Net-2707/list resource endpoint (#18444)

feat: list resources endpoint
This commit is contained in:
Poonam Jadhav 2023-08-15 09:11:50 -04:00 committed by GitHub
parent cda884ac81
commit f88d4fe28f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 249 additions and 21 deletions

View File

@ -23,6 +23,11 @@ import (
"github.com/hashicorp/consul/proto-public/pbresource" "github.com/hashicorp/consul/proto-public/pbresource"
) )
const (
HeaderConsulToken = "x-consul-token"
HeaderConsistencyMode = "x-consul-consistency-mode"
)
func NewHandler( func NewHandler(
client pbresource.ResourceServiceClient, client pbresource.ResourceServiceClient,
registry resource.Registry, registry resource.Registry,
@ -30,8 +35,12 @@ func NewHandler(
logger hclog.Logger) http.Handler { logger hclog.Logger) http.Handler {
mux := http.NewServeMux() mux := http.NewServeMux()
for _, t := range registry.Types() { for _, t := range registry.Types() {
// Individual Resource Endpoints. // List Endpoint
prefix := strings.ToLower(fmt.Sprintf("/%s/%s/%s/", t.Type.Group, t.Type.GroupVersion, t.Type.Kind)) base := strings.ToLower(fmt.Sprintf("/%s/%s/%s", t.Type.Group, t.Type.GroupVersion, t.Type.Kind))
mux.Handle(base, http.StripPrefix(base, &listHandler{t, client, parseToken, logger}))
// Individual Resource Endpoints
prefix := strings.ToLower(fmt.Sprintf("%s/", base))
logger.Info("Registered resource endpoint", "endpoint", prefix) logger.Info("Registered resource endpoint", "endpoint", prefix)
mux.Handle(prefix, http.StripPrefix(prefix, &resourceHandler{t, client, parseToken, logger})) mux.Handle(prefix, http.StripPrefix(prefix, &resourceHandler{t, client, parseToken, logger}))
} }
@ -55,7 +64,7 @@ type resourceHandler struct {
func (h *resourceHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { func (h *resourceHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
var token string var token string
h.parseToken(r, &token) h.parseToken(r, &token)
ctx := metadata.AppendToOutgoingContext(r.Context(), "x-consul-token", token) ctx := metadata.AppendToOutgoingContext(r.Context(), HeaderConsulToken, token)
switch r.Method { switch r.Method {
case http.MethodPut: case http.MethodPut:
h.handleWrite(w, r, ctx) h.handleWrite(w, r, ctx)
@ -106,7 +115,7 @@ func (h *resourceHandler) handleWrite(w http.ResponseWriter, r *http.Request, ct
}, },
}) })
if err != nil { if err != nil {
handleResponseError(err, w, h) handleResponseError(err, w, h.logger)
return return
} }
@ -133,7 +142,7 @@ func (h *resourceHandler) handleRead(w http.ResponseWriter, r *http.Request, ctx
}, },
}) })
if err != nil { if err != nil {
handleResponseError(err, w, h) handleResponseError(err, w, h.logger)
return return
} }
@ -158,7 +167,7 @@ func (h *resourceHandler) handleDelete(w http.ResponseWriter, r *http.Request, c
Version: params["version"], Version: params["version"],
}) })
if err != nil { if err != nil {
handleResponseError(err, w, h) handleResponseError(err, w, h.logger)
return return
} }
w.WriteHeader(http.StatusNoContent) w.WriteHeader(http.StatusNoContent)
@ -181,11 +190,12 @@ func parseParams(r *http.Request) (tenancy *pbresource.Tenancy, params map[strin
params = make(map[string]string) params = make(map[string]string)
params["resourceName"] = resourceName params["resourceName"] = resourceName
params["version"] = query.Get("version") params["version"] = query.Get("version")
params["namePrefix"] = query.Get("name_prefix")
if _, ok := query["consistent"]; ok { if _, ok := query["consistent"]; ok {
params["consistent"] = "true" params["consistent"] = "true"
} }
return return tenancy, params
} }
func jsonMarshal(res *pbresource.Resource) ([]byte, error) { func jsonMarshal(res *pbresource.Resource) ([]byte, error) {
@ -203,28 +213,82 @@ func jsonMarshal(res *pbresource.Resource) ([]byte, error) {
