[GCE] Restrict self-information visible to VMs
VMs only need to know the Swarming server to connect to.
Bug: 897355
Change-Id: Ie89609f22d5a3b2027544c1cf4c7350d18ca0440
Reviewed-on: https://chromium-review.googlesource.com/c/infra/luci/luci-go/+/1623152
Reviewed-by: Vadim Shtayura <vadimsh@chromium.org>
Commit-Queue: smut <smut@google.com>
diff --git a/gce/appengine/rpc/instances.go b/gce/appengine/rpc/instances.go
index 6a98b22..6183c22 100644
--- a/gce/appengine/rpc/instances.go
+++ b/gce/appengine/rpc/instances.go
@@ -147,8 +147,15 @@
return nil, status.Errorf(codes.NotFound, "no VM found with hostname %q", hostname)
default:
inst := toInstance(vms[0])
- if vmtoken.Has(c) && !vmtoken.Matches(c, inst.Hostname, inst.Zone, inst.Project) {
- return nil, status.Errorf(codes.PermissionDenied, "unauthorized user")
+ if vmtoken.Has(c) {
+ if !vmtoken.Matches(c, inst.Hostname, inst.Zone, inst.Project) {
+ return nil, status.Errorf(codes.PermissionDenied, "unauthorized user")
+ }
+ // Allow VMs to view minimal self-information.
+ inst = &instances.Instance{
+ Hostname: inst.Hostname,
+ Swarming: inst.Swarming,
+ }
}
return inst, nil
}