From e94dfaa5f0f9b501a664b9cd6055bab392f94471 Mon Sep 17 00:00:00 2001 From: Nir Magnezi Date: Sun, 19 Jul 2020 22:52:56 +0300 Subject: [PATCH 1/6] MGMT-733 Adds Swagger API Key Security Bumped Swagger image version to 0.25.0 Bumped go-openapi/runtime to v0.19.20 to match the Swagger image version. --- Makefile | 4 ++-- go.mod | 2 +- go.sum | 4 ++-- swagger.yaml | 25 +++++++++++++++++++++++++ 4 files changed, 30 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index 47374eb3b..05af3859b 100644 --- a/Makefile +++ b/Makefile @@ -45,10 +45,10 @@ generate: generate-from-swagger: rm -rf client models restapi docker run -u $(UID):$(UID) -v $(PWD):$(PWD):rw,Z -v /etc/passwd:/etc/passwd -w $(PWD) \ - quay.io/goswagger/swagger:v0.24.0 generate server --template=stratoscale -f swagger.yaml \ + quay.io/goswagger/swagger:v0.25.0 generate server --template=stratoscale -f swagger.yaml \ --template-dir=/templates/contrib docker run -u $(UID):$(UID) -v $(PWD):$(PWD):rw,Z -v /etc/passwd:/etc/passwd -w $(PWD) \ - quay.io/goswagger/swagger:v0.24.0 generate client --template=stratoscale -f swagger.yaml \ + quay.io/goswagger/swagger:v0.25.0 generate client --template=stratoscale -f swagger.yaml \ --template-dir=/templates/contrib ########## diff --git a/go.mod b/go.mod index e698b31f5..e05ddc7cd 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/filanov/stateswitch v0.0.0-20200714113403-51a42a34c604 github.com/go-openapi/errors v0.19.6 github.com/go-openapi/loads v0.19.5 - github.com/go-openapi/runtime v0.19.19 + github.com/go-openapi/runtime v0.19.20 github.com/go-openapi/spec v0.19.8 github.com/go-openapi/strfmt v0.19.5 github.com/go-openapi/swag v0.19.9 diff --git a/go.sum b/go.sum index 6fc132de4..90f813e20 100644 --- a/go.sum +++ b/go.sum @@ -177,8 +177,8 @@ github.com/go-openapi/runtime v0.19.0/go.mod h1:OwNfisksmmaZse4+gpV3Ne9AyMOlP1lt github.com/go-openapi/runtime v0.19.4/go.mod h1:X277bwSUBxVlCYR3r7xgZZGKVvBd/29gLDlFGtJ8NL4= github.com/go-openapi/runtime v0.19.15 h1:2GIefxs9Rx1vCDNghRtypRq+ig8KSLrjHbAYI/gCLCM= github.com/go-openapi/runtime v0.19.15/go.mod h1:dhGWCTKRXlAfGnQG0ONViOZpjfg0m2gUt9nTQPQZuoo= -github.com/go-openapi/runtime v0.19.19 h1:PCaQSqG0HiCgpekchPrHO9AEc5ZUaAclOUp9T3RSKoQ= -github.com/go-openapi/runtime v0.19.19/go.mod h1:Lm9YGCeecBnUUkFTxPC4s1+lwrkJ0pthx8YvyjCfkgk= +github.com/go-openapi/runtime v0.19.20 h1:J/t+QIjbcoq8WJvjGxRKiFBhqUE8slS9SbmD0Oi/raQ= +github.com/go-openapi/runtime v0.19.20/go.mod h1:Lm9YGCeecBnUUkFTxPC4s1+lwrkJ0pthx8YvyjCfkgk= github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc= github.com/go-openapi/spec v0.17.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI= github.com/go-openapi/spec v0.18.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI= diff --git a/swagger.yaml b/swagger.yaml index 0ad44a9d5..d21d0074c 100644 --- a/swagger.yaml +++ b/swagger.yaml @@ -16,6 +16,18 @@ consumes: produces: - application/json +securityDefinitions: + agentAuth: + type: apiKey + in: header + name: X-Secret-Key + userAuth: + type: apiKey + in: header + name: Authorization + +security: + - userAuth: [] paths: /clusters: @@ -226,6 +238,9 @@ paths: get: tags: - installer + security: + - userAuth: [] + - agentAuth: [] summary: Downloads files relating to the installed/installing cluster. operationId: DownloadClusterFiles produces: @@ -325,6 +340,8 @@ paths: post: tags: - installer + security: + - agentAuth: [] summary: Transfer the ingress certificate for the cluster. operationId: UploadClusterIngressCert parameters: @@ -487,6 +504,8 @@ paths: post: tags: - installer + security: + - agentAuth: [] summary: Registers a new OpenShift bare metal host. operationId: RegisterHost parameters: @@ -610,6 +629,8 @@ paths: put: tags: - installer + security: + - agentAuth: [] summary: Update installation progress operationId: UpdateHostInstallProgress parameters: @@ -750,6 +771,8 @@ paths: get: tags: - installer + security: + - agentAuth: [] summary: Retrieves the next operations that the host agent needs to perform. operationId: GetNextSteps parameters: @@ -780,6 +803,8 @@ paths: post: tags: - installer + security: + - agentAuth: [] summary: Posts the result of the operations from the host agent. operationId: PostStepReply parameters: From 5df434b256eb11aca2ea5957292335633a414a3c Mon Sep 17 00:00:00 2001 From: Nir Magnezi Date: Sun, 19 Jul 2020 22:56:32 +0300 Subject: [PATCH 2/6] MGMT-733 Swagger Generate Server and Client --- client/events/events_client.go | 1 + client/events/list_events_responses.go | 2 +- .../cancel_installation_responses.go | 2 +- .../complete_installation_responses.go | 2 +- .../installer/deregister_cluster_responses.go | 2 +- client/installer/deregister_host_responses.go | 2 +- client/installer/disable_host_responses.go | 2 +- .../download_cluster_files_responses.go | 2 +- .../download_cluster_i_s_o_responses.go | 2 +- .../download_cluster_kubeconfig_responses.go | 2 +- client/installer/enable_host_responses.go | 2 +- .../generate_cluster_i_s_o_responses.go | 2 +- client/installer/get_cluster_responses.go | 2 +- client/installer/get_credentials_responses.go | 2 +- .../installer/get_free_addresses_responses.go | 2 +- client/installer/get_host_responses.go | 2 +- client/installer/get_next_steps_responses.go | 2 +- client/installer/install_cluster_responses.go | 2 +- client/installer/installer_client.go | 26 ++++ client/installer/list_clusters_responses.go | 2 +- client/installer/list_hosts_responses.go | 2 +- client/installer/post_step_reply_responses.go | 2 +- .../installer/register_cluster_responses.go | 2 +- client/installer/register_host_responses.go | 2 +- client/installer/reset_cluster_responses.go | 2 +- client/installer/set_debug_step_responses.go | 2 +- client/installer/update_cluster_responses.go | 2 +- .../update_host_install_progress_responses.go | 2 +- .../upload_cluster_ingress_cert_responses.go | 2 +- .../list_managed_domains_responses.go | 2 +- .../managed_domains/managed_domains_client.go | 1 + .../list_component_versions_responses.go | 2 +- client/versions/versions_client.go | 1 + restapi/configure_assisted_install.go | 126 ++++++++++++++---- restapi/embedded_spec.go | 100 ++++++++++++++ restapi/operations/assisted_install_api.go | 119 ++++++++++++----- restapi/operations/events/list_events.go | 23 +++- .../installer/cancel_installation.go | 23 +++- .../installer/complete_installation.go | 23 +++- .../installer/deregister_cluster.go | 23 +++- .../operations/installer/deregister_host.go | 23 +++- restapi/operations/installer/disable_host.go | 23 +++- .../installer/download_cluster_files.go | 23 +++- .../installer/download_cluster_i_s_o.go | 23 +++- .../installer/download_cluster_kubeconfig.go | 23 +++- restapi/operations/installer/enable_host.go | 23 +++- .../installer/generate_cluster_i_s_o.go | 23 +++- restapi/operations/installer/get_cluster.go | 23 +++- .../operations/installer/get_credentials.go | 23 +++- .../installer/get_free_addresses.go | 23 +++- restapi/operations/installer/get_host.go | 23 +++- .../operations/installer/get_next_steps.go | 23 +++- .../operations/installer/install_cluster.go | 23 +++- restapi/operations/installer/list_clusters.go | 23 +++- restapi/operations/installer/list_hosts.go | 23 +++- .../operations/installer/post_step_reply.go | 23 +++- .../operations/installer/register_cluster.go | 23 +++- restapi/operations/installer/register_host.go | 23 +++- restapi/operations/installer/reset_cluster.go | 23 +++- .../operations/installer/set_debug_step.go | 23 +++- .../operations/installer/update_cluster.go | 23 +++- .../installer/update_host_install_progress.go | 23 +++- .../installer/upload_cluster_ingress_cert.go | 23 +++- .../managed_domains/list_managed_domains.go | 23 +++- .../versions/list_component_versions.go | 23 +++- 65 files changed, 865 insertions(+), 234 deletions(-) diff --git a/client/events/events_client.go b/client/events/events_client.go index bfe6470bb..7f065dd8f 100644 --- a/client/events/events_client.go +++ b/client/events/events_client.go @@ -54,6 +54,7 @@ func (a *Client) ListEvents(ctx context.Context, params *ListEventsParams) (*Lis Schemes: []string{"http"}, Params: params, Reader: &ListEventsReader{formats: a.formats}, + AuthInfo: a.authInfo, Context: ctx, Client: params.HTTPClient, }) diff --git a/client/events/list_events_responses.go b/client/events/list_events_responses.go index f06ba1e55..7ac40b61f 100644 --- a/client/events/list_events_responses.go +++ b/client/events/list_events_responses.go @@ -37,7 +37,7 @@ func (o *ListEventsReader) ReadResponse(response runtime.ClientResponse, consume return nil, result default: - return nil, runtime.NewAPIError("unknown error", response, response.Code()) + return nil, runtime.NewAPIError("response status code does not match any response statuses defined for this endpoint in the swagger spec", response, response.Code()) } } diff --git a/client/installer/cancel_installation_responses.go b/client/installer/cancel_installation_responses.go index 63e05011c..13b47bc5b 100644 --- a/client/installer/cancel_installation_responses.go +++ b/client/installer/cancel_installation_responses.go @@ -49,7 +49,7 @@ func (o *CancelInstallationReader) ReadResponse(response runtime.ClientResponse, return nil, result default: - return nil, runtime.NewAPIError("unknown error", response, response.Code()) + return nil, runtime.NewAPIError("response status code does not match any response statuses defined for this endpoint in the swagger spec", response, response.Code()) } } diff --git a/client/installer/complete_installation_responses.go b/client/installer/complete_installation_responses.go index f9db9b317..1fc51e398 100644 --- a/client/installer/complete_installation_responses.go +++ b/client/installer/complete_installation_responses.go @@ -49,7 +49,7 @@ func (o *CompleteInstallationReader) ReadResponse(response runtime.ClientRespons return nil, result default: - return nil, runtime.NewAPIError("unknown error", response, response.Code()) + return nil, runtime.NewAPIError("response status code does not match any response statuses defined for this endpoint in the swagger spec", response, response.Code()) } } diff --git a/client/installer/deregister_cluster_responses.go b/client/installer/deregister_cluster_responses.go index b80905f3c..c1533f5f5 100644 --- a/client/installer/deregister_cluster_responses.go +++ b/client/installer/deregister_cluster_responses.go @@ -49,7 +49,7 @@ func (o *DeregisterClusterReader) ReadResponse(response runtime.ClientResponse, return nil, result default: - return nil, runtime.NewAPIError("unknown error", response, response.Code()) + return nil, runtime.NewAPIError("response status code does not match any response statuses defined for this endpoint in the swagger spec", response, response.Code()) } } diff --git a/client/installer/deregister_host_responses.go b/client/installer/deregister_host_responses.go index b9b3b61e9..96bea840a 100644 --- a/client/installer/deregister_host_responses.go +++ b/client/installer/deregister_host_responses.go @@ -49,7 +49,7 @@ func (o *DeregisterHostReader) ReadResponse(response runtime.ClientResponse, con return nil, result default: - return nil, runtime.NewAPIError("unknown error", response, response.Code()) + return nil, runtime.NewAPIError("response status code does not match any response statuses defined for this endpoint in the swagger spec", response, response.Code()) } } diff --git a/client/installer/disable_host_responses.go b/client/installer/disable_host_responses.go index 7165cd6a5..045b1eba5 100644 --- a/client/installer/disable_host_responses.go +++ b/client/installer/disable_host_responses.go @@ -49,7 +49,7 @@ func (o *DisableHostReader) ReadResponse(response runtime.ClientResponse, consum return nil, result default: - return nil, runtime.NewAPIError("unknown error", response, response.Code()) + return nil, runtime.NewAPIError("response status code does not match any response statuses defined for this endpoint in the swagger spec", response, response.Code()) } } diff --git a/client/installer/download_cluster_files_responses.go b/client/installer/download_cluster_files_responses.go index 15984115e..22caf1536 100644 --- a/client/installer/download_cluster_files_responses.go +++ b/client/installer/download_cluster_files_responses.go @@ -50,7 +50,7 @@ func (o *DownloadClusterFilesReader) ReadResponse(response runtime.ClientRespons return nil, result default: - return nil, runtime.NewAPIError("unknown error", response, response.Code()) + return nil, runtime.NewAPIError("response status code does not match any response statuses defined for this endpoint in the swagger spec", response, response.Code()) } } diff --git a/client/installer/download_cluster_i_s_o_responses.go b/client/installer/download_cluster_i_s_o_responses.go index 9d3682da7..8df9a32af 100644 --- a/client/installer/download_cluster_i_s_o_responses.go +++ b/client/installer/download_cluster_i_s_o_responses.go @@ -50,7 +50,7 @@ func (o *DownloadClusterISOReader) ReadResponse(response runtime.ClientResponse, return nil, result default: - return nil, runtime.NewAPIError("unknown error", response, response.Code()) + return nil, runtime.NewAPIError("response status code does not match any response statuses defined for this endpoint in the swagger spec", response, response.Code()) } } diff --git a/client/installer/download_cluster_kubeconfig_responses.go b/client/installer/download_cluster_kubeconfig_responses.go index a81a9addb..2876fa8db 100644 --- a/client/installer/download_cluster_kubeconfig_responses.go +++ b/client/installer/download_cluster_kubeconfig_responses.go @@ -50,7 +50,7 @@ func (o *DownloadClusterKubeconfigReader) ReadResponse(response runtime.ClientRe return nil, result default: - return nil, runtime.NewAPIError("unknown error", response, response.Code()) + return nil, runtime.NewAPIError("response status code does not match any response statuses defined for this endpoint in the swagger spec", response, response.Code()) } } diff --git a/client/installer/enable_host_responses.go b/client/installer/enable_host_responses.go index 2bc9f380e..ae1f79f8e 100644 --- a/client/installer/enable_host_responses.go +++ b/client/installer/enable_host_responses.go @@ -49,7 +49,7 @@ func (o *EnableHostReader) ReadResponse(response runtime.ClientResponse, consume return nil, result default: - return nil, runtime.NewAPIError("unknown error", response, response.Code()) + return nil, runtime.NewAPIError("response status code does not match any response statuses defined for this endpoint in the swagger spec", response, response.Code()) } } diff --git a/client/installer/generate_cluster_i_s_o_responses.go b/client/installer/generate_cluster_i_s_o_responses.go index 4fefc1c1f..02764a574 100644 --- a/client/installer/generate_cluster_i_s_o_responses.go +++ b/client/installer/generate_cluster_i_s_o_responses.go @@ -55,7 +55,7 @@ func (o *GenerateClusterISOReader) ReadResponse(response runtime.ClientResponse, return nil, result default: - return nil, runtime.NewAPIError("unknown error", response, response.Code()) + return nil, runtime.NewAPIError("response status code does not match any response statuses defined for this endpoint in the swagger spec", response, response.Code()) } } diff --git a/client/installer/get_cluster_responses.go b/client/installer/get_cluster_responses.go index 1c2c60abf..f955924c3 100644 --- a/client/installer/get_cluster_responses.go +++ b/client/installer/get_cluster_responses.go @@ -43,7 +43,7 @@ func (o *GetClusterReader) ReadResponse(response runtime.ClientResponse, consume return nil, result default: - return nil, runtime.NewAPIError("unknown error", response, response.Code()) + return nil, runtime.NewAPIError("response status code does not match any response statuses defined for this endpoint in the swagger spec", response, response.Code()) } } diff --git a/client/installer/get_credentials_responses.go b/client/installer/get_credentials_responses.go index 233656981..76817c4a2 100644 --- a/client/installer/get_credentials_responses.go +++ b/client/installer/get_credentials_responses.go @@ -49,7 +49,7 @@ func (o *GetCredentialsReader) ReadResponse(response runtime.ClientResponse, con return nil, result default: - return nil, runtime.NewAPIError("unknown error", response, response.Code()) + return nil, runtime.NewAPIError("response status code does not match any response statuses defined for this endpoint in the swagger spec", response, response.Code()) } } diff --git a/client/installer/get_free_addresses_responses.go b/client/installer/get_free_addresses_responses.go index d05705516..6ceb167e2 100644 --- a/client/installer/get_free_addresses_responses.go +++ b/client/installer/get_free_addresses_responses.go @@ -43,7 +43,7 @@ func (o *GetFreeAddressesReader) ReadResponse(response runtime.ClientResponse, c return nil, result default: - return nil, runtime.NewAPIError("unknown error", response, response.Code()) + return nil, runtime.NewAPIError("response status code does not match any response statuses defined for this endpoint in the swagger spec", response, response.Code()) } } diff --git a/client/installer/get_host_responses.go b/client/installer/get_host_responses.go index 18adeac0c..fa112de9c 100644 --- a/client/installer/get_host_responses.go +++ b/client/installer/get_host_responses.go @@ -43,7 +43,7 @@ func (o *GetHostReader) ReadResponse(response runtime.ClientResponse, consumer r return nil, result default: - return nil, runtime.NewAPIError("unknown error", response, response.Code()) + return nil, runtime.NewAPIError("response status code does not match any response statuses defined for this endpoint in the swagger spec", response, response.Code()) } } diff --git a/client/installer/get_next_steps_responses.go b/client/installer/get_next_steps_responses.go index 08a7a965c..951c33ffe 100644 --- a/client/installer/get_next_steps_responses.go +++ b/client/installer/get_next_steps_responses.go @@ -43,7 +43,7 @@ func (o *GetNextStepsReader) ReadResponse(response runtime.ClientResponse, consu return nil, result default: - return nil, runtime.NewAPIError("unknown error", response, response.Code()) + return nil, runtime.NewAPIError("response status code does not match any response statuses defined for this endpoint in the swagger spec", response, response.Code()) } } diff --git a/client/installer/install_cluster_responses.go b/client/installer/install_cluster_responses.go index 1892b0d47..a00227890 100644 --- a/client/installer/install_cluster_responses.go +++ b/client/installer/install_cluster_responses.go @@ -55,7 +55,7 @@ func (o *InstallClusterReader) ReadResponse(response runtime.ClientResponse, con return nil, result default: - return nil, runtime.NewAPIError("unknown error", response, response.Code()) + return nil, runtime.NewAPIError("response status code does not match any response statuses defined for this endpoint in the swagger spec", response, response.Code()) } } diff --git a/client/installer/installer_client.go b/client/installer/installer_client.go index ed2f175ef..476a92b29 100644 --- a/client/installer/installer_client.go +++ b/client/installer/installer_client.go @@ -130,6 +130,7 @@ func (a *Client) CancelInstallation(ctx context.Context, params *CancelInstallat Schemes: []string{"http"}, Params: params, Reader: &CancelInstallationReader{formats: a.formats}, + AuthInfo: a.authInfo, Context: ctx, Client: params.HTTPClient, }) @@ -154,6 +155,7 @@ func (a *Client) CompleteInstallation(ctx context.Context, params *CompleteInsta Schemes: []string{"http"}, Params: params, Reader: &CompleteInstallationReader{formats: a.formats}, + AuthInfo: a.authInfo, Context: ctx, Client: params.HTTPClient, }) @@ -178,6 +180,7 @@ func (a *Client) DeregisterCluster(ctx context.Context, params *DeregisterCluste Schemes: []string{"http"}, Params: params, Reader: &DeregisterClusterReader{formats: a.formats}, + AuthInfo: a.authInfo, Context: ctx, Client: params.HTTPClient, }) @@ -202,6 +205,7 @@ func (a *Client) DeregisterHost(ctx context.Context, params *DeregisterHostParam Schemes: []string{"http"}, Params: params, Reader: &DeregisterHostReader{formats: a.formats}, + AuthInfo: a.authInfo, Context: ctx, Client: params.HTTPClient, }) @@ -226,6 +230,7 @@ func (a *Client) DisableHost(ctx context.Context, params *DisableHostParams) (*D Schemes: []string{"http"}, Params: params, Reader: &DisableHostReader{formats: a.formats}, + AuthInfo: a.authInfo, Context: ctx, Client: params.HTTPClient, }) @@ -250,6 +255,7 @@ func (a *Client) DownloadClusterFiles(ctx context.Context, params *DownloadClust Schemes: []string{"http"}, Params: params, Reader: &DownloadClusterFilesReader{formats: a.formats, writer: writer}, + AuthInfo: a.authInfo, Context: ctx, Client: params.HTTPClient, }) @@ -274,6 +280,7 @@ func (a *Client) DownloadClusterISO(ctx context.Context, params *DownloadCluster Schemes: []string{"http"}, Params: params, Reader: &DownloadClusterISOReader{formats: a.formats, writer: writer}, + AuthInfo: a.authInfo, Context: ctx, Client: params.HTTPClient, }) @@ -298,6 +305,7 @@ func (a *Client) DownloadClusterKubeconfig(ctx context.Context, params *Download Schemes: []string{"http"}, Params: params, Reader: &DownloadClusterKubeconfigReader{formats: a.formats, writer: writer}, + AuthInfo: a.authInfo, Context: ctx, Client: params.HTTPClient, }) @@ -322,6 +330,7 @@ func (a *Client) EnableHost(ctx context.Context, params *EnableHostParams) (*Ena Schemes: []string{"http"}, Params: params, Reader: &EnableHostReader{formats: a.formats}, + AuthInfo: a.authInfo, Context: ctx, Client: params.HTTPClient, }) @@ -346,6 +355,7 @@ func (a *Client) GenerateClusterISO(ctx context.Context, params *GenerateCluster Schemes: []string{"http"}, Params: params, Reader: &GenerateClusterISOReader{formats: a.formats}, + AuthInfo: a.authInfo, Context: ctx, Client: params.HTTPClient, }) @@ -370,6 +380,7 @@ func (a *Client) GetCluster(ctx context.Context, params *GetClusterParams) (*Get Schemes: []string{"http"}, Params: params, Reader: &GetClusterReader{formats: a.formats}, + AuthInfo: a.authInfo, Context: ctx, Client: params.HTTPClient, }) @@ -394,6 +405,7 @@ func (a *Client) GetCredentials(ctx context.Context, params *GetCredentialsParam Schemes: []string{"http"}, Params: params, Reader: &GetCredentialsReader{formats: a.formats}, + AuthInfo: a.authInfo, Context: ctx, Client: params.HTTPClient, }) @@ -418,6 +430,7 @@ func (a *Client) GetFreeAddresses(ctx context.Context, params *GetFreeAddressesP Schemes: []string{"http"}, Params: params, Reader: &GetFreeAddressesReader{formats: a.formats}, + AuthInfo: a.authInfo, Context: ctx, Client: params.HTTPClient, }) @@ -442,6 +455,7 @@ func (a *Client) GetHost(ctx context.Context, params *GetHostParams) (*GetHostOK Schemes: []string{"http"}, Params: params, Reader: &GetHostReader{formats: a.formats}, + AuthInfo: a.authInfo, Context: ctx, Client: params.HTTPClient, }) @@ -466,6 +480,7 @@ func (a *Client) GetNextSteps(ctx context.Context, params *GetNextStepsParams) ( Schemes: []string{"http"}, Params: params, Reader: &GetNextStepsReader{formats: a.formats}, + AuthInfo: a.authInfo, Context: ctx, Client: params.HTTPClient, }) @@ -490,6 +505,7 @@ func (a *Client) InstallCluster(ctx context.Context, params *InstallClusterParam Schemes: []string{"http"}, Params: params, Reader: &InstallClusterReader{formats: a.formats}, + AuthInfo: a.authInfo, Context: ctx, Client: params.HTTPClient, }) @@ -514,6 +530,7 @@ func (a *Client) ListClusters(ctx context.Context, params *ListClustersParams) ( Schemes: []string{"http"}, Params: params, Reader: &ListClustersReader{formats: a.formats}, + AuthInfo: a.authInfo, Context: ctx, Client: params.HTTPClient, }) @@ -538,6 +555,7 @@ func (a *Client) ListHosts(ctx context.Context, params *ListHostsParams) (*ListH Schemes: []string{"http"}, Params: params, Reader: &ListHostsReader{formats: a.formats}, + AuthInfo: a.authInfo, Context: ctx, Client: params.HTTPClient, }) @@ -562,6 +580,7 @@ func (a *Client) PostStepReply(ctx context.Context, params *PostStepReplyParams) Schemes: []string{"http"}, Params: params, Reader: &PostStepReplyReader{formats: a.formats}, + AuthInfo: a.authInfo, Context: ctx, Client: params.HTTPClient, }) @@ -586,6 +605,7 @@ func (a *Client) RegisterCluster(ctx context.Context, params *RegisterClusterPar Schemes: []string{"http"}, Params: params, Reader: &RegisterClusterReader{formats: a.formats}, + AuthInfo: a.authInfo, Context: ctx, Client: params.HTTPClient, }) @@ -610,6 +630,7 @@ func (a *Client) RegisterHost(ctx context.Context, params *RegisterHostParams) ( Schemes: []string{"http"}, Params: params, Reader: &RegisterHostReader{formats: a.formats}, + AuthInfo: a.authInfo, Context: ctx, Client: params.HTTPClient, }) @@ -634,6 +655,7 @@ func (a *Client) ResetCluster(ctx context.Context, params *ResetClusterParams) ( Schemes: []string{"http"}, Params: params, Reader: &ResetClusterReader{formats: a.formats}, + AuthInfo: a.authInfo, Context: ctx, Client: params.HTTPClient, }) @@ -658,6 +680,7 @@ func (a *Client) SetDebugStep(ctx context.Context, params *SetDebugStepParams) ( Schemes: []string{"http"}, Params: params, Reader: &SetDebugStepReader{formats: a.formats}, + AuthInfo: a.authInfo, Context: ctx, Client: params.HTTPClient, }) @@ -682,6 +705,7 @@ func (a *Client) UpdateCluster(ctx context.Context, params *UpdateClusterParams) Schemes: []string{"http"}, Params: params, Reader: &UpdateClusterReader{formats: a.formats}, + AuthInfo: a.authInfo, Context: ctx, Client: params.HTTPClient, }) @@ -706,6 +730,7 @@ func (a *Client) UpdateHostInstallProgress(ctx context.Context, params *UpdateHo Schemes: []string{"http"}, Params: params, Reader: &UpdateHostInstallProgressReader{formats: a.formats}, + AuthInfo: a.authInfo, Context: ctx, Client: params.HTTPClient, }) @@ -730,6 +755,7 @@ func (a *Client) UploadClusterIngressCert(ctx context.Context, params *UploadClu Schemes: []string{"http"}, Params: params, Reader: &UploadClusterIngressCertReader{formats: a.formats}, + AuthInfo: a.authInfo, Context: ctx, Client: params.HTTPClient, }) diff --git a/client/installer/list_clusters_responses.go b/client/installer/list_clusters_responses.go index 41ee72894..cce7e31ca 100644 --- a/client/installer/list_clusters_responses.go +++ b/client/installer/list_clusters_responses.go @@ -37,7 +37,7 @@ func (o *ListClustersReader) ReadResponse(response runtime.ClientResponse, consu return nil, result default: - return nil, runtime.NewAPIError("unknown error", response, response.Code()) + return nil, runtime.NewAPIError("response status code does not match any response statuses defined for this endpoint in the swagger spec", response, response.Code()) } } diff --git a/client/installer/list_hosts_responses.go b/client/installer/list_hosts_responses.go index d0bd86403..a7eebb7ee 100644 --- a/client/installer/list_hosts_responses.go +++ b/client/installer/list_hosts_responses.go @@ -37,7 +37,7 @@ func (o *ListHostsReader) ReadResponse(response runtime.ClientResponse, consumer return nil, result default: - return nil, runtime.NewAPIError("unknown error", response, response.Code()) + return nil, runtime.NewAPIError("response