agola/internal/services/configstore/api/secret.go

// Copyright 2019 Sorint.lab
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied
// See the License for the specific language governing permissions and
// limitations under the License.

package api

import (
	"encoding/json"
	"net/http"

	"github.com/pkg/errors"
	"github.com/sorintlab/agola/internal/db"
	"github.com/sorintlab/agola/internal/services/configstore/command"
	"github.com/sorintlab/agola/internal/services/configstore/readdb"
	"github.com/sorintlab/agola/internal/services/types"
	"github.com/sorintlab/agola/internal/util"

	"github.com/gorilla/mux"
	"go.uber.org/zap"
)

// Secret augments types.Secret with dynamic data
type Secret struct {
	*types.Secret

	// dynamic data
	ParentPath string
}

type SecretHandler struct {
	log    *zap.SugaredLogger
	readDB *readdb.ReadDB
}

func NewSecretHandler(logger *zap.Logger, readDB *readdb.ReadDB) *SecretHandler {
	return &SecretHandler{log: logger.Sugar(), readDB: readDB}
}

func (h *SecretHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	vars := mux.Vars(r)
	secretID := vars["secretid"]

	var secret *types.Secret
	err := h.readDB.Do(func(tx *db.Tx) error {
		var err error
		secret, err = h.readDB.GetSecretByID(tx, secretID)
		return err
	})
	if err != nil {
		h.log.Errorf("err: %+v", err)
		httpError(w, err)
		return
	}

	if secret == nil {
		httpError(w, util.NewErrNotFound(errors.Errorf("secret %q doesn't exist", secretID)))
		return
	}

	if err := httpResponse(w, http.StatusOK, secret); err != nil {
		h.log.Errorf("err: %+v", err)
	}
}

type SecretsHandler struct {
	log    *zap.SugaredLogger
	readDB *readdb.ReadDB
}

func NewSecretsHandler(logger *zap.Logger, readDB *readdb.ReadDB) *SecretsHandler {
	return &SecretsHandler{log: logger.Sugar(), readDB: readDB}
}

func (h *SecretsHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	query := r.URL.Query()

	_, tree := query["tree"]

	parentType, parentRef, err := GetConfigTypeRef(r)
	if httpError(w, err) {
		h.log.Errorf("err: %+v", err)
		return
	}

	var secrets []*types.Secret
	err = h.readDB.Do(func(tx *db.Tx) error {
		parentID, err := h.readDB.ResolveConfigID(tx, parentType, parentRef)
		if err != nil {
			return err
		}
		if tree {
			secrets, err = h.readDB.GetSecretsTree(tx, parentType, parentID)
		} else {
			secrets, err = h.readDB.GetSecrets(tx, parentID)
		}
		return err
	})
	if err != nil {
		h.log.Errorf("err: %+v", err)
		httpError(w, err)
		return
	}

	resSecrets := make([]*Secret, len(secrets))
	for i, s := range secrets {
		resSecrets[i] = &Secret{Secret: s}
	}

	err = h.readDB.Do(func(tx *db.Tx) error {
		// populate parent path
		for _, s := range resSecrets {
			pp, err := h.readDB.GetPath(tx, s.Parent.Type, s.Parent.ID)
			if err != nil {
				return err
			}
			s.ParentPath = pp
		}
		return err
	})
	if err != nil {
		h.log.Errorf("err: %+v", err)
		httpError(w, err)
		return
	}

	if err := httpResponse(w, http.StatusOK, resSecrets); err != nil {
		h.log.Errorf("err: %+v", err)
	}
}

type CreateSecretHandler struct {
	log    *zap.SugaredLogger
	ch     *command.CommandHandler
	readDB *readdb.ReadDB
}

func NewCreateSecretHandler(logger *zap.Logger, ch *command.CommandHandler) *CreateSecretHandler {
	return &CreateSecretHandler{log: logger.Sugar(), ch: ch}
}

func (h *CreateSecretHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	ctx := r.Context()
	parentType, parentRef, err := GetConfigTypeRef(r)
	if httpError(w, err) {
		h.log.Errorf("err: %+v", err)
		return
	}

