feat: add secret store

ZEISS · Jul 16, 2024 · f43cff5 · f43cff5
1 parent 8bce608
commit f43cff5
Show file tree

Hide file tree

Showing 24 changed files with 512 additions and 134 deletions.
diff --git a/api/api.yml b/api/api.yml
@@ -1240,8 +1240,6 @@ components:
           type: string
         name:
           type: string
-        slug:
-          type: string
         description:
           type: string
         team:
@@ -1265,8 +1263,6 @@ components:
     ProjectCreate:
       type: object
       properties:
-        slug:
-          type: string
         name:
           type: string
         description:
@@ -1277,8 +1273,6 @@ components:
     ProjectUpdate:
       type: object
       properties:
-        slug:
-          type: string
         name:
           type: string
         description:
@@ -1293,8 +1287,6 @@ components:
           type: string
         name:
           type: string
-        slug:
-          type: string
         username:
           type: string
         isLocked:
@@ -1320,8 +1312,6 @@ components:
       properties:
         name:
           type: string
-        slug:
-          type: string
         username:
           type: string
         secret:
@@ -1332,8 +1322,6 @@ components:
       properties:
         name:
           type: string
-        slug:
-          type: string
         username:
           type: string
         secret:

diff --git a/cmd/root.go b/cmd/root.go
@@ -8,6 +8,7 @@ import (
 	"github.com/zeiss/knox/internal/adapters/handlers"
 	"github.com/zeiss/knox/internal/controllers"
 	openapi "github.com/zeiss/knox/pkg/apis"
+	"github.com/zeiss/knox/pkg/auth"
 	"github.com/zeiss/knox/pkg/cfg"
 	"github.com/zeiss/knox/pkg/utils"
 
@@ -18,7 +19,6 @@ import (
 	"github.com/kelseyhightower/envconfig"
 	middleware "github.com/oapi-codegen/fiber-middleware"
 	"github.com/spf13/cobra"
-	authz "github.com/zeiss/fiber-authz"
 	seed "github.com/zeiss/gorm-seed"
 	"gorm.io/driver/postgres"
 	"gorm.io/gorm"
@@ -100,17 +100,19 @@ func (s *WebSrv) Start(ctx context.Context, ready server.ReadyFunc, run server.R
 		app.Use(logger.New())
 
 		validatorOptions := &middleware.Options{}
-		validatorOptions.Options.AuthenticationFunc = authz.NewOpenAPIAuthenticator(authz.WithAuthzChecker(authz.NewFake(true)))
+		validatorOptions.Options.AuthenticationFunc = auth.NewAuthenticator(auth.WithBasicAuthenticator(auth.NewBasicAuthenticator(store)))
 		// validatorOptions.ErrorHandler = authz.NewOpenAPIErrorHandler()
 
 		app.Use(middleware.OapiRequestValidatorWithOptions(swagger, validatorOptions))
 
 		lc := controllers.NewLocksController(store)
 		sc := controllers.NewStateController(store)
-		pc := controllers.NewSnapshotController(store)
+		ssc := controllers.NewSnapshotController(store)
 		tc := controllers.NewTeamController(store)
+		pc := controllers.NewProjectController(store)
+		ec := controllers.NewEnvironmentController(store)
 
-		handlers := handlers.NewAPIHandlers(lc, sc, pc, tc)
+		handlers := handlers.NewAPIHandlers(lc, sc, ssc, tc, pc, ec)
 		handler := openapi.NewStrictHandler(handlers, nil)
 		openapi.RegisterHandlers(app, handler)
 

diff --git a/examples/.terraform.lock.hcl b/examples/.terraform.lock.hcl
diff --git a/examples/main.tf b/examples/main.tf
@@ -1,8 +1,10 @@
 terraform {
   backend "http" {
-    address        = "http://localhost:8080/client/zeiss/demo/dev/state"
-    lock_address   = "http://localhost:8080/client/zeiss/demo/dev/lock"
-    unlock_address = "http://localhost:8080/client/zeiss/demo/dev/unlock"
+    username       = "super"
+    password       = "secret"
+    address        = "http://localhost:8084/client/zeiss/demo/dev/state"
+    lock_address   = "http://localhost:8084/client/zeiss/demo/dev/lock"
+    unlock_address = "http://localhost:8084/client/zeiss/demo/dev/unlock"
     lock_method    = "POST"
     unlock_method  = "POST"
   }
@@ -17,5 +19,5 @@ terraform {
 
