//GetSchema returns the schema filtered and trimmed for a specific user or nil when the user shouldn't see it at all
func GetSchema(s *schema.Schema, authorization schema.Authorization) (result *schema.Resource, err error) {
manager := schema.GetManager()
metaschema, _ := manager.Schema("schema")
policy, _ := manager.PolicyValidate("read", s.GetPluralURL(), authorization)
if policy == nil {
return
}
if s.IsAbstract() {
return
}
rawSchema := s.JSON()
filteredSchema := util.ExtendMap(nil, s.JSONSchema)
rawSchema["schema"] = filteredSchema
schemaProperties, schemaPropertiesOrder, schemaRequired := policy.FilterSchema(
util.MaybeMap(s.JSONSchema["properties"]),
util.MaybeStringList(s.JSONSchema["propertiesOrder"]),
util.MaybeStringList(s.JSONSchema["required"]))
filteredSchema["properties"] = schemaProperties
filteredSchema["propertiesOrder"] = schemaPropertiesOrder
filteredSchema["required"] = schemaRequired
result, err = schema.NewResource(metaschema, rawSchema)
if err != nil {
log.Warning("%s %s", result, err)
return
}
return
}
// GetMultipleResources returns all resources specified by the schema and query parameters
func GetMultipleResources(context middleware.Context, dataStore db.DB, resourceSchema *schema.Schema, queryParameters map[string][]string) error {
log.Debug("Start get multiple resources!!")
auth := context["auth"].(schema.Authorization)
policy, err := loadPolicy(context, "read", resourceSchema.GetPluralURL(), auth)
if err != nil {
return err
}
filter := FilterFromQueryParameter(resourceSchema, queryParameters)
if policy.RequireOwner() {
filter["tenant_id"] = policy.GetTenantIDFilter(schema.ActionRead, auth.TenantID())
}
filter = policy.RemoveHiddenProperty(filter)
paginator, err := pagination.FromURLQuery(resourceSchema, queryParameters)
if err != nil {
return ResourceError{err, err.Error(), WrongQuery}
}
context["policy"] = policy
environmentManager := extension.GetManager()
environment, ok := environmentManager.GetEnvironment(resourceSchema.ID)
if !ok {
return fmt.Errorf("No environment for schema")
}
if err := extension.HandleEvent(context, environment, "pre_list"); err != nil {
return err
}
if rawResponse, ok := context["response"]; ok {
if _, ok := rawResponse.(map[string]interface{}); ok {
return nil
}
return fmt.Errorf("extension returned invalid JSON: %v", rawResponse)
}
if err := GetResources(context, dataStore, resourceSchema, filter, paginator); err != nil {
return err
}
if err := extension.HandleEvent(context, environment, "post_list"); err != nil {
return err
}
if err := ApplyPolicyForResources(context, resourceSchema); err != nil {
return err
}
return nil
}
//GetSchema returns the schema filtered and trimmed for a specific user or nil when the user shouldn't see it at all
func GetSchema(s *schema.Schema, authorization schema.Authorization) (result *schema.Resource, err error) {
manager := schema.GetManager()
metaschema, _ := manager.Schema("schema")
policy, _ := manager.PolicyValidate("read", s.GetPluralURL(), authorization)
if policy == nil {
return
}
originalRawSchema := s.RawData.(map[string]interface{})
rawSchema := map[string]interface{}{}
for key, value := range originalRawSchema {
rawSchema[key] = value
}
originalSchema := originalRawSchema["schema"].(map[string]interface{})
schemaSchema := map[string]interface{}{}
for key, value := range originalSchema {
schemaSchema[key] = value
}
rawSchema["schema"] = schemaSchema
originalProperties := originalSchema["properties"].(map[string]interface{})
schemaProperties := map[string]interface{}{}
for key, value := range originalProperties {
schemaProperties[key] = value
}
var schemaPropertiesOrder []interface{}
if _, ok := originalSchema["propertiesOrder"]; ok {
originalPropertiesOrder := originalSchema["propertiesOrder"].([]interface{})
for _, value := range originalPropertiesOrder {
schemaPropertiesOrder = append(schemaPropertiesOrder, value)
}
}
var schemaRequired []interface{}
if _, ok := originalSchema["required"]; ok {
originalRequired := originalSchema["required"].([]interface{})
for _, value := range originalRequired {
schemaRequired = append(schemaRequired, value)
}
}
