ovh · fsamin · Mar 29, 2022 · Mar 28, 2022
@@ -60,6 +60,32 @@ func (api *API) postAuthBuiltinSigninHandler() service.Handler {
 			return sdk.NewError(sdk.ErrForbidden, err)
 		}
 
+		// Check if the consumer is associated to a service
+		srvInput, hasService := req["service"]
+		var srv sdk.Service
+		if hasService {
+			btes, err := json.Marshal(srvInput)
+			if err != nil {
+				return sdk.NewError(sdk.ErrWrongRequest, err)
+			}
+			if err := sdk.JSONUnmarshal(btes, &srv); err != nil {
+				return sdk.NewError(sdk.ErrWrongRequest, err)
+			}
+			if consumer.ServiceName != nil && *consumer.ServiceName != srv.Name {
+				return sdk.NewErrorFrom(sdk.ErrForbidden, "service name %q doesn't match with consumer %q", srv.Name, *consumer.ServiceName)
+			}
+			if consumer.ServiceType != nil && *consumer.ServiceType != srv.Type {
+				return sdk.NewErrorFrom(sdk.ErrForbidden, "service type %q doesn't match with consumer %q", srv.Type, *consumer.ServiceType)
+			}
+			if consumer.ServiceRegion != nil && *consumer.ServiceRegion != *srv.Region {
+				return sdk.NewErrorFrom(sdk.ErrForbidden, "service region %q doesn't match with consumer %q", srv.Type, *consumer.ServiceRegion)
+			}
+		} else {
+			if consumer.ServiceName != nil || consumer.ServiceType != nil || consumer.ServiceRegion != nil {
+				return sdk.NewErrorFrom(sdk.ErrForbidden, "signing request doesn't match with consumer %q service definition. missing service payload", consumer.Name)
+			}
+		}
+
 		// Generate a new session for consumer
 		session, err := authentication.NewSession(ctx, tx, consumer, driver.GetSessionDuration())
 		if err != nil {
@@ -104,18 +130,7 @@ func (api *API) postAuthBuiltinSigninHandler() service.Handler {
 		ctx = context.WithValue(ctx, contextDriverManifest, driverManifest)
 
 		// If the Signin has a *service* Payload, we have to perform the service registration
-		srvInput, has := req["service"]
-		var srv sdk.Service
-		if has {
-			btes, err := json.Marshal(srvInput)
-			if err != nil {
-				return sdk.NewError(sdk.ErrWrongRequest, err)
-			}
-
-			if err := sdk.JSONUnmarshal(btes, &srv); err != nil {
-				return sdk.NewError(sdk.ErrWrongRequest, err)
-			}
-
+		if hasService {
 			ctx = context.WithValue(ctx, cdslog.AuthServiceName, srv.Name)
 			SetTracker(w, cdslog.AuthServiceName, srv.Name)
 

@@ -134,6 +134,9 @@ func initBuiltinConsumersFromStartupConfig(ctx context.Context, tx gorpmapper.Sq
 
 	// Create the consumers provided by the startup configuration
 	for _, cfg := range startupConfig.Consumers {
+		if cfg.Name == "" {
+			continue
+		}
 		var scopes sdk.AuthConsumerScopeDetails
 
 		switch cfg.Type {
@@ -153,6 +156,7 @@ func initBuiltinConsumersFromStartupConfig(ctx context.Context, tx gorpmapper.Sq
 			scopes = sdk.NewAuthConsumerScopeDetails(sdk.AuthConsumerScopeService)
 		}
 