	var secret *types.Secret
	d := json.NewDecoder(r.Body)
	if err := d.Decode(&secret); err != nil {
		httpError(w, util.NewErrBadRequest(err))
		return
	}

	secret.Parent.Type = parentType
	secret.Parent.ID = parentRef

	secret, err = h.ch.CreateSecret(ctx, secret)
	if httpError(w, err) {
		h.log.Errorf("err: %+v", err)
		return
	}

	if err := httpResponse(w, http.StatusCreated, secret); err != nil {
		h.log.Errorf("err: %+v", err)
	}
}

type DeleteSecretHandler struct {
	log *zap.SugaredLogger
	ch  *command.CommandHandler
}

func NewDeleteSecretHandler(logger *zap.Logger, ch *command.CommandHandler) *DeleteSecretHandler {
	return &DeleteSecretHandler{log: logger.Sugar(), ch: ch}
}

func (h *DeleteSecretHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	ctx := r.Context()
	vars := mux.Vars(r)
	secretName := vars["secretname"]

	parentType, parentRef, err := GetConfigTypeRef(r)
	if httpError(w, err) {
		h.log.Errorf("err: %+v", err)
		return
	}

	err = h.ch.DeleteSecret(ctx, parentType, parentRef, secretName)
	if httpError(w, err) {
		h.log.Errorf("err: %+v", err)
	}
	if err := httpResponse(w, http.StatusNoContent, nil); err != nil {
		h.log.Errorf("err: %+v", err)
	}
}
initial secret and variables impl 2019-03-14 13:36:18 +00:00			`// Copyright 2019 Sorint.lab`
			`//`
			`// Licensed under the Apache License, Version 2.0 (the "License");`
			`// you may not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
			`//`
			`// http://www.apache.org/licenses/LICENSE-2.0`
			`//`
			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS,`
			`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied`
			`// See the License for the specific language governing permissions and`
			`// limitations under the License.`

			`package api`

			`import (`
			`"encoding/json"`
			`"net/http"`

/api: Use helpers for error handling client: always parse the json error message field and return its contents * Use ErrBadRequest and ErrNotFound in every handler and command * Gateway: by default pass underlying service error (configstore, runservice) to client keeping the status code and message. In future, if some errors must be masked, we should change the specific parts that need special handling. 2019-04-09 12:53:00 +00:00			`"github.com/pkg/errors"`
initial secret and variables impl 2019-03-14 13:36:18 +00:00			`"github.com/sorintlab/agola/internal/db"`
			`"github.com/sorintlab/agola/internal/services/configstore/command"`
			`"github.com/sorintlab/agola/internal/services/configstore/readdb"`
			`"github.com/sorintlab/agola/internal/services/types"`
/api: Use helpers for error handling client: always parse the json error message field and return its contents * Use ErrBadRequest and ErrNotFound in every handler and command * Gateway: by default pass underlying service error (configstore, runservice) to client keeping the status code and message. In future, if some errors must be masked, we should change the specific parts that need special handling. 2019-04-09 12:53:00 +00:00			`"github.com/sorintlab/agola/internal/util"`
initial secret and variables impl 2019-03-14 13:36:18 +00:00
			`"github.com/gorilla/mux"`
			`"go.uber.org/zap"`
			`)`

configstore: use augmented types for vars/secrets dynamic values 2019-04-30 14:28:01 +00:00			`// Secret augments types.Secret with dynamic data`
			`type Secret struct {`
			`*types.Secret`

			`// dynamic data`
			`ParentPath string`
			`}`

initial secret and variables impl 2019-03-14 13:36:18 +00:00			`type SecretHandler struct {`
			`log *zap.SugaredLogger`
			`readDB *readdb.ReadDB`
			`}`

			`func NewSecretHandler(logger zap.Logger, readDB readdb.ReadDB) *SecretHandler {`
			`return &SecretHandler{log: logger.Sugar(), readDB: readDB}`
			`}`

			`func (h SecretHandler) ServeHTTP(w http.ResponseWriter, r http.Request) {`
			`vars := mux.Vars(r)`
			`secretID := vars["secretid"]`

