smallstep-certificates/authority/mgmt/api/admin.go

package api

import (
	"fmt"
	"net/http"

	"github.com/go-chi/chi"
	"github.com/smallstep/certificates/api"
	"github.com/smallstep/certificates/authority/admin"
	"github.com/smallstep/certificates/authority/mgmt"
	"github.com/smallstep/certificates/authority/status"
)

// CreateAdminRequest represents the body for a CreateAdmin request.
type CreateAdminRequest struct {
	Subject     string     `json:"subject"`
	Provisioner string     `json:"provisioner"`
	Type        admin.Type `json:"type"`
}

// Validate validates a new-admin request body.
func (car *CreateAdminRequest) Validate(c *admin.Collection) error {
	if _, ok := c.LoadBySubProv(car.Subject, car.Provisioner); ok {
		return mgmt.NewError(mgmt.ErrorBadRequestType,
			"admin with subject: '%s' and provisioner: '%s' already exists", car.Subject, car.Provisioner)
	}
	return nil
}

// GetAdminsResponse for returning a list of admins.
type GetAdminsResponse struct {
	Admins     []*admin.Admin `json:"admins"`
	NextCursor string         `json:"nextCursor"`
}

// UpdateAdminRequest represents the body for a UpdateAdmin request.
type UpdateAdminRequest struct {
	Type admin.Type `json:"type"`
}

// Validate validates a new-admin request body.
func (uar *UpdateAdminRequest) Validate() error {
	return nil
}

// DeleteResponse is the resource for successful DELETE responses.
type DeleteResponse struct {
	Status string `json:"status"`
}

// GetAdmin returns the requested admin, or an error.
func (h *Handler) GetAdmin(w http.ResponseWriter, r *http.Request) {
	id := chi.URLParam(r, "id")

	adm, ok := h.auth.GetAdminCollection().LoadByID(id)
	if !ok {
		api.WriteError(w, mgmt.NewError(mgmt.ErrorNotFoundType,
			"admin %s not found", id))
		return
	}
	api.JSON(w, adm)
}

// GetAdmins returns all admins associated with the authority.
func (h *Handler) GetAdmins(w http.ResponseWriter, r *http.Request) {
	cursor, limit, err := api.ParseCursor(r)
	if err != nil {
		api.WriteError(w, mgmt.WrapError(mgmt.ErrorBadRequestType, err,
			"error parsing cursor and limit from query params"))
		return
	}

	admins, nextCursor := h.auth.GetAdminCollection().Find(cursor, limit)
	api.JSON(w, &GetAdminsResponse{
		Admins:     admins,
		NextCursor: nextCursor,
	})
}

// CreateAdmin creates a new admin.
func (h *Handler) CreateAdmin(w http.ResponseWriter, r *http.Request) {
	ctx := r.Context()

	var body CreateAdminRequest
	if err := api.ReadJSON(r.Body, &body); err != nil {
		api.WriteError(w, mgmt.WrapError(mgmt.ErrorBadRequestType, err, "error reading request body"))
		return
	}

	if err := body.Validate(h.auth.GetAdminCollection()); err != nil {
		api.WriteError(w, err)
		return
	}

	p, ok := h.auth.GetProvisionerCollection().LoadByName(body.Provisioner)
	if !ok {
		api.WriteError(w, mgmt.NewError(mgmt.ErrorNotFoundType, "provisioner %s not found", body.Provisioner))
		return
	}

	adm := &mgmt.Admin{
		ProvisionerID: p.GetID(),
		Subject:       body.Subject,
		Type:          body.Type,
		Status:        status.Active,
	}
	if err := h.db.CreateAdmin(ctx, adm); err != nil {
		api.WriteError(w, mgmt.WrapErrorISE(err, "error creating admin"))
		return
	}
	adm.ProvisionerName = p.GetName()
	adm.ProvisionerType = p.GetType().String()
	api.JSON(w, adm)
	if err := h.auth.ReloadAuthConfig(); err != nil {
		fmt.Printf("err = %+v\n", err)
	}
}

