validation added for clusterURL in create env (#22)

fabric8-services · Jan 14, 2019 · d556c07 · d556c07
1 parent aa3b173
commit d556c07
Show file tree

Hide file tree

Showing 9 changed files with 338 additions and 61 deletions.
diff --git a/Gopkg.lock b/Gopkg.lock
diff --git a/Gopkg.toml b/Gopkg.toml
@@ -37,4 +37,8 @@ ignored = [
 
 [[constraint]]
   name = "github.com/fabric8-services/fabric8-common"
-  revision = "b10e057d860d730661b2440dc1326c7d82606acc"
+  revision = "5bb2b51fb241b42824f86cb79c50574ab0c0c57f"
+
+[[constraint]]
+  name = "github.com/fabric8-services/fabric8-cluster-client"
+  branch = "master"
diff --git a/configuration/configuration.go b/configuration/configuration.go
@@ -10,7 +10,7 @@ import (
 	errs "github.com/pkg/errors"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/viper"
-	"gopkg.in/yaml.v2"
+	yaml "gopkg.in/yaml.v2"
 )
 
 func (c *Registry) String() string {
@@ -29,6 +29,7 @@ const (
 	varLogLevel                            = "log.level"
 	varLogJSON                             = "log.json"
 	varAuthURL                             = "auth.url"
+	varClusterURL                          = "cluster.url"
 	varAuthKeysPath                        = "auth.keys.path"
 	varHTTPAddress                         = "http.address"
 	varMetricsHTTPAddress                  = "metrics.http.address"
@@ -145,6 +146,16 @@ func (c *Registry) GetAuthServiceURL() string {
 	return ""
 }
 
+func (c *Registry) GetClusterServiceURL() string {
+	if c.v.IsSet(varClusterURL) {
+		return c.v.GetString(varClusterURL)
+	}
+	if c.DeveloperModeEnabled() {
+		return "https://cluster.prod-preview.openshift.io"
+	}
+	return ""
+}
+
 func (c *Registry) GetDevModePrivateKey() []byte {
 	if c.DeveloperModeEnabled() {
 		return []byte(commonconfig.DevModeRsaPrivateKey)

diff --git a/controller/environment.go b/controller/environment.go
@@ -1,6 +1,10 @@
 package controller
 
 import (
+	"context"
+	"fmt"
+
+	clusterclient "github.com/fabric8-services/fabric8-cluster-client/service"
 	"github.com/fabric8-services/fabric8-common/auth"
 	"github.com/fabric8-services/fabric8-common/errors"
 	"github.com/fabric8-services/fabric8-common/httpsupport"
@@ -18,15 +22,17 @@ const (
 
 type EnvironmentController struct {
 	*goa.Controller
-	db          application.DB
-	authService auth.AuthService
+	db             application.DB
+	authService    auth.AuthService
+	clusterService clusterclient.Service
 }
 
-func NewEnvironmentController(service *goa.Service, db application.DB, authService auth.AuthService) *EnvironmentController {
+func NewEnvironmentController(service *goa.Service, db application.DB, authService auth.AuthService, clusterService clusterclient.Service) *EnvironmentController {
 	return &EnvironmentController{
-		Controller:  service.NewController("EnvironmentController"),
-		db:          db,
-		authService: authService,
+		Controller:     service.NewController("EnvironmentController"),
+		db:             db,
+		authService:    authService,
+		clusterService: clusterService,
 	}
 }
 
@@ -65,6 +71,11 @@ func (c *EnvironmentController) Create(ctx *app.CreateEnvironmentContext) error
 		return app.JSONErrorResponse(ctx, err)
 	}
 
+	err = c.checkClustersUser(ctx, *reqEnv.Attributes.ClusterURL)
+	if err != nil {
+		return app.JSONErrorResponse(ctx, err)
+	}
+
 	var env *environment.Environment
 	err = application.Transactional(c.db, func(appl application.Application) error {
 		newEnv := environment.Environment{
@@ -78,8 +89,8 @@ func (c *EnvironmentController) Create(ctx *app.CreateEnvironmentContext) error
 		env, err = appl.Environments().Create(ctx, &newEnv)
 		if err != nil {
 			log.Error(ctx, map[string]interface{}{"err": err},
-				"failed to create environment: %s", newEnv.Name)
-			return errs.Wrapf(err, "failed to create environment: %s", newEnv.Name)
+				"failed to create environment: %s", *newEnv.Name)
+			return errs.Wrapf(err, "failed to create environment: %s", *newEnv.Name)
 		}
 		return nil
 	})
@@ -132,3 +143,17 @@ func (c *EnvironmentController) Show(ctx *app.ShowEnvironmentContext) error {
 	}
 	return ctx.OK(res)
 }
+
+func (c *EnvironmentController) checkClustersUser(ctx context.Context, clusterURL string) error {
+	clusters, err := c.clusterService.UserClusters(ctx)
+	if err != nil {
+		return err
+	}
+	clusterURL = httpsupport.RemoveTrailingSlashFromURL(clusterURL)
+	for _, cluster := range clusters.Data {
+		if httpsupport.RemoveTrailingSlashFromURL(cluster.APIURL) == clusterURL {
+			return nil
+		}
+	}
+	return errors.NewForbiddenError(fmt.Sprintf("cluster with URL '%s' not linked with user account", clusterURL))
+}
diff --git a/controller/environment_blackbox_test.go b/controller/environment_blackbox_test.go
@@ -8,6 +8,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
+	clusterclient "github.com/fabric8-services/fabric8-cluster-client/cluster"
 	testauth "github.com/fabric8-services/fabric8-common/test/auth"
 	testsuite "github.com/fabric8-services/fabric8-common/test/suite"
 	"github.com/fabric8-services/fabric8-env/app"
@@ -34,6 +35,19 @@ func (s *testAuthService) RequireScope(ctx context.Context, resourceID, required
 	return nil
 }
 
