func formatPartials(results []map[string]interface{}, objs []indexer.Indexable, partialData map[string]interface{}) ([]map[string]interface{}, error) {
var err error
results, err = partialSearchFormat(results, partialData)
if err != nil {
return nil, err
}
for x, z := range results {
tmpRes := make(map[string]interface{})
switch ro := objs[x].(type) {
case *databag.DataBagItem:
dbiURL := fmt.Sprintf("/data/%s/%s", ro.DataBagName, ro.RawData["id"].(string))
tmpRes["url"] = util.CustomURL(dbiURL)
default:
tmpRes["url"] = util.ObjURL(objs[x].(util.GoiardiObj))
}
tmpRes["data"] = z
results[x] = tmpRes
}
return results, nil
}
func (c *Cookbook) infoHashBase(numResults interface{}, constraint string) map[string]interface{} {
cbHash := make(map[string]interface{})
cbHash["url"] = util.ObjURL(c)
nr := 0
/* Working to maintain Chef server behavior here. We need to make "all"
* give all versions of the cookbook and make no value give one version,
* but keep 0 as invalid input that gives zero results back. This might
* be an area worth breaking. */
var numVersions int
allVersions := false
if numResults != "" && numResults != "all" {
numVersions, _ = strconv.Atoi(numResults.(string))
} else if numResults == "" {
numVersions = 1
} else {
allVersions = true
}
cbHash["versions"] = make([]interface{}, 0)
var constraintVersion string
var constraintOp string
if constraint != "" {
traints := strings.Split(constraint, " ")
/* If the constraint isn't well formed like ">= 1.2.3", log the
* fact and ignore the constraint. */
if len(traints) == 2 {
constraintVersion = traints[1]
constraintOp = traints[0]
} else {
logger.Warningf("Constraint '%s' for cookbook %s was badly formed -- bailing.\n", constraint, c.Name)
return nil
}
}
VerLoop:
for _, cv := range c.sortedVersions() {
if !allVersions && nr >= numVersions {
break
}
/* Version constraint checking. */
if constraint != "" {
conAction := verConstraintCheck(cv.Version, constraintVersion, constraintOp)
switch conAction {
case "skip":
/* Skip this version, keep going. */
continue VerLoop
case "break":
/* Stop processing entirely. */
break VerLoop
/* Default action is, of course, to continue on
* like nothing happened. Later, we need to
* panic over an invalid constraint. */
}
}
cvInfo := make(map[string]string)
cvInfo["url"] = util.CustomObjURL(c, cv.Version)
cvInfo["version"] = cv.Version
cbHash["versions"] = append(cbHash["versions"].([]interface{}), cvInfo)
nr++
}
return cbHash
}
func dataHandler(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
pathArray := splitPath(r.URL.Path)
dbResponse := make(map[string]interface{})
opUser, oerr := actor.GetReqUser(r.Header.Get("X-OPS-USERID"))
if oerr != nil {
jsonErrorReport(w, r, oerr.Error(), oerr.Status())
return
}
if len(pathArray) == 1 {
/* Either a list of data bags, or a POST to create a new one */
switch r.Method {
case "GET":
if opUser.IsValidator() {
jsonErrorReport(w, r, "You are not allowed to perform this action", http.StatusForbidden)
return
}
/* The list */
dbList := databag.GetList()
for _, k := range dbList {
dbResponse[k] = util.CustomURL(fmt.Sprintf("/data/%s", k))
}
case "POST":
if !opUser.IsAdmin() {
jsonErrorReport(w, r, "You are not allowed to perform this action", http.StatusForbidden)
return
}
dbData, jerr := parseObjJSON(r.Body)
if jerr != nil {
jsonErrorReport(w, r, jerr.Error(), http.StatusBadRequest)
return
}
/* check that the name exists */
switch t := dbData["name"].(type) {
case string:
if t == "" {
jsonErrorReport(w, r, "Field 'name' missing", http.StatusBadRequest)
return
}
default:
jsonErrorReport(w, r, "Field 'name' missing", http.StatusBadRequest)
