resolve_services.go

Documentation: golang.conradwood.net/go-easyops/auth

     1  package auth
     2  
     3  import (
     4  	"fmt"
     5  	"golang.conradwood.net/go-easyops/utils"
     6  	"gopkg.in/yaml.v2"
     7  	"sync"
     8  )
     9  
    10  type serviceToUserIDMap struct {
    11  	Mapping map[string]string // servicename->userid
    12  }
    13  
    14  const (
    15  	service_mapping_filename = "/etc/yacloud/config/service_map.yaml"
    16  )
    17  
    18  var (
    19  	service_mapping *serviceToUserIDMap
    20  	svcmaplock      sync.Mutex
    21  	// this is the default service mapping and is valid ONLY for the yacloud
    22  	default_service_mapping = map[string]string{
    23  		"alerting.AlertingService":                         "882",
    24  		"am43controller.AM43Controller":                    "4418",
    25  		"antidos.AntiDOS":                                  "6890",
    26  		"apitest.ApiTestService":                           "67",
    27  		"artefact.ArtefactService":                         "998",
    28  		"auth.AuthenticationService":                       "",
    29  		"auth.AuthManagerService":                          "25",
    30  		"autodeployer.AutoDeployer":                        "18",
    31  		"banking.Banking":                                  "4529",
    32  		"binaryversions.BinaryVersions":                    "32160",
    33  		"bitfolk.Bitfolk":                                  "22736",
    34  		"buildrepoarchive.BuildRepoArchive":                "19108",
    35  		"buildrepo.BuildRepoManager":                       "2313",
    36  		"calendarwrapper.CalendarWrapper":                  "8961",
    37  		"callgraph.CallGraphService":                       "642",
    38  		"certmanager.CertManager":                          "1341",
    39  		"cnwemails.CNWEmails":                              "32845",
    40  		"cnwnotification.CNWNotificationService":           "35",
    41  		"codeanalyser.CodeAnalyserService":                 "39",
    42  		"deploymonkey.DeployMonkey":                        "20",
    43  		"dirsizemonitor.DirSizeMonitor":                    "28560",
    44  		"documents.DocumentProcessor":                      "4343",
    45  		"documents.Documents":                              "4231",
    46  		"email.EmailService":                               "242",
    47  		"emailserver.EmailServer":                          "52930",
    48  		"errorlogger.ErrorLogger":                          "",
    49  		"espota.ESPOtaService":                             "833",
    50  		"firewallmgr.FirewallMgr":                          "6900",
    51  		"firmwaretracker.FirmwareTracker":                  "60757",
    52  		"flightlookup.FlightLookup":                        "78593",
    53  		"gdrive.GDrive":                                    "9073",
    54  		"geoip.GeoIPService":                               "33",
    55  		"gitbuilder.GitBuilder":                            "11083",
    56  		"gitdiffsync.GitDiffSync":                          "10346",
    57  		"github.GitHub":                                    "11121",
    58  		"gitserver.GIT2":                                   "158",
    59  		"gitserver.GITCredentials":                         "158",
    60  		"goasterisk.GoAsteriskService":                     "",
    61  		"gomodule.GoModuleService":                         "893",
    62  		"googleactions.GoogleActions":                      "4907",
    63  		"googlecast.GoogleCast":                            "4122",
    64  		"goproxy.GoProxy":                                  "11070",
    65  		"goproxy.GoProxyTestRunner":                        "11070",
    66  		"gotools.GoTools":                                  "42195",
    67  		"groupemail.GroupEmail":                            "10969",
    68  		"h2gproxy.H2GProxyService":                         "37",
    69  		"heating.HeatingService":                           "",
    70  		"heatingschedule.HeatingScheduleService":           "1018",
    71  		"helloworld.HelloWorld":                            "1244",
    72  		"homeconfig.HomeConfig":                            "17481",
    73  		"htmlserver.HTMLServerService":                     "143",
    74  		"htmluserapp.HTMLUserApp":                          "14867",
    75  		"httpdebug.HTTPDebug":                              "100768",
    76  		"ifttt.IFTTTService":                               "22",
    77  		"imagerecorder.ImageRecorder":                      "29473",
    78  		"images.Images":                                    "15795",
    79  		"ipexporter.IPExporterService":                     "1074",
    80  		"ipmanager.IPManagerService":                       "4849",
    81  		"javarepo.JavaRepo":                                "1141",
    82  		"jokercomserver.JokerCom":                          "52930",
    83  		"jsonapimultiplexer.JSONApiMultiplexer":            "59",
    84  		"lockmanager.LockManager":                          "17319",
    85  		"logservice.LogService":                            "",
    86  		"mailshot.MailShot":                                "35242",
    87  		"marantz.Marantz":                                  "3746",
    88  		"mkdb.MKDB":                                        "29",
    89  		"modmetrics.ModMetrics":                            "21645",
    90  		"moduleprober.ModuleProber":                        "5754",
    91  		"moduletime.ModuleTime":                            "28943",
    92  		"objectauth.ObjectAuthService":                     "2923",
    93  		"objectstorearchive.ObjectStoreArchive":            "23268",
    94  		"objectstore.ObjectStore":                          "1112",
    95  		"openweather.OpenWeatherService":                   "1076",
    96  		"pairing.PairingService":                           "",
    97  		"panasonic.PanasonicService":                       "",
    98  		"payments.Payments":                                "19893",
    99  		"pcbtype.PCBType":                                  "60350",
   100  		"personalisedwebsite.PersonalisedWebsite":          "35470",
   101  		"pinger.Pinger":                                    "6637",
   102  		"pinger.PingerList":                                "6637",
   103  		"postgresmgr.PostgresMgr":                          "1070",