schemaProperties, schemaPropertiesOrder, schemaRequired = policy.MetaFilter(schemaProperties, schemaPropertiesOrder, schemaRequired)
schemaSchema["properties"] = schemaProperties
schemaSchema["propertiesOrder"] = schemaPropertiesOrder
schemaSchema["required"] = schemaRequired
result, err = schema.NewResource(metaschema, rawSchema)
if err != nil {
log.Warning("%s %s", result, err)
return
}
return
}
// CreateResource creates the resource specified by the schema and dataMap
func CreateResource(
context middleware.Context,
dataStore db.DB,
identityService middleware.IdentityService,
resourceSchema *schema.Schema,
dataMap map[string]interface{},
) error {
manager := schema.GetManager()
// Load environment
environmentManager := extension.GetManager()
environment, ok := environmentManager.GetEnvironment(resourceSchema.ID)
if !ok {
return fmt.Errorf("No environment for schema")
}
auth := context["auth"].(schema.Authorization)
//LoadPolicy
policy, err := loadPolicy(context, "create", resourceSchema.GetPluralURL(), auth)
if err != nil {
return err
}
_, err = resourceSchema.GetPropertyByID("tenant_id")
if _, ok := dataMap["tenant_id"]; err == nil && !ok {
dataMap["tenant_id"] = context["tenant_id"]
}
if tenantID, ok := dataMap["tenant_id"]; ok && tenantID != nil {
dataMap["tenant_name"], err = identityService.GetTenantName(tenantID.(string))
if err != nil {
return ResourceError{err, err.Error(), Unauthorized}
}
}
//Apply policy for api input
err = policy.Check(schema.ActionCreate, auth, dataMap)
if err != nil {
return ResourceError{err, err.Error(), Unauthorized}
}
delete(dataMap, "tenant_name")
// apply property filter
err = policy.ApplyPropertyConditionFilter(schema.ActionCreate, dataMap, nil)
if err != nil {
return ResourceError{err, err.Error(), Unauthorized}
}
context["resource"] = dataMap
if id, ok := dataMap["id"]; !ok || id == "" {
dataMap["id"] = uuid.NewV4().String()
}
context["id"] = dataMap["id"]
if err := extension.HandleEvent(context, environment, "pre_create"); err != nil {
return err
}
if resourceData, ok := context["resource"].(map[string]interface{}); ok {
dataMap = resourceData
}
//Validation
err = resourceSchema.ValidateOnCreate(dataMap)
if err != nil {
return ResourceError{err, fmt.Sprintf("Validation error: %s", err), WrongData}
}
resource, err := manager.LoadResource(resourceSchema.ID, dataMap)
if err != nil {
return err
}
//Fillup default
err = resource.PopulateDefaults()
if err != nil {
return err
}
context["resource"] = resource.Data()
if err := InTransaction(
context, dataStore,
transaction.GetIsolationLevel(resourceSchema, schema.ActionCreate),
func() error {
return CreateResourceInTransaction(context, resource)
},
); err != nil {
return err
}
if err := extension.HandleEvent(context, environment, "post_create"); err != nil {
return err
}
if err := ApplyPolicyForResource(context, resourceSchema); err != nil {
return ResourceError{err, "", Unauthorized}
}
return nil
}
//MapRouteBySchema setup api route by schema
func MapRouteBySchema(server *Server, dataStore db.DB, s *schema.Schema) {
if s.IsAbstract() {
return
}
route := server.martini
singleURL := s.GetSingleURL()
pluralURL := s.GetPluralURL()
singleURLWithParents := s.GetSingleURLWithParents()
pluralURLWithParents := s.GetPluralURLWithParents()
//load extension environments
environmentManager := extension.GetManager()
if _, ok := environmentManager.GetEnvironment(s.ID); !ok {
env, err := server.NewEnvironmentForPath(s.ID, pluralURL)
if err != nil {
log.Fatal(fmt.Sprintf("[%s] %v", pluralURL, err))
}
environmentManager.RegisterEnvironment(s.ID, env)
}
log.Debug("[Plural Path] %s", pluralURL)
log.Debug("[Singular Path] %s", singleURL)
log.Debug("[Plural Path With Parents] %s", pluralURLWithParents)
log.Debug("[Singular Path With Parents] %s", singleURLWithParents)
//setup list route
getPluralFunc := func(w http.ResponseWriter, r *http.Request, p martini.Params, identityService middleware.IdentityService, context middleware.Context) {
addJSONContentTypeHeader(w)
fillInContext(context, dataStore, r, w, s, p, server.sync, identityService, server.queue)