status code does not match any response statuses defined for this endpoint in the swagger spec", response, response.Code()) } } diff --git a/client/installer/post_step_reply_responses.go b/client/installer/post_step_reply_responses.go index 892ad8906..95d4361e2 100644 --- a/client/installer/post_step_reply_responses.go +++ b/client/installer/post_step_reply_responses.go @@ -49,7 +49,7 @@ func (o *PostStepReplyReader) ReadResponse(response runtime.ClientResponse, cons return nil, result default: - return nil, runtime.NewAPIError("unknown error", response, response.Code()) + return nil, runtime.NewAPIError("response status code does not match any response statuses defined for this endpoint in the swagger spec", response, response.Code()) } } diff --git a/client/installer/register_cluster_responses.go b/client/installer/register_cluster_responses.go index 3f6cb4a39..d93534d12 100644 --- a/client/installer/register_cluster_responses.go +++ b/client/installer/register_cluster_responses.go @@ -43,7 +43,7 @@ func (o *RegisterClusterReader) ReadResponse(response runtime.ClientResponse, co return nil, result default: - return nil, runtime.NewAPIError("unknown error", response, response.Code()) + return nil, runtime.NewAPIError("response status code does not match any response statuses defined for this endpoint in the swagger spec", response, response.Code()) } } diff --git a/client/installer/register_host_responses.go b/client/installer/register_host_responses.go index 8fcfeddc7..8d9974964 100644 --- a/client/installer/register_host_responses.go +++ b/client/installer/register_host_responses.go @@ -55,7 +55,7 @@ func (o *RegisterHostReader) ReadResponse(response runtime.ClientResponse, consu return nil, result default: - return nil, runtime.NewAPIError("unknown error", response, response.Code()) + return nil, runtime.NewAPIError("response status code does not match any response statuses defined for this endpoint in the swagger spec", response, response.Code()) } } diff --git a/client/installer/reset_cluster_responses.go b/client/installer/reset_cluster_responses.go index 8e21466ad..f67abbbe9 100644 --- a/client/installer/reset_cluster_responses.go +++ b/client/installer/reset_cluster_responses.go @@ -49,7 +49,7 @@ func (o *ResetClusterReader) ReadResponse(response runtime.ClientResponse, consu return nil, result default: - return nil, runtime.NewAPIError("unknown error", response, response.Code()) + return nil, runtime.NewAPIError("response status code does not match any response statuses defined for this endpoint in the swagger spec", response, response.Code()) } } diff --git a/client/installer/set_debug_step_responses.go b/client/installer/set_debug_step_responses.go index e5d4ee570..862d68cb8 100644 --- a/client/installer/set_debug_step_responses.go +++ b/client/installer/set_debug_step_responses.go @@ -43,7 +43,7 @@ func (o *SetDebugStepReader) ReadResponse(response runtime.ClientResponse, consu return nil, result default: - return nil, runtime.NewAPIError("unknown error", response, response.Code()) + return nil, runtime.NewAPIError("response status code does not match any response statuses defined for this endpoint in the swagger spec", response, response.Code()) } } diff --git a/client/installer/update_cluster_responses.go b/client/installer/update_cluster_responses.go index 2e86319b8..7113cc8ca 100644 --- a/client/installer/update_cluster_responses.go +++ b/client/installer/update_cluster_responses.go @@ -55,7 +55,7 @@ func (o *UpdateClusterReader) ReadResponse(response runtime.ClientResponse, cons return nil, result default: - return nil, runtime.NewAPIError("unknown error", response, response.Code()) + return nil, runtime.NewAPIError("response status code does not match any response statuses defined for this endpoint in the swagger spec", response, response.Code()) } } diff --git a/client/installer/update_host_install_progress_responses.go b/client/installer/update_host_install_progress_responses.go index bead39dea..409998aa2 100644 --- a/client/installer/update_host_install_progress_responses.go +++ b/client/installer/update_host_install_progress_responses.go @@ -43,7 +43,7 @@ func (o *UpdateHostInstallProgressReader) ReadResponse(response runtime.ClientRe return nil, result default: - return nil, runtime.NewAPIError("unknown error", response, response.Code()) + return nil, runtime.NewAPIError("response status code does not match any response statuses defined for this endpoint in the swagger spec", response, response.Code()) } } diff --git a/client/installer/upload_cluster_ingress_cert_responses.go b/client/installer/upload_cluster_ingress_cert_responses.go index ef72ac6d5..25555b876 100644 --- a/client/installer/upload_cluster_ingress_cert_responses.go +++ b/client/installer/upload_cluster_ingress_cert_responses.go @@ -49,7 +49,7 @@ func (o *UploadClusterIngressCertReader) ReadResponse(response runtime.ClientRes return nil, result default: - return nil, runtime.NewAPIError("unknown error", response, response.Code()) + return nil, runtime.NewAPIError("response status code does not match any response statuses defined for this endpoint in the swagger spec", response, response.Code()) } } diff --git a/client/managed_domains/list_managed_domains_responses.go b/client/managed_domains/list_managed_domains_responses.go index 6e8a61a0f..c0dc8e556 100644 --- a/client/managed_domains/list_managed_domains_responses.go +++ b/client/managed_domains/list_managed_domains_responses.go @@ -37,7 +37,7 @@ func (o *ListManagedDomainsReader) ReadResponse(response runtime.ClientResponse, return nil, result default: - return nil, runtime.NewAPIError("unknown error", response, response.Code()) + return nil, runtime.NewAPIError("response status code does not match any response statuses defined for this endpoint in the swagger spec", response, response.Code()) } } diff --git a/client/managed_domains/managed_domains_client.go b/client/managed_domains/managed_domains_client.go index 5b14d9d78..57e52dd0d 100644 --- a/client/managed_domains/managed_domains_client.go +++ b/client/managed_domains/managed_domains_client.go @@ -54,6 +54,7 @@ func (a *Client) ListManagedDomains(ctx context.Context, params *ListManagedDoma Schemes: []string{"http"}, Params: params, Reader: &ListManagedDomainsReader{formats: a.formats}, + AuthInfo: a.authInfo, Context: ctx, Client: params.HTTPClient, }) diff --git a/client/versions/list_component_versions_responses.go b/client/versions/list_component_versions_responses.go index 50ebb10e1..10020e76c 100644 --- a/client/versions/list_component_versions_responses.go +++ b/client/versions/list_component_versions_responses.go @@ -31,7 +31,7 @@ func (o *ListComponentVersionsReader) ReadResponse(response runtime.ClientRespon return result, nil default: - return nil, runtime.NewAPIError("unknown error", response, response.Code()) + return nil, runtime.NewAPIError("response status code does not match any response statuses defined for this endpoint in the swagger spec", response, response.Code()) } } diff --git a/client/versions/versions_client.go b/client/versions/versions_client.go index 0f9f1f02f..75f22fd12 100644 --- a/client/versions/versions_client.go +++ b/client/versions/versions_client.go @@ -54,6 +54,7 @@ func (a *Client) ListComponentVersions(ctx context.Context, params *ListComponen Schemes: []string{"http"}, Params: params, Reader: &ListComponentVersionsReader{formats: a.formats}, + AuthInfo: a.authInfo, Context: ctx, Client: params.HTTPClient, }) diff --git a/restapi/configure_assisted_install.go b/restapi/configure_assisted_install.go index 6306eaecf..806d0bf4e 100644 --- a/restapi/configure_assisted_install.go +++ b/restapi/configure_assisted_install.go @@ -12,6 +12,7 @@ import ( "github.com/go-openapi/loads" "github.com/go-openapi/runtime" "github.com/go-openapi/runtime/middleware" + "github.com/go-openapi/runtime/security" "github.com/filanov/bm-inventory/restapi/operations" "github.com/filanov/bm-inventory/restapi/operations/events" @@ -145,6 +146,19 @@ type Config struct { // Authorizer is used to authorize a request after the Auth function was called using the "Auth*" functions // and the principal was stored in the context in the "AuthKey" context value. Authorizer func(*http.Request) error + + // AuthAgentAuth Applies when the "X-Secret-Key" header is set + AuthAgentAuth func(token string) (interface{}, error) + + // AuthUserAuth Applies when the "Authorization" header is set + AuthUserAuth func(token string) (interface{}, error) + + // Authenticator to use for all APIKey authentication + APIKeyAuthenticator func(string, string, security.TokenAuthentication) runtime.Authenticator + // Authenticator to use for all Bearer authentication + BasicAuthenticator func(security.UserPassAuthentication) runtime.Authenticator + // Authenticator to use for all Basic authentication + BearerAuthenticator func(string, security.ScopedTokenAuthentication) runtime.Authenticator } // Handler returns an http.Handler given the handler configuration @@ -166,123 +180,177 @@ func HandlerAPI(c Config) (http.Handler, *operations.AssistedInstallAPI, error) api.ServeError = errors.ServeError api.Logger = c.Logger + if c.APIKeyAuthenticator != nil { + api.APIKeyAuthenticator = c.APIKeyAuthenticator + } + if c.BasicAuthenticator != nil { + api.BasicAuthenticator = c.BasicAuthenticator + } + if c.BearerAuthenticator != nil { + api.BearerAuthenticator = c.BearerAuthenticator + } + api.JSONConsumer = runtime.JSONConsumer() api.BinProducer = runtime.ByteStreamProducer() api.JSONProducer = runtime.JSONProducer() - api.InstallerCancelInstallationHandler = installer.CancelInstallationHandlerFunc(func(params installer.CancelInstallationParams) middleware.Responder { + api.AgentAuthAuth = func(token string) (interface{}, error) { + if c.AuthAgentAuth == nil { + return token, nil + } + return c.AuthAgentAuth(token) + } + + api.UserAuthAuth = func(token string) (interface{}, error) { + if c.AuthUserAuth == nil { + return token, nil + } + return c.AuthUserAuth(token) + } + + api.APIAuthorizer = authorizer(c.Authorizer) + api.InstallerCancelInstallationHandler = installer.CancelInstallationHandlerFunc(func(params installer.CancelInstallationParams, principal interface{}) middleware.Responder { ctx := params.HTTPRequest.Context() + ctx = storeAuth(ctx, principal) return c.InstallerAPI.CancelInstallation(ctx, params) }) - api.InstallerCompleteInstallationHandler = installer.CompleteInstallationHandlerFunc(func(params installer.CompleteInstallationParams) middleware.Responder { + api.InstallerCompleteInstallationHandler = installer.CompleteInstallationHandlerFunc(func(params installer.CompleteInstallationParams, principal interface{}) middleware.Responder { ctx := params.HTTPRequest.Context() + ctx = storeAuth(ctx, principal) return c.InstallerAPI.CompleteInstallation(ctx, params) }) - api.InstallerDeregisterClusterHandler = installer.DeregisterClusterHandlerFunc(func(params installer.DeregisterClusterParams) middleware.Responder { + api.InstallerDeregisterClusterHandler = installer.DeregisterClusterHandlerFunc(func(params installer.DeregisterClusterParams, principal interface{}) middleware.Responder { ctx := params.HTTPRequest.Context() + ctx = storeAuth(ctx, principal) return c.InstallerAPI.DeregisterCluster(ctx, params) }) - api.InstallerDeregisterHostHandler = installer.DeregisterHostHandlerFunc(func(params installer.DeregisterHostParams) middleware.Responder { + api.InstallerDeregisterHostHandler = installer.DeregisterHostHandlerFunc(func(params installer.DeregisterHostParams, principal interface{}) middleware.Responder { ctx := params.HTTPRequest.Context() + ctx = storeAuth(ctx, principal) return c.InstallerAPI.DeregisterHost(ctx, params) }) - api.InstallerDisableHostHandler = installer.DisableHostHandlerFunc(func(params installer.DisableHostParams) middleware.Responder { + api.InstallerDisableHostHandler = installer.DisableHostHandlerFunc(func(params installer.DisableHostParams, principal interface{}) middleware.Responder { ctx := params.HTTPRequest.Context() + ctx = storeAuth(ctx, principal) return c.InstallerAPI.DisableHost(ctx, params) }) - api.InstallerDownloadClusterFilesHandler = installer.DownloadClusterFilesHandlerFunc(func(params installer.DownloadClusterFilesParams) middleware.Responder { + api.InstallerDownloadClusterFilesHandler = installer.DownloadClusterFilesHandlerFunc(func(params installer.DownloadClusterFilesParams, principal interface{}) middleware.Responder { ctx := params.HTTPRequest.Context() + ctx = storeAuth(ctx, principal) return c.InstallerAPI.DownloadClusterFiles(ctx, params) }) - api.InstallerDownloadClusterISOHandler = installer.DownloadClusterISOHandlerFunc(func(params installer.DownloadClusterISOParams) middleware.Responder { + api.InstallerDownloadClusterISOHandler = installer.DownloadClusterISOHandlerFunc(func(params installer.DownloadClusterISOParams, principal interface{}) middleware.Responder { ctx := params.HTTPRequest.Context() + ctx = storeAuth(ctx, principal) return c.InstallerAPI.DownloadClusterISO(ctx, params) }) - api.InstallerDownloadClusterKubeconfigHandler = installer.DownloadClusterKubeconfigHandlerFunc(func(params installer.DownloadClusterKubeconfigParams) middleware.Responder { + api.InstallerDownloadClusterKubeconfigHandler = installer.DownloadClusterKubeconfigHandlerFunc(func(params installer.DownloadClusterKubeconfigParams, principal interface{}) middleware.Responder { ctx := params.HTTPRequest.Context() + ctx = storeAuth(ctx, principal) return c.InstallerAPI.DownloadClusterKubeconfig(ctx, params) }) - api.InstallerEnableHostHandler = installer.EnableHostHandlerFunc(func(params installer.EnableHostParams) middleware.Responder { + api.InstallerEnableHostHandler = installer.EnableHostHandlerFunc(func(params installer.EnableHostParams, principal interface{}) middleware.Responder { ctx := params.HTTPRequest.Context() + ctx = storeAuth(ctx, principal) return c.InstallerAPI.EnableHost(ctx, params) }) - api.InstallerGenerateClusterISOHandler = installer.GenerateClusterISOHandlerFunc(func(params installer.GenerateClusterISOParams) middleware.Responder { + api.InstallerGenerateClusterISOHandler = installer.GenerateClusterISOHandlerFunc(func(params installer.GenerateClusterISOParams, principal interface{}) middleware.Responder { ctx := params.HTTPRequest.Context() + ctx = storeAuth(ctx, principal) return c.InstallerAPI.GenerateClusterISO(ctx, params) }) - api.InstallerGetClusterHandler = installer.GetClusterHandlerFunc(func(params installer.GetClusterParams) middleware.Responder { + api.InstallerGetClusterHandler = installer.GetClusterHandlerFunc(func(params installer.GetClusterParams, principal interface{}) middleware.Responder { ctx := params.HTTPRequest.Context() + ctx = storeAuth(ctx, principal) return c.InstallerAPI.GetCluster(ctx, params) }) - api.InstallerGetCredentialsHandler = installer.GetCredentialsHandlerFunc(func(params installer.GetCredentialsParams) middleware.Responder { + api.InstallerGetCredentialsHandler = installer.GetCredentialsHandlerFunc(func(params installer.GetCredentialsParams, principal interface{}) middleware.Responder { ctx := params.HTTPRequest.Context() + ctx = storeAuth(ctx, principal) return c.InstallerAPI.GetCredentials(ctx, params) }) - api.InstallerGetFreeAddressesHandler = installer.GetFreeAddressesHandlerFunc(func(params installer.GetFreeAddressesParams) middleware.Responder { + api.InstallerGetFreeAddressesHandler = installer.GetFreeAddressesHandlerFunc(func(params installer.GetFreeAddressesParams, principal interface{}) middleware.Responder { ctx := params.HTTPRequest.Context() + ctx = storeAuth(ctx, principal) return c.InstallerAPI.GetFreeAddresses(ctx, params) }) - api.InstallerGetHostHandler = installer.GetHostHandlerFunc(func(params installer.GetHostParams) middleware.Responder { + api.InstallerGetHostHandler = installer.GetHostHandlerFunc(func(params installer.GetHostParams, principal interface{}) middleware.Responder { ctx := params.HTTPRequest.Context() + ctx = storeAuth(ctx, principal) return c.InstallerAPI.GetHost(ctx, params) }) - api.InstallerGetNextStepsHandler = installer.GetNextStepsHandlerFunc(func(params installer.GetNextStepsParams) middleware.Responder { + api.InstallerGetNextStepsHandler = installer.GetNextStepsHandlerFunc(func(params installer.GetNextStepsParams, principal interface{}) middleware.Responder { ctx := params.HTTPRequest.Context() + ctx = storeAuth(ctx, principal) return c.InstallerAPI.GetNextSteps(ctx, params) }) - api.InstallerInstallClusterHandler = installer.InstallClusterHandlerFunc(func(params installer.InstallClusterParams) middleware.Responder { + api.InstallerInstallClusterHandler = installer.InstallClusterHandlerFunc(func(params installer.InstallClusterParams, principal interface{}) middleware.Responder { ctx := params.HTTPRequest.Context() + ctx = storeAuth(ctx, principal) return c.InstallerAPI.InstallCluster(ctx, params) }) - api.InstallerListClustersHandler = installer.ListClustersHandlerFunc(func(params installer.ListClustersParams) middleware.Responder { + api.InstallerListClustersHandler = installer.ListClustersHandlerFunc(func(params installer.ListClustersParams, principal interface{}) middleware.Responder { ctx := params.HTTPRequest.Context() + ctx = storeAuth(ctx, principal) return c.InstallerAPI.ListClusters(ctx, params) }) - api.VersionsListComponentVersionsHandler = versions.ListComponentVersionsHandlerFunc(func(params versions.ListComponentVersionsParams) middleware.Responder { + api.VersionsListComponentVersionsHandler = versions.ListComponentVersionsHandlerFunc(func(params versions.ListComponentVersionsParams, principal interface{}) middleware.Responder { ctx := params.HTTPRequest.Context() + ctx = storeAuth(ctx, principal) return c.VersionsAPI.ListComponentVersions(ctx, params) }) - api.EventsListEventsHandler = events.ListEventsHandlerFunc(func(params events.ListEventsParams) middleware.Responder { + api.EventsListEventsHandler = events.ListEventsHandlerFunc(func(params events.ListEventsParams, principal interface{}) middleware.Responder { ctx := params.HTTPRequest.Context() + ctx = storeAuth(ctx, principal) return c.EventsAPI.ListEvents(ctx, params) }) - api.InstallerListHostsHandler = installer.ListHostsHandlerFunc(func(params installer.ListHostsParams) middleware.Responder { + api.InstallerListHostsHandler = installer.ListHostsHandlerFunc(func(params installer.ListHostsParams, principal interface{}) middleware.Responder { ctx := params.HTTPRequest.Context() + ctx = storeAuth(ctx, principal) return c.InstallerAPI.ListHosts(ctx, params) }) - api.ManagedDomainsListManagedDomainsHandler = managed_domains.ListManagedDomainsHandlerFunc(func(params managed_domains.ListManagedDomainsParams) middleware.Responder { + api.ManagedDomainsListManagedDomainsHandler = managed_domains.ListManagedDomainsHandlerFunc(func(params managed_domains.ListManagedDomainsParams, principal interface{}) middleware.Responder { ctx := params.HTTPRequest.Context() + ctx = storeAuth(ctx, principal) return c.ManagedDomainsAPI.ListManagedDomains(ctx, params) }) - api.InstallerPostStepReplyHandler = installer.PostStepReplyHandlerFunc(func(params installer.PostStepReplyParams) middleware.Responder { + api.InstallerPostStepReplyHandler = installer.PostStepReplyHandlerFunc(func(params installer.PostStepReplyParams, principal interface{}) middleware.Responder { ctx := params.HTTPRequest.Context() + ctx = storeAuth(ctx, principal) return c.InstallerAPI.PostStepReply(ctx, params) }) - api.InstallerRegisterClusterHandler = installer.RegisterClusterHandlerFunc(func(params installer.RegisterClusterParams) middleware.Responder { + api.InstallerRegisterClusterHandler = installer.RegisterClusterHandlerFunc(func(params installer.RegisterClusterParams, principal interface{}) middleware.Responder { ctx := params.HTTPRequest.Context() + ctx = storeAuth(ctx, principal) return c.InstallerAPI.RegisterCluster(ctx, params) }) - api.InstallerRegisterHostHandler = installer.RegisterHostHandlerFunc(func(params installer.RegisterHostParams) middleware.Responder { + api.InstallerRegisterHostHandler = installer.RegisterHostHandlerFunc(func(params installer.RegisterHostParams, principal interface{}) middleware.Responder { ctx := params.HTTPRequest.Context() + ctx = storeAuth(ctx, principal) return c.InstallerAPI.RegisterHost(ctx, params) }) - api.InstallerResetClusterHandler = installer.ResetClusterHandlerFunc(func(params installer.ResetClusterParams) middleware.Responder { + api.InstallerResetClusterHandler = installer.ResetClusterHandlerFunc(func(params installer.ResetClusterParams, principal interface{}) middleware.Responder { ctx := params.HTTPRequest.Context() + ctx = storeAuth(ctx, principal) return c.InstallerAPI.ResetCluster(ctx, params) }) - api.InstallerSetDebugStepHandler = installer.SetDebugStepHandlerFunc(func(params installer.SetDebugStepParams) middleware.Responder { + api.InstallerSetDebugStepHandler = installer.SetDebugStepHandlerFunc(func(params installer.SetDebugStepParams, principal interface{}) middleware.Responder { ctx := params.HTTPRequest.Context() + ctx = storeAuth(ctx, principal) return c.InstallerAPI.SetDebugStep(ctx, params) }) - api.InstallerUpdateClusterHandler = installer.UpdateClusterHandlerFunc(func(params installer.UpdateClusterParams) middleware.Responder { + api.InstallerUpdateClusterHandler = installer.UpdateClusterHandlerFunc(func(params installer.UpdateClusterParams, principal interface{}) middleware.Responder { ctx := params.HTTPRequest.Context() + ctx = storeAuth(ctx, principal) return c.InstallerAPI.UpdateCluster(ctx, params) }) - api.InstallerUpdateHostInstallProgressHandler = installer.UpdateHostInstallProgressHandlerFunc(func(params installer.UpdateHostInstallProgressParams) middleware.Responder { + api.InstallerUpdateHostInstallProgressHandler = installer.UpdateHostInstallProgressHandlerFunc(func(params installer.UpdateHostInstallProgressParams, principal interface{}) middleware.Responder { ctx := params.HTTPRequest.Context() + ctx = storeAuth(ctx, principal) return c.InstallerAPI.UpdateHostInstallProgress(ctx, params) }) - api.InstallerUploadClusterIngressCertHandler = installer.UploadClusterIngressCertHandlerFunc(func(params installer.UploadClusterIngressCertParams) middleware.Responder { + api.InstallerUploadClusterIngressCertHandler = installer.UploadClusterIngressCertHandlerFunc(func(params installer.UploadClusterIngressCertParams, principal interface{}) middleware.Responder { ctx := params.HTTPRequest.Context() + ctx = storeAuth(ctx, principal) return c.InstallerAPI.UploadClusterIngressCert(ctx, params) }) api.ServerShutdown = func() {} diff --git a/restapi/embedded_spec.go b/restapi/embedded_spec.go index 6d1e2230c..b8e82ea5e 100644 --- a/restapi/embedded_spec.go +++ b/restapi/embedded_spec.go @@ -465,6 +465,14 @@ func init() { }, "/clusters/{cluster_id}/downloads/files": { "get": { + "security": [ + { + "userAuth": [] + }, + { + "agentAuth": [] + } + ], "produces": [ "application/octet-stream" ], @@ -768,6 +776,11 @@ func init() { } }, "post": { + "security": [ + { + "agentAuth": [] + } + ], "tags": [ "installer" ], @@ -1067,6 +1080,11 @@ func init() { }, "/clusters/{cluster_id}/hosts/{host_id}/instructions": { "get": { + "security": [ + { + "agentAuth": [] + } + ], "tags": [ "installer" ], @@ -1110,6 +1128,11 @@ func init() { } }, "post": { + "security": [ + { + "agentAuth": [] + } + ], "tags": [ "installer" ], @@ -1165,6 +1188,11 @@ func init() { }, "/clusters/{cluster_id}/hosts/{host_id}/progress": { "put": { + "security": [ + { + "agentAuth": [] + } + ], "tags": [ "installer" ], @@ -1218,6 +1246,11 @@ func init() { }, "/clusters/{cluster_id}/uploads/ingress-cert": { "post": { + "security": [ + { + "agentAuth": [] + } + ], "tags": [ "installer" ], @@ -2513,6 +2546,23 @@ func init() { } } }, + "securityDefinitions": { + "agentAuth": { + "type": "apiKey", + "name": "X-Secret-Key", + "in": "header" + }, + "userAuth": { + "type": "apiKey", + "name": "Authorization", + "in": "header" + } + }, + "security": [ + { + "userAuth": [] + } + ], "tags": [ { "description": "Assisted bare metal installation", @@ -2968,6 +3018,14 @@ func init() { }, "/clusters/{cluster_id}/downloads/files": { "get": { + "security": [ + { + "userAuth": [] + }, + { + "agentAuth": [] + } + ], "produces": [ "application/octet-stream" ], @@ -3271,6 +3329,11 @@ func init() { } }, "post": { + "security": [ + { + "agentAuth": [] + } + ], "tags": [ "installer" ], @@ -3570,6 +3633,11 @@ func init() { }, "/clusters/{cluster_id}/hosts/{host_id}/instructions": { "get": { + "security": [ + { + "agentAuth": [] + } + ], "tags": [ "installer" ], @@ -3613,6 +3681,11 @@ func init() { } }, "post": { + "security": [ + { + "agentAuth": [] + } + ], "tags": [ "installer" ], @@ -3668,6 +3741,11 @@ func init() { }, "/clusters/{cluster_id}/hosts/{host_id}/progress": { "put": { + "security": [ + { + "agentAuth": [] + } + ], "tags": [ "installer" ], @@ -3721,6 +3799,11 @@ func init() { }, "/clusters/{cluster_id}/uploads/ingress-cert": { "post": { + "security": [ + { + "agentAuth": [] + } + ], "tags": [ "installer" ], @@ -5022,6 +5105,23 @@ func init() { } } }, + "securityDefinitions": { + "agentAuth": { + "type": "apiKey", + "name": "X-Secret-Key", + "in": "header" + }, + "userAuth": { + "type": "apiKey", + "name": "Authorization", + "in": "header" + } + }, + "security": [ + { + "userAuth": [] + } + ], "tags": [ { "description": "Assisted bare metal installation", diff --git a/restapi/operations/assisted_install_api.go b/restapi/operations/assisted_install_api.go index 007694242..b7aa41645 100644 --- a/restapi/operations/assisted_install_api.go +++ b/restapi/operations/assisted_install_api.go @@ -37,6 +37,7 @@ func NewAssistedInstallAPI(spec *loads.Document) *AssistedInstallAPI { PreServerShutdown: func() {}, ServerShutdown: func() {}, spec: spec, + useSwaggerUI: false, ServeError: errors.ServeError, BasicAuthenticator: security.BasicAuth, APIKeyAuthenticator: security.APIKeyAuth, @@ -47,93 +48,104 @@ func NewAssistedInstallAPI(spec *loads.Document) *AssistedInstallAPI { BinProducer: runtime.ByteStreamProducer(), JSONProducer: runtime.JSONProducer(), - InstallerCancelInstallationHandler: installer.CancelInstallationHandlerFunc(func(params installer.CancelInstallationParams) middleware.Responder { + InstallerCancelInstallationHandler: installer.CancelInstallationHandlerFunc(func(params installer.CancelInstallationParams, principal interface{}) middleware.Responder { return middleware.NotImplemented("operation installer.CancelInstallation has not yet been implemented") }), - InstallerCompleteInstallationHandler: installer.CompleteInstallationHandlerFunc(func(params installer.CompleteInstallationParams) middleware.Responder { + InstallerCompleteInstallationHandler: installer.CompleteInstallationHandlerFunc(func(params installer.CompleteInstallationParams, principal interface{}) middleware.Responder { return middleware.NotImplemented("operation installer.CompleteInstallation has not yet been implemented") }), - InstallerDeregisterClusterHandler: installer.DeregisterClusterHandlerFunc(func(params installer.DeregisterClusterParams) middleware.Responder { + InstallerDeregisterClusterHandler: installer.DeregisterClusterHandlerFunc(func(params installer.DeregisterClusterParams, principal interface{}) middleware.Responder { return middleware.NotImplemented("operation installer.DeregisterCluster has not yet been implemented") }), - InstallerDeregisterHostHandler: installer.DeregisterHostHandlerFunc(func(params installer.DeregisterHostParams) middleware.Responder { + InstallerDeregisterHostHandler: installer.DeregisterHostHandlerFunc(func(params installer.DeregisterHostParams, principal interface{}) middleware.Responder { return middleware.NotImplemented("operation installer.DeregisterHost has not yet been implemented") }), - InstallerDisableHostHandler: installer.DisableHostHandlerFunc(func(params installer.DisableHostParams) middleware.Responder { + InstallerDisableHostHandler: installer.DisableHostHandlerFunc(func(params installer.DisableHostParams, principal interface{}) middleware.Responder { return middleware.NotImplemented("operation installer.DisableHost has not yet been implemented") }), - InstallerDownloadClusterFilesHandler: installer.DownloadClusterFilesHandlerFunc(func(params installer.DownloadClusterFilesParams) middleware.Responder { + InstallerDownloadClusterFilesHandler: installer.DownloadClusterFilesHandlerFunc(func(params installer.DownloadClusterFilesParams, principal interface{}) middleware.Responder { return middleware.NotImplemented("operation installer.DownloadClusterFiles has not yet been implemented") }), - InstallerDownloadClusterISOHandler: installer.DownloadClusterISOHandlerFunc(func(params installer.DownloadClusterISOParams) middleware.Responder { + InstallerDownloadClusterISOHandler: installer.DownloadClusterISOHandlerFunc(func(params installer.DownloadClusterISOParams, principal interface{}) middleware.Responder { return middleware.NotImplemented("operation installer.DownloadClusterISO has not yet been implemented") }), - InstallerDownloadClusterKubeconfigHandler: installer.DownloadClusterKubeconfigHandlerFunc(func(params installer.DownloadClusterKubeconfigParams) middleware.Responder { + InstallerDownloadClusterKubeconfigHandler: installer.DownloadClusterKubeconfigHandlerFunc(func(params installer.DownloadClusterKubeconfigParams, principal interface{}) middleware.Responder { return middleware.NotImplemented("operation installer.DownloadClusterKubeconfig has not yet been implemented") }), - InstallerEnableHostHandler: installer.EnableHostHandlerFunc(func(params installer.EnableHostParams) middleware.Responder { + InstallerEnableHostHandler: installer.EnableHostHandlerFunc(func(params installer.EnableHostParams, principal interface{}) middleware.Responder { return middleware.NotImplemented("operation installer.EnableHost has not yet been implemented") }), - InstallerGenerateClusterISOHandler: installer.GenerateClusterISOHandlerFunc(func(params installer.GenerateClusterISOParams) middleware.Responder { + InstallerGenerateClusterISOHandler: installer.GenerateClusterISOHandlerFunc(func(params installer.GenerateClusterISOParams, principal interface{}) middleware.Responder { return middleware.NotImplemented("operation installer.GenerateClusterISO has not yet been implemented") }), - InstallerGetClusterHandler: installer.GetClusterHandlerFunc(func(params installer.GetClusterParams) middleware.Responder { + InstallerGetClusterHandler: installer.GetClusterHandlerFunc(func(params installer.GetClusterParams, principal interface{}) middleware.Responder { return middleware.NotImplemented("operation installer.GetCluster has not yet been implemented") }), - InstallerGetCredentialsHandler: installer.GetCredentialsHandlerFunc(func(params installer.GetCredentialsParams) middleware.Responder { + InstallerGetCredentialsHandler: installer.GetCredentialsHandlerFunc(func(params installer.GetCredentialsParams, principal interface{}) middleware.Responder { return middleware.NotImplemented("operation installer.GetCredentials has not yet been implemented") }), - InstallerGetFreeAddressesHandler: installer.GetFreeAddressesHandlerFunc(func(params installer.GetFreeAddressesParams) middleware.Responder { + InstallerGetFreeAddressesHandler: installer.GetFreeAddressesHandlerFunc(func(params installer.GetFreeAddressesParams, principal interface{}) middleware.Responder { return middleware.NotImplemented("operation installer.GetFreeAddresses has not yet been implemented") }), - InstallerGetHostHandler: installer.GetHostHandlerFunc(func(params installer.GetHostParams) middleware.Responder { + InstallerGetHostHandler: installer.GetHostHandlerFunc(func(params installer.GetHostParams, principal interface{}) middleware.Responder { return middleware.NotImplemented("operation installer.GetHost has not yet been implemented") }), - InstallerGetNextStepsHandler: installer.GetNextStepsHandlerFunc(func(params installer.GetNextStepsParams) middleware.Responder { + InstallerGetNextStepsHandler: installer.GetNextStepsHandlerFunc(func(params installer.GetNextStepsParams, principal interface{}) middleware.Responder { return middleware.NotImplemented("operation installer.GetNextSteps has not yet been implemented") }), - InstallerInstallClusterHandler: installer.InstallClusterHandlerFunc(func(params installer.InstallClusterParams) middleware.Responder { + InstallerInstallClusterHandler: installer.InstallClusterHandlerFunc(func(params installer.InstallClusterParams, principal interface{}) middleware.Responder { return middleware.NotImplemented("operation installer.InstallCluster has not yet been implemented") }), - InstallerListClustersHandler: installer.ListClustersHandlerFunc(func(params installer.ListClustersParams) middleware.Responder { + InstallerListClustersHandler: installer.ListClustersHandlerFunc(func(params installer.ListClustersParams, principal interface{}) middleware.Responder { return middleware.NotImplemented("operation installer.ListClusters has not yet been implemented") }), - VersionsListComponentVersionsHandler: versions.ListComponentVersionsHandlerFunc(func(params versions.ListComponentVersionsParams) middleware.Responder { + VersionsListComponentVersionsHandler: versions.ListComponentVersionsHandlerFunc(func(params versions.ListComponentVersionsParams, principal interface{}) middleware.Responder { return middleware.NotImplemented("operation versions.ListComponentVersions has not yet been implemented") }), - EventsListEventsHandler: events.ListEventsHandlerFunc(func(params events.ListEventsParams) middleware.Responder { + EventsListEventsHandler: events.ListEventsHandlerFunc(func(params events.ListEventsParams, principal interface{}) middleware.Responder { return middleware.NotImplemented("operation events.ListEvents has not yet been implemented") }), - InstallerListHostsHandler: installer.ListHostsHandlerFunc(func(params installer.ListHostsParams) middleware.Responder { + InstallerListHostsHandler: installer.ListHostsHandlerFunc(func(params installer.ListHostsParams, principal interface{}) middleware.Responder { return middleware.NotImplemented("operation installer.ListHosts has not yet been implemented") }), - ManagedDomainsListManagedDomainsHandler: managed_domains.ListManagedDomainsHandlerFunc(func(params managed_domains.ListManagedDomainsParams) middleware.Responder { + ManagedDomainsListManagedDomainsHandler: managed_domains.ListManagedDomainsHandlerFunc(func(params managed_domains.ListManagedDomainsParams, principal interface{}) middleware.Responder { return middleware.NotImplemented("operation managed_domains.ListManagedDomains has not yet been implemented") }), - InstallerPostStepReplyHandler: installer.PostStepReplyHandlerFunc(func(params installer.PostStepReplyParams) middleware.Responder { + InstallerPostStepReplyHandler: installer.PostStepReplyHandlerFunc(func(params installer.PostStepReplyParams, principal interface{}) middleware.Responder { return middleware.NotImplemented("operation installer.PostStepReply has not yet been implemented") }), - InstallerRegisterClusterHandler: installer.RegisterClusterHandlerFunc(func(params installer.RegisterClusterParams) middleware.Responder { + InstallerRegisterClusterHandler: installer.RegisterClusterHandlerFunc(func(params installer.RegisterClusterParams, principal interface{}) middleware.Responder { return middleware.NotImplemented("operation installer.RegisterCluster has not yet been implemented") }), - InstallerRegisterHostHandler: installer.RegisterHostHandlerFunc(func(params installer.RegisterHostParams) middleware.Responder { + InstallerRegisterHostHandler: installer.RegisterHostHandlerFunc(func(params installer.RegisterHostParams, principal interface{}) middleware.Responder { return middleware.NotImplemented("operation installer.RegisterHost has not yet been implemented") }), - InstallerResetClusterHandler: installer.ResetClusterHandlerFunc(func(params installer.ResetClusterParams) middleware.Responder { + InstallerResetClusterHandler: installer.ResetClusterHandlerFunc(func(params installer.ResetClusterParams, principal interface{}) middleware.Responder { return middleware.NotImplemented("operation installer.ResetCluster has not yet been implemented") }), - InstallerSetDebugStepHandler: installer.SetDebugStepHandlerFunc(func(params installer.SetDebugStepParams) middleware.Responder { + InstallerSetDebugStepHandler: installer.SetDebugStepHandlerFunc(func(params installer.SetDebugStepParams, principal interface{}) middleware.Responder { return middleware.NotImplemented("operation installer.SetDebugStep has not yet been implemented") }), - InstallerUpdateClusterHandler: installer.UpdateClusterHandlerFunc(func(params installer.UpdateClusterParams) middleware.Responder { + InstallerUpdateClusterHandler: installer.UpdateClusterHandlerFunc(func(params installer.UpdateClusterParams, principal interface{}) middleware.Responder { return middleware.NotImplemented("operation installer.UpdateCluster has not yet been implemented") }), - InstallerUpdateHostInstallProgressHandler: installer.UpdateHostInstallProgressHandlerFunc(func(params installer.UpdateHostInstallProgressParams) middleware.Responder { + InstallerUpdateHostInstallProgressHandler: installer.UpdateHostInstallProgressHandlerFunc(func(params installer.UpdateHostInstallProgressParams, principal interface{}) middleware.Responder { return middleware.NotImplemented("operation installer.UpdateHostInstallProgress has not yet been implemented") }), - InstallerUploadClusterIngressCertHandler: installer.UploadClusterIngressCertHandlerFunc(func(params installer.UploadClusterIngressCertParams) middleware.Responder { + InstallerUploadClusterIngressCertHandler: installer.UploadClusterIngressCertHandlerFunc(func(params installer.UploadClusterIngressCertParams, principal interface{}) middleware.Responder { return middleware.NotImplemented("operation installer.UploadClusterIngressCert has not yet been implemented") }), + + // Applies when the "X-Secret-Key" header is set + AgentAuthAuth: func(token string) (interface{}, error) { + return nil, errors.NotImplemented("api key auth (agentAuth) X-Secret-Key from header param [X-Secret-Key] has not yet been implemented") + }, + // Applies when the "Authorization" header is set + UserAuthAuth: func(token string) (interface{}, error) { + return nil, errors.NotImplemented("api key auth (userAuth) Authorization from header param [Authorization] has not yet been implemented") + }, + // default authorizer is authorized meaning no requests are blocked + APIAuthorizer: security.Authorized(), } } @@ -148,6 +160,7 @@ type AssistedInstallAPI struct { defaultConsumes string defaultProduces string Middleware func(middleware.Builder) http.Handler + useSwaggerUI bool // BasicAuthenticator generates a runtime.Authenticator from the supplied basic auth function. // It has a default implementation in the security package, however you can replace it for your particular usage. @@ -170,6 +183,17 @@ type AssistedInstallAPI struct { // - application/json JSONProducer runtime.Producer + // AgentAuthAuth registers a function that takes a token and returns a principal + // it performs authentication based on an api key X-Secret-Key provided in the header + AgentAuthAuth func(string) (interface{}, error) + + // UserAuthAuth registers a function that takes a token and returns a principal + // it performs authentication based on an api key Authorization provided in the header + UserAuthAuth func(string) (interface{}, error) + + // APIAuthorizer provides access control (ACL/RBAC/ABAC) by providing access to the request and authenticated principal + APIAuthorizer runtime.Authorizer + // InstallerCancelInstallationHandler sets the operation handler for the cancel installation operation InstallerCancelInstallationHandler installer.CancelInstallationHandler // InstallerCompleteInstallationHandler sets the operation handler for the complete installation operation @@ -247,6 +271,16 @@ type AssistedInstallAPI struct { Logger func(string, ...interface{}) } +// UseRedoc for documentation at /docs +func (o *AssistedInstallAPI) UseRedoc() { + o.useSwaggerUI = false +} + +// UseSwaggerUI for documentation at /docs +func (o *AssistedInstallAPI) UseSwaggerUI() { + o.useSwaggerUI = true +} + // SetDefaultProduces sets the default produces media type func (o *AssistedInstallAPI) SetDefaultProduces(mediaType string) { o.defaultProduces = mediaType @@ -297,6 +331,13 @@ func (o *AssistedInstallAPI) Validate() error { unregistered = append(unregistered, "JSONProducer") } + if o.AgentAuthAuth == nil { + unregistered = append(unregistered, "XSecretKeyAuth") + } + if o.UserAuthAuth == nil { + unregistered = append(unregistered, "AuthorizationAuth") + } + if o.InstallerCancelInstallationHandler == nil { unregistered = append(unregistered, "installer.CancelInstallationHandler") } @@ -399,12 +440,25 @@ func (o *AssistedInstallAPI) ServeErrorFor(operationID string) func(http.Respons // AuthenticatorsFor gets the authenticators for the specified security schemes func (o *AssistedInstallAPI) AuthenticatorsFor(schemes map[string]spec.SecurityScheme) map[string]runtime.Authenticator { - return nil + result := make(map[string]runtime.Authenticator) + for name := range schemes { + switch name { + case "agentAuth": + scheme := schemes[name] + result[name] = o.APIKeyAuthenticator(scheme.Name, scheme.In, o.AgentAuthAuth) + + case "userAuth": + scheme := schemes[name] + result[name] = o.APIKeyAuthenticator(scheme.Name, scheme.In, o.UserAuthAuth) + + } + } + return result } // Authorizer returns the registered authorizer func (o *AssistedInstallAPI) Authorizer() runtime.Authorizer { - return nil + return o.APIAuthorizer } // ConsumersFor gets the consumers for the specified media types. @@ -600,6 +654,9 @@ func (o *AssistedInstallAPI) Serve(builder middleware.Builder) http.Handler { if o.Middleware != nil { return o.Middleware(builder) } + if o.useSwaggerUI { + return o.context.APIHandlerSwaggerUI(builder) + } return o.context.APIHandler(builder) } diff --git a/restapi/operations/events/list_events.go b/restapi/operations/events/list_events.go index a8ea0a93b..4ee04d557 100644 --- a/restapi/operations/events/list_events.go +++ b/restapi/operations/events/list_events.go @@ -12,16 +12,16 @@ import ( ) // ListEventsHandlerFunc turns a function with the right signature into a list events handler -type ListEventsHandlerFunc func(ListEventsParams) middleware.Responder +type ListEventsHandlerFunc func(ListEventsParams, interface{}) middleware.Responder // Handle executing the request and returning a response -func (fn ListEventsHandlerFunc) Handle(params ListEventsParams) middleware.Responder { - return fn(params) +func (fn ListEventsHandlerFunc) Handle(params ListEventsParams, principal interface{}) middleware.Responder { + return fn(params, principal) } // ListEventsHandler interface for that can handle valid list events params type ListEventsHandler interface { - Handle(ListEventsParams) middleware.Responder + Handle(ListEventsParams, interface{}) middleware.Responder } // NewListEvents creates a new http.Handler for the list events operation @@ -46,12 +46,25 @@ func (o *ListEvents) ServeHTTP(rw http.ResponseWriter, r *http.Request) { } var Params = NewListEventsParams() + uprinc, aCtx, err := o.Context.Authorize(r, route) + if err != nil { + o.Context.Respond(rw, r, route.Produces, route, err) + return + } + if aCtx != nil { + r = aCtx + } + var principal interface{} + if uprinc != nil { + principal = uprinc + } + if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params o.Context.Respond(rw, r, route.Produces, route, err) return } - res := o.Handler.Handle(Params) // actually handle the request + res := o.Handler.Handle(Params, principal) // actually handle the request o.Context.Respond(rw, r, route.Produces, route, res) diff --git a/restapi/operations/installer/cancel_installation.go b/restapi/operations/installer/cancel_installation.go index 1cdacc0f6..65fb0d7a7 100644 --- a/restapi/operations/installer/cancel_installation.go +++ b/restapi/operations/installer/cancel_installation.go @@ -12,16 +12,16 @@ import ( ) // CancelInstallationHandlerFunc turns a function with the right signature into a cancel installation handler -type CancelInstallationHandlerFunc func(CancelInstallationParams) middleware.Responder +type CancelInstallationHandlerFunc func(CancelInstallationParams, interface{}) middleware.Responder // Handle executing the request and returning a response -func (fn CancelInstallationHandlerFunc) Handle(params CancelInstallationParams) middleware.Responder { - return fn(params) +func (fn CancelInstallationHandlerFunc) Handle(params CancelInstallationParams, principal interface{}) middleware.Responder { + return fn(params, principal) } // CancelInstallationHandler interface for that can handle valid cancel installation params type CancelInstallationHandler interface { - Handle(CancelInstallationParams) middleware.Responder + Handle(CancelInstallationParams, interface{}) middleware.Responder } // NewCancelInstallation creates a new http.Handler for the cancel installation operation @@ -46,12 +46,25 @@ func (o *CancelInstallation) ServeHTTP(rw http.ResponseWriter, r *http.Request) } var Params = NewCancelInstallationParams() + uprinc, aCtx, err := o.Context.Authorize(r, route) + if err != nil { + o.Context.Respond(rw, r, route.Produces, route, err) + return + } + if aCtx != nil { + r = aCtx + } + var principal interface{} + if uprinc != nil { + principal = uprinc + } + if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params o.Context.Respond(rw, r, route.Produces, route, err) return } - res := o.Handler.Handle(Params) // actually handle the request + res := o.Handler.Handle(Params, principal) // actually handle the request o.Context.Respond(rw, r, route.Produces, route, res) diff --git a/restapi/operations/installer/complete_installation.go b/restapi/operations/installer/complete_installation.go index 8d0eeec32..1aea939f8 100644 --- a/restapi/operations/installer/complete_installation.go +++ b/restapi/operations/installer/complete_installation.go @@ -12,16 +12,16 @@ import ( ) // CompleteInstallationHandlerFunc turns a function with the right signature into a complete installation handler -type CompleteInstallationHandlerFunc func(CompleteInstallationParams) middleware.Responder +type CompleteInstallationHandlerFunc func(CompleteInstallationParams, interface{}) middleware.Responder // Handle executing the request and returning a response -func (fn CompleteInstallationHandlerFunc) Handle(params CompleteInstallationParams) middleware.Responder { - return fn(params) +func (fn CompleteInstallationHandlerFunc) Handle(params CompleteInstallationParams, principal interface{}) middleware.Responder { + return fn(params, principal) } // CompleteInstallationHandler interface for that can handle valid complete installation params type CompleteInstallationHandler interface { - Handle(CompleteInstallationParams) middleware.Responder + Handle(CompleteInstallationParams, interface{}) middleware.Responder } // NewCompleteInstallation creates a new http.Handler for the complete installation operation @@ -46,12 +46,25 @@ func (o *CompleteInstallation) ServeHTTP(rw http.ResponseWriter, r *http.Request } var Params = NewCompleteInstallationParams() + uprinc, aCtx, err := o.Context.Authorize(r, route) + if err != nil { + o.Context.Respond(rw, r, route.Produces, route, err) + return + } + if aCtx != nil { + r = aCtx + } + var principal interface{} + if uprinc != nil { + principal = uprinc + } + if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params o.Context.Respond(rw, r, route.Produces, route, err) return } - res := o.Handler.Handle(Params) // actually handle the request + res := o.Handler.Handle(Params, principal) // actually handle the request o.Context.Respond(rw, r, route.Produces, route, res) diff --git a/restapi/operations/installer/deregister_cluster.go b/restapi/operations/installer/deregister_cluster.go index 992cc5932..2d49d2efe 100644 --- a/restapi/operations/installer/deregister_cluster.go +++ b/restapi/operations/installer/deregister_cluster.go @@ -12,16 +12,16 @@ import ( ) // DeregisterClusterHandlerFunc turns a function with the right signature into a deregister cluster handler -type DeregisterClusterHandlerFunc func(DeregisterClusterParams) middleware.Responder +type DeregisterClusterHandlerFunc func(DeregisterClusterParams, interface{}) middleware.Responder // Handle executing the request and returning a response -func (fn DeregisterClusterHandlerFunc) Handle(params DeregisterClusterParams) middleware.Responder { - return fn(params) +func (fn DeregisterClusterHandlerFunc) Handle(params DeregisterClusterParams, principal interface{}) middleware.Responder { + return fn(params, principal) } // DeregisterClusterHandler interface for that can handle valid deregister cluster params type DeregisterClusterHandler interface { - Handle(DeregisterClusterParams) middleware.Responder + Handle(DeregisterClusterParams, interface{}) middleware.Responder } // NewDeregisterCluster creates a new http.Handler for the deregister cluster operation @@ -46,12 +46,25 @@ func (o *DeregisterCluster) ServeHTTP(rw http.ResponseWriter, r *http.Request) { } var Params = NewDeregisterClusterParams() + uprinc, aCtx, err := o.Context.Authorize(r, route) + if err != nil { + o.Context.Respond(rw, r, route.Produces, route, err) + return + } + if aCtx != nil { + r = aCtx + } + var principal interface{} + if uprinc != nil { + principal = uprinc + } + if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params o.Context.Respond(rw, r, route.Produces, route, err) return } - res := o.Handler.Handle(Params) // actually handle the request + res := o.Handler.Handle(Params, principal) // actually handle the request o.Context.Respond(rw, r, route.Produces, route, res) diff --git a/restapi/operations/installer/deregister_host.go b/restapi/operations/installer/deregister_host.go index 8193e0dd5..c20f7c271 100644 --- a/restapi/operations/installer/deregister_host.go +++ b/restapi/operations/installer/deregister_host.go @@ -12,16 +12,16 @@ import ( ) // DeregisterHostHandlerFunc turns a function with the right signature into a deregister host handler -type DeregisterHostHandlerFunc func(DeregisterHostParams) middleware.Responder +type DeregisterHostHandlerFunc func(DeregisterHostParams, interface{}) middleware.Responder // Handle executing the request and returning a response -func (fn DeregisterHostHandlerFunc) Handle(params DeregisterHostParams) middleware.Responder { - return fn(params) +func (fn DeregisterHostHandlerFunc) Handle(params DeregisterHostParams, principal interface{}) middleware.Responder { + return fn(params, principal) } // DeregisterHostHandler interface for that can handle valid deregister host params type DeregisterHostHandler interface { - Handle(DeregisterHostParams) middleware.Responder + Handle(DeregisterHostParams, interface{}) middleware.Responder } // NewDeregisterHost creates a new http.Handler for the deregister host operation @@ -46,12 +46,25 @@ func (o *DeregisterHost) ServeHTTP(rw http.ResponseWriter, r *http.Request) { } var Params = NewDeregisterHostParams() + uprinc, aCtx, err := o.Context.Authorize(r, route) + if err != nil { + o.Context.Respond(rw, r, route.Produces, route, err) + return + } + if aCtx != nil { + r = aCtx + } + var principal interface{} + if uprinc != nil { + principal = uprinc + } + if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params o.Context.Respond(rw, r, route.Produces, route, err) return } - res := o.Handler.Handle(Params) // actually handle the request + res := o.Handler.Handle(Params, principal) // actually handle the request o.Context.Respond(rw, r, route.Produces, route, res) diff --git a/restapi/operations/installer/disable_host.go b/restapi/operations/installer/disable_host.go index dc4d8ac16..3a462eb07 100644 --- a/restapi/operations/installer/disable_host.go +++ b/restapi/operations/installer/disable_host.go @@ -12,16 +12,16 @@ import ( ) // DisableHostHandlerFunc turns a function with the right signature into a disable host handler -type DisableHostHandlerFunc func(DisableHostParams) middleware.Responder +type DisableHostHandlerFunc func(DisableHostParams, interface{}) middleware.Responder // Handle executing the request and returning a response -func (fn DisableHostHandlerFunc) Handle(params DisableHostParams) middleware.Responder { - return fn(params) +func (fn DisableHostHandlerFunc) Handle(params DisableHostParams, principal interface{}) middleware.Responder { + return fn(params, principal) } // DisableHostHandler interface for that can handle valid disable host params type DisableHostHandler interface { - Handle(DisableHostParams) middleware.Responder + Handle(DisableHostParams, interface{}) middleware.Responder } // NewDisableHost creates a new http.Handler for the disable host operation @@ -46,12 +46,25 @@ func (o *DisableHost) ServeHTTP(rw http.ResponseWriter, r *http.Request) { } var Params = NewDisableHostParams() + uprinc, aCtx, err := o.Context.Authorize(r, route) + if err != nil { + o.Context.Respond(rw, r, route.Produces, route, err) + return + } + if aCtx != nil { + r = aCtx + } + var principal interface{} + if uprinc != nil { + principal = uprinc + } + if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params o.Context.Respond(rw, r, route.Produces, route, err) return } - res := o.Handler.Handle(Params) // actually handle the request + res := o.Handler.Handle(Params, principal) // actually handle the request o.Context.Respond(rw, r, route.Produces, route, res) diff --git a/restapi/operations/installer/download_cluster_files.go b/restapi/operations/installer/download_cluster_files.go index cec2655e9..fb49b5dfa 100644 --- a/restapi/operations/installer/download_cluster_files.go +++ b/restapi/operations/installer/download_cluster_files.go @@ -12,16 +12,16 @@ import ( ) // DownloadClusterFilesHandlerFunc turns a function with the right signature into a download cluster files handler -type DownloadClusterFilesHandlerFunc