func (cmd *ATCCommand) constructAPIHandler(
logger lager.Logger,
reconfigurableSink *lager.ReconfigurableSink,
sqlDB *db.SQLDB,
authValidator auth.Validator,
userContextReader auth.UserContextReader,
providerFactory provider.OAuthFactory,
signingKey *rsa.PrivateKey,
pipelineDBFactory db.PipelineDBFactory,
engine engine.Engine,
workerClient worker.Client,
drain <-chan struct{},
radarSchedulerFactory pipelines.RadarSchedulerFactory,
radarScannerFactory radar.ScannerFactory,
) (http.Handler, error) {
apiWrapper := wrappa.MultiWrappa{
wrappa.NewAPIAuthWrappa(cmd.PubliclyViewable, authValidator, userContextReader),
wrappa.NewAPIMetricsWrappa(logger),
wrappa.NewConcourseVersionWrappa(Version),
}
return api.NewHandler(
logger,
cmd.ExternalURL.String(),
apiWrapper,
auth.NewTokenGenerator(signingKey),
providerFactory,
cmd.oauthBaseURL(),
pipelineDBFactory,
sqlDB, // authserver.AuthDB
sqlDB, // db.ConfigDB
sqlDB, // buildserver.BuildsDB
sqlDB, // workerserver.WorkerDB
sqlDB, // containerserver.ContainerDB
sqlDB, // volumeserver.VolumesDB
sqlDB, // pipes.PipeDB
sqlDB, // db.PipelinesDB
sqlDB, // teamserver.TeamDB
config.ValidateConfig,
cmd.PeerURL.String(),
buildserver.NewEventHandler,
drain,
engine,
workerClient,
radarSchedulerFactory,
radarScannerFactory,
reconfigurableSink,
cmd.CLIArtifactsDir.Path(),
Version,
)
}
func (cmd *ATCCommand) constructAPIHandler(
logger lager.Logger,
reconfigurableSink *lager.ReconfigurableSink,
sqlDB *db.SQLDB,
authValidator auth.Validator,
oauthProviders auth.Providers,
basicAuthEnabled bool,
signingKey *rsa.PrivateKey,
pipelineDBFactory db.PipelineDBFactory,
engine engine.Engine,
workerClient worker.Client,
drain <-chan struct{},
radarSchedulerFactory pipelines.RadarSchedulerFactory,
) (http.Handler, error) {
apiWrapper := wrappa.MultiWrappa{
wrappa.NewAPIAuthWrappa(authValidator),
wrappa.NewAPIMetricsWrappa(logger),
}
return api.NewHandler(
logger,
cmd.ExternalURL.String(),
apiWrapper,
auth.NewTokenGenerator(signingKey),
oauthProviders,
basicAuthEnabled,
pipelineDBFactory,
sqlDB, // db.ConfigDB
sqlDB, // buildserver.BuildsDB
sqlDB, // workerserver.WorkerDB
sqlDB, // containerserver.ContainerDB
sqlDB, // volumeserver.VolumesDB
sqlDB, // pipes.PipeDB
sqlDB, // db.PipelinesDB
config.ValidateConfig,
cmd.PeerURL.String(),
buildserver.NewEventHandler,
drain,
engine,
workerClient,
radarSchedulerFactory,
reconfigurableSink,
cmd.CLIArtifactsDir.Path(),
)
}
cliDownloadsDir, err = ioutil.TempDir("", "cli-downloads")
Expect(err).NotTo(HaveOccurred())
constructedEventHandler = &fakeEventHandlerFactory{}
logger := lagertest.NewTestLogger("callbacks")
sink = lager.NewReconfigurableSink(lager.NewWriterSink(GinkgoWriter, lager.DEBUG), lager.DEBUG)
logger.RegisterSink(sink)
handler, err := api.NewHandler(
logger,
externalURL,
wrappa.NewAPIAuthWrappa(true, authValidator, userContextReader),
fakeTokenGenerator,
providerFactory,
oAuthBaseURL,
pipelineDBFactory,
configDB,
authDB,
buildsDB,
workerDB,
containerDB,
volumesDB,
pipeDB,
pipelinesDB,
cliDownloadsDir, err = ioutil.TempDir("", "cli-downloads")
Expect(err).NotTo(HaveOccurred())
constructedEventHandler = &fakeEventHandlerFactory{}
logger := lagertest.NewTestLogger("callbacks")
sink = lager.NewReconfigurableSink(lager.NewWriterSink(GinkgoWriter, lager.DEBUG), lager.DEBUG)
logger.RegisterSink(sink)
handler, err := api.NewHandler(
logger,
externalURL,
wrappa.NewAPIAuthWrappa(authValidator),
fakeTokenGenerator,
authProviders,
basicAuthEnabled,
pipelineDBFactory,
configDB,
buildsDB,
workerDB,
containerDB,
volumesDB,
pipeDB,
pipelinesDB,
atc.GetJobBuild: unauthed(inputHandlers[atc.GetJobBuild]),
atc.GetLogLevel: unauthed(inputHandlers[atc.GetLogLevel]),
atc.GetPipeline: unauthed(inputHandlers[atc.GetPipeline]),
atc.ListAuthMethods: unauthed(inputHandlers[atc.ListAuthMethods]),
atc.ListBuilds: unauthed(inputHandlers[atc.ListBuilds]),
atc.ListJobBuilds: unauthed(inputHandlers[atc.ListJobBuilds]),
atc.ListJobs: unauthed(inputHandlers[atc.ListJobs]),
atc.ListPipelines: unauthed(inputHandlers[atc.ListPipelines]),
atc.ListResources: unauthed(inputHandlers[atc.ListResources]),
atc.ListResourceVersions: unauthed(inputHandlers[atc.ListResourceVersions]),
}
})
JustBeforeEach(func() {
wrappedHandlers = wrappa.NewAPIAuthWrappa(
fakeValidator,
).Wrap(inputHandlers)
})
It("validates sensitive routes, and noop validates public routes", func() {
for name, _ := range inputHandlers {
Expect(descriptiveRoute{
route: name,
handler: wrappedHandlers[name],
}).To(Equal(descriptiveRoute{
route: name,
handler: expectedHandlers[name],
}))
}
})
})