+		svcType := string(cfg.Type)
 		var c = sdk.AuthConsumer{
 			ID:                 cfg.ID,
 			Name:               cfg.Name,
@@ -164,6 +168,8 @@ func initBuiltinConsumersFromStartupConfig(ctx context.Context, tx gorpmapper.Sq
 			GroupIDs:           []int64{group.SharedInfraGroup.ID},
 			ScopeDetails:       scopes,
 			ValidityPeriods:    sdk.NewAuthConsumerValidityPeriod(time.Unix(startupConfig.IAT, 0), 2*365*24*time.Hour), // Default validity period is two years
+			ServiceName:        &cfg.Name,
+			ServiceType:        &svcType,
 		}
 
 		if err := authentication.InsertConsumer(ctx, tx, &c); err != nil {

@@ -347,7 +347,7 @@ func configSetStartupData(conf *Configuration) (string, error) {
 	if conf.UI != nil {
 		var cfg = api.StartupConfigConsumer{
 			ID:          sdk.UUID(),
-			Name:        "ui",
+			Name:        conf.UI.Name,
 			Description: "Autogenerated configuration for ui service",
 			Type:        api.StartupConfigConsumerTypeUI,
 		}
@@ -370,7 +370,7 @@ func configSetStartupData(conf *Configuration) (string, error) {
 		if h.Local != nil {
 			var cfg = api.StartupConfigConsumer{
 				ID:          sdk.UUID(),
-				Name:        "hatchery:local",
+				Name:        h.Local.Name,
 				Description: "Autogenerated configuration for local hatchery",
 				Type:        api.StartupConfigConsumerTypeHatchery,
 			}
@@ -395,7 +395,7 @@ func configSetStartupData(conf *Configuration) (string, error) {
 		if h.Openstack != nil {
 			var cfg = api.StartupConfigConsumer{
 				ID:          sdk.UUID(),
-				Name:        "hatchery:openstack",
+				Name:        h.Openstack.Name,
 				Description: "Autogenerated configuration for openstack hatchery",
 				Type:        api.StartupConfigConsumerTypeHatchery,
 			}
@@ -420,7 +420,7 @@ func configSetStartupData(conf *Configuration) (string, error) {
 		if h.VSphere != nil {
 			var cfg = api.StartupConfigConsumer{
 				ID:          sdk.UUID(),
-				Name:        "hatchery:vsphere",
+				Name:        h.VSphere.Name,
 				Description: "Autogenerated configuration for vsphere hatchery",
 				Type:        api.StartupConfigConsumerTypeHatchery,
 			}
@@ -446,7 +446,7 @@ func configSetStartupData(conf *Configuration) (string, error) {
 		if h.Swarm != nil {
 			var cfg = api.StartupConfigConsumer{
 				ID:          sdk.UUID(),
-				Name:        "hatchery:swarm",
+				Name:        h.Swarm.Name,
 				Description: "Autogenerated configuration for swarm hatchery",
 				Type:        api.StartupConfigConsumerTypeHatchery,
 			}
@@ -471,7 +471,7 @@ func configSetStartupData(conf *Configuration) (string, error) {
 		if h.Marathon != nil {
 			var cfg = api.StartupConfigConsumer{
 				ID:          sdk.UUID(),
-				Name:        "hatchery:marathon",
+				Name:        h.Marathon.Name,
 				Description: "Autogenerated configuration for marathon hatchery",
 				Type:        api.StartupConfigConsumerTypeHatchery,
 			}
@@ -496,7 +496,7 @@ func configSetStartupData(conf *Configuration) (string, error) {
 		if h.Kubernetes != nil {
 			var cfg = api.StartupConfigConsumer{
 				ID:          sdk.UUID(),
-				Name:        "hatchery:kubernetes",
+				Name:        h.Kubernetes.Name,
 				Description: "Autogenerated configuration for kubernetes hatchery",
 				Type:        api.StartupConfigConsumerTypeHatchery,
 			}
@@ -522,7 +522,7 @@ func configSetStartupData(conf *Configuration) (string, error) {
 	if conf.Hooks != nil {
 		var cfg = api.StartupConfigConsumer{
 			ID:          sdk.UUID(),
