コード例 #1
0
ファイル: service_consumption.go プロジェクト: gwmoura/yati
func serviceInstanceStatus(w http.ResponseWriter, r *http.Request, t auth.Token) error {
	instanceName := r.URL.Query().Get(":instance")
	serviceName := r.URL.Query().Get(":service")
	serviceInstance, err := getServiceInstanceOrError(serviceName, instanceName)
	if err != nil {
		return err
	}
	permissionValue := serviceName + "/" + instanceName
	allowed := permission.Check(t, permission.PermServiceInstanceReadStatus,
		append(permission.Contexts(permission.CtxTeam, serviceInstance.Teams),
			permission.Context(permission.CtxServiceInstance, permissionValue),
		)...,
	)
	if !allowed {
		return permission.ErrUnauthorized
	}
	rec.Log(t.GetUserName(), "service-instance-status", serviceName, instanceName)
	var b string
	if b, err = serviceInstance.Status(); err != nil {
		msg := fmt.Sprintf("Could not retrieve status of service instance, error: %s", err)
		return &errors.HTTP{Code: http.StatusInternalServerError, Message: msg}
	}
	b = fmt.Sprintf(`Service instance "%s" is %s`, instanceName, b)
	n, err := w.Write([]byte(b))
	if n != len(b) {
		return &errors.HTTP{Code: http.StatusInternalServerError, Message: "Failed to write response body"}
	}
	return nil
}
コード例 #2
0
ファイル: deploy.go プロジェクト: caputomarcos/tsuru
func deployRollback(w http.ResponseWriter, r *http.Request, t auth.Token) error {
	appName := r.URL.Query().Get(":appname")
	instance, err := app.GetByName(appName)
	if err != nil {
		return &errors.HTTP{Code: http.StatusNotFound, Message: fmt.Sprintf("App %s not found.", appName)}
	}
	image := r.PostFormValue("image")
	if image == "" {
		return &errors.HTTP{
			Code:    http.StatusBadRequest,
			Message: "you cannot rollback without an image name",
		}
	}
	w.Header().Set("Content-Type", "application/json")
	keepAliveWriter := io.NewKeepAliveWriter(w, 30*time.Second, "")
	defer keepAliveWriter.Stop()
	writer := &io.SimpleJsonMessageEncoderWriter{Encoder: json.NewEncoder(keepAliveWriter)}
	if !regexp.MustCompile(":v[0-9]+$").MatchString(image) {
		img, err := getImage(appName, image)
		//err is not handled because it is treated in funcion app.Deploy()
		if err == nil {
			image = img
		}
	}
	err = app.Deploy(app.DeployOptions{
		App:          instance,
		OutputStream: writer,
		Image:        image,
		User:         t.GetUserName(),
	})
	if err != nil {
		writer.Encode(io.SimpleJsonMessage{Error: err.Error()})
	}
	return nil
}
コード例 #3
0
ファイル: service_provision.go プロジェクト: zhenruyan/tsuru
func serviceDelete(w http.ResponseWriter, r *http.Request, t auth.Token) error {
	s, err := getService(r.URL.Query().Get(":name"))
	if err != nil {
		return err
	}
	allowed := permission.Check(t, permission.PermServiceDelete,
		append(permission.Contexts(permission.CtxTeam, s.OwnerTeams),
			permission.Context(permission.CtxService, s.Name),
		)...,
	)
	if !allowed {
		return permission.ErrUnauthorized
	}
	rec.Log(t.GetUserName(), "delete-service", r.URL.Query().Get(":name"))
	instances, err := service.GetServiceInstancesByServices([]service.Service{s})
	if err != nil {
		return err
	}
	if len(instances) > 0 {
		msg := "This service cannot be removed because it has instances.\nPlease remove these instances before removing the service."
		return &errors.HTTP{Code: http.StatusForbidden, Message: msg}
	}
	err = s.Delete()
	if err != nil {
		return err
	}
	w.WriteHeader(http.StatusNoContent)
	return nil
}
コード例 #4
0
ファイル: auth.go プロジェクト: tsuru/tsuru
// title: regenerate token
// path: /users/api-key
// method: POST
// produce: application/json
// responses:
//   200: OK
//   401: Unauthorized
//   404: User not found
func regenerateAPIToken(w http.ResponseWriter, r *http.Request, t auth.Token) (err error) {
	r.ParseForm()
	email := r.URL.Query().Get("user")
	if email == "" {
		email = t.GetUserName()
	}
	allowed := permission.Check(t, permission.PermUserUpdateToken,
		permission.Context(permission.CtxUser, email),
	)
	if !allowed {
		return permission.ErrUnauthorized
	}
	evt, err := event.New(&event.Opts{
		Target:     userTarget(email),
		Kind:       permission.PermUserUpdateToken,
		Owner:      t,
		CustomData: event.FormToCustomData(r.Form),
		Allowed:    event.Allowed(permission.PermUserReadEvents, permission.Context(permission.CtxUser, email)),
	})
	if err != nil {
		return err
	}
	defer func() { evt.Done(err) }()
	u, err := auth.GetUserByEmail(email)
	if err != nil {
		return &errors.HTTP{Code: http.StatusNotFound, Message: err.Error()}
