forked from rancher/rancher
-
Notifications
You must be signed in to change notification settings - Fork 0
/
githubconfig_actions.go
130 lines (111 loc) · 4.1 KB
/
githubconfig_actions.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
package github
import (
"encoding/json"
"fmt"
"net/http"
"strings"
"github.com/pkg/errors"
"github.com/rancher/norman/httperror"
"github.com/rancher/norman/types"
"github.com/rancher/rancher/pkg/api/store/auth"
"github.com/rancher/rancher/pkg/auth/providers/common"
v3 "github.com/rancher/types/apis/management.cattle.io/v3"
"github.com/rancher/types/apis/management.cattle.io/v3public"
client "github.com/rancher/types/client/management/v3"
)
func (g *ghProvider) formatter(apiContext *types.APIContext, resource *types.RawResource) {
common.AddCommonActions(apiContext, resource)
resource.AddAction(apiContext, "configureTest")
resource.AddAction(apiContext, "testAndApply")
}
func (g *ghProvider) actionHandler(actionName string, action *types.Action, request *types.APIContext) error {
handled, err := common.HandleCommonAction(actionName, action, request, Name, g.authConfigs)
if err != nil {
return err
}
if handled {
return nil
}
if actionName == "configureTest" {
return g.configureTest(actionName, action, request)
} else if actionName == "testAndApply" {
return g.testAndApply(actionName, action, request)
}
return httperror.NewAPIError(httperror.ActionNotAvailable, "")
}
func (g *ghProvider) configureTest(actionName string, action *types.Action, request *types.APIContext) error {
githubConfig := &v3.GithubConfig{}
if err := json.NewDecoder(request.Request.Body).Decode(githubConfig); err != nil {
return httperror.NewAPIError(httperror.InvalidBodyContent,
fmt.Sprintf("Failed to parse body: %v", err))
}
redirectURL := formGithubRedirectURL(githubConfig)
data := map[string]interface{}{
"redirectUrl": redirectURL,
"type": "githubConfigTestOutput",
}
request.WriteResponse(http.StatusOK, data)
return nil
}
func formGithubRedirectURL(githubConfig *v3.GithubConfig) string {
return githubRedirectURL(githubConfig.Hostname, githubConfig.ClientID, githubConfig.TLS)
}
func formGithubRedirectURLFromMap(config map[string]interface{}) string {
hostname, _ := config[client.GithubConfigFieldHostname].(string)
clientID, _ := config[client.GithubConfigFieldClientID].(string)
tls, _ := config[client.GithubConfigFieldTLS].(bool)
return githubRedirectURL(hostname, clientID, tls)
}
func githubRedirectURL(hostname, clientID string, tls bool) string {
redirect := ""
if hostname != "" {
scheme := "http://"
if tls {
scheme = "https://"
}
redirect = scheme + hostname
} else {
redirect = githubDefaultHostName
}
redirect = redirect + "/login/oauth/authorize?client_id=" + clientID
return redirect
}
func (g *ghProvider) testAndApply(actionName string, action *types.Action, request *types.APIContext) error {
var githubConfig v3.GithubConfig
githubConfigApplyInput := &v3.GithubConfigApplyInput{}
if err := json.NewDecoder(request.Request.Body).Decode(githubConfigApplyInput); err != nil {
return httperror.NewAPIError(httperror.InvalidBodyContent,
fmt.Sprintf("Failed to parse body: %v", err))
}
githubConfig = githubConfigApplyInput.GithubConfig
githubLogin := &v3public.GithubLogin{
Code: githubConfigApplyInput.Code,
}
if githubConfig.ClientSecret != "" {
value, err := common.ReadFromSecret(g.secrets, githubConfig.ClientSecret,
strings.ToLower(auth.TypeToField[client.GithubConfigType]))
if err != nil {
return err
}
githubConfig.ClientSecret = value
}
//Call provider to testLogin
userPrincipal, groupPrincipals, providerInfo, err := g.LoginUser(githubLogin, &githubConfig, true)
if err != nil {
if httperror.IsAPIError(err) {
return err
}
return errors.Wrap(err, "server error while authenticating")
}
//if this works, save githubConfig CR adding enabled flag
user, err := g.userMGR.SetPrincipalOnCurrentUser(request, userPrincipal)
if err != nil {
return err
}
githubConfig.Enabled = githubConfigApplyInput.Enabled
err = g.saveGithubConfig(&githubConfig)
if err != nil {
return httperror.NewAPIError(httperror.ServerError, fmt.Sprintf("Failed to save github config: %v", err))
}
return g.tokenMGR.CreateTokenAndSetCookie(user.Name, userPrincipal, groupPrincipals, providerInfo, 0, "Token via Github Configuration", request)
}