rbac: fix usage of AuthInfo (#7522)

grpc · Aug 16, 2024 · f8d98a4 · f8d98a4
1 parent 4e29cc6
commit f8d98a4
Showing 1 changed file with 8 additions and 10 deletions.
diff --git a/internal/xds/rbac/rbac_engine.go b/internal/xds/rbac/rbac_engine.go
@@ -237,12 +237,9 @@ func newRPCData(ctx context.Context) (*rpcData, error) {
 
 	var authType string
 	var peerCertificates []*x509.Certificate
-	if pi.AuthInfo != nil {
-		tlsInfo, ok := pi.AuthInfo.(credentials.TLSInfo)
-		if ok {
-			authType = pi.AuthInfo.AuthType()
-			peerCertificates = tlsInfo.State.PeerCertificates
-		}
+	if tlsInfo, ok := pi.AuthInfo.(credentials.TLSInfo); ok {
+		authType = pi.AuthInfo.AuthType()
+		peerCertificates = tlsInfo.State.PeerCertificates
 	}
 
 	return &rpcData{
@@ -281,11 +278,12 @@ func (e *engine) doAuditLogging(rpcData *rpcData, rule string, authorized bool)
 	// In the RBAC world, we need to have a SPIFFE ID as the principal for this
 	// to be meaningful
 	principal := ""
-	if rpcData.peerInfo != nil && rpcData.peerInfo.AuthInfo != nil && rpcData.peerInfo.AuthInfo.AuthType() == "tls" {
+	if rpcData.peerInfo != nil {
 		// If AuthType = tls, then we can cast AuthInfo to TLSInfo.
-		tlsInfo := rpcData.peerInfo.AuthInfo.(credentials.TLSInfo)
-		if tlsInfo.SPIFFEID != nil {
-			principal = tlsInfo.SPIFFEID.String()
+		if tlsInfo, ok := rpcData.peerInfo.AuthInfo.(credentials.TLSInfo); ok {
+			if tlsInfo.SPIFFEID != nil {
+				principal = tlsInfo.SPIFFEID.String()
+			}
 		}
 	}