roughed-in access handler (#111)

2024-11-07 08:44:14 +01:00 · 2022-11-23 12:24:35 -05:00 · 2022-11-23 12:24:35 -05:00 · 09c603845c
commit 09c603845c
parent f47d97d103
6 changed files with 166 additions and 0 deletions
--- a/controller/access.go
+++ b/controller/access.go
@ -0,0 +1,75 @@
+package controller
+
+import (
+	"github.com/go-openapi/runtime/middleware"
+	"github.com/openziti-test-kitchen/zrok/controller/store"
+	"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
+	"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/service"
+	"github.com/sirupsen/logrus"
+)
+
+type accessHandler struct{}
+
+func newAccessHandler() *accessHandler {
+	return &accessHandler{}
+}
+
+func (h *accessHandler) Handle(params service.AccessParams, principal *rest_model_zrok.Principal) middleware.Responder {
+	tx, err := str.Begin()
+	if err != nil {
+		logrus.Errorf("error starting transaction: %v", err)
+		return service.NewAccessInternalServerError()
+	}
+	defer func() { _ = tx.Rollback() }()
+
+	envZId := params.Body.ZID
+	envId := 0
+	if envs, err := str.FindEnvironmentsForAccount(int(principal.ID), tx); err == nil {
+		found := false
+		for _, env := range envs {
+			if env.ZId == envZId {
+				logrus.Debugf("found identity '%v' for user '%v'", envZId, principal.Email)
+				envId = env.Id
+				found = true
+				break
+			}
+		}
+		if !found {
+			logrus.Errorf("environment '%v' not found for user '%v'", envZId, principal.Email)
+			return service.NewAccessUnauthorized()
+		}
+	} else {
+		logrus.Errorf("error finding environments for account '%v'", principal.Email)
+		return service.NewAccessInternalServerError()
+	}
+
+	ssvcs, err := str.FindServicesForEnvironment(envId, tx)
+	if err != nil {
+		logrus.Errorf("error finding services for environment")
+		return service.NewAccessInternalServerError()
+	}
+	var ssvc *store.Service
+	for _, v := range ssvcs {
+		if v.Name == params.Body.SvcName {
+			ssvc = v
+			break
+		}
+	}
+	if ssvc == nil {
+		logrus.Errorf("unable to find service '%v' for user '%v'", params.Body.SvcName, principal.Email)
+		return service.NewAccessNotFound()
+	}
+
+	edge, err := edgeClient()
+	if err != nil {
+		logrus.Error(err)
+		return service.NewAccessInternalServerError()
+	}
+
+	if err := createServicePolicyDial(envZId, ssvc.Name, ssvc.ZId, edge); err != nil {
+		logrus.Errorf("unable to create dial policy: %v", err)
+		return service.NewAccessInternalServerError()
+	}
+
+	return service.NewAccessCreated()
+}
--- a/controller/controller.go
+++ b/controller/controller.go
@ -34,6 +34,7 @@ func Run(inCfg *Config) error {
 	api.IdentityVerifyHandler = newVerifyHandler()
 	api.MetadataOverviewHandler = metadata.OverviewHandlerFunc(overviewHandler)
 	api.MetadataVersionHandler = metadata.VersionHandlerFunc(versionHandler)
+	api.ServiceAccessHandler = newAccessHandler()
 	api.ServiceShareHandler = newShareHandler()
 	api.ServiceUnshareHandler = newUnshareHandler()

--- a/rest_client_zrok/service/access_responses.go
+++ b/rest_client_zrok/service/access_responses.go
@ -32,6 +32,12 @@ func (o *AccessReader) ReadResponse(response runtime.ClientResponse, consumer ru
 			return nil, err
 		}
 		return nil, result
+	case 404:
+		result := NewAccessNotFound()
+		if err := result.readResponse(response, consumer, o.formats); err != nil {
+			return nil, err
+		}
+		return nil, result
 	case 500:
 		result := NewAccessInternalServerError()
 		if err := result.readResponse(response, consumer, o.formats); err != nil {
@ -145,6 +151,57 @@ func (o *AccessUnauthorized) readResponse(response runtime.ClientResponse, consu
 	return nil
 }

+// NewAccessNotFound creates a AccessNotFound with default headers values
+func NewAccessNotFound() *AccessNotFound {
+	return &AccessNotFound{}
+}
+
+/*
+AccessNotFound describes a response with status code 404, with default header values.
+
+not found
+*/
+type AccessNotFound struct {
+}
+
+// IsSuccess returns true when this access not found response has a 2xx status code
+func (o *AccessNotFound) IsSuccess() bool {
+	return false
+}
+
+// IsRedirect returns true when this access not found response has a 3xx status code
+func (o *AccessNotFound) IsRedirect() bool {
+	return false
+}
+
+// IsClientError returns true when this access not found response has a 4xx status code
+func (o *AccessNotFound) IsClientError() bool {
+	return true
+}
+
+// IsServerError returns true when this access not found response has a 5xx status code
+func (o *AccessNotFound) IsServerError() bool {
+	return false
+}
+
+// IsCode returns true when this access not found response a status code equal to that given
+func (o *AccessNotFound) IsCode(code int) bool {
+	return code == 404
+}
+
+func (o *AccessNotFound) Error() string {
+	return fmt.Sprintf("[POST /access][%d] accessNotFound ", 404)
+}
+
+func (o *AccessNotFound) String() string {
+	return fmt.Sprintf("[POST /access][%d] accessNotFound ", 404)
+}
+
+func (o *AccessNotFound) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
+
+	return nil
+}
+
 // NewAccessInternalServerError creates a AccessInternalServerError with default headers values
 func NewAccessInternalServerError() *AccessInternalServerError {
 	return &AccessInternalServerError{}
--- a/rest_server_zrok/embedded_spec.go
+++ b/rest_server_zrok/embedded_spec.go
@ -62,6 +62,9 @@ func init() {
          "401": {
            "description": "unauthorized"
          },
+          "404": {
+            "description": "not found"
+          },
          "500": {
            "description": "internal server error"
          }
@ -779,6 +782,9 @@ func init() {
          "401": {
            "description": "unauthorized"
          },
+          "404": {
+            "description": "not found"
+          },
          "500": {
            "description": "internal server error"
          }
--- a/rest_server_zrok/operations/service/access_responses.go
+++ b/rest_server_zrok/operations/service/access_responses.go
@ -61,6 +61,31 @@ func (o *AccessUnauthorized) WriteResponse(rw http.ResponseWriter, producer runt
 	rw.WriteHeader(401)
 }

+// AccessNotFoundCode is the HTTP code returned for type AccessNotFound
+const AccessNotFoundCode int = 404
+
+/*
+AccessNotFound not found
+
+swagger:response accessNotFound
+*/
+type AccessNotFound struct {
+}
+
+// NewAccessNotFound creates AccessNotFound with default headers values
+func NewAccessNotFound() *AccessNotFound {
+
+	return &AccessNotFound{}
+}
+
+// WriteResponse to the client
+func (o *AccessNotFound) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
+
+	rw.WriteHeader(404)
+}
+
 // AccessInternalServerErrorCode is the HTTP code returned for type AccessInternalServerError
 const AccessInternalServerErrorCode int = 500

--- a/specs/zrok.yml
+++ b/specs/zrok.yml
@ -196,6 +196,8 @@ paths:
          description: access created
        401:
          description: unauthorized
+        404:
+          description: not found
        500:
          description: internal server error