search

opentdf / platform

Persistent data centric security that extends owner control wherever data travels
BSD 3-Clause Clear License
19 stars 11 forks source link

Validate Configuration on Startup #949

Open ttschampel opened 5 months ago

ttschampel commented 5 months ago

The platform should validate configuration state on startup, log configuration errors and then exit.

An example from bad configuration (ERS not enabled/defined in config) resulting in a runtime failure and the platform panics:

{"time":"2024-06-07T00:19:05.261969949Z","level":"DEBUG","msg":"verifying policy binding","namespace":"kas","requestBody.policy":"eyJ1dWlkIjoiNzRhNWZjODktZWFiZC00YWJkLTlkNmUtOGRkNjlhZTQwZjVhIiwiYm9keSI6eyJkYXRhQXR0cmlidXRlcyI6W3siYXR0cmlidXRlIjoiaHR0cHM6Ly9vcGVudGRmLmlvL2F0dHIvaW50ZWxsZWN0dWFscHJvcGVydHkvdmFsdWUvdHJhZGVzZWNyZXQiLCJpc0RlZmF1bHQiOmZhbHNlfV0sImRpc3NlbSI6W119fQ=="}
{"time":"2024-06-07T00:19:05.262143311Z","level":"DEBUG","msg":"extracting policy","namespace":"kas","requestBody.policy":"eyJ1dWlkIjoiNzRhNWZjODktZWFiZC00YWJkLTlkNmUtOGRkNjlhZTQwZjVhIiwiYm9keSI6eyJkYXRhQXR0cmlidXRlcyI6W3siYXR0cmlidXRlIjoiaHR0cHM6Ly9vcGVudGRmLmlvL2F0dHIvaW50ZWxsZWN0dWFscHJvcGVydHkvdmFsdWUvdHJhZGVzZWNyZXQiLCJpc0RlZmF1bHQiOmZhbHNlfV0sImRpc3NlbSI6W119fQ=="}
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x230 pc=0xe59f1a]

goroutine 227 [running]:
google.golang.org/grpc.(*ClientConn).Invoke(0x0, {0x1bc78b0?, 0xc0006e07b0?}, {0x18f9784?, 0xc0005fb600?}, {0x173c680?, 0xc0005fb600?}, {0x173c740?, 0xc0005fb640?}, {0x0, ...})
    /root/go/pkg/mod/google.golang.org/grpc@v1.63.2/call.go:32 +0x5a
github.com/opentdf/platform/protocol/go/entityresolution.(*entityResolutionServiceClient).CreateEntityChainFromJwt(0xc0004bc420, {0x1bc78b0, 0xc0006e07b0}, 0xc0005fb600, {0x0, 0x0, 0x0})
    /app/protocol/go/entityresolution/entity_resolution_grpc.pb.go:53 +0xc8
github.com/opentdf/platform/service/authorization.(*AuthorizationService).GetDecisionsByToken(0xc00060a360, {0x1bc78b0, 0xc0006e07b0}, 0x4ab3c5?)
    /app/service/authorization/authorization.go:137 +0x1a3
github.com/opentdf/platform/protocol/go/authorization._AuthorizationService_GetDecisionsByToken_Handler({0x17067e0, 0xc00060a360}, {0x1bc78b0, 0xc0006e07b0}, 0xc000577b80, 0x0)
    /app/protocol/go/authorization/authorization_grpc.pb.go:131 +0x1a6
google.golang.org/grpc.(*Server).processUnaryRPC(0xc00070d400, {0x1bc78b0, 0xc000876090}, {0x1bd2ec0, 0xc00070e900}, 0xc0008645a0, 0xc000626030, 0x28ad6b8, 0x0)
    /root/go/pkg/mod/google.golang.org/grpc@v1.63.2/server.go:1369 +0xdf8
google.golang.org/grpc.(*Server).handleStream(0xc00070d400, {0x1bd2ec0, 0xc00070e900}, 0xc0008645a0)
    /root/go/pkg/mod/google.golang.org/grpc@v1.63.2/server.go:1780 +0xe8b
google.golang.org/grpc.(*Server).serveStreams.func2.1()
    /root/go/pkg/mod/google.golang.org/grpc@v1.63.2/server.go:1019 +0x8b
created by google.golang.org/grpc.(*Server).serveStreams.func2 in goroutine 172
    /root/go/pkg/mod/google.golang.org/grpc@v1.63.2/server.go:1030 +0x125
strantalis commented 5 months ago

I think something else to think about here is that we alway need some type of resolution service. So this either needs to be remote or enabled as it works now.

Also something @jrschumacher and @jakedoublev have brought up in the past is having some type of very basic resolution logic that is driven by configuration and it doesn't even reach out to keycloak.