mig/mig-scheduler/authorization.go

// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
//
// Contributor: Julien Vehent jvehent@mozilla.com [:ulfr]
package main

import (
	"bufio"
	"fmt"
	"github.com/mozilla/mig"
	"os"
	"regexp"
)

// If a whitelist is defined, lookup the agent in it, and return nil if found, or error if not
func isAgentAuthorized(agentQueueLoc string, ctx Context) (ok bool, err error) {
	defer func() {
		if e := recover(); e != nil {
			err = fmt.Errorf("isAgentAuthorized() -> %v", e)
		}
		if ctx.Debug.Heartbeats {
			ctx.Channels.Log <- mig.Log{OpID: ctx.OpID, Desc: "leaving isAgentAuthorized()"}.Debug()
		}
	}()
	var re *regexp.Regexp
	// bypass mode if there's no whitelist in the conf
	if ctx.Agent.Whitelist == "" {
		if ctx.Debug.Heartbeats {
			ctx.Channels.Log <- mig.Log{OpID: ctx.OpID, Desc: "Agent authorization checking is disabled, all agents are authorized"}.Debug()
		}
		ok = true
		return
	}

	wfd, err := os.Open(ctx.Agent.Whitelist)
	if err != nil {
		panic(err)
	}
	defer wfd.Close()

	scanner := bufio.NewScanner(wfd)
	for scanner.Scan() {
		if err := scanner.Err(); err != nil {
			panic(err)
		}
		if len(scanner.Text()) > 4 && scanner.Text()[0:3] == "re:" {
			re, err = regexp.Compile("^" + scanner.Text()[3:] + "$")
			if err != nil {
				panic(err)
			}
			if re.MatchString(agentQueueLoc) {
				if ctx.Debug.Heartbeats {
					ctx.Channels.Log <- mig.Log{OpID: ctx.OpID, Desc: fmt.Sprintf("Agent '%s' is authorized", agentQueueLoc)}.Debug()
				}
				ok = true
				return
			}
		} else {
			if scanner.Text() == agentQueueLoc {
				if ctx.Debug.Heartbeats {
					ctx.Channels.Log <- mig.Log{OpID: ctx.OpID, Desc: fmt.Sprintf("Agent '%s' is authorized", agentQueueLoc)}.Debug()
				}
				ok = true
				return
			}
		}
	}
	// whitelist check failed, agent isn't authorized
	return
}
[doc] use short license header in source files 2014-08-13 20:28:28 +04:00			`// This Source Code Form is subject to the terms of the Mozilla Public`
			`// License, v. 2.0. If a copy of the MPL was not distributed with this`
			`// file, You can obtain one at http://mozilla.org/MPL/2.0/.`
			`//`
			`// Contributor: Julien Vehent jvehent@mozilla.com [:ulfr]`
Scheduler: Happy New Year, with a massive refactoring commit. The logic is pretty much the same as before, but this commit is a massive code cleanup. There is now: * proper error handling: each function uses panic internally, with a defer block that transform the panic into an error, and eventually logs * syslog, log levels, asynchronous logging into LOG channel, and mig.LOG type * configuration file, loaded into global Context, accessible to all functions * Context initialization, with connection to database, broker, creation of channels and other wonders is handled in context.go * split of the scheduler code into several files, more work to do on that front, particularly for the management of the Flow in flow.go * Action and Command are split out in their own files, with specific methods That's about it. Did I mention Happy New Year? 2014-01-07 00:59:27 +04:00			`package main`

			`import (`
			`"bufio"`
			`"fmt"`
Update import statements to point to github.com/mozilla/mig/ 2018-07-11 20:11:22 +03:00			`"github.com/mozilla/mig"`
Scheduler: Happy New Year, with a massive refactoring commit. The logic is pretty much the same as before, but this commit is a massive code cleanup. There is now: * proper error handling: each function uses panic internally, with a defer block that transform the panic into an error, and eventually logs * syslog, log levels, asynchronous logging into LOG channel, and mig.LOG type * configuration file, loaded into global Context, accessible to all functions * Context initialization, with connection to database, broker, creation of channels and other wonders is handled in context.go * split of the scheduler code into several files, more work to do on that front, particularly for the management of the Flow in flow.go * Action and Command are split out in their own files, with specific methods That's about it. Did I mention Happy New Year? 2014-01-07 00:59:27 +04:00			`"os"`
			`"regexp"`
			`)`

