// Destroy removes nodes func Destroy(request *restful.Request, response *restful.Response) { user, _, err := security.Credentials(request) if err != nil { beacon.HTTPInternalError(response, err) return } id := request.QueryParameter("id") if provider == "juju" { juju, err := NewJuju() if err != nil { beacon.HTTPInternalError(response, err) return } report, err := juju.Destroy(user, id) if err != nil { beacon.HTTPInternalError(response, err) } else { response.WriteEntity(report) } return } beacon.HTTPInternalError(response, err) }
// Deploy creates new nodes func Deploy(request *restful.Request, response *restful.Response) { user, _, err := security.Credentials(request) if err != nil { beacon.HTTPInternalError(response, err) return } id := request.QueryParameter("id") if provider == "juju" { //TODO Deploy command on existing service triggers upgrade-charm //TODO For suitable charms, it could also deploy other clustered units juju, err := NewJuju() if err != nil { beacon.HTTPInternalError(response, err) return } report, err := juju.Deploy(user, id) if err != nil { beacon.HTTPInternalError(response, err) } else { response.WriteEntity(report) } return } beacon.HTTPInternalError(response, err) }
// EtcdControlMethod is a callback part of the request pipeline. It checks in // etcd if the received request is allowed for the given user. func EtcdControlMethod(request *restful.Request, response *restful.Response, chain *restful.FilterChain) { user, _, _ := security.Credentials(request) var debug bool if log.LogLevel() <= loggo.DEBUG { debug = true } controller := NewController(user, debug) if err := controller.Update(FormatMethod(request)); err != nil { HTTPInternalError(response, err) return } isAllowed, err := controller.CheckMethod(FormatMethod(request)) if err != nil { HTTPInternalError(response, err) return } else if !isAllowed { HTTPAuthorizationError(response, fmt.Errorf("method disabled")) return } chain.ProcessFilter(request, response) }
// Login is an endpoint that delivers a certificate, used later for etcd // communication permission. It is used as a callback wen registered with a // path at the authority server func Login(request *restful.Request, response *restful.Response) { user, _, err := security.Credentials(request) if err != nil { beacon.HTTPInternalError(response, err) return } log.Debugf("Providing a new ssh key to", user) key, _ := sshKey() // Return the certificate http.ServeFile(response.ResponseWriter, request.Request, key) }
// BasicAuthenticate is an intermediate step that will check encoded // credentials before processing the received request. This function is // explicitely used in Register() as a filter in the request pipeline. func BasicAuthenticate(req *restful.Request, resp *restful.Response, chain *restful.FilterChain) { //TODO Instead of clear passwor I could stick with encoded or other crypted solution // Use base64 decoding to extract from http header user credentials username, passwd, err := security.Credentials(req) if err != nil { HTTPAuthorizationError(resp, err) return } log.Infof("User %s trying to connect with %s\n", username, passwd) debug := false //TODO Manage a way to plug whatever datastore you want, wherever it is ok, err := security.EtcdCheckCredentials(username, passwd, debug) if err != nil { HTTPInternalError(resp, err) return } if !ok { HTTPAuthorizationError(resp, fmt.Errorf("credentials refused")) return } log.Infof("Authentification granted, processing (%s:%s)", username, passwd) chain.ProcessFilter(req, resp) }