From dc56f8a624e708474cab31a0ccba75d810ae0dfd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Toma=C5=BE=20Jerman?= <tomaz.jerman121@gmail.com>
Date: Thu, 7 Oct 2021 14:50:49 +0200
Subject: [PATCH] Fix sink script execution by assurring sufficient ctx
 credentials

---
 pkg/corredor/service.go | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/pkg/corredor/service.go b/pkg/corredor/service.go
index 89f73f154..49f471fba 100644
--- a/pkg/corredor/service.go
+++ b/pkg/corredor/service.go
@@ -658,6 +658,14 @@ func (svc service) exec(ctx context.Context, script string, runAs string, args S
 		token string
 	)
 
+	// Returns context with identity set to service user
+	//
+	// Current user (identity in the context) might not have
+	// sufficient privileges to load info about invoker and runner
+	sysUserCtx := func() context.Context {
+		return auth.SetIdentityToContext(ctx, auth.ServiceUser())
+	}
+
 	log.Debug("triggered")
 
 	if encodedEvent, err = args.Encode(); err != nil {
@@ -683,7 +691,7 @@ func (svc service) exec(ctx context.Context, script string, runAs string, args S
 			return fmt.Errorf("could not run automation script without configured user service")
 		}
 
-		invoker, err = svc.users.FindByAny(ctx, i)
+		invoker, err = svc.users.FindByAny(sysUserCtx(), i)
 		if err != nil {
 			return err
 		}
@@ -707,7 +715,7 @@ func (svc service) exec(ctx context.Context, script string, runAs string, args S
 		// We search for the defined (run-as) user,
 		// assign it to authUser argument and make an
 		// authentication token for it
-		definer, err = svc.users.FindByAny(ctx, runAs)
+		definer, err = svc.users.FindByAny(sysUserCtx(), runAs)
 		if err != nil {
 			return err
 		}