Skip to content

Commit

Permalink
lxd: Extract certificate add token metadata from remote member.
Browse files Browse the repository at this point in the history 
When a certificate add operation is returned by another member, the
operation metadata is unmarshalled into a map[string]any. Since there is
no hint that the value of `Metadata["request"]` should be an
`api.CertificatesPost`, the contents will be another `map[string]any`
following json unmarshalling defaults.

So that we do not encounter issues with diverging field names if the
`api.CertificatesPost` type changes, I have opted to marshal the `any`
that is in `Metadata["request"]`, and subsequently unmarshal it into the
correct type.

Signed-off-by: Mark Laing <[email protected]>
  • Loading branch information
@markylaing
markylaing committed Jul 10, 2024
1 parent 9df996e commit cbd4baf
Showing 1 changed file with 20 additions and 2 deletions.
22 changes: 20 additions & 2 deletions lxd/certificates.go
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package main

import (
"bytes"
"context"
"crypto/rsa"
"crypto/x509"
Expand Down Expand Up @@ -449,9 +450,26 @@ func certificatesPost(d *Daemon, r *http.Request) response.Response {
return response.Forbidden(fmt.Errorf("No matching certificate add operation found"))
}

tokenReq, ok := joinOp.Metadata["request"].(api.CertificatesPost)
tokenReqAny, ok := joinOp.Metadata["request"]
if !ok {
return response.InternalError(fmt.Errorf("Bad certificate add operation data"))
return response.InternalError(fmt.Errorf(`Missing "request" key in certificate add operation data`))
}

tokenReq, ok := tokenReqAny.(api.CertificatesPost)
if !ok {
// If the operation is running on another member, the returned metadata will have been unmarshalled
// into a map[string]any. Rather than wrangling type assertions, just marshal and unmarshal the data into
// the correct type.
buf := bytes.NewBuffer(nil)
err := json.NewEncoder(buf).Encode(tokenReqAny)
if err != nil {
return response.InternalError(fmt.Errorf("Bad certificate add operation data: %w", err))
}

err = json.NewDecoder(buf).Decode(&tokenReq)
if err != nil {
return response.InternalError(fmt.Errorf("Bad certificate add operation data: %w", err))
}
}

// Create a new request from the token data as the user isn't allowed to override anything.
Expand Down

0 comments on commit cbd4baf

Please sign in to comment.