func(DownloadClusterFilesParams) middleware.Responder +type DownloadClusterFilesHandlerFunc func(DownloadClusterFilesParams, interface{}) middleware.Responder // Handle executing the request and returning a response -func (fn DownloadClusterFilesHandlerFunc) Handle(params DownloadClusterFilesParams) middleware.Responder { - return fn(params) +func (fn DownloadClusterFilesHandlerFunc) Handle(params DownloadClusterFilesParams, principal interface{}) middleware.Responder { + return fn(params, principal) } // DownloadClusterFilesHandler interface for that can handle valid download cluster files params type DownloadClusterFilesHandler interface { - Handle(DownloadClusterFilesParams) middleware.Responder + Handle(DownloadClusterFilesParams, interface{}) middleware.Responder } // NewDownloadClusterFiles creates a new http.Handler for the download cluster files operation @@ -46,12 +46,25 @@ func (o *DownloadClusterFiles) ServeHTTP(rw http.ResponseWriter, r *http.Request } var Params = NewDownloadClusterFilesParams() + uprinc, aCtx, err := o.Context.Authorize(r, route) + if err != nil { + o.Context.Respond(rw, r, route.Produces, route, err) + return + } + if aCtx != nil { + r = aCtx + } + var principal interface{} + if uprinc != nil { + principal = uprinc + } + if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params o.Context.Respond(rw, r, route.Produces, route, err) return } - res := o.Handler.Handle(Params) // actually handle the request + res := o.Handler.Handle(Params, principal) // actually handle the request o.Context.Respond(rw, r, route.Produces, route, res) diff --git a/restapi/operations/installer/download_cluster_i_s_o.go b/restapi/operations/installer/download_cluster_i_s_o.go index 3b2006fd9..fd9caa6d2 100644 --- a/restapi/operations/installer/download_cluster_i_s_o.go +++ b/restapi/operations/installer/download_cluster_i_s_o.go @@ -12,16 +12,16 @@ import ( ) // DownloadClusterISOHandlerFunc turns a function with the right signature into a download cluster i s o handler -type DownloadClusterISOHandlerFunc func(DownloadClusterISOParams) middleware.Responder +type DownloadClusterISOHandlerFunc func(DownloadClusterISOParams, interface{}) middleware.Responder // Handle executing the request and returning a response -func (fn DownloadClusterISOHandlerFunc) Handle(params DownloadClusterISOParams) middleware.Responder { - return fn(params) +func (fn DownloadClusterISOHandlerFunc) Handle(params DownloadClusterISOParams, principal interface{}) middleware.Responder { + return fn(params, principal) } // DownloadClusterISOHandler interface for that can handle valid download cluster i s o params type DownloadClusterISOHandler interface { - Handle(DownloadClusterISOParams) middleware.Responder + Handle(DownloadClusterISOParams, interface{}) middleware.Responder } // NewDownloadClusterISO creates a new http.Handler for the download cluster i s o operation @@ -46,12 +46,25 @@ func (o *DownloadClusterISO) ServeHTTP(rw http.ResponseWriter, r *http.Request) } var Params = NewDownloadClusterISOParams() + uprinc, aCtx, err := o.Context.Authorize(r, route) + if err != nil { + o.Context.Respond(rw, r, route.Produces, route, err) + return + } + if aCtx != nil { + r = aCtx + } + var principal interface{} + if uprinc != nil { + principal = uprinc + } + if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params o.Context.Respond(rw, r, route.Produces, route, err) return } - res := o.Handler.Handle(Params) // actually handle the request + res := o.Handler.Handle(Params, principal) // actually handle the request o.Context.Respond(rw, r, route.Produces, route, res) diff --git a/restapi/operations/installer/download_cluster_kubeconfig.go b/restapi/operations/installer/download_cluster_kubeconfig.go index c1ddc1e66..7c33931c0 100644 --- a/restapi/operations/installer/download_cluster_kubeconfig.go +++ b/restapi/operations/installer/download_cluster_kubeconfig.go @@ -12,16 +12,16 @@ import ( ) // DownloadClusterKubeconfigHandlerFunc turns a function with the right signature into a download cluster kubeconfig handler -type DownloadClusterKubeconfigHandlerFunc func(DownloadClusterKubeconfigParams) middleware.Responder +type DownloadClusterKubeconfigHandlerFunc func(DownloadClusterKubeconfigParams, interface{}) middleware.Responder // Handle executing the request and returning a response -func (fn DownloadClusterKubeconfigHandlerFunc) Handle(params DownloadClusterKubeconfigParams) middleware.Responder { - return fn(params) +func (fn DownloadClusterKubeconfigHandlerFunc) Handle(params DownloadClusterKubeconfigParams, principal interface{}) middleware.Responder { + return fn(params, principal) } // DownloadClusterKubeconfigHandler interface for that can handle valid download cluster kubeconfig params type DownloadClusterKubeconfigHandler interface { - Handle(DownloadClusterKubeconfigParams) middleware.Responder + Handle(DownloadClusterKubeconfigParams, interface{}) middleware.Responder } // NewDownloadClusterKubeconfig creates a new http.Handler for the download cluster kubeconfig operation @@ -46,12 +46,25 @@ func (o *DownloadClusterKubeconfig) ServeHTTP(rw http.ResponseWriter, r *http.Re } var Params = NewDownloadClusterKubeconfigParams() + uprinc, aCtx, err := o.Context.Authorize(r, route) + if err != nil { + o.Context.Respond(rw, r, route.Produces, route, err) + return + } + if aCtx != nil { + r = aCtx + } + var principal interface{} + if uprinc != nil { + principal = uprinc + } + if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params o.Context.Respond(rw, r, route.Produces, route, err) return } - res := o.Handler.Handle(Params) // actually handle the request + res := o.Handler.Handle(Params, principal) // actually handle the request o.Context.Respond(rw, r, route.Produces, route, res) diff --git a/restapi/operations/installer/enable_host.go b/restapi/operations/installer/enable_host.go index 948f08839..fcc17f4cc 100644 --- a/restapi/operations/installer/enable_host.go +++ b/restapi/operations/installer/enable_host.go @@ -12,16 +12,16 @@ import ( ) // EnableHostHandlerFunc turns a function with the right signature into a enable host handler -type EnableHostHandlerFunc func(EnableHostParams) middleware.Responder +type EnableHostHandlerFunc func(EnableHostParams, interface{}) middleware.Responder // Handle executing the request and returning a response -func (fn EnableHostHandlerFunc) Handle(params EnableHostParams) middleware.Responder { - return fn(params) +func (fn EnableHostHandlerFunc) Handle(params EnableHostParams, principal interface{}) middleware.Responder { + return fn(params, principal) } // EnableHostHandler interface for that can handle valid enable host params type EnableHostHandler interface { - Handle(EnableHostParams) middleware.Responder + Handle(EnableHostParams, interface{}) middleware.Responder } // NewEnableHost creates a new http.Handler for the enable host operation @@ -46,12 +46,25 @@ func (o *EnableHost) ServeHTTP(rw http.ResponseWriter, r *http.Request) { } var Params = NewEnableHostParams() + uprinc, aCtx, err := o.Context.Authorize(r, route) + if err != nil { + o.Context.Respond(rw, r, route.Produces, route, err) + return + } + if aCtx != nil { + r = aCtx + } + var principal interface{} + if uprinc != nil { + principal = uprinc + } + if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params o.Context.Respond(rw, r, route.Produces, route, err) return } - res := o.Handler.Handle(Params) // actually handle the request + res := o.Handler.Handle(Params, principal) // actually handle the request o.Context.Respond(rw, r, route.Produces, route, res) diff --git a/restapi/operations/installer/generate_cluster_i_s_o.go b/restapi/operations/installer/generate_cluster_i_s_o.go index 9047726fc..790430295 100644 --- a/restapi/operations/installer/generate_cluster_i_s_o.go +++ b/restapi/operations/installer/generate_cluster_i_s_o.go @@ -12,16 +12,16 @@ import ( ) // GenerateClusterISOHandlerFunc turns a function with the right signature into a generate cluster i s o handler -type GenerateClusterISOHandlerFunc func(GenerateClusterISOParams) middleware.Responder +type GenerateClusterISOHandlerFunc func(GenerateClusterISOParams, interface{}) middleware.Responder // Handle executing the request and returning a response -func (fn GenerateClusterISOHandlerFunc) Handle(params GenerateClusterISOParams) middleware.Responder { - return fn(params) +func (fn GenerateClusterISOHandlerFunc) Handle(params GenerateClusterISOParams, principal interface{}) middleware.Responder { + return fn(params, principal) } // GenerateClusterISOHandler interface for that can handle valid generate cluster i s o params type GenerateClusterISOHandler interface { - Handle(GenerateClusterISOParams) middleware.Responder + Handle(GenerateClusterISOParams, interface{}) middleware.Responder } // NewGenerateClusterISO creates a new http.Handler for the generate cluster i s o operation @@ -46,12 +46,25 @@ func (o *GenerateClusterISO) ServeHTTP(rw http.ResponseWriter, r *http.Request) } var Params = NewGenerateClusterISOParams() + uprinc, aCtx, err := o.Context.Authorize(r, route) + if err != nil { + o.Context.Respond(rw, r, route.Produces, route, err) + return + } + if aCtx != nil { + r = aCtx + } + var principal interface{} + if uprinc != nil { + principal = uprinc + } + if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params o.Context.Respond(rw, r, route.Produces, route, err) return } - res := o.Handler.Handle(Params) // actually handle the request + res := o.Handler.Handle(Params, principal) // actually handle the request o.Context.Respond(rw, r, route.Produces, route, res) diff --git a/restapi/operations/installer/get_cluster.go b/restapi/operations/installer/get_cluster.go index 3ee4e857d..350583dbc 100644 --- a/restapi/operations/installer/get_cluster.go +++ b/restapi/operations/installer/get_cluster.go @@ -12,16 +12,16 @@ import ( ) // GetClusterHandlerFunc turns a function with the right signature into a get cluster handler -type GetClusterHandlerFunc func(GetClusterParams) middleware.Responder +type GetClusterHandlerFunc func(GetClusterParams, interface{}) middleware.Responder // Handle executing the request and returning a response -func (fn GetClusterHandlerFunc) Handle(params GetClusterParams) middleware.Responder { - return fn(params) +func (fn GetClusterHandlerFunc) Handle(params GetClusterParams, principal interface{}) middleware.Responder { + return fn(params, principal) } // GetClusterHandler interface for that can handle valid get cluster params type GetClusterHandler interface { - Handle(GetClusterParams) middleware.Responder + Handle(GetClusterParams, interface{}) middleware.Responder } // NewGetCluster creates a new http.Handler for the get cluster operation @@ -46,12 +46,25 @@ func (o *GetCluster) ServeHTTP(rw http.ResponseWriter, r *http.Request) { } var Params = NewGetClusterParams() + uprinc, aCtx, err := o.Context.Authorize(r, route) + if err != nil { + o.Context.Respond(rw, r, route.Produces, route, err) + return + } + if aCtx != nil { + r = aCtx + } + var principal interface{} + if uprinc != nil { + principal = uprinc + } + if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params o.Context.Respond(rw, r, route.Produces, route, err) return } - res := o.Handler.Handle(Params) // actually handle the request + res := o.Handler.Handle(Params, principal) // actually handle the request o.Context.Respond(rw, r, route.Produces, route, res) diff --git a/restapi/operations/installer/get_credentials.go b/restapi/operations/installer/get_credentials.go index 8e36fd840..4e63462b9 100644 --- a/restapi/operations/installer/get_credentials.go +++ b/restapi/operations/installer/get_credentials.go @@ -12,16 +12,16 @@ import ( ) // GetCredentialsHandlerFunc turns a function with the right signature into a get credentials handler -type GetCredentialsHandlerFunc func(GetCredentialsParams) middleware.Responder +type GetCredentialsHandlerFunc func(GetCredentialsParams, interface{}) middleware.Responder // Handle executing the request and returning a response -func (fn GetCredentialsHandlerFunc) Handle(params GetCredentialsParams) middleware.Responder { - return fn(params) +func (fn GetCredentialsHandlerFunc) Handle(params GetCredentialsParams, principal interface{}) middleware.Responder { + return fn(params, principal) } // GetCredentialsHandler interface for that can handle valid get credentials params type GetCredentialsHandler interface { - Handle(GetCredentialsParams) middleware.Responder + Handle(GetCredentialsParams, interface{}) middleware.Responder } // NewGetCredentials creates a new http.Handler for the get credentials operation @@ -46,12 +46,25 @@ func (o *GetCredentials) ServeHTTP(rw http.ResponseWriter, r *http.Request) { } var Params = NewGetCredentialsParams() + uprinc, aCtx, err := o.Context.Authorize(r, route) + if err != nil { + o.Context.Respond(rw, r, route.Produces, route, err) + return + } + if aCtx != nil { + r = aCtx + } + var principal interface{} + if uprinc != nil { + principal = uprinc + } + if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params o.Context.Respond(rw, r, route.Produces, route, err) return } - res := o.Handler.Handle(Params) // actually handle the request + res := o.Handler.Handle(Params, principal) // actually handle the request o.Context.Respond(rw, r, route.Produces, route, res) diff --git a/restapi/operations/installer/get_free_addresses.go b/restapi/operations/installer/get_free_addresses.go index 6478dc001..7745c5a5f 100644 --- a/restapi/operations/installer/get_free_addresses.go +++ b/restapi/operations/installer/get_free_addresses.go @@ -12,16 +12,16 @@ import ( ) // GetFreeAddressesHandlerFunc turns a function with the right signature into a get free addresses handler -type GetFreeAddressesHandlerFunc func(GetFreeAddressesParams) middleware.Responder +type GetFreeAddressesHandlerFunc func(GetFreeAddressesParams, interface{}) middleware.Responder // Handle executing the request and returning a response -func (fn GetFreeAddressesHandlerFunc) Handle(params GetFreeAddressesParams) middleware.Responder { - return fn(params) +func (fn GetFreeAddressesHandlerFunc) Handle(params GetFreeAddressesParams, principal interface{}) middleware.Responder { + return fn(params, principal) } // GetFreeAddressesHandler interface for that can handle valid get free addresses params type GetFreeAddressesHandler interface { - Handle(GetFreeAddressesParams) middleware.Responder + Handle(GetFreeAddressesParams, interface{}) middleware.Responder } // NewGetFreeAddresses creates a new http.Handler for the get free addresses operation @@ -46,12 +46,25 @@ func (o *GetFreeAddresses) ServeHTTP(rw http.ResponseWriter, r *http.Request) { } var Params = NewGetFreeAddressesParams() + uprinc, aCtx, err := o.Context.Authorize(r, route) + if err != nil { + o.Context.Respond(rw, r, route.Produces, route, err) + return + } + if aCtx != nil { + r = aCtx + } + var principal interface{} + if uprinc != nil { + principal = uprinc + } + if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params o.Context.Respond(rw, r, route.Produces, route, err) return } - res := o.Handler.Handle(Params) // actually handle the request + res := o.Handler.Handle(Params, principal) // actually handle the request o.Context.Respond(rw, r, route.Produces, route, res) diff --git a/restapi/operations/installer/get_host.go b/restapi/operations/installer/get_host.go index e856c652c..2ddc7dd00 100644 --- a/restapi/operations/installer/get_host.go +++ b/restapi/operations/installer/get_host.go @@ -12,16 +12,16 @@ import ( ) // GetHostHandlerFunc turns a function with the right signature into a get host handler -type GetHostHandlerFunc func(GetHostParams) middleware.Responder +type GetHostHandlerFunc func(GetHostParams, interface{}) middleware.Responder // Handle executing the request and returning a response -func (fn GetHostHandlerFunc) Handle(params GetHostParams) middleware.Responder { - return fn(params) +func (fn GetHostHandlerFunc) Handle(params GetHostParams, principal interface{}) middleware.Responder { + return fn(params, principal) } // GetHostHandler interface for that can handle valid get host params type GetHostHandler interface { - Handle(GetHostParams) middleware.Responder + Handle(GetHostParams, interface{}) middleware.Responder } // NewGetHost creates a new http.Handler for the get host operation @@ -46,12 +46,25 @@ func (o *GetHost) ServeHTTP(rw http.ResponseWriter, r *http.Request) { } var Params = NewGetHostParams() + uprinc, aCtx, err := o.Context.Authorize(r, route) + if err != nil { + o.Context.Respond(rw, r, route.Produces, route, err) + return + } + if aCtx != nil { + r = aCtx + } + var principal interface{} + if uprinc != nil { + principal = uprinc + } + if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params o.Context.Respond(rw, r, route.Produces, route, err) return } - res := o.Handler.Handle(Params) // actually handle the request + res := o.Handler.Handle(Params, principal) // actually handle the request o.Context.Respond(rw, r, route.Produces, route, res) diff --git a/restapi/operations/installer/get_next_steps.go b/restapi/operations/installer/get_next_steps.go index 2b869c3d4..5ed330f81 100644 --- a/restapi/operations/installer/get_next_steps.go +++ b/restapi/operations/installer/get_next_steps.go @@ -12,16 +12,16 @@ import ( ) // GetNextStepsHandlerFunc turns a function with the right signature into a get next steps handler -type GetNextStepsHandlerFunc func(GetNextStepsParams) middleware.Responder +type GetNextStepsHandlerFunc func(GetNextStepsParams, interface{}) middleware.Responder // Handle executing the request and returning a response -func (fn GetNextStepsHandlerFunc) Handle(params GetNextStepsParams) middleware.Responder { - return fn(params) +func (fn GetNextStepsHandlerFunc) Handle(params GetNextStepsParams, principal interface{}) middleware.Responder { + return fn(params, principal) } // GetNextStepsHandler interface for that can handle valid get next steps params type GetNextStepsHandler interface { - Handle(GetNextStepsParams) middleware.Responder + Handle(GetNextStepsParams, interface{}) middleware.Responder } // NewGetNextSteps creates a new http.Handler for the get next steps operation @@ -46,12 +46,25 @@ func (o *GetNextSteps) ServeHTTP(rw http.ResponseWriter, r *http.Request) { } var Params = NewGetNextStepsParams() + uprinc, aCtx, err := o.Context.Authorize(r, route) + if err != nil { + o.Context.Respond(rw, r, route.Produces, route, err) + return + } + if aCtx != nil { + r = aCtx + } + var principal interface{} + if uprinc != nil { + principal = uprinc + } + if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params o.Context.Respond(rw, r, route.Produces, route, err) return } - res := o.Handler.Handle(Params) // actually handle the request + res := o.Handler.Handle(Params, principal) // actually handle the request o.Context.Respond(rw, r, route.Produces, route, res) diff --git a/restapi/operations/installer/install_cluster.go b/restapi/operations/installer/install_cluster.go index 1c4d7c5b5..00fe195a7 100644 --- a/restapi/operations/installer/install_cluster.go +++ b/restapi/operations/installer/install_cluster.go @@ -12,16 +12,16 @@ import ( ) // InstallClusterHandlerFunc turns a function with the right signature into a install cluster handler -type InstallClusterHandlerFunc func(InstallClusterParams) middleware.Responder +type InstallClusterHandlerFunc func(InstallClusterParams, interface{}) middleware.Responder // Handle executing the request and returning a response -func (fn InstallClusterHandlerFunc) Handle(params InstallClusterParams) middleware.Responder { - return fn(params) +func (fn InstallClusterHandlerFunc) Handle(params InstallClusterParams, principal interface{}) middleware.Responder { + return fn(params, principal) } // InstallClusterHandler interface for that can handle valid install cluster params type InstallClusterHandler interface { - Handle(InstallClusterParams) middleware.Responder + Handle(InstallClusterParams, interface{}) middleware.Responder } // NewInstallCluster creates a new http.Handler for the install cluster operation @@ -46,12 +46,25 @@ func (o *InstallCluster) ServeHTTP(rw http.ResponseWriter, r *http.Request) { } var Params = NewInstallClusterParams() + uprinc, aCtx, err := o.Context.Authorize(r, route) + if err != nil { + o.Context.Respond(rw, r, route.Produces, route, err) + return + } + if aCtx != nil { + r = aCtx + } + var principal interface{} + if uprinc != nil { + principal = uprinc + } + if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params o.Context.Respond(rw, r, route.Produces, route, err) return } - res := o.Handler.Handle(Params) // actually handle the request + res := o.Handler.Handle(Params, principal) // actually handle the request o.Context.Respond(rw, r, route.Produces, route, res) diff --git a/restapi/operations/installer/list_clusters.go b/restapi/operations/installer/list_clusters.go index c290599ef..8672d58e0 100644 --- a/restapi/operations/installer/list_clusters.go +++ b/restapi/operations/installer/list_clusters.go @@ -12,16 +12,16 @@ import ( ) // ListClustersHandlerFunc turns a function with the right signature into a list clusters handler -type ListClustersHandlerFunc func(ListClustersParams) middleware.Responder +type ListClustersHandlerFunc func(ListClustersParams, interface{}) middleware.Responder // Handle executing the request and returning a response -func (fn ListClustersHandlerFunc) Handle(params ListClustersParams) middleware.Responder { - return fn(params) +func (fn ListClustersHandlerFunc) Handle(params ListClustersParams, principal interface{}) middleware.Responder { + return fn(params, principal) } // ListClustersHandler interface for that can handle valid list clusters params type ListClustersHandler interface { - Handle(ListClustersParams) middleware.Responder + Handle(ListClustersParams, interface{}) middleware.Responder } // NewListClusters creates a new http.Handler for the list clusters operation @@ -46,12 +46,25 @@ func (o *ListClusters) ServeHTTP(rw http.ResponseWriter, r *http.Request) { } var Params = NewListClustersParams() + uprinc, aCtx, err := o.Context.Authorize(r, route) + if err != nil { + o.Context.Respond(rw, r, route.Produces, route, err) + return + } + if aCtx != nil { + r = aCtx + } + var principal interface{} + if uprinc != nil { + principal = uprinc + } + if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params o.Context.Respond(rw, r, route.Produces, route, err) return } - res := o.Handler.Handle(Params) // actually handle the request + res := o.Handler.Handle(Params, principal) // actually handle the request o.Context.Respond(rw, r, route.Produces, route, res) diff --git a/restapi/operations/installer/list_hosts.go b/restapi/operations/installer/list_hosts.go index c2c3ed6fa..146e95c4d 100644 --- a/restapi/operations/installer/list_hosts.go +++ b/restapi/operations/installer/list_hosts.go @@ -12,16 +12,16 @@ import ( ) // ListHostsHandlerFunc turns a function with the right signature into a list hosts handler -type ListHostsHandlerFunc func(ListHostsParams) middleware.Responder +type ListHostsHandlerFunc func(ListHostsParams, interface{}) middleware.Responder // Handle executing the request and returning a response -func (fn ListHostsHandlerFunc) Handle(params ListHostsParams) middleware.Responder { - return fn(params) +func (fn ListHostsHandlerFunc) Handle(params ListHostsParams, principal interface{}) middleware.Responder { + return fn(params, principal) } // ListHostsHandler interface for that can handle valid list hosts params type ListHostsHandler interface { - Handle(ListHostsParams) middleware.Responder + Handle(ListHostsParams, interface{}) middleware.Responder } // NewListHosts creates a new http.Handler for the list hosts operation @@ -46,12 +46,25 @@ func (o *ListHosts) ServeHTTP(rw http.ResponseWriter, r *http.Request) { } var Params = NewListHostsParams() + uprinc, aCtx, err := o.Context.Authorize(r, route) + if err != nil { + o.Context.Respond(rw, r, route.Produces, route, err) + return + } + if aCtx != nil { + r = aCtx + } + var principal interface{} + if uprinc != nil { + principal = uprinc + } + if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params o.Context.Respond(rw, r, route.Produces, route, err) return } - res := o.Handler.Handle(Params) // actually handle the request + res := o.Handler.Handle(Params, principal) // actually handle the request o.Context.Respond(rw, r, route.Produces, route, res) diff --git a/restapi/operations/installer/post_step_reply.go b/restapi/operations/installer/post_step_reply.go index 1f8bac56e..f3ca854ee 100644 --- a/restapi/operations/installer/post_step_reply.go +++ b/restapi/operations/installer/post_step_reply.go @@ -12,16 +12,16 @@ import ( ) // PostStepReplyHandlerFunc turns a function with the right signature into a post step reply handler -type PostStepReplyHandlerFunc func(PostStepReplyParams) middleware.Responder +type PostStepReplyHandlerFunc func(PostStepReplyParams, interface{}) middleware.Responder // Handle executing the request and returning a response -func (fn PostStepReplyHandlerFunc) Handle(params PostStepReplyParams) middleware.Responder { - return fn(params) +func (fn PostStepReplyHandlerFunc) Handle(params PostStepReplyParams, principal interface{}) middleware.Responder { + return fn(params, principal) } // PostStepReplyHandler interface for that can handle valid post step reply params type PostStepReplyHandler interface { - Handle(PostStepReplyParams) middleware.Responder + Handle(PostStepReplyParams, interface{}) middleware.Responder } // NewPostStepReply creates a new http.Handler for the post step reply operation @@ -46,12 +46,25 @@ func (o *PostStepReply) ServeHTTP(rw http.ResponseWriter, r *http.Request) { } var Params = NewPostStepReplyParams() + uprinc, aCtx, err := o.Context.Authorize(r, route) + if err != nil { + o.Context.Respond(rw, r, route.Produces, route, err) + return + } + if aCtx != nil { + r = aCtx + } + var principal interface{} + if uprinc != nil { + principal = uprinc + } + if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params o.Context.Respond(rw, r, route.Produces, route, err) return } - res := o.Handler.Handle(Params) // actually handle the request + res := o.Handler.Handle(Params, principal) // actually handle the request o.Context.Respond(rw, r, route.Produces, route, res) diff --git a/restapi/operations/installer/register_cluster.go b/restapi/operations/installer/register_cluster.go index c7c3c723d..0731e7518 100644 --- a/restapi/operations/installer/register_cluster.go +++ b/restapi/operations/installer/register_cluster.go @@ -12,16 +12,16 @@ import ( ) // RegisterClusterHandlerFunc turns a function with the right signature into a register cluster handler -type RegisterClusterHandlerFunc func(RegisterClusterParams) middleware.Responder +type RegisterClusterHandlerFunc func(RegisterClusterParams, interface{}) middleware.Responder // Handle executing the request and returning a response -func (fn RegisterClusterHandlerFunc) Handle(params