gateway: move secret logic from api to actions
This commit is contained in:
parent
f73f0ba434
commit
64044df94d
119
internal/services/gateway/action/secret.go
Normal file
119
internal/services/gateway/action/secret.go
Normal file
@ -0,0 +1,119 @@
|
|||||||
|
// Copyright 2019 Sorint.lab
|
||||||
|
//
|
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
// you may not use this file except in compliance with the License.
|
||||||
|
// You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
// http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
// Unless required by applicable law or agreed to in writing, software
|
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied
|
||||||
|
// See the License for the specific language governing permissions and
|
||||||
|
// limitations under the License.
|
||||||
|
|
||||||
|
package action
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"net/http"
|
||||||
|
|
||||||
|
csapi "github.com/sorintlab/agola/internal/services/configstore/api"
|
||||||
|
"github.com/sorintlab/agola/internal/services/types"
|
||||||
|
"github.com/sorintlab/agola/internal/util"
|
||||||
|
"go.uber.org/zap"
|
||||||
|
|
||||||
|
"github.com/pkg/errors"
|
||||||
|
)
|
||||||
|
|
||||||
|
type GetSecretsRequest struct {
|
||||||
|
ParentType types.ConfigType
|
||||||
|
ParentRef string
|
||||||
|
|
||||||
|
Tree bool
|
||||||
|
}
|
||||||
|
|
||||||
|
func (h *ActionHandler) GetSecrets(ctx context.Context, req *GetSecretsRequest) ([]*csapi.Secret, error) {
|
||||||
|
var cssecrets []*csapi.Secret
|
||||||
|
var resp *http.Response
|
||||||
|
var err error
|
||||||
|
switch req.ParentType {
|
||||||
|
case types.ConfigTypeProjectGroup:
|
||||||
|
cssecrets, resp, err = h.configstoreClient.GetProjectGroupSecrets(ctx, req.ParentRef, req.Tree)
|
||||||
|
case types.ConfigTypeProject:
|
||||||
|
cssecrets, resp, err = h.configstoreClient.GetProjectSecrets(ctx, req.ParentRef, req.Tree)
|
||||||
|
}
|
||||||
|
if err != nil {
|
||||||
|
return nil, ErrFromRemote(resp, err)
|
||||||
|
}
|
||||||
|
|
||||||
|
return cssecrets, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
type CreateSecretRequest struct {
|
||||||
|
Name string
|
||||||
|
|
||||||
|
ParentType types.ConfigType
|
||||||
|
ParentRef string
|
||||||
|
|
||||||
|
Type types.SecretType
|
||||||
|
|
||||||
|
// internal secret
|
||||||
|
Data map[string]string
|
||||||
|
|
||||||
|
// external secret
|
||||||
|
SecretProviderID string
|
||||||
|
Path string
|
||||||
|
}
|
||||||
|
|
||||||
|
type CreateSecretHandler struct {
|
||||||
|
log *zap.SugaredLogger
|
||||||
|
configstoreClient *csapi.Client
|
||||||
|
}
|
||||||
|
|
||||||
|
func (h *ActionHandler) CreateSecret(ctx context.Context, req *CreateSecretRequest) (*csapi.Secret, error) {
|
||||||
|
if !util.ValidateName(req.Name) {
|
||||||
|
return nil, util.NewErrBadRequest(errors.Errorf("invalid secret name %q", req.Name))
|
||||||
|
}
|
||||||
|
|
||||||
|
s := &types.Secret{
|
||||||
|
Name: req.Name,
|
||||||
|
Type: req.Type,
|
||||||
|
Data: req.Data,
|
||||||
|
}
|
||||||
|
|
||||||
|
var resp *http.Response
|
||||||
|
var rs *csapi.Secret
|
||||||
|
var err error
|
||||||
|
switch req.ParentType {
|
||||||
|
case types.ConfigTypeProjectGroup:
|
||||||
|
h.log.Infof("creating project group secret")
|
||||||
|
rs, resp, err = h.configstoreClient.CreateProjectGroupSecret(ctx, req.ParentRef, s)
|
||||||
|
case types.ConfigTypeProject:
|
||||||
|
h.log.Infof("creating project secret")
|
||||||
|
rs, resp, err = h.configstoreClient.CreateProjectSecret(ctx, req.ParentRef, s)
|
||||||
|
}
|
||||||
|
if err != nil {
|
||||||
|
return nil, ErrFromRemote(resp, errors.Wrapf(err, "failed to create secret"))
|
||||||
|
}
|
||||||
|
h.log.Infof("secret %s created, ID: %s", rs.Name, rs.ID)
|
||||||
|
|
||||||
|
return rs, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (h *ActionHandler) DeleteSecret(ctx context.Context, parentType types.ConfigType, parentRef, name string) error {
|
||||||
|
var resp *http.Response
|
||||||
|
var err error
|
||||||
|
switch parentType {
|
||||||
|
case types.ConfigTypeProjectGroup:
|
||||||
|
h.log.Infof("deleting project group secret")
|
||||||
|
