Files

 develop

/

restrict_newer_client.go

Blame

Blame

Latest commit

 

History

History

162 lines (143 loc) · 4.91 KB

 develop

/

restrict_newer_client.go

Top

File metadata and controls

• Code
• Blame

162 lines (143 loc) · 4.91 KB

Raw

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

// Copyright 2020 Canonical Ltd.

// Licensed under the AGPLv3, see LICENCE file for details.

package apiserver

import (

"github.com/juju/collections/set"

"github.com/juju/version/v2"

"github.com/juju/juju/rpc/params"

"github.com/juju/juju/upgrades/upgradevalidation"

jujuversion "github.com/juju/juju/version"

)

func checkClientVersion(userLogin bool, callerVersion version.Number) func(facadeName, methodName string) error {

return func(facadeName, methodName string) error {

serverVersion := jujuversion.Current

incompatibleClientError := &params.IncompatibleClientError{

ServerVersion: serverVersion,

}

// If client or server versions are more than one major version apart,

// reject the call immediately.

if callerVersion.Major < serverVersion.Major-1 || callerVersion.Major > serverVersion.Major+1 {

return incompatibleClientError

}

// If the client major version is greater and the minor version is not 0, reject.

if callerVersion.Major > serverVersion.Major && callerVersion.Minor != 0 {

return incompatibleClientError

}

// Connection pings always need to be allowed.

if facadeName == "Pinger" && methodName == "Ping" {

return nil

}

if !userLogin {

// Only recent older agents can make api calls.

if minAgentVersion, ok := upgradevalidation.MinAgentVersions[serverVersion.Major]; !ok || callerVersion.Compare(minAgentVersion) < 0 {

logger.Warningf("rejected agent api all %v.%v for agent version %v", facadeName, methodName, callerVersion)

return incompatibleClientError

}

return nil

}

// Clients can still access the "X+1.0" controller facades.

// But we never allow unfetted access to older controllers

// as newer clients may have had backwards compatibility removed.

if callerVersion.Major < serverVersion.Major && serverVersion.Minor == 0 {

return nil

}

// Calls to manage the migration of the target controller

// always need to be allowed.

if facadeName == "MigrationTarget" {

return nil

}

// Some calls like status we will support always.

if isMethodAllowedForDifferentClients(facadeName, methodName) {

return nil

}

// Check whitelisted client versions.

if minClientVersion, ok := upgradevalidation.MinClientVersions[serverVersion.Major]; ok && callerVersion.Compare(minClientVersion) >= 0 {

return nil

}

// Check whitelisted server versions.

if minServerVersion, ok := upgradevalidation.MinClientVersions[callerVersion.Major]; ok && serverVersion.Compare(minServerVersion) >= 0 {

return nil

}

// The migration worker makes calls masquerading as a user

// so we need to treat those separately.

olderClient := callerVersion.Major < serverVersion.Major

validMigrationCall := isMethodAllowedForMigrate(facadeName, methodName)

if olderClient && !validMigrationCall {

return incompatibleClientError

}

// Only allow calls to facilitate upgrades or migrations.

if !validMigrationCall && !isMethodAllowedForUpgrade(facadeName, methodName) {

return incompatibleClientError

}

return nil

}

}

func isMethodAllowedForDifferentClients(facadeName, methodName string) bool {

methods, ok := allowedDifferentClientMethods[facadeName]

if !ok {

return false

}

return methods.Contains(methodName)

}

func isMethodAllowedForUpgrade(facadeName, methodName string) bool {

upgradeOK := false

upgradeMethods, ok := allowedMethodsForUpgrade[facadeName]

if ok {

upgradeOK = upgradeMethods.Contains(methodName)

}

return upgradeOK

}

func isMethodAllowedForMigrate(facadeName, methodName string) bool {

migrateOK := false

migrateMethods, ok := allowedMethodsForMigrate[facadeName]

if ok {

migrateOK = migrateMethods.Contains(methodName)

}

return migrateOK

}

// These methods below are potentially called from a client with

// a different major version to the controller.

// As such we need to ensure we retain compatibility.

// allowedDifferentClientMethods stores api calls we want to

// allow regardless of client or controller version.

var allowedDifferentClientMethods = map[string]set.Strings{

"Client": set.NewStrings(

"FullStatus",

),

}

// allowedMethodsForUpgrade stores api calls

// that are not blocked when the connecting client has

// a major version greater than that of the controller.

var allowedMethodsForUpgrade = map[string]set.Strings{

"Client": set.NewStrings(

"FindTools",

),

"ModelUpgrader": set.NewStrings(

"UpgradeModel",

"AbortModelUpgrade",

),

"ModelConfig": set.NewStrings(

"ModelGet",

),

"Controller": set.NewStrings(

"ModelConfig",

"ControllerConfig",

"ControllerVersion",

"CloudSpec",

),

}

// allowedMethodsForMigrate stores api calls

// that are not blocked when the connecting client has

// a major version greater than that of the controller.

var allowedMethodsForMigrate = map[string]set.Strings{

"UserManager": set.NewStrings(

"UserInfo",

),

"ModelManager": set.NewStrings(

"ListModels",

"ModelInfo"),

"Controller": set.NewStrings(

"InitiateMigration",

"IdentityProviderURL",

),

}