Added authentication functionality for the private index.

falcosecurity · Sep 19, 2024 · b14f2a7 · b14f2a7
1 parent 4fce8b5
commit b14f2a7
Show file tree

Hide file tree

Showing 5 changed files with 26 additions and 9 deletions.
diff --git a/cmd/index/add/add.go b/cmd/index/add/add.go
@@ -38,11 +38,11 @@ func NewIndexAddCmd(ctx context.Context, opt *options.Common) *cobra.Command {
 	}
 
 	cmd := &cobra.Command{
-		Use:                   "add [NAME] [URL] [BACKEND] [flags]",
+		Use:                   "add [NAME] [URL] [BACKEND] [TOKEN] [flags]",
 		DisableFlagsInUseLine: true,
 		Short:                 "Add an index to the local falcoctl configuration",
-		Long:                  "Add an index to the local falcoctl configuration. Indexes are used to perform search operations for artifacts",
-		Args:                  cobra.RangeArgs(2, 3),
+		Long:                  "Add an index to the local falcoctl configuration. Indexes are used to perform search operations for artifacts\nIf you need authentication for using private index. You have to use token ( base64 encode \"HeaderName:Token\" )",
+		Args:                  cobra.RangeArgs(2, 4),
 		RunE: func(cmd *cobra.Command, args []string) error {
 			return o.RunIndexAdd(ctx, args)
 		},
@@ -59,8 +59,11 @@ func (o *IndexAddOptions) RunIndexAdd(ctx context.Context, args []string) error
 	name := args[0]
 	url := args[1]
 	backend := ""
-	if len(args) > 2 {
+	token := ""
+	if len(args) == 3 {
 		backend = args[2]
+	} else if len(args) == 4 {
+		token = args[3]
 	}
 
 	logger.Debug("Creating in-memory cache using", logger.Args("indexes file", config.IndexesFile, "indexes directory", config.IndexesDir))
@@ -71,7 +74,7 @@ func (o *IndexAddOptions) RunIndexAdd(ctx context.Context, args []string) error
 
 	logger.Info("Adding index", logger.Args("name", name, "path", url))
 
-	if err = indexCache.Add(ctx, name, backend, url); err != nil {
+	if err = indexCache.Add(ctx, name, backend, url, token); err != nil {
 		return fmt.Errorf("unable to add index: %w", err)
 	}
 

diff --git a/cmd/index/add/add_test.go b/cmd/index/add/add_test.go
@@ -27,7 +27,7 @@ import (
 
 //nolint:lll // no need to check for line length.
 var indexAddUsage = `Usage:
-falcoctl index add [NAME] [URL] [BACKEND] [flags]
+falcoctl index add [NAME] [URL] [BACKEND] [TOKEN] [flags]
 
 Flags:
 -h, --help   help for add
@@ -42,7 +42,7 @@ Global Flags:
 var indexAddHelp = `Add an index to the local falcoctl configuration. Indexes are used to perform search operations for artifacts
 
 Usage:
-  falcoctl index add [NAME] [URL] [BACKEND] [flags]
+  falcoctl index add [NAME] [URL] [BACKEND] [TOKEN] [flags]
 
 Flags:
   -h, --help   help for add
@@ -97,7 +97,7 @@ var indexAddTests = Describe("add", func() {
 			BeforeEach(func() {
 				args = []string{indexCmd, addCmd, "--config", configFile, indexName}
 			})
-			addAssertFailedBehavior(indexAddUsage, "ERROR accepts between 2 and 3 arg(s), received 1")
+			addAssertFailedBehavior(indexAddUsage, "ERROR accepts between 2 and 4 arg(s), received 1")
 		})
 
 		When("with invalid URL", func() {

diff --git a/pkg/index/cache/cache.go b/pkg/index/cache/cache.go
@@ -134,7 +134,7 @@ func NewFromConfig(ctx context.Context, indexFile, indexesDir string, indexes []
 // Add adds a new index file to the cache. If the index file already exists in the cache it
 // does nothing. On the other hand, it fetches the index file using the provided URL and adds
 // it to the in memory cache. It does not write it to the filesystem. It is idempotent.
-func (c *Cache) Add(ctx context.Context, name, backend, url string) error {
+func (c *Cache) Add(ctx context.Context, name, backend, url, token string) error {
 	var remoteIndex *index.Index
 	var err error
 
@@ -149,6 +149,7 @@ func (c *Cache) Add(ctx context.Context, name, backend, url string) error {
 		Name:    name,
 		URL:     url,
 		Backend: backend,
+		Token:   token,
 	}
 
 	// If the index is not locally cached we fetch it using the provided url.
@@ -164,6 +165,7 @@ func (c *Cache) Add(ctx context.Context, name, backend, url string) error {
 		UpdatedTimestamp: ts,
 		URL:              url,
 		Backend:          backend,
+		Token:            token,
 	}
 	c.localIndexes.Add(entry)
 

diff --git a/pkg/index/config/config.go b/pkg/index/config/config.go
@@ -33,6 +33,7 @@ type Entry struct {
 	UpdatedTimestamp string `yaml:"updated_timestamp"`
 	URL              string `yaml:"url"`
 	Backend          string `yaml:"backend"`
+	Token            string `yaml:"token"`
 	// TODO: add support for HTTP and other backend configs.
 	// HTTP             http.BackendConfig `yaml:"http"`
 }

diff --git a/pkg/index/fetch/http/fetcher.go b/pkg/index/fetch/http/fetcher.go
@@ -17,9 +17,11 @@ package http
 
 import (
 	"context"
+	"encoding/base64"
 	"fmt"
 	"io"
 	"net/http"
+	"strings"
 
 	"github.com/falcosecurity/falcoctl/pkg/index/config"
 )
@@ -31,6 +33,15 @@ func Fetch(ctx context.Context, conf *config.Entry) ([]byte, error) {
 		return nil, fmt.Errorf("cannot fetch index: %w", err)
 	}
 
+	if conf.Token != "" {
+		tokenString, err := base64.StdEncoding.DecodeString(conf.Token)
+		if err != nil {
+			return nil, fmt.Errorf("unable to parse index token: %w", err)
+		}
+		indexToken := strings.Split(string(tokenString), ":")
+		req.Header.Add(indexToken[0], indexToken[1])
+	}
+
 	client := &http.Client{}
 	resp, err := client.Do(req)
 	if err != nil {