metropolis/node/core/rpc/peerinfo.go - monogon - Gitiles

 package rpc

 import (
 	"context"
 	"encoding/hex"
 	"fmt"
 	"sort"
 	"strings"

 	"google.golang.org/grpc"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"

 	"source.monogon.dev/metropolis/node/core/identity"
 	epb "source.monogon.dev/metropolis/proto/ext"
 )

 type Permissions map[epb.Permission]bool

 func (p Permissions) String() string {
 	var res []string

 	for k, _ := range p {
 		res = append(res, k.String())
 	}

 	sort.Strings(res)
 	return strings.Join(res, ", ")
 }

 // PeerInfo represents the Metropolis-level information about the remote side
 // of a gRPC RPC, ie. about the calling client in server handlers and about the
 // handling server in client code.
 //
 // Exactly one of {Node, User, Unauthenticated} will be non-nil.
 type PeerInfo struct {
 	// Node is the information about a peer Node, and identifies that the other side
 	// of the connection is either a Node servicng gRPC requests for a cluster, or a
 	// Node connecting to a gRPC service.
 	Node *PeerInfoNode
 	// User is the information about a peer User, and identifies that the other side
 	// of the connection is a Metropolis user or manager (eg. owner). This will only
 	// be set in service handlers, as users cannot serve gRPC connections.
 	User *PeerInfoUser
 	// Unauthenticated is set for incoming gRPC connections which that have the
 	// Unauthenticated authorization extension set to true, and mark that the other
 	// side of the connection has not been verified at all.
 	Unauthenticated *PeerInfoUnauthenticated
 }

 // PeerInfoNode contains information about a Node on the other side of a gRPC
 // connection.
 type PeerInfoNode struct {
 	// PublicKey is the ED25519 public key bytes of the node.
 	PublicKey []byte

 	// Permissions are the set of permissions this node has.
 	Permissions Permissions
 }

 // PeerInfoUser contains information about a user on the other side of a gRPC
 // connection.
 type PeerInfoUser struct {
 	// Identity is an opaque identifier for the user. MVP: Currently this is always
 	// "manager".
 	Identity string
 }

 type PeerInfoUnauthenticated struct {
 	// SelfSignedPublicKey is the ED25519 public key bytes of the other side of the
 	// connection, if that side presented a self-signed certificate to prove control
 	// of a private key corresponding to this public key. If it did not present a
 	// self-signed certificate that can be parsed for such a key, this will be nil.
 	//
 	// This can be used by code with expects Unauthenticated RPCs but wants to
 	// authenticate the connection based on ownership of some keypair, for example
 	// in the AAA.Escrow method.
 	SelfSignedPublicKey []byte
 }

 // GetPeerInfo returns the PeerInfo of the peer of a gRPC connection, or nil if
 // this connection does not carry any PeerInfo.
 func GetPeerInfo(ctx context.Context) *PeerInfo {
 	if pi, ok := ctx.Value(peerInfoKey).(*PeerInfo); ok {
 		return pi
 	}
 	return nil
 }

 func (p *PeerInfo) CheckPermissions(need Permissions) error {
 	if p.Unauthenticated != nil {
 		// This generally shouldn't happen, as unauthenticated users shouldn't be
 		// allowed to reach this part of the code - methods with Need != nil will not be
 		// processed as unauthenticated for security, and will instead act as
 		// authenticated methods and reject unauthenticated connections.
 		for _, v := range need {
 			if v {
 				return status.Error(codes.Unauthenticated, "unauthenticated connection")
 			}
 		}
 		return nil
 	} else if p.User != nil {
 		// MVP: all permissions are granted to all users.
 		// TODO(q3k): check authz.Need once we have a user/identity system implemented.
 		return nil
 	} else if p.Node != nil {
 		for n, v := range need {
 			if v && !p.Node.Permissions[n] {
 				return status.Errorf(codes.PermissionDenied, "node missing %s permission", n.String())
 			}
 		}
 		return nil
 	}

 	return fmt.Errorf("invalid PeerInfo: neither Unauthenticated, User nor Node is set")
 }

 func (p *PeerInfo) String() string {
 	if p == nil {
 		return "nil"
 	}
 	switch {
 	case p.Node != nil:
 		return fmt.Sprintf("node: %s, %s", identity.NodeID(p.Node.PublicKey), p.Node.Permissions)
 	case p.User != nil:
 		return fmt.Sprintf("user: %s", p.User.Identity)
 	case p.Unauthenticated != nil:
 		return fmt.Sprintf("unauthenticated: pubkey %s", hex.EncodeToString(p.Unauthenticated.SelfSignedPublicKey))
 	default:
 		return "invalid"
 	}
 }

 type peerInfoKeyType string

 // peerInfoKey is the context key for storing PeerInfo.
 const peerInfoKey = peerInfoKeyType("peerInfo")

 // apply returns the given context with itself stored under a unique key, that
 // can be later retrieved via GetPeerInfo.
 func (p *PeerInfo) apply(ctx context.Context) context.Context {
 	return context.WithValue(ctx, peerInfoKey, p)
 }

 // peerInfoServerStream is a grpc.ServerStream wrapper which contains some
 // PeerInfo, and returns it as part of the Context() of the ServerStream.
 type peerInfoServerStream struct {
 	grpc.ServerStream
 	pi *PeerInfo
 }

 func (p *peerInfoServerStream) Context() context.Context {
 	return p.pi.apply(p.ServerStream.Context())
 }

