Bug 1866229: Pass impersonate info to GQL init message payload

christianaranda · Aug 17, 2020 · cf7744e · cf7744e
1 parent 99788a2
commit cf7744e
Show file tree

Hide file tree

Showing 10 changed files with 86 additions and 25 deletions.
diff --git a/frontend/public/actions/ui.ts b/frontend/public/actions/ui.ts
@@ -18,6 +18,7 @@ import { detectFeatures, clearSSARFlags } from './features';
 import { OverviewSpecialGroup } from '../components/overview/constants';
 import { setClusterID, setCreateProjectMessage, setUser, setConsoleLinks } from './common';
 import { Rule } from '../components/monitoring/types';
+import { subsClient } from '../graphql/client';
 
 export enum ActionType {
  SetTableColumns = 'setTableColumns',
@@ -259,12 +260,14 @@ export const startImpersonate = (kind: string, name: string) => async (dispatch,
  }
 
  dispatch(beginImpersonate(kind, name, subprotocols));
+ subsClient.close(false, true);
  dispatch(clearSSARFlags());
  dispatch(detectFeatures());
  history.push(window.SERVER_FLAGS.basePath);
 };
 export const stopImpersonate = () => (dispatch) => {
  dispatch(endImpersonate());
+ subsClient.close(false, true);
  dispatch(clearSSARFlags());
  dispatch(detectFeatures());
  history.push(window.SERVER_FLAGS.basePath);

diff --git a/frontend/public/co-fetch.js b/frontend/public/co-fetch.js
@@ -130,16 +130,22 @@ export const coFetchUtils = {
  parseJson,
 };
 
-export const coFetchCommon = (url, method = 'GET', options = {}, timeout) => {
- const headers = {};
+export const getImpersonateHeaders = () => {
  const { kind, name } = store.getState().UI.get('impersonate', {});
  if ((kind === 'User' || kind === 'Group') && name) {
  // Even if we are impersonating a group, we still need to set Impersonate-User to something or k8s will complain
- headers['Impersonate-User'] = name;
+ const headers = {
+ 'Impersonate-User': name,
+ };
  if (kind === 'Group') {
  headers['Impersonate-Group'] = name;
  }
+ return headers;
  }
+};
+
+export const coFetchCommon = (url, method = 'GET', options = {}, timeout) => {
+ const headers = getImpersonateHeaders() || {};
  // Pass headers last to let callers to override Accept.
  const allOptions = _.defaultsDeep({ method }, options, { headers });
  return coFetch(url, allOptions, timeout).then((response) => {

diff --git a/frontend/public/graphql/client.ts b/frontend/public/graphql/client.ts
@@ -1,20 +1,25 @@
 import { ApolloClient } from 'apollo-client';
+import { SubscriptionClient } from 'subscriptions-transport-ws';
 import { InMemoryCache } from 'apollo-cache-inmemory';
 import { WebSocketLink } from 'apollo-link-ws';
 
 import { getK8sResourcePath } from '../module/k8s/resource';
 import { K8sKind, K8sResourceCommon } from '../module/k8s/types';
 import { URLQuery } from './client.gql';
 import { URLQueryType, URLQueryVariables } from '../../@types/gql/schema';
+import { getImpersonateHeaders } from '../co-fetch';
 
-const link = new WebSocketLink({
- uri: `${location.protocol === 'https:' ? 'wss://' : 'ws://'}${location.host}${
+export const subsClient = new SubscriptionClient(
+ `${location.protocol === 'https:' ? 'wss://' : 'ws://'}${location.host}${
  window.SERVER_FLAGS.graphqlBaseURL
  }`,
- options: {
+ {
  reconnect: true,
+ connectionParams: getImpersonateHeaders,
  },
-});
+);
+
+const link = new WebSocketLink(subsClient);
 
 const client = new ApolloClient({
  link,

diff --git a/go.mod b/go.mod
@@ -10,7 +10,7 @@ require (
  github.com/graph-gophers/graphql-go v0.0.0-20200309224638-dae41bde9ef9
  github.com/openshift/library-go v0.0.0-20200402123743-4015ba624cae
  github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 // indirect
- github.com/rawagner/graphql-transport-ws v0.0.0-20200506141829-b08019af7525
+ github.com/rawagner/graphql-transport-ws v0.0.0-20200817140314-dcfbf0388067
  golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45
  golang.org/x/text v0.3.3 // indirect
  google.golang.org/grpc v1.27.0

