From 8ee8fbf8db5068f8af8d3c1e2ff177ff6c705859 Mon Sep 17 00:00:00 2001 From: Izaak Lauer <8404559+izaaklauer@users.noreply.github.com> Date: Thu, 31 Mar 2022 15:36:37 -0400 Subject: [PATCH] Runner ids in config requests aren't encoded --- pkg/server/singleprocess/auth.go | 18 +++++++++--------- pkg/server/singleprocess/service_runner.go | 7 +------ 2 files changed, 10 insertions(+), 15 deletions(-) diff --git a/pkg/server/singleprocess/auth.go b/pkg/server/singleprocess/auth.go index 22cb1760c0c..7b0f835d6c5 100644 --- a/pkg/server/singleprocess/auth.go +++ b/pkg/server/singleprocess/auth.go @@ -203,10 +203,15 @@ func (s *Service) authRunner( ctx context.Context, tokenRunner *pb.Token_Runner, endpoint string, ) (context.Context, error) { + runnerId, err := s.decodeId(tokenRunner.Id) + if err != nil { + return nil, status.Errorf(codes.InvalidArgument, "failed to decode id in runner token") + } + // If no ID is set, then the runner is assumed at all times to be adopted. // This use case is used to "pre-adopt" runners and avoid the adoption // lifecycle completely, such as with infinitely autoscaled runners. - if tokenRunner.Id == "" { + if runnerId == "" { // Authenticated. return ctx, nil } @@ -217,11 +222,6 @@ func (s *Service) authRunner( return ctx, nil } - runnerId, err := s.decodeId(tokenRunner.Id) - if err != nil { - return nil, status.Errorf(codes.InvalidArgument, "failed to decode id in runner token") - } - // Get our runner r, err := s.state(ctx).RunnerById(runnerId, nil) if status.Code(err) == codes.NotFound { @@ -411,10 +411,10 @@ func (s *Service) decodeToken(ctx context.Context, token string) (*pb.TokenTrans return &tt, &body, nil } -// Encode the given token with the given key and metadata. +// encodeToken Encodes the given token with the given key and metadata. // keyId controls which key is used to sign the key (key values are generated lazily). // metadata is attached to the token transport as configuration style information -func (s *Service) EncodeToken(ctx context.Context, keyId string, metadata map[string]string, body *pb.Token) (string, error) { +func (s *Service) encodeToken(ctx context.Context, keyId string, metadata map[string]string, body *pb.Token) (string, error) { // Get the key material key, err := s.state(ctx).HMACKeyCreateIfNotExist(keyId, hmacKeySize) if err != nil { @@ -600,7 +600,7 @@ func (s *Service) newToken( return "", err } - return s.EncodeToken(ctx, keyId, metadata, body) + return s.encodeToken(ctx, keyId, metadata, body) } // Create a new invite token. diff --git a/pkg/server/singleprocess/service_runner.go b/pkg/server/singleprocess/service_runner.go index 86c93509bfd..8dfbc121aae 100644 --- a/pkg/server/singleprocess/service_runner.go +++ b/pkg/server/singleprocess/service_runner.go @@ -459,12 +459,7 @@ func (s *Service) RunnerJobStream( log = log.With("runner_id", reqEvent.Request.RunnerId) // Get the runner to validate it is registered - - runnerId, err := s.decodeId(reqEvent.Request.RunnerId) - if err != nil { - log.Error("Failed to decode runner ID when processing job stream", "id", reqEvent.Request.RunnerId, "err", err) - return status.Errorf(codes.InvalidArgument, "invalid runner id") - } + runnerId := reqEvent.Request.RunnerId runner, err := s.state(ctx).RunnerById(runnerId, nil) if err != nil {