	}
	apiKey, err := u.RegenerateAPIKey()
	if err != nil {
		return err
	}
	w.Header().Add("Content-Type", "application/json")
	return json.NewEncoder(w).Encode(apiKey)
}
コード例 #5
0
ファイル: service_consumption.go プロジェクト: gwmoura/yati
func servicePlans(w http.ResponseWriter, r *http.Request, t auth.Token) error {
	serviceName := r.URL.Query().Get(":name")
	s, err := getService(serviceName)
	if err != nil {
		return err
	}
	if s.IsRestricted {
		allowed := permission.Check(t, permission.PermServiceReadPlans,
			append(permission.Contexts(permission.CtxTeam, s.Teams),
				permission.Context(permission.CtxService, s.Name),
			)...,
		)
		if !allowed {
			return permission.ErrUnauthorized
		}
	}
	rec.Log(t.GetUserName(), "service-plans", serviceName)
	plans, err := service.GetPlansByServiceName(serviceName)
	if err != nil {
		return err
	}
	b, err := json.Marshal(plans)
	if err != nil {
		return nil
	}
	w.Write(b)
	return nil
}
コード例 #6
0
ファイル: auth.go プロジェクト: reoring/tsuru
func getTeam(w http.ResponseWriter, r *http.Request, t auth.Token) error {
	teamName := r.URL.Query().Get(":name")
	_, err := auth.GetTeam(teamName)
	if err != nil {
		return &errors.HTTP{Code: http.StatusNotFound, Message: "Team not found"}
	}
	permsForTeam := permission.PermissionRegistry.PermissionsWithContextType(permission.CtxTeam)
	var permissions []string
	for _, p := range permsForTeam {
		if permission.Check(t, p, permission.Context(permission.CtxTeam, teamName)) {
			permissions = append(permissions, p.FullName())
		}
	}
	if len(permissions) == 0 {
		return &errors.HTTP{Code: http.StatusNotFound, Message: "Team not found"}
	}
	rec.Log(t.GetUserName(), "get-team", teamName)
	result := map[string]interface{}{
		"name":        teamName,
		"permissions": permissions,
	}
	w.Header().Set("Content-Type", "application/json")
	b, err := json.Marshal(result)
	if err != nil {
		return err
	}
	n, err := w.Write(b)
	if err != nil {
		return err
	}
	if n != len(b) {
		return &errors.HTTP{Code: http.StatusInternalServerError, Message: "Failed to write response body."}
	}
	return nil
}
コード例 #7
0
ファイル: service_provision.go プロジェクト: zhenruyan/tsuru
func grantServiceAccess(w http.ResponseWriter, r *http.Request, t auth.Token) error {
	serviceName := r.URL.Query().Get(":service")
	s, err := getService(serviceName)
	if err != nil {
		return err
	}
	allowed := permission.Check(t, permission.PermServiceUpdateGrantAccess,
		append(permission.Contexts(permission.CtxTeam, s.OwnerTeams),
			permission.Context(permission.CtxService, s.Name),
		)...,
	)
	if !allowed {
		return permission.ErrUnauthorized
	}
	teamName := r.URL.Query().Get(":team")
	team, err := auth.GetTeam(teamName)
	if err != nil {
		if err == auth.ErrTeamNotFound {
			return &errors.HTTP{Code: http.StatusNotFound, Message: "Team not found"}
		}
		return err
	}
	rec.Log(t.GetUserName(), "grant-service-access", "service="+serviceName, "team="+teamName)
	err = s.GrantAccess(team)
	if err != nil {
		return &errors.HTTP{Code: http.StatusConflict, Message: err.Error()}
	}
	return s.Update()
}
コード例 #8
0
ファイル: deploy.go プロジェクト: RichardKnop/tsuru
func deployRollback(w http.ResponseWriter, r *http.Request, t auth.Token) error {
	appName := r.URL.Query().Get(":appname")
	instance, err := app.GetByName(appName)
	if err != nil {
		return &errors.HTTP{Code: http.StatusNotFound, Message: fmt.Sprintf("App %s not found.", appName)}
	}
	image := r.PostFormValue("image")
	if image == "" {
		return &errors.HTTP{
			Code:    http.StatusBadRequest,
			Message: "you cannot rollback without an image name",
		}
	}
	w.Header().Set("Content-Type", "application/json")
	writer := &io.SimpleJsonMessageEncoderWriter{Encoder: json.NewEncoder(w)}
	err = app.Deploy(app.DeployOptions{
		App:          instance,
		OutputStream: writer,
		Image:        image,
		User:         t.GetUserName(),
	})
	if err != nil {
		writer.Encode(io.SimpleJsonMessage{Error: err.Error()})
	}
	return nil
}
コード例 #9
0
ファイル: service_provision.go プロジェクト: zhenruyan/tsuru
func revokeServiceAccess(w http.ResponseWriter, r *http.Request, t auth.Token) error {
	serviceName := r.URL.Query().Get(":service")
	s, err := getService(serviceName)
	if err != nil {
		return err
	}
	allowed := permission.Check(t, permission.PermServiceUpdateRevokeAccess,
		append(permission.Contexts(permission.CtxTeam, s.OwnerTeams),
			permission.Context(permission.CtxService, s.Name),
		)...,
	)