if err := resources.GetMultipleResources(context, dataStore, s, r.URL.Query()); err != nil {
handleError(w, err)
return
}
w.Header().Add("X-Total-Count", fmt.Sprint(context["total"]))
routes.ServeJson(w, context["response"])
}
route.Get(pluralURL, middleware.Authorization(schema.ActionRead), getPluralFunc)
route.Get(pluralURLWithParents, middleware.Authorization(schema.ActionRead), func(w http.ResponseWriter, r *http.Request, p martini.Params, identityService middleware.IdentityService, context middleware.Context) {
addParamToQuery(r, schema.FormatParentID(s.Parent), p[s.Parent])
getPluralFunc(w, r, p, identityService, context)
})
//setup show route
getSingleFunc := func(w http.ResponseWriter, r *http.Request, p martini.Params, identityService middleware.IdentityService, context middleware.Context) {
addJSONContentTypeHeader(w)
fillInContext(context, dataStore, r, w, s, p, server.sync, identityService, server.queue)
id := p["id"]
if err := resources.GetSingleResource(context, dataStore, s, id); err != nil {
handleError(w, err)
return
}
routes.ServeJson(w, context["response"])
}
route.Get(singleURL, middleware.Authorization(schema.ActionRead), getSingleFunc)
route.Get(singleURLWithParents, middleware.Authorization(schema.ActionRead), func(w http.ResponseWriter, r *http.Request, p martini.Params, identityService middleware.IdentityService, context middleware.Context) {
addParamToQuery(r, schema.FormatParentID(s.Parent), p[s.Parent])
getSingleFunc(w, r, p, identityService, context)
})
//setup delete route
deleteSingleFunc := func(w http.ResponseWriter, r *http.Request, p martini.Params, identityService middleware.IdentityService, context middleware.Context) {
addJSONContentTypeHeader(w)
fillInContext(context, dataStore, r, w, s, p, server.sync, identityService, server.queue)
id := p["id"]
if err := resources.DeleteResource(context, dataStore, s, id); err != nil {
handleError(w, err)
return
}
w.WriteHeader(http.StatusNoContent)
}
route.Delete(singleURL, middleware.Authorization(schema.ActionDelete), deleteSingleFunc)
route.Delete(singleURLWithParents, middleware.Authorization(schema.ActionDelete), func(w http.ResponseWriter, r *http.Request, p martini.Params, identityService middleware.IdentityService, context middleware.Context) {
addParamToQuery(r, schema.FormatParentID(s.Parent), p[s.Parent])
deleteSingleFunc(w, r, p, identityService, context)
})
//setup create route
postPluralFunc := func(w http.ResponseWriter, r *http.Request, p martini.Params, identityService middleware.IdentityService, context middleware.Context) {
addJSONContentTypeHeader(w)
fillInContext(context, dataStore, r, w, s, p, server.sync, identityService, server.queue)
dataMap, err := middleware.ReadJSON(r)
if err != nil {
handleError(w, resources.NewResourceError(err, fmt.Sprintf("Failed to parse data: %s", err), resources.WrongData))
return
}
dataMap = removeResourceWrapper(s, dataMap)
if s.Parent != "" {
if _, ok := dataMap[s.ParentID()]; !ok {
queryParams := r.URL.Query()
parentIDParam := queryParams.Get(s.ParentID())
if parentIDParam != "" {
dataMap[s.ParentID()] = parentIDParam
}
}
}
if err := resources.CreateResource(context, dataStore, identityService, s, dataMap); err != nil {
handleError(w, err)
return
}
w.WriteHeader(http.StatusCreated)
routes.ServeJson(w, context["response"])
}
route.Post(pluralURL, middleware.Authorization(schema.ActionCreate), postPluralFunc)
route.Post(pluralURLWithParents, middleware.Authorization(schema.ActionCreate),
func(w http.ResponseWriter, r *http.Request, p martini.Params, identityService middleware.IdentityService, context middleware.Context) {
addParamToQuery(r, schema.FormatParentID(s.Parent), p[s.Parent])
postPluralFunc(w, r, p, identityService, context)
})
//setup create or update route
putSingleFunc := func(w http.ResponseWriter, r *http.Request, p martini.Params, identityService middleware.IdentityService, context middleware.Context) {
addJSONContentTypeHeader(w)
fillInContext(context, dataStore, r, w, s, p, server.sync, identityService, server.queue)
id := p["id"]
dataMap, err := middleware.ReadJSON(r)
if err != nil {
