editoast: core: gateway: rename header to skip authorization

Signed-off-by: Florian Amsallem <[email protected]>
OpenRailAssociation · Nov 21, 2024 · dd9941f · dd9941f
1 parent 57c96f7
commit dd9941f
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 9 deletions.
diff --git a/core/src/main/java/fr/sncf/osrd/cli/ApiServerCommand.java b/core/src/main/java/fr/sncf/osrd/cli/ApiServerCommand.java
@@ -42,7 +42,7 @@ public final class ApiServerCommand implements CliCommand {
     @Parameter(
             names = {"--editoast-authorization"},
             description = "The HTTP Authorization header sent to editoast")
-    private String editoastAuthorization = "x-osrd-core";
+    private String editoastAuthorization = "x-osrd-skip-authz";
 
     @Parameter(
             names = {"-j", "--threads"},

diff --git a/core/src/main/java/fr/sncf/osrd/cli/WorkerCommand.kt b/core/src/main/java/fr/sncf/osrd/cli/WorkerCommand.kt
@@ -38,7 +38,7 @@ class WorkerCommand : CliCommand {
         names = ["--editoast-authorization"],
         description = "The HTTP Authorization header sent to editoast"
     )
-    private var editoastAuthorization: String = "x-osrd-core"
+    private var editoastAuthorization: String = "x-osrd-skip-authz"
 
     val WORKER_ID: String?
     val WORKER_ID_USE_HOSTNAME: Boolean

diff --git a/editoast/src/views/mod.rs b/editoast/src/views/mod.rs
@@ -149,8 +149,8 @@ pub enum Authentication {
     Unauthenticated,
     /// The issuer of the request provided the 'x-remote-user-identity' header.
     Authenticated(Authorizer<PgAuthDriver<BuiltinRole>>),
-    /// The requests comes from a Core instance. All requests are considered safe.
-    Core,
+    /// The requests comes from a trusted service (like core). All requests are considered safe.
+    SkipAuthorization,
 }
 
 impl Authentication {
@@ -162,7 +162,7 @@ impl Authentication {
     ) -> Result<bool, <PgAuthDriver<BuiltinRole> as editoast_authz::authorizer::StorageDriver>::Error>
     {
         match self {
-            Authentication::Core => Ok(true),
+            Authentication::SkipAuthorization => Ok(true),
             Authentication::Unauthenticated => Ok(false),
             Authentication::Authenticated(authorizer) => {
                 authorizer.check_roles(required_roles).await
@@ -176,7 +176,7 @@ impl Authentication {
     pub fn authorizer(self) -> Result<Authorizer<PgAuthDriver<BuiltinRole>>, AuthorizationError> {
         match self {
             Authentication::Authenticated(authorizer) => Ok(authorizer),
-            Authentication::Unauthenticated | Authentication::Core => {
+            Authentication::Unauthenticated | Authentication::SkipAuthorization => {
                 Err(AuthorizationError::Unauthenticated)
             }
         }
@@ -196,8 +196,8 @@ async fn authenticate(
         )));
     }
     let Some(identity) = headers.get("x-remote-user-identity") else {
-        if headers.contains_key("x-osrd-core") {
-            return Ok(Authentication::Core);
+        if headers.contains_key("x-osrd-skip-authz") {
+            return Ok(Authentication::SkipAuthorization);
         }
         return Ok(Authentication::Unauthenticated);
     };

diff --git a/gateway/gateway.toml b/gateway/gateway.toml
@@ -14,7 +14,7 @@ endpoint = "http://localhost:4317"
 prefix = "/api"
 upstream = "http://localhost:8090"
 require_auth = true
-blocked_headers = ["x-osrd-core"]
+blocked_headers = ["x-osrd-skip-authz"]
 
 [[targets]]
 upstream = "http://localhost:3000"