	if !allowed {
		return permission.ErrUnauthorized
	}
	teamName := r.URL.Query().Get(":team")
	team, err := auth.GetTeam(teamName)
	if err != nil {
		if err == auth.ErrTeamNotFound {
			return &errors.HTTP{Code: http.StatusNotFound, Message: "Team not found"}
		}
		return err
	}
	if len(s.Teams) < 2 {
		msg := "You can not revoke the access from this team, because it is the unique team with access to this service, and a service can not be orphaned"
		return &errors.HTTP{Code: http.StatusForbidden, Message: msg}
	}
	rec.Log(t.GetUserName(), "revoke-service-access", "service="+serviceName, "team="+teamName)
	err = s.RevokeAccess(team)
	if err != nil {
		return &errors.HTTP{Code: http.StatusNotFound, Message: err.Error()}
	}
	return s.Update()
}
コード例 #10
0
ファイル: app.go プロジェクト: WIZARD-CXY/golang-devops-stuff
func swap(w http.ResponseWriter, r *http.Request, t auth.Token) error {
	u, err := t.User()
	if err != nil {
		return err
	}
	app1Name := r.URL.Query().Get("app1")
	app2Name := r.URL.Query().Get("app2")
	locked1, err := app.AcquireApplicationLock(app1Name, t.GetUserName(), "/swap")
	if err != nil {
		return err
	}
	defer app.ReleaseApplicationLock(app1Name)
	locked2, err := app.AcquireApplicationLock(app2Name, t.GetUserName(), "/swap")
	if err != nil {
		return err
	}
	defer app.ReleaseApplicationLock(app2Name)
	app1, err := getApp(app1Name, u)
	if err != nil {
		return err
	}
	if !locked1 {
		return &errors.HTTP{Code: http.StatusConflict, Message: fmt.Sprintf("%s: %s", app1.Name, &app1.Lock)}
	}
	app2, err := getApp(app2Name, u)
	if err != nil {
		return err
	}
	if !locked2 {
		return &errors.HTTP{Code: http.StatusConflict, Message: fmt.Sprintf("%s: %s", app2.Name, &app2.Lock)}
	}
	rec.Log(u.Email, "swap", app1Name, app2Name)
	return app.Swap(&app1, &app2)
}
コード例 #11
0
ファイル: service_consumption.go プロジェクト: Endika/tsuru
func serviceInstanceInfo(w http.ResponseWriter, r *http.Request, t auth.Token) error {
	instanceName := r.URL.Query().Get(":instance")
	serviceName := r.URL.Query().Get(":service")
	serviceInstance, err := getServiceInstanceOrError(serviceName, instanceName)
	if err != nil {
		return err
	}
	permissionValue := serviceName + "/" + instanceName
	allowed := permission.Check(t, permission.PermServiceInstanceRead,
		append(permission.Contexts(permission.CtxTeam, serviceInstance.Teams),
			permission.Context(permission.CtxServiceInstance, permissionValue),
		)...,
	)
	if !allowed {
		return permission.ErrUnauthorized
	}
	rec.Log(t.GetUserName(), "service-instance-info", serviceName, instanceName)
	info, err := serviceInstance.Info()
	if err != nil {
		return err
	}
	sInfo := ServiceInstanceInfo{
		Apps:        serviceInstance.Apps,
		Teams:       serviceInstance.Teams,
		TeamOwner:   serviceInstance.TeamOwner,
		Description: serviceInstance.Description,
		CustomInfo:  info,
	}
	b, err := json.Marshal(sInfo)
	if err != nil {
		return nil
	}
	w.Write(b)
	return nil
}
コード例 #12
0
ファイル: deploy.go プロジェクト: tsuru/tsuru
// title: rollback
// path: /apps/{appname}/deploy/rollback
// method: POST
// consume: application/x-www-form-urlencoded
// produce: application/x-json-stream
// responses:
//   200: OK
//   400: Invalid data
//   403: Forbidden
//   404: Not found
func deployRollback(w http.ResponseWriter, r *http.Request, t auth.Token) error {
	appName := r.URL.Query().Get(":appname")
	instance, err := app.GetByName(appName)
	if err != nil {
		return &tsuruErrors.HTTP{Code: http.StatusNotFound, Message: fmt.Sprintf("App %s not found.", appName)}
	}
	image := r.FormValue("image")
	if image == "" {
		return &tsuruErrors.HTTP{
			Code:    http.StatusBadRequest,
			Message: "you cannot rollback without an image name",
		}
	}
	origin := r.FormValue("origin")
	if origin != "" {
		if !app.ValidateOrigin(origin) {
			return &tsuruErrors.HTTP{
				Code:    http.StatusBadRequest,
				Message: "Invalid deployment origin",
			}
		}
	}
	w.Header().Set("Content-Type", "application/x-json-stream")
	keepAliveWriter := io.NewKeepAliveWriter(w, 30*time.Second, "")
	defer keepAliveWriter.Stop()
	writer := &io.SimpleJsonMessageEncoderWriter{Encoder: json.NewEncoder(keepAliveWriter)}
	opts := app.DeployOptions{
		App:          instance,
		OutputStream: writer,
		Image:        image,
		User:         t.GetUserName(),
		Origin:       origin,
		Rollback:     true,
	}
	opts.GetKind()
	canRollback := permission.Check(t, permSchemeForDeploy(opts), contextsForApp(instance)...)