 resource "local_file" "foo" {
   content  = "foo!"
-  filename = "${path.module}/foo.bar"
+  filename = "${path.module}/foo2.bar"
 }
diff --git a/examples/tmp/build-errors.log b/examples/tmp/build-errors.log
diff --git a/go.mod b/go.mod
@@ -16,6 +16,7 @@ require (
 	github.com/spf13/pflag v1.0.5
 	github.com/zeiss/fiber-authz v1.0.31
 	github.com/zeiss/fiber-goth v1.2.8
+	github.com/zeiss/fiber-htmx v1.3.19
 	github.com/zeiss/gorm-seed v0.1.2
 	golang.org/x/mod v0.19.0
 	gorm.io/datatypes v1.2.1
@@ -75,11 +76,15 @@ require (
 	github.com/firefart/nonamedreturns v1.0.5 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/fzipp/gocyclo v0.6.0 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
 	github.com/ghodss/yaml v1.0.0 // indirect
 	github.com/ghostiam/protogetter v0.3.6 // indirect
 	github.com/go-critic/go-critic v0.11.4 // indirect
 	github.com/go-openapi/jsonpointer v0.21.0 // indirect
 	github.com/go-openapi/swag v0.23.0 // indirect
+	github.com/go-playground/locales v0.14.1 // indirect
+	github.com/go-playground/universal-translator v0.18.1 // indirect
+	github.com/go-playground/validator/v10 v10.22.0 // indirect
 	github.com/go-sql-driver/mysql v1.8.1 // indirect
 	github.com/go-toolsmith/astcast v1.1.0 // indirect
 	github.com/go-toolsmith/astcopy v1.1.0 // indirect
@@ -135,6 +140,7 @@ require (
 	github.com/lasiar/canonicalheader v1.1.1 // indirect
 	github.com/ldez/gomoddirectives v0.2.4 // indirect
 	github.com/ldez/tagliatelle v0.5.0 // indirect
+	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/leonklingele/grouper v1.1.2 // indirect
 	github.com/lestrrat-go/backoff/v2 v2.0.8 // indirect
 	github.com/lestrrat-go/blackmagic v1.0.2 // indirect
@@ -228,6 +234,7 @@ require (
 	golang.org/x/crypto v0.24.0 // indirect
 	golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect
 	golang.org/x/exp/typeparams v0.0.0-20240314144324-c7f7c6466f7f // indirect
+	golang.org/x/net v0.26.0 // indirect
 	golang.org/x/sync v0.7.0 // indirect
 	golang.org/x/sys v0.21.0 // indirect
 	golang.org/x/text v0.16.0 // indirect