RegisterClusterParams) middleware.Responder { - return fn(params) +func (fn RegisterClusterHandlerFunc) Handle(params RegisterClusterParams, principal interface{}) middleware.Responder { + return fn(params, principal) } // RegisterClusterHandler interface for that can handle valid register cluster params type RegisterClusterHandler interface { - Handle(RegisterClusterParams) middleware.Responder + Handle(RegisterClusterParams, interface{}) middleware.Responder } // NewRegisterCluster creates a new http.Handler for the register cluster operation @@ -46,12 +46,25 @@ func (o *RegisterCluster) ServeHTTP(rw http.ResponseWriter, r *http.Request) { } var Params = NewRegisterClusterParams() + uprinc, aCtx, err := o.Context.Authorize(r, route) + if err != nil { + o.Context.Respond(rw, r, route.Produces, route, err) + return + } + if aCtx != nil { + r = aCtx + } + var principal interface{} + if uprinc != nil { + principal = uprinc + } + if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params o.Context.Respond(rw, r, route.Produces, route, err) return } - res := o.Handler.Handle(Params) // actually handle the request + res := o.Handler.Handle(Params, principal) // actually handle the request o.Context.Respond(rw, r, route.Produces, route, res) diff --git a/restapi/operations/installer/register_host.go b/restapi/operations/installer/register_host.go index 44bdd4b9e..a8992be42 100644 --- a/restapi/operations/installer/register_host.go +++ b/restapi/operations/installer/register_host.go @@ -12,16 +12,16 @@ import ( ) // RegisterHostHandlerFunc turns a function with the right signature into a register host handler -type RegisterHostHandlerFunc func(RegisterHostParams) middleware.Responder +type RegisterHostHandlerFunc func(RegisterHostParams, interface{}) middleware.Responder // Handle executing the request and returning a response -func (fn RegisterHostHandlerFunc) Handle(params RegisterHostParams) middleware.Responder { - return fn(params) +func (fn RegisterHostHandlerFunc) Handle(params RegisterHostParams, principal interface{}) middleware.Responder { + return fn(params, principal) } // RegisterHostHandler interface for that can handle valid register host params type RegisterHostHandler interface { - Handle(RegisterHostParams) middleware.Responder + Handle(RegisterHostParams, interface{}) middleware.Responder } // NewRegisterHost creates a new http.Handler for the register host operation @@ -46,12 +46,25 @@ func (o *RegisterHost) ServeHTTP(rw http.ResponseWriter, r *http.Request) { } var Params = NewRegisterHostParams() + uprinc, aCtx, err := o.Context.Authorize(r, route) + if err != nil { + o.Context.Respond(rw, r, route.Produces, route, err) + return + } + if aCtx != nil { + r = aCtx + } + var principal interface{} + if uprinc != nil { + principal = uprinc + } + if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params o.Context.Respond(rw, r, route.Produces, route, err) return } - res := o.Handler.Handle(Params) // actually handle the request + res := o.Handler.Handle(Params, principal) // actually handle the request o.Context.Respond(rw, r, route.Produces, route, res) diff --git a/restapi/operations/installer/reset_cluster.go b/restapi/operations/installer/reset_cluster.go index 6e0c443bf..601a1c607 100644 --- a/restapi/operations/installer/reset_cluster.go +++ b/restapi/operations/installer/reset_cluster.go @@ -12,16 +12,16 @@ import ( ) // ResetClusterHandlerFunc turns a function with the right signature into a reset cluster handler -type ResetClusterHandlerFunc func(ResetClusterParams) middleware.Responder +type ResetClusterHandlerFunc func(ResetClusterParams, interface{}) middleware.Responder // Handle executing the request and returning a response -func (fn ResetClusterHandlerFunc) Handle(params ResetClusterParams) middleware.Responder { - return fn(params) +func (fn ResetClusterHandlerFunc) Handle(params ResetClusterParams, principal interface{}) middleware.Responder { + return fn(params, principal) } // ResetClusterHandler interface for that can handle valid reset cluster params type ResetClusterHandler interface { - Handle(ResetClusterParams) middleware.Responder + Handle(ResetClusterParams, interface{}) middleware.Responder } // NewResetCluster creates a new http.Handler for the reset cluster operation @@ -46,12 +46,25 @@ func (o *ResetCluster) ServeHTTP(rw http.ResponseWriter, r *http.Request) { } var Params = NewResetClusterParams() + uprinc, aCtx, err := o.Context.Authorize(r, route) + if err != nil { + o.Context.Respond(rw, r, route.Produces, route, err) + return + } + if aCtx != nil { + r = aCtx + } + var principal interface{} + if uprinc != nil { + principal = uprinc + } + if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params o.Context.Respond(rw, r, route.Produces, route, err) return } - res := o.Handler.Handle(Params) // actually handle the request + res := o.Handler.Handle(Params, principal) // actually handle the request o.Context.Respond(rw, r, route.Produces, route, res) diff --git a/restapi/operations/installer/set_debug_step.go b/restapi/operations/installer/set_debug_step.go index 6f6fff2dd..2c51e31ac 100644 --- a/restapi/operations/installer/set_debug_step.go +++ b/restapi/operations/installer/set_debug_step.go @@ -12,16 +12,16 @@ import ( ) // SetDebugStepHandlerFunc turns a function with the right signature into a set debug step handler -type SetDebugStepHandlerFunc func(SetDebugStepParams) middleware.Responder +type SetDebugStepHandlerFunc func(SetDebugStepParams, interface{}) middleware.Responder // Handle executing the request and returning a response -func (fn SetDebugStepHandlerFunc) Handle(params SetDebugStepParams) middleware.Responder { - return fn(params) +func (fn SetDebugStepHandlerFunc) Handle(params SetDebugStepParams, principal interface{}) middleware.Responder { + return fn(params, principal) } // SetDebugStepHandler interface for that can handle valid set debug step params type SetDebugStepHandler interface { - Handle(SetDebugStepParams) middleware.Responder + Handle(SetDebugStepParams, interface{}) middleware.Responder } // NewSetDebugStep creates a new http.Handler for the set debug step operation @@ -46,12 +46,25 @@ func (o *SetDebugStep) ServeHTTP(rw http.ResponseWriter, r *http.Request) { } var Params = NewSetDebugStepParams() + uprinc, aCtx, err := o.Context.Authorize(r, route) + if err != nil { + o.Context.Respond(rw, r, route.Produces, route, err) + return + } + if aCtx != nil { + r = aCtx + } + var principal interface{} + if uprinc != nil { + principal = uprinc + } + if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params o.Context.Respond(rw, r, route.Produces, route, err) return } - res := o.Handler.Handle(Params) // actually handle the request + res := o.Handler.Handle(Params, principal) // actually handle the request o.Context.Respond(rw, r, route.Produces, route, res) diff --git a/restapi/operations/installer/update_cluster.go b/restapi/operations/installer/update_cluster.go index 7e1126df6..6bc057195 100644 --- a/restapi/operations/installer/update_cluster.go +++ b/restapi/operations/installer/update_cluster.go @@ -12,16 +12,16 @@ import ( ) // UpdateClusterHandlerFunc turns a function with the right signature into a update cluster handler -type UpdateClusterHandlerFunc func(UpdateClusterParams) middleware.Responder +type UpdateClusterHandlerFunc func(UpdateClusterParams, interface{}) middleware.Responder // Handle executing the request and returning a response -func (fn UpdateClusterHandlerFunc) Handle(params UpdateClusterParams) middleware.Responder { - return fn(params) +func (fn UpdateClusterHandlerFunc) Handle(params UpdateClusterParams, principal interface{}) middleware.Responder { + return fn(params, principal) } // UpdateClusterHandler interface for that can handle valid update cluster params type UpdateClusterHandler interface { - Handle(UpdateClusterParams) middleware.Responder + Handle(UpdateClusterParams, interface{}) middleware.Responder } // NewUpdateCluster creates a new http.Handler for the update cluster operation @@ -46,12 +46,25 @@ func (o *UpdateCluster) ServeHTTP(rw http.ResponseWriter, r *http.Request) { } var Params = NewUpdateClusterParams() + uprinc, aCtx, err := o.Context.Authorize(r, route) + if err != nil { + o.Context.Respond(rw, r, route.Produces, route, err) + return + } + if aCtx != nil { + r = aCtx + } + var principal interface{} + if uprinc != nil { + principal = uprinc + } + if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params o.Context.Respond(rw, r, route.Produces, route, err) return } - res := o.Handler.Handle(Params) // actually handle the request + res := o.Handler.Handle(Params, principal) // actually handle the request o.Context.Respond(rw, r, route.Produces, route, res) diff --git a/restapi/operations/installer/update_host_install_progress.go b/restapi/operations/installer/update_host_install_progress.go index 7d529bfa7..bf4689b03 100644 --- a/restapi/operations/installer/update_host_install_progress.go +++ b/restapi/operations/installer/update_host_install_progress.go @@ -12,16 +12,16 @@ import ( ) // UpdateHostInstallProgressHandlerFunc turns a function with the right signature into a update host install progress handler -type UpdateHostInstallProgressHandlerFunc func(UpdateHostInstallProgressParams) middleware.Responder +type UpdateHostInstallProgressHandlerFunc func(UpdateHostInstallProgressParams, interface{}) middleware.Responder // Handle executing the request and returning a response -func (fn UpdateHostInstallProgressHandlerFunc) Handle(params UpdateHostInstallProgressParams) middleware.Responder { - return fn(params) +func (fn UpdateHostInstallProgressHandlerFunc) Handle(params UpdateHostInstallProgressParams, principal interface{}) middleware.Responder { + return fn(params, principal) } // UpdateHostInstallProgressHandler interface for that can handle valid update host install progress params type UpdateHostInstallProgressHandler interface { - Handle(UpdateHostInstallProgressParams) middleware.Responder + Handle(UpdateHostInstallProgressParams, interface{}) middleware.Responder } // NewUpdateHostInstallProgress creates a new http.Handler for the update host install progress operation @@ -46,12 +46,25 @@ func (o *UpdateHostInstallProgress) ServeHTTP(rw http.ResponseWriter, r *http.Re } var Params = NewUpdateHostInstallProgressParams() + uprinc, aCtx, err := o.Context.Authorize(r, route) + if err != nil { + o.Context.Respond(rw, r, route.Produces, route, err) + return + } + if aCtx != nil { + r = aCtx + } + var principal interface{} + if uprinc != nil { + principal = uprinc + } + if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params o.Context.Respond(rw, r, route.Produces, route, err) return } - res := o.Handler.Handle(Params) // actually handle the request + res := o.Handler.Handle(Params, principal) // actually handle the request o.Context.Respond(rw, r, route.Produces, route, res) diff --git a/restapi/operations/installer/upload_cluster_ingress_cert.go b/restapi/operations/installer/upload_cluster_ingress_cert.go index a305938d3..857c2d2d7 100644 --- a/restapi/operations/installer/upload_cluster_ingress_cert.go +++ b/restapi/operations/installer/upload_cluster_ingress_cert.go @@ -12,16 +12,16 @@ import ( ) // UploadClusterIngressCertHandlerFunc turns a function with the right signature into a upload cluster ingress cert handler -type UploadClusterIngressCertHandlerFunc func(UploadClusterIngressCertParams) middleware.Responder +type UploadClusterIngressCertHandlerFunc func(UploadClusterIngressCertParams, interface{}) middleware.Responder // Handle executing the request and returning a response -func (fn UploadClusterIngressCertHandlerFunc) Handle(params UploadClusterIngressCertParams) middleware.Responder { - return fn(params) +func (fn UploadClusterIngressCertHandlerFunc) Handle(params UploadClusterIngressCertParams, principal interface{}) middleware.Responder { + return fn(params, principal) } // UploadClusterIngressCertHandler interface for that can handle valid upload cluster ingress cert params type UploadClusterIngressCertHandler interface { - Handle(UploadClusterIngressCertParams) middleware.Responder + Handle(UploadClusterIngressCertParams, interface{}) middleware.Responder } // NewUploadClusterIngressCert creates a new http.Handler for the upload cluster ingress cert operation @@ -46,12 +46,25 @@ func (o *UploadClusterIngressCert) ServeHTTP(rw http.ResponseWriter, r *http.Req } var Params = NewUploadClusterIngressCertParams() + uprinc, aCtx, err := o.Context.Authorize(r, route) + if err != nil { + o.Context.Respond(rw, r, route.Produces, route, err) + return + } + if aCtx != nil { + r = aCtx + } + var principal interface{} + if uprinc != nil { + principal = uprinc + } + if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params o.Context.Respond(rw, r, route.Produces, route, err) return } - res := o.Handler.Handle(Params) // actually handle the request + res := o.Handler.Handle(Params, principal) // actually handle the request o.Context.Respond(rw, r, route.Produces, route, res) diff --git a/restapi/operations/managed_domains/list_managed_domains.go b/restapi/operations/managed_domains/list_managed_domains.go index 1b11442f2..18a72d3c9 100644 --- a/restapi/operations/managed_domains/list_managed_domains.go +++ b/restapi/operations/managed_domains/list_managed_domains.go @@ -12,16 +12,16 @@ import ( ) // ListManagedDomainsHandlerFunc turns a function with the right signature into a list managed domains handler -type ListManagedDomainsHandlerFunc func(ListManagedDomainsParams) middleware.Responder +type ListManagedDomainsHandlerFunc func(ListManagedDomainsParams, interface{}) middleware.Responder // Handle executing the request and returning a response -func (fn ListManagedDomainsHandlerFunc) Handle(params ListManagedDomainsParams) middleware.Responder { - return fn(params) +func (fn ListManagedDomainsHandlerFunc) Handle(params ListManagedDomainsParams, principal interface{}) middleware.Responder { + return fn(params, principal) } // ListManagedDomainsHandler interface for that can handle valid list managed domains params type ListManagedDomainsHandler interface { - Handle(ListManagedDomainsParams) middleware.Responder + Handle(ListManagedDomainsParams, interface{}) middleware.Responder } // NewListManagedDomains creates a new http.Handler for the list managed domains operation @@ -46,12 +46,25 @@ func (o *ListManagedDomains) ServeHTTP(rw http.ResponseWriter, r *http.Request) } var Params = NewListManagedDomainsParams() + uprinc, aCtx, err := o.Context.Authorize(r, route) + if err != nil { + o.Context.Respond(rw, r, route.Produces, route, err) + return + } + if aCtx != nil { + r = aCtx + } + var principal interface{} + if uprinc != nil { + principal = uprinc + } + if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params o.Context.Respond(rw, r, route.Produces, route, err) return } - res := o.Handler.Handle(Params) // actually handle the request + res := o.Handler.Handle(Params, principal) // actually handle the request o.Context.Respond(rw, r, route.Produces, route, res) diff --git a/restapi/operations/versions/list_component_versions.go b/restapi/operations/versions/list_component_versions.go index 5a09ea4d3..9956a2360 100644 --- a/restapi/operations/versions/list_component_versions.go +++ b/restapi/operations/versions/list_component_versions.go @@ -12,16 +12,16 @@ import ( ) // ListComponentVersionsHandlerFunc turns a function with the right signature into a list component versions handler -type ListComponentVersionsHandlerFunc func(ListComponentVersionsParams) middleware.Responder +type ListComponentVersionsHandlerFunc func(ListComponentVersionsParams, interface{}) middleware.Responder // Handle executing the request and returning a response -func (fn ListComponentVersionsHandlerFunc) Handle(params ListComponentVersionsParams) middleware.Responder { - return fn(params) +func (fn ListComponentVersionsHandlerFunc) Handle(params ListComponentVersionsParams, principal interface{}) middleware.Responder { + return fn(params, principal) } // ListComponentVersionsHandler interface for that can handle valid list component versions params type ListComponentVersionsHandler interface { - Handle(ListComponentVersionsParams) middleware.Responder + Handle(ListComponentVersionsParams, interface{}) middleware.Responder } // NewListComponentVersions creates a new http.Handler for the list component versions operation @@ -46,12 +46,25 @@ func (o *ListComponentVersions) ServeHTTP(rw http.ResponseWriter, r *http.Reques } var Params = NewListComponentVersionsParams() + uprinc, aCtx, err := o.Context.Authorize(r, route) + if err != nil { + o.Context.Respond(rw, r, route.Produces, route, err) + return + } + if aCtx != nil { + r = aCtx + } + var principal interface{} + if uprinc != nil { + principal = uprinc + } + if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params o.Context.Respond(rw, r, route.Produces, route, err) return } - res := o.Handler.Handle(Params) // actually handle the request + res := o.Handler.Handle(Params, principal) // actually handle the request o.Context.Respond(rw, r, route.Produces, route, res) From 6263b06064ce9b2ce7dec1371e4c515e7a6005c1 Mon Sep 17 00:00:00 2001 From: Nir Magnezi Date: Sun, 19 Jul 2020 13:25:46 +0300 Subject: [PATCH 3/6] MGMT-773 Implement Swagger APIKeyAuthenticator Based Auth Handler --- .drone.yml | 1 + cmd/main.go | 19 +- deploy/bm-inventory-configmap.yaml | 2 + go.mod | 4 +- go.sum | 64 +------ pkg/auth/auth_handler.go | 185 +++++++++++++++++++ pkg/auth/auth_utils.go | 133 +++++++++++++ tools/deploy_assisted_installer_configmap.py | 2 + 8 files changed, 336 insertions(+), 74 deletions(-) create mode 100644 pkg/auth/auth_handler.go create mode 100644 pkg/auth/auth_utils.go diff --git a/.drone.yml b/.drone.yml index 60fd4b201..29eb4fbf2 100644 --- a/.drone.yml +++ b/.drone.yml @@ -18,6 +18,7 @@ steps: DB_HOST: postgres DB_PORT: 5432 USE_K8S: false + ENABLE_AUTH: false trigger: branch: diff --git a/cmd/main.go b/cmd/main.go index 48bef7c6a..30b27be73 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -51,6 +51,7 @@ func init() { } var Options struct { + Auth auth.Config BMConfig bminventory.Config DBConfig db.Config HWValidatorConfig hardware.ValidatorCfg @@ -120,7 +121,7 @@ func main() { if err = db.AutoMigrate(&models.Host{}, &common.Cluster{}, &events.Event{}).Error; err != nil { log.Fatal("failed to auto migrate, ", err) } - + authHandler := auth.NewAuthHandler(Options.Auth, log.WithField("pkg", "auth")) versionHandler := versions.NewHandler(Options.Versions) domainHandler := domains.NewHandler(Options.BMConfig.BaseDNSDomains) eventsHandler := events.New(db, log.WithField("pkg", "events")) @@ -167,14 +168,16 @@ func main() { } else { log.Info("Disabled image expiration monitor") } - h, err := restapi.Handler(restapi.Config{ - InstallerAPI: bm, - EventsAPI: events, - Logger: log.Printf, - VersionsAPI: versionHandler, - ManagedDomainsAPI: domainHandler, - InnerMiddleware: metrics.WithMatchedRoute(log.WithField("pkg", "matched-h"), prometheusRegistry), + AuthAgentAuth: authHandler.AuthAgentAuth, + AuthUserAuth: authHandler.AuthUserAuth, + APIKeyAuthenticator: authHandler.CreateAuthenticator(), + InstallerAPI: bm, + EventsAPI: events, + Logger: log.Printf, + VersionsAPI: versionHandler, + ManagedDomainsAPI: domainHandler, + InnerMiddleware: metrics.WithMatchedRoute(log.WithField("pkg", "matched-h"), prometheusRegistry), }) h = app.WithMetricsResponderMiddleware(h) h = app.WithHealthMiddleware(h) diff --git a/deploy/bm-inventory-configmap.yaml b/deploy/bm-inventory-configmap.yaml index fe8e72a1e..42268903d 100644 --- a/deploy/bm-inventory-configmap.yaml +++ b/deploy/bm-inventory-configmap.yaml @@ -12,3 +12,5 @@ data: BASE_DNS_DOMAINS: REPLACE_DOMAINS # example: name1:id1/provider1,name2:id2/provider2 OPENSHIFT_INSTALL_RELEASE_IMAGE: "quay.io/openshift-release-dev/ocp-release@sha256:eab93b4591699a5a4ff50ad3517892653f04fb840127895bb3609b3cc68f98f3" CREATE_S3_BUCKET: "true" + ENABLE_AUTH: REPLACE_AUTH_ENABLED_FLAG + JWKS_URL: REPLACE_JWKS_URL # example https://example.com/.well-known/jwks.json \ No newline at end of file diff --git a/go.mod b/go.mod index e05ddc7cd..639dc8299 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/cenkalti/backoff/v3 v3.2.2 // indirect github.com/containerd/continuity v0.0.0-20200710164510-efbc4488d8fe // indirect github.com/danielerez/go-dns-client v0.0.0-20200630114514-0b60d1703f0b - github.com/docker/go-units v0.4.0 + github.com/dgrijalva/jwt-go v3.2.0+incompatible github.com/filanov/stateswitch v0.0.0-20200714113403-51a42a34c604 github.com/go-openapi/errors v0.19.6 github.com/go-openapi/loads v0.19.5 @@ -29,7 +29,6 @@ require ( github.com/pborman/uuid v1.2.0 github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.6.0 - github.com/prometheus/common v0.9.1 github.com/sirupsen/logrus v1.6.0 github.com/slok/go-http-metrics v0.8.0 github.com/stretchr/testify v1.6.1 @@ -38,7 +37,6 @@ require ( golang.org/x/net v0.0.0-20200707034311-ab3426394381 // indirect golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae // indirect gopkg.in/yaml.v2 v2.3.0 - gotest.tools/gotestsum v0.5.2 // indirect k8s.io/api v0.17.3 k8s.io/apimachinery v0.17.3 k8s.io/client-go v11.0.0+incompatible diff --git a/go.sum b/go.sum index 90f813e20..c8b89dc1a 100644 --- a/go.sum +++ b/go.sum @@ -73,8 +73,6 @@ github.com/coreos/pkg v0.0.0-20180108230652-97fdf19511ea/go.mod h1:E3G3o1h8I7cfc github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/danielerez/go-dns-client v0.0.0-20200629124827-e4a32ed16a29 h1:4CTch4fbkk5qBUtiSlM8/SvA9UsTykdLpfcEjXW28yU= -github.com/danielerez/go-dns-client v0.0.0-20200629124827-e4a32ed16a29/go.mod h1:2l39JZ3DOxVtByPDmp0Zhh4xS7603UHmeRtLCKzqQdQ= github.com/danielerez/go-dns-client v0.0.0-20200630114514-0b60d1703f0b h1:3Mkb/I9NauxsrV6kc6DaP3MspFFHsi06kA6jL8L8iBc= github.com/danielerez/go-dns-client v0.0.0-20200630114514-0b60d1703f0b/go.mod h1:2l39JZ3DOxVtByPDmp0Zhh4xS7603UHmeRtLCKzqQdQ= github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -83,6 +81,7 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/denisenkom/go-mssqldb v0.0.0-20191124224453-732737034ffd h1:83Wprp6ROGeiHFAP8WJdI2RoxALQYgdllERc3N5N2DM= github.com/denisenkom/go-mssqldb v0.0.0-20191124224453-732737034ffd/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU= +github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0 h1:w3NnFcKR5241cfmQU5ZZAsf0xcpId6mWOupTvJlUX2U= github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= @@ -105,19 +104,8 @@ github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLi github.com/evanphx/json-patch v4.5.0+incompatible h1:ouOWdg56aJriqS0huScTkVXPC5IcNrDCXZ6OoTAWu7M= github.com/evanphx/json-patch v4.5.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= -github.com/fatih/color v1.9.0 h1:8xPHl4/q1VyqGIPif1F+1V3Y3lSmrq01EabUW3CoW5s= -github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= -github.com/filanov/stateswitch v0.0.0-20200513095115-051501b05b45 h1:IwhQ7f5Gx8ivAkpiQC4iQaKTMOq1wrgRDaxe+OggGTg= -github.com/filanov/stateswitch v0.0.0-20200513095115-051501b05b45/go.mod h1:sk33Oz1ABVidMrVdJfd6tj7n9exK/PZarClHJNnFIQ8= -github.com/filanov/stateswitch v0.0.0-20200704183537-be38b090f667 h1:5U1htz3rGQOXt48IQMx4M6xm8cSnjzYEQ9v3M9uNJHM= -github.com/filanov/stateswitch v0.0.0-20200704183537-be38b090f667/go.mod h1:/dLVXazqXVH6lOV6ICV0kLc6FP1g2CLXDMfULBEQNq8= -github.com/filanov/stateswitch v0.0.0-20200705122956-f73346fe9d27 h1:MPpnRyC/BNfH6A2iI8vfRxZUQgKb04pnRHREOD4AhQk= -github.com/filanov/stateswitch v0.0.0-20200705122956-f73346fe9d27/go.mod h1:/dLVXazqXVH6lOV6ICV0kLc6FP1g2CLXDMfULBEQNq8= -github.com/filanov/stateswitch v0.0.0-20200707093657-321a5049bd8a h1:ZTyyf3F3pv52BjOnGo1KzKRHs70VtUAI08xBFXig9/4= -github.com/filanov/stateswitch v0.0.0-20200707093657-321a5049bd8a/go.mod h1:GYnXtGE0e/uuFBz4CbjJL0JmP3DWwzGtcpjZYYC9ikc= github.com/filanov/stateswitch v0.0.0-20200714113403-51a42a34c604 h1:aZhbnjYgDH0XJXQPYGxJjla3bOsx+I4V1F3eqMuiIpQ= github.com/filanov/stateswitch v0.0.0-20200714113403-51a42a34c604/go.mod h1:GYnXtGE0e/uuFBz4CbjJL0JmP3DWwzGtcpjZYYC9ikc= -github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= @@ -140,14 +128,12 @@ github.com/go-openapi/analysis v0.17.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpR github.com/go-openapi/analysis v0.18.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik= github.com/go-openapi/analysis v0.19.2/go.mod h1:3P1osvZa9jKjb8ed2TPng3f0i/UY9snX6gxi44djMjk= github.com/go-openapi/analysis v0.19.4/go.mod h1:3P1osvZa9jKjb8ed2TPng3f0i/UY9snX6gxi44djMjk= -github.com/go-openapi/analysis v0.19.5 h1:8b2ZgKfKIUTVQpTb77MoRDIMEIwvDVw40o3aOXdfYzI= github.com/go-openapi/analysis v0.19.5/go.mod h1:hkEAkxagaIvIP7VTn8ygJNkd4kAYON2rCu0v0ObL0AU= github.com/go-openapi/analysis v0.19.10 h1:5BHISBAXOc/aJK25irLZnx2D3s6WyYaY9D4gmuz9fdE= github.com/go-openapi/analysis v0.19.10/go.mod h1:qmhS3VNFxBlquFJ0RGoDtylO9y4pgTAUNE9AEEMdlJQ= github.com/go-openapi/errors v0.17.0/go.mod h1:LcZQpmvG4wyF5j4IhA73wkLFQg+QJXOQHVjmcZxhka0= github.com/go-openapi/errors v0.18.0/go.mod h1:LcZQpmvG4wyF5j4IhA73wkLFQg+QJXOQHVjmcZxhka0= github.com/go-openapi/errors v0.19.2/go.mod h1:qX0BLWsyaKfvhluLejVpVNwNRdXZhEbTA4kxxpKBC94= -github.com/go-openapi/errors v0.19.3 h1:7MGZI1ibQDLasvAz8HuhvYk9eNJbJkCOXWsSjjMS+Zc= github.com/go-openapi/errors v0.19.3/go.mod h1:qX0BLWsyaKfvhluLejVpVNwNRdXZhEbTA4kxxpKBC94= github.com/go-openapi/errors v0.19.6 h1:xZMThgv5SQ7SMbWtKFkCf9bBdvR2iEyw9k3zGZONuys= github.com/go-openapi/errors v0.19.6/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= @@ -168,14 +154,12 @@ github.com/go-openapi/loads v0.18.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf github.com/go-openapi/loads v0.19.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU= github.com/go-openapi/loads v0.19.2/go.mod h1:QAskZPMX5V0C2gvfkGZzJlINuP7Hx/4+ix5jWFxsNPs= github.com/go-openapi/loads v0.19.3/go.mod h1:YVfqhUCdahYwR3f3iiwQLhicVRvLlU/WO5WPaZvcvSI= -github.com/go-openapi/loads v0.19.4 h1:5I4CCSqoWzT+82bBkNIvmLc0UOsoKKQ4Fz+3VxOB7SY= github.com/go-openapi/loads v0.19.4/go.mod h1:zZVHonKd8DXyxyw4yfnVjPzBjIQcLt0CCsn0N0ZrQsk= github.com/go-openapi/loads v0.19.5 h1:jZVYWawIQiA1NBnHla28ktg6hrcfTHsCE+3QLVRBIls= github.com/go-openapi/loads v0.19.5/go.mod h1:dswLCAdonkRufe/gSUC3gN8nTSaB9uaS2es0x5/IbjY= github.com/go-openapi/runtime v0.0.0-20180920151709-4f900dc2ade9/go.mod h1:6v9a6LTXWQCdL8k1AO3cvqx5OtZY/Y9wKTgaoP6YRfA= github.com/go-openapi/runtime v0.19.0/go.mod h1:OwNfisksmmaZse4+gpV3Ne9AyMOlP1lt4sK4FXt0O64= github.com/go-openapi/runtime v0.19.4/go.mod h1:X277bwSUBxVlCYR3r7xgZZGKVvBd/29gLDlFGtJ8NL4= -github.com/go-openapi/runtime v0.19.15 h1:2GIefxs9Rx1vCDNghRtypRq+ig8KSLrjHbAYI/gCLCM= github.com/go-openapi/runtime v0.19.15/go.mod h1:dhGWCTKRXlAfGnQG0ONViOZpjfg0m2gUt9nTQPQZuoo= github.com/go-openapi/runtime v0.19.20 h1:J/t+QIjbcoq8WJvjGxRKiFBhqUE8slS9SbmD0Oi/raQ= github.com/go-openapi/runtime v0.19.20/go.mod h1:Lm9YGCeecBnUUkFTxPC4s1+lwrkJ0pthx8YvyjCfkgk= @@ -184,7 +168,6 @@ github.com/go-openapi/spec v0.17.