faas-rs/faasd
1
0
Fork 0
mirror of https://github.com/openfaas/faasd.git synced 2025-06-20 04:56:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add check for namespace label openfaas=true

Browse Source 
This commit adds the checks that the namespace supplied by the user has
the `openfaas=true` label. Without this check the user can
deploy/update/read functions in any namespace  using the CLI.

The UI is not effected because it calls the listnamesaces endpoint,
which has the check for the label

Signed-off-by: Alistair Hey <alistair@heyal.co.uk>
This commit is contained in:
Alistair Hey
2021-09-16 08:31:05 +01:00
committed by Alex Ellis
parent 195e81f595
commit 12b5e8ca7f
9 changed files with 123 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
pkg/provider/handlers/deploy.go
View File

@ -52,10 +52,25 @@ func MakeDeployHandler(client *containerd.Client, cni gocni.CNI, secretMountPath
}
namespace := getRequestNamespace(req.Namespace)
// Check if namespace exists, and it has the openfaas label
nsValid, err := validateNamespace(client, namespace)
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
if !nsValid {
http.Error(w, "namespace not valid", http.StatusBadRequest)
return
}
namespaceSecretMountPath := getNamespaceSecretMountPath(secretMountPath, namespace)
err = validateSecrets(namespaceSecretMountPath, req.Secrets)
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
name := req.Service