diff --git a/go.sum b/go.sum
@@ -108,6 +108,8 @@ github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nos
 github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
 github.com/fzipp/gocyclo v0.6.0 h1:lsblElZG7d3ALtGMx9fmxeTKZaLLpU8mET09yN4BBLo=
 github.com/fzipp/gocyclo v0.6.0/go.mod h1:rXPyn8fnlpa0R2csP/31uerbiVBugk5whMdlyaLkLoA=
+github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0=
+github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk=
 github.com/getkin/kin-openapi v0.126.0 h1:c2cSgLnAsS0xYfKsgt5oBV6MYRM/giU8/RtwUY4wyfY=
 github.com/getkin/kin-openapi v0.126.0/go.mod h1:7mONz8IwmSRg6RttPu6v8U/OJ+gr+J99qSFNjPGSQqw=
 github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
@@ -122,6 +124,14 @@ github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1
 github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY=
 github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE=
 github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
+github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
+github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
+github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
+github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
+github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
+github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
+github.com/go-playground/validator/v10 v10.22.0 h1:k6HsTZ0sTnROkhS//R0O+55JgM8C4Bx7ia+JlgcnOao=
+github.com/go-playground/validator/v10 v10.22.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
 github.com/go-sql-driver/mysql v1.7.0/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
 github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y=
 github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg=
@@ -278,6 +288,8 @@ github.com/ldez/gomoddirectives v0.2.4 h1:j3YjBIjEBbqZ0NKtBNzr8rtMHTOrLPeiwTkfUJ
 github.com/ldez/gomoddirectives v0.2.4/go.mod h1:oWu9i62VcQDYp9EQ0ONTfqLNh+mDLWWDO+SO0qSQw5g=
 github.com/ldez/tagliatelle v0.5.0 h1:epgfuYt9v0CG3fms0pEgIMNPuFf/LpPIfjk4kyqSioo=
 github.com/ldez/tagliatelle v0.5.0/go.mod h1:rj1HmWiL1MiKQuOONhd09iySTEkUuE/8+5jtPYz9xa4=
+github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
+github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
 github.com/leonklingele/grouper v1.1.2 h1:o1ARBDLOmmasUaNDesWqWCIFH3u7hoFlM84YrjT3mIY=
 github.com/leonklingele/grouper v1.1.2/go.mod h1:6D0M/HVkhs2yRKRFZUoGjeDy7EZTfFBE9gl4kjmIGkA=
 github.com/lestrrat-go/backoff/v2 v2.0.8 h1:oNb5E5isby2kiro9AgdHLv5N5tint1AnDVVf2E2un5A=
@@ -511,6 +523,8 @@ github.com/zeiss/fiber-authz v1.0.31 h1:tcD9zkKHZNSVN6BYgKJ2cYwpbfT5p1+FyKqX1fx+
 github.com/zeiss/fiber-authz v1.0.31/go.mod h1:kpmrBtJ23crBOwT7u0LwwnNywmDYhV4ez6L6oDCWkPA=
 github.com/zeiss/fiber-goth v1.2.8 h1:8QoksnNLWD/3BbeCus5LS4eT1+YkDjz85bqYEL8A5iE=
 github.com/zeiss/fiber-goth v1.2.8/go.mod h1:tYxywhiORkOUB2gRktCAgwz9i0Y+CTgBEwnQ3QZsAxU=
+github.com/zeiss/fiber-htmx v1.3.19 h1:xVzCleG/OxGttJSr7CgC1yA4miV9NFxfDxx7TuUVC2A=
+github.com/zeiss/fiber-htmx v1.3.19/go.mod h1:XHXcSDVhVKCmnFzgahOfrJkgUiimXGvrARFe0ucmT9E=
 github.com/zeiss/gorm-seed v0.1.2 h1:XksLz/IXC1ejUgbl5dHC2/vQAqD2LNZMhZMz2w+E7fY=
 github.com/zeiss/gorm-seed v0.1.2/go.mod h1:Tli6ekFpRjtQY8S6VoNiLgRnX1DVEvHJkf+UI85kV+E=
 gitlab.com/bosi/decorder v0.4.2 h1:qbQaV3zgwnBZ4zPMhGLW4KZe7A7NwxEhJx39R3shffo=

diff --git a/internal/adapters/database/db.go b/internal/adapters/database/db.go
@@ -3,7 +3,9 @@ package database
 import (
 	"context"
 	"errors"
+	"fmt"
 
+	"github.com/zeiss/fiber-htmx/components/tables"
 	"github.com/zeiss/knox/internal/models"
 	"github.com/zeiss/knox/internal/ports"
 
@@ -50,6 +52,32 @@ func (r *readTxImpl) GetState(ctx context.Context, state *models.State) error {
 	return r.conn.Where(state).Last(state).Error
 }
 
+// ListProjects ...
+func (r *readTxImpl) ListProjects(ctx context.Context, slug string, results *tables.Results[models.Project]) error {
+	return r.conn.Scopes(tables.PaginatedResults(&results.Rows, results, r.conn)).
+		Where("team_id = (?)", r.conn.Model(&adapters.GothTeam{}).Where("slug = ?", slug).Select("id")).
+		Find(&results.Rows).Error
+}
+
+// AuthenticateClient ...
+func (r *readTxImpl) AuthenticateClient(ctx context.Context, teamId, projectId, environmentId, username, password string) error {
+	environment := models.Environment{
+		Name:     environmentId,
+		Username: username,
+	}
+
+	err := r.conn.Debug().
+		Model(&models.Environment{}).
+		Where("project_id = (?)", r.conn.Model(&models.Project{}).Where("name = ?", projectId).Where("team_id = (?)", r.conn.Model(&adapters.GothTeam{}).Where("slug = ?", teamId).Select("id")).Select("id")).
+		Where(&environment).
+		First(&environment).Error
+	if err != nil {
+		return err
+	}
+
+	return environment.ComparePassword(password)
+}
+
 type writeTxImpl struct {
 	conn *gorm.DB
 	readTxImpl
@@ -94,6 +122,8 @@ func (rw *writeTxImpl) UpdateState(ctx context.Context, state *models.State) err
 		state.Version = latest.Version + 1
 	}
 