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsd github.com/go-openapi/spec v0.18.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI= github.com/go-openapi/spec v0.19.2/go.mod h1:sCxk3jxKgioEJikev4fgkNmwS+3kuYdJtcsZsD5zxMY= github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo= -github.com/go-openapi/spec v0.19.6 h1:rMMMj8cV38KVXK7SFc+I2MWClbEfbK705+j+dyqun5g= github.com/go-openapi/spec v0.19.6/go.mod h1:Hm2Jr4jv8G1ciIAo+frC/Ft+rR2kQDh8JHKHb3gWUSk= github.com/go-openapi/spec v0.19.8 h1:qAdZLh1r6QF/hI/gTq+TJTvsQUodZsM7KLqkAJdiJNg= github.com/go-openapi/spec v0.19.8/go.mod h1:Hm2Jr4jv8G1ciIAo+frC/Ft+rR2kQDh8JHKHb3gWUSk= @@ -193,7 +176,6 @@ github.com/go-openapi/strfmt v0.18.0/go.mod h1:P82hnJI0CXkErkXi8IKjPbNBM6lV6+5pL github.com/go-openapi/strfmt v0.19.0/go.mod h1:+uW+93UVvGGq2qGaZxdDeJqSAqBqBdl+ZPMF/cC8nDY= github.com/go-openapi/strfmt v0.19.2/go.mod h1:0yX7dbo8mKIvc3XSKp7MNfxw4JytCfCD6+bY1AVL9LU= github.com/go-openapi/strfmt v0.19.3/go.mod h1:0yX7dbo8mKIvc3XSKp7MNfxw4JytCfCD6+bY1AVL9LU= -github.com/go-openapi/strfmt v0.19.4 h1:eRvaqAhpL0IL6Trh5fDsGnGhiXndzHFuA05w6sXH6/g= github.com/go-openapi/strfmt v0.19.4/go.mod h1:eftuHTlB/dI8Uq8JJOyRlieZf+WkkxUuk0dgdHXr2Qk= github.com/go-openapi/strfmt v0.19.5 h1:0utjKrw+BAh8s57XE9Xz8DUBsVvPmRUB6styvl9wWIM= github.com/go-openapi/strfmt v0.19.5/go.mod h1:eftuHTlB/dI8Uq8JJOyRlieZf+WkkxUuk0dgdHXr2Qk= @@ -208,7 +190,6 @@ github.com/go-openapi/swag v0.19.9/go.mod h1:ao+8BpOPyKdpQz3AOJfbeEVpLmWAvlT1IfT github.com/go-openapi/validate v0.18.0/go.mod h1:Uh4HdOzKt19xGIGm1qHf/ofbX1YQ4Y+MYsct2VUrAJ4= github.com/go-openapi/validate v0.19.2/go.mod h1:1tRCw7m3jtI8eNWEEliiAqUIcBztB2KDnRCRMUi7GTA= github.com/go-openapi/validate v0.19.3/go.mod h1:90Vh6jjkTn+OT1Eefm0ZixWNFjhtOH7vS9k0lo6zwJo= -github.com/go-openapi/validate v0.19.5 h1:QhCBKRYqZR+SKo4gl1lPhPahope8/RLt6EVgY8X80w0= github.com/go-openapi/validate v0.19.5/go.mod h1:8DJv2CVJQ6kGNpFW6eV9N3JviE1C85nY1c2z52x1Gk4= github.com/go-openapi/validate v0.19.10 h1:tG3SZ5DC5KF4cyt7nqLVcQXGj5A7mpaYkAcNPlDK+Yk= github.com/go-openapi/validate v0.19.10/go.mod h1:RKEZTUWDkxKQxN2jDT7ZnZi2bhZlbNMAuKvKB+IaGx8= @@ -261,7 +242,6 @@ github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfb github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= @@ -275,7 +255,6 @@ github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEW github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4= @@ -285,8 +264,6 @@ github.com/google/gofuzz v1.0.0 h1:A8PeW59pxE9IoFRqBp37U+mSNaQoZ46F1f0f863XSXw= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= -github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -306,7 +283,6 @@ github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28= @@ -321,7 +297,6 @@ github.com/jinzhu/now v1.0.1/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/ github.com/jmespath/go-jmespath v0.3.0 h1:OS12ieG61fsCg5+qLJ+SsW9NicxNkg3b25OyT2yCeUc= github.com/jmespath/go-jmespath v0.3.0/go.mod h1:9QtRXoHjLGCJ5IBSaohpXITPlowMeeYCZ7fLUTSywik= github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg= -github.com/jonboulle/clockwork v0.1.0 h1:VKV+ZcuP6l3yW9doeqz6ziZGgcynBVQO+obU0+0hcPo= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/json-iterator/go v0.0.0-20180612202835-f2b4162afba3/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= @@ -347,11 +322,9 @@ github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxv github.com/konsorten/go-windows-terminal-sequences v1.0.3 h1:CE8S1cTafDpPvMhIxNJKvHsGVBgn1xWYf1NbHQhywc8= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= -github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA= -github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= @@ -367,7 +340,6 @@ github.com/mailru/easyjson v0.0.0-20180823135443-60711f1a8329/go.mod h1:C1wdFJiN github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= -github.com/mailru/easyjson v0.7.0 h1:aizVhC/NAAcKWb+5QsU1iNOZb4Yws5UO2I+aIprQITM= github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs= github.com/mailru/easyjson v0.7.1 h1:mdxE1MF9o53iCb2Ghj1VfWvh7ZOwHpnVG/xwXrV90U8= github.com/mailru/easyjson v0.7.1/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs= @@ -375,14 +347,10 @@ github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsI github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= -github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= -github.com/mattn/go-colorable v0.1.6 h1:6Su7aK7lXmJ/U79bYtBjLNaha4Fs1Rg9plHpcH+vvnE= github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ= -github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= -github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-sqlite3 v2.0.1+incompatible h1:xQ15muvnzGBHpIpdrNi1DA5x0+TcBZzsIDwmw9uTHzw= @@ -395,7 +363,6 @@ github.com/minio/sha256-simd v0.1.1 h1:5QHSlgo3nt5yKOJrC7W8w7X+NFl8cMPZm96iu8kKU github.com/minio/sha256-simd v0.1.1/go.mod h1:B5e1o+1/KgNmWrSQK08Y6Z1Vb5pwIktudl0J58iy0KM= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.3.2 h1:mRS76wmkOn3KkKAyXDu42V+6ebnXWIztFSYGN7GeoRg= github.com/mitchellh/mapstructure v1.3.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= @@ -421,11 +388,7 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.12.0 h1:Iw5WCbBcaAAd0fpRb1c9r5YCylv4XDoCSigm1zLevwU= -github.com/onsi/ginkgo v1.12.0/go.mod h1:oUhWkIvk5aDxtKvDDuw8gItl8pKl42LzjC9KZE0HfGg= github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= -github.com/onsi/ginkgo v1.12.2 h1:Ke9m3h2Hu0wsZ45yewCqhYr3Z+emcNTuLY2nMWCkrSI= -github.com/onsi/ginkgo v1.12.2/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= github.com/onsi/ginkgo v1.14.0 h1:2mOpI4JVVPBN+WQRa0WKH2eXR+Ey+uK4n7Zj0aYpIQA= github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= @@ -433,11 +396,8 @@ github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1Cpa github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.8.1/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA= -github.com/onsi/gomega v1.10.0 h1:Gwkk+PTu/nfOwNMtUB/mRUv0X7ewW5dO4AERT1ThVKo= -github.com/onsi/gomega v1.10.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA= github.com/onsi/gomega v1.10.1 h1:o0+MgICZLuZ7xjH7Vx6zS/zcu93/BEp1VwkIW1mEXCE= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= -github.com/opencontainers/go-digest v1.0.0-rc1 h1:WzifXhOVOEOuFYOJAW6aQqW0TooG2iki3E3Ii+WN7gQ= github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= @@ -523,9 +483,7 @@ github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRci github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= -github.com/stretchr/testify v1.6.0 h1:jlIyCplCJFULU/01vCkhKuTyc3OorI3bJFuw6obfgho= github.com/stretchr/testify v1.6.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= @@ -553,7 +511,6 @@ go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg= go.mongodb.org/mongo-driver v1.0.3/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= go.mongodb.org/mongo-driver v1.1.1/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= -go.mongodb.org/mongo-driver v1.1.2 h1:jxcFYjlkl8xaERsgLo+RNquI0epW6zuy/ZRQs6jnrFA= go.mongodb.org/mongo-driver v1.1.2/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= go.mongodb.org/mongo-driver v1.3.0/go.mod h1:MSWZXKOynuguX+JSvwP8i+58jYCXxbia8HS3gZBapIE= go.mongodb.org/mongo-driver v1.3.4 h1:zs/dKNwX0gYUtzwrN9lLiR15hCO0nDwQj5xXx+vjCdE= @@ -580,9 +537,7 @@ golang.org/x/crypto v0.0.0-20190530122614-20be4c3c3ed5/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190617133340-57b3e21c3d56/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20191205180655-e7c4368fe9dd h1:GGJVjV8waZKRHrgwvtH66z9ZGVurTD1MT0n1Bb+q4aM= golang.org/x/crypto v0.0.0-20191205180655-e7c4368fe9dd/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20200221231518-2aa609cf4a9d h1:1ZiEyfaQIg3Qh0EoqpwAakHVhecoE5wlSg5GjnafJGw= golang.org/x/crypto v0.0.0-20200221231518-2aa609cf4a9d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -618,9 +573,7 @@ golang.org/x/net v0.0.0-20191003171128-d98b1b443823/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7 h1:AeiKBIuRw3UomYXSbLy0Mc2dDLfdtbT/IVn4keq83P0= golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200602114024-627f9648deb9 h1:pNX+40auqi2JqRfOP1akLGtYcn15TUbkhwuCO3foqqM= golang.org/x/net v0.0.0-20200602114024-627f9648deb9/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200707034311-ab3426394381 h1:VXak5I6aEWmAXeQjA+QSZzlgNrpq9mjcfDemuexIKsU= golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= @@ -634,7 +587,6 @@ golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190412183630-56d357773e84/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e h1:vcxGaoTs7kV8m5Np9uUNQin4BrLOthgV7252N8V+FwY= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -660,8 +612,6 @@ golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e h1:N7DeIrjYszNmSW409R3frPPwglRwMkXSBzwVbkOjLLA= golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -669,8 +619,6 @@ golang.org/x/sys v0.0.0-20200121082415-34d275377bf9/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200519105757-fe76b779f299 h1:DYfZAGf2WMFjMxbgTjaC+2HC7NkNAQs+6Q8b9WEB/F4= golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae h1:Ih9Yo4hSPImZOpfGuA4bR/ORKTAbhZo2AbWNRCnevdo= golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -703,7 +651,6 @@ golang.org/x/tools v0.0.0-20190531172133-b3315ee88b7d/go.mod h1:/rFqwRUd4F7ZHNgw golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190617190820-da514acc4774/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72 h1:bw9doJza/SFBEweII/rHQh338oozWyiFsBRHtrflcws= golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= @@ -733,18 +680,14 @@ google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzi google.golang.org/protobuf v1.23.0 h1:4MY060fB1DLGMB/7MBTLnwQUY6+F09GEiz6SsrNqyzM= google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= -gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQfozc= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU= gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= -gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo= gopkg.in/inf.v0 v0.9.0/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= @@ -763,20 +706,15 @@ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c h1:grhR+C34yXImVGp7EzNk+DTIk+323eIUWOmEevy6bDo= gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 h1:tQIYjPdBoyREyB9XMu+nnTclpTYkz2zFM+lzLJFO4gQ= gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= -gotest.tools/gotestsum v0.5.2 h1:sSKWtEFqorHhuBCHU6MeUl50cq9U2J3d1m5NlQTVrbY= -gotest.tools/gotestsum v0.5.2/go.mod h1:hC9TQserDVTWcJuARh76Ydp3ZwuE+pIIWpt2BzDLD6M= gotest.tools/v3 v3.0.2 h1:kG1BFyqVHuQoVQiR1bWGnfz/fmHvvuiSPIV7rvl360E= gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/pkg/auth/auth_handler.go b/pkg/auth/auth_handler.go new file mode 100644 index 000000000..1d3a26d3f --- /dev/null +++ b/pkg/auth/auth_handler.go @@ -0,0 +1,185 @@ +package auth + +import ( + "crypto/rsa" + "crypto/x509" + "fmt" + "net/http" + "strings" + + "github.com/go-openapi/runtime" + "github.com/go-openapi/runtime/security" + + "github.com/dgrijalva/jwt-go" + "github.com/sirupsen/logrus" +) + +// AuthPayload defines the structure of the JWT payload we expect from +// RHD JWT tokens +type AuthPayload struct { + Username string `json:"username"` + FirstName string `json:"first_name"` + LastName string `json:"last_name"` + Organization string `json:"org_id"` + Email string `json:"email"` + Issuer string `json:"iss"` + ClientID string `json:"clientId"` +} + +type Config struct { + EnableAuth bool `envconfig:"ENABLE_AUTH" default:"true"` + JwkCertURL string `envconfig:"JWKS_URL" default:"https://api.openshift.com/.well-known/jwks.json"` +} + +type AuthHandler struct { + CertURL string + EnableAuth bool + KeyMap map[string]*rsa.PublicKey + log logrus.FieldLogger +} + +func NewAuthHandler(cfg Config, log logrus.FieldLogger) *AuthHandler { + a := &AuthHandler{ + EnableAuth: cfg.EnableAuth, + CertURL: cfg.JwkCertURL, + log: log, + } + err := a.populateKeyMap() + if err != nil { + log.Fatalln("Failed to init auth handler,", err) + } + return a +} + +func (a *AuthHandler) populateKeyMap() error { + // Load the trusted CA certificates: + trustedCAs, err := x509.SystemCertPool() + if err != nil { + return fmt.Errorf("can't load system trusted CAs: %v", err) + } + + // Try to read the JWT public key object file. + a.KeyMap, err = downloadPublicKeys(a.CertURL, trustedCAs) + return err +} + +func (a *AuthHandler) getValidationToken(token *jwt.Token) (interface{}, error) { + // Try to get the token kid. + kid, ok := token.Header["kid"] + if !ok { + return nil, fmt.Errorf("no kid found in jwt token") + } + + // Try to get correct cert from certs map. + key, ok := a.KeyMap[kid.(string)] + if !ok { + return nil, fmt.Errorf("No matching key in auth keymap for key id [%v]", kid) + } + + return key, nil +} + +func (a *AuthHandler) AuthAgentAuth(token string) (interface{}, error) { + //TODO: Validate agent pull secret + return "user_foo", nil +} + +func parsePayload(userToken *jwt.Token) (*AuthPayload, error) { + claims, ok := userToken.Claims.(jwt.MapClaims) + if !ok { + err := fmt.Errorf("Unable to parse JWT token claims") + return nil, err + } + + payload := &AuthPayload{} + // default to the values we expect from RHSSO + payload.Username, _ = claims["username"].(string) + payload.FirstName, _ = claims["first_name"].(string) + payload.LastName, _ = claims["last_name"].(string) + payload.Organization, _ = claims["org_id"].(string) + payload.Email, _ = claims["email"].(string) + payload.ClientID, _ = claims["clientId"].(string) + + // Check values, if empty, use alternative claims from RHD + if payload.Username == "" { + payload.Username, _ = claims["preferred_username"].(string) + } + + if payload.FirstName == "" { + payload.FirstName, _ = claims["given_name"].(string) + } + + if payload.LastName == "" { + payload.LastName, _ = claims["family_name"].(string) + } + + // If given and family names are not present, use the name field + if payload.FirstName == "" || payload.LastName == "" { + name, _ := claims["name"].(string) + names := strings.Split(name, " ") + if len(names) > 1 { + payload.FirstName = names[0] + payload.LastName = names[1] + } else { + payload.FirstName = names[0] + } + } + return payload, nil +} + +func (a *AuthHandler) AuthUserAuth(token string) (interface{}, error) { + // Handle Bearer + authHeaderParts := strings.Fields(token) + if len(authHeaderParts) != 2 || strings.ToLower(authHeaderParts[0]) != "bearer" { + return nil, fmt.Errorf("Authorization header format must be Bearer {token}") + } + // Now parse the token + parsedToken, err := jwt.Parse(authHeaderParts[1], a.getValidationToken) + + // Check if there was an error in parsing... + if err != nil { + a.log.Error("Error parsing token: %e", err) + return nil, fmt.Errorf("Error parsing token: %v", err) + } + + if jwt.SigningMethodRS256 != nil && jwt.SigningMethodRS256.Alg() != parsedToken.Header["alg"] { + message := fmt.Sprintf("Expected %s signing method but token specified %s", + jwt.SigningMethodRS256.Alg(), + parsedToken.Header["alg"]) + a.log.Error("Error validating token algorithm: %s", message) + return nil, fmt.Errorf("Error validating token algorithm: %s", message) + } + + // Check if the parsed token is valid... + if !parsedToken.Valid { + a.log.Error("Token is invalid: %s", parsedToken.Raw) + return nil, fmt.Errorf("Token is invalid: %s", parsedToken.Raw) + } + + payload, err := parsePayload(parsedToken) + if err != nil { + a.log.Fatalln("Failed parse payload,", err) + return nil, err + } + return payload, nil +} + +func (a *AuthHandler) CreateAuthenticator() func(name, in string, authenticate security.TokenAuthentication) runtime.Authenticator { + return func(name string, _ string, authenticate security.TokenAuthentication) runtime.Authenticator { + getToken := func(r *http.Request) string { return r.Header.Get(name) } + + return security.HttpAuthenticator(func(r *http.Request) (bool, interface{}, error) { + + if !a.EnableAuth { + a.log.Info("API Key Authentication Disabled") + return true, "", nil + } + token := getToken(r) + if token == "" { + return false, nil, nil + } + p, err := authenticate(token) + return true, p, err + }) + } +} diff --git a/pkg/auth/auth_utils.go b/pkg/auth/auth_utils.go new file mode 100644 index 000000000..0ecf19463 --- /dev/null +++ b/pkg/auth/auth_utils.go @@ -0,0 +1,133 @@ +package auth + +import ( + "bytes" + "crypto/rsa" + "crypto/tls" + "crypto/x509" + "encoding/base64" + "encoding/json" + "encoding/pem" + "fmt" + "io/ioutil" + "math/big" + "net/http" + + "github.com/dgrijalva/jwt-go" + "github.com/sirupsen/logrus" +) + +// jwtCert on jwt key +type jwtCert struct { + KID string `json:"kid,omitempty"` + Kty string `json:"kty,omitempty"` + Alg string `json:"alg,omitempty"` + Use string `json:"use,omitempty"` + N string `json:"n,omitempty"` + E string `json:"e,omitempty"` +} + +// jwtKeys a list of JwtCerts +type jwtKeys struct { + Keys []jwtCert `json:"keys"` +} + +// downloadPublicKeys download public keys from URL. +func downloadPublicKeys(url string, cas *x509.CertPool) (keyMap map[string]*rsa.PublicKey, err error) { + var body []byte + var certs jwtKeys + var res *http.Response + var pemStr string + + // Init KeyMap + keyMap = map[string]*rsa.PublicKey{} + + // Download the JSON token signing certificates: + client := &http.Client{ + Transport: &http.Transport{ + TLSClientConfig: &tls.Config{ + RootCAs: cas, + }, + }, + } + logrus.Infof("Getting JWK public key from %s", url) + res, err = client.Get(url) + if err != nil { + return + } + + // Try to read the response body. + body, err = ioutil.ReadAll(res.Body) + if err != nil { + return + } + + // Try to parse the response body. + err = json.Unmarshal(body, &certs) + if err != nil { + return + } + + // Convert cert list to map. + for _, c := range certs.Keys { + var pubKey *rsa.PublicKey + + // Try to convert cert to string. + pemStr, err = certToPEM(c) + if err != nil { + return + } + + pubKey, err = jwt.ParseRSAPublicKeyFromPEM([]byte(pemStr)) + if err != nil { + return + } + keyMap[c.KID] = pubKey + } + + return +} + +// certToPEM convert JWT object to PEM +func certToPEM(c jwtCert) (string, error) { + var out bytes.Buffer + + // Check key type. + if c.Kty != "RSA" { + return "", fmt.Errorf("invalid key type: %s", c.Kty) + } + + // Decode the base64 bytes for e and n. + nb, err := base64.RawURLEncoding.DecodeString(c.N) + if err != nil { + return "", err + } + eb, err := base64.RawURLEncoding.DecodeString(c.E) + if err != nil { + return "", err + } + + // Generate new public key + pk := &rsa.PublicKey{ + N: new(big.Int).SetBytes(nb), + E: int(new(big.Int).SetBytes(eb).Int64()), + } + + der, err := x509.MarshalPKIXPublicKey(pk) + if err != nil { + return "", err + } + + block := &pem.Block{ + Type: "RSA PUBLIC KEY", + Bytes: der, + } + + // Output pem as string + err = pem.Encode(&out, block) + if err != nil { + return "", err + } + + return out.String(), nil +} diff --git a/tools/deploy_assisted_installer_configmap.py b/tools/deploy_assisted_installer_configmap.py index 5be5bb9d5..f362eca99 100644 --- a/tools/deploy_assisted_installer_configmap.py +++ b/tools/deploy_assisted_installer_configmap.py @@ -43,6 +43,8 @@ def main(): data = data.replace("REPLACE_PORT", '"{}"'.format(service_port)) data = data.replace("REPLACE_DOMAINS", '"{}"'.format(deploy_options.base_dns_domains)) data = data.replace('REPLACE_NAMESPACE', deploy_options.namespace) + data = data.replace("REPLACE_AUTH_ENABLED_FLAG", '"{}"'.format(os.environ.get("ENABLE_AUTH", "true"))) # TODO(nmagnezi): change default value to false + data = data.replace("REPLACE_JWKS_URL", '"{}"'.format(os.environ.get("JWKS_URL", "https://api.openshift.com/.well-known/jwks.json"))) print("Deploying {}".format(DST_FILE)) versions = {"IMAGE_BUILDER": "installer-image-build", From 0ea17a3a5d8f287a6138cadd56ce8a7606c335da Mon Sep 17 00:00:00 2001 From: Nir Magnezi Date: Tue, 21 Jul 2020 19:16:34 +0300 Subject: [PATCH 4/6] MGMT-733 Auth Handler Unit Tests --- pkg/auth/auth_handler.go | 5 +- pkg/auth/auth_handler_test.go | 289 ++++++++++++++++++++++++++++++++++ pkg/auth/auth_utils.go | 24 ++- 3 files changed, 311 insertions(+), 7 deletions(-) create mode 100644 pkg/auth/auth_handler_test.go diff --git a/pkg/auth/auth_handler.go b/pkg/auth/auth_handler.go index 1d3a26d3f..974987279 100644 --- a/pkg/auth/auth_handler.go +++ b/pkg/auth/auth_handler.go @@ -35,13 +35,14 @@ type AuthHandler struct { CertURL string EnableAuth bool KeyMap map[string]*rsa.PublicKey + utils AUtilsInteface log logrus.FieldLogger } func NewAuthHandler(cfg Config, log logrus.FieldLogger) *AuthHandler { a := &AuthHandler{ EnableAuth: cfg.EnableAuth, - CertURL: cfg.JwkCertURL, + utils: NewAuthUtils(cfg.JwkCertURL), log: log, } err := a.populateKeyMap() @@ -59,7 +60,7 @@ func (a *AuthHandler) populateKeyMap() error { } // Try to read the JWT public key object file. - a.KeyMap, err = downloadPublicKeys(a.CertURL, trustedCAs) + a.KeyMap, err = a.utils.downloadPublicKeys(trustedCAs) return err } diff --git a/pkg/auth/auth_handler_test.go b/pkg/auth/auth_handler_test.go new file mode 100644 index 000000000..847b88b4a --- /dev/null +++ b/pkg/auth/auth_handler_test.go @@ -0,0 +1,289 @@ +package auth + +import ( + "context" + "crypto/rsa" + "crypto/x509" + "net/http" + "net/url" + "testing" + + "github.com/filanov/bm-inventory/client" + clientInstaller "github.com/filanov/bm-inventory/client/installer" + "github.com/google/uuid" + + "github.com/go-openapi/runtime" + "github.com/go-openapi/runtime/middleware" + "github.com/go-openapi/strfmt" + "github.com/stretchr/testify/assert" + + "github.com/filanov/bm-inventory/restapi" + "github.com/filanov/bm-inventory/restapi/operations/installer" + "github.com/sirupsen/logrus" +) + +func NewFakeAuthUtils(url string) AUtilsInteface { + return &fakeAUtils{ + url: url, + } +} + +type fakeAUtils struct { + url string +} + +func (au *fakeAUtils) downloadPublicKeys(cas *x509.CertPool) (keyMap map[string]*rsa.PublicKey, err error) { + return nil, nil +} + +func NewFakeAuthHandler(cfg Config, log logrus.FieldLogger) *AuthHandler { + a := &AuthHandler{ + EnableAuth: cfg.EnableAuth, + utils: NewFakeAuthUtils(cfg.JwkCertURL), + log: log, + } + err := a.populateKeyMap() + if err != nil { + log.Fatalln("Failed to init auth handler,", err) + } + return a +} + +func serv(server *http.Server) { + _ = server.ListenAndServe() +} + +func TestAuth(t *testing.T) { + log := logrus.New() + + agentKey := "X-Secret-Key" + agentKeyValue := "SecretKey" + + userKey := "Authorization" + userKeyValue := "userKey" + + t.Parallel() + tests := []struct { + name string + tokenKey string + expectedTokenValue string + isListOperation bool + enableAuth bool + addHeaders bool + expectedRequestSuccess bool + }{ + { + name: "User Successful Authentication", + tokenKey: userKey, + expectedTokenValue: userKeyValue, + isListOperation: true, + enableAuth: true, + addHeaders: true, + expectedRequestSuccess: true, + }, + { + name: "Fail auth without headers", + tokenKey: agentKey, + expectedTokenValue: agentKeyValue, + isListOperation: false, + enableAuth: true, + addHeaders: false, + expectedRequestSuccess: false, + }, + { + name: "Ignore auth if disabled", + tokenKey: userKey, + expectedTokenValue: userKeyValue, + isListOperation: true, + enableAuth: false, + addHeaders: false, + expectedRequestSuccess: true, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + fakeConfig := Config{ + EnableAuth: tt.enableAuth, + JwkCertURL: "https://api.openshift.com/.well-known/jwks.json", + } + fakeAuthHandler := NewFakeAuthHandler(fakeConfig, log.WithField("pkg", "auth")) + + authAgentAuth := func(token string) (interface{}, error) { + assert.Equal(t, tt.expectedTokenValue, token) + assert.Equal(t, tt.tokenKey, agentKey) + return "user2", nil + } + + authUserAuth := func(token string) (interface{}, error) { + assert.Equal(t, tt.expectedTokenValue, token) + assert.Equal(t, tt.tokenKey, userKey) + return "user1", nil + } + + h, _ := restapi.Handler(restapi.Config{ + AuthAgentAuth: authAgentAuth, + AuthUserAuth: authUserAuth, + APIKeyAuthenticator: fakeAuthHandler.CreateAuthenticator(), + InstallerAPI: fakeInventory{}, + EventsAPI: nil, + Logger: logrus.Printf, + VersionsAPI: nil, + ManagedDomainsAPI: nil, + InnerMiddleware: nil, + }) + + clientAuth := func() runtime.ClientAuthInfoWriter { + return runtime.ClientAuthInfoWriterFunc(func(r runtime.ClientRequest, _ strfmt.Registry) error { + return r.SetHeaderParam(tt.tokenKey, tt.expectedTokenValue) + }) + } + + cfg := client.Config{ + URL: &url.URL{ + Scheme: client.DefaultSchemes[0], + Host: "localhost:8081", + Path: client.DefaultBasePath, + }, + } + if tt.addHeaders { + cfg.AuthInfo = clientAuth() + } + bmclient := client.New(cfg) + + server := &http.Server{Addr: "localhost:8081", Handler: h} + go serv(server) + defer server.Close() + + expectedStatusCode := 401 + if tt.expectedRequestSuccess { + expectedStatusCode = 200 + } + + var e error + if tt.isListOperation { + _, e = bmclient.Installer.ListClusters(context.TODO(), &clientInstaller.ListClustersParams{}) + } else { + id := uuid.New() + _, e = bmclient.Installer.GetCluster(context.TODO(), &clientInstaller.GetClusterParams{ + ClusterID: strfmt.UUID(id.String()), + }) + } + if expectedStatusCode == 200 { + assert.Nil(t, e) + } else { + apierr := e.