mirror of https://github.com/portainer/portainer
78 lines
3.1 KiB
Go
78 lines
3.1 KiB
Go
package kubernetes
|
|
|
|
import (
|
|
"errors"
|
|
"github.com/portainer/portainer/api/kubernetes"
|
|
"net/http"
|
|
|
|
"github.com/gorilla/mux"
|
|
httperror "github.com/portainer/libhttp/error"
|
|
"github.com/portainer/portainer/api/dataservices"
|
|
"github.com/portainer/portainer/api/http/middlewares"
|
|
"github.com/portainer/portainer/api/http/security"
|
|
"github.com/portainer/portainer/api/internal/authorization"
|
|
"github.com/portainer/portainer/api/internal/endpointutils"
|
|
"github.com/portainer/portainer/api/kubernetes/cli"
|
|
)
|
|
|
|
// Handler is the HTTP handler which will natively deal with to external environments(endpoints).
|
|
type Handler struct {
|
|
*mux.Router
|
|
authorizationService *authorization.Service
|
|
dataStore dataservices.DataStore
|
|
jwtService dataservices.JWTService
|
|
kubernetesClientFactory *cli.ClientFactory
|
|
kubeClusterAccessService kubernetes.KubeClusterAccessService
|
|
}
|
|
|
|
// NewHandler creates a handler to process pre-proxied requests to external APIs.
|
|
func NewHandler(bouncer *security.RequestBouncer, authorizationService *authorization.Service, dataStore dataservices.DataStore, jwtService dataservices.JWTService, kubeClusterAccessService kubernetes.KubeClusterAccessService, kubernetesClientFactory *cli.ClientFactory) *Handler {
|
|
h := &Handler{
|
|
Router: mux.NewRouter(),
|
|
authorizationService: authorizationService,
|
|
dataStore: dataStore,
|
|
jwtService: jwtService,
|
|
kubeClusterAccessService: kubeClusterAccessService,
|
|
kubernetesClientFactory: kubernetesClientFactory,
|
|
}
|
|
|
|
kubeRouter := h.PathPrefix("/kubernetes").Subrouter()
|
|
kubeRouter.Use(bouncer.AuthenticatedAccess)
|
|
kubeRouter.PathPrefix("/config").Handler(
|
|
bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.getKubernetesConfig))).Methods(http.MethodGet)
|
|
|
|
// endpoints
|
|
endpointRouter := kubeRouter.PathPrefix("/{id}").Subrouter()
|
|
endpointRouter.Use(middlewares.WithEndpoint(dataStore.Endpoint(), "id"))
|
|
endpointRouter.Use(kubeOnlyMiddleware)
|
|
|
|
endpointRouter.PathPrefix("/nodes_limits").Handler(
|
|
bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.getKubernetesNodesLimits))).Methods(http.MethodGet)
|
|
|
|
// namespaces
|
|
// in the future this piece of code might be in another package (or a few different packages - namespaces/namespace?)
|
|
// to keep it simple, we've decided to leave it like this.
|
|
namespaceRouter := endpointRouter.PathPrefix("/namespaces/{namespace}").Subrouter()
|
|
namespaceRouter.Handle("/system", bouncer.RestrictedAccess(httperror.LoggerHandler(h.namespacesToggleSystem))).Methods(http.MethodPut)
|
|
|
|
return h
|
|
}
|
|
|
|
func kubeOnlyMiddleware(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(rw http.ResponseWriter, request *http.Request) {
|
|
endpoint, err := middlewares.FetchEndpoint(request)
|
|
if err != nil {
|
|
httperror.WriteError(rw, http.StatusInternalServerError, "Unable to find an environment on request context", err)
|
|
return
|
|
}
|
|
|
|
if !endpointutils.IsKubernetesEndpoint(endpoint) {
|
|
errMessage := "Environment is not a kubernetes environment"
|
|
httperror.WriteError(rw, http.StatusBadRequest, errMessage, errors.New(errMessage))
|
|
return
|
|
}
|
|
|
|
next.ServeHTTP(rw, request)
|
|
})
|
|
}
|