From 7fc3b4734876cc62bd0e1fdccccdab8011ec413d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Budai?= Date: Mon, 21 Sep 2020 12:17:56 +0200 Subject: [PATCH] kojiapi: add domain allowlist This commit adds a domain allowlist which works the same way as the one for remote workers. To accept just w1.osbuild.org and w2.osbuild.org, use: [koji] domain_allowlist = [ "w1.osbuild.org", "w2.osbuild.org" ] --- cmd/osbuild-composer/main.go | 2 ++ test/image-tests/osbuild-composer.toml | 3 +++ 2 files changed, 5 insertions(+) diff --git a/cmd/osbuild-composer/main.go b/cmd/osbuild-composer/main.go index 79fc5db0e..920e74a60 100644 --- a/cmd/osbuild-composer/main.go +++ b/cmd/osbuild-composer/main.go @@ -79,6 +79,7 @@ func main() { KeyTab string `toml:"keytab"` } `toml:"kerberos,omitempty"` } `toml:"servers"` + AllowedDomains []string `toml:"allowed_domains"` } `toml:"koji"` Worker *struct { AllowedDomains []string `toml:"allowed_domains"` @@ -213,6 +214,7 @@ func main() { CACertFile: "/etc/osbuild-composer/ca-crt.pem", ServerKeyFile: "/etc/osbuild-composer/composer-key.pem", ServerCertFile: "/etc/osbuild-composer/composer-crt.pem", + AllowedDomains: config.Koji.AllowedDomains, }) if err != nil { log.Fatalf("TLS configuration cannot be created: " + err.Error()) diff --git a/test/image-tests/osbuild-composer.toml b/test/image-tests/osbuild-composer.toml index c1172b0bd..455a9eada 100644 --- a/test/image-tests/osbuild-composer.toml +++ b/test/image-tests/osbuild-composer.toml @@ -1,3 +1,6 @@ +[koji] +allowed_domains = [ "localhost", "*.osbuild.org" ] + [koji.servers.localhost.kerberos] principal = "osbuild-krb@LOCAL" keytab = "/etc/osbuild-composer/client.keytab"