return
}
chefDbag, _ := databag.Get(dbData["name"].(string))
if chefDbag != nil {
httperr := fmt.Errorf("Data bag %s already exists.", dbData["name"].(string))
jsonErrorReport(w, r, httperr.Error(), http.StatusConflict)
return
}
chefDbag, nerr := databag.New(dbData["name"].(string))
if nerr != nil {
jsonErrorReport(w, r, nerr.Error(), nerr.Status())
return
}
serr := chefDbag.Save()
if serr != nil {
jsonErrorReport(w, r, serr.Error(), http.StatusInternalServerError)
return
}
if lerr := loginfo.LogEvent(opUser, chefDbag, "create"); lerr != nil {
jsonErrorReport(w, r, lerr.Error(), http.StatusInternalServerError)
return
}
dbResponse["uri"] = util.ObjURL(chefDbag)
w.WriteHeader(http.StatusCreated)
default:
/* The chef-pedant spec wants this response for
* some reason. Mix it up, I guess. */
w.Header().Set("Allow", "GET, POST")
jsonErrorReport(w, r, "GET, POST", http.StatusMethodNotAllowed)
return
}
} else {
dbName := pathArray[1]
/* chef-pedant is unhappy about not reporting the HTTP status
* as 404 by fetching the data bag before we see if the method
* is allowed, so do a quick check for that here. */
if (len(pathArray) == 2 && r.Method == "PUT") || (len(pathArray) == 3 && r.Method == "POST") {
var allowed string
if len(pathArray) == 2 {
allowed = "GET, POST, DELETE"
} else {
allowed = "GET, PUT, DELETE"
}
w.Header().Set("Allow", allowed)
jsonErrorReport(w, r, "Method not allowed", http.StatusMethodNotAllowed)
return
}
if opUser.IsValidator() || (!opUser.IsAdmin() && r.Method != "GET") {
jsonErrorReport(w, r, "You are not allowed to perform this action", http.StatusForbidden)
return
}
chefDbag, err := databag.Get(dbName)
if err != nil {
var errMsg string
status := err.Status()
if r.Method == "POST" {
/* Posts get a special snowflake message */
errMsg = fmt.Sprintf("No data bag '%s' could be found. Please create this data bag before adding items to it.", dbName)
} else {
if len(pathArray) == 3 {
/* This is nuts. */
if r.Method == "DELETE" {
errMsg = fmt.Sprintf("Cannot load data bag %s item %s", dbName, pathArray[2])
} else {
errMsg = fmt.Sprintf("Cannot load data bag item %s for data bag %s", pathArray[2], dbName)
}
} else {
errMsg = err.Error()
}
}
jsonErrorReport(w, r, errMsg, status)
return
}
if len(pathArray) == 2 {
/* getting list of data bag items and creating data bag
* items. */
switch r.Method {
case "GET":
for _, k := range chefDbag.ListDBItems() {
dbResponse[k] = util.CustomObjURL(chefDbag, k)
}
case "DELETE":
/* The chef API docs don't say anything
* about this existing, but it does,
* and without it you can't delete data
* bags at all. */
dbResponse["chef_type"] = "data_bag"
dbResponse["json_class"] = "Chef::DataBag"
dbResponse["name"] = chefDbag.Name
err := chefDbag.Delete()
if err != nil {
jsonErrorReport(w, r, err.Error(), http.StatusInternalServerError)
return
}
if lerr := loginfo.LogEvent(opUser, chefDbag, "delete"); lerr != nil {
jsonErrorReport(w, r, lerr.Error(), http.StatusInternalServerError)
return
}
case "POST":
rawData := databag.RawDataBagJSON(r.Body)
dbitem, nerr := chefDbag.NewDBItem(rawData)
if nerr != nil {
jsonErrorReport(w, r, nerr.Error(), nerr.Status())
return
}
if lerr := loginfo.LogEvent(opUser, dbitem, "create"); lerr != nil {
jsonErrorReport(w, r, lerr.Error(), http.StatusInternalServerError)
return
}
/* The data bag return values are all
* kinds of weird. Sometimes it sends
* just the raw data, sometimes it sends
* the whole object, sometimes a special
* snowflake version. Ugh. Have to loop
* through to avoid updating the pointer
* in the cache by just assigning
* dbitem.RawData to dbResponse. Urk.