			`// If a whitelist is defined, lookup the agent in it, and return nil if found, or error if not`
[medium] use agent queueloc instead of hostname in scheduler whitelist 2014-12-18 02:47:14 +03:00			`func isAgentAuthorized(agentQueueLoc string, ctx Context) (ok bool, err error) {`
Scheduler: Happy New Year, with a massive refactoring commit. The logic is pretty much the same as before, but this commit is a massive code cleanup. There is now: * proper error handling: each function uses panic internally, with a defer block that transform the panic into an error, and eventually logs * syslog, log levels, asynchronous logging into LOG channel, and mig.LOG type * configuration file, loaded into global Context, accessible to all functions * Context initialization, with connection to database, broker, creation of channels and other wonders is handled in context.go * split of the scheduler code into several files, more work to do on that front, particularly for the management of the Flow in flow.go * Action and Command are split out in their own files, with specific methods That's about it. Did I mention Happy New Year? 2014-01-07 00:59:27 +04:00			`defer func() {`
			`if e := recover(); e != nil {`
			`err = fmt.Errorf("isAgentAuthorized() -> %v", e)`
			`}`
[minor] add option to filter out heartbeat logs in scheduler debug 2015-01-27 17:38:43 +03:00			`if ctx.Debug.Heartbeats {`
			`ctx.Channels.Log <- mig.Log{OpID: ctx.OpID, Desc: "leaving isAgentAuthorized()"}.Debug()`
			`}`
Scheduler: Happy New Year, with a massive refactoring commit. The logic is pretty much the same as before, but this commit is a massive code cleanup. There is now: * proper error handling: each function uses panic internally, with a defer block that transform the panic into an error, and eventually logs * syslog, log levels, asynchronous logging into LOG channel, and mig.LOG type * configuration file, loaded into global Context, accessible to all functions * Context initialization, with connection to database, broker, creation of channels and other wonders is handled in context.go * split of the scheduler code into several files, more work to do on that front, particularly for the management of the Flow in flow.go * Action and Command are split out in their own files, with specific methods That's about it. Did I mention Happy New Year? 2014-01-07 00:59:27 +04:00			`}()`
[minor/hack] allow regexes in sheduler agents whitelist 2015-01-05 04:23:49 +03:00			`var re *regexp.Regexp`
Scheduler: Happy New Year, with a massive refactoring commit. The logic is pretty much the same as before, but this commit is a massive code cleanup. There is now: * proper error handling: each function uses panic internally, with a defer block that transform the panic into an error, and eventually logs * syslog, log levels, asynchronous logging into LOG channel, and mig.LOG type * configuration file, loaded into global Context, accessible to all functions * Context initialization, with connection to database, broker, creation of channels and other wonders is handled in context.go * split of the scheduler code into several files, more work to do on that front, particularly for the management of the Flow in flow.go * Action and Command are split out in their own files, with specific methods That's about it. Did I mention Happy New Year? 2014-01-07 00:59:27 +04:00			`// bypass mode if there's no whitelist in the conf`
			`if ctx.Agent.Whitelist == "" {`
[minor] add option to filter out heartbeat logs in scheduler debug 2015-01-27 17:38:43 +03:00			`if ctx.Debug.Heartbeats {`
[minor] bypass auth checking if whitelist is undef in scheduler 2015-02-12 01:17:55 +03:00			`ctx.Channels.Log <- mig.Log{OpID: ctx.OpID, Desc: "Agent authorization checking is disabled, all agents are authorized"}.Debug()`
[minor] add option to filter out heartbeat logs in scheduler debug 2015-01-27 17:38:43 +03:00			`}`
[minor] bypass auth checking if whitelist is undef in scheduler 2015-02-12 01:17:55 +03:00			`ok = true`
Scheduler: Happy New Year, with a massive refactoring commit. The logic is pretty much the same as before, but this commit is a massive code cleanup. There is now: * proper error handling: each function uses panic internally, with a defer block that transform the panic into an error, and eventually logs * syslog, log levels, asynchronous logging into LOG channel, and mig.LOG type * configuration file, loaded into global Context, accessible to all functions * Context initialization, with connection to database, broker, creation of channels and other wonders is handled in context.go * split of the scheduler code into several files, more work to do on that front, particularly for the management of the Flow in flow.go * Action and Command are split out in their own files, with specific methods That's about it. Did I mention Happy New Year? 2014-01-07 00:59:27 +04:00			`return`
			`}`

			`wfd, err := os.Open(ctx.Agent.Whitelist)`
			`if err != nil {`
			`panic(err)`
			`}`
			`defer wfd.Close()`

			`scanner := bufio.NewScanner(wfd)`
			`for scanner.Scan() {`
			`if err := scanner.Err(); err != nil {`
			`panic(err)`
			`}`
[minor/hack] whitelist regexes, take 2 2015-01-05 04:36:44 +03:00			`if len(scanner.Text()) > 4 && scanner.Text()[0:3] == "re:" {`
			`re, err = regexp.Compile("^" + scanner.Text()[3:] + "$")`
			`if err != nil {`
			`panic(err)`
			`}`
			`if re.MatchString(agentQueueLoc) {`
[minor] add option to filter out heartbeat logs in scheduler debug 2015-01-27 17:38:43 +03:00			`if ctx.Debug.Heartbeats {`
			`ctx.Channels.Log <- mig.Log{OpID: ctx.OpID, Desc: fmt.Sprintf("Agent '%s' is authorized", agentQueueLoc)}.Debug()`
			`}`
[minor/hack] whitelist regexes, take 2 2015-01-05 04:36:44 +03:00			`ok = true`
			`return`
			`}`
			`} else {`
			`if scanner.Text() == agentQueueLoc {`
[minor] add option to filter out heartbeat logs in scheduler debug 2015-01-27 17:38:43 +03:00			`if ctx.Debug.Heartbeats {`
			`ctx.Channels.Log <- mig.Log{OpID: ctx.OpID, Desc: fmt.Sprintf("Agent '%s' is authorized", agentQueueLoc)}.Debug()`
			`}`
[minor/hack] whitelist regexes, take 2 2015-01-05 04:36:44 +03:00			`ok = true`
			`return`
			`}`
Scheduler: Happy New Year, with a massive refactoring commit. The logic is pretty much the same as before, but this commit is a massive code cleanup. There is now: * proper error handling: each function uses panic internally, with a defer block that transform the panic into an error, and eventually logs * syslog, log levels, asynchronous logging into LOG channel, and mig.LOG type * configuration file, loaded into global Context, accessible to all functions * Context initialization, with connection to database, broker, creation of channels and other wonders is handled in context.go * split of the scheduler code into several files, more work to do on that front, particularly for the management of the Flow in flow.go * Action and Command are split out in their own files, with specific methods That's about it. Did I mention Happy New Year? 2014-01-07 00:59:27 +04:00			`}`
			`}`
			`// whitelist check failed, agent isn't authorized`
			`return`
			`}`