// DeleteAdmin deletes admin.
func (h *Handler) DeleteAdmin(w http.ResponseWriter, r *http.Request) {
	id := chi.URLParam(r, "id")

	if h.auth.GetAdminCollection().Count() == 1 {
		api.WriteError(w, mgmt.NewError(mgmt.ErrorBadRequestType, "cannot remove last admin"))
		return
	}

	ctx := r.Context()
	adm, err := h.db.GetAdmin(ctx, id)
	if err != nil {
		api.WriteError(w, mgmt.WrapErrorISE(err, "error retrieiving admin %s", id))
		return
	}
	adm.Status = status.Deleted
	if err := h.db.UpdateAdmin(ctx, adm); err != nil {
		api.WriteError(w, mgmt.WrapErrorISE(err, "error updating admin %s", id))
		return
	}
	api.JSON(w, &DeleteResponse{Status: "ok"})
	if err := h.auth.ReloadAuthConfig(); err != nil {
		fmt.Printf("err = %+v\n", err)
	}
}

// UpdateAdmin updates an existing admin.
func (h *Handler) UpdateAdmin(w http.ResponseWriter, r *http.Request) {
	ctx := r.Context()

	var body UpdateAdminRequest
	if err := api.ReadJSON(r.Body, &body); err != nil {
		api.WriteError(w, mgmt.WrapError(mgmt.ErrorBadRequestType, err, "error reading request body"))
		return
	}

	id := chi.URLParam(r, "id")

	adm, ok := h.auth.GetAdminCollection().LoadByID(id)
	if !ok {
		api.WriteError(w, mgmt.NewError(mgmt.ErrorNotFoundType, "admin %s not found", id))
		return
	}
	if adm.Type == body.Type {
		api.WriteError(w, mgmt.NewError(mgmt.ErrorBadRequestType, "admin %s already has type %s", id, adm.Type))
		return
	}

	adm.Type = body.Type

	if err := h.db.UpdateAdmin(ctx, (*mgmt.Admin)(adm)); err != nil {
		api.WriteError(w, mgmt.WrapErrorISE(err, "error updating admin %s", id))
		return
	}
	api.JSON(w, adm)
	if err := h.auth.ReloadAuthConfig(); err != nil {
		fmt.Printf("err = %+v\n", err)
	}
}
first commit 2021-05-03 19:48:20 +00:00			`package api`

			`import (`
wip 2021-05-18 04:07:25 +00:00			`"fmt"`
first commit 2021-05-03 19:48:20 +00:00			`"net/http"`

			`"github.com/go-chi/chi"`
			`"github.com/smallstep/certificates/api"`
wip 2021-05-18 04:07:25 +00:00			`"github.com/smallstep/certificates/authority/admin"`
wip admin CRUD 2021-05-12 07:03:40 +00:00			`"github.com/smallstep/certificates/authority/mgmt"`
wip 2021-05-18 23:50:54 +00:00			`"github.com/smallstep/certificates/authority/status"`
first commit 2021-05-03 19:48:20 +00:00			`)`

			`// CreateAdminRequest represents the body for a CreateAdmin request.`
			`type CreateAdminRequest struct {`
wip 2021-05-18 23:50:54 +00:00			Subject string `json:"subject"`
			Provisioner string `json:"provisioner"`
			Type admin.Type `json:"type"`
first commit 2021-05-03 19:48:20 +00:00			`}`

			`// Validate validates a new-admin request body.`
wip 2021-05-18 04:07:25 +00:00			`func (car CreateAdminRequest) Validate(c admin.Collection) error {`
			`if _, ok := c.LoadBySubProv(car.Subject, car.Provisioner); ok {`
			`return mgmt.NewError(mgmt.ErrorBadRequestType,`
wip 2021-05-18 23:50:54 +00:00			`"admin with subject: '%s' and provisioner: '%s' already exists", car.Subject, car.Provisioner)`
wip 2021-05-18 04:07:25 +00:00			`}`
first commit 2021-05-03 19:48:20 +00:00			`return nil`
			`}`

wip 2021-05-18 23:50:54 +00:00			`// GetAdminsResponse for returning a list of admins.`
			`type GetAdminsResponse struct {`
			Admins []*admin.Admin `json:"admins"`
			NextCursor string `json:"nextCursor"`
			`}`

first commit 2021-05-03 19:48:20 +00:00			`// UpdateAdminRequest represents the body for a UpdateAdmin request.`
			`type UpdateAdminRequest struct {`
wip 2021-05-18 23:50:54 +00:00			Type admin.Type `json:"type"`
first commit 2021-05-03 19:48:20 +00:00			`}`