*/
for k, v := range dbitem.RawData {
dbResponse[k] = v
}
dbResponse["data_bag"] = dbitem.DataBagName
dbResponse["chef_type"] = dbitem.ChefType
w.WriteHeader(http.StatusCreated)
default:
w.Header().Set("Allow", "GET, DELETE, POST")
jsonErrorReport(w, r, "GET, DELETE, POST", http.StatusMethodNotAllowed)
return
}
} else {
/* getting, editing, and deleting existing data bag items. */
dbItemName := pathArray[2]
if _, err := chefDbag.GetDBItem(dbItemName); err != nil {
var httperr string
if r.Method != "DELETE" {
httperr = fmt.Sprintf("Cannot load data bag item %s for data bag %s", dbItemName, chefDbag.Name)
} else {
httperr = fmt.Sprintf("Cannot load data bag %s item %s", chefDbag.Name, dbItemName)
}
jsonErrorReport(w, r, httperr, http.StatusNotFound)
return
}
switch r.Method {
case "GET":
dbi, err := chefDbag.GetDBItem(dbItemName)
if err != nil {
jsonErrorReport(w, r, err.Error(), http.StatusInternalServerError)
return
}
dbResponse = dbi.RawData
case "DELETE":
dbi, err := chefDbag.GetDBItem(dbItemName)
if err != nil {
jsonErrorReport(w, r, err.Error(), http.StatusInternalServerError)
return
}
/* Gotta short circuit this */
enc := json.NewEncoder(w)
if err := enc.Encode(&dbi); err != nil {
jsonErrorReport(w, r, err.Error(), http.StatusInternalServerError)
return
}
err = chefDbag.DeleteDBItem(dbItemName)
if err != nil {
jsonErrorReport(w, r, err.Error(), http.StatusInternalServerError)
return
}
if lerr := loginfo.LogEvent(opUser, dbi, "delete"); lerr != nil {
jsonErrorReport(w, r, lerr.Error(), http.StatusInternalServerError)
return
}
return
case "PUT":
rawData := databag.RawDataBagJSON(r.Body)
if rawID, ok := rawData["id"]; ok {
switch rawID := rawID.(type) {
case string:
if rawID != dbItemName {
jsonErrorReport(w, r, "DataBagItem name mismatch.", http.StatusBadRequest)
return
}
default:
jsonErrorReport(w, r, "Bad request", http.StatusBadRequest)
return
}
}
dbitem, err := chefDbag.UpdateDBItem(dbItemName, rawData)
if err != nil {
jsonErrorReport(w, r, err.Error(), http.StatusInternalServerError)
return
}
if lerr := loginfo.LogEvent(opUser, dbitem, "modify"); lerr != nil {
jsonErrorReport(w, r, lerr.Error(), http.StatusInternalServerError)
return
}
/* Another weird data bag item response
* which isn't at all unusual. */
for k, v := range dbitem.RawData {
dbResponse[k] = v
}
dbResponse["data_bag"] = dbitem.DataBagName
dbResponse["chef_type"] = dbitem.ChefType
dbResponse["id"] = dbItemName
default:
w.Header().Set("Allow", "GET, DELETE, PUT")
jsonErrorReport(w, r, "GET, DELETE, PUT", http.StatusMethodNotAllowed)
return
}
}
}
enc := json.NewEncoder(w)
if err := enc.Encode(&dbResponse); err != nil {
jsonErrorReport(w, r, err.Error(), http.StatusInternalServerError)
}
}
func sandboxHandler(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
pathArray := splitPath(r.URL.Path)
sboxResponse := make(map[string]interface{})
opUser, oerr := actor.GetReqUser(r.Header.Get("X-OPS-USERID"))
if oerr != nil {
jsonErrorReport(w, r, oerr.Error(), oerr.Status())
return
}
switch r.Method {
case "POST":
if len(pathArray) != 1 {
jsonErrorReport(w, r, "Bad request.", http.StatusMethodNotAllowed)
return
}
if !opUser.IsAdmin() {
jsonErrorReport(w, r, "You are not allowed to take this action.", http.StatusForbidden)
return
}
jsonReq, jerr := parseObjJSON(r.Body)
if jerr != nil {
jsonErrorReport(w, r, jerr.Error(), http.StatusBadRequest)
return
}
sboxHash, ok := jsonReq["checksums"].(map[string]interface{})
if !ok {
jsonErrorReport(w, r, "Field 'checksums' missing", http.StatusBadRequest)
return
} else if len(sboxHash) == 0 {
jsonErrorReport(w, r, "Bad checksums!", http.StatusBadRequest)
return
} else {
for _, j := range sboxHash {
if j != nil {
jsonErrorReport(w, r, "Bad checksums!", http.StatusBadRequest)
return
}
}
}
sbox, err := sandbox.New(sboxHash)
if err != nil {
jsonErrorReport(w, r, err.Error(), http.StatusBadRequest)
return
}
err = sbox.Save()
if err != nil {
jsonErrorReport(w, r, err.Error(), http.StatusInternalServerError)
return
}
/* If we're here, make the slightly weird response. */
sboxResponse["uri"] = util.ObjURL(sbox)
sboxResponse["sandbox_id"] = sbox.ID
sboxResponse["checksums"] = sbox.UploadChkList()
w.WriteHeader(http.StatusCreated)
case "PUT":
if len(pathArray) != 2 {
jsonErrorReport(w, r, "Bad request.", http.StatusMethodNotAllowed)
return
}
if !opUser.IsAdmin() {
jsonErrorReport(w, r, "You are not allowed to take this action.", http.StatusForbidden)
return
}
sandboxID := pathArray[1]
jsonReq, jerr := parseObjJSON(r.Body)
if jerr != nil {
jsonErrorReport(w, r, jerr.Error(), http.StatusBadRequest)
return
}
sboxCommit, ok := jsonReq["is_completed"].(bool)
if !ok {
