Exemplo n.º 1
0
// Destroy removes nodes
func Destroy(request *restful.Request, response *restful.Response) {
	user, _, err := security.Credentials(request)
	if err != nil {
		beacon.HTTPInternalError(response, err)
		return
	}

	id := request.QueryParameter("id")

	if provider == "juju" {
		juju, err := NewJuju()
		if err != nil {
			beacon.HTTPInternalError(response, err)
			return
		}
		report, err := juju.Destroy(user, id)
		if err != nil {
			beacon.HTTPInternalError(response, err)
		} else {
			response.WriteEntity(report)
		}
		return
	}
	beacon.HTTPInternalError(response, err)
}
Exemplo n.º 2
0
// Deploy creates new nodes
func Deploy(request *restful.Request, response *restful.Response) {
	user, _, err := security.Credentials(request)
	if err != nil {
		beacon.HTTPInternalError(response, err)
		return
	}

	id := request.QueryParameter("id")

	if provider == "juju" {
		//TODO Deploy command on existing service triggers upgrade-charm
		//TODO For suitable charms, it could also deploy other clustered units
		juju, err := NewJuju()
		if err != nil {
			beacon.HTTPInternalError(response, err)
			return
		}
		report, err := juju.Deploy(user, id)
		if err != nil {
			beacon.HTTPInternalError(response, err)
		} else {
			response.WriteEntity(report)
		}
		return
	}
	beacon.HTTPInternalError(response, err)
}
Exemplo n.º 3
0
// EtcdControlMethod is a callback part of the request pipeline. It checks in
// etcd if the received request is allowed for the given user.
func EtcdControlMethod(request *restful.Request, response *restful.Response, chain *restful.FilterChain) {
	user, _, _ := security.Credentials(request)

	var debug bool
	if log.LogLevel() <= loggo.DEBUG {
		debug = true
	}

	controller := NewController(user, debug)

	if err := controller.Update(FormatMethod(request)); err != nil {
		HTTPInternalError(response, err)
		return
	}

	isAllowed, err := controller.CheckMethod(FormatMethod(request))
	if err != nil {
		HTTPInternalError(response, err)
		return
	} else if !isAllowed {
		HTTPAuthorizationError(response, fmt.Errorf("method disabled"))
		return
	}
	chain.ProcessFilter(request, response)
}
Exemplo n.º 4
0
// Login is an endpoint that delivers a certificate, used later for etcd
// communication permission.  It is used as a callback wen registered with a
// path at the authority server
func Login(request *restful.Request, response *restful.Response) {
	user, _, err := security.Credentials(request)
	if err != nil {
		beacon.HTTPInternalError(response, err)
		return
	}
	log.Debugf("Providing a new ssh key to", user)
	key, _ := sshKey()

	// Return the certificate
	http.ServeFile(response.ResponseWriter, request.Request, key)
}
Exemplo n.º 5
0
// BasicAuthenticate is an intermediate step that will check encoded
// credentials before processing the received request.  This function is
// explicitely used in Register() as a filter in the request pipeline.
func BasicAuthenticate(req *restful.Request, resp *restful.Response, chain *restful.FilterChain) {
	//TODO Instead of clear passwor I could stick with encoded or other crypted solution
	// Use base64 decoding to extract from http header user credentials
	username, passwd, err := security.Credentials(req)
	if err != nil {
		HTTPAuthorizationError(resp, err)
		return
	}
	log.Infof("User %s trying to connect with %s\n", username, passwd)

	debug := false
	//TODO Manage a way to plug whatever datastore you want, wherever it is
	ok, err := security.EtcdCheckCredentials(username, passwd, debug)
	if err != nil {
		HTTPInternalError(resp, err)
		return
	}
	if !ok {
		HTTPAuthorizationError(resp, fmt.Errorf("credentials refused"))
		return
	}
	log.Infof("Authentification granted, processing (%s:%s)", username, passwd)
	chain.ProcessFilter(req, resp)
}