Skip to content

Commit

Permalink
[RHOAIENG-6641] Backport 2.9 SSRF fixes to 2.8.x
Browse files Browse the repository at this point in the history
  • Loading branch information
alexcreasy committed May 15, 2024
1 parent b2de1f6 commit 4cae878
Show file tree
Hide file tree
Showing 26 changed files with 546 additions and 423 deletions.
85 changes: 79 additions & 6 deletions backend/package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions backend/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@
"dependencies": {
"@fastify/accepts": "^4.3.0",
"@fastify/autoload": "^5.7.1",
"@fastify/http-proxy": "^9.4.0",
"@fastify/sensible": "^5.2.0",
"@fastify/static": "^6.10.2",
"@fastify/websocket": "^8.2.0",
Expand Down
2 changes: 1 addition & 1 deletion backend/src/routes/api/k8s/pass-through.ts
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ import { proxyCall, ProxyError, ProxyErrorType } from '../../../utils/httpUtils'

export type PassThroughData = {
method: string;
requestData: string;
requestData?: string;
url: string;
};

Expand Down
77 changes: 0 additions & 77 deletions backend/src/routes/api/proxy/index.ts

This file was deleted.

23 changes: 23 additions & 0 deletions backend/src/routes/api/service/pipelines/index.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
import { DSPipelineKind } from '../../../../types';
import { proxyService } from '../../../../utils/proxy';

export default proxyService<DSPipelineKind>(
{
apiGroup: 'datasciencepipelinesapplications.opendatahub.io',
apiVersion: 'v1alpha1',
kind: 'DataSciencepipelinesApplication',
plural: 'datasciencepipelinesapplications',
},
{
port: 8443,
prefix: 'ds-pipeline-',
},
{
// Use port forwarding for local development:
// kubectl port-forward -n <namespace> svc/ds-pipeline-pipelines-definition 8443:8443
host: process.env.DS_PIPELINE_DSPA_SERVICE_HOST,
port: process.env.DS_PIPELINE_DSPA_SERVICE_PORT,
},
(resource) =>
!!resource.status?.conditions?.find((c) => c.type === 'APIServerReady' && c.status === 'True'),
);
23 changes: 23 additions & 0 deletions backend/src/routes/api/service/trustyai/index.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
import { TrustyAIKind } from '../../../../types';
import { proxyService } from '../../../../utils/proxy';

export default proxyService<TrustyAIKind>(
{
apiGroup: 'trustyai.opendatahub.io',
apiVersion: 'v1alpha1',
kind: 'TrustyAIService',
plural: 'trustyaiservices',
},
{
port: 443,
suffix: '-tls',
},
{
// Use port forwarding for local development:
// kubectl port-forward -n <namespace> svc/trustyai-service-tls 9443:443
host: process.env.TRUSTYAI_TAIS_SERVICE_HOST,
port: process.env.TRUSTYAI_TAIS_SERVICE_PORT,
},
(resource) =>
!!resource.status?.conditions?.find((c) => c.type === 'Available' && c.status === 'True'),
);
27 changes: 26 additions & 1 deletion backend/src/types.ts
Original file line number Diff line number Diff line change
Expand Up @@ -270,7 +270,32 @@ export type KubeFastifyInstance = FastifyInstance & {

// TODO: constant-ize the x-forwarded header
export type OauthFastifyRequest<Data extends RouteGenericInterface = RouteGenericInterface> =
FastifyRequest<{ Headers: { 'x-forwarded-access-token': string } & Data['Headers'] } & Data>;
FastifyRequest<{ Headers?: { 'x-forwarded-access-token'?: string } & Data['Headers'] } & Data>;

export type K8sCondition = {
type: string;
status: string;
reason?: string;
message?: string;
lastProbeTime?: string | null;
lastTransitionTime?: string;
lastHeartbeatTime?: string;
};

export type DSPipelineKind = K8sResourceCommon & {
spec: {
dspVersion: string;
};
status?: {
conditions?: K8sCondition[];
};
};

export type TrustyAIKind = K8sResourceCommon & {
status?: {
conditions?: K8sCondition[];
};
};

/*
* Common types, should be kept up to date with frontend types
Expand Down
Loading

0 comments on commit 4cae878

Please sign in to comment.