diff --git a/go.sum b/go.sum
@@ -509,8 +509,10 @@ github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDa
 github.com/prometheus/procfs v0.0.5 h1:3+auTFlqw+ZaQYJARz6ArODtkaIwtvBTx3N2NehQlL8=
 github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
-github.com/rawagner/graphql-transport-ws v0.0.0-20200506141829-b08019af7525 h1:R5nr9yWTJQRCpHPcS7FgcVK9sFtoub5o5XFVHqhPsac=
-github.com/rawagner/graphql-transport-ws v0.0.0-20200506141829-b08019af7525/go.mod h1:FqBcj08OiZxzD2yyPAMfCYWU2NDfmgffW2MXk0uXtUI=
+github.com/rawagner/graphql-transport-ws v0.0.0-20200817132930-94acd628da2d h1:io3PcumIWSMH+fi/lYDr18iK8qeuPQnveo6X6GDkags=
+github.com/rawagner/graphql-transport-ws v0.0.0-20200817132930-94acd628da2d/go.mod h1:FqBcj08OiZxzD2yyPAMfCYWU2NDfmgffW2MXk0uXtUI=
+github.com/rawagner/graphql-transport-ws v0.0.0-20200817140314-dcfbf0388067 h1:F2mxRLLaZYqIN4mtCKX/kSsFxlYnHy5KB3GPJcnpnos=
+github.com/rawagner/graphql-transport-ws v0.0.0-20200817140314-dcfbf0388067/go.mod h1:FqBcj08OiZxzD2yyPAMfCYWU2NDfmgffW2MXk0uXtUI=
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
 github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=

diff --git a/pkg/graphql/resolver/utils.go b/pkg/graphql/resolver/utils.go
@@ -2,6 +2,7 @@ package resolver
 
 import (
  "context"
+ "encoding/json"
  "fmt"
  "net/http"
 )
@@ -21,6 +22,26 @@ func contextToHeaders(ctx context.Context, request *http.Request) {
  }
 }
 
+type initPayload struct {
+ ImpersonateUser string `json:"Impersonate-User"`
+ ImpersonateGroup string `json:"Impersonate-Group"`
+}
+
+func InitPayload(ctx context.Context, payload json.RawMessage) context.Context {
+ initPayload := initPayload{}
+ err := json.Unmarshal(payload, &initPayload)
+ if err != nil {
+ return ctx
+ }
+ headers, ok := ctx.Value(HeadersKey).(map[string]string)
+ if ok {
+ headers["Impersonate-User"] = initPayload.ImpersonateUser
+ headers["Impersonate-Group"] = initPayload.ImpersonateGroup
+ ctx = context.WithValue(ctx, HeadersKey, headers)
+ }
+ return ctx
+}
+
 type resolverError struct {
  Status int `json:"status"`
  Message string `json:"message"`

diff --git a/pkg/server/server.go b/pkg/server/server.go
@@ -259,12 +259,12 @@ func (s *Server) HTTPHandler() http.Handler {
  k8sResolver := resolver.K8sResolver{K8sProxy: k8sProxy}
  rootResolver := resolver.RootResolver{K8sResolver: &k8sResolver}
  schema := graphql.MustParseSchema(string(graphQLSchema), &rootResolver, opts...)
- graphQLHandler := graphqlws.NewHandlerFunc(schema, &relay.Handler{Schema: schema})
+ handler := graphqlws.NewHandler()
+ handler.InitPayload = resolver.InitPayload
+ graphQLHandler := handler.NewHandlerFunc(schema, &relay.Handler{Schema: schema})
  handle("/api/graphql", authHandlerWithUser(func(user *auth.User, w http.ResponseWriter, r *http.Request) {
  ctx := context.WithValue(context.Background(), resolver.HeadersKey, map[string]string{
- "Authorization": fmt.Sprintf("Bearer %s", user.Token),
- "Impersonate-User": r.Header.Get("Impersonate-User"),
- "Impersonate-Group": r.Header.Get("Impersonate-Group"),
+ "Authorization": fmt.Sprintf("Bearer %s", user.Token),
  })
  graphQLHandler(w, r.WithContext(ctx))
  }))

diff --git a/vendor/github.com/rawagner/graphql-transport-ws/graphqlws/http.go b/vendor/github.com/rawagner/graphql-transport-ws/graphqlws/http.go
diff --git a/vendor/github.com/rawagner/graphql-transport-ws/graphqlws/internal/connection/connection.go b/vendor/github.com/rawagner/graphql-transport-ws/graphqlws/internal/connection/connection.go
diff --git a/vendor/modules.txt b/vendor/modules.txt
@@ -309,7 +309,7 @@ github.com/prometheus/common/model
 github.com/prometheus/procfs
 github.com/prometheus/procfs/internal/fs
 github.com/prometheus/procfs/internal/util
-# github.com/rawagner/graphql-transport-ws v0.0.0-20200506141829-b08019af7525
+# github.com/rawagner/graphql-transport-ws v0.0.0-20200817140314-dcfbf0388067
 github.com/rawagner/graphql-transport-ws/graphqlws
 github.com/rawagner/graphql-transport-ws/graphqlws/internal/connection
 # github.com/rubenv/sql-migrate v0.0.0-20200212082348-64f95ea68aa3