diff options
| -rw-r--r-- | components/authorize/src/authorize_keys.erl | 15 | ||||
| -rw-r--r-- | components/authorize/src/authorize_rpc.erl | 3 | ||||
| -rw-r--r-- | components/service_edge/src/service_edge_rpc.erl | 24 |
3 files changed, 26 insertions, 16 deletions
diff --git a/components/authorize/src/authorize_keys.erl b/components/authorize/src/authorize_keys.erl index b5ffd72..6369e70 100644 --- a/components/authorize/src/authorize_keys.erl +++ b/components/authorize/src/authorize_keys.erl @@ -21,6 +21,7 @@ -export([cache_authorizations/1, remove_cached_authorizations/1, remove_cached_authorizations_for_conn/1, + remove_creds_for_conn/1, update_authorization_cache/2]). -export([remove_connection/1]). @@ -159,6 +160,9 @@ remove_cached_authorizations(Svcs) -> remove_cached_authorizations_for_conn(Conn) -> remove_cached_authorizations_for_conn_(normalize_conn(Conn)). +remove_creds_for_conn(Conn) -> + remove_creds_for_conn_(normalize_conn(Conn)). + update_authorization_cache(Conn, CS) -> gen_server:cast(?MODULE, {update_authorization_cache, Conn, CS}). @@ -247,9 +251,10 @@ handle_cast({update_authorization_cache, Conn0, CS}, S) -> update_authorization_cache_(Conn, CS), {noreply, S}; handle_cast({remove_connection, Conn0}, S) -> - Conn = normalize_conn(Conn0), - ets:select_delete(?CACHE, [{ {{'_', Conn}, '_'}, [], [true] }]), - ets:select_delete(?CREDS, [{ {{Conn, '_'}, '_'}, [], [true] }]), + %% Don't remove the credentials + %% Conn = normalize_conn(Conn0), + %% ets:select_delete(?CACHE, [{ {{'_', Conn}, '_'}, [], [true] }]), + %% ets:select_delete(?CREDS, [{ {{Conn, '_'}, '_'}, [], [true] }]), {noreply, S}; handle_cast(_, S) -> {noreply, S}. @@ -681,6 +686,10 @@ remove_cached_authorizations_for_conn_(Conn) -> ets:select_delete(?CACHE, [{ {{'_', Conn}, '_'}, [], [true] }]), ok. +remove_creds_for_conn_(Conn) -> + ets:select_delete(?CREDS, [{ {{Conn, '_'}, '_'}, [], [true] }]), + ok. + can_invoke(Svc, #cred{right_to_invoke = In}) -> lists:any(fun(I) -> match_svc(I, Svc) end, In). diff --git a/components/authorize/src/authorize_rpc.erl b/components/authorize/src/authorize_rpc.erl index 9fa052a..90aec1d 100644 --- a/components/authorize/src/authorize_rpc.erl +++ b/components/authorize/src/authorize_rpc.erl @@ -85,7 +85,7 @@ get_credentials(CompSpec) -> remove_connection(CompSpec, Conn) -> rvi_common:notification(authorize, ?MODULE, remove_connection, - [{conn, Conn}], [status], CompSpec). + [{conn, Conn}], CompSpec). store_creds(CompSpec, Creds, Conn) -> store_creds(CompSpec, Creds, Conn, undefined). @@ -323,6 +323,7 @@ do_store_creds(Creds, Conn, PeerCert, LogId, CS) -> ?debug("Storing ~p creds for conn ~p~nPeerCert = ~w", [length(Creds), Conn, authorize_keys:abbrev(PeerCert)]), authorize_keys:remove_cached_authorizations_for_conn(Conn), + authorize_keys:remove_creds_for_conn(Conn), lists:foreach(fun(Cred) -> store_cred(Cred, Conn, PeerCert, LogId) end, Creds), diff --git a/components/service_edge/src/service_edge_rpc.erl b/components/service_edge/src/service_edge_rpc.erl index b3fa760..3258057 100644 --- a/components/service_edge/src/service_edge_rpc.erl +++ b/components/service_edge/src/service_edge_rpc.erl @@ -256,11 +256,11 @@ handle_websocket(WSock, Mesg, Arg) -> handle_ws_json_rpc(WSock, <<"message">>, Params, _Arg ) -> { ok, SvcName0 } = rvi_common:get_json_element(["service_name"], Params), { ok, Timeout } = rvi_common:get_json_element(["timeout"], Params), - { ok, Parameters } = rvi_common:get_json_element(["parameters"], Params), + { ok, Parameters0 } = rvi_common:get_json_element(["parameters"], Params), SvcName = iolist_to_binary(SvcName0), - ?event({message, ws, [SvcName, Timeout, Parameters]}), - ?debug("WS Parameters: ~p", [Parameters]), - %% Parameters = parse_ws_params(Parameters0), + ?event({message, ws, [SvcName, Timeout, Parameters0]}), + ?debug("WS Parameters: ~p", [Parameters0]), + Parameters = parse_ws_params(Parameters0), LogId = log_id_json_tail(Params ++ Parameters), ?debug("service_edge_rpc:handle_websocket(~p) params!: ~p", [ WSock, Params ]), ?debug("service_edge_rpc:handle_websocket(~p) service: ~p", [ WSock, SvcName ]), @@ -312,14 +312,14 @@ handle_ws_json_rpc(_Ws , <<"get_available_services">>, _Params, _Arg ) -> { services, Services}, { method, <<"get_available_services">>}] }. -%% parse_ws_params([{K, V}|T]) -> -%% K1 = iolist_to_binary(K), -%% V1 = iolist_to_binary(V), -%% ?debug("K1 = ~p, V1 = ~p", [K1, V1]), -%% [{K1, jsx:decode(iolist_to_binary(V1))} -%% | parse_ws_params(T)]; -%% parse_ws_params([]) -> -%% []. +parse_ws_params([{K, V}|T]) -> + K1 = iolist_to_binary(K), + V1 = iolist_to_binary(V), + ?debug("K1 = ~p, V1 = ~p", [K1, V1]), + [{K1, jsx:decode(iolist_to_binary(V1))} + | parse_ws_params(T)]; +parse_ws_params([]) -> + []. %% Invoked by locally connected services. %% Will always be routed as JSON-RPC since that, and websocket, |