From 10c9ecf93da22401f0d9a0d908acdb8f0caeab6f Mon Sep 17 00:00:00 2001 From: John-Lin Date: Fri, 12 Oct 2018 16:18:09 +0800 Subject: [PATCH 1/6] refactoring --- src/server/route.go | 275 +++++++++++++++++++++++++++++++------------- 1 file changed, 198 insertions(+), 77 deletions(-) diff --git a/src/server/route.go b/src/server/route.go index bc14d99d..01444d5d 100644 --- a/src/server/route.go +++ b/src/server/route.go @@ -40,165 +40,282 @@ func (a *App) AppRoute() *mux.Router { func newVersionService(sp *serviceprovider.Container) *restful.WebService { webService := new(restful.WebService) - webService.Path("/v1/version").Consumes(restful.MIME_JSON, restful.MIME_JSON).Produces(restful.MIME_JSON, restful.MIME_JSON) - webService.Route(webService.GET("/").To(handler.RESTfulServiceHandler(sp, versionHandler))) + webService.Path("/v1/version"). + Consumes(restful.MIME_JSON, restful.MIME_JSON). + Produces(restful.MIME_JSON, restful.MIME_JSON) + webService.Route(webService.GET("/"). + To(handler.RESTfulServiceHandler(sp, versionHandler))) return webService } func newRegistryService(sp *serviceprovider.Container) *restful.WebService { webService := new(restful.WebService) - webService.Path("/v1/registry").Consumes(restful.MIME_JSON, restful.MIME_JSON).Produces(restful.MIME_JSON, restful.MIME_JSON) - webService.Route(webService.POST("/auth").To(handler.RESTfulServiceHandler(sp, registryBasicAuthHandler))) + webService.Path("/v1/registry"). + Consumes(restful.MIME_JSON, restful.MIME_JSON). + Produces(restful.MIME_JSON, restful.MIME_JSON) + webService.Route(webService.POST("/auth"). + To(handler.RESTfulServiceHandler(sp, registryBasicAuthHandler))) return webService } func newUserService(sp *serviceprovider.Container) *restful.WebService { webService := new(restful.WebService) - webService.Path("/v1/users").Consumes(restful.MIME_JSON, restful.MIME_JSON).Produces(restful.MIME_JSON, restful.MIME_JSON) + webService.Path("/v1/users"). + Consumes(restful.MIME_JSON, restful.MIME_JSON). + Produces(restful.MIME_JSON, restful.MIME_JSON) // Authenticate handlers Sign Up / Sign In - webService.Route(webService.POST("/signup").To(handler.RESTfulServiceHandler(sp, signUpUserHandler))) - webService.Route(webService.POST("/signin").To(handler.RESTfulServiceHandler(sp, signInUserHandler))) + webService.Route(webService.POST("/signup"). + To(handler.RESTfulServiceHandler(sp, signUpUserHandler))) + webService.Route(webService.POST("/signin"). + To(handler.RESTfulServiceHandler(sp, signInUserHandler))) // TODO only root role can access - webService.Route(webService.GET("/").To(handler.RESTfulServiceHandler(sp, listUserHandler))) - webService.Route(webService.POST("/").To(handler.RESTfulServiceHandler(sp, createUserHandler))) - webService.Route(webService.DELETE("/{id}").To(handler.RESTfulServiceHandler(sp, deleteUserHandler))) + webService.Route(webService.GET("/"). + To(handler.RESTfulServiceHandler(sp, listUserHandler))) + webService.Route(webService.POST("/"). + To(handler.RESTfulServiceHandler(sp, createUserHandler))) + webService.Route(webService.DELETE("/{id}"). + To(handler.RESTfulServiceHandler(sp, deleteUserHandler))) // user role can access - webService.Route(webService.GET("/{id}").Filter(validateTokenMiddleware).To(handler.RESTfulServiceHandler(sp, getUserHandler))) - webService.Route(webService.GET("/verify/auth").Filter(validateTokenMiddleware).To(handler.RESTfulServiceHandler(sp, verifyTokenHandler))) - webService.Route(webService.PUT("/password").Filter(validateTokenMiddleware).To(handler.RESTfulServiceHandler(sp, patchPasswordHandler))) + webService.Route(webService.GET("/{id}"). + Filter(validateTokenMiddleware). + To(handler.RESTfulServiceHandler(sp, getUserHandler))) + webService.Route(webService.GET("/verify/auth"). + Filter(validateTokenMiddleware). + To(handler.RESTfulServiceHandler(sp, verifyTokenHandler))) + webService.Route(webService.PUT("/password"). + Filter(validateTokenMiddleware). + To(handler.RESTfulServiceHandler(sp, patchPasswordHandler))) return webService } func newNetworkService(sp *serviceprovider.Container) *restful.WebService { webService := new(restful.WebService) - webService.Path("/v1/networks").Consumes(restful.MIME_JSON, restful.MIME_JSON).Produces(restful.MIME_JSON, restful.MIME_JSON) + webService.Path("/v1/networks"). + Consumes(restful.MIME_JSON, restful.MIME_JSON). + Produces(restful.MIME_JSON, restful.MIME_JSON) + webService.Filter(validateTokenMiddleware) - webService.Route(webService.GET("/").To(handler.RESTfulServiceHandler(sp, listNetworkHandler))) - webService.Route(webService.GET("/{id}").To(handler.RESTfulServiceHandler(sp, getNetworkHandler))) - webService.Route(webService.GET("/status/{id}").To(handler.RESTfulServiceHandler(sp, getNetworkStatusHandler))) - webService.Route(webService.POST("/").To(handler.RESTfulServiceHandler(sp, createNetworkHandler))) - webService.Route(webService.DELETE("/{id}").To(handler.