Default environment per user

jmpsec · Jan 8, 2021 · 1563020 · 1563020
1 parent 175f09f
commit 1563020
Show file tree

Hide file tree

Showing 14 changed files with 209 additions and 20 deletions.
diff --git a/admin/auth.go b/admin/auth.go
@@ -154,7 +154,7 @@ func handlerAuthCheck(h http.Handler) http.Handler {
 				http.Redirect(w, r, forbiddenPath, http.StatusForbidden)
 				return
 			}
-			newUser, err := adminUsers.New(username, "", email, fullname, (s[ctxLevel] == adminLevel))
+			newUser, err := adminUsers.New(username, "", email, fullname, headersConfig.DefaultEnv, (s[ctxLevel] == adminLevel))
 			if err != nil {
 				log.Printf("Error with new user %s: %v", username, err)
 				http.Redirect(w, r, forbiddenPath, http.StatusFound)

diff --git a/admin/handlers/post.go b/admin/handlers/post.go
@@ -987,7 +987,7 @@ func (h *HandlersAdmin) EnvsPOSTHandler(w http.ResponseWriter, r *http.Request)
 		adminOKResponse(w, "environment created successfully")
 	case "delete":
 		if c.Name == h.Settings.DefaultEnv(settings.ServiceAdmin) {
-			adminErrorResponse(w, "not a good idea", http.StatusInternalServerError, fmt.Errorf("attempt to remove environment %s", c.Name))
+			adminErrorResponse(w, "nope, this is the default environment", http.StatusInternalServerError, fmt.Errorf("attempt to remove default environment %s", c.Name))
 			h.Inc(metricAdminErr)
 			return
 		}
@@ -1153,8 +1153,14 @@ func (h *HandlersAdmin) UsersPOSTHandler(w http.ResponseWriter, r *http.Request)
 			h.Inc(metricAdminErr)
 			return
 		}
+		// Check that default environment exists
+		if (u.DefaultEnv == "") || !h.Envs.Exists(u.DefaultEnv) {
+			adminErrorResponse(w, "error adding user", http.StatusInternalServerError, fmt.Errorf("environment %s does not exist", u.DefaultEnv))
+			h.Inc(metricAdminErr)
+			return
+		}
 		// Prepare user to create
-		newUser, err := h.Users.New(u.Username, u.Password, u.Email, u.Fullname, u.Admin)
+		newUser, err := h.Users.New(u.Username, u.Password, u.Email, u.Fullname, u.DefaultEnv, u.Admin)
 		if err != nil {
 			adminErrorResponse(w, "error with new user", http.StatusInternalServerError, err)
 			h.Inc(metricAdminErr)
@@ -1209,6 +1215,13 @@ func (h *HandlersAdmin) UsersPOSTHandler(w http.ResponseWriter, r *http.Request)
 				return
 			}
 		}
+		if u.DefaultEnv != "" {
+			if err := h.Users.ChangeDefaultEnv(u.Username, u.DefaultEnv); err != nil {
+				adminErrorResponse(w, "error changing default environment", http.StatusInternalServerError, err)
+				h.Inc(metricAdminErr)
+				return
+			}
+		}
 		adminOKResponse(w, "user updated successfully")
 	case "remove":
 		if u.Username == ctx[sessions.CtxUser] {

diff --git a/admin/handlers/types-requests.go b/admin/handlers/types-requests.go
@@ -107,14 +107,15 @@ type EnvironmentsRequest struct {
 
 // UsersRequest to receive user action requests
 type UsersRequest struct {
-	CSRFToken string `json:"csrftoken"`
-	Action    string `json:"action"`
-	Username  string `json:"username"`
-	Email     string `json:"email"`
-	Fullname  string `json:"fullname"`
-	Password  string `json:"password"`
-	Token     bool   `json:"token"`
-	Admin     bool   `json:"admin"`
+	CSRFToken  string `json:"csrftoken"`
+	Action     string `json:"action"`
+	Username   string `json:"username"`
+	Email      string `json:"email"`
+	Fullname   string `json:"fullname"`
+	Password   string `json:"password"`
+	Token      bool   `json:"token"`
+	Admin      bool   `json:"admin"`
+	DefaultEnv string `json:"environment"`
 }
 