jsonErrorReport(w, r, "Bad request", http.StatusBadRequest)
return
}
sbox, err := sandbox.Get(sandboxID)
if err != nil {
jsonErrorReport(w, r, err.Error(), http.StatusNotFound)
return
}
if err = sbox.IsComplete(); err == nil {
sbox.Completed = sboxCommit
err = sbox.Save()
if err != nil {
jsonErrorReport(w, r, err.Error(), http.StatusInternalServerError)
return
}
} else {
jsonErrorReport(w, r, err.Error(), http.StatusServiceUnavailable)
return
}
/* The response here is a bit confusing too. The
* documented behavior doesn't match with the observed
* behavior from chef-zero, and it's not real clear what
* it wants from the checksums array. Still, we need to
* give it what it wants. Ask about this later. */
sboxResponse["guid"] = sbox.ID
sboxResponse["name"] = sbox.ID
sboxResponse["is_completed"] = sbox.Completed
sboxResponse["create_time"] = sbox.CreationTime.UTC().Format("2006-01-02T15:04:05+00:00")
sboxResponse["checksums"] = sbox.Checksums
default:
jsonErrorReport(w, r, "Unrecognized method!", http.StatusMethodNotAllowed)
return
}
enc := json.NewEncoder(w)
if err := enc.Encode(&sboxResponse); err != nil {
jsonErrorReport(w, r, err.Error(), http.StatusInternalServerError)
}
}
func searchHandler(w http.ResponseWriter, r *http.Request) {
/* ... and we need search to run the environment tests, so here we
* go. */
w.Header().Set("Content-Type", "application/json")
searchResponse := make(map[string]interface{})
pathArray := splitPath(r.URL.Path)
pathArrayLen := len(pathArray)
opUser, oerr := actor.GetReqUser(r.Header.Get("X-OPS-USERID"))
if oerr != nil {
jsonErrorReport(w, r, oerr.Error(), oerr.Status())
return
}
/* set up query params for searching */
var (
paramQuery string
paramsRows int
sortOrder string
start int
)
r.ParseForm()
if q, found := r.Form["q"]; found {
if len(q) < 0 {
jsonErrorReport(w, r, "No query string specified for search", http.StatusBadRequest)
return
}
paramQuery = q[0]
} else if pathArrayLen != 1 {
/* default to "*:*" for a search term */
paramQuery = "*:*"
}
if pr, found := r.Form["rows"]; found {
if len(pr) > 0 {
paramsRows, _ = strconv.Atoi(pr[0])
}
} else {
paramsRows = 1000
}
// TODO: get a default sort in, once sorting is sorted out.
if s, found := r.Form["sort"]; found {
if len(s) > 0 {
sortOrder = s[0]
} else {
sortOrder = "id ASC"
}
}
_ = sortOrder
if st, found := r.Form["start"]; found {
if len(st) > 0 {
start, _ = strconv.Atoi(st[0])
}
} else {
start = 0
}
if pathArrayLen == 1 {
/* base end points */
switch r.Method {
case "GET":
if opUser.IsValidator() {
jsonErrorReport(w, r, "You are not allowed to perform this action", http.StatusForbidden)
return
}
searchEndpoints := search.GetEndpoints()
for _, s := range searchEndpoints {
searchResponse[s] = util.CustomURL(fmt.Sprintf("/search/%s", s))
}
default:
jsonErrorReport(w, r, "Method not allowed", http.StatusMethodNotAllowed)
return
}
} else if pathArrayLen == 2 {
switch r.Method {
case "GET", "POST":
if opUser.IsValidator() {
jsonErrorReport(w, r, "You are not allowed to perform this action", http.StatusForbidden)
return
}
/* start figuring out what comes in POSTS now,
* so the partial search tests don't complain
* anymore. */
var partialData map[string]interface{}
if r.Method == "POST" {
var perr error
partialData, perr = parseObjJSON(r.Body)
if perr != nil {
jsonErrorReport(w, r, perr.Error(), http.StatusBadRequest)
return
}
}
idx := pathArray[1]
rObjs, err := search.Search(idx, paramQuery)
if err != nil {
statusCode := http.StatusBadRequest
re := regexp.MustCompile(`^I don't know how to search for .*? data objects.`)
if re.MatchString(err.Error()) {
statusCode = http.StatusNotFound
}
jsonErrorReport(w, r, err.Error(), statusCode)
return
}
res := make([]map[string]interface{}, len(rObjs))
for i, r := range rObjs {
switch r := r.(type) {
case *client.Client:
jc := map[string]interface{}{
"name": r.Name,
"chef_type": r.ChefType,
"json_class": r.JSONClass,
"admin": r.Admin,
"public_key": r.PublicKey(),
"validator": r.Validator,
}
res[i] = jc
default:
res[i] = util.MapifyObject(r)
}
}
/* If we're doing partial search, tease out the
* fields we want. */
if r.Method == "POST" {
res, err = partialSearchFormat(res, partialData)
if err != nil {
jsonErrorReport(w, r, err.Error(), http.StatusBadRequest)
return
}
for x, z := range res {
tmpRes := make(map[string]interface{})
switch ro := rObjs[x].(type) {
case *databag.DataBagItem:
dbiURL := fmt.Sprintf("/data/%s/%s", ro.DataBagName, ro.RawData["id"].(string))
tmpRes["url"] = util.CustomURL(dbiURL)
default:
tmpRes["url"] = util.ObjURL(rObjs[x].(util.GoiardiObj))
}
tmpRes["data"] = z
res[x] = tmpRes
}
}
end := start + paramsRows
if end > len(res) {
end = len(res)
}
res = res[start:end]
searchResponse["total"] = len(res)
searchResponse["start"] = start
searchResponse["rows"] = res
default:
jsonErrorReport(w, r, "Method not allowed", http.StatusMethodNotAllowed)
return
}
} else {
/* Say what? Bad request. */
jsonErrorReport(w, r, "Bad request", http.StatusBadRequest)
return
}
enc := json.NewEncoder(w)
if err := enc.Encode(&searchResponse); err != nil {
jsonErrorReport(w, r, err.Error(), http.StatusInternalServerError)
}
}
func environmentHandler(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/json")
accErr := checkAccept(w, r, "application/json")
if accErr != nil {
jsonErrorReport(w, r, accErr.Error(), http.StatusNotAcceptable)
return
}
opUser, oerr := actor.GetReqUser(r.Header.Get("X-OPS-USERID"))
if oerr != nil {
jsonErrorReport(w, r, oerr.Error(), oerr.Status())
return
}
pathArray := splitPath(r.URL.Path)
envResponse := make(map[string]interface{})
var numResults string
r.ParseForm()
if nrs, found := r.Form["num_versions"]; found {
if len(nrs) < 0 {
jsonErrorReport(w, r, "invalid num_versions", http.StatusBadRequest)
return
}
numResults = nrs[0]
err := util.ValidateNumVersions(numResults)
if err != nil {
jsonErrorReport(w, r, "You have requested an invalid number of versions (x >= 0 || 'all')", err.Status())
return
}
}
pathArrayLen := len(pathArray)
if pathArrayLen == 1 {
switch r.Method {
case "GET":
if opUser.IsValidator() {
jsonErrorReport(w, r, "You are not allowed to perform this action", http.StatusForbidden)
return
}
envList := environment.GetList()
for _, env := range envList {
envResponse[env] = util.CustomURL(fmt.Sprintf("/environments/%s", env))
}
case "POST":
if !opUser.IsAdmin() {
jsonErrorReport(w, r, "You are not allowed to perform this action", http.StatusForbidden)
return
}
envData, jerr := parseObjJSON(r.Body)
if jerr != nil {
jsonErrorReport(w, r, jerr.Error(), http.StatusBadRequest)
return
}
if _, ok := envData["name"].(string); !ok || envData["name"].(string) == "" {
jsonErrorReport(w, r, "Environment name missing", http.StatusBadRequest)
return
}
chefEnv, _ := environment.Get(envData["name"].(string))
if chefEnv != nil {
httperr := fmt.Errorf("Environment already exists")
jsonErrorReport(w, r, httperr.Error(), http.StatusConflict)
return
}
var eerr util.Gerror
chefEnv, eerr = environment.NewFromJSON(envData)
if eerr != nil {
jsonErrorReport(w, r, eerr.Error(), eerr.Status())
return
}
if err := chefEnv.Save(); err != nil {
jsonErrorReport(w, r, err.Error(), http.StatusBadRequest)
return
}
if lerr := loginfo.LogEvent(opUser, chefEnv, "create"); lerr != nil {
jsonErrorReport(w, r, lerr.Error(), http.StatusInternalServerError)
return
}
envResponse["uri"] = util.ObjURL(chefEnv)
w.WriteHeader(http.StatusCreated)
default:
jsonErrorReport(w, r, "Unrecognized method", http.StatusMethodNotAllowed)
return
}
} else if pathArrayLen == 2 {
/* All of the 2 element operations return the environment
* object, so we do the json encoding in this block and return
* out. */
envName := pathArray[1]
env, err := environment.Get(envName)
delEnv := false /* Set this to delete the environment after
* sending the json. */
if err != nil {
jsonErrorReport(w, r, err.Error(), http.StatusNotFound)
return
}
switch r.Method {
case "GET", "DELETE":
/* We don't actually have to do much here. */
if r.Method == "DELETE" {
if !opUser.IsAdmin() {
jsonErrorReport(w, r, "You are not allowed to perform this action", http.StatusForbidden)
return
}
if envName == "_default" {
jsonErrorReport(w, r, "The '_default' environment cannot be modified.", http.StatusMethodNotAllowed)
return
}
delEnv = true
} else {
if opUser.IsValidator() {
jsonErrorReport(w, r, "You are not allowed to perform this action", http.StatusForbidden)
return
}
}
case "PUT":
if !opUser.IsAdmin() {
jsonErrorReport(w, r, "You are not allowed to perform this action", http.StatusForbidden)
return
}
envData, jerr := parseObjJSON(r.Body)
if jerr != nil {
jsonErrorReport(w, r, jerr.Error(), http.StatusBadRequest)
return
}
if envData == nil {
jsonErrorReport(w, r, "No environment data in body at all!", http.StatusBadRequest)
return
}
if _, ok := envData["name"]; !ok {
//envData["name"] = envName
jsonErrorReport(w, r, "Environment name missing", http.StatusBadRequest)
return
}
jsonName, sterr := util.ValidateAsString(envData["name"])
if sterr != nil {
jsonErrorReport(w, r, sterr.Error(), sterr.Status())
return
} else if jsonName == "" {
jsonErrorReport(w, r, "Environment name missing", http.StatusBadRequest)
return
}
if envName != envData["name"].(string) {
env, err = environment.Get(envData["name"].(string))
if err == nil {
jsonErrorReport(w, r, "Environment already exists", http.StatusConflict)
