From 9e8d767a9e9d7f80f24e8782bcec1f31778402f7 Mon Sep 17 00:00:00 2001 From: niravparikh05 Date: Fri, 22 Apr 2022 12:13:23 +0530 Subject: [PATCH] fixes in middleware to set db and few other fixes --- pkg/auth/v3/auth.go | 19 ++++++++++----- pkg/auth/v3/middleware.go | 6 +++++ pkg/service/kubectl_cluster_setting.go | 2 +- .../permissions/base/location_read.json | 16 +++++++++++++ .../permissions/base/location_write.json | 23 +++++++++++++++++++ scripts/initialize/roles/ztka/roles.json | 4 +++- 6 files changed, 62 insertions(+), 8 deletions(-) create mode 100644 scripts/initialize/permissions/base/location_read.json create mode 100644 scripts/initialize/permissions/base/location_write.json diff --git a/pkg/auth/v3/auth.go b/pkg/auth/v3/auth.go index ea78c43..80236d2 100644 --- a/pkg/auth/v3/auth.go +++ b/pkg/auth/v3/auth.go @@ -53,12 +53,7 @@ func SetupAuthContext(auditLogger *zap.Logger) authContext { ) // Initialize database - dbUser := getEnvWithDefault("DB_USER", "admindbuser") - dbPassword := getEnvWithDefault("DB_PASSWORD", "admindbpassword") - dbAddr := getEnvWithDefault("DB_ADDR", "localhost:5432") - dbName := getEnvWithDefault("DB_NAME", "admindb") - dsn := fmt.Sprintf("postgres://%s:%s@%s/%s?sslmode=disable", dbUser, dbPassword, dbAddr, dbName) - sqldb := sql.OpenDB(pgdriver.NewConnector(pgdriver.WithDSN(dsn))) + sqldb := sql.OpenDB(pgdriver.NewConnector(pgdriver.WithDSN(getDSN()))) db = bun.NewDB(sqldb, pgdialect.New()) if v, ok := os.LookupEnv("KRATOS_ADDR"); ok { @@ -86,6 +81,18 @@ func SetupAuthContext(auditLogger *zap.Logger) authContext { return authContext{kc: kc, as: as, ks: service.NewApiKeyService(db, auditLogger)} } +func getDSN() string { + dsn := getEnvWithDefault("DSN", "") + if dsn == "" { + dbUser := getEnvWithDefault("DB_USER", "admindbuser") + dbPassword := getEnvWithDefault("DB_PASSWORD", "admindbpassword") + dbAddr := getEnvWithDefault("DB_ADDR", "localhost:5432") + dbName := getEnvWithDefault("DB_NAME", "admindb") + dsn = fmt.Sprintf("postgres://%s:%s@%s/%s?sslmode=disable", dbUser, dbPassword, dbAddr, dbName) + } + return dsn +} + func getEnvWithDefault(env, def string) string { val := os.Getenv(env) if val == "" { diff --git a/pkg/auth/v3/middleware.go b/pkg/auth/v3/middleware.go index 804f70b..bb41491 100644 --- a/pkg/auth/v3/middleware.go +++ b/pkg/auth/v3/middleware.go @@ -2,6 +2,7 @@ package authv3 import ( context "context" + "database/sql" "net/http" "regexp" "strings" @@ -10,6 +11,8 @@ import ( "github.com/RafayLabs/rcloud-base/pkg/common" commonpbv3 "github.com/RafayLabs/rcloud-base/proto/types/commonpb/v3" "github.com/uptrace/bun" + "github.com/uptrace/bun/dialect/pgdialect" + "github.com/uptrace/bun/driver/pgdriver" "github.com/urfave/negroni" "go.uber.org/zap" ) @@ -21,9 +24,12 @@ type authMiddleware struct { } func NewAuthMiddleware(al *zap.Logger, opt Option) negroni.Handler { + // Initialize database + sqldb := sql.OpenDB(pgdriver.NewConnector(pgdriver.WithDSN(getDSN()))) return &authMiddleware{ ac: SetupAuthContext(al), opt: opt, + db: bun.NewDB(sqldb, pgdialect.New()), } } diff --git a/pkg/service/kubectl_cluster_setting.go b/pkg/service/kubectl_cluster_setting.go index a3fc84a..46bcfc2 100644 --- a/pkg/service/kubectl_cluster_setting.go +++ b/pkg/service/kubectl_cluster_setting.go @@ -47,7 +47,7 @@ func (kcs *kubectlClusterSettingsService) Patch(ctx context.Context, kc *sentry. if err == sql.ErrNoRows { kcsdb := convertToKubeCtlSettingModel(kc) kcsdb.CreatedAt = time.Now() - dao.CreatekubectlClusterSettings(ctx, tx, kcsdb) + return dao.CreatekubectlClusterSettings(ctx, tx, kcsdb) } return err } diff --git a/scripts/initialize/permissions/base/location_read.json b/scripts/initialize/permissions/base/location_read.json new file mode 100644 index 0000000..7dd10ea --- /dev/null +++ b/scripts/initialize/permissions/base/location_read.json @@ -0,0 +1,16 @@ +{ + "name": "location.read", + "base_url": "/infra/v3/partner/:metadata.partner", + "resource_urls": [ + { + "url": "/location", + "methods": [ + "GET" + ] + } + ], + "resource_action_urls": [], + "description": "view locations.", + "authenticated": true, + "scope": "ORGANIZATION" + } \ No newline at end of file diff --git a/scripts/initialize/permissions/base/location_write.json b/scripts/initialize/permissions/base/location_write.json new file mode 100644 index 0000000..dea2380 --- /dev/null +++ b/scripts/initialize/permissions/base/location_write.json @@ -0,0 +1,23 @@ +{ + "name": "location.write", + "base_url": "/infra/v3/partner/:metadata.partner", + "description": "manage locations", + "resource_urls": [ + { + "url": "/location/:metadata.name", + "methods": [ + "PUT", + "DELETE" + ] + }, + { + "url": "/location", + "methods": [ + "POST" + ] + } + ], + "resource_action_urls": [], + "authenticated": true, + "scope": "ORGANIZATION" + } \ No newline at end of file diff --git a/scripts/initialize/roles/ztka/roles.json b/scripts/initialize/roles/ztka/roles.json index 372b7d1..8f84747 100644 --- a/scripts/initialize/roles/ztka/roles.json +++ b/scripts/initialize/roles/ztka/roles.json @@ -38,7 +38,9 @@ "organization.write", "cluster.read", "cluster.write", - "hub.openapi.explorer.read" + "hub.openapi.explorer.read", + "location.read", + "location.write" ], "ADMIN_READ_ONLY": [ "user.read",