RESTfulServiceHandler(sp, deleteNetworkHandler))) - webService.Route(webService.GET("/{node}/shell").To(handler.RESTfulServiceHandler(sp, getOVSShellInfoHandler))) + + webService.Route(webService.GET("/"). + To(handler.RESTfulServiceHandler(sp, listNetworkHandler))) + webService.Route(webService.GET("/{id}"). + To(handler.RESTfulServiceHandler(sp, getNetworkHandler))) + webService.Route(webService.GET("/status/{id}"). + To(handler.RESTfulServiceHandler(sp, getNetworkStatusHandler))) + webService.Route(webService.POST("/"). + To(handler.RESTfulServiceHandler(sp, createNetworkHandler))) + webService.Route(webService.DELETE("/{id}"). + To(handler.RESTfulServiceHandler(sp, deleteNetworkHandler))) + webService.Route(webService.GET("/{node}/shell"). + To(handler.RESTfulServiceHandler(sp, getOVSShellInfoHandler))) return webService } func newStorageService(sp *serviceprovider.Container) *restful.WebService { webService := new(restful.WebService) - webService.Path("/v1/storage").Consumes(restful.MIME_JSON, restful.MIME_JSON).Produces(restful.MIME_JSON, restful.MIME_JSON) + webService.Path("/v1/storage"). + Consumes(restful.MIME_JSON, restful.MIME_JSON). + Produces(restful.MIME_JSON, restful.MIME_JSON) + webService.Filter(validateTokenMiddleware) - webService.Route(webService.POST("/").To(handler.RESTfulServiceHandler(sp, createStorage))) - webService.Route(webService.GET("/").To(handler.RESTfulServiceHandler(sp, listStorage))) - webService.Route(webService.DELETE("/{id}").To(handler.RESTfulServiceHandler(sp, deleteStorage))) + + webService.Route(webService.POST("/"). + To(handler.RESTfulServiceHandler(sp, createStorage))) + webService.Route(webService.GET("/"). + To(handler.RESTfulServiceHandler(sp, listStorage))) + webService.Route(webService.DELETE("/{id}"). + To(handler.RESTfulServiceHandler(sp, deleteStorage))) return webService } func newVolumeService(sp *serviceprovider.Container) *restful.WebService { webService := new(restful.WebService) - webService.Path("/v1/volume").Consumes(restful.MIME_JSON, restful.MIME_JSON).Produces(restful.MIME_JSON, restful.MIME_JSON) + + webService.Path("/v1/volume"). + Consumes(restful.MIME_JSON, restful.MIME_JSON). + Produces(restful.MIME_JSON, restful.MIME_JSON) + webService.Filter(validateTokenMiddleware) - webService.Route(webService.POST("/").To(handler.RESTfulServiceHandler(sp, createVolumeHandler))) - webService.Route(webService.DELETE("/{id}").To(handler.RESTfulServiceHandler(sp, deleteVolumeHandler))) - webService.Route(webService.GET("/").To(handler.RESTfulServiceHandler(sp, listVolumeHandler))) + + webService.Route(webService.POST("/"). + To(handler.RESTfulServiceHandler(sp, createVolumeHandler))) + webService.Route(webService.DELETE("/{id}"). + To(handler.RESTfulServiceHandler(sp, deleteVolumeHandler))) + webService.Route(webService.GET("/"). + To(handler.RESTfulServiceHandler(sp, listVolumeHandler))) return webService } func newContainerService(sp *serviceprovider.Container) *restful.WebService { webService := new(restful.WebService) - webService.Path("/v1/containers").Consumes(restful.MIME_JSON, restful.MIME_JSON).Produces(restful.MIME_JSON, restful.MIME_JSON) - webService.Route(webService.GET("/logs/{namespace}/{pod}/{container}").To(handler.RESTfulServiceHandler(sp, getContainerLogsHandler))) - webService.Route(webService.GET("/logs/file/{namespace}/{pod}/{container}").To(handler.RESTfulServiceHandler(sp, getContainerLogFileHandler))) + webService.Path("/v1/containers"). + Consumes(restful.MIME_JSON, restful.MIME_JSON). + Produces(restful.MIME_JSON, restful.MIME_JSON) + + webService.Route(webService.GET("/logs/{namespace}/{pod}/{container}"). + To(handler.RESTfulServiceHandler(sp, getContainerLogsHandler))) + webService.Route(webService.GET("/logs/file/{namespace}/{pod}/{container}"). + To(handler.RESTfulServiceHandler(sp, getContainerLogFileHandler))) return webService } func newPodService(sp *serviceprovider.Container) *restful.WebService { webService := new(restful.WebService) - webService.Path("/v1/pods").Consumes(restful.MIME_JSON, restful.MIME_JSON).Produces(restful.MIME_JSON, restful.MIME_JSON) + webService.Path("/v1/pods"). + Consumes(restful.MIME_JSON, restful.MIME_JSON). + Produces(restful.MIME_JSON, restful.MIME_JSON) + webService.Filter(validateTokenMiddleware) - webService.Route(webService.POST("/").To(handler.RESTfulServiceHandler(sp, createPodHandler))) - webService.Route(webService.DELETE("/{id}").To(handler.RESTfulServiceHandler(sp, deletePodHandler))) - webService.Route(webService.DELETE("/{namespace}/{pod}").To(handler.RESTfulServiceHandler(sp, deletePodFromClusterHandler))) - webService.Route(webService.GET("/").To(handler.RESTfulServiceHandler(sp, listPodHandler))) - webService.Route(webService.GET("/{id}").To(handler.RESTfulServiceHandler(sp, getPodHandler))) + + webService.Route(webService.POST("/"). + To(handler.RESTfulServiceHandler(sp, createPodHandler))) + webService.Route(webService.DELETE("/{id}"). + To(handler.RESTfulServiceHandler(sp, deletePodHandler))) + webService.Route(webService.DELETE("/{namespace}/{pod}"). + To(handler.RESTfulServiceHandler(sp, deletePodFromClusterHandler))) + webService.Route(webService.GET("/"). + To(handler.RESTfulServiceHandler(sp, listPodHandler))) + webService.Route(webService.GET("/{id}"). + To(handler.RESTfulServiceHandler(sp, getPodHandler))) return