	if !canRollback {
		return &tsuruErrors.HTTP{Code: http.StatusForbidden, Message: permission.ErrUnauthorized.Error()}
	}
	var imageID string
	evt, err := event.New(&event.Opts{
		Target:        appTarget(appName),
		Kind:          permission.PermAppDeploy,
		Owner:         t,
		CustomData:    opts,
		Allowed:       event.Allowed(permission.PermAppReadEvents, contextsForApp(instance)...),
		AllowedCancel: event.Allowed(permission.PermAppUpdateEvents, contextsForApp(instance)...),
		Cancelable:    true,
	})
	if err != nil {
		return err
	}
	defer func() { evt.DoneCustomData(err, map[string]string{"image": imageID}) }()
	opts.Event = evt
	imageID, err = app.Deploy(opts)
	if err != nil {
		writer.Encode(io.SimpleJsonMessage{Error: err.Error()})
	}
	return nil
}
コード例 #13
0
ファイル: auth.go プロジェクト: nicolas2bonfils/tsuru
func changePassword(w http.ResponseWriter, r *http.Request, t auth.Token) error {
	managed, ok := app.AuthScheme.(auth.ManagedScheme)
	if !ok {
		return &errors.HTTP{Code: http.StatusBadRequest, Message: nonManagedSchemeMsg}
	}
	var body map[string]string
	err := json.NewDecoder(r.Body).Decode(&body)
	if err != nil {
		return &errors.HTTP{
			Code:    http.StatusBadRequest,
			Message: "Invalid JSON.",
		}
	}
	if body["old"] == "" || body["new"] == "" {
		return &errors.HTTP{
			Code:    http.StatusBadRequest,
			Message: "Both the old and the new passwords are required.",
		}
	}
	err = managed.ChangePassword(t, body["old"], body["new"])
	if err != nil {
		return handleAuthError(err)
	}
	rec.Log(t.GetUserName(), "change-password")
	return nil
}
コード例 #14
0
ファイル: auth.go プロジェクト: pedrosnk/tsuru
func changePassword(w http.ResponseWriter, r *http.Request, t auth.Token) error {
	managed, ok := app.AuthScheme.(auth.ManagedScheme)
	if !ok {
		return &errors.HTTP{Code: http.StatusBadRequest, Message: nonManagedSchemeMsg}
	}
	oldPassword := r.FormValue("old")
	newPassword := r.FormValue("new")
	confirmPassword := r.FormValue("confirm")
	if oldPassword == "" || newPassword == "" {
		return &errors.HTTP{
			Code:    http.StatusBadRequest,
			Message: "Both the old and the new passwords are required.",
		}
	}
	if newPassword != confirmPassword {
		return &errors.HTTP{
			Code:    http.StatusBadRequest,
			Message: "New password and password confirmation didn't match.",
		}
	}
	err := managed.ChangePassword(t, oldPassword, newPassword)
	if err != nil {
		return handleAuthError(err)
	}
	rec.Log(t.GetUserName(), "change-password")
	return nil
}
コード例 #15
0
ファイル: event.go プロジェクト: tsuru/tsuru
// title: event cancel
// path: /events/{uuid}/cancel
// method: POST
// produce: application/json
// responses:
//   200: OK
//   400: Invalid uuid or empty reason
//   404: Not found
func eventCancel(w http.ResponseWriter, r *http.Request, t auth.Token) error {
	uuid := r.URL.Query().Get(":uuid")
	if !bson.IsObjectIdHex(uuid) {
		msg := fmt.Sprintf("uuid parameter is not ObjectId: %s", uuid)
		return &errors.HTTP{Code: http.StatusBadRequest, Message: msg}
	}
	objID := bson.ObjectIdHex(uuid)
	e, err := event.GetByID(objID)
	if err != nil {
		return &errors.HTTP{Code: http.StatusNotFound, Message: err.Error()}
	}
	reason := r.FormValue("reason")
	if reason == "" {
		return &errors.HTTP{Code: http.StatusBadRequest, Message: "reason is mandatory"}
	}
	scheme, err := permission.SafeGet(e.AllowedCancel.Scheme)
	if err != nil {
		return err
	}
	allowed := permission.Check(t, scheme, e.AllowedCancel.Contexts...)
	if !allowed {
		return permission.ErrUnauthorized
	}
	err = e.TryCancel(reason, t.GetUserName())
	if err != nil {
		if err == event.ErrNotCancelable {
			return &errors.HTTP{Code: http.StatusBadRequest, Message: err.Error()}
		}
		return err
	}
	w.WriteHeader(http.StatusNoContent)
	return nil
}
コード例 #16
0
ファイル: service_provision.go プロジェクト: pedrosnk/tsuru
// title: service update
// path: /services/{name}
// method: PUT
// consume: application/x-www-form-urlencoded
// responses:
//   200: Service updated
//   400: Invalid data
//   401: Unauthorized
//   403: Forbidden (team is not the owner)
//   404: Service not found
func serviceUpdate(w http.ResponseWriter, r *http.Request, t auth.Token) error {
	d := service.Service{
		Username: r.FormValue("username"),
		Endpoint: map[string]string{"production": r.FormValue("endpoint")},
		Password: r.FormValue("password"),
		Name:     r.URL.Query().Get(":name"),
	}
	err := serviceValidate(d)
	if err != nil {
		return err
	}
	s, err := getService(d.Name)
	if err != nil {
		return err
	}
	allowed := permission.Check(t, permission.PermServiceUpdate,
		append(permission.Contexts(permission.CtxTeam, s.OwnerTeams),
			permission.Context(permission.CtxService, s.Name),
		)...,
	)
	if !allowed {
		return permission.ErrUnauthorized
	}
