github/drone
5
0
Fork 0
mirror of https://github.com/harness/drone.git synced 2025-05-05 20:11:36 +08:00
Code Issues Packages Projects Releases Wiki Activity
4668e94027
drone/internal/api/handler/serviceaccount/create.go
Johannes Batzill 4668e94027 [Harness] Adding JWT/PAT/SAT Support, Harness Clients, Inline User/ServiceAccount Creation, harness Build flag, ... (#22) 
This change adds the initial stepping stones for harness integration:
- Authentication: JWT/PAT/SAT support
- Authorization: ACL integration (acl currently denies requests as gitness hasn't been integrated yet)
- Remote Clients for Token, User, ServiceAccount, ACL
- User Integration: Syncs harness users during authentication if unknown
- SA integration: syncs harness service accounts during authentication if unknown
- Initial harness API: THIS WILL BE CHANGED IN THE FUTURE!
- single harness subpackage (all marked with harness build flag)
- harness & standalone wire + make build commands
2022-09-30 16:22:12 -07:00

73 lines
2.0 KiB
Go
Raw Blame History

// Copyright 2021 Harness Inc. All rights reserved.
// Use of this source code is governed by the Polyform Free Trial License
// that can be found in the LICENSE.md file for this repository.
package serviceaccount
import (
"encoding/json"
"net/http"
"time"
"github.com/dchest/uniuri"
"github.com/harness/gitness/internal/api/guard"
"github.com/harness/gitness/internal/api/handler/common"
"github.com/harness/gitness/internal/api/render"
"github.com/harness/gitness/internal/store"
"github.com/harness/gitness/types"
"github.com/harness/gitness/types/check"
"github.com/harness/gitness/types/enum"
"github.com/rs/zerolog/hlog"
)
/*
* Creates a new service account and writes json-encoded service account to the http response body.
*/
func HandleCreate(guard *guard.Guard, saStore store.ServiceAccountStore) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
log := hlog.FromRequest(r)
in := new(common.CreateServiceAccountRequest)
err := json.NewDecoder(r.Body).Decode(in)
if err != nil {
render.BadRequestf(w, "Invalid request body: %s.", err)
return
}
sa := &types.ServiceAccount{
UID: in.UID,
Name: in.Name,
Salt: uniuri.NewLen(uniuri.UUIDLen),
Created: time.Now().UnixMilli(),
Updated: time.Now().UnixMilli(),
ParentType: in.ParentType,
ParentID: in.ParentID,
}
// validate service account
if err = check.ServiceAccount(sa); err != nil {
render.UserfiedErrorOrInternal(w, err)
return
}
// Ensure principal has required permissions on parent (ensures that parent exists)
if !guard.EnforceInParentScope(w, r,
&types.Resource{Type: enum.ResourceTypeServiceAccount, Name: ""},
enum.PermissionServiceAccountCreate, sa.ParentType, sa.ParentID) {
return
}
// TODO: Racing condition with parent (space/repo) being deleted!
err = saStore.Create(ctx, sa)
if err != nil {
log.Error().Err(err).Msg("Failed to create service account.")
render.UserfiedErrorOrInternal(w, err)
return
}
render.JSON(w, http.StatusOK, sa)
}
}
Reference in New Issue View Git Blame Copy Permalink