-
Notifications
You must be signed in to change notification settings - Fork 22
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(HMS-3185): fail with 403 on failed assume role
AssumeRole is supposed to assume the role that client is giving us. This fixes the error code when this operation fails. It could have also been 401 as the role might be considered an input. Given this is a permissions operation, we went with 403.
- Loading branch information
1 parent
6456cf8
commit e3f2a27
Showing
7 changed files
with
140 additions
and
74 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -39,7 +39,27 @@ func AddSource(ctx context.Context, provider models.ProviderType) (*clients.Sour | |
if err != nil { | ||
return nil, err | ||
} | ||
return stub.addSource(ctx, provider) | ||
switch provider { | ||
case models.ProviderTypeAWS: | ||
return stub.addAuth(ctx, clients.NewAuthentication("arn:aws:iam::230214684733:role/Test", provider)) | ||
case models.ProviderTypeAzure: | ||
return stub.addAuth(ctx, clients.NewAuthentication("4b9d213f-712f-4d17-a483-8a10bbe9df3a", provider)) | ||
case models.ProviderTypeGCP: | ||
return stub.addAuth(ctx, clients.NewAuthentication("[email protected]", provider)) | ||
case models.ProviderTypeUnknown, models.ProviderTypeNoop: | ||
// not implemented | ||
return nil, ErrNotImplemented | ||
} | ||
|
||
return nil, ErrNotImplemented | ||
} | ||
|
||
func AddAuth(ctx context.Context, authentication *clients.Authentication) (*clients.Source, error) { | ||
stub, err := getSourcesClientStub(ctx) | ||
if err != nil { | ||
return nil, err | ||
} | ||
return stub.addAuth(ctx, authentication) | ||
} | ||
|
||
func getSourcesClient(ctx context.Context) (clients.Sources, error) { | ||
|
@@ -54,24 +74,13 @@ func getSourcesClientStub(ctx context.Context) (si *SourcesClientStub, err error | |
return si, err | ||
} | ||
|
||
func (stub *SourcesClientStub) addSource(ctx context.Context, provider models.ProviderType) (*clients.Source, error) { | ||
func (stub *SourcesClientStub) addAuth(ctx context.Context, authentication *clients.Authentication) (*clients.Source, error) { | ||
id := strconv.Itoa(len(stub.sources) + 2) // starts at 2 as 1 is reserved - TODO migrate users of the implicit id = 1 | ||
source := &clients.Source{ | ||
ID: id, | ||
Name: "source-" + id, | ||
} | ||
switch provider { | ||
case models.ProviderTypeAWS: | ||
stub.auths[id] = clients.NewAuthentication("arn:aws:iam::230214684733:role/Test", provider) | ||
case models.ProviderTypeAzure: | ||
stub.auths[id] = clients.NewAuthentication("4b9d213f-712f-4d17-a483-8a10bbe9df3a", provider) | ||
case models.ProviderTypeGCP: | ||
stub.auths[id] = clients.NewAuthentication("[email protected]", provider) | ||
case models.ProviderTypeUnknown, models.ProviderTypeNoop: | ||
// not implemented | ||
return nil, ErrNotImplemented | ||
} | ||
|
||
stub.auths[id] = authentication | ||
stub.sources = append(stub.sources, source) | ||
return source, nil | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
// @no-log | ||
GET http://{{hostname}}:{{port}}/{{prefix}}/sources/1/upload_info HTTP/1.1 | ||
GET http://{{hostname}}:{{port}}/{{prefix}}/sources/515515/upload_info HTTP/1.1 | ||
Content-Type: application/json | ||
X-Rh-Identity: {{identity}} |