+	fmt.Println(state.Version)
+
 	if latest.Version > 0 {
 		err := rw.conn.Delete(&latest).Error
 		if err != nil {
@@ -123,3 +153,8 @@ func (rw *writeTxImpl) CreateTeam(ctx context.Context, team *adapters.GothTeam)
 func (rw *writeTxImpl) DeleteTeam(ctx context.Context, team *adapters.GothTeam) error {
 	return rw.conn.Delete(team).Error
 }
+
+// CreateEnvironment creates a new environment.
+func (rw *writeTxImpl) CreateEnvironment(ctx context.Context, environment *models.Environment) error {
+	return rw.conn.Create(environment).Error
+}
diff --git a/internal/adapters/handlers/api.go b/internal/adapters/handlers/api.go
@@ -14,15 +14,17 @@ import (
 var _ openapi.StrictServerInterface = (*apiHandlers)(nil)
 
 type apiHandlers struct {
-	locks     controllers.LocksController
-	state     controllers.StateController
-	snapshots controllers.SnapshotController
-	team      controllers.TeamController
+	locks       controllers.LocksController
+	state       controllers.StateController
+	snapshots   controllers.SnapshotController
+	team        controllers.TeamController
+	project     controllers.ProjectController
+	environment controllers.EnvironmentController
 }
 
 // NewAPIHandlers returns a new instance of APIHandlers.
-func NewAPIHandlers(locks controllers.LocksController, state controllers.StateController, snapshots controllers.SnapshotController, team controllers.TeamController) *apiHandlers {
-	return &apiHandlers{locks, state, snapshots, team}
+func NewAPIHandlers(locks controllers.LocksController, state controllers.StateController, snapshots controllers.SnapshotController, team controllers.TeamController, project controllers.ProjectController, environment controllers.EnvironmentController) *apiHandlers {
+	return &apiHandlers{locks, state, snapshots, team, project, environment}
 }
 
 // Get system health status
@@ -40,13 +42,27 @@ func (h *apiHandlers) GetReady(ctx context.Context, request openapi.GetReadyRequ
 // Get a list of projects
 // (GET /project)
 func (h *apiHandlers) GetProjects(ctx context.Context, request openapi.GetProjectsRequestObject) (openapi.GetProjectsResponseObject, error) {
-	return nil, nil
+	query := dto.FromGetProjectsRequestObject(request)
+
+	results, err := h.project.ListProjects(ctx, query)
+	if err != nil {
+		return nil, fiber.NewError(fiber.StatusInternalServerError, err.Error())
+	}
+
+	return dto.ToGetProjectsResponseObject(results), nil
 }
 
 // Create a new project
 // (POST /project)
 func (h *apiHandlers) CreateProject(ctx context.Context, request openapi.CreateProjectRequestObject) (openapi.CreateProjectResponseObject, error) {
-	return nil, nil
+	cmd := dto.FromCreateProjectRequestObject(request)
+
+	err := h.project.CreateProject(ctx, cmd)
+	if err != nil {
+		return nil, fiber.NewError(fiber.StatusInternalServerError, err.Error())
+	}
+
+	return dto.ToCreateProjectResponseObject(), nil
 }
 
 // Delete a project
@@ -76,7 +92,14 @@ func (h *apiHandlers) GetEnvironments(ctx context.Context, request openapi.GetEn
 // Create a new environment
 // (POST /project/{projectId}/environment)
 func (h *apiHandlers) CreateEnvironment(ctx context.Context, request openapi.CreateEnvironmentRequestObject) (openapi.CreateEnvironmentResponseObject, error) {
-	return nil, nil
+	cmd := dto.FromCreateEnvironmentRequestObject(request)
+
+	err := h.environment.CreateEnvironment(ctx, cmd)
+	if err != nil {
+		return nil, fiber.NewError(fiber.StatusInternalServerError, err.Error())
+	}
+
+	return dto.ToCreateEnvironmentResponseObject(), nil
 }
 
 // Delete an environment