			`var secret *types.Secret`
			`err := h.readDB.Do(func(tx *db.Tx) error {`
			`var err error`
			`secret, err = h.readDB.GetSecretByID(tx, secretID)`
			`return err`
			`})`
			`if err != nil {`
api: use httpError helper everywhere 2019-04-05 14:33:00 +00:00			`h.log.Errorf("err: %+v", err)`
			`httpError(w, err)`
initial secret and variables impl 2019-03-14 13:36:18 +00:00			`return`
			`}`

			`if secret == nil {`
/api: Use helpers for error handling client: always parse the json error message field and return its contents * Use ErrBadRequest and ErrNotFound in every handler and command * Gateway: by default pass underlying service error (configstore, runservice) to client keeping the status code and message. In future, if some errors must be masked, we should change the specific parts that need special handling. 2019-04-09 12:53:00 +00:00			`httpError(w, util.NewErrNotFound(errors.Errorf("secret %q doesn't exist", secretID)))`
initial secret and variables impl 2019-03-14 13:36:18 +00:00			`return`
			`}`

configstore api: improve response handling * Always return a json message also on error. For internal errors return a generic "internal server error" message to not leak the real internal error to clients * Return 201 Created on resource creation * Return 204 No Content on resource deletion and other action with no json output 2019-04-08 10:29:25 +00:00			`if err := httpResponse(w, http.StatusOK, secret); err != nil {`
api: use httpError helper everywhere 2019-04-05 14:33:00 +00:00			`h.log.Errorf("err: %+v", err)`
initial secret and variables impl 2019-03-14 13:36:18 +00:00			`}`
			`}`

			`type SecretsHandler struct {`
			`log *zap.SugaredLogger`
			`readDB *readdb.ReadDB`
			`}`

			`func NewSecretsHandler(logger zap.Logger, readDB readdb.ReadDB) *SecretsHandler {`
			`return &SecretsHandler{log: logger.Sugar(), readDB: readDB}`
			`}`

			`func (h SecretsHandler) ServeHTTP(w http.ResponseWriter, r http.Request) {`
			`query := r.URL.Query()`

			`_, tree := query["tree"]`

			`parentType, parentRef, err := GetConfigTypeRef(r)`
			`if httpError(w, err) {`
			`h.log.Errorf("err: %+v", err)`
			`return`
			`}`

			`var secrets []*types.Secret`
			`err = h.readDB.Do(func(tx *db.Tx) error {`
			`parentID, err := h.readDB.ResolveConfigID(tx, parentType, parentRef)`
			`if err != nil {`
			`return err`
			`}`
			`if tree {`
			`secrets, err = h.readDB.GetSecretsTree(tx, parentType, parentID)`
			`} else {`
			`secrets, err = h.readDB.GetSecrets(tx, parentID)`
			`}`
configstore: use augmented types for vars/secrets dynamic values 2019-04-30 14:28:01 +00:00			`return err`
			`})`
			`if err != nil {`
			`h.log.Errorf("err: %+v", err)`
			`httpError(w, err)`
			`return`
			`}`

			`resSecrets := make([]*Secret, len(secrets))`
			`for i, s := range secrets {`
			`resSecrets[i] = &Secret{Secret: s}`
			`}`

			`err = h.readDB.Do(func(tx *db.Tx) error {`
initial secret and variables impl 2019-03-14 13:36:18 +00:00			`// populate parent path`
configstore: use augmented types for vars/secrets dynamic values 2019-04-30 14:28:01 +00:00			`for _, s := range resSecrets {`
configstore: rename GetParentPath to GetPath and rename file from parent.go to resolve.go 2019-04-30 15:06:44 +00:00			`pp, err := h.readDB.GetPath(tx, s.Parent.Type, s.Parent.ID)`
initial secret and variables impl 2019-03-14 13:36:18 +00:00			`if err != nil {`
			`return err`
			`}`
configstore: use augmented types for vars/secrets dynamic values 2019-04-30 14:28:01 +00:00			`s.ParentPath = pp`
initial secret and variables impl 2019-03-14 13:36:18 +00:00			`}`
			`return err`
			`})`
			`if err != nil {`
api: use httpError helper everywhere 2019-04-05 14:33:00 +00:00			`h.log.Errorf("err: %+v", err)`
			`httpError(w, err)`
initial secret and variables impl 2019-03-14 13:36:18 +00:00			`return`
			`}`

configstore: use augmented types for vars/secrets dynamic values 2019-04-30 14:28:01 +00:00			`if err := httpResponse(w, http.StatusOK, resSecrets); err != nil {`
api: use httpError helper everywhere 2019-04-05 14:33:00 +00:00			`h.log.Errorf("err: %+v", err)`
initial secret and variables impl 2019-03-14 13:36:18 +00:00			`}`
			`}`