   104  		"prober.ProberService":                             "61",
   105  		"promconfig.PromConfigService":                     "65",
   106  		"protorenderer.ProtoRendererService":               "1114",
   107  		"quota.QuotaService":                               "127",
   108  		"registrymultiplexer.RegistryMultiplexerService":   "987",
   109  		"registrymultiplexer.RegistryMultiplexerServiceRP": "",
   110  		"registry.Registry":                                "",
   111  		"repobuilder.RepoBuilder":                          "3539",
   112  		"scacl.SCAclService":                               "258",
   113  		"scapi.SCApiService":                               "753",
   114  		"scapply.Apply":                                    "6139",
   115  		"scautoupdate.SCAutoUpdate":                        "8588",
   116  		"scbluetooth.SCBluetooth":                          "22417",
   117  		"scfunctions.SCFunctionsServer":                    "151",
   118  		"scmodcomms.SCModCommsService":                     "264",
   119  		"scrouter.SCRouter":                                "5303",
   120  		"scserver.SCServer":                                "149",
   121  		"scupdate.SCUpdateService":                         "284",
   122  		"scutils.SCUtilsServer":                            "155",
   123  		"scvuehtml.SCVueHTML":                              "34174",
   124  		"scweb.SCWebService":                               "145",
   125  		"secureargs.SecureArgsService":                     "",
   126  		"sensorapi.SensorAPIService":                       "408",
   127  		"sensors.SensorServer":                             "147",
   128  		"sessionmanager.SessionManager":                    "25721",
   129  		"shellypoller.ShellyPoller":                        "33423",
   130  		"shop.Shop":                                        "20130",
   131  		"slackgateway.SlackGateway":                        "57",
   132  		"sms.SMSService":                                   "176",
   133  		"soundservice.Sound":                               "28357",
   134  		"spamtracker.SpamTracker":                          "10645",
   135  		"speaktome.SpeakToMeService":                       "45",
   136  		"starling.StarlingService":                         "4568",
   137  		"themes.Themes":                                    "5773",
   138  		"threedprintermanager.ThreeDPrinter":               "31754",
   139  		"urlcacher.URLCacher":                              "37004",
   140  		"urlmapper.URLMapper":                              "4805",
   141  		"userappcontroller.UserAppController":              "10292",
   142  		"usercommand.UserCommandService":                   "421",
   143  		"vuehelper.VueHelper":                              "35561",
   144  		"webcammixer.WebCamMixer":                          "",
   145  		"weblogin.Weblogin":                                "43",
   146  		"weekett.Weekett":                                  "35994",
   147  		"wiki.Wiki":                                        "16773",
   148  		"yatools.YATools":                                  "89043",
   149  		// YACLOUD-DEVS only -  extend list here...
   150  	}
   151  )
   152  
   153  /*
   154  sometimes a service needs to verify if it is being called by a specific service. This often implies permissions to access certain privileged bits of information. The assumption is, that service A authenticates a user and calls service B, either immediately after or some time later. In this case service B "trusts" service A. The security implication of this model is, that service B must be able to ensure service A really is who they say they are (the auth server signature should be used for this purpose) and service A has not been replaced with a different service of the same name.
   155  For this purpose, in this case, the service to userid mappings are hardcoded into the file so to match the "yacloud" default. If someone wishes to run their own yacloud the mapping can be overriden. This then is not a programmatic option, but a configuration (administrator) option.
   156  A file in /opt/yacloud/config/service_map.yaml, if exists, will be parsed on startup and used to provide this information.
   157  Any lookup for a servicename that does not exist will lead to a panic() (because it is a fatal error!).
   158  The intention of this function is to provide a means to create a common method of looking up this information, so that, in future, perhaps a good and secure way can be found to automatically map this through a combination of registry/auth-server lookups or similar.
   159  */
   160  func GetServiceIDByName(servicename string) string {
   161  	svc_to_user_load_mapping()
   162  	uid, found := service_mapping.Mapping[servicename]
   163  	if found {
   164  		return uid
   165  	}
   166  	_, found = default_service_mapping[servicename]
   167  	if found {
   168  		return fmt.Sprintf("SERVICE_%s_NOT_IN_MAPPING", servicename)
   169  	}
   170  	panic(fmt.Sprintf("[go-easyops] Application requested service \"%s\", which is not mapped to a userid", servicename))
   171  }
   172  func svc_to_user_load_mapping() {
   173  	if service_mapping != nil {
   174  		return
   175  	}
   176  	svcmaplock.Lock()
   177  	defer svcmaplock.Unlock()
   178  	if service_mapping != nil {
   179  		return
   180  	}
   181  	res := &serviceToUserIDMap{
   182  		Mapping: default_service_mapping,
   183  	}
   184  	b, err := utils.ReadFile(service_mapping_filename)
   185  	if err == nil {
   186  		fmt.Printf("[go-easyops] mapping from file %s applied\n", service_mapping_filename)
   187  		res = &serviceToUserIDMap{}
   188  		err = yaml.Unmarshal(b, res)
   189  		if err != nil {
   190  			panic(fmt.Sprintf("File %s cannot be parsed: %s\n", service_mapping_filename, err))
   191  		}
   192  	}
   193  	service_mapping = res
   194  }
   195  
   196  func ServiceMapToYaml(m map[string]string) []byte {
   197  	xmap := make(map[string]string)
   198  	for k, v := range m {
   199  		if v != "" {
   200  			xmap[k] = v
   201  		} else {
   202  			delete(xmap, k)
   203  		}
   204  	}
   205  	sum := &serviceToUserIDMap{Mapping: xmap}
   206  	b, err := yaml.Marshal(sum)
   207  	if err != nil {
   208  		return []byte(fmt.Sprintf("failed to yaml: %s", err))
   209  	}
   210  	return b
   211  }
   212
View as plain text