	rec.Log(t.GetUserName(), "update-service", d.Name, d.Endpoint["production"])
	s.Endpoint = d.Endpoint
	s.Password = d.Password
	s.Username = d.Username
	if err = s.Update(); err != nil {
		return err
	}
	return nil
}
コード例 #17
0
ファイル: service_consumption.go プロジェクト: gwmoura/yati
func removeServiceInstance(w http.ResponseWriter, r *http.Request, t auth.Token) error {
	unbindAll := r.URL.Query().Get("unbindall")
	serviceName := r.URL.Query().Get(":service")
	instanceName := r.URL.Query().Get(":instance")
	permissionValue := serviceName + "/" + instanceName

	keepAliveWriter := io.NewKeepAliveWriter(w, 30*time.Second, "")
	defer keepAliveWriter.Stop()
	writer := &io.SimpleJsonMessageEncoderWriter{Encoder: json.NewEncoder(keepAliveWriter)}
	serviceInstance, err := getServiceInstanceOrError(serviceName, instanceName)
	if err != nil {
		writer.Encode(io.SimpleJsonMessage{Error: err.Error()})
		return nil
	}
	allowed := permission.Check(t, permission.PermServiceInstanceDelete,
		append(permission.Contexts(permission.CtxTeam, serviceInstance.Teams),
			permission.Context(permission.CtxServiceInstance, permissionValue),
		)...,
	)
	if !allowed {
		writer.Encode(io.SimpleJsonMessage{Error: permission.ErrUnauthorized.Error()})
		return nil
	}
	rec.Log(t.GetUserName(), "remove-service-instance", serviceName, instanceName)
	if unbindAll == "true" {
		if len(serviceInstance.Apps) > 0 {
			for _, appName := range serviceInstance.Apps {
				_, app, instErr := getServiceInstance(serviceInstance.ServiceName, serviceInstance.Name, appName)
				if instErr != nil {
					writer.Encode(io.SimpleJsonMessage{Error: instErr.Error()})
					return nil
				}
				fmt.Fprintf(writer, "Unbind app %q ...\n", app.GetName())
				instErr = serviceInstance.UnbindApp(app, true, writer)
				if instErr != nil {
					writer.Encode(io.SimpleJsonMessage{Error: instErr.Error()})
					return nil
				}
				fmt.Fprintf(writer, "\nInstance %q is not bound to the app %q anymore.\n", serviceInstance.Name, app.GetName())
			}
			serviceInstance, err = getServiceInstanceOrError(serviceName, instanceName)
			if err != nil {
				writer.Encode(io.SimpleJsonMessage{Error: err.Error()})
				return nil
			}
		}
	}
	err = service.DeleteInstance(serviceInstance)
	if err != nil {
		var msg string
		if err == service.ErrServiceInstanceBound {
			msg = strings.Join(serviceInstance.Apps, ",")
		}
		writer.Encode(io.SimpleJsonMessage{Message: msg, Error: err.Error()})
		return nil
	}
	writer.Write([]byte("service instance successfuly removed"))
	return nil
}
コード例 #18
0
ファイル: service_provision.go プロジェクト: zhenruyan/tsuru
func serviceCreate(w http.ResponseWriter, r *http.Request, t auth.Token) error {
	defer r.Body.Close()
	body, err := ioutil.ReadAll(r.Body)
	if err != nil {
		return err
	}
	var input serviceYaml
	err = yaml.Unmarshal(body, &input)
	if err != nil {
		return err
	}
	if input.Team == "" {
		input.Team, err = permission.TeamForPermission(t, permission.PermServiceCreate)
		if err == permission.ErrTooManyTeams {
			return &errors.HTTP{
				Code:    http.StatusBadRequest,
				Message: "You must provide a team responsible for this service in the manifest file.",
			}
		}
		if err != nil {
			return err
		}
	}
	err = input.validate()
	if err != nil {
		return err
	}
	allowed := permission.Check(t, permission.PermServiceCreate,
		permission.Context(permission.CtxTeam, input.Team),
	)
	if !allowed {
		return permission.ErrUnauthorized
	}
	rec.Log(t.GetUserName(), "create-service", input.Id, input.Endpoint)
	s := service.Service{
		Name:       input.Id,
		Username:   input.Username,
		Endpoint:   input.Endpoint,
		Password:   input.Password,
		OwnerTeams: []string{input.Team},
	}
	err = s.Create()
	if err != nil {
		httpError := http.StatusInternalServerError
		if err == service.ErrServiceAlreadyExists {
			httpError = http.StatusConflict
		}
		return &errors.HTTP{Code: httpError, Message: err.Error()}
	}
	fmt.Fprint(w, "success")
	return nil
}
コード例 #19
0
ファイル: service_consumption.go プロジェクト: pedrosnk/tsuru
func serviceInfo(w http.ResponseWriter, r *http.Request, t auth.Token) error {
	serviceName := r.URL.Query().Get(":name")
	_, err := getService(serviceName)
	if err != nil {
		return err
	}
	rec.Log(t.GetUserName(), "service-info", serviceName)
	instances, err := readableInstances(t, "", serviceName)
	if err != nil {
		return err
	}
	return json.NewEncoder(w).Encode(instances)
}
コード例 #20
0
ファイル: auth.go プロジェクト: zhenruyan/tsuru
func teamList(w http.ResponseWriter, r *http.Request, t auth.Token) error {
	rec.Log(t.GetUserName(), "list-teams")
	permsForTeam := permission.PermissionRegistry.PermissionsWithContextType(permission.CtxTeam)
	teams, err := auth.ListTeams()
	if err != nil {
		return err
	}
	teamsMap := map[string][]string{}
	perms, err := t.Permissions()
	if err != nil {