-			Name:        "hooks",
+			Name:        conf.Hooks.Name,
 			Description: "Autogenerated configuration for hooks service",
 			Type:        api.StartupConfigConsumerTypeHooks,
 		}
@@ -544,7 +544,7 @@ func configSetStartupData(conf *Configuration) (string, error) {
 	if conf.Repositories != nil {
 		var cfg = api.StartupConfigConsumer{
 			ID:          sdk.UUID(),
-			Name:        "repositories",
+			Name:        conf.Repositories.Name,
 			Description: "Autogenerated configuration for repositories service",
 			Type:        api.StartupConfigConsumerTypeRepositories,
 		}
@@ -566,7 +566,7 @@ func configSetStartupData(conf *Configuration) (string, error) {
 	if conf.DatabaseMigrate != nil {
 		var cfg = api.StartupConfigConsumer{
 			ID:          sdk.UUID(),
-			Name:        "migrate",
+			Name:        conf.DatabaseMigrate.Name,
 			Description: "Autogenerated configuration for migrate service",
 			Type:        api.StartupConfigConsumerTypeDBMigrate,
 		}
@@ -588,7 +588,7 @@ func configSetStartupData(conf *Configuration) (string, error) {
 	if conf.VCS != nil {
 		var cfg = api.StartupConfigConsumer{
 			ID:          sdk.UUID(),
-			Name:        "vcs",
+			Name:        conf.VCS.Name,
 			Description: "Autogenerated configuration for vcs service",
 			Type:        api.StartupConfigConsumerTypeVCS,
 		}
@@ -610,7 +610,7 @@ func configSetStartupData(conf *Configuration) (string, error) {
 	if conf.CDN != nil {
 		var cfg = api.StartupConfigConsumer{
 			ID:          sdk.UUID(),
-			Name:        "cdn",
+			Name:        conf.CDN.Name,
 			Description: "Autogenerated configuration for cdn service",
 			Type:        api.StartupConfigConsumerTypeCDN,
 		}
@@ -632,7 +632,7 @@ func configSetStartupData(conf *Configuration) (string, error) {
 	if conf.ElasticSearch != nil {
 		var cfg = api.StartupConfigConsumer{
 			ID:          sdk.UUID(),
-			Name:        "elasticsearch",
+			Name:        conf.ElasticSearch.Name,
 			Description: "Autogenerated configuration for elasticSearch service",
 			Type:        api.StartupConfigConsumerTypeElasticsearch,
 		}
@@ -678,7 +678,7 @@ func getInitTokenFromExistingConfiguration(conf Configuration) (string, error) {
 		}
 		var cfg = api.StartupConfigConsumer{
 			ID:          consumerID,
-			Name:        "ui",
+			Name:        conf.UI.Name,
 			Description: "Autogenerated configuration for ui service",
 			Type:        api.StartupConfigConsumerTypeUI,
 		}
@@ -696,7 +696,7 @@ func getInitTokenFromExistingConfiguration(conf Configuration) (string, error) {
 			}
 			var cfg = api.StartupConfigConsumer{
 				ID:          consumerID,
-				Name:        "hatchery:local",
+				Name:        h.Local.Name,
 				Description: "Autogenerated configuration for local hatchery",
 				Type:        api.StartupConfigConsumerTypeHatchery,
 			}
@@ -713,7 +713,7 @@ func getInitTokenFromExistingConfiguration(conf Configuration) (string, error) {
 			}
 			var cfg = api.StartupConfigConsumer{
 				ID:          consumerID,
-				Name:        "hatchery:openstack",
+				Name:        h.Openstack.Name,
 				Description: "Autogenerated configuration for openstack hatchery",
 				Type:        api.StartupConfigConsumerTypeHatchery,
 			}
@@ -730,7 +730,7 @@ func getInitTokenFromExistingConfiguration(conf Configuration) (string, error) {
 			}
 			var cfg = api.StartupConfigConsumer{
 				ID:          consumerID,
-				Name:        "hatchery:vsphere",
+				Name:        h.VSphere.Name,