return json.MarshalIndent(stuff, "", " ") return json.MarshalIndent(stuff, "", " ")
} }
func handleResponseError(err error, w http.ResponseWriter, h *resourceHandler) { func handleResponseError(err error, w http.ResponseWriter, logger hclog.Logger) {
if e, ok := status.FromError(err); ok { if e, ok := status.FromError(err); ok {
switch e.Code() { switch e.Code() {
case codes.InvalidArgument: case codes.InvalidArgument:
w.WriteHeader(http.StatusBadRequest) w.WriteHeader(http.StatusBadRequest)
h.logger.Info("User has mal-formed request", "error", err) logger.Info("User has mal-formed request", "error", err)
case codes.NotFound: case codes.NotFound:
w.WriteHeader(http.StatusNotFound) w.WriteHeader(http.StatusNotFound)
h.logger.Info("Received error from resource service: Not found", "error", err) logger.Info("Received error from resource service: Not found", "error", err)
case codes.PermissionDenied: case codes.PermissionDenied:
w.WriteHeader(http.StatusForbidden) w.WriteHeader(http.StatusForbidden)
h.logger.Info("Received error from resource service: User not authenticated", "error", err) logger.Info("Received error from resource service: User not authenticated", "error", err)
case codes.Aborted: case codes.Aborted:
w.WriteHeader(http.StatusConflict) w.WriteHeader(http.StatusConflict)
h.logger.Info("Received error from resource service: the request conflict with the current state of the target resource", "error", err) logger.Info("Received error from resource service: the request conflict with the current state of the target resource", "error", err)
default: default:
w.WriteHeader(http.StatusInternalServerError) w.WriteHeader(http.StatusInternalServerError)
h.logger.Error("Received error from resource service", "error", err) logger.Error("Received error from resource service", "error", err)
} }
} else { } else {
w.WriteHeader(http.StatusInternalServerError) w.WriteHeader(http.StatusInternalServerError)
h.logger.Error("Received error from resource service: not able to parse error returned", "error", err) logger.Error("Received error from resource service: not able to parse error returned", "error", err)
} }
w.Write([]byte(err.Error())) w.Write([]byte(err.Error()))
} }
type listHandler struct {
reg resource.Registration
client pbresource.ResourceServiceClient
parseToken func(req *http.Request, token *string)
logger hclog.Logger
}
func (h *listHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
if r.Method != http.MethodGet {
w.WriteHeader(http.StatusMethodNotAllowed)
return
}
var token string
h.parseToken(r, &token)
ctx := metadata.AppendToOutgoingContext(r.Context(), HeaderConsulToken, token)
tenancyInfo, params := parseParams(r)
if params["consistent"] == "true" {
ctx = metadata.AppendToOutgoingContext(ctx, HeaderConsistencyMode, "consistent")
}
rsp, err := h.client.List(ctx, &pbresource.ListRequest{
Type: h.reg.Type,
Tenancy: tenancyInfo,
NamePrefix: params["namePrefix"],
})
if err != nil {
handleResponseError(err, w, h.logger)
return
}
output := make([]json.RawMessage, len(rsp.Resources))
for idx, res := range rsp.Resources {
b, err := jsonMarshal(res)
if err != nil {
w.WriteHeader(http.StatusInternalServerError)
h.logger.Error("Failed to unmarshal GRPC resource response", "error", err)
return
}
output[idx] = b
}
b, err := json.MarshalIndent(struct {
Resources []json.RawMessage `json:"resources"`
}{output}, "", " ")
if err != nil {
w.WriteHeader(http.StatusInternalServerError)
h.logger.Error("Failed to correctly format the list response", "error", err)
return
}
w.Write(b)
}

View File

@ -5,6 +5,7 @@ package http
import ( import (
"encoding/json" "encoding/json"
"fmt"
"net/http" "net/http"
"net/http/httptest" "net/http/httptest"
"strings" "strings"
@ -27,6 +28,7 @@ import (
const testACLTokenArtistReadPolicy = "00000000-0000-0000-0000-000000000001" const testACLTokenArtistReadPolicy = "00000000-0000-0000-0000-000000000001"
