feat: Add CORS policy to REST API server (#1924)

## Description:
Add CORS policy to REST API server.

## Is this change user facing?
NO

cli/cli/helpers/engine_manager/engine_existence_guarantor.go

@@ -3,6 +3,7 @@ package engine_manager
 import (
 	"context"
 	"fmt"
+
 	"github.com/Masterminds/semver/v3"
 	"github.com/kurtosis-tech/kurtosis/api/golang/engine/lib/kurtosis_context"
 	"github.com/kurtosis-tech/kurtosis/cli/cli/command_str_consts"
@@ -71,6 +72,8 @@ type engineExistenceGuarantor struct {
 	poolSize uint8
 
 	enclaveEnvVars string
+
+	allowedCORSOrigins *[]string
 }
 
 func newEngineExistenceGuarantorWithDefaultVersion(
@@ -85,6 +88,7 @@ func newEngineExistenceGuarantorWithDefaultVersion(
 	onBastionHost bool,
 	poolSize uint8,
 	enclaveEnvVars string,
+	allowedCORSOrigins *[]string,
 ) *engineExistenceGuarantor {
 	return newEngineExistenceGuarantorWithCustomVersion(
 		ctx,
@@ -99,6 +103,7 @@ func newEngineExistenceGuarantorWithDefaultVersion(
 		onBastionHost,
 		poolSize,
 		enclaveEnvVars,
+		allowedCORSOrigins,
 	)
 }
 
@@ -115,6 +120,7 @@ func newEngineExistenceGuarantorWithCustomVersion(
 	onBastionHost bool,
 	poolSize uint8,
 	enclaveEnvVars string,
+	allowedCORSOrigins *[]string,
 ) *engineExistenceGuarantor {
 	return &engineExistenceGuarantor{
 		ctx:                                  ctx,
@@ -131,6 +137,7 @@ func newEngineExistenceGuarantorWithCustomVersion(
 		onBastionHost:                             onBastionHost,
 		poolSize:                                  poolSize,
 		enclaveEnvVars:                            enclaveEnvVars,
+		allowedCORSOrigins:                        allowedCORSOrigins,
 	}
 }
 
@@ -165,6 +172,7 @@ func (guarantor *engineExistenceGuarantor) VisitStopped() error {
 			metrics_client.IsCI(),
 			maybeCloudUserId,
 			maybeCloudInstanceId,
+			guarantor.allowedCORSOrigins,
 		)
 	} else {
 		_, _, engineLaunchErr = guarantor.engineServerLauncher.LaunchWithCustomVersion(
@@ -181,6 +189,7 @@ func (guarantor *engineExistenceGuarantor) VisitStopped() error {
 			metrics_client.IsCI(),
 			maybeCloudUserId,
 			maybeCloudInstanceId,
+			guarantor.allowedCORSOrigins,
 		)
 	}
 	if engineLaunchErr != nil {

cli/cli/helpers/engine_manager/engine_manager.go

@@ -42,6 +42,7 @@ type EngineManager struct {
 	clusterConfig                             *resolved_config.KurtosisClusterConfig
 	onBastionHost                             bool
 	enclaveEnvVars                            string
+	allowedCORSOrigins                        *[]string
 	// Make engine IP, port, and protocol configurable in the future
 }
 
@@ -98,9 +99,10 @@ func NewEngineManager(ctx context.Context) (*EngineManager, error) {
 		kurtosisBackend:   kurtosisBackend,
 		shouldSendMetrics: kurtosisConfig.GetShouldSendMetrics(),
 		engineServerKurtosisBackendConfigSupplier: engineBackendConfigSupplier,
-		clusterConfig:  clusterConfig,
-		onBastionHost:  onBastionHost,
-		enclaveEnvVars: enclaveEnvVars,
+		clusterConfig:      clusterConfig,
+		onBastionHost:      onBastionHost,
+		enclaveEnvVars:     enclaveEnvVars,
+		allowedCORSOrigins: nil,
 	}, nil
 }
 
@@ -191,6 +193,7 @@ func (manager *EngineManager) StartEngineIdempotentlyWithDefaultVersion(ctx cont
 		manager.onBastionHost,
 		poolSize,
 		manager.enclaveEnvVars,
+		manager.allowedCORSOrigins,
 	)
 	// TODO Need to handle the Kubernetes case, where a gateway needs to be started after the engine is started but
 	//  before we can return an EngineClient
@@ -222,6 +225,7 @@ func (manager *EngineManager) StartEngineIdempotentlyWithCustomVersion(ctx conte
 		manager.onBastionHost,
 		poolSize,
 		manager.enclaveEnvVars,
+		manager.allowedCORSOrigins,
 	)
 	engineClient, engineClientCloseFunc, err := manager.startEngineWithGuarantor(ctx, status, engineGuarantor)
 	if err != nil {

engine/launcher/args/args.go

@@ -2,10 +2,11 @@ package args
 
 import (
 	"encoding/json"
-	"github.com/kurtosis-tech/kurtosis/metrics-library/golang/lib/metrics_client"
 	"reflect"
 	"strings"
 