webService } func newDeploymentService(sp *serviceprovider.Container) *restful.WebService { webService := new(restful.WebService) + webService.Filter(validateTokenMiddleware) - webService.Path("/v1/deployments").Consumes(restful.MIME_JSON, restful.MIME_JSON).Produces(restful.MIME_JSON, restful.MIME_JSON) - webService.Route(webService.POST("/").To(handler.RESTfulServiceHandler(sp, createDeploymentHandler))) - webService.Route(webService.DELETE("/{id}").To(handler.RESTfulServiceHandler(sp, deleteDeploymentHandler))) - webService.Route(webService.GET("/").To(handler.RESTfulServiceHandler(sp, listDeploymentHandler))) - webService.Route(webService.GET("/{id}").To(handler.RESTfulServiceHandler(sp, getDeploymentHandler))) - webService.Route(webService.POST("/upload/yaml").Consumes("multipart/form-data").To(handler.RESTfulServiceHandler(sp, uploadDeploymentYAMLHandler))) - webService.Route(webService.PUT("/autoscale").To(handler.RESTfulServiceHandler(sp, updateAutoscalerHandler))) + + webService.Path("/v1/deployments"). + Consumes(restful.MIME_JSON, restful.MIME_JSON). + Produces(restful.MIME_JSON, restful.MIME_JSON) + + webService.Route(webService.POST("/"). + To(handler.RESTfulServiceHandler(sp, createDeploymentHandler))) + webService.Route(webService.DELETE("/{id}"). + To(handler.RESTfulServiceHandler(sp, deleteDeploymentHandler))) + webService.Route(webService.GET("/"). + To(handler.RESTfulServiceHandler(sp, listDeploymentHandler))) + webService.Route(webService.GET("/{id}"). + To(handler.RESTfulServiceHandler(sp, getDeploymentHandler))) + webService.Route(webService.POST("/upload/yaml"). + Consumes("multipart/form-data").To(handler.RESTfulServiceHandler(sp, uploadDeploymentYAMLHandler))) + webService.Route(webService.PUT("/autoscale"). + To(handler.RESTfulServiceHandler(sp, updateAutoscalerHandler))) return webService } func newAppService(sp *serviceprovider.Container) *restful.WebService { webService := new(restful.WebService) - webService.Path("/v1/apps").Consumes(restful.MIME_JSON, restful.MIME_JSON).Produces(restful.MIME_JSON, restful.MIME_JSON) + webService.Path("/v1/apps"). + Consumes(restful.MIME_JSON, restful.MIME_JSON). + Produces(restful.MIME_JSON, restful.MIME_JSON) + webService.Filter(validateTokenMiddleware) - webService.Route(webService.POST("/").To(handler.RESTfulServiceHandler(sp, createAppHandler))) + + webService.Route(webService.POST("/"). + To(handler.RESTfulServiceHandler(sp, createAppHandler))) return webService } func newServiceService(sp *serviceprovider.Container) *restful.WebService { webService := new(restful.WebService) - webService.Path("/v1/services").Consumes(restful.MIME_JSON, restful.MIME_JSON).Produces(restful.MIME_JSON, restful.MIME_JSON) + + webService.Path("/v1/services"). + Consumes(restful.MIME_JSON, restful.MIME_JSON). + Produces(restful.MIME_JSON, restful.MIME_JSON) + webService.Filter(validateTokenMiddleware) - webService.Route(webService.POST("/").To(handler.RESTfulServiceHandler(sp, createServiceHandler))) - webService.Route(webService.DELETE("/{id}").To(handler.RESTfulServiceHandler(sp, deleteServiceHandler))) - webService.Route(webService.GET("/").To(handler.RESTfulServiceHandler(sp, listServiceHandler))) - webService.Route(webService.GET("/{id}").To(handler.RESTfulServiceHandler(sp, getServiceHandler))) - webService.Route(webService.POST("/upload/yaml").Consumes("multipart/form-data").To(handler.RESTfulServiceHandler(sp, uploadServiceYAMLHandler))) + + webService.Route(webService.POST("/"). + To(handler.RESTfulServiceHandler(sp, createServiceHandler))) + webService.Route(webService.DELETE("/{id}"). + To(handler.RESTfulServiceHandler(sp, deleteServiceHandler))) + webService.Route(webService.GET("/"). + To(handler.RESTfulServiceHandler(sp, listServiceHandler))) + webService.Route(webService.GET("/{id}"). + To(handler.RESTfulServiceHandler(sp, getServiceHandler))) + webService.Route(webService.POST("/upload/yaml"). + Consumes("multipart/form-data"). + To(handler.RESTfulServiceHandler(sp, uploadServiceYAMLHandler))) return webService } func newNamespaceService(sp *serviceprovider.Container) *restful.WebService { webService := new(restful.WebService) - webService.Path("/v1/namespaces").Consumes(restful.MIME_JSON, restful.MIME_JSON).Produces(restful.MIME_JSON, restful.MIME_JSON) + webService.Path("/v1/namespaces"). + Consumes(restful.MIME_JSON, restful.MIME_JSON). + Produces(restful.MIME_JSON, restful.MIME_JSON) + webService.Filter(validateTokenMiddleware) - webService.Route(webService.POST("/").To(handler.RESTfulServiceHandler(sp, createNamespaceHandler))) - webService.Route(webService.DELETE("/{id}").To(handler.RESTfulServiceHandler(sp, deleteNamespaceHandler))) - webService.Route(webService.GET("/").To(handler.RESTfulServiceHandler(sp, listNamespaceHandler))) - webService.Route(webService.GET("/{id}").To(handler.RESTfulServiceHandler(sp, getNamespaceHandler))) - webService.Route(webService.POST("/upload/yaml").Consumes("multipart/form-data").To(handler.RESTfulServiceHandler(sp, uploadNamespaceYAMLHandler))) + + webService.Route(webService.POST("/"). + To(handler.RESTfulServiceHandler(sp, createNamespaceHandler))) + webService.Route(webService.DELETE("/{id}"). + To(handler.RESTfulServiceHandler(sp, deleteNamespaceHandler))) + webService.Route(webService.GET("/"). + To(handler.RESTfulServiceHandler(sp, listNamespaceHandler))) + webService.Route(webService.GET("/{id}"). + To(handler.RESTfulServiceHandler(sp, getNamespaceHandler))) + webService.Route(webService.POST("/upload/yaml"). + Consumes("multipart/form-data"). + To(handler.RESTfulServiceHandler(sp, uploadNamespaceYAMLHandler))) return webService } func newConfigMapService(sp *serviceprovider.Container) *restful.WebService { webService := new(restful.WebService) - webService.Path("/v1/configmaps").Consumes(restful.MIME_JSON, restful.MIME_JSON).Produces(restful.MIME_JSON, restful.MIME_JSON) + webService.Path("/v1/configmaps"). + Consumes(restful.MIME_JSON, restful.MIME_JSON). + Produces(restful.MIME_JSON, restful.MIME_JSON) + webService.Filter(validateTokenMiddleware) - webService.Route(webService.POST("/").To(handler.RESTfulServiceHandler(sp, createConfigMapHandler))) - webService.Route(webService.DELETE("/{id}").To(handler.RESTfulServiceHandler(sp, deleteConfigMapHandler))) - webService.Route(webService.GET("/").To(handler.RESTfulServiceHandler(sp, listConfigMapHandler))) - webService.Route(webService.GET("/{id}").To(handler.RESTfulServiceHandler(sp, getConfigMapHandler))) - webService.Route(webService.POST("/upload/yaml").Consumes("multipart/form-data").To(handler.RESTfulServiceHandler(sp, uploadConfigMapYAMLHandler))) + + webService.Route(webService.POST("/"). + To(handler.RESTfulServiceHandler(sp, createConfigMapHandler))) + webService.Route(webService.DELETE("/{id}"). + To(handler.RESTfulServiceHandler(sp, deleteConfigMapHandler))) + webService.Route(webService.GET("/"). + To(handler.RESTfulServiceHandler(sp, listConfigMapHandler))) + webService.Route(webService.GET("/{id}"). + To(handler.RESTfulServiceHandler(sp, getConfigMapHandler))) + webService.Route(webService.POST("/upload/yaml"). + Consumes("multipart/form-data"). + To(handler.RESTfulServiceHandler(sp, uploadConfigMapYAMLHandler))) return webService } func newMonitoringService(sp *serviceprovider.Container) *restful.WebService { webService := new(restful.WebService) - webService.Path("/v1/monitoring").Consumes(restful.MIME_JSON, restful.MIME_JSON).Produces(restful.MIME_JSON, restful.MIME_JSON) + webService.Path("/v1/monitoring"). + Consumes(restful.MIME_JSON, restful.MIME_JSON). + Produces(restful.MIME_JSON, restful.MIME_JSON) // node - webService.Route(webService.GET("/nodes").To(handler.RESTfulServiceHandler(sp, listNodeMetricsHandler))) - webService.Route(webService.GET("/nodes/{node}").To(handler.RESTfulServiceHandler(sp, getNodeMetricsHandler))) - webService.Route(webService.GET("/nodes/{node}/nics").To(handler.RESTfulServiceHandler(sp, listNodeNicsMetricsHandler))) + webService.Route(webService.GET("/nodes"). + To(handler.RESTfulServiceHandler(sp, listNodeMetricsHandler))) + webService.Route(webService.GET("/nodes/{node}"). + To(handler.RESTfulServiceHandler(sp, getNodeMetricsHandler))) + webService.Route(webService.GET("/nodes/{node}/nics"). + To(handler.RESTfulServiceHandler(sp, listNodeNicsMetricsHandler))) // pod - webService.Route(webService.GET("/pods").To(handler.RESTfulServiceHandler(sp, listPodMetricsHandler))) - webService.Route(webService.GET("/pods/{pod}").To(handler.RESTfulServiceHandler(sp, getPodMetricsHandler))) + webService.Route(webService.GET("/pods"). + To(handler.RESTfulServiceHandler(sp, listPodMetricsHandler))) + webService.Route(webService.GET("/pods/{pod}"). + To(handler.RESTfulServiceHandler(sp, getPodMetricsHandler))) // container - webService.Route(webService.GET("/pods/{pod}/{container}").To(handler.RESTfulServiceHandler(sp, getContainerMetricsHandler))) + webService.Route(webService.GET("/pods/{pod}/{container}"). + To(handler.RESTfulServiceHandler(sp, getContainerMetricsHandler))) // service - webService.Route(webService.GET("/services").To(handler.RESTfulServiceHandler(sp, listServiceMetricsHandler))) - webService.Route(webService.GET("/services/{service}").To(handler.RESTfulServiceHandler(sp, getServiceMetricsHandler))) + webService.Route(webService.GET("/services"). + To(handler.RESTfulServiceHandler(sp, listServiceMetricsHandler))) + webService.Route(webService.GET("/services/{service}"). + To(handler.RESTfulServiceHandler(sp, getServiceMetricsHandler))) // controller - webService.Route(webService.GET("/controllers").To(handler.RESTfulServiceHandler(sp, listControllerMetricsHandler))) - webService.Route(webService.GET("/controllers/{controller}").To(handler.RESTfulServiceHandler(sp, getControllerMetricsHandler))) + webService.Route(webService.GET("/controllers"). + To(handler.RESTfulServiceHandler(sp, listControllerMetricsHandler))) + webService.Route(webService.GET("/controllers/{controller}"). + To(handler.RESTfulServiceHandler(sp, getControllerMetricsHandler))) return webService } @@ -211,7 +328,11 @@ func newOVSService(sp *serviceprovider.Container) *restful.WebService { func newShellService(sp *serviceprovider.Container) *restful.WebService { webService := new(restful.WebService) - webService.Path("/v1/exec").Consumes(restful.MIME_JSON, restful.MIME_JSON).Produces(restful.MIME_JSON, restful.MIME_JSON) - webService.Route(webService.GET("/pod/{namespace}/{pod}/shell/{container}").To(handler.RESTfulServiceHandler(sp, handleExecShell))) + webService.Path("/v1/exec"). + Consumes(restful.MIME_JSON, restful.MIME_JSON). + Produces(restful.MIME_JSON, restful.MIME_JSON) + + webService.Route(webService.GET("/pod/{namespace}/{pod}/shell/{container}"). + To(handler.RESTfulServiceHandler(sp, handleExecShell))) return webService } From 6003abd8e422e5b0a9b77c46bc20a8bdb6de9e0e Mon Sep 17 00:00:00 2001 From: John-Lin Date: Fri, 12 Oct 2018 16:32:34 +0800 Subject: [PATCH 2/6] add role acl --- src/server/route.go | 62 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 60 insertions(+), 2 deletions(-) diff --git a/src/server/route.go b/src/server/route.go index 01444d5d..06ca6305 100644 --- a/src/server/route.go +++ b/src/server/route.go @@ -43,6 +43,7 @@ func newVersionService(sp *serviceprovider.Container) *restful.WebService { webService.Path("/v1/version"). Consumes(restful.MIME_JSON, restful.MIME_JSON). Produces(restful.MIME_JSON, restful.MIME_JSON) + webService.Route(webService.GET("/"). To(handler.RESTfulServiceHandler(sp, versionHandler))) return webService @@ -53,7 +54,9 @@ func newRegistryService(sp *serviceprovider.Container) *restful.WebService { webService.Path("/v1/registry"). Consumes(restful.MIME_JSON, restful.MIME_JSON). Produces(restful.MIME_JSON, restful.MIME_JSON) + webService.Route(webService.POST("/auth"). + Filter(guestRole). To(handler.RESTfulServiceHandler(sp, registryBasicAuthHandler))) return webService } @@ -71,21 +74,27 @@ func newUserService(sp *serviceprovider.Container) *restful.WebService { // TODO only root role can access webService.Route(webService.GET("/"). + Filter(rootRole). To(handler.RESTfulServiceHandler(sp, listUserHandler))) webService.Route(webService.POST("/"). + Filter(rootRole). To(handler.RESTfulServiceHandler(sp, createUserHandler))) webService.Route(webService.DELETE("/{id}"). + Filter(rootRole). To(handler.RESTfulServiceHandler(sp, deleteUserHandler))) // user role can access webService.Route(webService.GET("/{id}"). Filter(validateTokenMiddleware). + Filter(guestRole). To(handler.RESTfulServiceHandler(sp, getUserHandler))) webService.Route(webService.GET("/verify/auth"). Filter(validateTokenMiddleware). + Filter(guestRole). To(handler.RESTfulServiceHandler(sp, verifyTokenHandler))) webService.Route(webService.PUT("/password"). Filter(validateTokenMiddleware). + Filter(guestRole). To(handler.RESTfulServiceHandler(sp, patchPasswordHandler))) return webService } @@ -99,16 +108,22 @@ func newNetworkService(sp *serviceprovider.Container) *restful.WebService { webService.Filter(validateTokenMiddleware) webService.Route(webService.GET("/"). + Filter(guestRole). To(handler.RESTfulServiceHandler(sp, listNetworkHandler))) webService.Route(webService.GET("/{id}"). + Filter(guestRole). To(handler.RESTfulServiceHandler(sp, getNetworkHandler))) webService.Route(webService.GET("/status/{id}"). + Filter(guestRole). To(handler.RESTfulServiceHandler(sp, getNetworkStatusHandler))) webService.Route(webService.POST("/"). + Filter(rootRole). To(handler.RESTfulServiceHandler(sp, createNetworkHandler))) webService.Route(webService.DELETE("/{id}"). + Filter(rootRole). To(handler.RESTfulServiceHandler(sp, deleteNetworkHandler))) webService.Route(webService.GET("/{node}/shell"). + Filter(rootRole). To(handler.RESTfulServiceHandler(sp, getOVSShellInfoHandler))) return webService } @@ -122,10 +137,13 @@ func newStorageService(sp *serviceprovider.Container) *restful.WebService { webService.Filter(validateTokenMiddleware) webService.Route(webService.POST("/"). + Filter(userRole). To(handler.RESTfulServiceHandler(sp, createStorage))) webService.Route(webService.GET("/"). + Filter(guestRole). To(handler.RESTfulServiceHandler(sp, listStorage))) webService.Route(webService.DELETE("/{id}"). + Filter(userRole). To(handler.RESTfulServiceHandler(sp, deleteStorage))) return webService } @@ -140,10 +158,13 @@ func newVolumeService(sp *serviceprovider.Container) *restful.WebService { webService.Filter(validateTokenMiddleware) webService.Route(webService.POST("/"). + Filter(userRole). To(handler.RESTfulServiceHandler(sp, createVolumeHandler))) webService.Route(webService.DELETE("/{id}"). + Filter(userRole). To(handler.RESTfulServiceHandler(sp, deleteVolumeHandler))) webService.Route(webService.GET("/"). + Filter(guestRole). To(handler.RESTfulServiceHandler(sp, listVolumeHandler))) return webService } @@ -154,9 +175,13 @@ func newContainerService(sp *serviceprovider.Container) *restful.WebService { Consumes(restful.MIME_JSON, restful.MIME_JSON). Produces(restful.MIME_JSON, restful.MIME_JSON) + // webService.Filter(validateTokenMiddleware) + webService.Route(webService.GET("/logs/{namespace}/{pod}/{container}"). + Filter(guestRole). To(handler.RESTfulServiceHandler(sp, getContainerLogsHandler))) webService.Route(webService.GET("/logs/file/{namespace}/{pod}/{container}"). + Filter(guestRole). To(handler.RESTfulServiceHandler(sp, getContainerLogFileHandler))) return webService } @@ -170,14 +195,19 @@ func newPodService(sp *serviceprovider.Container) *restful.WebService { webService.Filter(validateTokenMiddleware) webService.Route(webService.POST("/"). + Filter(userRole). To(handler.RESTfulServiceHandler(sp, createPodHandler))) webService.Route(webService.DELETE("/{id}"). + Filter(userRole). To(handler.RESTfulServiceHandler(sp, deletePodHandler))) webService.Route(webService.DELETE("/{namespace}/{pod}"). + Filter(userRole). To(handler.RESTfulServiceHandler(sp, deletePodFromClusterHandler))) webService.Route(webService.GET("/"). + Filter(guestRole). To(handler.RESTfulServiceHandler(sp, listPodHandler))) webService.Route(webService.GET("/{id}"). + Filter(guestRole). To(handler.RESTfulServiceHandler(sp, getPodHandler))) return webService } @@ -192,16 +222,22 @@ func newDeploymentService(sp *serviceprovider.Container) *restful.WebService { Produces(restful.MIME_JSON, restful.MIME_JSON) webService.Route(webService.POST("/"). + Filter(userRole). To(handler.RESTfulServiceHandler(sp, createDeploymentHandler))) webService.Route(webService.DELETE("/{id}"). + Filter(userRole). To(handler.RESTfulServiceHandler(sp, deleteDeploymentHandler))) webService.Route(webService.GET("/"). + Filter(guestRole). To(handler.RESTfulServiceHandler(sp, listDeploymentHandler))) webService.Route(webService.GET("/{id}"). + Filter(guestRole). To(handler.RESTfulServiceHandler(sp, getDeploymentHandler))) webService.Route(webService.POST("/upload/yaml"). + Filter(userRole). Consumes("multipart/form-data").To(handler.RESTfulServiceHandler(sp, uploadDeploymentYAMLHandler))) webService.Route(webService.PUT("/autoscale"). + Filter(userRole). To(handler.RESTfulServiceHandler(sp, updateAutoscalerHandler))) return webService } @@ -215,6 +251,7 @@ func newAppService(sp *serviceprovider.Container) *restful.WebService { webService.Filter(validateTokenMiddleware) webService.Route(webService.POST("/"). + Filter(userRole). To(handler.RESTfulServiceHandler(sp, createAppHandler))) return webService } @@ -229,14 +266,19 @@ func newServiceService(sp *serviceprovider.Container) *restful.WebService { webService.Filter(validateTokenMiddleware) webService.Route(webService.POST("/"). + Filter(userRole). To(handler.RESTfulServiceHandler(sp, createServiceHandler))) webService.Route(webService.DELETE("/{id}"). + Filter(userRole). To(handler.RESTfulServiceHandler(sp, deleteServiceHandler))) webService.Route(webService.GET("/"). + Filter(guestRole). To(handler.RESTfulServiceHandler(sp, listServiceHandler))) webService.Route(webService.GET("/{id}"). + Filter(guestRole). To(handler.RESTfulServiceHandler(sp, getServiceHandler))) webService.Route(webService.POST("/upload/yaml"). + Filter(userRole). Consumes("multipart/form-data"). To(handler.RESTfulServiceHandler(sp, uploadServiceYAMLHandler))) return webService @@ -251,14 +293,19 @@ func newNamespaceService(sp *serviceprovider.Container) *restful.WebService { webService.Filter(validateTokenMiddleware) webService.Route(webService.POST("/"). + Filter(userRole). To(handler.RESTfulServiceHandler(sp, createNamespaceHandler))) webService.Route(webService.DELETE("/{id}"). + Filter(userRole). To(handler.RESTfulServiceHandler(sp, deleteNamespaceHandler))) webService.Route(webService.GET("/"). + Filter(guestRole). To(handler.RESTfulServiceHandler(sp, listNamespaceHandler))) webService.Route(webService.GET("/{id}"). + Filter(guestRole). To(handler.RESTfulServiceHandler(sp, getNamespaceHandler))) webService.Route(webService.POST("/upload/yaml"). + Filter(userRole). Consumes("multipart/form-data"). To(handler.RESTfulServiceHandler(sp, uploadNamespaceYAMLHandler))) return webService @@ -273,14 +320,19 @@ func newConfigMapService(sp *serviceprovider.Container) *restful.WebService { webService.Filter(validateTokenMiddleware) webService.Route(webService.POST("/"). + Filter(userRole). To(handler.RESTfulServiceHandler(sp, createConfigMapHandler))) webService.Route(webService.DELETE("/{id}"). + Filter(userRole). To(handler.RESTfulServiceHandler(sp, deleteConfigMapHandler))) webService.Route(webService.GET("/"). + Filter(guestRole). To(handler.RESTfulServiceHandler(sp, listConfigMapHandler))) webService.Route(webService.GET("/{id}"). + Filter(guestRole). To(handler.RESTfulServiceHandler(sp, getConfigMapHandler))) webService.Route(webService.POST("/upload/yaml"). + Filter(userRole). Consumes("multipart/form-data"). To(handler.RESTfulServiceHandler(sp, uploadConfigMapYAMLHandler))) return webService @@ -321,8 +373,14 @@ func newMonitoringService(sp *serviceprovider.Container) *restful.WebService { func newOVSService(sp *serviceprovider.Container) *restful.WebService { webService := new(restful.WebService) - webService.Path("/v1/ovs").Consumes(restful.MIME_JSON, restful.MIME_JSON).Produces(restful.MIME_JSON, restful.MIME_JSON) - webService.Route(webService.GET("/portinfos").To(handler.RESTfulServiceHandler(sp, getOVSPortInfoHandler))) + webService.Path("/v1/ovs"). + Consumes(restful.MIME_JSON, restful.MIME_JSON). + Produces(restful.MIME_JSON, restful.MIME_JSON) + + // webService.Filter(validateTokenMiddleware) + + webService.Route(webService.GET("/portinfos"). + To(handler.RESTfulServiceHandler(sp, getOVSPortInfoHandler))) return webService } From bcbc44cece033d46cdb471fe68a9d1f757b89042 Mon Sep 17 00:00:00 2001 From: John-Lin Date: Fri, 12 Oct 2018 17:17:41 +0800 Subject: [PATCH 3/6] role panic check --- src/server/route.go | 11 ++++++++--- src/server/route_filter.go | 18 +++++++++--------- 2 files changed, 17 insertions(+), 12 deletions(-) diff --git a/src/server/route.go b/src/server/route.go index 06ca6305..972b7839 100644 --- a/src/server/route.go +++ b/src/server/route.go @@ -55,6 +55,8 @@ func newRegistryService(sp *serviceprovider.Container) *restful.WebService { Consumes(restful.MIME_JSON, restful.MIME_JSON). Produces(restful.MIME_JSON, restful.MIME_JSON) + webService.Filter(validateTokenMiddleware) + webService.Route(webService.POST("/auth"). Filter(guestRole). To(handler.RESTfulServiceHandler(sp, registryBasicAuthHandler))) @@ -74,12 +76,15 @@ func newUserService(sp *serviceprovider.Container) *restful.WebService { // TODO only root role can access webService.Route(webService.GET("/"). + Filter(validateTokenMiddleware). Filter(rootRole). To(handler.RESTfulServiceHandler(sp, listUserHandler))) webService.Route(webService.POST("/"). + Filter(validateTokenMiddleware). Filter(rootRole). To(handler.RESTfulServiceHandler(sp, createUserHandler))) webService.Route(webService.DELETE("/{id}"). + Filter(validateTokenMiddleware). Filter(rootRole). To(handler.RESTfulServiceHandler(sp, deleteUserHandler))) @@ -175,7 +180,7 @@ func newContainerService(sp *serviceprovider.Container) *restful.WebService { Consumes(restful.MIME_JSON, restful.MIME_JSON). Produces(restful.MIME_JSON, restful.MIME_JSON) - // webService.Filter(validateTokenMiddleware) + webService.Filter(validateTokenMiddleware) webService.Route(webService.GET("/logs/{namespace}/{pod}/{container}"). Filter(guestRole). @@ -215,12 +220,12 @@ func newPodService(sp *serviceprovider.Container) *restful.WebService { func newDeploymentService(sp *serviceprovider.Container) *restful.WebService { webService := new(restful.WebService) - webService.Filter(validateTokenMiddleware) - webService.Path("/v1/deployments"). Consumes(restful.MIME_JSON, restful.MIME_JSON). Produces(restful.MIME_JSON, restful.MIME_JSON) + webService.Filter(validateTokenMiddleware) + webService.Route(webService.POST("/"). Filter(userRole). To(handler.RESTfulServiceHandler(sp, createDeploymentHandler))) diff --git a/src/server/route_filter.go b/src/server/route_filter.go index 0081385e..ed07a0ba 100644 --- a/src/server/route_filter.go +++ b/src/server/route_filter.go @@ -51,11 +51,11 @@ func validateTokenMiddleware(req *restful.Request, resp *restful.Response, chain } func rootRole(req *restful.Request, resp *restful.Response, chain *restful.FilterChain) { - role := req.Attribute("Role").(string) - if role == entity.RootRole { + role, ok := req.Attribute("Role").(string) + if ok && role == entity.RootRole { chain.ProcessFilter(req, resp) } else { - log.Printf("User has no root role: Forbidden") + log.Printf("User role: %s has no root role: Forbidden", role) resp.WriteHeaderAndEntity(http.StatusForbidden, response.ActionResponse{ Error: true, @@ -66,11 +66,11 @@ func rootRole(req *restful.Request, resp *restful.Response, chain *restful.Filte } func userRole(req *restful.Request, resp *restful.Response, chain *restful.FilterChain) { - role := req.Attribute("Role").(string) - if role == entity.RootRole || role == entity.UserRole { + role, ok := req.Attribute("Role").