Skip to content

Instantly share code, notes, and snippets.

@ajm188
Created May 4, 2022 13:15
Show Gist options
  • Save ajm188/5b2c7d3ca76004a297e6e279a54c2299 to your computer and use it in GitHub Desktop.
Save ajm188/5b2c7d3ca76004a297e6e279a54c2299 to your computer and use it in GitHub Desktop.
Example VTAdmin Authenticator implementation
package main
import (
"ctx"
"http"
"strings"
"google.golang.org/grpc/metadata"
"vitess.io/vitess/go/vt/log"
"vitess.io/vitess/go/vt/vtadmin/rbac"
)
type userKeyAuthenticator struct{}
func (authn *userKeyAuthenticator) Authenticate(ctx context.Context) (*rbac.Actor, error) {
md, ok := metadata.FromIncomingContext(ctx)
if !ok {
return nil, nil
}
if user := md.Get("user"); len(user) > 0 {
name := user[0]
roles := user[1:]
return &rbac.Actor{
Name: name,
Roles: roles,
}, nil
}
return nil, nil
}
func (authn *userKeyAuthenticator) AuthenticateHTTP(r *http.Request) (*rbac.Actor, error) {
cookie, err := r.Cookie("user")
if err != nil {
log.Infof(`no "user" cookie: %v`, err)
return nil, nil
}
// expect the cookie to be a CSV of "name,role1,role2,...,roleN"
if user := strings.Split(cookie.Value, ","); len(user) > 0 {
name := user[0]
roles := user[1:]
return &rbac.Actor{
Name: name,
Roles: roles,
}, nil
}
log.Infof(`empty "user" cookie`)
return nil, nil
}
// Required to use plugin-mode
func NewAuthenticator() rbac.Authenticator { return &userKeyAuthenticator{} }
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment