// Get gets a client from the data store. func Get(clientname string) (*Client, util.Gerror) { var client *Client var err error if config.UsingDB() { client, err = getClientSQL(clientname) if err != nil { var gerr util.Gerror if err != sql.ErrNoRows { gerr = util.Errorf(err.Error()) gerr.SetStatus(http.StatusInternalServerError) } else { gerr = util.Errorf("Client %s not found", clientname) gerr.SetStatus(http.StatusNotFound) } return nil, gerr } } else { ds := datastore.New() c, found := ds.Get("client", clientname) if !found { gerr := util.Errorf("Client %s not found", clientname) gerr.SetStatus(http.StatusNotFound) return nil, gerr } if c != nil { client = c.(*Client) } } return client, nil }
// Get a user. func Get(name string) (*User, util.Gerror) { var user *User if config.UsingDB() { var err error user, err = getUserSQL(name) if err != nil { var gerr util.Gerror if err != sql.ErrNoRows { gerr = util.Errorf(err.Error()) gerr.SetStatus(http.StatusInternalServerError) } else { gerr = util.Errorf("Client %s not found", name) gerr.SetStatus(http.StatusNotFound) } return nil, gerr } } else { ds := datastore.New() u, found := ds.Get("user", name) if !found { err := util.Errorf("User %s not found", name) return nil, err } if u != nil { user = u.(*User) } } return user, nil }
// Get a data bag. func Get(dbName string) (*DataBag, util.Gerror) { var dataBag *DataBag var err error if config.UsingDB() { dataBag, err = getDataBagSQL(dbName) if err != nil { var gerr util.Gerror if err == sql.ErrNoRows { gerr = util.Errorf("Cannot load data bag %s", dbName) gerr.SetStatus(http.StatusNotFound) } else { gerr = util.Errorf(err.Error()) gerr.SetStatus(http.StatusInternalServerError) } return nil, gerr } } else { ds := datastore.New() d, found := ds.Get("data_bag", dbName) if !found { err := util.Errorf("Cannot load data bag %s", dbName) err.SetStatus(http.StatusNotFound) return nil, err } if d != nil { dataBag = d.(*DataBag) for _, v := range dataBag.DataBagItems { z := datastore.WalkMapForNil(v.RawData) v.RawData = z.(map[string]interface{}) } } } return dataBag, nil }
// New creates an empty data bag, and kicks off adding it to the index. func New(name string) (*DataBag, util.Gerror) { var found bool var err util.Gerror if err = validateDataBagName(name, false); err != nil { return nil, err } if config.UsingDB() { var cerr error found, cerr = checkForDataBagSQL(datastore.Dbh, name) if cerr != nil { err = util.Errorf(cerr.Error()) err.SetStatus(http.StatusInternalServerError) return nil, err } } else { ds := datastore.New() _, found = ds.Get("data_bag", name) } if found { err = util.Errorf("Data bag %s already exists", name) err.SetStatus(http.StatusConflict) return nil, err } dbiMap := make(map[string]*DataBagItem) dataBag := &DataBag{ Name: name, DataBagItems: dbiMap, } indexer.CreateNewCollection(name) return dataBag, nil }
// UpdateFromJSON updates a user from a JSON object, carrying out a bunch of // validations inside. func (u *User) UpdateFromJSON(jsonUser map[string]interface{}) util.Gerror { userName, nerr := util.ValidateAsString(jsonUser["name"]) if nerr != nil { return nerr } if u.Username != userName { err := util.Errorf("User name %s and %s from JSON do not match", u.Username, userName) return err } /* Validations. */ /* Invalid top level elements */ validElements := []string{"username", "name", "org_name", "public_key", "private_key", "admin", "password", "email", "salt"} ValidElem: for k := range jsonUser { for _, i := range validElements { if k == i { continue ValidElem } } err := util.Errorf("Invalid key %s in request body", k) return err } var verr util.Gerror // Check the password first. If it's bad, bail before touching anything // else. if passwd, ok := jsonUser["password"]; ok { passwd, verr = util.ValidateAsString(passwd) if verr != nil { return verr } if passwd != "" { verr = u.SetPasswd(passwd.(string)) if verr != nil { return verr } } } if adminVal, ok := jsonUser["admin"]; ok { var ab bool if ab, verr = util.ValidateAsBool(adminVal); verr != nil { // NOTE: may need to tweak this error message depending // if this is a user or a client verr = util.Errorf("Field 'admin' invalid") return verr } else if u.Admin && !ab { if u.isLastAdmin() { verr = util.Errorf("Cannot remove admin status from the last admin") verr.SetStatus(http.StatusForbidden) return verr } } u.Admin = ab } return nil }
func chkInMemUser(name string) util.Gerror { var err util.Gerror ds := datastore.New() if _, found := ds.Get("user", name); found { err = util.Errorf("a user named %s was found that would conflict with this client", name) err.SetStatus(http.StatusConflict) } return err }
// New creates a new API user. func New(name string) (*User, util.Gerror) { var found bool var err util.Gerror if config.UsingDB() { var uerr error found, uerr = checkForUserSQL(datastore.Dbh, name) if uerr != nil { err = util.Errorf(uerr.Error()) err.SetStatus(http.StatusInternalServerError) return nil, err } } else { ds := datastore.New() _, found = ds.Get("user", name) } if found { err := util.Errorf("User '%s' already exists", name) err.SetStatus(http.StatusConflict) return nil, err } if err := validateUserName(name); err != nil { return nil, err } salt, saltErr := chefcrypto.GenerateSalt() if saltErr != nil { err := util.Errorf(saltErr.Error()) return nil, err } user := &User{ Username: name, Name: name, Admin: false, Email: "", pubKey: "", salt: salt, } return user, nil }