handleError(w, resources.NewResourceError(err, fmt.Sprintf("Failed to parse data: %s", err), resources.WrongData))
return
}
dataMap = removeResourceWrapper(s, dataMap)
if isCreated, err := resources.CreateOrUpdateResource(
context, dataStore, identityService, s, id, dataMap); err != nil {
handleError(w, err)
return
} else if isCreated {
w.WriteHeader(http.StatusCreated)
}
routes.ServeJson(w, context["response"])
}
route.Put(singleURL, middleware.Authorization(schema.ActionUpdate), putSingleFunc)
route.Put(singleURLWithParents, middleware.Authorization(schema.ActionUpdate),
func(w http.ResponseWriter, r *http.Request, p martini.Params, identityService middleware.IdentityService, context middleware.Context) {
addParamToQuery(r, schema.FormatParentID(s.Parent), p[s.Parent])
putSingleFunc(w, r, p, identityService, context)
})
//setup update route
patchSingleFunc := func(w http.ResponseWriter, r *http.Request, p martini.Params, identityService middleware.IdentityService, context middleware.Context) {
addJSONContentTypeHeader(w)
fillInContext(context, dataStore, r, w, s, p, server.sync, identityService, server.queue)
id := p["id"]
dataMap, err := middleware.ReadJSON(r)
if err != nil {
handleError(w, resources.NewResourceError(err, fmt.Sprintf("Failed to parse data: %s", err), resources.WrongData))
return
}
dataMap = removeResourceWrapper(s, dataMap)
if err := resources.UpdateResource(
context, dataStore, identityService, s, id, dataMap); err != nil {
handleError(w, err)
return
}
routes.ServeJson(w, context["response"])
}
route.Patch(singleURL, middleware.Authorization(schema.ActionUpdate), patchSingleFunc)
route.Patch(singleURLWithParents, middleware.Authorization(schema.ActionUpdate),
func(w http.ResponseWriter, r *http.Request, p martini.Params, identityService middleware.IdentityService, context middleware.Context) {
addParamToQuery(r, schema.FormatParentID(s.Parent), p[s.Parent])
patchSingleFunc(w, r, p, identityService, context)
})
//Custom action support
for _, actionExt := range s.Actions {
action := actionExt
ActionFunc := func(w http.ResponseWriter, r *http.Request, p martini.Params,
identityService middleware.IdentityService, auth schema.Authorization, context middleware.Context) {
addJSONContentTypeHeader(w)
fillInContext(context, dataStore, r, w, s, p, server.sync, identityService, server.queue)
id := p["id"]
input := make(map[string]interface{})
if action.InputSchema != nil {
var err error
input, err = middleware.ReadJSON(r)
if err != nil {
handleError(w, resources.NewResourceError(err, fmt.Sprintf("Failed to parse data: %s", err), resources.WrongData))
return
}
}
// TODO use authorization middleware
manager := schema.GetManager()
path := r.URL.Path
policy, role := manager.PolicyValidate(action.ID, path, auth)
if policy == nil {
middleware.HTTPJSONError(w, fmt.Sprintf("No matching policy: %s %s %s", action, path, s.Actions), http.StatusUnauthorized)
return
}
context["policy"] = policy
context["tenant_id"] = auth.TenantID()
context["auth_token"] = auth.AuthToken()
context["role"] = role
context["catalog"] = auth.Catalog()
context["auth"] = auth
if err := resources.ActionResource(
context, dataStore, identityService, s, action, id, input); err != nil {
handleError(w, err)
return
}
routes.ServeJson(w, context["response"])
}
route.AddRoute(action.Method, s.GetActionURL(action.Path), ActionFunc)
}
}
"shared": false,
}
subnet1 = map[string]interface{}{
"id": "test3",
"name": "Minas Tirith",
"tenant_id": adminTenantID,
"cidr": "10.10.0.0/16",
}
})
JustBeforeEach(func() {
var ok bool
currentSchema, ok = manager.Schema(schemaID)
Expect(ok).To(BeTrue())
path = currentSchema.GetPluralURL()
policy, role := manager.PolicyValidate(action, path, auth)
Expect(policy).NotTo(BeNil())
context["policy"] = policy
context["role"] = role
context["tenant_id"] = auth.TenantID()
context["tenant_name"] = auth.TenantName()
context["auth_token"] = auth.AuthToken()
context["catalog"] = auth.Catalog()
context["auth"] = auth
context["identity_service"] = &middleware.FakeIdentity{}
env = otto.NewEnvironment(testDB, &middleware.FakeIdentity{})
environmentManager.RegisterEnvironment(schemaID, env)
extensions = []*schema.Extension{}
