Skip to content

ROX-11826: Disable kernel support package uploads for managed central #3661

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
theencee merged 4 commits into from
Nov 8, 2022
Merged

ROX-11826: Disable kernel support package uploads for managed central #3661

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
15c92d2
X-Smart-Branch-Parent: master
theencee Nov 4, 2022
481443e
ROX-11826: Disable kernel support package uploads for managed central
theencee Nov 2, 2022
550cad2
review comments
theencee Nov 4, 2022
78dad7d
cleanup
theencee Nov 4, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 4 additions & 8 deletions central/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -164,6 +164,7 @@ import (
"github.com/stackrox/rox/pkg/grpc/authz/user"
"github.com/stackrox/rox/pkg/grpc/errors"
"github.com/stackrox/rox/pkg/grpc/routes"
"github.com/stackrox/rox/pkg/httputil"
"github.com/stackrox/rox/pkg/httputil/proxy"
"github.com/stackrox/rox/pkg/logging"
pkgMetrics "github.com/stackrox/rox/pkg/metrics"
Expand Down Expand Up @@ -754,14 +755,9 @@ func customRoutes() (customRoutes []routes.CustomRoute) {
}

func notImplementedOnManagedServices(fn http.Handler) http.Handler {
if !env.ManagedCentral.BooleanSetting() {
return fn
}
return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
errMsg := "api is not supported in a managed central environment."
log.Error(errMsg)
http.Error(w, errMsg, http.StatusNotImplemented)
})
return utils.IfThenElse[http.Handler](
env.ManagedCentral.BooleanSetting(), httputil.NotImplementedHandler("api is not supported in a managed central environment."),
fn)
}

func debugRoutes() []routes.CustomRoute {
Expand Down
12 changes: 8 additions & 4 deletions central/probeupload/service/service_impl.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import (
"github.com/stackrox/rox/central/role/resources"
v1 "github.com/stackrox/rox/generated/api/v1"
"github.com/stackrox/rox/pkg/auth/permissions"
"github.com/stackrox/rox/pkg/env"
"github.com/stackrox/rox/pkg/grpc/authz"
"github.com/stackrox/rox/pkg/grpc/authz/idcheck"
"github.com/stackrox/rox/pkg/grpc/authz/perrpc"
Expand All @@ -22,6 +23,7 @@ import (
"github.com/stackrox/rox/pkg/httputil"
"github.com/stackrox/rox/pkg/logging"
"github.com/stackrox/rox/pkg/probeupload"
"github.com/stackrox/rox/pkg/utils"
"google.golang.org/grpc"
"google.golang.org/grpc/codes"
)
Expand Down Expand Up @@ -77,10 +79,12 @@ func (s *service) GetExistingProbes(ctx context.Context, req *v1.GetExistingProb
func (s *service) CustomRoutes() []routes.CustomRoute {
return []routes.CustomRoute{
{
Route: "/api/extensions/probeupload",
Authorizer: user.With(permissions.Modify(resources.ProbeUpload)),
ServerHandler: http.HandlerFunc(s.handleProbeUpload),
Compression: false,
Route: "/api/extensions/probeupload",
Authorizer: user.With(permissions.Modify(resources.ProbeUpload)),
ServerHandler: utils.IfThenElse[http.Handler](
env.EnableKernelPackageUpload.BooleanSetting(), http.HandlerFunc(s.handleProbeUpload),
httputil.NotImplementedHandler("api is not supported because kernel package upload is disabled.")),
Compression: false,
},
{
Route: "/kernel-objects/",
Expand Down
2 changes: 2 additions & 0 deletions image/templates/helm/stackrox-central/templates/01-central-13-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,8 @@ spec:
value: "true"
- name: ROX_ENABLE_CENTRAL_DIAGNOSTICS
value: "false"
- name: ROX_ENABLE_KERNEL_PACKAGE_UPLOAD
value: "false"
{{- end }}
{{- if ._rox.central.db.enabled }}
- name: ROX_POSTGRES_DATASTORE
Expand Down
6 changes: 6 additions & 0 deletions pkg/env/kernel_package_upload.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
package env

var (
// EnableKernelPackageUpload is set to true to signal that kernel support package uploads should be supported.
EnableKernelPackageUpload = RegisterBooleanSetting("ROX_ENABLE_KERNEL_PACKAGE_UPLOAD", true)
)
12 changes: 11 additions & 1 deletion pkg/httputil/handler.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
package httputil

import "net/http"
import (
"net/http"
)

// WrapHandlerFunc wraps a function returning an error into an HTTP handler func that returns a 200 OK with empty
// contents upon success, and sends an error formatted according to `WriteError` to the client otherwise.
Expand All @@ -13,3 +15,11 @@ func WrapHandlerFunc(handlerFn func(req *http.Request) error) http.HandlerFunc {
}
})
}

// NotImplementedHandler returns an HTTP Handler func that returns 501 Not Implemented with a custom error message.
func NotImplementedHandler(errMsg string) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
log.Error(errMsg)
http.Error(w, errMsg, http.StatusNotImplemented)
})
}
9 changes: 9 additions & 0 deletions pkg/utils/if_then_else.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
package utils

// IfThenElse is a ternary operator function that will return `a` if `cond` is true, otherwise it will return `b`
func IfThenElse[T any](cond bool, a, b T) T {
if cond {
return a
}
return b
}