return
}
var eerr util.Gerror
env, eerr = environment.NewFromJSON(envData)
if eerr != nil {
jsonErrorReport(w, r, eerr.Error(), eerr.Status())
return
}
w.WriteHeader(http.StatusCreated)
oldenv, olderr := environment.Get(envName)
if olderr == nil {
oldenv.Delete()
}
} else {
if jsonName == "" {
envData["name"] = envName
}
if err := env.UpdateFromJSON(envData); err != nil {
jsonErrorReport(w, r, err.Error(), err.Status())
return
}
}
if err := env.Save(); err != nil {
jsonErrorReport(w, r, err.Error(), err.Status())
return
}
if lerr := loginfo.LogEvent(opUser, env, "modify"); lerr != nil {
jsonErrorReport(w, r, lerr.Error(), http.StatusInternalServerError)
return
}
default:
jsonErrorReport(w, r, "Unrecognized method", http.StatusMethodNotAllowed)
return
}
enc := json.NewEncoder(w)
if err := enc.Encode(&env); err != nil {
jsonErrorReport(w, r, err.Error(), http.StatusInternalServerError)
return
}
if delEnv {
err := env.Delete()
if err != nil {
jsonErrorReport(w, r, err.Error(), http.StatusInternalServerError)
return
}
if lerr := loginfo.LogEvent(opUser, env, "delete"); lerr != nil {
jsonErrorReport(w, r, lerr.Error(), http.StatusInternalServerError)
return
}
}
return
} else if pathArrayLen == 3 {
envName := pathArray[1]
op := pathArray[2]
if op == "cookbook_versions" && r.Method != "POST" || op != "cookbook_versions" && r.Method != "GET" {
jsonErrorReport(w, r, "Unrecognized method", http.StatusMethodNotAllowed)
return
}
if opUser.IsValidator() {
jsonErrorReport(w, r, "You are not allowed to perform this action", http.StatusForbidden)
return
}
env, err := environment.Get(envName)
if err != nil {
jsonErrorReport(w, r, err.Error(), http.StatusNotFound)
return
}
switch op {
case "cookbook_versions":
/* Chef Server API docs aren't even remotely
* right here. What it actually wants is the
* usual hash of info for the latest or
* constrained version. Weird. */
cbVer, jerr := parseObjJSON(r.Body)
if jerr != nil {
errmsg := jerr.Error()
if !strings.Contains(errmsg, "Field") {
errmsg = "invalid JSON"
} else {
errmsg = jerr.Error()
}
jsonErrorReport(w, r, errmsg, http.StatusBadRequest)
return
}
if _, ok := cbVer["run_list"]; !ok {
jsonErrorReport(w, r, "POSTed JSON badly formed.", http.StatusMethodNotAllowed)
return
}
deps, err := cookbook.DependsCookbooks(cbVer["run_list"].([]string), env.CookbookVersions)
if err != nil {
jsonErrorReport(w, r, err.Error(), http.StatusPreconditionFailed)
return
}
/* Need our own encoding here too. */
enc := json.NewEncoder(w)
if err := enc.Encode(&deps); err != nil {
jsonErrorReport(w, r, err.Error(), http.StatusInternalServerError)
}
return
case "cookbooks":
envResponse = env.AllCookbookHash(numResults)
case "nodes":
nodeList, err := node.GetFromEnv(envName)
if err != nil {
jsonErrorReport(w, r, err.Error(), http.StatusInternalServerError)
return
}
for _, chefNode := range nodeList {
envResponse[chefNode.Name] = util.ObjURL(chefNode)
}
case "recipes":
envRecipes := env.RecipeList()
/* And... we have to do our own json response
* here. Hmph. */
/* TODO: make the JSON encoding stuff its own
* function. Dunno why I never thought of that
* before now for this. */
enc := json.NewEncoder(w)
if err := enc.Encode(&envRecipes); err != nil {
jsonErrorReport(w, r, err.Error(), http.StatusInternalServerError)
}
return
default:
jsonErrorReport(w, r, "Bad request", http.StatusBadRequest)
return
}
} else if pathArrayLen == 4 {
envName := pathArray[1]
/* op is either "cookbooks" or "roles", and opName is the name
* of the object op refers to. */
op := pathArray[2]
opName := pathArray[3]
if r.Method != "GET" {
jsonErrorReport(w, r, "Method not allowed", http.StatusMethodNotAllowed)
return
}
if opUser.IsValidator() {
jsonErrorReport(w, r, "You are not allowed to perform this action", http.StatusForbidden)
return
}
env, err := environment.Get(envName)
if err != nil {
jsonErrorReport(w, r, err.Error(), http.StatusNotFound)
return
}
/* Biting the bullet and not redirecting this to
* /roles/NAME/environments/NAME. The behavior is exactly the
* same, but it makes clients and chef-pedant somewhat unhappy
* to not have this way available. */
if op == "roles" {
role, err := role.Get(opName)
if err != nil {
jsonErrorReport(w, r, err.Error(), http.StatusNotFound)
return
}
var runList []string
if envName == "_default" {
runList = role.RunList
} else {
runList = role.EnvRunLists[envName]
}
envResponse["run_list"] = runList
} else if op == "cookbooks" {
cb, err := cookbook.Get(opName)
if err != nil {
jsonErrorReport(w, r, err.Error(), http.StatusNotFound)
return
}
/* Here and, I think, here only, if num_versions isn't
* set it's supposed to return ALL matching versions.