// New creates a new client. func New(clientname string) (*Client, util.Gerror) { var found bool var err util.Gerror if config.UsingDB() { var cerr error found, cerr = checkForClientSQL(datastore.Dbh, clientname) if cerr != nil { err = util.Errorf(cerr.Error()) err.SetStatus(http.StatusInternalServerError) return nil, err } } else { ds := datastore.New() _, found = ds.Get("client", clientname) } if found { err = util.Errorf("Client already exists") err.SetStatus(http.StatusConflict) return nil, err } if err := validateClientName(clientname); err != nil { return nil, err } client := &Client{ Name: clientname, NodeName: clientname, ChefType: "client", JSONClass: "Chef::ApiClient", Validator: false, Orgname: "", pubKey: "", Admin: false, Certificate: "", } return client, nil }
// Get an environment. func Get(envName string) (*ChefEnvironment, util.Gerror) { if envName == "_default" { return defaultEnvironment(), nil } var env *ChefEnvironment var found bool if config.UsingDB() { var err error env, err = getEnvironmentSQL(envName) if err != nil { var gerr util.Gerror if err != sql.ErrNoRows { gerr = util.CastErr(err) gerr.SetStatus(http.StatusInternalServerError) return nil, gerr } found = false } else { found = true } } else { ds := datastore.New() var e interface{} e, found = ds.Get("env", envName) if e != nil { env = e.(*ChefEnvironment) } } if !found { err := util.Errorf("Cannot load environment %s", envName) err.SetStatus(http.StatusNotFound) return nil, err } return env, nil }
// UpdateFromJSON updates an existing environment from JSON uploaded to the // server. func (e *ChefEnvironment) UpdateFromJSON(jsonEnv map[string]interface{}) util.Gerror { if e.Name != jsonEnv["name"].(string) { err := util.Errorf("Environment name %s and %s from JSON do not match", e.Name, jsonEnv["name"].(string)) return err } else if e.Name == "_default" { err := util.Errorf("The '_default' environment cannot be modified.") err.SetStatus(http.StatusMethodNotAllowed) return err } /* Validations */ validElements := []string{"name", "chef_type", "json_class", "description", "default_attributes", "override_attributes", "cookbook_versions"} ValidElem: for k := range jsonEnv { for _, i := range validElements { if k == i { continue ValidElem } } err := util.Errorf("Invalid key %s in request body", k) return err } var verr util.Gerror attrs := []string{"default_attributes", "override_attributes"} for _, a := range attrs { jsonEnv[a], verr = util.ValidateAttributes(a, jsonEnv[a]) if verr != nil { return verr } } jsonEnv["json_class"], verr = util.ValidateAsFieldString(jsonEnv["json_class"]) if verr != nil { if verr.Error() == "Field 'name' nil" { jsonEnv["json_class"] = e.JSONClass } else { return verr } } else { if jsonEnv["json_class"].(string) != "Chef::Environment" { verr = util.Errorf("Field 'json_class' invalid") return verr } } jsonEnv["chef_type"], verr = util.ValidateAsFieldString(jsonEnv["chef_type"]) if verr != nil { if verr.Error() == "Field 'name' nil" { jsonEnv["chef_type"] = e.ChefType } else { return verr } } else { if jsonEnv["chef_type"].(string) != "environment" { verr = util.Errorf("Field 'chef_type' invalid") return verr } } jsonEnv["cookbook_versions"], verr = util.ValidateAttributes("cookbook_versions", jsonEnv["cookbook_versions"]) if verr != nil { return verr } for k, v := range jsonEnv["cookbook_versions"].(map[string]interface{}) { if !util.ValidateEnvName(k) || k == "" { merr := util.Errorf("Cookbook name %s invalid", k) merr.SetStatus(http.StatusBadRequest) return merr } if v == nil { verr = util.Errorf("Invalid version number") return verr } _, verr = util.ValidateAsConstraint(v) if verr != nil { /* try validating as a version */ v, verr = util.ValidateAsVersion(v) if verr != nil { return verr } } } jsonEnv["description"], verr = util.ValidateAsString(jsonEnv["description"]) if verr != nil { if verr.Error() == "Field 'name' missing" { jsonEnv["description"] = "" } else { return verr } } e.ChefType = jsonEnv["chef_type"].(string) e.JSONClass = jsonEnv["json_class"].(string) e.Description = jsonEnv["description"].(string) e.Default = jsonEnv["default_attributes"].(map[string]interface{}) e.Override = jsonEnv["override_attributes"].(map[string]interface{}) /* clear out, then loop over the cookbook versions */ e.CookbookVersions = make(map[string]string, len(jsonEnv["cookbook_versions"].(map[string]interface{}))) for c, v := range jsonEnv["cookbook_versions"].(map[string]interface{}) { e.CookbookVersions[c] = v.(string) } return nil }
func environmentHandler(w http.ResponseWriter, r *http.Request) { w.Header().Set("Content-Type", "application/json") accErr := checkAccept(w, r, "application/json") if accErr != nil { jsonErrorReport(w, r, accErr.Error(), http.StatusNotAcceptable) return } opUser, oerr := actor.GetReqUser(r.Header.Get("X-OPS-USERID")) if oerr != nil { jsonErrorReport(w, r, oerr.Error(), oerr.Status()) return } pathArray := splitPath(r.URL.Path) envResponse := make(map[string]interface{}) var numResults string r.ParseForm() if nrs, found := r.Form["num_versions"]; found { if len(nrs) < 0 { jsonErrorReport(w, r, "invalid num_versions", http.StatusBadRequest) return } numResults = nrs[0] err := util.ValidateNumVersions(numResults) if err != nil { jsonErrorReport(w, r, "You have requested an invalid number of versions (x >= 0 || 'all')", err.Status()) return } } pathArrayLen := len(pathArray) if pathArrayLen == 1 { switch r.Method { case "GET": if opUser.IsValidator() { jsonErrorReport(w, r, "You are not allowed to perform this action", http.StatusForbidden) return } envList := environment.GetList() for _, env := range envList { envResponse[env] = util.CustomURL(fmt.Sprintf("/environments/%s", env)) } case "POST": if !opUser.IsAdmin() { jsonErrorReport(w, r, "You are not allowed to perform this action", http.StatusForbidden) return } envData, jerr := parseObjJSON(r.Body) if jerr != nil { jsonErrorReport(w, r, jerr.Error(), http.StatusBadRequest) return } if _, ok := envData["name"].