github/drone
5
0
Fork 0
mirror of https://github.com/harness/drone.git synced 2025-05-06 04:50:38 +08:00
Code Issues Packages Projects Releases Wiki Activity
ad619c7e3c
drone/internal/api/controller/service/create.go
Johannes Batzill 3ba0f75c8d Introduce UIDs for Space / Repo / Tokens, Add Custom Harness Validation, ... (#57) 
This change adds the following:
- Space UID + Custom harness validation (accountId for top level space, harness identifier for child spaces)
- Repo UID + Custom harness validation (harness identifier)
- Store Unique casing of space / repo path and add Path.ValueUnique (with Unique index) to allow for application layer controlling the case sensitivity (case insensitive standalone vs partially case sensitive harness)
- Token UID (unique index over ownertype + ownerID + tokenUID)
- Add DisplayName for principals (replaces Name to avoid confustion)
- Store Unique casing of principal UID and add Principal.ValueUnique (with unique index) to allow for application layer, per principal type control of case sensitivity (required in embedded mode)
- Generate serviceAccount UID (+Email) Randomly (sa-{space|repo}-{ID}-{random}) - Allows to have a unique UID across all principals while reducing likelyhood of overlaps with users + avoid overlap across spaces / repos.
- Sync casing of space names (accountId orgId projectId) when creating spaces on the fly (to ensure case sensitivity of - harness code) or use the existing space to update casing.
- Update serviceaccount client to match updated NG Manager API
- in embedded mode create spaces for harness resources owning the service account
2022-11-06 23:14:47 -08:00

70 lines
1.9 KiB
Go
Raw Blame History

// Copyright 2022 Harness Inc. All rights reserved.
// Use of this source code is governed by the Polyform Free Trial License
// that can be found in the LICENSE.md file for this repository.
package service
import (
"context"
"time"
"github.com/dchest/uniuri"
apiauth "github.com/harness/gitness/internal/api/auth"
"github.com/harness/gitness/internal/auth"
"github.com/harness/gitness/types"
"github.com/harness/gitness/types/enum"
)
// CreateInput is the input used for create operations.
type CreateInput struct {
UID string `json:"uid"`
Email string `json:"email"`
DisplayName string `json:"displayName"`
}
/*
* Create creates a new service.
*/
func (c *Controller) Create(ctx context.Context, session *auth.Session, in *CreateInput) (*types.Service, error) {
// Ensure principal has required permissions (service is global, no explicit resource)
scope := &types.Scope{}
resource := &types.Resource{
Type: enum.ResourceTypeService,
}
if err := apiauth.Check(ctx, c.authorizer, session, scope, resource, enum.PermissionServiceCreate); err != nil {
return nil, err
}
return c.CreateNoAuth(ctx, in, false)
}
/*
* CreateNoAuth creates a new service without auth checks.
* WARNING: Never call as part of user flow.
*
* Note: take admin separately to avoid potential vulnerabilities for user calls.
*/
func (c *Controller) CreateNoAuth(ctx context.Context, in *CreateInput, admin bool) (*types.Service, error) {
svc := &types.Service{
UID: in.UID,
Email: in.Email,
DisplayName: in.DisplayName,
Admin: admin,
Salt: uniuri.NewLen(uniuri.UUIDLen),
Created: time.Now().UnixMilli(),
Updated: time.Now().UnixMilli(),
}
// validate service
if err := c.serviceCheck(svc); err != nil {
return nil, err
}
err := c.serviceStore.Create(ctx, svc)
if err != nil {
return nil, err
}
return svc, nil
}
Reference in New Issue View Git Blame Copy Permalink