* API docs are wrong here. */
if numResults == "" {
numResults = "all"
}
envResponse[opName] = cb.ConstrainedInfoHash(numResults, env.CookbookVersions[opName])
} else {
/* Not an op we know. */
jsonErrorReport(w, r, "Bad request - too many elements in path", http.StatusBadRequest)
return
}
} else {
/* Bad number of path elements. */
jsonErrorReport(w, r, "Bad request - too many elements in path", http.StatusBadRequest)
return
}
enc := json.NewEncoder(w)
if err := enc.Encode(&envResponse); err != nil {
jsonErrorReport(w, r, err.Error(), http.StatusInternalServerError)
}
}
func nodeHandling(w http.ResponseWriter, r *http.Request) map[string]string {
/* We're dealing with nodes, then. */
nodeResponse := make(map[string]string)
opUser, oerr := actor.GetReqUser(r.Header.Get("X-OPS-USERID"))
if oerr != nil {
jsonErrorReport(w, r, oerr.Error(), oerr.Status())
return nil
}
switch r.Method {
case "GET":
if opUser.IsValidator() {
jsonErrorReport(w, r, "You are not allowed to take this action.", http.StatusForbidden)
return nil
}
nodeList := node.GetList()
for _, k := range nodeList {
itemURL := fmt.Sprintf("/nodes/%s", k)
nodeResponse[k] = util.CustomURL(itemURL)
}
case "POST":
if opUser.IsValidator() {
jsonErrorReport(w, r, "You are not allowed to take this action.", http.StatusForbidden)
return nil
}
nodeData, jerr := parseObjJSON(r.Body)
if jerr != nil {
jsonErrorReport(w, r, jerr.Error(), http.StatusBadRequest)
return nil
}
nodeName, sterr := util.ValidateAsString(nodeData["name"])
if sterr != nil {
jsonErrorReport(w, r, sterr.Error(), http.StatusBadRequest)
return nil
}
chefNode, _ := node.Get(nodeName)
if chefNode != nil {
httperr := fmt.Errorf("Node already exists")
jsonErrorReport(w, r, httperr.Error(), http.StatusConflict)
return nil
}
var nerr util.Gerror
chefNode, nerr = node.NewFromJSON(nodeData)
if nerr != nil {
jsonErrorReport(w, r, nerr.Error(), nerr.Status())
return nil
}
err := chefNode.Save()
if err != nil {
jsonErrorReport(w, r, err.Error(), http.StatusInternalServerError)
return nil
}
if lerr := loginfo.LogEvent(opUser, chefNode, "create"); lerr != nil {
jsonErrorReport(w, r, lerr.Error(), http.StatusInternalServerError)
return nil
}
nodeResponse["uri"] = util.ObjURL(chefNode)
w.WriteHeader(http.StatusCreated)
default:
jsonErrorReport(w, r, "Method not allowed for nodes", http.StatusMethodNotAllowed)
return nil
}
return nodeResponse
}
func roleHandling(w http.ResponseWriter, r *http.Request) map[string]string {
roleResponse := make(map[string]string)
opUser, oerr := actor.GetReqUser(r.Header.Get("X-OPS-USERID"))
if oerr != nil {
jsonErrorReport(w, r, oerr.Error(), oerr.Status())
return nil
}
switch r.Method {
case "GET":
if opUser.IsValidator() {
jsonErrorReport(w, r, "You are not allowed to take this action.", http.StatusForbidden)
return nil
}
roleList := role.GetList()
for _, k := range roleList {
itemURL := fmt.Sprintf("/roles/%s", k)
roleResponse[k] = util.CustomURL(itemURL)
}
case "POST":
if !opUser.IsAdmin() {
jsonErrorReport(w, r, "You are not allowed to take this action.", http.StatusForbidden)
return nil
}
roleData, jerr := parseObjJSON(r.Body)
if jerr != nil {
jsonErrorReport(w, r, jerr.Error(), http.StatusBadRequest)
return nil
}
if _, ok := roleData["name"].(string); !ok {
jsonErrorReport(w, r, "Role name missing", http.StatusBadRequest)
return nil
}
chefRole, _ := role.Get(roleData["name"].(string))
if chefRole != nil {
httperr := fmt.Errorf("Role already exists")
