Merge pull request #13 from microsoft/restrict-links-to-platform-deployment

Restrict links to platform deployment and add global exception handling

Author: bradarm

src/MessageHandlers/LinkRequestHandler.cs

@@ -29,11 +29,22 @@ private void LinkRequestHandler(MessageFormats.HostServices.Link.LinkRequest? me
             // Update the request if our plugins changed it
             if (pluginResult == null) {
                 _logger.LogInformation("Plugins nullified '{messageType}'.  Dropping Message (trackingId: '{trackingId}' / correlationId: '{correlationId}')", message.GetType().Name, message.RequestHeader.TrackingId, message.RequestHeader.CorrelationId);
+                returnResponse.ResponseHeader.Message = "LinkRequest rejected by plugins.  For more information, see the logs and/or contact your cluster administrator.";
+                returnResponse.ResponseHeader.Status = MessageFormats.Common.StatusCodes.Rejected;
+                _client.DirectToApp(appId: fullMessage.SourceAppId, message: returnResponse);
                 return;
             }
 
             returnResponse.LinkRequest = pluginResult;
 
+            if (string.Equals(returnResponse.LinkRequest.DestinationAppId, "platform-deployment", StringComparison.OrdinalIgnoreCase) && !_appConfig.ALLOW_LINKS_TO_DEPLOYMENT_SVC) {
+                _logger.LogWarning("LinkRequest to deployment service (platform-deployment) is disabled by configuration.  Rejecting link request (trackingId: '{trackingId}' / correlationId: '{correlationId}')", message.RequestHeader.TrackingId, message.RequestHeader.CorrelationId);
+                returnResponse.ResponseHeader.Message = "LinkRequest to deployment service (platform-deployment) is disabled by configuration.";
+                returnResponse.ResponseHeader.Status = MessageFormats.Common.StatusCodes.Unauthorized;
+                _client.DirectToApp(appId: fullMessage.SourceAppId, message: returnResponse);
+                return;
+            }
+
             _logger.LogDebug("Passing '{messageType}' to FileMoverService for processing. (trackingId: '{trackingId}' / correlationId: '{correlationId}')", message.GetType().Name, message.RequestHeader.TrackingId, message.RequestHeader.CorrelationId);
 
             _fileMoverService.QueueFileMove(returnResponse);

src/Models/AppConfig.cs

@@ -32,11 +32,13 @@ public PLUG_IN() {
         public int FILEMOVER_POLLING_MS { get; set; }
         public string LEAVE_SOURCE_FILE_PROPERTY_VALUE { get; set; }
         public string ALL_XFER_DIR { get; set; }
+        public bool ALLOW_LINKS_TO_DEPLOYMENT_SVC { get; set; }
 
         public APP_CONFIG() : base() {
             FILEMOVER_POLLING_MS = int.Parse(Core.GetConfigSetting("filemoverpollingms").Result);
             LEAVE_SOURCE_FILE_PROPERTY_VALUE = Core.GetConfigSetting("leavesourcefilepropertyvalue").Result;
             ALL_XFER_DIR = Path.Combine(Core.GetConfigSetting("spacefx_cache").Result, Core.GetConfigSetting("allxferdirectory").Result);
+            ALLOW_LINKS_TO_DEPLOYMENT_SVC = bool.Parse(Core.GetConfigSetting("allowlinkstodeploymentsvc").Result);
         }
     }
 }

src/Program.cs

@@ -35,5 +35,18 @@ public static void Main(string[] args) {
             });
         });
         app.Run();
+
+        // Add a middleware to catch exceptions and stop the host gracefully
+        app.Use(async (context, next) => {
+            try {
+                await next.Invoke();
+            } catch (Exception ex) {
+                Console.Error.WriteLine($"Triggering shutdown due to exception caught in global exception handler.  Error: {ex.Message}.  Stack Trace: {ex.StackTrace}");
+
+                // Stop the host gracefully so it triggers the pod to error
+                var lifetime = context.RequestServices.GetService<IHostApplicationLifetime>();
+                lifetime?.StopApplication();
+            }
+        });
     }
 }

src/Services/FileMoverService.cs

@@ -41,6 +41,15 @@ protected override async Task ExecuteAsync(CancellationToken stoppingToken) {
                                 continue;
                             }
 
+                            if (string.Equals(linkResponse.LinkRequest.DestinationAppId, "platform-deployment", StringComparison.OrdinalIgnoreCase) && !_appConfig.ALLOW_LINKS_TO_DEPLOYMENT_SVC) {
+                                _logger.LogWarning("LinkRequest to deployment service (platform-deployment) is disabled by configuration.  Rejecting link request (trackingId: '{trackingId}' / correlationId: '{correlationId}')", linkResponse.ResponseHeader.TrackingId, linkResponse.ResponseHeader.CorrelationId);
+                                linkResponse.ResponseHeader.Message = "LinkRequest to deployment service (platform-deployment) is disabled by configuration.";
+                                linkResponse.ResponseHeader.Status = MessageFormats.Common.StatusCodes.Unauthorized;
+                                await SendResponseToApps(linkResponse);
+                                continue;
+                            }
+
+
                             linkResponse.LinkRequest.DestinationAppId = linkResponse.LinkRequest.DestinationAppId.ToLower();