		return err
	}
	for _, team := range teams {
		teamCtx := permission.Context(permission.CtxTeam, team.Name)
		var parent *permission.PermissionScheme
		for _, p := range permsForTeam {
			if parent != nil && parent.IsParent(p) {
				continue
			}
			if permission.CheckFromPermList(perms, p, teamCtx) {
				parent = p
				teamsMap[team.Name] = append(teamsMap[team.Name], p.FullName())
			}
		}
	}
	if len(teamsMap) == 0 {
		w.WriteHeader(http.StatusNoContent)
		return nil
	}
	var result []map[string]interface{}
	for name, permissions := range teamsMap {
		result = append(result, map[string]interface{}{
			"name":        name,
			"permissions": permissions,
		})
	}
	w.Header().Set("Content-Type", "application/json")
	b, err := json.Marshal(result)
	if err != nil {
		return err
	}
	n, err := w.Write(b)
	if err != nil {
		return err
	}
	if n != len(b) {
		return &errors.HTTP{Code: http.StatusInternalServerError, Message: "Failed to write response body."}
	}
	return nil
}
コード例 #21
0
ファイル: service_provision.go プロジェクト: pedrosnk/tsuru
// title: service list
// path: /services
// method: GET
// produce: application/json
// responses:
//   200: List services
//   204: No content
//   401: Unauthorized
func serviceList(w http.ResponseWriter, r *http.Request, t auth.Token) error {
	rec.Log(t.GetUserName(), "list-services")
	teams := []string{}
	serviceNames := []string{}
	contexts := permission.ContextsForPermission(t, permission.PermServiceRead)
	for _, c := range contexts {
		if c.CtxType == permission.CtxGlobal {
			teams = nil
			serviceNames = nil
			break
		}
		switch c.CtxType {
		case permission.CtxService:
			serviceNames = append(serviceNames, c.Value)
		case permission.CtxTeam:
			teams = append(teams, c.Value)
		}
	}
	services, err := service.GetServicesByOwnerTeamsAndServices(teams, serviceNames)
	if err != nil {
		return err
	}
	sInstances, err := service.GetServiceInstancesByServices(services)
	if err != nil {
		return err
	}
	results := make([]service.ServiceModel, len(services))
	for i, s := range services {
		results[i].Service = s.Name
		for _, si := range sInstances {
			if si.ServiceName == s.Name {
				results[i].Instances = append(results[i].Instances, si.Name)
			}
		}
	}
	if len(results) == 0 {
		w.WriteHeader(http.StatusNoContent)
		return nil
	}
	b, err := json.Marshal(results)
	if err != nil {
		return &errors.HTTP{Code: http.StatusInternalServerError, Message: err.Error()}
	}
	n, err := w.Write(b)
	if n != len(b) {
		return &errors.HTTP{Code: http.StatusInternalServerError, Message: "Failed to write response body"}
	}
	w.Header().Set("Content-Type", "application/json")
	return err
}
コード例 #22
0
ファイル: app.go プロジェクト: pedrosnk/tsuru
func bindServiceInstance(w http.ResponseWriter, r *http.Request, t auth.Token) error {
	instanceName := r.URL.Query().Get(":instance")
	appName := r.URL.Query().Get(":app")
	serviceName := r.URL.Query().Get(":service")
	noRestart, _ := strconv.ParseBool(r.FormValue("noRestart"))
	instance, a, err := getServiceInstance(serviceName, instanceName, appName)
	if err != nil {
		return err
	}
	allowed := permission.Check(t, permission.PermServiceInstanceUpdateBind,
		append(permission.Contexts(permission.CtxTeam, instance.Teams),
			permission.Context(permission.CtxServiceInstance, instance.Name),
		)...,
	)
	if !allowed {
		return permission.ErrUnauthorized
	}
	allowed = permission.Check(t, permission.PermAppUpdateBind,
		append(permission.Contexts(permission.CtxTeam, a.Teams),
			permission.Context(permission.CtxApp, a.Name),
			permission.Context(permission.CtxPool, a.Pool),
		)...,
	)
	if !allowed {
		return permission.ErrUnauthorized
	}
	rec.Log(t.GetUserName(), "bind-app", "instance="+instanceName, "app="+appName)
	w.Header().Set("Content-Type", "application/json")
	keepAliveWriter := tsuruIo.NewKeepAliveWriter(w, 30*time.Second, "")
	defer keepAliveWriter.Stop()
	writer := &tsuruIo.SimpleJsonMessageEncoderWriter{Encoder: json.NewEncoder(keepAliveWriter)}
	err = instance.BindApp(a, !noRestart, writer)
	if err != nil {
		writer.Encode(tsuruIo.SimpleJsonMessage{Error: err.Error()})
		return nil
	}
	fmt.Fprintf(writer, "\nInstance %q is now bound to the app %q.\n", instanceName, appName)
	envs := a.InstanceEnv(instanceName)
	if len(envs) > 0 {
		fmt.Fprintf(writer, "The following environment variables are available for use in your app:\n\n")
		for k := range envs {
			fmt.Fprintf(writer, "- %s\n", k)
		}
		fmt.Fprintf(writer, "- %s\n", app.TsuruServicesEnvVar)
	}
	return nil
}
コード例 #23
0
ファイル: deploy.go プロジェクト: DockerNuts/tsuru
func deployRollback(w http.ResponseWriter, r *http.Request, t auth.Token) error {
	appName := r.URL.Query().Get(":appname")
	instance, err := app.GetByName(appName)
	if err != nil {