(*runtime.APIError) + assert.Equal(t, apierr.Code, expectedStatusCode) + + } + }) + } +} + +type fakeInventory struct{} + +func (f fakeInventory) CancelInstallation(ctx context.Context, params installer.CancelInstallationParams) middleware.Responder { + panic("Implement Me!") +} + +func (f fakeInventory) CompleteInstallation(ctx context.Context, params installer.CompleteInstallationParams) middleware.Responder { + panic("Implement Me!") +} + +func (f fakeInventory) DeregisterCluster(ctx context.Context, params installer.DeregisterClusterParams) middleware.Responder { + panic("Implement Me!") +} + +func (f fakeInventory) DeregisterHost(ctx context.Context, params installer.DeregisterHostParams) middleware.Responder { + panic("Implement Me!") +} + +func (f fakeInventory) DisableHost(ctx context.Context, params installer.DisableHostParams) middleware.Responder { + panic("Implement Me!") +} + +func (f fakeInventory) DownloadClusterFiles(ctx context.Context, params installer.DownloadClusterFilesParams) middleware.Responder { + panic("Implement Me!") +} + +func (f fakeInventory) DownloadClusterISO(ctx context.Context, params installer.DownloadClusterISOParams) middleware.Responder { + panic("Implement Me!") +} + +func (f fakeInventory) DownloadClusterKubeconfig(ctx context.Context, params installer.DownloadClusterKubeconfigParams) middleware.Responder { + panic("Implement Me!") +} + +func (f fakeInventory) EnableHost(ctx context.Context, params installer.EnableHostParams) middleware.Responder { + panic("Implement Me!") +} + +func (f fakeInventory) GenerateClusterISO(ctx context.Context, params installer.GenerateClusterISOParams) middleware.Responder { + panic("Implement Me!") +} + +func (f fakeInventory) GetCluster(ctx context.Context, params installer.GetClusterParams) middleware.Responder { + return installer.NewGetClusterOK() +} + +func (f fakeInventory) GetCredentials(ctx context.Context, params installer.GetCredentialsParams) middleware.Responder { + panic("Implement Me!") +} + +func (f fakeInventory) GetFreeAddresses(ctx context.Context, params installer.GetFreeAddressesParams) middleware.Responder { + panic("Implement Me!") +} + +func (f fakeInventory) GetHost(ctx context.Context, params installer.GetHostParams) middleware.Responder { + panic("Implement Me!") +} + +func (f fakeInventory) GetNextSteps(ctx context.Context, params installer.GetNextStepsParams) middleware.Responder { + panic("Implement Me!") +} + +func (f fakeInventory) InstallCluster(ctx context.Context, params installer.InstallClusterParams) middleware.Responder { + panic("Implement Me!") +} + +func (f fakeInventory) ListClusters(ctx context.Context, params installer.ListClustersParams) middleware.Responder { + return installer.NewListClustersOK() +} + +func (f fakeInventory) ListHosts(ctx context.Context, params installer.ListHostsParams) middleware.Responder { + panic("Implement Me!") +} + +func (f fakeInventory) PostStepReply(ctx context.Context, params installer.PostStepReplyParams) middleware.Responder { + panic("Implement Me!") +} + +func (f fakeInventory) RegisterCluster(ctx context.Context, params installer.RegisterClusterParams) middleware.Responder { + panic("Implement Me!") +} + +func (f fakeInventory) RegisterHost(ctx context.Context, params installer.RegisterHostParams) middleware.Responder { + panic("Implement Me!") +} + +func (f fakeInventory) ResetCluster(ctx context.Context, params installer.ResetClusterParams) middleware.Responder { + panic("Implement Me!") +} + +func (f fakeInventory) SetDebugStep(ctx context.Context, params installer.SetDebugStepParams) middleware.Responder { + panic("Implement Me!") +} + +func (f fakeInventory) UpdateCluster(ctx context.Context, params installer.UpdateClusterParams) middleware.Responder { + panic("Implement Me!") +} + +func (f fakeInventory) UpdateHostInstallProgress(ctx context.Context, params installer.UpdateHostInstallProgressParams) middleware.Responder { + panic("Implement Me!") +} + +func (f fakeInventory) UploadClusterIngressCert(ctx context.Context, params installer.UploadClusterIngressCertParams) middleware.Responder { + panic("Implement Me!") +} + +var _ restapi.InstallerAPI = fakeInventory{} diff --git a/pkg/auth/auth_utils.go b/pkg/auth/auth_utils.go index 0ecf19463..0ef1754d4 100644 --- a/pkg/auth/auth_utils.go +++ b/pkg/auth/auth_utils.go @@ -17,6 +17,20 @@ import ( "github.com/sirupsen/logrus" ) +type AUtilsInteface interface { + downloadPublicKeys(cas *x509.CertPool) (map[string]*rsa.PublicKey, error) +} + +func NewAuthUtils(url string) AUtilsInteface { + return &aUtils{ + url: url, + } +} + +type aUtils struct { + url string +} + // jwtCert on jwt key type jwtCert struct { KID string `json:"kid,omitempty"` @@ -33,7 +47,7 @@ type jwtKeys struct { } // downloadPublicKeys download public keys from URL. -func downloadPublicKeys(url string, cas *x509.CertPool) (keyMap map[string]*rsa.PublicKey, err error) { +func (au *aUtils) downloadPublicKeys(cas *x509.CertPool) (keyMap map[string]*rsa.PublicKey, err error) { var body []byte var certs jwtKeys var res *http.Response @@ -50,8 +64,8 @@ func downloadPublicKeys(url string, cas *x509.CertPool) (keyMap map[string]*rsa. }, }, } - logrus.Infof("Getting JWK public key from %s", url) - res, err = client.Get(url) + logrus.Infof("Getting JWK public key from %s", au.url) + res, err = client.Get(au.url) if err != nil { return } @@ -73,7 +87,7 @@ func downloadPublicKeys(url string, cas *x509.CertPool) (keyMap map[string]*rsa. var pubKey *rsa.PublicKey // Try to convert cert to string. - pemStr, err = certToPEM(c) + pemStr, err = au.certToPEM(c) if err != nil { return } @@ -89,7 +103,7 @@ func downloadPublicKeys(url string, cas *x509.CertPool) (keyMap map[string]*rsa. } // certToPEM convert JWT object to PEM -func certToPEM(c jwtCert) (string, error) { +func (au *aUtils) certToPEM(c jwtCert) (string, error) { var out bytes.Buffer // Check key type. From 722273c58b5be42b28ac48301ebd03141b758f4b Mon Sep 17 00:00:00 2001 From: Nir Magnezi Date: Sun, 26 Jul 2020 10:34:21 +0300 Subject: [PATCH 5/6] MGMT-773 Adapt subsystem tests to use Auth --- Makefile | 15 ++- go.mod | 1 + go.sum | 1 + pkg/auth/auth_handler.go | 6 +- pkg/auth/auth_handler_test.go | 28 ++--- pkg/auth/auth_utils.go | 65 ++++++----- subsystem/subsystem_suite_test.go | 22 +++- tools/auth_keys_generator.go | 114 +++++++++++++++++++ tools/deploy_assisted_installer.py | 16 +++ tools/deploy_assisted_installer_configmap.py | 8 +- 10 files changed, 219 insertions(+), 57 deletions(-) create mode 100644 tools/auth_keys_generator.go diff --git a/Makefile b/Makefile index 05af3859b..122e62cf0 100644 --- a/Makefile +++ b/Makefile @@ -118,7 +118,7 @@ deploy-inventory-service-file: deploy-namespace sleep 5; # wait for service to get an address deploy-service-requirements: deploy-namespace deploy-inventory-service-file - python3 ./tools/deploy_assisted_installer_configmap.py --target "$(TARGET)" --domain "$(INGRESS_DOMAIN)" --base-dns-domains "$(BASE_DNS_DOMAINS)" --namespace "$(NAMESPACE)" $(DEPLOY_TAG_OPTION) + python3 ./tools/deploy_assisted_installer_configmap.py --target "$(TARGET)" --domain "$(INGRESS_DOMAIN)" --base-dns-domains "$(BASE_DNS_DOMAINS)" --namespace "$(NAMESPACE)" $(DEPLOY_TAG_OPTION) --enable-auth "$(ENABLE_AUTH)" deploy-service: deploy-namespace deploy-service-requirements deploy-role python3 ./tools/deploy_assisted_installer.py $(DEPLOY_TAG_OPTION) --namespace "$(NAMESPACE)" $(TEST_FLAGS) @@ -130,9 +130,9 @@ deploy-role: deploy-namespace deploy-postgres: deploy-namespace python3 ./tools/deploy_postgres.py --namespace "$(NAMESPACE)" -deploy-test: - export SERVICE=quay.io/ocpmetal/bm-inventory:test && export TEST_FLAGS=--subsystem-test && \ - $(MAKE) update-minikube deploy-all +deploy-test: generate-keys + export SERVICE=quay.io/ocpmetal/bm-inventory:test && export TEST_FLAGS=--subsystem-test && export ENABLE_AUTH="True" \ + && $(MAKE) update-minikube deploy-all ######## # Test # @@ -140,10 +140,15 @@ deploy-test: subsystem-run: test subsystem-clean -test: +generate-keys: + cd tools && rm -f auth-test.json auth-test-pub.json auth-tokenString && go run auth_keys_generator.go + +test: generate-keys INVENTORY=$(shell $(call get_service,bm-inventory) | sed 's/http:\/\///g') \ DB_HOST=$(shell $(call get_service,postgres) | sed 's/http:\/\///g' | cut -d ":" -f 1) \ DB_PORT=$(shell $(call get_service,postgres) | sed 's/http:\/\///g' | cut -d ":" -f 2) \ + TEST_TOKEN="$(shell cat tools/auth-tokenString)" \ + ENABLE_AUTH="true" \ go test -v ./subsystem/... -count=1 -ginkgo.focus=${FOCUS} -ginkgo.v -timeout 20m deploy-olm: deploy-namespace diff --git a/go.mod b/go.mod index 639dc8299..95f7b91c7 100644 --- a/go.mod +++ b/go.mod @@ -36,6 +36,7 @@ require ( github.com/vincent-petithory/dataurl v0.0.0-20191104211930-d1553a71de50 golang.org/x/net v0.0.0-20200707034311-ab3426394381 // indirect golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae // indirect + gopkg.in/square/go-jose.v2 v2.2.2 gopkg.in/yaml.v2 v2.3.0 k8s.io/api v0.17.3 k8s.io/apimachinery v0.17.3 diff --git a/go.sum b/go.sum index c8b89dc1a..2400d4862 100644 --- a/go.sum +++ b/go.sum @@ -697,6 +697,7 @@ gopkg.in/ini.v1 v1.42.0 h1:7N3gPTt50s8GuLortA00n8AqRTk75qOP98+mTPpgzRk= gopkg.in/ini.v1 v1.42.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= +gopkg.in/square/go-jose.v2 v2.2.2 h1:orlkJ3myw8CN1nVQHBFfloD+L3egixIa4FvUP6RosSA= gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= diff --git a/pkg/auth/auth_handler.go b/pkg/auth/auth_handler.go index 974987279..9dce1ad55 100644 --- a/pkg/auth/auth_handler.go +++ b/pkg/auth/auth_handler.go @@ -28,11 +28,11 @@ type AuthPayload struct { type Config struct { EnableAuth bool `envconfig:"ENABLE_AUTH" default:"true"` + JwkCert string `envconfig:"JWKS_CERT"` JwkCertURL string `envconfig:"JWKS_URL" default:"https://api.openshift.com/.well-known/jwks.json"` } type AuthHandler struct { - CertURL string EnableAuth bool KeyMap map[string]*rsa.PublicKey utils AUtilsInteface @@ -42,7 +42,7 @@ type AuthHandler struct { func NewAuthHandler(cfg Config, log logrus.FieldLogger) *AuthHandler { a := &AuthHandler{ EnableAuth: cfg.EnableAuth, - utils: NewAuthUtils(cfg.JwkCertURL), + utils: NewAuthUtils(cfg.JwkCert, cfg.JwkCertURL), log: log, } err := a.populateKeyMap() @@ -60,7 +60,7 @@ func (a *AuthHandler) populateKeyMap() error { } // Try to read the JWT public key object file. - a.KeyMap, err = a.utils.downloadPublicKeys(trustedCAs) + a.KeyMap, err = a.utils.proccessPublicKeys(trustedCAs) return err } diff --git a/pkg/auth/auth_handler_test.go b/pkg/auth/auth_handler_test.go index 847b88b4a..2b5ffd999 100644 --- a/pkg/auth/auth_handler_test.go +++ b/pkg/auth/auth_handler_test.go @@ -7,39 +7,40 @@ import ( "net/http" "net/url" "testing" + "time" "github.com/filanov/bm-inventory/client" clientInstaller "github.com/filanov/bm-inventory/client/installer" - "github.com/google/uuid" - + "github.com/filanov/bm-inventory/restapi" + "github.com/filanov/bm-inventory/restapi/operations/installer" "github.com/go-openapi/runtime" "github.com/go-openapi/runtime/middleware" "github.com/go-openapi/strfmt" - "github.com/stretchr/testify/assert" - - "github.com/filanov/bm-inventory/restapi" - "github.com/filanov/bm-inventory/restapi/operations/installer" + "github.com/google/uuid" "github.com/sirupsen/logrus" + "github.com/stretchr/testify/assert" ) -func NewFakeAuthUtils(url string) AUtilsInteface { +func NewFakeAuthUtils(JwkCert string, JwkCertURL string) AUtilsInteface { return &fakeAUtils{ - url: url, + JwkCert: JwkCert, + JwkCertURL: JwkCertURL, } } type fakeAUtils struct { - url string + JwkCert string + JwkCertURL string } -func (au *fakeAUtils) downloadPublicKeys(cas *x509.CertPool) (keyMap map[string]*rsa.PublicKey, err error) { +func (au *fakeAUtils) proccessPublicKeys(cas *x509.CertPool) (keyMap map[string]*rsa.PublicKey, err error) { return nil, nil } func NewFakeAuthHandler(cfg Config, log logrus.FieldLogger) *AuthHandler { a := &AuthHandler{ EnableAuth: cfg.EnableAuth, - utils: NewFakeAuthUtils(cfg.JwkCertURL), + utils: NewFakeAuthUtils(cfg.JwkCert, cfg.JwkCertURL), log: log, } err := a.populateKeyMap() @@ -60,7 +61,7 @@ func TestAuth(t *testing.T) { agentKeyValue := "SecretKey" userKey := "Authorization" - userKeyValue := "userKey" + userKeyValue := "bearer userKey" t.Parallel() tests := []struct { @@ -105,7 +106,7 @@ func TestAuth(t *testing.T) { t.Run(tt.name, func(t *testing.T) { fakeConfig := Config{ EnableAuth: tt.enableAuth, - JwkCertURL: "https://api.openshift.com/.well-known/jwks.json", + JwkCertURL: "https://api.example.com/.well-known/jwks.json", } fakeAuthHandler := NewFakeAuthHandler(fakeConfig, log.WithField("pkg", "auth")) @@ -154,6 +155,7 @@ func TestAuth(t *testing.T) { server := &http.Server{Addr: "localhost:8081", Handler: h} go serv(server) defer server.Close() + time.Sleep(time.Second * 1) // Allow the server to start expectedStatusCode := 401 if tt.expectedRequestSuccess { diff --git a/pkg/auth/auth_utils.go b/pkg/auth/auth_utils.go index 0ef1754d4..a4a6885c0 100644 --- a/pkg/auth/auth_utils.go +++ b/pkg/auth/auth_utils.go @@ -18,17 +18,19 @@ import ( ) type AUtilsInteface interface { - downloadPublicKeys(cas *x509.CertPool) (map[string]*rsa.PublicKey, error) + proccessPublicKeys(cas *x509.CertPool) (map[string]*rsa.PublicKey, error) } -func NewAuthUtils(url string) AUtilsInteface { +func NewAuthUtils(JwkCert string, JwkCertURL string) AUtilsInteface { return &aUtils{ - url: url, + JwkCert: JwkCert, + JwkCertURL: JwkCertURL, } } type aUtils struct { - url string + JwkCert string + JwkCertURL string } // jwtCert on jwt key @@ -46,8 +48,7 @@ type jwtKeys struct { Keys []jwtCert `json:"keys"` } -// downloadPublicKeys download public keys from URL. -func (au *aUtils) downloadPublicKeys(cas *x509.CertPool) (keyMap map[string]*rsa.PublicKey, err error) { +func (au *aUtils) proccessPublicKeys(cas *x509.CertPool) (keyMap map[string]*rsa.PublicKey, err error) { var body []byte var certs jwtKeys var res *http.Response @@ -56,32 +57,39 @@ func (au *aUtils) downloadPublicKeys(cas *x509.CertPool) (keyMap map[string]*rsa // Init KeyMap keyMap = map[string]*rsa.PublicKey{} - // Download the JSON token signing certificates: - client := &http.Client{ - Transport: &http.Transport{ - TLSClientConfig: &tls.Config{ - RootCAs: cas, + if au.JwkCert != "" { + // Use locally provided Cert + err = json.Unmarshal([]byte(au.JwkCert), &certs) + if err != nil { + return + } + } else { + // Download the JSON token signing certificates: + client := &http.Client{ + Transport: &http.Transport{ + TLSClientConfig: &tls.Config{ + RootCAs: cas, + }, }, - }, - } - logrus.Infof("Getting JWK public key from %s", au.url) - res, err = client.Get(au.url) - if err != nil { - return - } + } + logrus.Infof("Getting JWK public key from %s", au.JwkCertURL) + res, err = client.Get(au.JwkCertURL) + if err != nil { + return + } - // Try to read the response body. - body, err = ioutil.ReadAll(res.Body) - if err != nil { - return - } + // Try to read the response body. + body, err = ioutil.ReadAll(res.Body) + if err != nil { + return + } - // Try to parse the response body. - err = json.Unmarshal(body, &certs) - if err != nil { - return + // Try to parse the response body. + err = json.Unmarshal(body, &certs) + if err != nil { + return + } } - // Convert cert list to map. for _, c := range certs.Keys { var pubKey *rsa.PublicKey @@ -98,7 +106,6 @@ func (au *aUtils) downloadPublicKeys(cas *x509.CertPool) (keyMap map[string]*rsa } keyMap[c.KID] = pubKey } - return } diff --git a/subsystem/subsystem_suite_test.go b/subsystem/subsystem_suite_test.go index 663cfe7ec..84f58638d 100644 --- a/subsystem/subsystem_suite_test.go +++ b/subsystem/subsystem_suite_test.go @@ -5,6 +5,9 @@ import ( "net/url" "testing" + "github.com/go-openapi/runtime" + "github.com/go-openapi/strfmt" + "github.com/filanov/bm-inventory/client" "github.com/jinzhu/gorm" _ "github.com/jinzhu/gorm/dialects/postgres" @@ -21,7 +24,9 @@ var log *logrus.Logger var Options struct { DBHost string `envconfig:"DB_HOST"` DBPort string `envconfig:"DB_PORT"` + EnableAuth bool `envconfig:"ENABLE_AUTH"` InventoryHost string `envconfig:"INVENTORY"` + TestToken string `envconfig:"TEST_TOKEN"` } func init() { @@ -32,14 +37,25 @@ func init() { if err != nil { log.Fatal(err.Error()) } - - bmclient = client.New(client.Config{ + cfg := client.Config{ URL: &url.URL{ Scheme: client.DefaultSchemes[0], Host: Options.InventoryHost, Path: client.DefaultBasePath, }, - }) + } + if Options.EnableAuth { + log.Info("API Key authentication enabled for subsystem tests") + userKey := "Authorization" + userKeyValue := "bearer " + Options.TestToken + clientAuth := func() runtime.ClientAuthInfoWriter { + return runtime.ClientAuthInfoWriterFunc(func(r runtime.ClientRequest, _ strfmt.Registry) error { + return r.SetHeaderParam(userKey, userKeyValue) + }) + } + cfg.AuthInfo = clientAuth() + } + bmclient = client.New(cfg) db, err = gorm.Open("postgres", fmt.Sprintf("host=%s port=%s user=admin dbname=installer password=admin sslmode=disable", diff --git a/tools/auth_keys_generator.go b/tools/auth_keys_generator.go new file mode 100644 index 000000000..24398c7dc --- /dev/null +++ b/tools/auth_keys_generator.go @@ -0,0 +1,114 @@ +package main + +import ( + "crypto" + "crypto/rand" + "crypto/rsa" + "encoding/base32" + "fmt" + "io" + "os" + + "github.com/dgrijalva/jwt-go" + + "gopkg.in/square/go-jose.v2" + "gopkg.in/square/go-jose.v2/json" +) + +func GenKeys(bits int) (crypto.PublicKey, crypto.PrivateKey, error) { + key, err := rsa.GenerateKey(rand.Reader, bits) + if err != nil { + fmt.Printf("RSA Keys Generation error: %v\n", err) + } + return key.Public(), key, err +} + +func GenJSJWKS(privKey crypto.PublicKey, pubKey crypto.PublicKey) ([]byte, []byte, string, error) { + var pubJSJWKS []byte + var privJSJWKS []byte + var err error + + alg := "RS256" + use := "sig" + + //Generate random kid + b := make([]byte, 10) + _, err = rand.Read(b) + if err != nil { + fmt.Printf("Kid Generation error: %v\n", err) + } + kid := base32.StdEncoding.EncodeToString(b) + + // Public and private keys in JWK format + priv := jose.JSONWebKey{Key: privKey, KeyID: kid, Algorithm: alg, Use: use} + pub := jose.JSONWebKey{Key: pubKey, KeyID: kid, Algorithm: alg, Use: use} + privJWKS := jose.JSONWebKeySet{Keys: []jose.JSONWebKey{priv}} + pubJWKS := jose.JSONWebKeySet{Keys: []jose.JSONWebKey{pub}} + + privJSJWKS, err = json.Marshal(privJWKS) + if err != nil { + fmt.Printf("privJSJWKS Marshaling error: %v\n", err) + } + pubJSJWKS, err = json.Marshal(pubJWKS) + if err != nil { + fmt.Printf("pubJSJWKS Marshaling error: %v\n", err) + } + return pubJSJWKS, privJSJWKS, kid, nil +} + +func main() { + //Generate RSA Keypair + pub, priv, _ := GenKeys(2048) + + //Generate keys in JWK format + pubJSJWKS, privJSJWKS, kid, _ := GenJSJWKS(priv, pub) + + token := jwt.NewWithClaims(jwt.SigningMethodRS256, jwt.MapClaims{ + "account_number": "1234567", + "is_internal": false, + "is_active": true, + "account_id": "7654321", + "org_id": "1010101", + "last_name": "Doe", + "type": "User", + "locale": "en_US", + "first_name": "John", + "email": "jdoe123@example.com", + "username": "jdoe123@example.com", + "is_org_admin": false, + "clientId": "1234", + }) + token.Header["kid"] = kid + tokenString, err := token.SignedString(priv) + + if err != nil { + fmt.Printf("Token Signing error: %v\n", err) + } + err = newFile("auth-test-pub.json", pubJSJWKS, 0444) + if err != nil { + fmt.Printf("Failed to write file auth-test-pub.json: %v\n", err) + } + err = newFile("auth-test.json", privJSJWKS, 0400) + if err != nil { + fmt.Printf("Failed to write file auth-test.json: %v\n", err) + } + err = newFile("auth-tokenString", []byte(tokenString), 0400) + if err != nil { + fmt.Printf("Failed to write file auth-tokenString: %v\n", err) + } +} + +func newFile(filename string, data []byte, perm os.FileMode) error { + f, err := os.OpenFile(filename, os.O_WRONLY|os.O_CREATE|os.O_EXCL, perm) + if err != nil { + return err + } + n, err := f.Write(data) + if err == nil && n < len(data) { + err = io.ErrShortWrite + } + if err1 := f.Close(); err == nil { + err = err1 + } + return err +} diff --git a/tools/deploy_assisted_installer.py b/tools/deploy_assisted_installer.py index 1e98738f0..b69a265f2 100644 --- a/tools/deploy_assisted_installer.py +++ b/tools/deploy_assisted_installer.py @@ -7,10 +7,22 @@ SRC_FILE = os.path.join(os.getcwd(), "deploy/bm-inventory.yaml") DST_FILE = os.path.join(os.getcwd(), "build/bm-inventory.yaml") +KEY_FILE = os.path.join(os.getcwd(), "tools/auth-test-pub.json") TEST_CLUSTER_MONITOR_INTERVAL = "1s" TEST_HOST_MONITOR_INTERVAL = "1s" + +def load_key(): + try: + with open(KEY_FILE, "r") as f: + return f.read() + except Exception as e: + print("Got exception {}, when tried to read key file at {}." + "Make sure you used tools/auth_keys_generator.go before running subsystem tests".format(e, KEY_FILE)) + return "" + + def main(): parser = argparse.ArgumentParser() parser.add_argument("--subsystem-test", help='deploy in subsystem mode', action='store_true') @@ -29,6 +41,10 @@ def main(): data["spec"]["template"]["spec"]["containers"][0]["env"] = [] data["spec"]["template"]["spec"]["containers"][0]["env"].append({'name':'CLUSTER_MONITOR_INTERVAL', 'value': TEST_CLUSTER_MONITOR_INTERVAL}) data["spec"]["template"]["spec"]["containers"][0]["env"].append({'name':'HOST_MONITOR_INTERVAL', 'value': TEST_HOST_MONITOR_INTERVAL}) + data["spec"]["template"]["spec"]["containers"][0]["env"].append({'name':'TEST_API_AUTH_CERT', 'value': TEST_HOST_MONITOR_INTERVAL}) + data["spec"]["template"]["spec"]["containers"][0]["env"].append({'name':'JWKS_CERT', 'value': load_key()}) + + data["spec"]["template"]["spec"]["containers"][0]["imagePullPolicy"] = "Never" else: data["spec"]["template"]["spec"]["containers"][0]["imagePullPolicy"] = "Always" diff --git a/tools/deploy_assisted_installer_configmap.py b/tools/deploy_assisted_installer_configmap.py index f362eca99..f30afc4d6 100644 --- a/tools/deploy_assisted_installer_configmap.py +++ b/tools/deploy_assisted_installer_configmap.py @@ -22,6 +22,8 @@ def handle_arguments(): parser.add_argument("--target") parser.add_argument("--domain") parser.add_argument("--base-dns-domains") + parser.add_argument("--enable-auth", default="False") + parser.add_argument("--jwks-url", default="https://api.openshift.com/.well-known/jwks.json") return deployment_options.load_deployment_options(parser) @@ -43,10 +45,8 @@ def main(): data = data.replace("REPLACE_PORT", '"{}"'.format(service_port)) data = data.replace("REPLACE_DOMAINS", '"{}"'.format(deploy_options.base_dns_domains)) data = data.replace('REPLACE_NAMESPACE', deploy_options.namespace) - data = data.replace("REPLACE_AUTH_ENABLED_FLAG", '"{}"'.format(os.environ.get("ENABLE_AUTH", "true"))) # TODO(nmagnezi): change default value to false - data = data.replace("REPLACE_JWKS_URL", '"{}"'.format(os.environ.get("JWKS_URL", "https://api.openshift.com/.well-known/jwks.json"))) - print("Deploying {}".format(DST_FILE)) - + data = data.replace('REPLACE_AUTH_ENABLED_FLAG', '"{}"'.format(deploy_options.enable_auth)) + data = data.replace('REPLACE_JWKS_URL', deploy_options.jwks_url) versions = {"IMAGE_BUILDER": "installer-image-build", "AGENT_DOCKER_IMAGE": "agent", "KUBECONFIG_GENERATE_IMAGE": "ignition-manifests-and-kubeconfig-generate", From 2f99a1c67cc4c5cf05361dfc3fc1b830fac268ac Mon Sep 17 00:00:00 2001 From: Fred Rolland Date: Mon, 20 Jul 2020 14:20:48 +0300 Subject: [PATCH 6/6] OCM Auth --- Makefile | 2 +- cmd/main.go | 13 ++- deploy/assisted-installer-sso.yaml | 11 +++ deploy/bm-inventory-configmap.yaml | 4 +- deploy/bm-inventory.yaml | 10 ++ go.mod | 16 +-- go.sum | 152 +++++++++++++++-------------- openshift/template.yaml | 10 ++ pkg/auth/auth_handler.go | 18 +++- pkg/ocm/client.go | 77 +++++++++++++++ pkg/ocm/pullsecret_auth.go | 57 +++++++++++ tools/deploy_sso_secret.py | 21 ++++ 12 files changed, 300 insertions(+), 91 deletions(-) create mode 100644 deploy/assisted-installer-sso.yaml create mode 100644 pkg/ocm/client.go create mode 100644 pkg/ocm/pullsecret_auth.go create mode 100644 tools/deploy_sso_secret.py diff --git a/Makefile b/Makefile index 122e62cf0..2ae2eaab8 100644 --- a/Makefile +++ b/Makefile @@ -28,7 +28,7 @@ lint: golangci-lint run -v .PHONY: build -build: lint unit-test build-minimal +build: unit-test build-minimal build-minimal: create-build-dir CGO_ENABLED=0 go build -o $(BUILD_FOLDER)/bm-inventory cmd/main.go diff --git a/cmd/main.go b/cmd/main.go index 30b27be73..ad57dcc85 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -29,6 +29,7 @@ import ( "github.com/filanov/bm-inventory/pkg/auth" "github.com/filanov/bm-inventory/pkg/db" "github.com/filanov/bm-inventory/pkg/job" + "github.com/filanov/bm-inventory/pkg/ocm" "github.com/filanov/bm-inventory/pkg/requestid" awsS3Client "github.com/filanov/bm-inventory/pkg/s3Client" "github.com/filanov/bm-inventory/pkg/s3wrapper" @@ -66,6 +67,7 @@ var Options struct { ImageExpirationInterval time.Duration `envconfig:"IMAGE_EXPIRATION_INTERVAL" default:"30m"` ImageExpirationTime time.Duration `envconfig:"IMAGE_EXPIRATION_TIME" default:"60m"` ClusterConfig cluster.Config + OCMConfig ocm.Config } func main() { @@ -121,7 +123,15 @@ func main() { if err = db.AutoMigrate(&models.Host{}, &common.Cluster{}, &events.Event{}).Error; err != nil { log.Fatal("failed to auto migrate, ", err) } - authHandler := auth.NewAuthHandler(Options.Auth, log.WithField("pkg", "auth")) + + ocmClient, err := ocm.NewClient(Options.OCMConfig) + + if err != nil { + log.Warn("Failed to Create OCM Client,", err) + } + + authHandler := auth.NewAuthHandler(Options.Auth, ocmClient, log.WithField("pkg", "auth")) + versionHandler := versions.NewHandler(Options.Versions) domainHandler := domains.NewHandler(Options.BMConfig.BaseDNSDomains) eventsHandler := events.New(db, log.WithField("pkg", "events")) @@ -168,6 +178,7 @@ func main() { } else { log.Info("Disabled image expiration monitor") } + h, err := restapi.Handler(restapi.Config{ AuthAgentAuth: authHandler.AuthAgentAuth, AuthUserAuth: authHandler.AuthUserAuth, diff --git a/deploy/assisted-installer-sso.yaml b/deploy/assisted-installer-sso.yaml new file mode 100644 index 000000000..15e608634 --- /dev/null +++ b/deploy/assisted-installer-sso.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Secret +metadata: + name: assisted-installer-sso + namespace: REPLACE_NAMESPACE + labels: + app: bm-inventory +type: Opaque +stringData: + ocm-service.clientId: "" + ocm-service.clientSecret: "" diff --git a/deploy/bm-inventory-configmap.yaml b/deploy/bm-inventory-configmap.yaml index 42268903d..1efab8c72 100644 --- a/deploy/bm-inventory-configmap.yaml +++ b/deploy/bm-inventory-configmap.yaml @@ -13,4 +13,6 @@ data: OPENSHIFT_INSTALL_RELEASE_IMAGE: "quay.io/openshift-release-dev/ocp-release@sha256:eab93b4591699a5a4ff50ad3517892653f04fb840127895bb3609b3cc68f98f3" CREATE_S3_BUCKET: "true" ENABLE_AUTH: REPLACE_AUTH_ENABLED_FLAG - JWKS_URL: REPLACE_JWKS_URL # example https://example.com/.well-known/jwks.json \ No newline at end of file + JWKS_URL: REPLACE_JWKS_URL # example https://example.com/.well-known/jwks.json + OCM_BASE_URL: "https://api-integration.6943.hive-integration.openshiftapps.com" + OCM_DEBUG: "false" diff --git a/deploy/bm-inventory.yaml b/deploy/bm-inventory.yaml index bfd9cac09..a60446596 100644 --- a/deploy/bm-inventory.yaml +++ b/deploy/bm-inventory.yaml @@ -80,6 +80,16 @@ spec: secretKeyRef: key: endpoint name: assisted-installer-s3 + - name: OCM_SERVICE_CLIENT_ID + valueFrom: + secretKeyRef: + key: ocm-service.clientId + name: assisted-installer-sso + - name: OCM_SERVICE_CLIENT_SECRET + valueFrom: + secretKeyRef: + key: ocm-service.clientSecret + name: assisted-installer-sso volumeMounts: - name: route53-creds mountPath: "/.aws" diff --git a/go.mod b/go.mod index 95f7b91c7..ffe8a5b34 100644 --- a/go.mod +++ b/go.mod @@ -25,6 +25,7 @@ require ( github.com/onsi/ginkgo v1.14.0 github.com/onsi/gomega v1.10.1 github.com/opencontainers/go-digest v1.0.0 // indirect + github.com/openshift-online/ocm-sdk-go v0.1.116 github.com/ory/dockertest/v3 v3.6.0 github.com/pborman/uuid v1.2.0 github.com/pkg/errors v0.9.1 @@ -33,19 +34,12 @@ require ( github.com/slok/go-http-metrics v0.8.0 github.com/stretchr/testify v1.6.1 github.com/thoas/go-funk v0.6.0 - github.com/vincent-petithory/dataurl v0.0.0-20191104211930-d1553a71de50 golang.org/x/net v0.0.0-20200707034311-ab3426394381 // indirect golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae // indirect gopkg.in/square/go-jose.v2 v2.2.2 gopkg.in/yaml.v2 v2.3.0 - k8s.io/api v0.17.3 - k8s.io/apimachinery v0.17.3 - k8s.io/client-go v11.0.0+incompatible - sigs.k8s.io/controller-runtime v0.5.0 -) - -replace ( - k8s.io/cli-runtime => k8s.io/cli-runtime v0.0.0-20191016114015-74ad18325ed5 - k8s.io/client-go => k8s.io/client-go v0.0.0-20191016111102-bec269661e48 - + k8s.io/api v0.18.5 + k8s.io/apimachinery v0.18.5 + k8s.io/client-go v0.18.5 + sigs.k8s.io/controller-runtime v0.6.1 ) diff --git a/go.sum b/go.sum index 2400d4862..d35149479 100644 --- a/go.sum +++ b/go.sum @@ -13,12 +13,12 @@ github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxB github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc= github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/Microsoft/go-winio v0.4.14 h1:+hMXMk01us9KgxGb7ftKQt2Xpf5hH/yky+TDA+qxleU= github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw= github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk= +github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/purell v1.1.