resp, err = h.configstoreClient.DeleteProjectGroupSecret(ctx, parentRef, name)
|
||||||
|
case types.ConfigTypeProject:
|
||||||
|
h.log.Infof("deleting project secret")
|
||||||
|
resp, err = h.configstoreClient.DeleteProjectSecret(ctx, parentRef, name)
|
||||||
|
}
|
||||||
|
if err != nil {
|
||||||
|
return ErrFromRemote(resp, errors.Wrapf(err, "failed to delete secret"))
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
@ -19,12 +19,12 @@ import (
|
|||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
csapi "github.com/sorintlab/agola/internal/services/configstore/api"
|
csapi "github.com/sorintlab/agola/internal/services/configstore/api"
|
||||||
|
"github.com/sorintlab/agola/internal/services/gateway/action"
|
||||||
"github.com/sorintlab/agola/internal/services/types"
|
"github.com/sorintlab/agola/internal/services/types"
|
||||||
"github.com/sorintlab/agola/internal/util"
|
"github.com/sorintlab/agola/internal/util"
|
||||||
"go.uber.org/zap"
|
"go.uber.org/zap"
|
||||||
|
|
||||||
"github.com/gorilla/mux"
|
"github.com/gorilla/mux"
|
||||||
"github.com/pkg/errors"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
type SecretResponse struct {
|
type SecretResponse struct {
|
||||||
@ -43,11 +43,11 @@ func createSecretResponse(s *csapi.Secret) *SecretResponse {
|
|||||||
|
|
||||||
type SecretHandler struct {
|
type SecretHandler struct {
|
||||||
log *zap.SugaredLogger
|
log *zap.SugaredLogger
|
||||||
configstoreClient *csapi.Client
|
ah *action.ActionHandler
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewSecretHandler(logger *zap.Logger, configstoreClient *csapi.Client) *SecretHandler {
|
func NewSecretHandler(logger *zap.Logger, ah *action.ActionHandler) *SecretHandler {
|
||||||
return &SecretHandler{log: logger.Sugar(), configstoreClient: configstoreClient}
|
return &SecretHandler{log: logger.Sugar(), ah: ah}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (h *SecretHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
func (h *SecretHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||||
@ -61,15 +61,13 @@ func (h *SecretHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
var cssecrets []*csapi.Secret
|
areq := &action.GetSecretsRequest{
|
||||||
var resp *http.Response
|
ParentType: parentType,
|
||||||
switch parentType {
|
ParentRef: parentRef,
|
||||||
case types.ConfigTypeProjectGroup:
|
Tree: tree,
|
||||||
cssecrets, resp, err = h.configstoreClient.GetProjectGroupSecrets(ctx, parentRef, tree)
|
|
||||||
case types.ConfigTypeProject:
|
|
||||||
cssecrets, resp, err = h.configstoreClient.GetProjectSecrets(ctx, parentRef, tree)
|
|
||||||
}
|
}
|
||||||
if httpErrorFromRemote(w, resp, err) {
|
cssecrets, err := h.ah.GetSecrets(ctx, areq)
|
||||||
|
if httpError(w, err) {
|
||||||
h.log.Errorf("err: %+v", err)
|
h.log.Errorf("err: %+v", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@ -99,11 +97,11 @@ type CreateSecretRequest struct {
|
|||||||
|
|
||||||
type CreateSecretHandler struct {
|
type CreateSecretHandler struct {
|
||||||
log *zap.SugaredLogger
|
log *zap.SugaredLogger
|
||||||
configstoreClient *csapi.Client
|
ah *action.ActionHandler
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewCreateSecretHandler(logger *zap.Logger, configstoreClient *csapi.Client) *CreateSecretHandler {
|
func NewCreateSecretHandler(logger *zap.Logger, ah *action.ActionHandler) *CreateSecretHandler {
|
||||||
return &CreateSecretHandler{log: logger.Sugar(), configstoreClient: configstoreClient}
|
return &CreateSecretHandler{log: logger.Sugar(), ah: ah}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (h *CreateSecretHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
func (h *CreateSecretHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||||
@ -120,34 +118,22 @@ func (h *CreateSecretHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if !util.ValidateName(req.Name) {
|
areq := &action.CreateSecretRequest{
|
||||||
httpError(w, util.NewErrBadRequest(errors.Errorf("invalid secret name %q", req.Name)))
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
s := &types.Secret{
|
|
||||||
Name: req.Name,
|
Name: req.Name,
|
||||||
|
ParentType: parentType,
|
||||||
|
ParentRef: parentRef,
|
||||||
Type: req.Type,
|
Type: req.Type,
