feat(runtime): add root user authorization and update service registr…

…ation - Add root user authorization check in NewAuthZServer - Update service registration interfaces and rename related types - Improve error handling and logging for authorization
origadmin · Dec 24, 2024 · 629d463 · 629d463
1 parent 96581ca
commit 629d463
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 12 deletions.
diff --git a/agent/middleware/security/authz.go b/agent/middleware/security/authz.go
@@ -157,7 +157,10 @@ func NewAuthZ(cfg *configv1.Security, ss ...OptionSetting) (middleware.Middlewar
 				allowed bool
 				err     error
 			)
-
+			if security.ContextIsRoot(ctx) {
+				log.Debugf("NewAuthZServer: claims are root, skipping authorization")
+				return handler(ctx, req)
+			}
 			claims := ClaimsFromContext(ctx)
 			if claims == nil {
 				log.Errorf("NewAuthZ: claims are nil")

diff --git a/service/const.go b/service/const.go
@@ -2,7 +2,7 @@
  * Copyright (c) 2024 OrigAdmin. All rights reserved.
  */
 
-// Package builder implements the functions, types, and interfaces for the module.
+// Package service implements the functions, types, and interfaces for the module.
 package service
 
 import (
@@ -39,16 +39,16 @@ type (
 )
 
 type (
-	// RegisterGRPCServer register a gRPC server
-	RegisterGRPCServer = func(s *GRPCServer)
-	// RegisterHTTPServer register a HTTP server
-	RegisterHTTPServer = func(s *HTTPServer)
-	// RegisterGRPCClient register a gRPC client
-	RegisterGRPCClient = func(c *GRPCClient)
-	// RegisterHTTPClient register a HTTP client
-	RegisterHTTPClient = func(c *HTTPClient)
+	// RegisterGRPCServerFunc register a gRPC server
+	RegisterGRPCServerFunc = func(s *GRPCServer)
+	// RegisterHTTPServerFunc register a HTTP server
+	RegisterHTTPServerFunc = func(s *HTTPServer)
+	// RegisterGRPCClientFunc register a gRPC client
+	RegisterGRPCClientFunc = func(c *GRPCClient)
+	// RegisterHTTPClientFunc register a HTTP client
+	RegisterHTTPClientFunc = func(c *HTTPClient)
 )
 
 var (
-	ErrServiceNotFound = errors.New("builder not found")
+	ErrServiceNotFound = errors.New("service not found")
 )
diff --git a/service/service.go b/service/service.go
@@ -2,7 +2,7 @@
  * Copyright (c) 2024 OrigAdmin. All rights reserved.
  */
 
-// Package builder implements the functions, types, and interfaces for the module.
+// Package service implements the functions, types, and interfaces for the module.
 package service
 
 import (
@@ -25,4 +25,17 @@ type (
 	}
 )
 
+type HTTPRegister interface {
+	RegisterHTTPServer(context.Context, *HTTPServer)
+}
+
+type GRPCRegister interface {
+	RegisterGRPCServer(context.Context, *GRPCServer)
+}
+
+type Register interface {
+	GRPCRegister
+	HTTPRegister
+}
+
 type Service struct{}