiListener = l - } else { - tlsConfig, err := createTLSConfig(&connectionConfig{ - CACertFile: c.config.Koji.CA, - ServerKeyFile: key, - ServerCertFile: cert, - AllowedDomains: c.config.Koji.AllowedDomains, - }) - if err != nil { - return fmt.Errorf("Error creating TLS configuration: %v", err) - } - - c.apiListener = tls.NewListener(l, tlsConfig) + tlsConfig, err := createTLSConfig(&connectionConfig{ + CACertFile: c.config.Koji.CA, + ServerKeyFile: key, + ServerCertFile: cert, + AllowedDomains: c.config.Koji.AllowedDomains, + }) + if err != nil { + return fmt.Errorf("Error creating TLS configuration: %v", err) } + c.apiListener = tls.NewListener(l, tlsConfig) + return nil } @@ -192,7 +188,7 @@ func (c *Composer) Start() error { // Add a "/" here, because http.ServeMux expects the // trailing slash for rooted subtrees, whereas the // handler functions don't. - mux.Handle(apiRoute+"/", c.api.Handler(apiRoute, c.config.ComposerAPI.IdentityFilter)) + mux.Handle(apiRoute+"/", c.api.Handler(apiRoute)) mux.Handle(kojiRoute+"/", c.koji.Handler(kojiRoute)) mux.Handle("/metrics", promhttp.Handler().(http.HandlerFunc)) diff --git a/cmd/osbuild-composer/config.go b/cmd/osbuild-composer/config.go index f885888a3..56fd7d2f5 100644 --- a/cmd/osbuild-composer/config.go +++ b/cmd/osbuild-composer/config.go @@ -24,9 +24,6 @@ type ComposerConfigFile struct { PGPassword string `toml:"pg_password" env:"PGPASSWORD"` PGSSLMode string `toml:"pg_ssl_mode" env:"PGSSLMODE"` } `toml:"worker"` - ComposerAPI struct { - IdentityFilter []string `toml:"identity_filter"` - } `toml:"composer_api"` WeldrAPI WeldrAPIConfig `toml:"weldr_api"` } diff --git a/internal/cloudapi/server.go b/internal/cloudapi/server.go index 36fe0aaef..c19f75508 100644 --- a/internal/cloudapi/server.go +++ b/internal/cloudapi/server.go @@ -4,7 +4,6 @@ package cloudapi import ( "crypto/rand" - "encoding/base64" "encoding/json" "fmt" "math" @@ -28,14 +27,11 @@ import ( // Server represents the state of the cloud Server type Server struct { - workers *worker.Server - rpmMetadata rpmmd.RPMMD - distros *distroregistry.Registry - identityFilter []string + workers *worker.Server + rpmMetadata rpmmd.RPMMD + distros *distroregistry.Registry } -type contextKey int - type apiHandlers struct { server *Server } @@ -54,14 +50,10 @@ func NewServer(workers *worker.Server, rpmMetadata rpmmd.RPMMD, distros *distror // Create an http.Handler() for this server, that provides the composer API at // the given path. -func (server *Server) Handler(path string, identityFilter []string) http.Handler { +func (server *Server) Handler(path string) http.Handler { e := echo.New() e.Binder = binder{} - if len(identityFilter) > 0 { - server.identityFilter = identityFilter - e.Use(server.VerifyIdentityHeader) - } handler := apiHandlers{ server: server, } @@ -83,41 +75,6 @@ func (b binder) Bind(i interface{}, ctx echo.Context) error { return nil } -func (server *Server) VerifyIdentityHeader(next echo.HandlerFunc) echo.HandlerFunc { - return func(c echo.Context) error { - const identityHeaderKey contextKey = iota - type identityHeader struct { - Identity struct { - AccountNumber string `json:"account_number"` - } `json:"identity"` - } - idHeaderB64 := c.Request().Header.Get("X-Rh-Identity") - if idHeaderB64 == "" { - return echo.NewHTTPError(http.StatusNotFound, "Auth header is not present") - } - - b64Result, err := base64.StdEncoding.DecodeString(idHeaderB64) - if err != nil { - return echo.NewHTTPError(http.StatusNotFound, "Auth header has incorrect format") - } - - var idHeader IdentityHeader - err = json.Unmarshal([]byte(strings.TrimSuffix(fmt.Sprintf("%s", b64Result), "\n")), &idHeader) - if err != nil { - return echo.NewHTTPError(http.StatusNotFound, "Auth header has incorrect format") - } - - for _, i := range server.identityFilter { - if idHeader.Identity.AccountNumber == i { - c.Set("IdentityHeader", idHeader) - c.Set("IdentityHeaderKey", identityHeaderKey) - return next(c) - } - } - return echo.NewHTTPError(http.StatusNotFound, "Account not allowed") - } -} - func (s *Server) IncRequests(next echo.HandlerFunc) echo.HandlerFunc { return func(c echo.Context) error { prometheus.TotalRequests.Inc() diff --git a/test/cases/api.sh b/test/cases/api.sh index c4e9280dc..adca1a8b7 100755 --- a/test/cases/api.sh +++ b/test/cases/api.sh @@ -1093,45 +1093,6 @@ function verifyPackageList() { verifyPackageList -# -# Verify the identityfilter -# -cat <