+type testClusterService struct{}
+
+func (s *testClusterService) UserClusters(ctx context.Context) (*clusterclient.ClusterList, error) {
+	return &clusterclient.ClusterList{
+		Data: []*clusterclient.ClusterData{
+			{
+				Name:   "cluster1",
+				APIURL: "cluster1.com",
+			},
+		},
+	}, nil
+}
+
 func TestEnvironmentController(t *testing.T) {
 	config, err := configuration.New("")
 	require.NoError(t, err)
@@ -48,7 +62,7 @@ func (s *EnvironmentControllerSuite) SetupSuite() {
 	svc := testauth.UnsecuredService("enviroment-test")
 	s.svc = svc
 	s.ctx = s.svc.Context
-	s.ctrl = controller.NewEnvironmentController(s.svc, s.db, &testAuthService{})
+	s.ctrl = controller.NewEnvironmentController(s.svc, s.db, &testAuthService{}, &testClusterService{})
 }
 
 func (s *EnvironmentControllerSuite) TestCreate() {
@@ -65,6 +79,14 @@ func (s *EnvironmentControllerSuite) TestCreate() {
 		require.NotNil(t, env)
 		assert.Equal(t, env.Data.ID, newEnv.Data.ID)
 	})
+
+	s.T().Run("cluster_not_linked", func(t *testing.T) {
+		spaceID := uuid.NewV4()
+		payload := newCreateEnvironmentPayload("osio-stage", "stage", "cluster2.com")
+
+		_, err := test.CreateEnvironmentForbidden(t, s.ctx, s.svc, s.ctrl, spaceID, payload)
+		assert.NotNil(t, err)
+	})
 }
 
 func (s *EnvironmentControllerSuite) TestList() {

diff --git a/controller/environment_space_scope_blackbox_test.go b/controller/environment_space_scope_blackbox_test.go
@@ -82,7 +82,7 @@ func (s *EnvironmentSpaceScopeSuite) SetupSuite() {
 	require.NoError(s.T(), err)
 
 	s.svc = testauth.UnsecuredService("enviroment-test")
-	s.ctrl = controller.NewEnvironmentController(s.svc, s.db, authService)
+	s.ctrl = controller.NewEnvironmentController(s.svc, s.db, authService, &testClusterService{})
 	s.spaceID = uuid.NewV4()
 
 	s.ctx1, _, err = testauth.EmbedUserTokenInContext(context.Background(), testUser1)

diff --git a/main.go b/main.go
@@ -9,6 +9,7 @@ import (
 	"runtime"
 	"time"
 
+	clusterclient "github.com/fabric8-services/fabric8-cluster-client/service"
 	"github.com/fabric8-services/fabric8-common/auth"
 	"github.com/fabric8-services/fabric8-common/closeable"
 	"github.com/fabric8-services/fabric8-common/convert/ptr"
@@ -102,17 +103,25 @@ func main() {
 	service.Use(metric.Recorder("fabric8_env"))
 	// ---
 
+	// Used services
 	authService, err := auth.NewAuthService(config.GetAuthServiceURL())
 	if err != nil {
 		log.Panic(nil, map[string]interface{}{"url": config.GetAuthServiceURL(), "err": err},
 			"could not create Auth client")
 	}
 
+	clusterService, err := clusterclient.NewClusterService(config.GetClusterServiceURL())
+	if err != nil {
+		log.Panic(nil, map[string]interface{}{"url": config.GetClusterServiceURL(), "err": err},
+			"could not create Cluster client")
+	}
+
 	appDB := gormapp.NewGormDB(db)
+	// ---
 
 	// Mount controllers
 	app.MountStatusController(service, controller.NewStatusController(service, controller.NewGormDBChecker(db)))
-	app.MountEnvironmentController(service, controller.NewEnvironmentController(service, appDB, authService))
+	app.MountEnvironmentController(service, controller.NewEnvironmentController(service, appDB, authService, clusterService))
 	// ---
 
 	log.Logger().Infoln("Git Commit SHA: ", app.Commit)

diff --git a/openshift/f8env.app.yaml b/openshift/f8env.app.yaml
@@ -79,6 +79,11 @@ objects:
               configMapKeyRef:
                 name: f8env
                 key: auth.url
+          - name: F8_CLUSTER_URL
+            valueFrom:
+              configMapKeyRef:
+                name: f8env
+                key: cluster.url
           imagePullPolicy: Always
           name: f8env
           ports:

diff --git a/openshift/f8env.config.yaml b/openshift/f8env.config.yaml
@@ -25,4 +25,5 @@ objects:
     postgres.connection.maxopen: "90"
     environment: prod-preview
     auth.url: https://auth.prod-preview.openshift.io
+    cluster.url: https://cluster.prod-preview.openshift.io