|
||||||
Data: req.Data,
|
Data: req.Data,
|
||||||
|
SecretProviderID: req.SecretProviderID,
|
||||||
|
Path: req.Path,
|
||||||
}
|
}
|
||||||
|
cssecret, err := h.ah.CreateSecret(ctx, areq)
|
||||||
var resp *http.Response
|
if httpError(w, err) {
|
||||||
var rs *csapi.Secret
|
|
||||||
switch parentType {
|
|
||||||
case types.ConfigTypeProjectGroup:
|
|
||||||
h.log.Infof("creating project group secret")
|
|
||||||
rs, resp, err = h.configstoreClient.CreateProjectGroupSecret(ctx, parentRef, s)
|
|
||||||
case types.ConfigTypeProject:
|
|
||||||
h.log.Infof("creating project secret")
|
|
||||||
rs, resp, err = h.configstoreClient.CreateProjectSecret(ctx, parentRef, s)
|
|
||||||
}
|
|
||||||
if httpErrorFromRemote(w, resp, err) {
|
|
||||||
h.log.Errorf("err: %+v", err)
|
h.log.Errorf("err: %+v", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
h.log.Infof("secret %s created, ID: %s", rs.Name, rs.ID)
|
|
||||||
|
|
||||||
res := createSecretResponse(rs)
|
res := createSecretResponse(cssecret)
|
||||||
if err := httpResponse(w, http.StatusOK, res); err != nil {
|
if err := httpResponse(w, http.StatusOK, res); err != nil {
|
||||||
h.log.Errorf("err: %+v", err)
|
h.log.Errorf("err: %+v", err)
|
||||||
}
|
}
|
||||||
@ -155,11 +141,11 @@ func (h *CreateSecretHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
|
|||||||
|
|
||||||
type DeleteSecretHandler struct {
|
type DeleteSecretHandler struct {
|
||||||
log *zap.SugaredLogger
|
log *zap.SugaredLogger
|
||||||
configstoreClient *csapi.Client
|
ah *action.ActionHandler
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewDeleteSecretHandler(logger *zap.Logger, configstoreClient *csapi.Client) *DeleteSecretHandler {
|
func NewDeleteSecretHandler(logger *zap.Logger, ah *action.ActionHandler) *DeleteSecretHandler {
|
||||||
return &DeleteSecretHandler{log: logger.Sugar(), configstoreClient: configstoreClient}
|
return &DeleteSecretHandler{log: logger.Sugar(), ah: ah}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (h *DeleteSecretHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
func (h *DeleteSecretHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||||
@ -172,16 +158,8 @@ func (h *DeleteSecretHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
var resp *http.Response
|
err = h.ah.DeleteSecret(ctx, parentType, parentRef, secretName)
|
||||||
switch parentType {
|
if httpError(w, err) {
|
||||||
case types.ConfigTypeProjectGroup:
|
|
||||||
h.log.Infof("deleting project group secret")
|
|
||||||
resp, err = h.configstoreClient.DeleteProjectGroupSecret(ctx, parentRef, secretName)
|
|
||||||
case types.ConfigTypeProject:
|
|
||||||
h.log.Infof("deleting project secret")
|
|
||||||
resp, err = h.configstoreClient.DeleteProjectSecret(ctx, parentRef, secretName)
|
|
||||||
}
|
|
||||||
if httpErrorFromRemote(w, resp, err) {
|
|
||||||
h.log.Errorf("err: %+v", err)
|
h.log.Errorf("err: %+v", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -158,9 +158,9 @@ func (g *Gateway) Run(ctx context.Context) error {
|
|||||||
deleteProjectHandler := api.NewDeleteProjectHandler(logger, g.configstoreClient)
|
deleteProjectHandler := api.NewDeleteProjectHandler(logger, g.configstoreClient)
|
||||||
projectReconfigHandler := api.NewProjectReconfigHandler(logger, g.ah, g.configstoreClient, g.c.APIExposedURL)
|
projectReconfigHandler := api.NewProjectReconfigHandler(logger, g.ah, g.configstoreClient, g.c.APIExposedURL)
|
||||||
|
|
||||||
secretHandler := api.NewSecretHandler(logger, g.configstoreClient)
|
secretHandler := api.NewSecretHandler(logger, g.ah)
|
||||||
createSecretHandler := api.NewCreateSecretHandler(logger, g.configstoreClient)
|
createSecretHandler := api.NewCreateSecretHandler(logger, g.ah)
|
||||||
deleteSecretHandler := api.NewDeleteSecretHandler(logger, g.configstoreClient)
|
deleteSecretHandler := api.NewDeleteSecretHandler(logger, g.ah)
|
||||||
|
|
||||||
variableHandler := api.NewVariableHandler(logger, g.ah)
|
variableHandler := api.NewVariableHandler(logger, g.ah)
|
||||||
createVariableHandler := api.NewCreateVariableHandler(logger, g.ah)
|
createVariableHandler := api.NewCreateVariableHandler(logger, g.ah)
|
||||||
|
Loading…
Reference in New Issue
Block a user