From 93f738d30d166f144aa1a3b582d7ae3b28534b6e Mon Sep 17 00:00:00 2001 From: Miguel Martinez Date: Fri, 12 Sep 2025 15:54:41 +0200 Subject: [PATCH 1/2] fix: federated token middleware Signed-off-by: Miguel Martinez --- app/controlplane/configs/config.devel.yaml | 6 +++--- app/controlplane/internal/server/grpc.go | 14 +++++++------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/app/controlplane/configs/config.devel.yaml b/app/controlplane/configs/config.devel.yaml index e7acbe0ec..f1de75694 100644 --- a/app/controlplane/configs/config.devel.yaml +++ b/app/controlplane/configs/config.devel.yaml @@ -104,6 +104,6 @@ prometheus_integration: # url: http://localhost:8002/v1 enable_profiler: true -# federated_authentication: -# enabled: true -# url: http://localhost:8002/machine-identity/verify-token +federated_authentication: + enabled: true + url: http://localhost:8002/machine-identity/verify-token diff --git a/app/controlplane/internal/server/grpc.go b/app/controlplane/internal/server/grpc.go index 85da73231..bec5c35ba 100644 --- a/app/controlplane/internal/server/grpc.go +++ b/app/controlplane/internal/server/grpc.go @@ -234,17 +234,17 @@ func craftMiddleware(opts *Opts) []middleware.Middleware { usercontext.WithAttestationContextFromAPIToken(opts.APITokenUseCase, opts.OrganizationUseCase, logHelper), // 2.c - Set Attestation context from user token usercontext.WithAttestationContextFromUser(opts.UserUseCase, logHelper), - // Validate the CAS Backend is fully configured and valid - selector.Server( - usercontext.ValidateCASBackend(opts.CASBackendUseCase), - usercontext.BlockIfCASBackendNotValid(opts.CASBackendUseCase), - ).Match(requireFullyConfiguredCASBackendMatcher()).Build(), - // Store all memberships in the context - usercontext.WithCurrentMembershipsMiddleware(opts.MembershipUseCase), // 2.d - Set its robot account from federated delegation usercontext.WithAttestationContextFromFederatedInfo(opts.OrganizationUseCase, logHelper), + // Store all memberships in the context + usercontext.WithCurrentMembershipsMiddleware(opts.MembershipUseCase), // 3 - Update API Token last usage usercontext.WithAPITokenUsageUpdater(opts.APITokenUseCase, logHelper), + // 4 - Validate the CAS Backend is fully configured and valid + selector.Server( + usercontext.ValidateCASBackend(opts.CASBackendUseCase), + usercontext.BlockIfCASBackendNotValid(opts.CASBackendUseCase), + ).Match(requireFullyConfiguredCASBackendMatcher()).Build(), ).Match(requireRobotAccountMatcher()).Build(), ) From 2b2aa5af46cc671d80ac70ec7a5a6734fc62c5f2 Mon Sep 17 00:00:00 2001 From: Miguel Martinez Date: Fri, 12 Sep 2025 15:58:52 +0200 Subject: [PATCH 2/2] fix: federated token middleware Signed-off-by: Miguel Martinez --- app/controlplane/configs/config.devel.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/controlplane/configs/config.devel.yaml b/app/controlplane/configs/config.devel.yaml index f1de75694..e7acbe0ec 100644 --- a/app/controlplane/configs/config.devel.yaml +++ b/app/controlplane/configs/config.devel.yaml @@ -104,6 +104,6 @@ prometheus_integration: # url: http://localhost:8002/v1 enable_profiler: true -federated_authentication: - enabled: true - url: http://localhost:8002/machine-identity/verify-token +# federated_authentication: +# enabled: true +# url: http://localhost:8002/machine-identity/verify-token