		return &errors.HTTP{Code: http.StatusNotFound, Message: fmt.Sprintf("App %s not found.", appName)}
	}
	image := r.PostFormValue("image")
	if image == "" {
		return &errors.HTTP{
			Code:    http.StatusBadRequest,
			Message: "you cannot rollback without an image name",
		}
	}
	origin := r.URL.Query().Get("origin")
	if origin != "" {
		if !app.ValidateOrigin(origin) {
			return &errors.HTTP{
				Code:    http.StatusBadRequest,
				Message: "Invalid deployment origin",
			}
		}
	}
	w.Header().Set("Content-Type", "application/json")
	keepAliveWriter := io.NewKeepAliveWriter(w, 30*time.Second, "")
	defer keepAliveWriter.Stop()
	writer := &io.SimpleJsonMessageEncoderWriter{Encoder: json.NewEncoder(keepAliveWriter)}
	canRollback := permission.Check(t, permission.PermAppDeployRollback,
		append(permission.Contexts(permission.CtxTeam, instance.Teams),
			permission.Context(permission.CtxApp, instance.Name),
			permission.Context(permission.CtxPool, instance.Pool),
		)...,
	)
	if !canRollback {
		return &errors.HTTP{Code: http.StatusForbidden, Message: permission.ErrUnauthorized.Error()}
	}
	err = app.Rollback(app.DeployOptions{
		App:          instance,
		OutputStream: writer,
		Image:        image,
		User:         t.GetUserName(),
		Origin:       origin,
	})
	if err != nil {
		writer.Encode(io.SimpleJsonMessage{Error: err.Error()})
	}
	return nil
}
コード例 #24
0
ファイル: service_consumption.go プロジェクト: pedrosnk/tsuru
// title: service instance list
// path: /services/instances
// method: GET
// produce: application/json
// responses:
//   200: List services instances
//   204: No content
//   401: Unauthorized
func serviceInstances(w http.ResponseWriter, r *http.Request, t auth.Token) error {
	appName := r.URL.Query().Get("app")
	rec.Log(t.GetUserName(), "list-service-instances", "app="+appName)
	instances, err := readableInstances(t, appName, "")
	if err != nil {
		return err
	}
	services, err := readableServices(t)
	if err != nil {
		return err
	}
	servicesMap := map[string]*service.ServiceModel{}
	for _, s := range services {
		if _, in := servicesMap[s.Name]; !in {
			servicesMap[s.Name] = &service.ServiceModel{
				Service:   s.Name,
				Instances: []string{},
			}
		}
	}
	for _, instance := range instances {
		entry := servicesMap[instance.ServiceName]
		if entry == nil {
			continue
		}
		entry.Instances = append(entry.Instances, instance.Name)
		entry.Plans = append(entry.Plans, instance.PlanName)
	}
	result := []service.ServiceModel{}
	for _, entry := range servicesMap {
		result = append(result, *entry)
	}
	if len(result) == 0 {
		w.WriteHeader(http.StatusNoContent)
		return nil
	}
	body, err := json.Marshal(result)
	if err != nil {
		return err
	}
	n, err := w.Write(body)
	if n != len(body) {
		return &errors.HTTP{Code: http.StatusInternalServerError, Message: "Failed to write the response body."}
	}
	w.Header().Set("Content-Type", "application/json")
	return err
}
コード例 #25
0
ファイル: service_provision.go プロジェクト: pedrosnk/tsuru
// title: service create
// path: /services
// method: POST
// consume: application/x-www-form-urlencoded
// responses:
//   201: Service created
//   400: Invalid data
//   401: Unauthorized
//   409: Service already exists
func serviceCreate(w http.ResponseWriter, r *http.Request, t auth.Token) error {
	s := service.Service{
		Name:     r.FormValue("id"),
		Username: r.FormValue("username"),
		Endpoint: map[string]string{"production": r.FormValue("endpoint")},
		Password: r.FormValue("password"),
	}
	team := r.FormValue("team")
	if team == "" {
		var err error
		team, err = permission.TeamForPermission(t, permission.PermServiceCreate)
		if err == permission.ErrTooManyTeams {
			return &errors.HTTP{
				Code:    http.StatusBadRequest,
				Message: "You must provide a team responsible for this service in the manifest file.",
			}
		}
		if err != nil {
			return err
		}
	}
	s.OwnerTeams = []string{team}
	err := serviceValidate(s)
	if err != nil {
		return err
	}
	allowed := permission.Check(t, permission.PermServiceCreate,
		permission.Context(permission.CtxTeam, s.OwnerTeams[0]),
	)
	if !allowed {
		return permission.ErrUnauthorized
	}
	rec.Log(t.GetUserName(), "create-service", s.Name, s.Endpoint["production"])
	err = s.Create()
	if err != nil {
		httpError := http.StatusInternalServerError
		if err == service.ErrServiceAlreadyExists {
			httpError = http.StatusConflict
		}
		return &errors.HTTP{Code: httpError, Message: err.Error()}
	}
	w.WriteHeader(http.StatusCreated)
	fmt.Fprint(w, "success")
	return nil
}
コード例 #26
0
ファイル: service_consumption.go プロジェクト: gwmoura/yati
func serviceInfo(w http.ResponseWriter, r *http.Request, t auth.Token) error {
	serviceName := r.URL.Query().Get(":name")
	_, err := getService(serviceName)
	if err != nil {
		return err
	}
	rec.Log(t.GetUserName(), "service-info", serviceName)