(string); !ok || envData["name"].(string) == "" { jsonErrorReport(w, r, "Environment name missing", http.StatusBadRequest) return } chefEnv, _ := environment.Get(envData["name"].(string)) if chefEnv != nil { httperr := fmt.Errorf("Environment already exists") jsonErrorReport(w, r, httperr.Error(), http.StatusConflict) return } var eerr util.Gerror chefEnv, eerr = environment.NewFromJSON(envData) if eerr != nil { jsonErrorReport(w, r, eerr.Error(), eerr.Status()) return } if err := chefEnv.Save(); err != nil { jsonErrorReport(w, r, err.Error(), http.StatusBadRequest) return } if lerr := loginfo.LogEvent(opUser, chefEnv, "create"); lerr != nil { jsonErrorReport(w, r, lerr.Error(), http.StatusInternalServerError) return } envResponse["uri"] = util.ObjURL(chefEnv) w.WriteHeader(http.StatusCreated) default: jsonErrorReport(w, r, "Unrecognized method", http.StatusMethodNotAllowed) return } } else if pathArrayLen == 2 { /* All of the 2 element operations return the environment * object, so we do the json encoding in this block and return * out. */ envName := pathArray[1] env, err := environment.Get(envName) delEnv := false /* Set this to delete the environment after * sending the json. */ if err != nil { jsonErrorReport(w, r, err.Error(), http.StatusNotFound) return } switch r.Method { case "GET", "DELETE": /* We don't actually have to do much here. */ if r.Method == "DELETE" { if !opUser.IsAdmin() { jsonErrorReport(w, r, "You are not allowed to perform this action", http.StatusForbidden) return } if envName == "_default" { jsonErrorReport(w, r, "The '_default' environment cannot be modified.", http.StatusMethodNotAllowed) return } delEnv = true } else { if opUser.IsValidator() { jsonErrorReport(w, r, "You are not allowed to perform this action", http.StatusForbidden) return } } case "PUT": if !opUser.IsAdmin() { jsonErrorReport(w, r, "You are not allowed to perform this action", http.StatusForbidden) return } envData, jerr := parseObjJSON(r.Body) if jerr != nil { jsonErrorReport(w, r, jerr.Error(), http.StatusBadRequest) return } if envData == nil { jsonErrorReport(w, r, "No environment data in body at all!", http.StatusBadRequest) return } if _, ok := envData["name"]; !ok { //envData["name"] = envName jsonErrorReport(w, r, "Environment name missing", http.StatusBadRequest) return } jsonName, sterr := util.ValidateAsString(envData["name"]) if sterr != nil { jsonErrorReport(w, r, sterr.Error(), sterr.Status()) return } else if jsonName == "" { jsonErrorReport(w, r, "Environment name missing", http.StatusBadRequest) return } if envName != envData["name"].(string) { env, err = environment.Get(envData["name"].(string)) if err == nil { jsonErrorReport(w, r, "Environment already exists", http.StatusConflict) return } var eerr util.Gerror env, eerr = environment.NewFromJSON(envData) if eerr != nil { jsonErrorReport(w, r, eerr.Error(), eerr.Status()) return } w.WriteHeader(http.StatusCreated) oldenv, olderr := environment.Get(envName) if olderr == nil { oldenv.Delete() } } else { if jsonName == "" { envData["name"] = envName } if err := env.UpdateFromJSON(envData); err != nil { jsonErrorReport(w, r, err.Error(), err.Status()) return } } if err := env.Save(); err != nil { jsonErrorReport(w, r, err.Error(), err.Status()) return } if lerr := loginfo.LogEvent(opUser, env, "modify"); lerr != nil { jsonErrorReport(w, r, lerr.Error(), http.StatusInternalServerError) return } default: jsonErrorReport(w, r, "Unrecognized method", http.StatusMethodNotAllowed) return } enc := json.NewEncoder(w) if err := enc.Encode(&env); err != nil { jsonErrorReport(w, r, err.Error(), http.StatusInternalServerError) return } if delEnv { err := env.Delete() if err != nil { jsonErrorReport(w, r, err.Error(), http.StatusInternalServerError) return } if lerr := loginfo.LogEvent(opUser, env, "delete"); lerr != nil { jsonErrorReport(w, r, lerr.Error(), http.StatusInternalServerError) return } } return } else if pathArrayLen == 3 { envName := pathArray[1] op := pathArray[2] if op == "cookbook_versions" && r.Method != "POST" || op != "cookbook_versions" && r.Method != "GET" { jsonErrorReport(w, r, "Unrecognized method", http.StatusMethodNotAllowed) return } if opUser.IsValidator() { jsonErrorReport(w, r, "You are not allowed to perform this action", http.StatusForbidden) return } env, err := environment.Get(envName) if err != nil { var errMsg string // bleh, stupid errors if err.Status() == http.StatusNotFound && (op != "recipes" && op != "cookbooks") { errMsg = fmt.Sprintf("environment '%s' not found", envName) } else { errMsg = err.Error() } jsonErrorReport(w, r, errMsg, err.Status()) return } switch op { case "cookbook_versions": /* Chef Server API docs aren't even remotely * right here. What it actually wants is the * usual hash of info for the latest or * constrained version. Weird. */ cbVer, jerr := parseObjJSON(r.Body) if jerr != nil { errmsg := jerr.Error() if !strings.Contains(errmsg, "Field") { errmsg = "invalid JSON" } else { errmsg = jerr.Error() } jsonErrorReport(w, r, errmsg, http.StatusBadRequest) return } if _, ok := cbVer["run_list"]; !ok { jsonErrorReport(w, r, "POSTed JSON badly formed.", http.StatusMethodNotAllowed) return } deps, derr := cookbook.DependsCookbooks(cbVer["run_list"].