check empty path in getSpiffeIDFromPath function (#1400)

Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com> Signed-off-by: Nikita Skrynnik <nikita.skrynnik@xored.com>
networkservicemesh · Dec 19, 2022 · 554e6ac · 554e6ac
1 parent 12616b1
commit 554e6ac
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 48 deletions.
diff --git a/pkg/registry/common/authorize/common.go b/pkg/registry/common/authorize/common.go
@@ -20,7 +20,6 @@ import (
 	"context"
 
 	"github.com/golang-jwt/jwt/v4"
-	"github.com/pkg/errors"
 	"github.com/spiffe/go-spiffe/v2/spiffeid"
 
 	"github.com/networkservicemesh/sdk/pkg/registry/common/grpcmetadata"
@@ -73,22 +72,34 @@ func getRawMap(m *PathIdsMap) map[string][]string {
 	return rawMap
 }
 
-func getSpiffeIDFromPath(path *grpcmetadata.Path) (spiffeid.ID, error) {
+func getSpiffeIDFromPath(ctx context.Context, path *grpcmetadata.Path) spiffeid.ID {
+	if len(path.PathSegments) == 0 {
+		log.FromContext(ctx).Warn("can't get spiffe id from empty path")
+	}
 	tokenString := path.PathSegments[0].Token
 
 	claims := jwt.MapClaims{}
 	_, _, err := jwt.NewParser().ParseUnverified(tokenString, &claims)
 	if err != nil {
-		return spiffeid.ID{}, errors.Errorf("failed to parse jwt token: %s", err.Error())
+		log.FromContext(ctx).Warnf("failed to parse jwt token: %s", err.Error())
+		return spiffeid.ID{}
 	}
 
 	sub, ok := claims["sub"]
 	if !ok {
-		return spiffeid.ID{}, errors.New("failed to get field 'sub' from jwt token payload")
+		log.FromContext(ctx).Warn("failed to get field 'sub' from jwt token payload")
+		return spiffeid.ID{}
 	}
 	subString, ok := sub.(string)
 	if !ok {
-		return spiffeid.ID{}, errors.New("failed to convert field 'sub' from jwt token payload to string")
+		log.FromContext(ctx).Warn("failed to convert field 'sub' from jwt token payload to string")
+		return spiffeid.ID{}
+	}
+
+	id, err := spiffeid.FromString(subString)
+	if err != nil {
+		log.FromContext(ctx).Warn("failed to parse spiffeid from string: %s", err.Error())
+		return spiffeid.ID{}
 	}
-	return spiffeid.FromString(subString)
+	return id
 }
diff --git a/pkg/registry/common/authorize/ns_client.go b/pkg/registry/common/authorize/ns_client.go
@@ -80,13 +80,9 @@ func (c *authorizeNSClient) Register(ctx context.Context, ns *registry.NetworkSe
 	}
 
 	path = grpcmetadata.PathFromContext(ctx)
-
-	spiffeID, err := getSpiffeIDFromPath(path)
-	if err != nil {
-		return nil, err
-	}
-
+	spiffeID := getSpiffeIDFromPath(ctx, path)
 	rawMap := getRawMap(c.nsPathIdsMap)
+
 	input := RegistryOpaInput{
 		ResourceID:         spiffeID.String(),
 		ResourceName:       resp.Name,
@@ -127,13 +123,9 @@ func (c *authorizeNSClient) Unregister(ctx context.Context, ns *registry.Network
 	}
 
 	path = grpcmetadata.PathFromContext(ctx)
-
-	spiffeID, err := getSpiffeIDFromPath(path)
-	if err != nil {
-		return nil, err
-	}
-
+	spiffeID := getSpiffeIDFromPath(ctx, path)
 	rawMap := getRawMap(c.nsPathIdsMap)
+
 	input := RegistryOpaInput{
 		ResourceID:         spiffeID.String(),
 		ResourceName:       ns.Name,

diff --git a/pkg/registry/common/authorize/ns_server.go b/pkg/registry/common/authorize/ns_server.go
@@ -56,11 +56,7 @@ func (s *authorizeNSServer) Register(ctx context.Context, ns *registry.NetworkSe
 	}
 
 	path := grpcmetadata.PathFromContext(ctx)
-
-	spiffeID, err := getSpiffeIDFromPath(path)
-	if err != nil {
-		return nil, err
-	}
+	spiffeID := getSpiffeIDFromPath(ctx, path)
 
 	index := path.Index
 	var leftSide = &grpcmetadata.Path{
@@ -94,11 +90,7 @@ func (s *authorizeNSServer) Unregister(ctx context.Context, ns *registry.Network
 	}
 
 	path := grpcmetadata.PathFromContext(ctx)
-
-	spiffeID, err := getSpiffeIDFromPath(path)
-	if err != nil {
-		return nil, err
-	}
+	spiffeID := getSpiffeIDFromPath(ctx, path)
 
 	index := path.Index
 	var leftSide = &grpcmetadata.Path{

diff --git a/pkg/registry/common/authorize/nse_client.go b/pkg/registry/common/authorize/nse_client.go
@@ -81,11 +81,7 @@ func (c *authorizeNSEClient) Register(ctx context.Context, nse *registry.Network
 	}
 
 	path = grpcmetadata.PathFromContext(ctx)
-
-	spiffeID, err := getSpiffeIDFromPath(path)
-	if err != nil {
-		return nil, err
-	}
+	spiffeID := getSpiffeIDFromPath(ctx, path)
 
 	rawMap := getRawMap(c.nsePathIdsMap)
 	input := RegistryOpaInput{
@@ -134,11 +130,7 @@ func (c *authorizeNSEClient) Unregister(ctx context.Context, nse *registry.Netwo
 	}
 
 	path = grpcmetadata.PathFromContext(ctx)
-
-	spiffeID, err := getSpiffeIDFromPath(path)
-	if err != nil {
-		return nil, err
-	}
+	spiffeID := getSpiffeIDFromPath(ctx, path)
 
 	rawMap := getRawMap(c.nsePathIdsMap)
 	input := RegistryOpaInput{

diff --git a/pkg/registry/common/authorize/nse_server.go b/pkg/registry/common/authorize/nse_server.go
@@ -56,11 +56,7 @@ func (s *authorizeNSEServer) Register(ctx context.Context, nse *registry.Network
 	}
 
 	path := grpcmetadata.PathFromContext(ctx)
-
-	spiffeID, err := getSpiffeIDFromPath(path)
-	if err != nil {
-		return nil, err
-	}
+	spiffeID := getSpiffeIDFromPath(ctx, path)
 
 	index := path.Index
 	var leftSide = &grpcmetadata.Path{
@@ -95,11 +91,7 @@ func (s *authorizeNSEServer) Unregister(ctx context.Context, nse *registry.Netwo
 	}
 
 	path := grpcmetadata.PathFromContext(ctx)
-
-	spiffeID, err := getSpiffeIDFromPath(path)
-	if err != nil {
-		return nil, err
-	}
+	spiffeID := getSpiffeIDFromPath(ctx, path)
 
 	index := path.Index
 	var leftSide = &grpcmetadata.Path{