certificates/authority/mgmt/api/admin.go
max furman 9bfb1c2e7b wip
2021-05-21 13:31:41 -07:00

177 lines
4.9 KiB
Go

package api
import (
"fmt"
"net/http"
"github.com/go-chi/chi"
"github.com/smallstep/certificates/api"
"github.com/smallstep/certificates/authority/admin"
"github.com/smallstep/certificates/authority/mgmt"
"github.com/smallstep/certificates/authority/status"
)
// CreateAdminRequest represents the body for a CreateAdmin request.
type CreateAdminRequest struct {
Subject string `json:"subject"`
Provisioner string `json:"provisioner"`
Type admin.Type `json:"type"`
}
// Validate validates a new-admin request body.
func (car *CreateAdminRequest) Validate(c *admin.Collection) error {
if _, ok := c.LoadBySubProv(car.Subject, car.Provisioner); ok {
return mgmt.NewError(mgmt.ErrorBadRequestType,
"admin with subject: '%s' and provisioner: '%s' already exists", car.Subject, car.Provisioner)
}
return nil
}
// GetAdminsResponse for returning a list of admins.
type GetAdminsResponse struct {
Admins []*admin.Admin `json:"admins"`
NextCursor string `json:"nextCursor"`
}
// UpdateAdminRequest represents the body for a UpdateAdmin request.
type UpdateAdminRequest struct {
Type admin.Type `json:"type"`
}
// Validate validates a new-admin request body.
func (uar *UpdateAdminRequest) Validate() error {
return nil
}
// DeleteResponse is the resource for successful DELETE responses.
type DeleteResponse struct {
Status string `json:"status"`
}
// GetAdmin returns the requested admin, or an error.
func (h *Handler) GetAdmin(w http.ResponseWriter, r *http.Request) {
id := chi.URLParam(r, "id")
adm, ok := h.auth.GetAdminCollection().LoadByID(id)
if !ok {
api.WriteError(w, mgmt.NewError(mgmt.ErrorNotFoundType,
"admin %s not found", id))
return
}
api.JSON(w, adm)
}
// GetAdmins returns all admins associated with the authority.
func (h *Handler) GetAdmins(w http.ResponseWriter, r *http.Request) {
cursor, limit, err := api.ParseCursor(r)
if err != nil {
api.WriteError(w, mgmt.WrapError(mgmt.ErrorBadRequestType, err,
"error parsing cursor and limit from query params"))
return
}
admins, nextCursor := h.auth.GetAdminCollection().Find(cursor, limit)
api.JSON(w, &GetAdminsResponse{
Admins: admins,
NextCursor: nextCursor,
})
}
// CreateAdmin creates a new admin.
func (h *Handler) CreateAdmin(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
var body CreateAdminRequest
if err := api.ReadJSON(r.Body, &body); err != nil {
api.WriteError(w, mgmt.WrapError(mgmt.ErrorBadRequestType, err, "error reading request body"))
return
}
if err := body.Validate(h.auth.GetAdminCollection()); err != nil {
api.WriteError(w, err)
return
}
p, ok := h.auth.GetProvisionerCollection().LoadByName(body.Provisioner)
if !ok {
api.WriteError(w, mgmt.NewError(mgmt.ErrorNotFoundType, "provisioner %s not found", body.Provisioner))
return
}
adm := &mgmt.Admin{
ProvisionerID: p.GetID(),
Subject: body.Subject,
Type: body.Type,
Status: status.Active,
}
if err := h.db.CreateAdmin(ctx, adm); err != nil {
api.WriteError(w, mgmt.WrapErrorISE(err, "error creating admin"))
return
}
adm.ProvisionerName = p.GetName()
adm.ProvisionerType = p.GetType().String()
api.JSON(w, adm)
if err := h.auth.ReloadAuthConfig(); err != nil {
fmt.Printf("err = %+v\n", err)
}
}
// DeleteAdmin deletes admin.
func (h *Handler) DeleteAdmin(w http.ResponseWriter, r *http.Request) {
id := chi.URLParam(r, "id")
if h.auth.GetAdminCollection().SuperCount() == 1 {
api.WriteError(w, mgmt.NewError(mgmt.ErrorBadRequestType, "cannot remove the last super admin"))
return
}
ctx := r.Context()
adm, err := h.db.GetAdmin(ctx, id)
if err != nil {
api.WriteError(w, mgmt.WrapErrorISE(err, "error retrieiving admin %s", id))
return
}
adm.Status = status.Deleted
if err := h.db.UpdateAdmin(ctx, adm); err != nil {
api.WriteError(w, mgmt.WrapErrorISE(err, "error updating admin %s", id))
return
}
api.JSON(w, &DeleteResponse{Status: "ok"})
if err := h.auth.ReloadAuthConfig(); err != nil {
fmt.Printf("err = %+v\n", err)
}
}
// UpdateAdmin updates an existing admin.
func (h *Handler) UpdateAdmin(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
var body UpdateAdminRequest
if err := api.ReadJSON(r.Body, &body); err != nil {
api.WriteError(w, mgmt.WrapError(mgmt.ErrorBadRequestType, err, "error reading request body"))
return
}
id := chi.URLParam(r, "id")
adm, ok := h.auth.GetAdminCollection().LoadByID(id)
if !ok {
api.WriteError(w, mgmt.NewError(mgmt.ErrorNotFoundType, "admin %s not found", id))
return
}
if adm.Type == body.Type {
api.WriteError(w, mgmt.NewError(mgmt.ErrorBadRequestType, "admin %s already has type %s", id, adm.Type))
return
}
adm.Type = body.Type
if err := h.db.UpdateAdmin(ctx, (*mgmt.Admin)(adm)); err != nil {
api.WriteError(w, mgmt.WrapErrorISE(err, "error updating admin %s", id))
return
}
api.JSON(w, adm)
if err := h.auth.ReloadAuthConfig(); err != nil {
fmt.Printf("err = %+v\n", err)
}
}