([]string), env.CookbookVersions) if derr != nil { switch derr := derr.(type) { case *cookbook.DependsError: // In 1.0.0-dev, there's a // JSONErrorMapReport function in util. // Use that when moving this forward errMap := make(map[string][]map[string]interface{}) errMap["error"] = make([]map[string]interface{}, 1) errMap["error"][0] = derr.ErrMap() w.WriteHeader(http.StatusPreconditionFailed) enc := json.NewEncoder(w) if jerr := enc.Encode(&errMap); jerr != nil { logger.Errorf(jerr.Error()) } default: jsonErrorReport(w, r, derr.Error(), http.StatusPreconditionFailed) } return } /* Need our own encoding here too. */ enc := json.NewEncoder(w) if err := enc.Encode(&deps); err != nil { jsonErrorReport(w, r, err.Error(), http.StatusInternalServerError) } return case "cookbooks": envResponse = env.AllCookbookHash(numResults) case "nodes": nodeList, err := node.GetFromEnv(envName) if err != nil { jsonErrorReport(w, r, err.Error(), http.StatusInternalServerError) return } for _, chefNode := range nodeList { envResponse[chefNode.Name] = util.ObjURL(chefNode) } case "recipes": envRecipes := env.RecipeList() /* And... we have to do our own json response * here. Hmph. */ /* TODO: make the JSON encoding stuff its own * function. Dunno why I never thought of that * before now for this. */ enc := json.NewEncoder(w) if err := enc.Encode(&envRecipes); err != nil { jsonErrorReport(w, r, err.Error(), http.StatusInternalServerError) } return default: jsonErrorReport(w, r, "Bad request", http.StatusBadRequest) return } } else if pathArrayLen == 4 { envName := pathArray[1] /* op is either "cookbooks" or "roles", and opName is the name * of the object op refers to. */ op := pathArray[2] opName := pathArray[3] if r.Method != "GET" { jsonErrorReport(w, r, "Method not allowed", http.StatusMethodNotAllowed) return } if opUser.IsValidator() { jsonErrorReport(w, r, "You are not allowed to perform this action", http.StatusForbidden) return } env, err := environment.Get(envName) if err != nil { jsonErrorReport(w, r, err.Error(), http.StatusNotFound) return } /* Biting the bullet and not redirecting this to * /roles/NAME/environments/NAME. The behavior is exactly the * same, but it makes clients and chef-pedant somewhat unhappy * to not have this way available. */ if op == "roles" { role, err := role.Get(opName) if err != nil { jsonErrorReport(w, r, err.Error(), http.StatusNotFound) return } var runList []string if envName == "_default" { runList = role.RunList } else { runList = role.EnvRunLists[envName] } envResponse["run_list"] = runList } else if op == "cookbooks" { cb, err := cookbook.Get(opName) if err != nil { jsonErrorReport(w, r, err.Error(), http.StatusNotFound) return } /* Here and, I think, here only, if num_versions isn't * set it's supposed to return ALL matching versions. * API docs are wrong here. */ if numResults == "" { numResults = "all" } envResponse[opName] = cb.ConstrainedInfoHash(numResults, env.CookbookVersions[opName]) } else { /* Not an op we know. */ jsonErrorReport(w, r, "Bad request - too many elements in path", http.StatusBadRequest) return } } else { /* Bad number of path elements. */ jsonErrorReport(w, r, "Bad request - too many elements in path", http.StatusBadRequest) return } enc := json.NewEncoder(w) if err := enc.Encode(&envResponse); err != nil { jsonErrorReport(w, r, err.Error(), http.StatusInternalServerError) } }
// UpdateFromJSON updates an existing node with the uploaded JSON. func (n *Node) UpdateFromJSON(jsonNode map[string]interface{}) util.Gerror { /* It's actually totally legitimate to save a node with a different * name than you started with, but we need to get/create a new node for * it is all. */ nodeName, nerr := util.ValidateAsString(jsonNode["name"]) if nerr != nil { return nerr } if n.Name != nodeName { err := util.Errorf("Node name %s and %s from JSON do not match.", n.Name, nodeName) return err } /* Validations */ /* Look for invalid top level elements. *We* don't have to worry about * them, but chef-pedant cares (probably because Chef <=10 stores * json objects directly, dunno about Chef 11). */ validElements := []string{"name", "json_class", "chef_type", "chef_environment", "run_list", "override", "normal", "default", "automatic"} ValidElem: for k := range jsonNode { for _, i := range validElements { if k == i { continue ValidElem } } err := util.Errorf("Invalid key %s in request body", k) return err } var verr util.Gerror jsonNode["run_list"], verr = util.ValidateRunList(jsonNode["run_list"]) if verr != nil { return verr } attrs := []string{"normal", "automatic", "default", "override"} for _, a := range attrs { jsonNode[a], verr = util.ValidateAttributes(a, jsonNode[a]) if verr != nil { return verr } } jsonNode["chef_environment"], verr = util.ValidateAsFieldString(jsonNode["chef_environment"]) if verr != nil { if verr.Error() == "Field 'name' nil" { jsonNode["chef_environment"] = n.ChefEnvironment } else { return verr } } else { if !util.ValidateEnvName(jsonNode["chef_environment"].(string)) { verr = util.Errorf("Field 'chef_environment' invalid") return verr } } jsonNode["json_class"], verr = util.ValidateAsFieldString(jsonNode["json_class"]) if verr != nil { if verr.Error() == "Field 'name' nil" { jsonNode["json_class"] = n.JSONClass } else { return verr } } else { if jsonNode["json_class"].(string) != "Chef::Node" { verr = util.Errorf("Field 'json_class' invalid") return verr } } jsonNode["chef_type"], verr = util.ValidateAsFieldString(jsonNode["chef_type"]) if verr != nil { if verr.Error() == "Field 'name' nil" { jsonNode["chef_type"] = n.ChefType } else { return verr } } else { if jsonNode["chef_type"].(string) != "node" { verr = util.Errorf("Field 'chef_type' invalid") return verr } } /* and setting */ n.ChefEnvironment = jsonNode["chef_environment"].(string) n.ChefType = jsonNode["chef_type"].(string) n.JSONClass = jsonNode["json_class"].(string) n.RunList = jsonNode["run_list"].([]string) n.Normal = jsonNode["normal"].(map[string]interface{}) n.Automatic = jsonNode["automatic"].(map[string]interface{}) n.Default = jsonNode["default"].(map[string]interface{}) n.Override = jsonNode["override"].(map[string]interface{}) return nil }