 // serverStream wraps a grpc.ServerStream with a structure that attaches this
 // PeerInfo in all contexts returned by Context().
 func (p *PeerInfo) serverStream(ss grpc.ServerStream) grpc.ServerStream {
 	return &peerInfoServerStream{ss, p}
 }
	package rpc

	import (
	"context"
	"encoding/hex"
	"fmt"
	"sort"
	"strings"

	"google.golang.org/grpc"
	"google.golang.org/grpc/codes"
	"google.golang.org/grpc/status"

	"source.monogon.dev/metropolis/node/core/identity"
	epb "source.monogon.dev/metropolis/proto/ext"
	)

	type Permissions map[epb.Permission]bool

	func (p Permissions) String() string {
	var res []string

	for k, _ := range p {
	res = append(res, k.String())
	}

	sort.Strings(res)
	return strings.Join(res, ", ")
	}

	// PeerInfo represents the Metropolis-level information about the remote side
	// of a gRPC RPC, ie. about the calling client in server handlers and about the
	// handling server in client code.
	//
	// Exactly one of {Node, User, Unauthenticated} will be non-nil.
	type PeerInfo struct {
	// Node is the information about a peer Node, and identifies that the other side
	// of the connection is either a Node servicng gRPC requests for a cluster, or a
	// Node connecting to a gRPC service.
	Node *PeerInfoNode
	// User is the information about a peer User, and identifies that the other side
	// of the connection is a Metropolis user or manager (eg. owner). This will only
	// be set in service handlers, as users cannot serve gRPC connections.
	User *PeerInfoUser
	// Unauthenticated is set for incoming gRPC connections which that have the
	// Unauthenticated authorization extension set to true, and mark that the other
	// side of the connection has not been verified at all.
	Unauthenticated *PeerInfoUnauthenticated
	}

	// PeerInfoNode contains information about a Node on the other side of a gRPC
	// connection.
	type PeerInfoNode struct {
	// PublicKey is the ED25519 public key bytes of the node.
	PublicKey []byte

	// Permissions are the set of permissions this node has.
	Permissions Permissions
	}

	// PeerInfoUser contains information about a user on the other side of a gRPC
	// connection.
	type PeerInfoUser struct {
	// Identity is an opaque identifier for the user. MVP: Currently this is always
	// "manager".
	Identity string
	}

	type PeerInfoUnauthenticated struct {
	// SelfSignedPublicKey is the ED25519 public key bytes of the other side of the
	// connection, if that side presented a self-signed certificate to prove control
	// of a private key corresponding to this public key. If it did not present a
	// self-signed certificate that can be parsed for such a key, this will be nil.
	//
	// This can be used by code with expects Unauthenticated RPCs but wants to
	// authenticate the connection based on ownership of some keypair, for example
	// in the AAA.Escrow method.
	SelfSignedPublicKey []byte
	}

	// GetPeerInfo returns the PeerInfo of the peer of a gRPC connection, or nil if
	// this connection does not carry any PeerInfo.
	func GetPeerInfo(ctx context.Context) *PeerInfo {
	if pi, ok := ctx.Value(peerInfoKey).(*PeerInfo); ok {
	return pi
	}
	return nil
	}

	func (p *PeerInfo) CheckPermissions(need Permissions) error {
	if p.Unauthenticated != nil {
	// This generally shouldn't happen, as unauthenticated users shouldn't be
	// allowed to reach this part of the code - methods with Need != nil will not be
	// processed as unauthenticated for security, and will instead act as
	// authenticated methods and reject unauthenticated connections.
	for _, v := range need {
	if v {
	return status.Error(codes.Unauthenticated, "unauthenticated connection")
	}
	}
	return nil
	} else if p.User != nil {
	// MVP: all permissions are granted to all users.
	// TODO(q3k): check authz.Need once we have a user/identity system implemented.
	return nil
	} else if p.Node != nil {
	for n, v := range need {
	if v && !p.Node.Permissions[n] {
	return status.Errorf(codes.PermissionDenied, "node missing %s permission", n.String())
	}
	}
	return nil
	}

	return fmt.Errorf("invalid PeerInfo: neither Unauthenticated, User nor Node is set")
	}

	func (p *PeerInfo) String() string {
	if p == nil {
	return "nil"
	}
	switch {
	case p.Node != nil:
	return fmt.Sprintf("node: %s, %s", identity.NodeID(p.Node.PublicKey), p.Node.Permissions)
	case p.User != nil:
	return fmt.Sprintf("user: %s", p.User.Identity)
	case p.Unauthenticated != nil:
	return fmt.Sprintf("unauthenticated: pubkey %s", hex.EncodeToString(p.Unauthenticated.SelfSignedPublicKey))
	default:
	return "invalid"
	}
	}

	type peerInfoKeyType string

	// peerInfoKey is the context key for storing PeerInfo.
	const peerInfoKey = peerInfoKeyType("peerInfo")

	// apply returns the given context with itself stored under a unique key, that
	// can be later retrieved via GetPeerInfo.
	func (p *PeerInfo) apply(ctx context.Context) context.Context {
	return context.WithValue(ctx, peerInfoKey, p)
	}

	// peerInfoServerStream is a grpc.ServerStream wrapper which contains some
	// PeerInfo, and returns it as part of the Context() of the ServerStream.
	type peerInfoServerStream struct {
	grpc.ServerStream
	pi *PeerInfo
	}

	func (p *peerInfoServerStream) Context() context.Context {
	return p.pi.apply(p.ServerStream.Context())
	}

	// serverStream wraps a grpc.ServerStream with a structure that attaches this
	// PeerInfo in all contexts returned by Context().
	func (p *PeerInfo) serverStream(ss grpc.ServerStream) grpc.ServerStream {
	return &peerInfoServerStream{ss, p}
	}