jsonErrorReport(w, r, httperr.Error(), http.StatusConflict)
return nil
}
var nerr util.Gerror
chefRole, nerr = role.NewFromJSON(roleData)
if nerr != nil {
jsonErrorReport(w, r, nerr.Error(), nerr.Status())
return nil
}
err := chefRole.Save()
if err != nil {
jsonErrorReport(w, r, err.Error(), http.StatusInternalServerError)
return nil
}
if lerr := loginfo.LogEvent(opUser, chefRole, "create"); lerr != nil {
jsonErrorReport(w, r, lerr.Error(), http.StatusInternalServerError)
return nil
}
roleResponse["uri"] = util.ObjURL(chefRole)
w.WriteHeader(http.StatusCreated)
default:
jsonErrorReport(w, r, "Method not allowed for roles", http.StatusMethodNotAllowed)
return nil
}
return roleResponse
}
// user handling
func userHandling(w http.ResponseWriter, r *http.Request) map[string]string {
userResponse := make(map[string]string)
opUser, oerr := actor.GetReqUser(r.Header.Get("X-OPS-USERID"))
if oerr != nil {
jsonErrorReport(w, r, oerr.Error(), oerr.Status())
return nil
}
switch r.Method {
case "GET":
userList := user.GetList()
for _, k := range userList {
/* Make sure it's a client and not a user. */
itemURL := fmt.Sprintf("/users/%s", k)
userResponse[k] = util.CustomURL(itemURL)
}
case "POST":
userData, jerr := parseObjJSON(r.Body)
if jerr != nil {
jsonErrorReport(w, r, jerr.Error(), http.StatusBadRequest)
return nil
}
if averr := util.CheckAdminPlusValidator(userData); averr != nil {
jsonErrorReport(w, r, averr.Error(), averr.Status())
return nil
}
if !opUser.IsAdmin() && !opUser.IsValidator() {
jsonErrorReport(w, r, "You are not allowed to take this action.", http.StatusForbidden)
return nil
} else if !opUser.IsAdmin() && opUser.IsValidator() {
if aerr := opUser.CheckPermEdit(userData, "admin"); aerr != nil {
jsonErrorReport(w, r, aerr.Error(), aerr.Status())
return nil
}
if verr := opUser.CheckPermEdit(userData, "validator"); verr != nil {
jsonErrorReport(w, r, verr.Error(), verr.Status())
return nil
}
}
userName, sterr := util.ValidateAsString(userData["name"])
if sterr != nil || userName == "" {
err := fmt.Errorf("Field 'name' missing")
jsonErrorReport(w, r, err.Error(), http.StatusBadRequest)
return nil
}
chefUser, err := user.NewFromJSON(userData)
if err != nil {
jsonErrorReport(w, r, err.Error(), err.Status())
return nil
}
if publicKey, pkok := userData["public_key"]; !pkok {
var perr error
if userResponse["private_key"], perr = chefUser.GenerateKeys(); perr != nil {
jsonErrorReport(w, r, perr.Error(), http.StatusInternalServerError)
return nil
}
} else {
switch publicKey := publicKey.(type) {
case string:
if pkok, pkerr := user.ValidatePublicKey(publicKey); !pkok {
jsonErrorReport(w, r, pkerr.Error(), pkerr.Status())
return nil
}
chefUser.SetPublicKey(publicKey)
case nil:
var perr error
if userResponse["private_key"], perr = chefUser.GenerateKeys(); perr != nil {
jsonErrorReport(w, r, perr.Error(), http.StatusInternalServerError)
return nil
}
default:
jsonErrorReport(w, r, "Bad public key", http.StatusBadRequest)
return nil
}
}
/* If we make it here, we want the public key in the
* response. I think. */
userResponse["public_key"] = chefUser.PublicKey()
chefUser.Save()
if lerr := loginfo.LogEvent(opUser, chefUser, "create"); lerr != nil {
jsonErrorReport(w, r, lerr.Error(), http.StatusInternalServerError)
return nil
}
userResponse["uri"] = util.ObjURL(chefUser)
w.WriteHeader(http.StatusCreated)
default:
jsonErrorReport(w, r, "Method not allowed for clients or users", http.StatusMethodNotAllowed)
return nil
}
return userResponse
}