Cadence authorization (cadence-workflow#2903)

As a multi-tendency platform, Cadence wants to provide authN and authZ for domain owner to protect their workflows from being start/describe/terminate by unauthorized person/services. Assuming authN is taken care already and all requests to Cadence server contains identity information (say this info lives in request context). AuthZ needs to check: is actor X allow to perform action Y on resource Z.
zshni · Dec 13, 2019 · 8f4ed1c · 8f4ed1c
1 parent 1c6aa68
commit 8f4ed1c
Show file tree

Hide file tree

Showing 9 changed files with 845 additions and 17 deletions.
diff --git a/cmd/server/cadence/server.go b/cmd/server/cadence/server.go
@@ -24,6 +24,8 @@ import (
 	"log"
 	"time"
 
+	"github.com/uber/cadence/common/authorization"
+
 	"go.uber.org/cadence/.gen/go/cadence/workflowserviceclient"
 	"go.uber.org/zap"
 
@@ -204,6 +206,8 @@ func (s *server) startService() common.Daemon {
 
 	params.PersistenceConfig.TransactionSizeLimit = dc.GetIntProperty(dynamicconfig.TransactionSizeLimit, common.DefaultTransactionSizeLimit)
 
+	params.Authorizer = authorization.NewNopAuthorizer()
+
 	params.Logger.Info("Starting service " + s.name)
 
 	var daemon common.Daemon

diff --git a/common/authorization/authorizer.go b/common/authorization/authorizer.go
@@ -0,0 +1,55 @@
+// Copyright (c) 2019 Uber Technologies, Inc.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+
+//go:generate mockgen -copyright_file ../../LICENSE -package $GOPACKAGE -source $GOFILE -destination authority_mock.go
+
+package authorization
+
+import "context"
+
+const (
+	// DecisionDeny means auth decision is deny
+	DecisionDeny Decision = iota + 1
+	// DecisionAllow means auth decision is allow
+	DecisionAllow
+)
+
+type (
+	// Attributes is input for authority to make decision.
+	// It can be extended in future if required auth on resources like WorkflowType and TaskList
+	Attributes struct {
+		Actor      string
+		APIName    string
+		DomainName string
+	}
+
+	// Result is result from authority.
+	Result struct {
+		Decision Decision
+	}
+
+	// Decision is enum type for auth decision
+	Decision int
+)
+
+// Authorizer is an interface for authorization
+type Authorizer interface {
+	Authorize(ctx context.Context, attributes *Attributes) (Result, error)
+}
diff --git a/common/authorization/nopAuthorizer.go b/common/authorization/nopAuthorizer.go
@@ -0,0 +1,37 @@
+// Copyright (c) 2019 Uber Technologies, Inc.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+
+package authorization
+
+import "context"
+
+type nopAuthority struct{}
+
+// NewNopAuthorizer creates a no-op authority
+func NewNopAuthorizer() Authorizer {
+	return &nopAuthority{}
+}
+
+func (a *nopAuthority) Authorize(
+	ctx context.Context,
+	attributes *Attributes,
+) (Result, error) {
+	return Result{Decision: DecisionAllow}, nil
+}
diff --git a/common/service/service.go b/common/service/service.go
@@ -26,6 +26,8 @@ import (
 	"sync/atomic"
 	"time"
 
+	"github.com/uber/cadence/common/authorization"
+
 	"github.com/uber-go/tally"
 	"go.uber.org/cadence/.gen/go/cadence/workflowserviceclient"
 	"go.uber.org/yarpc"
@@ -80,6 +82,7 @@ type (
 		PublicClient        workflowserviceclient.Interface
 		ArchivalMetadata    archiver.ArchivalMetadata
 		ArchiverProvider    provider.ArchiverProvider
+		Authorizer          authorization.Authorizer
 	}
 
 	// MembershipMonitorFactory provides a bootstrapped membership monitor

diff --git a/host/onebox.go b/host/onebox.go
@@ -26,6 +26,8 @@ import (
 	"fmt"
 	"sync"
 
+	"github.com/uber/cadence/common/authorization"
+
 	"github.com/pborman/uuid"
 	"github.com/uber-go/tally"
 
@@ -407,6 +409,7 @@ func (c *cadenceImpl) startFrontend(hosts map[string][]string, startWG *sync.Wai
 	params.ArchiverProvider = c.archiverProvider
 	params.ESConfig = c.esConfig
 	params.ESClient = c.esClient
+	params.Authorizer = authorization.NewNopAuthorizer()
 
 	var err error
 	params.PersistenceConfig, err = copyPersistenceConfig(c.persistenceConfig)