 				Description: "Autogenerated configuration for vsphere hatchery",
 				Type:        api.StartupConfigConsumerTypeHatchery,
 			}
@@ -747,7 +747,7 @@ func getInitTokenFromExistingConfiguration(conf Configuration) (string, error) {
 			}
 			var cfg = api.StartupConfigConsumer{
 				ID:          consumerID,
-				Name:        "hatchery:swarm",
+				Name:        h.Swarm.Name,
 				Description: "Autogenerated configuration for swarm hatchery",
 				Type:        api.StartupConfigConsumerTypeHatchery,
 			}
@@ -764,7 +764,7 @@ func getInitTokenFromExistingConfiguration(conf Configuration) (string, error) {
 			}
 			var cfg = api.StartupConfigConsumer{
 				ID:          consumerID,
-				Name:        "hatchery:marathon",
+				Name:        h.Marathon.Name,
 				Description: "Autogenerated configuration for marathon hatchery",
 				Type:        api.StartupConfigConsumerTypeHatchery,
 			}
@@ -781,7 +781,7 @@ func getInitTokenFromExistingConfiguration(conf Configuration) (string, error) {
 			}
 			var cfg = api.StartupConfigConsumer{
 				ID:          consumerID,
-				Name:        "hatchery:kubernetes",
+				Name:        h.Kubernetes.Name,
 				Description: "Autogenerated configuration for kubernetes hatchery",
 				Type:        api.StartupConfigConsumerTypeHatchery,
 			}
@@ -799,7 +799,7 @@ func getInitTokenFromExistingConfiguration(conf Configuration) (string, error) {
 		}
 		var cfg = api.StartupConfigConsumer{
 			ID:          consumerID,
-			Name:        "hooks",
+			Name:        conf.Hooks.Name,
 			Description: "Autogenerated configuration for hooks service",
 			Type:        api.StartupConfigConsumerTypeHooks,
 		}
@@ -816,7 +816,7 @@ func getInitTokenFromExistingConfiguration(conf Configuration) (string, error) {
 		}
 		var cfg = api.StartupConfigConsumer{
 			ID:          consumerID,
-			Name:        "repositories",
+			Name:        conf.Repositories.Name,
 			Description: "Autogenerated configuration for repositories service",
 			Type:        api.StartupConfigConsumerTypeRepositories,
 		}
@@ -833,7 +833,7 @@ func getInitTokenFromExistingConfiguration(conf Configuration) (string, error) {
 		}
 		var cfg = api.StartupConfigConsumer{
 			ID:          consumerID,
-			Name:        "migrate",
+			Name:        conf.DatabaseMigrate.Name,
 			Description: "Autogenerated configuration for migrate service",
 			Type:        api.StartupConfigConsumerTypeDBMigrate,
 		}
@@ -850,7 +850,7 @@ func getInitTokenFromExistingConfiguration(conf Configuration) (string, error) {
 		}
 		var cfg = api.StartupConfigConsumer{
 			ID:          consumerID,
-			Name:        "vcs",
+			Name:        conf.VCS.Name,
 			Description: "Autogenerated configuration for vcs service",
 			Type:        api.StartupConfigConsumerTypeVCS,
 		}
@@ -867,7 +867,7 @@ func getInitTokenFromExistingConfiguration(conf Configuration) (string, error) {
 		}
 		var cfg = api.StartupConfigConsumer{
 			ID:          consumerID,
-			Name:        "cdn",
+			Name:        conf.CDN.Name,
 			Description: "Autogenerated configuration for cdn service",
 			Type:        api.StartupConfigConsumerTypeCDN,
 		}
@@ -884,7 +884,7 @@ func getInitTokenFromExistingConfiguration(conf Configuration) (string, error) {
 		}
 		var cfg = api.StartupConfigConsumer{
 			ID:          consumerID,
-			Name:        "elasticsearch",
+			Name:        conf.ElasticSearch.Name,
 			Description: "Autogenerated configuration for elasticSearch service",
 			Type:        api.StartupConfigConsumerTypeElasticsearch,
 		}