// UpdateVersion updates a specific version of a cookbook. func (cbv *CookbookVersion) UpdateVersion(cbvData map[string]interface{}, force string) util.Gerror { /* Allow force to update a frozen cookbook */ if cbv.IsFrozen == true && force != "true" { err := util.Errorf("The cookbook %s at version %s is frozen. Use the 'force' option to override.", cbv.CookbookName, cbv.Version) err.SetStatus(http.StatusConflict) return err } fhashes := cbv.fileHashes() _, nerr := util.ValidateAsString(cbvData["cookbook_name"]) if nerr != nil { if nerr.Error() == "Field 'name' missing" { nerr = util.Errorf("Field 'cookbook_name' missing") } else { nerr = util.Errorf("Field 'cookbook_name' invalid") } return nerr } /* Validation, validation, all is validation. */ validElements := []string{"cookbook_name", "name", "version", "json_class", "chef_type", "definitions", "libraries", "attributes", "recipes", "providers", "resources", "templates", "root_files", "files", "frozen?", "metadata", "force"} ValidElem: for k := range cbvData { for _, i := range validElements { if k == i { continue ValidElem } } err := util.Errorf("Invalid key %s in request body", k) return err } var verr util.Gerror cbvData["chef_type"], verr = util.ValidateAsFieldString(cbvData["chef_type"]) if verr != nil { if verr.Error() == "Field 'name' nil" { cbvData["chef_type"] = cbv.ChefType } else { verr = util.Errorf("Field 'chef_type' invalid") return verr } } else { // Wait, what was I doing here? // if !util.ValidateEnvName(cbvData["chef_type"].(string)) { if cbvData["chef_type"].(string) != "cookbook_version" { verr = util.Errorf("Field 'chef_type' invalid") return verr } } cbvData["json_class"], verr = util.ValidateAsFieldString(cbvData["json_class"]) if verr != nil { if verr.Error() == "Field 'name' nil" { cbvData["json_class"] = cbv.JSONClass } else { verr = util.Errorf("Field 'json_class' invalid") return verr } } else { if cbvData["json_class"].(string) != "Chef::CookbookVersion" { verr = util.Errorf("Field 'json_class' invalid") return verr } } cbvData["version"], verr = util.ValidateAsVersion(cbvData["version"]) if verr != nil { verr = util.Errorf("Field 'version' invalid") return verr } if cbvData["version"].(string) == "0.0.0" && cbv.Version != "" { cbvData["version"] = cbv.Version } divs := []string{"definitions", "libraries", "attributes", "recipes", "providers", "resources", "templates", "root_files", "files"} for _, d := range divs { cbvData[d], verr = util.ValidateCookbookDivision(d, cbvData[d]) if verr != nil { return verr } } cbvData["metadata"], verr = util.ValidateCookbookMetadata(cbvData["metadata"]) if verr != nil { return verr } cbvData["frozen?"], verr = util.ValidateAsBool(cbvData["frozen?"]) if verr != nil { return verr } /* Basic sanity checking */ if cbvData["cookbook_name"].(string) != cbv.CookbookName { err := util.Errorf("Field 'cookbook_name' invalid") return err } if cbvData["name"].(string) != cbv.Name { err := util.Errorf("Field 'name' invalid") return err } if cbvData["version"].(string) != cbv.Version && cbvData["version"] != "0.0.0" { err := util.Errorf("Field 'version' invalid") return err } /* Update the data */ /* With these next two, should we test for existence before setting? */ cbv.ChefType = cbvData["chef_type"].(string) cbv.JSONClass = cbvData["json_class"].(string) cbv.Definitions = convertToCookbookDiv(cbvData["definitions"]) cbv.Libraries = convertToCookbookDiv(cbvData["libraries"]) cbv.Attributes = convertToCookbookDiv(cbvData["attributes"]) cbv.Recipes = cbvData["recipes"].([]map[string]interface{}) cbv.Providers = convertToCookbookDiv(cbvData["providers"]) cbv.Resources = convertToCookbookDiv(cbvData["resources"]) cbv.Templates = convertToCookbookDiv(cbvData["templates"]) cbv.RootFiles = convertToCookbookDiv(cbvData["root_files"]) cbv.Files = convertToCookbookDiv(cbvData["files"]) if cbv.IsFrozen != true { cbv.IsFrozen = cbvData["frozen?"].(bool) } cbv.Metadata = cbvData["metadata"].(map[string]interface{}) /* If we're using SQL, update this version in the DB. */ if config.UsingDB() { if err := cbv.updateCookbookVersionSQL(); err != nil { return err } } /* Clean cookbook hashes */ if len(fhashes) > 0 { // Get our parent. Bravely assuming that if it exists we exist. cbook, _ := Get(cbv.CookbookName) cbook.Versions[cbv.Version] = cbv cbook.deleteHashes(fhashes) } return nil }