const testACLTokenArtistWritePolicy = "00000000-0000-0000-0000-000000000002" const testACLTokenArtistWritePolicy = "00000000-0000-0000-0000-000000000002"
const testACLTokenArtistListPolicy = "00000000-0000-0000-0000-000000000003"
const fakeToken = "fake-token" const fakeToken = "fake-token"
func parseToken(req *http.Request, token *string) { func parseToken(req *http.Request, token *string) {
@ -276,15 +278,27 @@ func TestResourceWriteHandler(t *testing.T) {
}) })
} }
func createResource(t *testing.T, artistHandler http.Handler) map[string]any { type ResourceUri struct {
group string
version string
kind string
resourceName string
}
func createResource(t *testing.T, artistHandler http.Handler, resourceUri *ResourceUri) map[string]any {
rsp := httptest.NewRecorder() rsp := httptest.NewRecorder()
req := httptest.NewRequest("PUT", "/demo/v2/artist/keith-urban?partition=default&peer_name=local&namespace=default", strings.NewReader(`
if resourceUri == nil {
resourceUri = &ResourceUri{group: "demo", version: "v2", kind: "artist", resourceName: "keith-urban"}
}
req := httptest.NewRequest("PUT", fmt.Sprintf("/%s/%s/%s/%s?partition=default&peer_name=local&namespace=default", resourceUri.group, resourceUri.version, resourceUri.kind, resourceUri.resourceName), strings.NewReader(`
{ {
"metadata": { "metadata": {
"foo": "bar" "foo": "bar"
}, },
"data": { "data": {
"name": "Keith Urban", "name": "test",
"genre": "GENRE_COUNTRY" "genre": "GENRE_COUNTRY"
} }
} }
@ -300,6 +314,21 @@ func createResource(t *testing.T, artistHandler http.Handler) map[string]any {
return result return result
} }
func deleteResource(t *testing.T, artistHandler http.Handler, resourceUri *ResourceUri) {
rsp := httptest.NewRecorder()
if resourceUri == nil {
resourceUri = &ResourceUri{group: "demo", version: "v2", kind: "artist", resourceName: "keith-urban"}
}
req := httptest.NewRequest("DELETE", fmt.Sprintf("/%s/%s/%s/%s?partition=default&peer_name=local&namespace=default", resourceUri.group, resourceUri.version, resourceUri.kind, resourceUri.resourceName), strings.NewReader(""))
req.Header.Add("x-consul-token", testACLTokenArtistWritePolicy)
artistHandler.ServeHTTP(rsp, req)
require.Equal(t, http.StatusNoContent, rsp.Result().StatusCode)
}
func TestResourceReadHandler(t *testing.T) { func TestResourceReadHandler(t *testing.T) {
aclResolver := &resourceSvc.MockACLResolver{} aclResolver := &resourceSvc.MockACLResolver{}
aclResolver.On("ResolveTokenAndDefaultMeta", testACLTokenArtistReadPolicy, mock.Anything, mock.Anything). aclResolver.On("ResolveTokenAndDefaultMeta", testACLTokenArtistReadPolicy, mock.Anything, mock.Anything).
@ -315,7 +344,7 @@ func TestResourceReadHandler(t *testing.T) {
demo.RegisterTypes(r) demo.RegisterTypes(r)
handler := NewHandler(client, r, parseToken, hclog.NewNullLogger()) handler := NewHandler(client, r, parseToken, hclog.NewNullLogger())
createdResource := createResource(t, handler) createdResource := createResource(t, handler, nil)
t.Run("Read resource", func(t *testing.T) { t.Run("Read resource", func(t *testing.T) {
rsp := httptest.NewRecorder() rsp := httptest.NewRecorder()
@ -370,7 +399,7 @@ func TestResourceDeleteHandler(t *testing.T) {
handler := NewHandler(client, r, parseToken, hclog.NewNullLogger()) handler := NewHandler(client, r, parseToken, hclog.NewNullLogger())
t.Run("should surface PermissionDenied error from resource service", func(t *testing.T) { t.Run("should surface PermissionDenied error from resource service", func(t *testing.T) {
createResource(t, handler) createResource(t, handler, nil)
deleteRsp := httptest.NewRecorder() deleteRsp := httptest.NewRecorder()
deletReq := httptest.NewRequest("DELETE", "/demo/v2/artist/keith-urban?partition=default&peer_name=local&namespace=default", strings.NewReader("")) deletReq := httptest.NewRequest("DELETE", "/demo/v2/artist/keith-urban?partition=default&peer_name=local&namespace=default", strings.NewReader(""))