 // TagsRequest to receive tag action requests

diff --git a/admin/templates/users.html b/admin/templates/users.html
@@ -125,7 +125,6 @@ <h4 class="modal-title">Add new user</h4>
                       <div class="col-md-4">
                         <input class="form-control" name="user_password" id="user_password" type="password" autocomplete="off">
                       </div>
-
                     </div>
                     <div class="form-group row">
                       <label class="col-md-2 col-form-label" for="user_email">Email: </label>
@@ -138,20 +137,24 @@ <h4 class="modal-title">Add new user</h4>
                       </div>
                     </div>
                     <div class="form-group row">
-                      <label class="col-md-3 col-form-label" for="user_admin">Enable Admin Level: </label>
-                      <div class="col-md-3">
+                      <label class="col-md-1 col-form-label" for="user_admin">Admin: </label>
+                      <div class="col-md-2">
                         <label class="switch switch-label switch-pill switch-success switch-sm" data-tooltip="true" data-placement="top" title="Change">
                           <input id="user_admin" class="switch-input" type="checkbox">
                           <span class="switch-slider" data-checked="On" data-unchecked="Off"></span>
                         </label>
                       </div>
-                      <label class="col-md-3 col-form-label" for="user_token">Create API Token: </label>
-                      <div class="col-md-3">
+                      <label class="col-md-1 col-form-label" for="user_token">API: </label>
+                      <div class="col-md-2">
                         <label class="switch switch-label switch-pill switch-success switch-sm" data-tooltip="true" data-placement="top" title="Change">
                           <input id="user_token" class="switch-input" type="checkbox">
                           <span class="switch-slider" data-checked="On" data-unchecked="Off"></span>
                         </label>
                       </div>
+                      <label class="col-md-2 col-form-label" for="default_env">Default Environment: </label>
+                      <div class="col-md-4">
+                        <input class="form-control" name="default_env" id="default_env" type="text" autocomplete="off">
+                      </div>
                     </div>
                   </div>
                   <div class="modal-footer">

diff --git a/cli/main.go b/cli/main.go
@@ -83,6 +83,11 @@ func init() {
 							Hidden: false,
 							Usage:  "Make this user an admin",
 						},
+						cli.StringFlag{
+							Name:  "environment, E",
+							Value: "",
+							Usage: "Default environment for the new user",
+						},
 						cli.StringFlag{
 							Name:  "email, e",
 							Usage: "Email for the new user",
@@ -125,6 +130,10 @@ func init() {
 							Hidden: false,
 							Usage:  "Make this user an non-admin",
 						},
+						cli.StringFlag{
+							Name:  "environment, E",
+							Usage: "Default environment for this user",
+						},
 					},
 					Action: cliWrapper(editUser),
 				},

diff --git a/cli/user.go b/cli/user.go
@@ -20,11 +20,16 @@ func addUser(c *cli.Context) error {
 		fmt.Println("username is required")
 		os.Exit(1)
 	}
+	defaultEnv := c.String("environment")
+	if defaultEnv == "" {
+		fmt.Println("environment is required")
+		os.Exit(1)
+	}
 	password := c.String("password")
 	email := c.String("email")
 	fullname := c.String("fullname")
 	admin := c.Bool("admin")
-	user, err := adminUsers.New(username, password, email, fullname, admin)
+	user, err := adminUsers.New(username, password, email, fullname, defaultEnv, admin)
 	if err != nil {
 		return err
 	}
@@ -72,6 +77,12 @@ func editUser(c *cli.Context) error {
 			return err
 		}
 	}
+	defaultEnv := c.String("environment")
+	if defaultEnv != "" {
+		if err := adminUsers.ChangeDefaultEnv(username, defaultEnv); err != nil {
+			return err
+		}
+	}
 	fmt.Printf("Edited user %s successfully", username)
 	return nil
 }
@@ -97,6 +108,7 @@ func listUsers(c *cli.Context) error {
 		"Fullname",
 		"PassHash",
 		"Admin?",
+		"Environment",
 		"Last IPAddress",
 		"Last UserAgent",
 	})
@@ -108,6 +120,7 @@ func listUsers(c *cli.Context) error {
 				u.Fullname,
 				truncateString(u.PassHash, lengthToTruncate),
 				stringifyBool(u.Admin),
+				u.DefaultEnv,
 				u.LastIPAddress,
 				u.LastUserAgent,
 			}

diff --git a/deploy/docker/admin/wait.sh b/deploy/docker/admin/wait.sh
@@ -48,7 +48,7 @@ SECRET_FILE="$CONFIG/docker.secret"
 ./bin/osctrl-cli -D "$DB_JSON" environment flags -n dev -crt "/$CRT_FILE" -secret "/$SECRET_FILE" | sed 's/=uuid/=ephemeral/g' > "$FLAGS_FILE"
 
 # Create admin user
-OUTPUT_ADMIN="$(./bin/osctrl-cli -D "$DB_JSON" user add -u admin -p admin -a -n Admin)"
+OUTPUT_ADMIN="$(./bin/osctrl-cli -D "$DB_JSON" user add -u admin -p admin -a -E dev -n Admin)"
 if [ $? -eq 0 ]; then
   echo "Created admin user"
 else

diff --git a/deploy/provision.sh b/deploy/provision.sh
@@ -724,7 +724,7 @@ else
 
   # Create admin user
   log "Creating admin user"
-  "$DEST_PATH"/osctrl-cli -D "$__db_conf" user add -u "$_ADMIN_USER" -p "$_ADMIN_PASS" -a -n "Admin"
+  "$DEST_PATH"/osctrl-cli -D "$__db_conf" user add -u "$_ADMIN_USER" -p "$_ADMIN_PASS" -a -E "$ENVIRONMENT" -n "Admin"
 
   # Create initial environment to enroll machines
   log "Creating environment $ENVIRONMENT"

diff --git a/types/go.mod b/types/go.mod
@@ -1,3 +1,5 @@
 module github.com/jmpsec/osctrl/types
 
 go 1.15
+
+require github.com/jmpsec/osctrl/queries v0.0.0-20210108060250-175f09fbfa70