grpc
/
grpc-go
mirror of https://github.com/grpc/grpc-go.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

rbac: fix usage of AuthInfo (#7522)

This commit is contained in:
Doug Fawley 2024-08-16 15:03:58 -07:00 committed by GitHub
parent 4e29cc6e31
commit f8d98a477c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 8 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
internal/xds/rbac/rbac_engine.go
View File

@ -237,12 +237,9 @@ func newRPCData(ctx context.Context) (*rpcData, error) {
var authType string
var peerCertificates []*x509.Certificate
if pi.AuthInfo != nil {
tlsInfo, ok := pi.AuthInfo.(credentials.TLSInfo)
if ok {
authType = pi.AuthInfo.AuthType()
peerCertificates = tlsInfo.State.PeerCertificates
}
if tlsInfo, ok := pi.AuthInfo.(credentials.TLSInfo); ok {
authType = pi.AuthInfo.AuthType()
peerCertificates = tlsInfo.State.PeerCertificates
}
return &rpcData{
@ -281,11 +278,12 @@ func (e *engine) doAuditLogging(rpcData *rpcData, rule string, authorized bool)
// In the RBAC world, we need to have a SPIFFE ID as the principal for this
// to be meaningful
principal := ""
if rpcData.peerInfo != nil && rpcData.peerInfo.AuthInfo != nil && rpcData.peerInfo.AuthInfo.AuthType() == "tls" {
if rpcData.peerInfo != nil {
// If AuthType = tls, then we can cast AuthInfo to TLSInfo.
tlsInfo := rpcData.peerInfo.AuthInfo.(credentials.TLSInfo)
if tlsInfo.SPIFFEID != nil {
principal = tlsInfo.SPIFFEID.String()
if tlsInfo, ok := rpcData.peerInfo.AuthInfo.(credentials.TLSInfo); ok {
if tlsInfo.SPIFFEID != nil {
principal = tlsInfo.SPIFFEID.String()
}
}
}