			`// Validate validates a new-admin request body.`
			`func (uar *UpdateAdminRequest) Validate() error {`
			`return nil`
			`}`

wip admin CRUD 2021-05-12 07:03:40 +00:00			`// DeleteResponse is the resource for successful DELETE responses.`
			`type DeleteResponse struct {`
			Status string `json:"status"`
			`}`

first commit 2021-05-03 19:48:20 +00:00			`// GetAdmin returns the requested admin, or an error.`
			`func (h Handler) GetAdmin(w http.ResponseWriter, r http.Request) {`
			`id := chi.URLParam(r, "id")`

wip 2021-05-18 23:50:54 +00:00			`adm, ok := h.auth.GetAdminCollection().LoadByID(id)`
			`if !ok {`
			`api.WriteError(w, mgmt.NewError(mgmt.ErrorNotFoundType,`
			`"admin %s not found", id))`
first commit 2021-05-03 19:48:20 +00:00			`return`
			`}`
wip 2021-05-18 23:50:54 +00:00			`api.JSON(w, adm)`
first commit 2021-05-03 19:48:20 +00:00			`}`

			`// GetAdmins returns all admins associated with the authority.`
			`func (h Handler) GetAdmins(w http.ResponseWriter, r http.Request) {`
wip 2021-05-18 23:50:54 +00:00			`cursor, limit, err := api.ParseCursor(r)`
first commit 2021-05-03 19:48:20 +00:00			`if err != nil {`
wip 2021-05-18 23:50:54 +00:00			`api.WriteError(w, mgmt.WrapError(mgmt.ErrorBadRequestType, err,`
			`"error parsing cursor and limit from query params"))`
first commit 2021-05-03 19:48:20 +00:00			`return`
			`}`
wip 2021-05-18 23:50:54 +00:00
			`admins, nextCursor := h.auth.GetAdminCollection().Find(cursor, limit)`
			`api.JSON(w, &GetAdminsResponse{`
			`Admins: admins,`
			`NextCursor: nextCursor,`
			`})`
first commit 2021-05-03 19:48:20 +00:00			`}`

			`// CreateAdmin creates a new admin.`
			`func (h Handler) CreateAdmin(w http.ResponseWriter, r http.Request) {`
wip admin CRUD 2021-05-12 07:03:40 +00:00			`ctx := r.Context()`

			`var body CreateAdminRequest`
			`if err := api.ReadJSON(r.Body, &body); err != nil {`
			`api.WriteError(w, mgmt.WrapError(mgmt.ErrorBadRequestType, err, "error reading request body"))`
			`return`
			`}`

wip 2021-05-18 04:07:25 +00:00			`if err := body.Validate(h.auth.GetAdminCollection()); err != nil {`
			`api.WriteError(w, err)`
			`return`
			`}`
wip admin CRUD 2021-05-12 07:03:40 +00:00
wip 2021-05-18 23:50:54 +00:00			`p, ok := h.auth.GetProvisionerCollection().LoadByName(body.Provisioner)`
			`if !ok {`
			`api.WriteError(w, mgmt.NewError(mgmt.ErrorNotFoundType, "provisioner %s not found", body.Provisioner))`
			`return`
			`}`