	instances, err := readableInstances(t, "", serviceName)
	if err != nil {
		return err
	}
	b, err := json.Marshal(instances)
	if err != nil {
		return nil
	}
	w.Write(b)
	return nil
}
コード例 #27
0
ファイル: service_provision.go プロジェクト: pedrosnk/tsuru
// title: change service documentation
// path: /services/{name}/doc
// consume: application/x-www-form-urlencoded
// method: PUT
// responses:
//   200: Documentation updated
//   401: Unauthorized
//   403: Forbidden (team is not the owner or service with instances)
func serviceAddDoc(w http.ResponseWriter, r *http.Request, t auth.Token) error {
	serviceName := r.URL.Query().Get(":name")
	s, err := getService(serviceName)
	if err != nil {
		return err
	}
	allowed := permission.Check(t, permission.PermServiceUpdateDoc,
		append(permission.Contexts(permission.CtxTeam, s.OwnerTeams),
			permission.Context(permission.CtxService, s.Name),
		)...,
	)
	if !allowed {
		return permission.ErrUnauthorized
	}
	s.Doc = r.FormValue("doc")
	rec.Log(t.GetUserName(), "service-add-doc", serviceName, s.Doc)
	return s.Update()
}
コード例 #28
0
ファイル: app.go プロジェクト: rualatngua/tsuru
func swap(w http.ResponseWriter, r *http.Request, t auth.Token) error {
	u, err := t.User()
	if err != nil {
		return err
	}
	app1Name := r.URL.Query().Get("app1")
	app2Name := r.URL.Query().Get("app2")
	forceSwap := r.URL.Query().Get("force")
	if forceSwap == "" {
		forceSwap = "false"
	}
	locked1, err := app.AcquireApplicationLock(app1Name, t.GetUserName(), "/swap")
	if err != nil {
		return err
	}
	defer app.ReleaseApplicationLock(app1Name)
	locked2, err := app.AcquireApplicationLock(app2Name, t.GetUserName(), "/swap")
	if err != nil {
		return err
	}
	defer app.ReleaseApplicationLock(app2Name)
	app1, err := getApp(app1Name, u)
	if err != nil {
		return err
	}
	if !locked1 {
		return &errors.HTTP{Code: http.StatusConflict, Message: fmt.Sprintf("%s: %s", app1.Name, &app1.Lock)}
	}
	app2, err := getApp(app2Name, u)
	if err != nil {
		return err
	}
	if !locked2 {
		return &errors.HTTP{Code: http.StatusConflict, Message: fmt.Sprintf("%s: %s", app2.Name, &app2.Lock)}
	}
	// compare apps by platform type and number of units
	if forceSwap == "false" && ((len(app1.Units()) != len(app2.Units())) || (app1.Platform != app2.Platform)) {
		return app.ErrAppNotEqual
	}
	rec.Log(u.Email, "swap", app1Name, app2Name)
	return app.Swap(&app1, &app2)
}
コード例 #29
0
ファイル: auth.go プロジェクト: tsuru/tsuru
// title: add key
// path: /users/keys
// method: POST
// consume: application/x-www-form-urlencoded
// responses:
//   200: Ok
//   400: Invalid data
//   401: Unauthorized
//   409: Key already exists
func addKeyToUser(w http.ResponseWriter, r *http.Request, t auth.Token) (err error) {
	key := repository.Key{
		Body: r.FormValue("key"),
		Name: r.FormValue("name"),
	}
	var force bool
	if r.FormValue("force") == "true" {
		force = true
	}
	allowed := permission.Check(t, permission.PermUserUpdateKeyAdd,
		permission.Context(permission.CtxUser, t.GetUserName()),
	)
	if !allowed {
		return permission.ErrUnauthorized
	}
	evt, err := event.New(&event.Opts{
		Target:     userTarget(t.GetUserName()),
		Kind:       permission.PermUserUpdateKeyAdd,
		Owner:      t,
		CustomData: event.FormToCustomData(r.Form),
		Allowed:    event.Allowed(permission.PermUserReadEvents, permission.Context(permission.CtxUser, t.GetUserName())),
	})
	if err != nil {
		return err
	}
	defer func() { evt.Done(err) }()
	if key.Body == "" {
		return &errors.HTTP{Code: http.StatusBadRequest, Message: "Missing key content"}
	}
	u, err := t.User()
	if err != nil {
		return err
	}
	err = u.AddKey(key, force)
	if err == auth.ErrKeyDisabled || err == repository.ErrUserNotFound {
		return &errors.HTTP{Code: http.StatusBadRequest, Message: err.Error()}
	}
	if err == repository.ErrKeyAlreadyExists {
		return &errors.HTTP{Code: http.StatusConflict, Message: err.Error()}
	}
	return err
}
コード例 #30
0
ファイル: service_consumption.go プロジェクト: gwmoura/yati
func serviceInstanceRevokeTeam(w http.ResponseWriter, r *http.Request, t auth.Token) error {
	instanceName := r.URL.Query().Get(":instance")
	serviceName := r.URL.Query().Get(":service")
	serviceInstance, err := getServiceInstanceOrError(serviceName, instanceName)
	if err != nil {
		return err
	}
	permissionValue := serviceName + "/" + instanceName
	allowed := permission.Check(t, permission.PermServiceInstanceUpdateRevoke,
		append(permission.Contexts(permission.CtxTeam, serviceInstance.Teams),
			permission.Context(permission.CtxServiceInstance, permissionValue),
		)...,
	)
	if !allowed {
		return permission.ErrUnauthorized
	}
	teamName := r.URL.Query().Get(":team")
	rec.Log(t.GetUserName(), "service-revoke-team", serviceName, instanceName, teamName)
	return serviceInstance.Revoke(teamName)
}