			`type CreateSecretHandler struct {`
			`log *zap.SugaredLogger`
			`ch *command.CommandHandler`
			`readDB *readdb.ReadDB`
			`}`

			`func NewCreateSecretHandler(logger zap.Logger, ch command.CommandHandler) *CreateSecretHandler {`
			`return &CreateSecretHandler{log: logger.Sugar(), ch: ch}`
			`}`

			`func (h CreateSecretHandler) ServeHTTP(w http.ResponseWriter, r http.Request) {`
			`ctx := r.Context()`
			`parentType, parentRef, err := GetConfigTypeRef(r)`
			`if httpError(w, err) {`
			`h.log.Errorf("err: %+v", err)`
			`return`
			`}`

			`var secret *types.Secret`
			`d := json.NewDecoder(r.Body)`
			`if err := d.Decode(&secret); err != nil {`
/api: Use helpers for error handling client: always parse the json error message field and return its contents * Use ErrBadRequest and ErrNotFound in every handler and command * Gateway: by default pass underlying service error (configstore, runservice) to client keeping the status code and message. In future, if some errors must be masked, we should change the specific parts that need special handling. 2019-04-09 12:53:00 +00:00			`httpError(w, util.NewErrBadRequest(err))`
initial secret and variables impl 2019-03-14 13:36:18 +00:00			`return`
			`}`

			`secret.Parent.Type = parentType`
			`secret.Parent.ID = parentRef`

			`secret, err = h.ch.CreateSecret(ctx, secret)`
			`if httpError(w, err) {`
			`h.log.Errorf("err: %+v", err)`
			`return`
			`}`

configstore api: improve response handling * Always return a json message also on error. For internal errors return a generic "internal server error" message to not leak the real internal error to clients * Return 201 Created on resource creation * Return 204 No Content on resource deletion and other action with no json output 2019-04-08 10:29:25 +00:00			`if err := httpResponse(w, http.StatusCreated, secret); err != nil {`
api: use httpError helper everywhere 2019-04-05 14:33:00 +00:00			`h.log.Errorf("err: %+v", err)`
initial secret and variables impl 2019-03-14 13:36:18 +00:00			`}`
			`}`

			`type DeleteSecretHandler struct {`
			`log *zap.SugaredLogger`
			`ch *command.CommandHandler`
			`}`

			`func NewDeleteSecretHandler(logger zap.Logger, ch command.CommandHandler) *DeleteSecretHandler {`
			`return &DeleteSecretHandler{log: logger.Sugar(), ch: ch}`
			`}`

			`func (h DeleteSecretHandler) ServeHTTP(w http.ResponseWriter, r http.Request) {`
			`ctx := r.Context()`
			`vars := mux.Vars(r)`
			`secretName := vars["secretname"]`

			`parentType, parentRef, err := GetConfigTypeRef(r)`
			`if httpError(w, err) {`
			`h.log.Errorf("err: %+v", err)`
			`return`
			`}`

			`err = h.ch.DeleteSecret(ctx, parentType, parentRef, secretName)`
			`if httpError(w, err) {`
			`h.log.Errorf("err: %+v", err)`
			`}`
configstore api: improve response handling * Always return a json message also on error. For internal errors return a generic "internal server error" message to not leak the real internal error to clients * Return 201 Created on resource creation * Return 204 No Content on resource deletion and other action with no json output 2019-04-08 10:29:25 +00:00			`if err := httpResponse(w, http.StatusNoContent, nil); err != nil {`
			`h.log.Errorf("err: %+v", err)`
			`}`
initial secret and variables impl 2019-03-14 13:36:18 +00:00			`}`