+	"github.com/kurtosis-tech/kurtosis/metrics-library/golang/lib/metrics_client"
+
 	"github.com/kurtosis-tech/kurtosis/engine/launcher/args/kurtosis_backend_config"
 	"github.com/kurtosis-tech/stacktrace"
 )
@@ -57,6 +58,9 @@ type EngineServerArgs struct {
 
 	// The Cloud Instance ID of the current user if available
 	CloudInstanceID metrics_client.CloudInstanceID `json:"cloud_instance_id"`
+
+	// List of allowed origins to validate CORS requests on the REST API. If undefined, defaults to '*' (any origin).
+	AllowedCORSOrigins *[]string `json:"allowed_cors_origins,omitempty"`
 }
 
 var skipValidation = map[string]bool{
@@ -111,6 +115,7 @@ func NewEngineServerArgs(
 	isCI bool,
 	cloudUserID metrics_client.CloudUserID,
 	cloudInstanceID metrics_client.CloudInstanceID,
+	allowedCORSOrigins *[]string,
 ) (*EngineServerArgs, error) {
 	if enclaveEnvVars == "" {
 		enclaveEnvVars = emptyJsonField
@@ -129,6 +134,7 @@ func NewEngineServerArgs(
 		IsCI:                        isCI,
 		CloudUserID:                 cloudUserID,
 		CloudInstanceID:             cloudInstanceID,
+		AllowedCORSOrigins:          allowedCORSOrigins,
 	}
 	if err := result.validate(); err != nil {
 		return nil, stacktrace.Propagate(err, "An error occurred validating engine server args")

engine/launcher/engine_server_launcher/engine_server_launcher.go

@@ -7,14 +7,15 @@ package engine_server_launcher
 
 import (
 	"context"
+	"net"
+
 	"github.com/kurtosis-tech/kurtosis/container-engine-lib/lib/backend_interface"
 	"github.com/kurtosis-tech/kurtosis/container-engine-lib/lib/backend_interface/objects/port_spec"
 	"github.com/kurtosis-tech/kurtosis/engine/launcher/args"
 	"github.com/kurtosis-tech/kurtosis/kurtosis_version"
 	"github.com/kurtosis-tech/kurtosis/metrics-library/golang/lib/metrics_client"
 	"github.com/kurtosis-tech/stacktrace"
 	"github.com/sirupsen/logrus"
-	"net"
 )
 
 const (
@@ -43,6 +44,7 @@ func (launcher *EngineServerLauncher) LaunchWithDefaultVersion(
 	isCI bool,
 	cloudUserID metrics_client.CloudUserID,
 	cloudInstanceID metrics_client.CloudInstanceID,
+	allowedCORSOrigins *[]string,
 ) (
 	resultPublicIpAddr net.IP,
 	resultPublicGrpcPortSpec *port_spec.PortSpec,
@@ -62,6 +64,7 @@ func (launcher *EngineServerLauncher) LaunchWithDefaultVersion(
 		isCI,
 		cloudUserID,
 		cloudInstanceID,
+		allowedCORSOrigins,
 	)
 	if err != nil {
 		return nil, nil, stacktrace.Propagate(err, "An error occurred launching the engine server container with default version tag '%v'", kurtosis_version.KurtosisVersion)
@@ -83,6 +86,7 @@ func (launcher *EngineServerLauncher) LaunchWithCustomVersion(
 	isCI bool,
 	cloudUserID metrics_client.CloudUserID,
 	cloudInstanceID metrics_client.CloudInstanceID,
+	allowedCORSOrigins *[]string,
 ) (
 	resultPublicIpAddr net.IP,
 	resultPublicGrpcPortSpec *port_spec.PortSpec,
@@ -103,6 +107,7 @@ func (launcher *EngineServerLauncher) LaunchWithCustomVersion(
 		isCI,
 		cloudUserID,
 		cloudInstanceID,
+		allowedCORSOrigins,
 	)
 	if err != nil {
 		return nil, nil, stacktrace.Propagate(err, "An error occurred creating the engine server args")

engine/server/engine/main.go

@@ -43,6 +43,7 @@ import (
 	"github.com/kurtosis-tech/kurtosis/engine/server/engine/server"
 	restApi "github.com/kurtosis-tech/kurtosis/engine/server/engine/server"
 	"github.com/kurtosis-tech/kurtosis/engine/server/engine/streaming"
+	"github.com/kurtosis-tech/kurtosis/engine/server/engine/utils"
 	"github.com/kurtosis-tech/kurtosis/metrics-library/golang/lib/analytics_logger"
 	"github.com/kurtosis-tech/kurtosis/metrics-library/golang/lib/metrics_client"
 	"github.com/kurtosis-tech/kurtosis/metrics-library/golang/lib/source"
@@ -408,9 +409,12 @@ func restApiServer(
 	echoRouter.Use(echomiddleware.Logger())
 
 	// Setup CORS policies for the REST API server
+	allowOrigins := utils.DerefWith(serverArgs.AllowedCORSOrigins, defaultCORSOrigins)
+	logrus.Infof("Setting-up CORS policy to accept requests from origins: %v", allowOrigins)
+
 	// nolint:exhaustruct
 	echoRouter.Use(middleware.CORSWithConfig(middleware.CORSConfig{
-		AllowOrigins: defaultCORSOrigins,
+		AllowOrigins: allowOrigins,
 		AllowHeaders: defaultCORSHeaders,
 	}))