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tNFfI= @@ -28,7 +28,6 @@ github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/agnivade/levenshtein v1.0.1/go.mod h1:CURSv5d9Uaml+FovSIICkLbAUZ9S4RqaHDIsdSBg7lM= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= -github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 h1:JYp7IbQjafoB+tBA3gMyHYHrpOtNuDiK/uB5uXxq5wM= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= @@ -37,7 +36,6 @@ github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk5 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= -github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a h1:idn718Q4B6AGu/h5Sxe66HYVdqdGu2l9Iebqhi/AEoA= github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/asaskevich/govalidator v0.0.0-20200108200545-475eaeb16496/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg= github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 h1:4daAzAu0S6Vi7/lbWECcX0j45yZReDZ56BQsrVBOEEY= @@ -50,10 +48,12 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= github.com/blang/semver v3.5.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= -github.com/cenkalti/backoff/v3 v3.0.0 h1:ske+9nBpD9qZsTBoF41nW5L+AIuFBKMeze18XQ3eG1c= github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs= github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M= github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs= +github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= +github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= @@ -75,7 +75,6 @@ github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7Do github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/danielerez/go-dns-client v0.0.0-20200630114514-0b60d1703f0b h1:3Mkb/I9NauxsrV6kc6DaP3MspFFHsi06kA6jL8L8iBc= github.com/danielerez/go-dns-client v0.0.0-20200630114514-0b60d1703f0b/go.mod h1:2l39JZ3DOxVtByPDmp0Zhh4xS7603UHmeRtLCKzqQdQ= -github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -83,7 +82,7 @@ github.com/denisenkom/go-mssqldb v0.0.0-20191124224453-732737034ffd h1:83Wprp6RO github.com/denisenkom/go-mssqldb v0.0.0-20191124224453-732737034ffd/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU= github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= -github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0 h1:w3NnFcKR5241cfmQU5ZZAsf0xcpId6mWOupTvJlUX2U= +github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ= github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= @@ -94,10 +93,12 @@ github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZ github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= -github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= +github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.12.0+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= +github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/erikstmartin/go-testdb v0.0.0-20160219214506-8d10e4a1bae5 h1:Yzb9+7DPaBjB8zlTR87/ElzFsnQfuHnVUVqpZZIcV5Y= github.com/erikstmartin/go-testdb v0.0.0-20160219214506-8d10e4a1bae5/go.mod h1:a2zkGnVExMxdzMo3M0Hi/3sEU+cWnZpSni0O6/Yb/P0= github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= @@ -228,13 +229,15 @@ github.com/gobuffalo/packr/v2 v2.2.0/go.mod h1:CaAwI0GPIAv+5wKLtv8Afwl+Cm78K/I/V github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= -github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d h1:3PaI8p3seN09VjbTYC/QWlUZdZ1qS1zGjy7LH2Wt07I= -github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= +github.com/gogo/protobuf v1.3.1 h1:DqDEcV5aeaTmdFBePNpYsp3FlcVH/2ISVVM9Qf8PSls= +github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe h1:lXe2qZdvpiX5WZkZR4hgp4KJVfY3nMkvmwbVkpv1rVY= github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0= +github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20180513044358-24b0969c4cb7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6 h1:ZgQEtGgCBiWRM39fZuwSd1LwSqqSW0hOdXCYYDX0R3I= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.2.0 h1:28o5sBqPkBsMGnC6b4MvE2TzSr5/AT4c/1fLqVGIwlk= @@ -259,9 +262,9 @@ github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI= -github.com/google/gofuzz v1.0.0 h1:A8PeW59pxE9IoFRqBp37U+mSNaQoZ46F1f0f863XSXw= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g= +github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -269,6 +272,7 @@ github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= +github.com/googleapis/gnostic v0.1.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= github.com/googleapis/gnostic v0.3.1 h1:WeAefnSUHlBb0iJKwxFDZdbfGwkd7xRNuV+IpXMJhYk= github.com/googleapis/gnostic v0.3.1/go.mod h1:on+2t9HRStVgn95RSsFWFz+6Q0Snyqv1awfrALZdbtU= github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8= @@ -276,17 +280,21 @@ github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGa github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= -github.com/gregjones/httpcache v0.0.0-20170728041850-787624de3eb7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= +github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= +github.com/grokify/html-strip-tags-go v0.0.0-20200322061010-ea0c1cf2f119 h1:h3iGUlU8HyW4baKd6D+h1mwOHnM2kwskSuG6Bv4tSbc= +github.com/grokify/html-strip-tags-go v0.0.0-20200322061010-ea0c1cf2f119/go.mod h1:2Su6romC5/1VXOQMaWL2yb618ARB8iVo6/DR99A6d78= github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc= +github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28= -github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= +github.com/imdario/mergo v0.3.9 h1:UauaLniWCFHWd+Jp9oCEkTBj8VO/9DKg3PV3VCNMDIg= +github.com/imdario/mergo v0.3.9/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/jinzhu/gorm v1.9.12 h1:Drgk1clyWT9t9ERbzHza6Mj/8FY/CqMyVzOiHviMo6Q= github.com/jinzhu/gorm v1.9.12/go.mod h1:vhTjlKSJUTWNtcbQtrMBFCxy7eXTzeCAzfL5fBZT/Qs= @@ -298,12 +306,12 @@ github.com/jmespath/go-jmespath v0.3.0 h1:OS12ieG61fsCg5+qLJ+SsW9NicxNkg3b25OyT2 github.com/jmespath/go-jmespath v0.3.0/go.mod h1:9QtRXoHjLGCJ5IBSaohpXITPlowMeeYCZ7fLUTSywik= github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= -github.com/json-iterator/go v0.0.0-20180612202835-f2b4162afba3/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.9 h1:9yzud/Ht36ygwatGx56VwCZtlI/2AD15T1X2sjSuGns= github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/json-iterator/go v1.1.10 h1:Kz6Cvnvv2wGdaG/V8yMvfkmNiXq9Ya2KUv4rouJJr68= +github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= @@ -369,7 +377,6 @@ github.com/mitchellh/mapstructure v1.3.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RR github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/reflect2 v0.0.0-20180320133207-05fbef0ca5da/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= @@ -382,20 +389,18 @@ github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWb github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= +github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.14.0 h1:2mOpI4JVVPBN+WQRa0WKH2eXR+Ey+uK4n7Zj0aYpIQA= github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= -github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= -github.com/onsi/gomega v1.8.1/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA= github.com/onsi/gomega v1.10.1 h1:o0+MgICZLuZ7xjH7Vx6zS/zcu93/BEp1VwkIW1mEXCE= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= @@ -405,6 +410,8 @@ github.com/opencontainers/image-spec v1.0.1 h1:JMemWkRwHx4Zj+fVxWoMCFm/8sYGGrUVo github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/opencontainers/runc v1.0.0-rc9 h1:/k06BMULKF5hidyoZymkoDCzdJzltZpz/UU4LguQVtc= github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= +github.com/openshift-online/ocm-sdk-go v0.1.116 h1:/OGBuoLZA4DELtawpbIVX58Rn9n9S2iFCgdBJy2KTEw= +github.com/openshift-online/ocm-sdk-go v0.1.116/go.mod h1:BBF7bNkfHkkVwKolft9AsbYXJBsFiSOFQ6bLSedQby0= github.com/ory/dockertest/v3 v3.6.0 h1:I6KNJ6izxGduLACQii2SP/g7GN0JM9Xfaik6aAVaw6Y= github.com/ory/dockertest/v3 v3.6.0/go.mod h1:4ZOpj8qBUmh8fcBSVzkH2bws2s91JdGvHUqan4GHEuQ= github.com/pborman/uuid v1.2.0 h1:J7Q5mO4ysT1dv8hyrUGHb9+ooztCXu1D8MY8DZYsu3g= @@ -417,29 +424,34 @@ github.com/pkg/errors v0.8.1-0.20171018195549-f15c970de5b7/go.mod h1:bwawxfHBFNV github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.2/go.mod h1:OsXs2jCmiKlQ1lTBmv21f2mNfw4xf/QclQDMrYNZzcM= +github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.6.0 h1:YVPodQOcK15POxhgARIvnDRVpLcuK8mglnMrWfyrw6A= github.com/prometheus/client_golang v1.6.0/go.mod h1:ZLOG9ck3JLRdB5MgO8f+lLTe83AXG6ro35rLTxvnIl4= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.0.0-20181126121408-4724e9255275/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= +github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.9.1 h1:KOMtN28tlbam3/7ZKEYKHhKoJZYYj3gMH4uc62x7X7U= github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20181204211112-1dc9a6cbc91a/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= +github.com/prometheus/procfs v0.0.0-20190516194456-169873baca24/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.11 h1:DhHlBtkHWPYi8O2y31JkK0TF+DGM+51OopZjH/Ia5qI= github.com/prometheus/procfs v0.0.11/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= -github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M= +github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= @@ -461,6 +473,7 @@ github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1 github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a h1:pa8hGb/2YqsZKovtsgrwcDH1RZhVbTKCjLp47XpqCDs= github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= +github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= @@ -479,7 +492,6 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.2.0 h1:Hbg2NidpLE8veEBkEZTL3CvlkUIVzuU9jDplZO54c48= github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= -github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= @@ -501,12 +513,12 @@ github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyC github.com/valyala/fasttemplate v1.0.1/go.mod h1:UQGH1tvbgY+Nz5t2n7tXsz52dQxojPUpymEIMZ47gx8= github.com/valyala/fasttemplate v1.1.0/go.mod h1:UQGH1tvbgY+Nz5t2n7tXsz52dQxojPUpymEIMZ47gx8= github.com/vektah/gqlparser v1.1.2/go.mod h1:1ycwN7Ij5njmMkPPAOaRFY4rET2Enx7IkVv3vaXspKw= -github.com/vincent-petithory/dataurl v0.0.0-20191104211930-d1553a71de50 h1:uxE3GYdXIOfhMv3unJKETJEhw78gvzuQqRX/rVirc2A= -github.com/vincent-petithory/dataurl v0.0.0-20191104211930-d1553a71de50/go.mod h1:FHafX5vmDzyP+1CQATJn7WFKc9CvnvxyvZy6I1MrG/U= github.com/xdg/scram v0.0.0-20180814205039-7eeb5667e42c/go.mod h1:lB8K/P019DLNhemzwFU4jHLhdvlE6uDZjXFejJXr49I= github.com/xdg/stringprep v0.0.0-20180714160509-73f8eece6fdc/go.mod h1:Jhud4/sHMO4oL310DaZAKk9ZaJ08SJfe+sJh0HrGL1Y= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= +gitlab.com/c0b/go-ordered-json v0.0.0-20171130231205-49bbdab258c2 h1:M+r1hdmjZc4L4SCn0ZIq/5YQIRxprV+kOf7n7f04l5o= +gitlab.com/c0b/go-ordered-json v0.0.0-20171130231205-49bbdab258c2/go.mod h1:NREvu3a57BaK0R1+ztrEzHWiZAihohNLQ6trPxlIqZI= go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg= go.mongodb.org/mongo-driver v1.0.3/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= @@ -517,8 +529,9 @@ go.mongodb.org/mongo-driver v1.3.4 h1:zs/dKNwX0gYUtzwrN9lLiR15hCO0nDwQj5xXx+vjCd go.mongodb.org/mongo-driver v1.3.4/go.mod h1:MSWZXKOynuguX+JSvwP8i+58jYCXxbia8HS3gZBapIE= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.uber.org/atomic v1.3.2 h1:2Oa65PReHzfn29GpvgsYwloV9AVFHPDk8tYxt2c2tr4= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= +go.uber.org/atomic v1.4.0 h1:cxzIVoETapQEqDhQu3QfnvXAV4AlzcvUCxkVUFw3+EU= +go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/multierr v1.1.0 h1:HoEmRHQPVSqub6w2z2d2EOVs2fjyFRGyofhKuyDq0QI= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/zap v1.10.0 h1:ORx85nbTijNz8ljznvCMR1ZBIPKFn3jQrag10X2AsuM= @@ -536,20 +549,16 @@ golang.org/x/crypto v0.0.0-20190513172903-22d7a77e9e5f/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20190530122614-20be4c3c3ed5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190617133340-57b3e21c3d56/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191205180655-e7c4368fe9dd/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200221231518-2aa609cf4a9d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190312203227-4b39c73a6495/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= -golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -566,7 +575,6 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190812203447-cdfb69ac37fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191003171128-d98b1b443823/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -598,7 +606,6 @@ golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20190209173611-3b5209105503/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190321052220-f7bb7a8bee54/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -612,6 +619,7 @@ golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -625,8 +633,9 @@ golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 h1:SvFZT6jyqRaOeXpc5h/JSfZenJ2O330aBsf7JfSUXmQ= @@ -637,10 +646,8 @@ golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGm golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190125232054-d66bd3c5d5a6/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190206041539-40960b6deb8e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190329151228-23e29df326fe/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= @@ -655,10 +662,8 @@ golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +gomodules.xyz/jsonpatch/v2 v2.0.1 h1:xyiBuvkD2g5n7cYzx6u2sxQvsAy4QJsZFCzGVdzOXZ0= gomodules.xyz/jsonpatch/v2 v2.0.1/go.mod h1:IhYNNY4jnS53ZnfE4PAmpKtDpTCj1JFXc+3mwe7XcUU= -gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485/go.mod h1:2ltnJ7xHfj0zHS40VVPYEAAMTa3ZGguvHGBSJeRWqE0= -gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw= -gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e/go.mod h1:kS+toOQn6AQKjmKJ7gzohV1XkqsFehRA2FbsbkopSuQ= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -668,10 +673,12 @@ google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoA google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= +google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -690,7 +697,6 @@ gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qS gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo= -gopkg.in/inf.v0 v0.9.0/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.42.0 h1:7N3gPTt50s8GuLortA00n8AqRTk75qOP98+mTPpgzRk= @@ -721,41 +727,39 @@ gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.0.0-20191016110408-35e52d86657a/go.mod h1:/L5qH+AD540e7Cetbui1tuJeXdmNhO8jM6VkXeDdDhQ= -k8s.io/api v0.17.2/go.mod h1:BS9fjjLc4CMuqfSO8vgbHPKMt5+SF0ET6u/RVDihTo4= -k8s.io/api v0.17.3 h1:XAm3PZp3wnEdzekNkcmj/9Y1zdmQYJ1I4GKSBBZ8aG0= -k8s.io/api v0.17.3/go.mod h1:YZ0OTkuw7ipbe305fMpIdf3GLXZKRigjtZaV5gzC2J0= -k8s.io/apiextensions-apiserver v0.17.2 h1:cP579D2hSZNuO/rZj9XFRzwJNYb41DbNANJb6Kolpss= -k8s.io/apiextensions-apiserver v0.17.2/go.mod h1:4KdMpjkEjjDI2pPfBA15OscyNldHWdBCfsWMDWAmSTs= -k8s.io/apimachinery v0.0.0-20191004115801-a2eda9f80ab8/go.mod h1:llRdnznGEAqC3DcNm6yEj472xaFVfLM7hnYofMb12tQ= -k8s.io/apimachinery v0.17.2/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZg= -k8s.io/apimachinery v0.17.3 h1:f+uZV6rm4/tHE7xXgLyToprg6xWairaClGVkm2t8omg= -k8s.io/apimachinery v0.17.3/go.mod h1:gxLnyZcGNdZTCLnq3fgzyg2A5BVCHTNDFrw8AmuJ+0g= -k8s.io/apiserver v0.17.2/go.mod h1:lBmw/TtQdtxvrTk0e2cgtOxHizXI+d0mmGQURIHQZlo= -k8s.io/client-go v0.0.0-20191016111102-bec269661e48 h1:C2XVy2z0dV94q9hSSoCuTPp1KOG7IegvbdXuz9VGxoU= -k8s.io/client-go v0.0.0-20191016111102-bec269661e48/go.mod h1:hrwktSwYGI4JK+TJA3dMaFyyvHVi/aLarVHpbs8bgCU= -k8s.io/code-generator v0.17.2/go.mod h1:DVmfPQgxQENqDIzVR2ddLXMH34qeszkKSdH/N+s+38s= -k8s.io/component-base v0.17.2/go.mod h1:zMPW3g5aH7cHJpKYQ/ZsGMcgbsA/VyhEugF3QT1awLs= +k8s.io/api v0.18.4/go.mod h1:lOIQAKYgai1+vz9J7YcDZwC26Z0zQewYOGWdyIPUUQ4= +k8s.io/api v0.18.5 h1:fKbCxr+U3fu7k6jB+QeYPD/c6xKYeSJ2KVWmyUypuWM= +k8s.io/api v0.18.5/go.mod h1:tN+e/2nbdGKOAH55NMV8oGrMG+3uRlA9GaRfvnCCSNk= +k8s.io/apiextensions-apiserver v0.18.4 h1:Y3HGERmS8t9u12YNUFoOISqefaoGRuTc43AYCLzWmWE= +k8s.io/apiextensions-apiserver v0.18.4/go.mod h1:NYeyeYq4SIpFlPxSAB6jHPIdvu3hL0pc36wuRChybio= +k8s.io/apimachinery v0.18.4/go.mod h1:OaXp26zu/5J7p0f92ASynJa1pZo06YlV9fG7BoWbCko= +k8s.io/apimachinery v0.18.5 h1:Lh6tgsM9FMkC12K5T5QjRm7rDs6aQN5JHkA0JomULDM= +k8s.io/apimachinery v0.18.5/go.mod h1:OaXp26zu/5J7p0f92ASynJa1pZo06YlV9fG7BoWbCko= +k8s.io/apiserver v0.18.4/go.mod h1:q+zoFct5ABNnYkGIaGQ3bcbUNdmPyOCoEBcg51LChY8= +k8s.io/client-go v0.18.4/go.mod h1:f5sXwL4yAZRkAtzOxRWUhA/N8XzGCb+nPZI8PfobZ9g= +k8s.io/client-go v0.18.5 h1:cLhGZdOmyPhwtt20Lrb7uAqxxB1uvY+NTmNJvno1oKA= +k8s.io/client-go v0.18.5/go.mod h1:EsiD+7Fx+bRckKWZXnAXRKKetm1WuzPagH4iOSC8x58= +k8s.io/code-generator v0.18.4/go.mod h1:TgNEVx9hCyPGpdtCWA34olQYLkh3ok9ar7XfSsr8b6c= +k8s.io/component-base v0.18.4/go.mod h1:7jr/Ef5PGmKwQhyAz/pjByxJbC58mhKAhiaDu0vXfPk= k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= -k8s.io/gengo v0.0.0-20190822140433-26a664648505/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= +k8s.io/gengo v0.0.0-20200114144118-36b2048a9120/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= -k8s.io/klog v0.4.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8= k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= -k8s.io/kube-openapi v0.0.0-20190816220812-743ec37842bf/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E= -k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E= -k8s.io/utils v0.0.0-20190801114015-581e00157fb1/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= -k8s.io/utils v0.0.0-20191114184206-e782cd3c129f h1:GiPwtSzdP43eI1hpPCbROQCCIgCuiMMNF8YUVLF3vJo= -k8s.io/utils v0.0.0-20191114184206-e782cd3c129f/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= -modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw= -modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk= -modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k= -modernc.org/strutil v1.0.0/go.mod h1:lstksw84oURvj9y3tn8lGvRxyRC1S2+g5uuIzNfIOBs= -modernc.org/xc v1.0.0/go.mod h1:mRNCo0bvLjGhHO9WsyuKVU4q0ceiDDDoEeWDJHrNx8I= -sigs.k8s.io/controller-runtime v0.5.0 h1:CbqIy5fbUX+4E9bpnBFd204YAzRYlM9SWW77BbrcDQo= -sigs.k8s.io/controller-runtime v0.5.0/go.mod h1:REiJzC7Y00U+2YkMbT8wxgrsX5USpXKGhb2sCtAXiT8= -sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI= -sigs.k8s.io/structured-merge-diff v1.0.1-0.20191108220359-b1b620dd3f06/go.mod h1:/ULNhyfzRopfcjskuui0cTITekDduZ7ycKN3oUT9R18= -sigs.k8s.io/yaml v1.1.0 h1:4A07+ZFc2wgJwo8YNlQpr1rVlgUDlxXHhPJciaPY5gs= +k8s.io/klog/v2 v2.0.0 h1:Foj74zO6RbjjP4hBEKjnYtjjAhGg4jNynUdYF6fJrok= +k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= +k8s.io/kube-openapi v0.0.0-20200410145947-61e04a5be9a6 h1:Oh3Mzx5pJ+yIumsAD0MOECPVeXsVot0UkiaCGVyfGQY= +k8s.io/kube-openapi v0.0.0-20200410145947-61e04a5be9a6/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E= +k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= +k8s.io/utils v0.0.0-20200603063816-c1c6865ac451 h1:v8ud2Up6QK1lNOKFgiIVrZdMg7MpmSnvtrOieolJKoE= +k8s.io/utils v0.0.0-20200603063816-c1c6865ac451/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.7/go.mod h1:PHgbrJT7lCHcxMU+mDHEm+nx46H4zuuHZkDP6icnhu0= +sigs.k8s.io/controller-runtime v0.6.1 h1:LcK2+nk0kmaOnKGN+vBcWHqY5WDJNJNB/c5pW+sU8fc= +sigs.k8s.io/controller-runtime v0.6.1/go.mod h1:XRYBPdbf5XJu9kpS84VJiZ7h/u1hF3gEORz0efEja7A= +sigs.k8s.io/structured-merge-diff/v3 v3.0.0-20200116222232-67a7b8c61874/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw= +sigs.k8s.io/structured-merge-diff/v3 v3.0.0 h1:dOmIZBMfhcHS09XZkMyUgkq5trg3/jRyJYFZUiaOp8E= +sigs.k8s.io/structured-merge-diff/v3 v3.0.0/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= +sigs.k8s.io/yaml v1.2.0 h1:kr/MCeFWJWTwyaHoR9c8EjH9OumOmoF9YGiZd7lFm/Q= +sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= diff --git a/openshift/template.yaml b/openshift/template.yaml index 3291499aa..51861cd3c 100644 --- a/openshift/template.yaml +++ b/openshift/template.yaml @@ -100,6 +100,16 @@ objects: secretKeyRef: key: db.user name: assisted-installer-rds + - name: OCM_SERVICE_CLIENT_ID + valueFrom: + secretKeyRef: + key: ocm-service.clientId + name: assisted-installer-sso + - name: OCM_SERVICE_CLIENT_SECRET + valueFrom: + secretKeyRef: + key: ocm-service.clientSecret + name: assisted-installer-sso - name: IMAGE_BUILDER_CMD value: "" - apiVersion: v1 diff --git a/pkg/auth/auth_handler.go b/pkg/auth/auth_handler.go index 9dce1ad55..2e8a77dcf 100644 --- a/pkg/auth/auth_handler.go +++ b/pkg/auth/auth_handler.go @@ -1,6 +1,7 @@ package auth import ( + "context" "crypto/rsa" "crypto/x509" "fmt" @@ -11,6 +12,7 @@ import ( "github.com/go-openapi/runtime/security" "github.com/dgrijalva/jwt-go" + "github.com/filanov/bm-inventory/pkg/ocm" "github.com/sirupsen/logrus" ) @@ -37,12 +39,14 @@ type AuthHandler struct { KeyMap map[string]*rsa.PublicKey utils AUtilsInteface log logrus.FieldLogger + client *ocm.Client } -func NewAuthHandler(cfg Config, log logrus.FieldLogger) *AuthHandler { +func NewAuthHandler(cfg Config, ocmCLient *ocm.Client, log logrus.FieldLogger) *AuthHandler { a := &AuthHandler{ EnableAuth: cfg.EnableAuth, utils: NewAuthUtils(cfg.JwkCert, cfg.JwkCertURL), + client: ocmCLient, log: log, } err := a.populateKeyMap() @@ -81,8 +85,16 @@ func (a *AuthHandler) getValidationToken(token *jwt.Token) (interface{}, error) } func (a *AuthHandler) AuthAgentAuth(token string) (interface{}, error) { - //TODO: Validate agent pull secret - return "user_foo", nil + a.log.Error("AuthAgentAuth") + a.log.Error(token) // TODO REMOVE + if a.client == nil { + return nil, fmt.Errorf("OCM client unavailable") + } + user, err := a.client.Authentication.AuthenticatePullSecret(context.Background(), token) + if err != nil { + a.log.Error("Error Authenticating PullSecret token: %e", err) + } + return user, nil } func parsePayload(userToken *jwt.Token) (*AuthPayload, error) { diff --git a/pkg/ocm/client.go b/pkg/ocm/client.go new file mode 100644 index 000000000..151c1a639 --- /dev/null +++ b/pkg/ocm/client.go @@ -0,0 +1,77 @@ +package ocm + +import ( + "fmt" + + sdkClient "github.com/openshift-online/ocm-sdk-go" +) + +type Client struct { + config *Config + logger sdkClient.Logger + connection *sdkClient.Connection + + Authentication OCMAuthentication +} + +type Config struct { + BaseURL string `envconfig:"OCM_BASE_URL" default:""` + ClientID string `envconfig:"OCM_SERVICE_CLIENT_ID" default:""` + ClientSecret string `envconfig:"OCM_SERVICE_CLIENT_SECRET" default:""` + SelfToken string `envconfig:"OCM_SELF_TOKEN" default:""` + Debug bool `envconfig:"OCM_DEBUG" default:"false"` +} + +func NewClient(config Config) (*Client, error) { + // Create a logger that has the debug level enabled: + logger, err := sdkClient.NewGoLoggerBuilder(). + Debug(config.Debug). + Build() + if err != nil { + return nil, fmt.Errorf("Unable to build OCM logger: %s", err.Error()) + } + + client := &Client{ + config: &config, + logger: logger, + } + err = client.newConnection() + if err != nil { + return nil, fmt.Errorf("Unable to build OCM connection: %s", err.Error()) + } + client.Authentication = &authentication{client: client} + return client, nil +} + +func (c *Client) newConnection() error { + builder := sdkClient.NewConnectionBuilder(). + Logger(c.logger). + URL(c.config.BaseURL). + Metrics("api_outbound") + + if c.config.ClientID != "" && c.config.ClientSecret != "" { + builder = builder.Client(c.config.ClientID, c.config.ClientSecret) + } else if c.config.SelfToken != "" { + builder = builder.Tokens(c.config.SelfToken) + } else { + return fmt.Errorf("Can't build OCM client connection. No Client/Secret or Token has been provided") + } + + connection, err := builder.Build() + + if err != nil { + return fmt.Errorf("Can't build OCM client connection: %s", err.Error()) + } + c.connection = connection + return nil +} + +func (c *Client) Close() { + if c.connection != nil { + c.connection.Close() + } +} + +type service struct { + client *Client +} diff --git a/pkg/ocm/pullsecret_auth.go b/pkg/ocm/pullsecret_auth.go new file mode 100644 index 000000000..904df3079 --- /dev/null +++ b/pkg/ocm/pullsecret_auth.go @@ -0,0 +1,57 @@ +package ocm + +import ( + "context" + "encoding/json" + + "github.com/sirupsen/logrus" +) + +type OCMAuthentication interface { + AuthenticatePullSecret(ctx context.Context, pullSecret string) (userName string, err error) +} + +type authentication service + +var _ OCMAuthentication = &authentication{} + +func (a authentication) AuthenticatePullSecret(ctx context.Context, pullSecret string) (userName string, err error) { + + //TODO cache pullSecret <-> Username + con := a.client.connection + request := con.Post() + request.Path("/api/accounts_mgmt/v1/token_authorization") + + type TokenAuthorizationRequest struct { + AuthorizationToken string `json:"authorization_token"` + } + + tokenAuthorizationRequest := TokenAuthorizationRequest{ + AuthorizationToken: pullSecret, + } + + var jsonData []byte + jsonData, err = json.Marshal(tokenAuthorizationRequest) + if err != nil { + return "", err + } + request.Bytes(jsonData) + + postResp, err := request.SendContext(ctx) + if err != nil || postResp.Status() != 200 { + return "", err + } + + type TokenAuthorizationResponse struct { + Items []struct { + Username string `json:"username"` + } `json:"items"` + } + + var tokenAuthorizationResponse TokenAuthorizationResponse + if err := json.Unmarshal(postResp.Bytes(), &tokenAuthorizationResponse); err != nil { + return "", err + } + logrus.Error(tokenAuthorizationResponse.Items[0].Username) + return tokenAuthorizationResponse.Items[0].Username, nil +} diff --git a/tools/deploy_sso_secret.py b/tools/deploy_sso_secret.py new file mode 100644 index 000000000..410a3e93b --- /dev/null +++ b/tools/deploy_sso_secret.py @@ -0,0 +1,21 @@ +import os +import utils +import deployment_options + +def main(): + deploy_options = deployment_options.load_deployment_options() + + src_file = os.path.join(os.getcwd(), "deploy/assisted-installer-sso.yaml") + dst_file = os.path.join(os.getcwd(), "build/assisted-installer-sso.yaml") + with open(src_file, "r") as src: + with open(dst_file, "w+") as dst: + data = src.read() + data = data.replace('REPLACE_NAMESPACE', deploy_options.namespace) + print("Deploying {}".format(dst_file)) + dst.write(data) + + utils.apply(dst_file) + + +if __name__ == "__main__": + main()