3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-07-27 13:39:04 +02:00
Code Issues Projects Releases Packages Wiki Activity

somewhat working

Browse source 
Was missing a Querier on the context passed to Evaluate(). Add some
additional debug logging.
This commit is contained in:
Kenneth Jenkins 2025-02-25 14:56:27 -08:00
parent e69ccaae68
commit e45f11d281
2 changed files with 21 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
authorize/internal/store/store.go
View file

@ -186,7 +186,11 @@ func (s *Store) GetDataBrokerRecord(ctx context.Context, recordType, recordIDOrI
res, err := storage.GetQuerier(ctx).Query(ctx, req, grpc.WaitForReady(true)) res, err := storage.GetQuerier(ctx).Query(ctx, req, grpc.WaitForReady(true))
if err != nil { if err != nil {
log.Ctx(ctx).Error().Err(err).Msg("authorize/store: error retrieving record") log.Ctx(ctx).Error().
Str("record-type", recordType).
Str("record-id-or-index", recordIDOrIndex).
Err(err).
Msg("authorize/store: error retrieving record")
return nil return nil
} }

18
authorize/ssh_grpc.go
View file

@ -23,6 +23,7 @@ import (
"github.com/pomerium/pomerium/pkg/identity" "github.com/pomerium/pomerium/pkg/identity"
"github.com/pomerium/pomerium/pkg/identity/manager" "github.com/pomerium/pomerium/pkg/identity/manager"
"github.com/pomerium/pomerium/pkg/identity/oauth" "github.com/pomerium/pomerium/pkg/identity/oauth"
"github.com/pomerium/pomerium/pkg/storage"
gossh "golang.org/x/crypto/ssh" gossh "golang.org/x/crypto/ssh"
"golang.org/x/oauth2" "golang.org/x/oauth2"
"golang.org/x/sync/errgroup" "golang.org/x/sync/errgroup"
@ -60,6 +61,13 @@ func (a *Authorize) ManageStream(
} }
}) })
// XXX
querier := storage.NewCachingQuerier(
storage.NewQuerier(a.state.Load().dataBrokerClient),
a.globalCache,
)
ctx = storage.WithQuerier(ctx, querier)
eg.Go(func() error { eg.Go(func() error {
for { for {
select { select {
@ -243,6 +251,12 @@ func (a *Authorize) ManageStream(
return return
} }
s := sessions.NewState(idp.Id) s := sessions.NewState(idp.Id)
claims.Claims.Claims(&s) // XXX
s.ID, err = getSessionIDForSSH(state.PublicKey)
if err != nil {
errC <- err
return
}
fmt.Println(token) fmt.Println(token)
err = a.PersistSession(ctx, s, claims, token) err = a.PersistSession(ctx, s, claims, token)
if err != nil { if err != nil {
@ -392,7 +406,7 @@ func (a *Authorize) getEvaluatorRequestFromSSHAuthRequest(
func handleEvaluatorResponseForSSH( func handleEvaluatorResponseForSSH(
result *evaluator.Result, state *StreamState, result *evaluator.Result, state *StreamState,
) *extensions_ssh.ServerMessage { ) *extensions_ssh.ServerMessage {
fmt.Println(" *** evaluator result: %+w", result) fmt.Printf(" *** evaluator result: %+v\n", result)
// TODO: ideally there would be a way to keep this in sync with the logic in check_response.go // TODO: ideally there would be a way to keep this in sync with the logic in check_response.go
allow := result.Allow.Value && !result.Deny.Value allow := result.Allow.Value && !result.Deny.Value
@ -456,7 +470,7 @@ func publicKeyAllowResponse(publicKey []byte) *extensions_ssh.PublicKeyAllowResp
// PersistSession stores session and user data in the databroker. // PersistSession stores session and user data in the databroker.
func (a *Authorize) PersistSession( func (a *Authorize) PersistSession(
ctx context.Context, ctx context.Context,
sessionState *sessions.State, sessionState *sessions.State, // XXX: consider not using this struct
claims identity.SessionClaims, claims identity.SessionClaims,
accessToken *oauth2.Token, accessToken *oauth2.Token,
) error { ) error {