wip admin CRUD 2021-05-12 07:03:40 +00:00			`adm := &mgmt.Admin{`
wip 2021-05-18 23:50:54 +00:00			`ProvisionerID: p.GetID(),`
			`Subject: body.Subject,`
			`Type: body.Type,`
			`Status: status.Active,`
wip admin CRUD 2021-05-12 07:03:40 +00:00			`}`
			`if err := h.db.CreateAdmin(ctx, adm); err != nil {`
			`api.WriteError(w, mgmt.WrapErrorISE(err, "error creating admin"))`
			`return`
			`}`
wip 2021-05-18 23:50:54 +00:00			`adm.ProvisionerName = p.GetName()`
			`adm.ProvisionerType = p.GetType().String()`
wip admin CRUD 2021-05-12 07:03:40 +00:00			`api.JSON(w, adm)`
wip 2021-05-18 04:07:25 +00:00			`if err := h.auth.ReloadAuthConfig(); err != nil {`
			`fmt.Printf("err = %+v\n", err)`
			`}`
wip admin CRUD 2021-05-12 07:03:40 +00:00			`}`

			`// DeleteAdmin deletes admin.`
			`func (h Handler) DeleteAdmin(w http.ResponseWriter, r http.Request) {`
			`id := chi.URLParam(r, "id")`

wip 2021-05-18 04:07:25 +00:00			`if h.auth.GetAdminCollection().Count() == 1 {`
			`api.WriteError(w, mgmt.NewError(mgmt.ErrorBadRequestType, "cannot remove last admin"))`
			`return`
			`}`

			`ctx := r.Context()`
wip admin CRUD 2021-05-12 07:03:40 +00:00			`adm, err := h.db.GetAdmin(ctx, id)`
			`if err != nil {`
			`api.WriteError(w, mgmt.WrapErrorISE(err, "error retrieiving admin %s", id))`
			`return`
			`}`
wip 2021-05-18 23:50:54 +00:00			`adm.Status = status.Deleted`
wip admin CRUD 2021-05-12 07:03:40 +00:00			`if err := h.db.UpdateAdmin(ctx, adm); err != nil {`
			`api.WriteError(w, mgmt.WrapErrorISE(err, "error updating admin %s", id))`
			`return`
			`}`
			`api.JSON(w, &DeleteResponse{Status: "ok"})`
wip 2021-05-18 04:07:25 +00:00			`if err := h.auth.ReloadAuthConfig(); err != nil {`
			`fmt.Printf("err = %+v\n", err)`
			`}`
first commit 2021-05-03 19:48:20 +00:00			`}`

			`// UpdateAdmin updates an existing admin.`
			`func (h Handler) UpdateAdmin(w http.ResponseWriter, r http.Request) {`
wip admin CRUD 2021-05-12 07:03:40 +00:00			`ctx := r.Context()`

			`var body UpdateAdminRequest`
			`if err := api.ReadJSON(r.Body, &body); err != nil {`
			`api.WriteError(w, mgmt.WrapError(mgmt.ErrorBadRequestType, err, "error reading request body"))`
			`return`
			`}`

			`id := chi.URLParam(r, "id")`
first steps 2021-05-07 00:03:12 +00:00
wip 2021-05-18 23:50:54 +00:00			`adm, ok := h.auth.GetAdminCollection().LoadByID(id)`
			`if !ok {`
			`api.WriteError(w, mgmt.NewError(mgmt.ErrorNotFoundType, "admin %s not found", id))`
			`return`
			`}`
			`if adm.Type == body.Type {`
			`api.WriteError(w, mgmt.NewError(mgmt.ErrorBadRequestType, "admin %s already has type %s", id, adm.Type))`
wip admin CRUD 2021-05-12 07:03:40 +00:00			`return`
			`}`

wip 2021-05-18 04:07:25 +00:00			`adm.Type = body.Type`

wip 2021-05-18 23:50:54 +00:00			`if err := h.db.UpdateAdmin(ctx, (*mgmt.Admin)(adm)); err != nil {`
wip admin CRUD 2021-05-12 07:03:40 +00:00			`api.WriteError(w, mgmt.WrapErrorISE(err, "error updating admin %s", id))`
			`return`
			`}`
			`api.JSON(w, adm)`
wip 2021-05-18 04:07:25 +00:00			`if err := h.auth.ReloadAuthConfig(); err != nil {`
			`fmt.Printf("err = %+v\n", err)`
			`}`
first commit 2021-05-03 19:48:20 +00:00			`}`