func roleHandling(w http.ResponseWriter, r *http.Request) map[string]string { roleResponse := make(map[string]string) opUser, oerr := actor.GetReqUser(r.Header.Get("X-OPS-USERID")) if oerr != nil { jsonErrorReport(w, r, oerr.Error(), oerr.Status()) return nil } switch r.Method { case "GET": if opUser.IsValidator() { jsonErrorReport(w, r, "You are not allowed to take this action.", http.StatusForbidden) return nil } roleList := role.GetList() for _, k := range roleList { itemURL := fmt.Sprintf("/roles/%s", k) roleResponse[k] = util.CustomURL(itemURL) } case "POST": if !opUser.IsAdmin() { jsonErrorReport(w, r, "You are not allowed to take this action.", http.StatusForbidden) return nil } roleData, jerr := parseObjJSON(r.Body) if jerr != nil { jsonErrorReport(w, r, jerr.Error(), http.StatusBadRequest) return nil } if _, ok := roleData["name"].(string); !ok { jsonErrorReport(w, r, "Role name missing", http.StatusBadRequest) return nil } chefRole, _ := role.Get(roleData["name"].(string)) if chefRole != nil { httperr := fmt.Errorf("Role already exists") jsonErrorReport(w, r, httperr.Error(), http.StatusConflict) return nil } var nerr util.Gerror chefRole, nerr = role.NewFromJSON(roleData) if nerr != nil { jsonErrorReport(w, r, nerr.Error(), nerr.Status()) return nil } err := chefRole.Save() if err != nil { jsonErrorReport(w, r, err.Error(), http.StatusInternalServerError) return nil } if lerr := loginfo.LogEvent(opUser, chefRole, "create"); lerr != nil { jsonErrorReport(w, r, lerr.Error(), http.StatusInternalServerError) return nil } roleResponse["uri"] = util.ObjURL(chefRole) w.WriteHeader(http.StatusCreated) default: jsonErrorReport(w, r, "Method not allowed for roles", http.StatusMethodNotAllowed) return nil } return roleResponse }
// UpdateFromJSON updates a client/user from a json object. Does a bunch of // validations inside rather than in the handler. func (c *Client) UpdateFromJSON(jsonActor map[string]interface{}) util.Gerror { actorName, nerr := util.ValidateAsString(jsonActor["name"]) if nerr != nil { return nerr } if c.Name != actorName { err := util.Errorf("Client name %s and %s from JSON do not match", c.Name, actorName) return err } /* Validations. */ /* Invalid top level elements */ validElements := []string{"name", "json_class", "chef_type", "validator", "org_name", "orgname", "public_key", "private_key", "admin", "certificate", "password", "node_name", "clientname"} ValidElem: for k := range jsonActor { for _, i := range validElements { if k == i { continue ValidElem } } err := util.Errorf("Invalid key %s in request body", k) return err } var verr util.Gerror jsonActor["json_class"], verr = util.ValidateAsFieldString(jsonActor["json_class"]) if verr != nil { if verr.Error() == "Field 'name' nil" { jsonActor["json_class"] = c.JSONClass } else { return verr } } else { if jsonActor["json_class"].(string) != "Chef::ApiClient" { verr = util.Errorf("Field 'json_class' invalid") return verr } } jsonActor["chef_type"], verr = util.ValidateAsFieldString(jsonActor["chef_type"]) if verr != nil { if verr.Error() == "Field 'name' nil" { jsonActor["chef_type"] = c.ChefType } else { return verr } } else { if jsonActor["chef_type"].(string) != "client" { verr = util.Errorf("Field 'chef_type' invalid") return verr } } var ab, vb bool if adminVal, ok := jsonActor["admin"]; ok { if ab, verr = util.ValidateAsBool(adminVal); verr != nil { // NOTE: may need to tweak this error message depending // if this is a user or a client verr = util.Errorf("Field 'admin' invalid") return verr } else if c.Admin && !ab { if c.isLastAdmin() { verr = util.Errorf("Cannot remove admin status from the last admin") verr.SetStatus(http.StatusForbidden) return verr } } } if validatorVal, ok := jsonActor["validator"]; ok { if vb, verr = util.ValidateAsBool(validatorVal); verr != nil { return verr } } if ab && vb { verr = util.Errorf("Client can be either an admin or a validator, but not both.") verr.SetStatus(http.StatusBadRequest) return verr } c.Admin = ab c.Validator = vb c.ChefType = jsonActor["chef_type"].(string) c.JSONClass = jsonActor["json_class"].(string) return nil }
func nodeHandling(w http.ResponseWriter, r *http.Request) map[string]string { /* We're dealing with nodes, then. */ nodeResponse := make(map[string]string) opUser, oerr := actor.GetReqUser(r.Header.Get("X-OPS-USERID")) if oerr != nil { jsonErrorReport(w, r, oerr.Error(), oerr.Status()) return nil } switch r.Method { case "GET": if opUser.IsValidator() { jsonErrorReport(w, r, "You are not allowed to take this action.", http.StatusForbidden) return nil } nodeList := node.GetList() for _, k := range nodeList { itemURL := fmt.Sprintf("/nodes/%s", k) nodeResponse[k] = util.CustomURL(itemURL) } case "POST": if opUser.IsValidator() { jsonErrorReport(w, r, "You are not allowed to take this action.", http.StatusForbidden) return nil } nodeData, jerr := parseObjJSON(r.Body) if jerr != nil { jsonErrorReport(w, r, jerr.Error(), http.StatusBadRequest) return nil } nodeName, sterr := util.ValidateAsString(nodeData["name"]) if sterr != nil { jsonErrorReport(w, r, sterr.Error(), http.StatusBadRequest) return nil } chefNode, _ := node.Get(nodeName) if chefNode != nil { httperr := fmt.Errorf("Node already exists") jsonErrorReport(w, r, httperr.Error(), http.StatusConflict) return nil } var nerr util.Gerror chefNode, nerr = node.NewFromJSON(nodeData) if nerr != nil { jsonErrorReport(w, r, nerr.Error(), nerr.Status()) return nil } err := chefNode.Save() if err != nil { jsonErrorReport(w, r, err.Error(), http.StatusInternalServerError) return nil } err = chefNode.UpdateStatus("new") if err != nil { jsonErrorReport(w, r, err.Error(), http.StatusInternalServerError) return nil } if lerr := loginfo.LogEvent(opUser, chefNode, "create"); lerr != nil { jsonErrorReport(w, r, lerr.Error(), http.StatusInternalServerError) return nil } nodeResponse["uri"] = util.ObjURL(chefNode) w.WriteHeader(http.StatusCreated) default: jsonErrorReport(w, r, "Method not allowed for nodes", http.StatusMethodNotAllowed) return nil } return nodeResponse }