(string) + if ok && role == entity.RootRole || role == entity.UserRole { chain.ProcessFilter(req, resp) } else { - log.Printf("User has no user role: Forbidden") + log.Printf("User role: %s has no root role: Forbidden", role) resp.WriteHeaderAndEntity(http.StatusForbidden, response.ActionResponse{ Error: true, @@ -81,11 +81,11 @@ func userRole(req *restful.Request, resp *restful.Response, chain *restful.Filte } func guestRole(req *restful.Request, resp *restful.Response, chain *restful.FilterChain) { - role := req.Attribute("Role").(string) - if role == entity.RootRole || role == entity.UserRole || role == entity.GuestRole { + role, ok := req.Attribute("Role").(string) + if ok && role == entity.RootRole || role == entity.UserRole || role == entity.GuestRole { chain.ProcessFilter(req, resp) } else { - log.Printf("User has no guest role: Forbidden") + log.Printf("User role: %s has no root role: Forbidden", role) resp.WriteHeaderAndEntity(http.StatusForbidden, response.ActionResponse{ Error: true, From b25b5ce6f0ea25f48c13ed5c8c6b56ae80139b48 Mon Sep 17 00:00:00 2001 From: John-Lin Date: Wed, 17 Oct 2018 14:31:21 +0800 Subject: [PATCH 4/6] add filter --- src/server/route.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/server/route.go b/src/server/route.go index 972b7839..3a0be540 100644 --- a/src/server/route.go +++ b/src/server/route.go @@ -395,7 +395,10 @@ func newShellService(sp *serviceprovider.Container) *restful.WebService { Consumes(restful.MIME_JSON, restful.MIME_JSON). Produces(restful.MIME_JSON, restful.MIME_JSON) + webService.Filter(validateTokenMiddleware) + webService.Route(webService.GET("/pod/{namespace}/{pod}/shell/{container}"). + Filter(userRole). To(handler.RESTfulServiceHandler(sp, handleExecShell))) return webService } From e29dd5fba0be33da00b001f101387a2c1bb6b2cc Mon Sep 17 00:00:00 2001 From: John-Lin Date: Wed, 17 Oct 2018 15:23:08 +0800 Subject: [PATCH 5/6] change test user role --- tests/02-multiple-interface/credential | 4 ++-- tests/03-host-network/credential | 4 ++-- tests/04-storage-pod/credential | 4 ++-- tests/05-deployment/credential | 4 ++-- tests/06-app/credential | 4 ++-- tests/07-ovs/credential | 4 ++-- tests/99-delete-test-user/credential | 4 ++-- 7 files changed, 14 insertions(+), 14 deletions(-) diff --git a/tests/02-multiple-interface/credential b/tests/02-multiple-interface/credential index 714d859c..85b0412b 100644 --- a/tests/02-multiple-interface/credential +++ b/tests/02-multiple-interface/credential @@ -1,4 +1,4 @@ { - "username":"testuser@linkernetworks.com", - "password":"p@ssw0rd" + "username":"admin@vortex.com", + "password":"password" } diff --git a/tests/03-host-network/credential b/tests/03-host-network/credential index 714d859c..85b0412b 100644 --- a/tests/03-host-network/credential +++ b/tests/03-host-network/credential @@ -1,4 +1,4 @@ { - "username":"testuser@linkernetworks.com", - "password":"p@ssw0rd" + "username":"admin@vortex.com", + "password":"password" } diff --git a/tests/04-storage-pod/credential b/tests/04-storage-pod/credential index 714d859c..85b0412b 100644 --- a/tests/04-storage-pod/credential +++ b/tests/04-storage-pod/credential @@ -1,4 +1,4 @@ { - "username":"testuser@linkernetworks.com", - "password":"p@ssw0rd" + "username":"admin@vortex.com", + "password":"password" } diff --git a/tests/05-deployment/credential b/tests/05-deployment/credential index 714d859c..85b0412b 100644 --- a/tests/05-deployment/credential +++ b/tests/05-deployment/credential @@ -1,4 +1,4 @@ { - "username":"testuser@linkernetworks.com", - "password":"p@ssw0rd" + "username":"admin@vortex.com", + "password":"password" } diff --git a/tests/06-app/credential b/tests/06-app/credential index 714d859c..6ef80078 100644 --- a/tests/06-app/credential +++ b/tests/06-app/credential @@ -1,4 +1,4 @@ { - "username":"testuser@linkernetworks.com", - "password":"p@ssw0rd" + "username":"vortex@admin.com", + "password":"password" } diff --git a/tests/07-ovs/credential b/tests/07-ovs/credential index 714d859c..85b0412b 100644 --- a/tests/07-ovs/credential +++ b/tests/07-ovs/credential @@ -1,4 +1,4 @@ { - "username":"testuser@linkernetworks.com", - "password":"p@ssw0rd" + "username":"admin@vortex.com", + "password":"password" } diff --git a/tests/99-delete-test-user/credential b/tests/99-delete-test-user/credential index 714d859c..85b0412b 100644 --- a/tests/99-delete-test-user/credential +++ b/tests/99-delete-test-user/credential @@ -1,4 +1,4 @@ { - "username":"testuser@linkernetworks.com", - "password":"p@ssw0rd" + "username":"admin@vortex.com", + "password":"password" } From 90863c934d031c714c8453b4d5c0471552cf43cf Mon Sep 17 00:00:00 2001 From: John-Lin Date: Wed, 17 Oct 2018 15:43:09 +0800 Subject: [PATCH 6/6] typo --- tests/06-app/credential | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/06-app/credential b/tests/06-app/credential index 6ef80078..85b0412b 100644 --- a/tests/06-app/credential +++ b/tests/06-app/credential @@ -1,4 +1,4 @@ { - "username":"vortex@admin.com", + "username":"admin@vortex.com", "password":"password" }