Acl and cowboy http service
12 views
Skip to first unread message
Akro
Dec 19, 2017, 10:46:40 AM12/19/17
to CloudI Questions
Hello,
I'm not able to have a dest_list_deny acl rule to work.
Excerpt from my config
{acl,
[ {v1, ["/v1/"]}
]
[...]
[{prefix, "/"}
,{module, cloudi_service_http_cowboy}
,{args, [{port, 6543}, ...]},
,{dest_list_deny, [v1]}
[...]
I would like this service to be denied to call any "/v1/" services.
With this configuration, I can "happily" call http://127.0.0.1:6543/v1/ping => (that maps to: /v1/ping/get)
How can I control what prefix a cowboy process can call ?
PS: I've looked at cloudi_core_i_services_internal.erl the code that should call trie:new from dest_deny, but fail to see it in the 'init' call but see it in the 'update' call. (cloudi 1.7.2 from hex.pm)
Contrast with https://github.com/CloudI/CloudI/blob/develop/src/lib/cloudi_core/src/cloudi_core_i_services_internal.erl#L337 that only pass as is DestDeny...
Thanks !
Michael Truog
Dec 19, 2017, 2:15:21 PM12/19/17
to CloudI Questions
Hi,
Thank you for reporting this problem. You have discovered a bug that was due to an omission in the cloudi_core_i_services_internal.erl source code, with a source code path specifically for high-throughput service requests that are initiated by the functions provided by the cloudi_service_children.hrl file. That means that it affects the services cloudi_service_http_elli, cloudi_service_http_cowboy and cloudi_service_tcp . I have added the fix for this in the commit at:
https://github.com/CloudI/CloudI/commit/5758e61ae3437a81b6d72314bf225e9f705fdae2
https://github.com/CloudI/cloudi_core/commit/645e62b8fefb9bc88868604f1d71c6e7667f3fb9
(either repository may be used for the bugfix)
After you get that fix, then your use of dest_list_deny will work fine. This change will be included in the 1.7.3 release (the release will likely occur in 3-6 months, perhaps less time).
The source code you were looking for before was https://github.com/CloudI/CloudI/blob/develop/src/lib/cloudi_core/src/cloudi_core_i_spawn.erl#L112-L123 .
Best Regards,
Michael
Thank you for reporting this problem. You have discovered a bug that was due to an omission in the cloudi_core_i_services_internal.erl source code, with a source code path specifically for high-throughput service requests that are initiated by the functions provided by the cloudi_service_children.hrl file. That means that it affects the services cloudi_service_http_elli, cloudi_service_http_cowboy and cloudi_service_tcp . I have added the fix for this in the commit at:
https://github.com/CloudI/CloudI/commit/5758e61ae3437a81b6d72314bf225e9f705fdae2
https://github.com/CloudI/cloudi_core/commit/645e62b8fefb9bc88868604f1d71c6e7667f3fb9
(either repository may be used for the bugfix)
After you get that fix, then your use of dest_list_deny will work fine. This change will be included in the 1.7.3 release (the release will likely occur in 3-6 months, perhaps less time).
The source code you were looking for before was https://github.com/CloudI/CloudI/blob/develop/src/lib/cloudi_core/src/cloudi_core_i_spawn.erl#L112-L123 .
Best Regards,
Michael
Akro
Dec 21, 2017, 5:14:34 AM12/21/17
to CloudI Questions
Thank you for the fix.
I didn't retried at the moment, but as soon as the .3 will be released i will upgrade (both cloudI and cloudi_core).
Reply all
Reply to author
Forward
0 new messages