func cookbookHandler(w http.ResponseWriter, r *http.Request) { w.Header().Set("Content-Type", "application/json") pathArray := splitPath(r.URL.Path) cookbookResponse := make(map[string]interface{}) opUser, oerr := actor.GetReqUser(r.Header.Get("X-OPS-USERID")) if oerr != nil { jsonErrorReport(w, r, oerr.Error(), oerr.Status()) return } var numResults string r.ParseForm() if nrs, found := r.Form["num_versions"]; found { if len(nrs) < 0 { jsonErrorReport(w, r, "invalid num_versions", http.StatusBadRequest) return } numResults = nrs[0] err := util.ValidateNumVersions(numResults) if err != nil { jsonErrorReport(w, r, err.Error(), err.Status()) return } } force := "" if f, fok := r.Form["force"]; fok { if len(f) > 0 { force = f[0] } } pathArrayLen := len(pathArray) /* 1 and 2 length path arrays only support GET */ if pathArrayLen < 3 && r.Method != "GET" { jsonErrorReport(w, r, "Bad request.", http.StatusMethodNotAllowed) return } else if pathArrayLen < 3 && opUser.IsValidator() { jsonErrorReport(w, r, "You are not allowed to perform this action", http.StatusForbidden) return } /* chef-pedant is happier when checking if a validator can do something * surprisingly late in the game. It wants the perm checks to be * checked after the method for the end point is checked out as * something it's going to handle, so, for instance, issuing a DELETE * against an endpoint where that isn't allowed should respond with a * 405, rather than a 403, which also makes sense in areas where * validators shouldn't be able to do anything. *shrugs* */ if pathArrayLen == 1 || (pathArrayLen == 2 && pathArray[1] == "") { /* list all cookbooks */ cookbookResponse = cookbook.CookbookLister(numResults) } else if pathArrayLen == 2 { /* info about a cookbook and all its versions */ cookbookName := pathArray[1] /* Undocumented behavior - a cookbook name of _latest gets a * list of the latest versions of all the cookbooks, and _recipe * gets the recipes of the latest cookbooks. */ if cookbookName == "_latest" { cookbookResponse = cookbook.CookbookLatest() } else if cookbookName == "_recipes" { rlist, nerr := cookbook.CookbookRecipes() if nerr != nil { jsonErrorReport(w, r, nerr.Error(), nerr.Status()) return } enc := json.NewEncoder(w) if err := enc.Encode(&rlist); err != nil { jsonErrorReport(w, r, err.Error(), http.StatusInternalServerError) } return } else { cb, err := cookbook.Get(cookbookName) if err != nil { jsonErrorReport(w, r, err.Error(), http.StatusNotFound) return } /* Strange thing here. The API docs say if num_versions * is not specified to return one cookbook, yet the * spec indicates that if it's not set that all * cookbooks should be returned. Most places *except * here* that's the case, so it can't be changed in * infoHashBase. Explicitly set numResults to all * here. */ if numResults == "" { numResults = "all" } cookbookResponse[cookbookName] = cb.InfoHash(numResults) } } else if pathArrayLen == 3 { /* get information about or manipulate a specific cookbook * version */ cookbookName := pathArray[1] var cookbookVersion string var vererr util.Gerror opUser, oerr := actor.GetReqUser(r.Header.Get("X-OPS-USERID")) if oerr != nil { jsonErrorReport(w, r, oerr.Error(), oerr.Status()) return } if r.Method == "GET" && pathArray[2] == "_latest" { // might be other special vers cookbookVersion = pathArray[2] } else { cookbookVersion, vererr = util.ValidateAsVersion(pathArray[2]) if vererr != nil { vererr := util.Errorf("Invalid cookbook version '%s'.", pathArray[2]) jsonErrorReport(w, r, vererr.Error(), vererr.Status()) return } } switch r.Method { case "DELETE", "GET": if opUser.IsValidator() { jsonErrorReport(w, r, "You are not allowed to perform this action", http.StatusForbidden) return } cb, err := cookbook.Get(cookbookName) if err != nil { if err.Status() == http.StatusNotFound { msg := fmt.Sprintf("Cannot find a cookbook named %s with version %s", cookbookName, cookbookVersion) jsonErrorReport(w, r, msg, err.Status()) } else { jsonErrorReport(w, r, err.Error(), err.Status()) } return } cbv, err := cb.GetVersion(cookbookVersion) if err != nil { jsonErrorReport(w, r, err.Error(), http.StatusNotFound) return } if r.Method == "DELETE" { if !opUser.IsAdmin() { jsonErrorReport(w, r, "You are not allowed to take this action.", http.StatusForbidden) return } err := cb.DeleteVersion(cookbookVersion) if err != nil { jsonErrorReport(w, r, err.Error(), err.Status()) return } if lerr := loginfo.LogEvent(opUser, cbv, "delete"); lerr != nil { jsonErrorReport(w, r, lerr.Error(), http.StatusInternalServerError) return } /* If all versions are gone, remove the * cookbook - seems to be the desired * behavior. */ if cb.NumVersions() == 0 { if cerr := cb.Delete(); cerr != nil { jsonErrorReport(w, r, cerr.Error(), http.StatusInternalServerError) return } } } else { /* Special JSON rendition of the * cookbook with some but not all of * the fields. */ cookbookResponse = cbv.ToJSON(r.Method) /* Sometimes, but not always, chef needs * empty slices of maps for these * values. Arrrgh. */ /* Doing it this way is absolutely * insane. However, webui really wants * this information, while chef-pedant * absolutely does NOT want it there. * knife seems happy without it as well. * Until such time that this gets * resolved in a non-crazy manner, for * this only send that info back if it's * a webui request. */ if rs := r.Header.Get("X-Ops-Request-Source"); rs == "web" { chkDiv := []string{"definitions", "libraries", "attributes", "providers", "resources", "templates", "root_files", "files"} for _, cd := range chkDiv { if cookbookResponse[cd] == nil { cookbookResponse[cd] = make([]map[string]interface{}, 0) } } } } case "PUT": if !opUser.IsAdmin() { jsonErrorReport(w, r, "You are not allowed to perform this action", http.StatusForbidden) return } cbvData, jerr := parseObjJSON(r.Body) if jerr != nil { jsonErrorReport(w, r, jerr.Error(), http.StatusBadRequest) return } /* First, see if the cookbook already exists, & * if not create it. Second, see if this * specific version of the cookbook exists. If * so, update it, otherwise, create it and set * the latest version as needed. */ cb, err := cookbook.Get(cookbookName) if err != nil { cb, err = cookbook.New(cookbookName) if err != nil { jsonErrorReport(w, r, err.Error(), err.Status()) return } /* save it so we get the id with mysql * for creating versions & such */ serr := cb.Save() if serr != nil { jsonErrorReport(w, r, serr.Error(), http.StatusInternalServerError) return } if lerr := loginfo.LogEvent(opUser, cb, "create"); lerr != nil { jsonErrorReport(w, r, lerr.Error(), http.StatusInternalServerError) return } } cbv, err := cb.GetVersion(cookbookVersion) /* Does the cookbook_name in the URL and what's * in the body match? */ switch t := cbvData["cookbook_name"].(type) { case string: /* Only send this particular * error if the cookbook version * hasn't been created yet. * Instead we want a slightly * different version later. */ if t != cookbookName && cbv == nil { terr := util.Errorf("Field 'name' invalid") jsonErrorReport(w, r, terr.Error(), terr.Status()) return } default: // rather unlikely, I think, to // be able to get here past the // cookbook get. Punk out and // don't do anything } if err != nil { var nerr util.Gerror cbv, nerr = cb.NewVersion(cookbookVersion, cbvData) if nerr != nil { // If the new version failed to // take, and there aren't any // other versions of the cookbook // it needs to be deleted. if cb.NumVersions() == 0 { cb.Delete() } jsonErrorReport(w, r, nerr.Error(), nerr.Status()) return } if lerr := loginfo.LogEvent(opUser, cbv, "create"); lerr != nil { jsonErrorReport(w, r, lerr.Error(), http.StatusInternalServerError) return } w.WriteHeader(http.StatusCreated) } else { err := cbv.UpdateVersion(cbvData, force) if err != nil { jsonErrorReport(w, r, err.Error(), err.Status()) return } gerr := cb.Save() if gerr != nil { jsonErrorReport(w, r, gerr.Error(), http.StatusInternalServerError) return } if lerr := loginfo.LogEvent(opUser, cbv, "modify"); lerr != nil { jsonErrorReport(w, r, lerr.Error(), http.StatusInternalServerError) return } } /* API docs are wrong. The docs claim that this * should have no response body, but in fact it * wants some (not all) of the cookbook version * data. */ cookbookResponse = cbv.ToJSON(r.Method) default: jsonErrorReport(w, r, "Unrecognized method", http.StatusMethodNotAllowed) return } } else { /* Say what? Bad request. */ jsonErrorReport(w, r, "Bad request", http.StatusBadRequest) return } enc := json.NewEncoder(w) if err := enc.Encode(&cookbookResponse); err != nil { jsonErrorReport(w, r, err.Error(), http.StatusInternalServerError) } }
// UpdateFromJSON updates an existing role with the uploaded JSON. func (r *Role) UpdateFromJSON(jsonRole map[string]interface{}) util.Gerror { /* TODO - this and node.UpdateFromJSON may be generalizeable with * reflect - look into it. */ if r.Name != jsonRole["name"] { err := util.Errorf("Role name %s and %s from JSON do not match.", r.Name, jsonRole["name"]) return err } /* Validations */ /* Look for invalid top level elements. See node/node.go for more * information. */ validElements := []string{"name", "json_class", "chef_type", "run_list", "env_run_lists", "default_attributes", "override_attributes", "description"} ValidElem: for k := range jsonRole { for _, i := range validElements { if k == i { continue ValidElem } } err := util.Errorf("Invalid key %s in request body", k) return err } var verr util.Gerror if jsonRole["run_list"], verr = util.ValidateRunList(jsonRole["run_list"]); verr != nil { return verr } if _, erlExists := jsonRole["env_run_lists"]; erlExists { for k, v := range jsonRole["env_run_lists"].(map[string][]string) { if jsonRole["env_run_lists"].(map[string][]string)[k], verr = util.ValidateRunList(v); verr != nil { return verr } } } else { jsonRole["env_run_lists"] = make(map[string][]string) } attrs := []string{"default_attributes", "override_attributes"} for _, a := range attrs { jsonRole[a], verr = util.ValidateAttributes(a, jsonRole[a]) if verr != nil { return verr } } jsonRole["json_class"], verr = util.ValidateAsFieldString(jsonRole["json_class"]) if verr != nil { if verr.Error() == "Field 'name' nil" { jsonRole["json_class"] = r.JSONClass } else { return verr } } else { if jsonRole["json_class"].(string) != "Chef::Role" { verr = util.Errorf("Field 'json_class' invalid") return verr } } // Roles can be empty, just force it into being a string jsonRole["description"], _ = util.ValidateAsString(jsonRole["description"]) jsonRole["chef_type"], verr = util.ValidateAsFieldString(jsonRole["chef_type"]) if verr != nil { if verr.Error() == "Field 'name' nil" { jsonRole["chef_type"] = r.ChefType } else { return verr } } else { if jsonRole["chef_type"].(string) != "role" { verr = util.Errorf("Field 'chef_type' invalid") return verr } } r.ChefType = jsonRole["chef_type"].(string) r.JSONClass = jsonRole["json_class"].(string) r.Description = jsonRole["description"].(string) r.RunList = jsonRole["run_list"].([]string) r.EnvRunLists = jsonRole["env_run_lists"].(map[string][]string) r.Default = jsonRole["default_attributes"].(map[string]interface{}) r.Override = jsonRole["override_attributes"].(map[string]interface{}) return nil }