// Destroy removes nodes
func Destroy(request *restful.Request, response *restful.Response) {
user, _, err := security.Credentials(request)
if err != nil {
beacon.HTTPInternalError(response, err)
return
}
id := request.QueryParameter("id")
if provider == "juju" {
juju, err := NewJuju()
if err != nil {
beacon.HTTPInternalError(response, err)
return
}
report, err := juju.Destroy(user, id)
if err != nil {
beacon.HTTPInternalError(response, err)
} else {
response.WriteEntity(report)
}
return
}
beacon.HTTPInternalError(response, err)
}
// Deploy creates new nodes
func Deploy(request *restful.Request, response *restful.Response) {
user, _, err := security.Credentials(request)
if err != nil {
beacon.HTTPInternalError(response, err)
return
}
id := request.QueryParameter("id")
if provider == "juju" {
//TODO Deploy command on existing service triggers upgrade-charm
//TODO For suitable charms, it could also deploy other clustered units
juju, err := NewJuju()
if err != nil {
beacon.HTTPInternalError(response, err)
return
}
report, err := juju.Deploy(user, id)
if err != nil {
beacon.HTTPInternalError(response, err)
} else {
response.WriteEntity(report)
}
return
}
beacon.HTTPInternalError(response, err)
}
// EtcdControlMethod is a callback part of the request pipeline. It checks in
// etcd if the received request is allowed for the given user.
func EtcdControlMethod(request *restful.Request, response *restful.Response, chain *restful.FilterChain) {
user, _, _ := security.Credentials(request)
var debug bool
if log.LogLevel() <= loggo.DEBUG {
debug = true
}
controller := NewController(user, debug)
if err := controller.Update(FormatMethod(request)); err != nil {
HTTPInternalError(response, err)
return
}
isAllowed, err := controller.CheckMethod(FormatMethod(request))
if err != nil {
HTTPInternalError(response, err)
return
} else if !isAllowed {
HTTPAuthorizationError(response, fmt.Errorf("method disabled"))
return
}
chain.ProcessFilter(request, response)
}
// Login is an endpoint that delivers a certificate, used later for etcd
// communication permission. It is used as a callback wen registered with a
// path at the authority server
func Login(request *restful.Request, response *restful.Response) {
user, _, err := security.Credentials(request)
if err != nil {
beacon.HTTPInternalError(response, err)
return
}
log.Debugf("Providing a new ssh key to", user)
key, _ := sshKey()
// Return the certificate
http.ServeFile(response.ResponseWriter, request.Request, key)
}
// BasicAuthenticate is an intermediate step that will check encoded
// credentials before processing the received request. This function is
// explicitely used in Register() as a filter in the request pipeline.
func BasicAuthenticate(req *restful.Request, resp *restful.Response, chain *restful.FilterChain) {
//TODO Instead of clear passwor I could stick with encoded or other crypted solution
// Use base64 decoding to extract from http header user credentials
username, passwd, err := security.Credentials(req)
if err != nil {
HTTPAuthorizationError(resp, err)
return
}
log.Infof("User %s trying to connect with %s\n", username, passwd)
debug := false
//TODO Manage a way to plug whatever datastore you want, wherever it is
ok, err := security.EtcdCheckCredentials(username, passwd, debug)
if err != nil {
HTTPInternalError(resp, err)
return
}
if !ok {
HTTPAuthorizationError(resp, fmt.Errorf("credentials refused"))
return
}
log.Infof("Authentification granted, processing (%s:%s)", username, passwd)
chain.ProcessFilter(req, resp)
}