@ -383,7 +412,7 @@ func TestResourceDeleteHandler(t *testing.T) {
}) })
t.Run("should delete a resource without version", func(t *testing.T) { t.Run("should delete a resource without version", func(t *testing.T) {
createResource(t, handler) createResource(t, handler, nil)
deleteRsp := httptest.NewRecorder() deleteRsp := httptest.NewRecorder()
deletReq := httptest.NewRequest("DELETE", "/demo/v2/artist/keith-urban?partition=default&peer_name=local&namespace=default", strings.NewReader("")) deletReq := httptest.NewRequest("DELETE", "/demo/v2/artist/keith-urban?partition=default&peer_name=local&namespace=default", strings.NewReader(""))
@ -409,12 +438,13 @@ func TestResourceDeleteHandler(t *testing.T) {
}) })
t.Run("should delete a resource with version", func(t *testing.T) { t.Run("should delete a resource with version", func(t *testing.T) {
createResource(t, handler) createResource(t, handler, nil)
rsp := httptest.NewRecorder() rsp := httptest.NewRecorder()
req := httptest.NewRequest("DELETE", "/demo/v2/artist/keith-urban?partition=default&peer_name=local&namespace=default&version=1", strings.NewReader("")) req := httptest.NewRequest("DELETE", "/demo/v2/artist/keith-urban?partition=default&peer_name=local&namespace=default&version=1", strings.NewReader(""))
req.Header.Add("x-consul-token", testACLTokenArtistWritePolicy) req.Header.Add("x-consul-token", testACLTokenArtistWritePolicy)
req.Header.Add("x-consul-token", testACLTokenArtistListPolicy)
handler.ServeHTTP(rsp, req) handler.ServeHTTP(rsp, req)
@ -430,3 +460,137 @@ func TestResourceDeleteHandler(t *testing.T) {
require.ErrorContains(t, err, "resource not found") require.ErrorContains(t, err, "resource not found")
}) })
} }
func TestResourceListHandler(t *testing.T) {
aclResolver := &resourceSvc.MockACLResolver{}
aclResolver.On("ResolveTokenAndDefaultMeta", testACLTokenArtistListPolicy, mock.Anything, mock.Anything).
Return(svctest.AuthorizerFrom(t, demo.ArtistV2ListPolicy), nil)
aclResolver.On("ResolveTokenAndDefaultMeta", testACLTokenArtistWritePolicy, mock.Anything, mock.Anything).
Return(svctest.AuthorizerFrom(t, demo.ArtistV2WritePolicy), nil)
client := svctest.RunResourceServiceWithACL(t, aclResolver, demo.RegisterTypes)
r := resource.NewRegistry()
demo.RegisterTypes(r)
handler := NewHandler(client, r, parseToken, hclog.NewNullLogger())
t.Run("should return MethodNotAllowed", func(t *testing.T) {
rsp := httptest.NewRecorder()
req := httptest.NewRequest("PUT", "/demo/v2/artist?partition=default&peer_name=local&namespace=default", strings.NewReader(""))
req.Header.Add("x-consul-token", testACLTokenArtistListPolicy)
handler.ServeHTTP(rsp, req)
require.Equal(t, http.StatusMethodNotAllowed, rsp.Result().StatusCode)
})
t.Run("should be blocked if the token is not authorized", func(t *testing.T) {
rsp := httptest.NewRecorder()
req := httptest.NewRequest("GET", "/demo/v2/artist?partition=default&peer_name=local&namespace=default", strings.NewReader(""))
req.Header.Add("x-consul-token", testACLTokenArtistWritePolicy)
handler.ServeHTTP(rsp, req)
require.Equal(t, http.StatusForbidden, rsp.Result().StatusCode)
})
t.Run("should return list of resources", func(t *testing.T) {
resourceUri1 := &ResourceUri{group: "demo", version: "v2", kind: "artist", resourceName: "steve"}
resource1 := createResource(t, handler, resourceUri1)
resourceUri2 := &ResourceUri{group: "demo", version: "v2", kind: "artist", resourceName: "elvis"}
resource2 := createResource(t, handler, resourceUri2)
rsp := httptest.NewRecorder()
req := httptest.NewRequest("GET", "/demo/v2/artist?partition=default&peer_name=local&namespace=default", strings.NewReader(""))
req.Header.Add("x-consul-token", testACLTokenArtistListPolicy)
handler.ServeHTTP(rsp, req)
require.Equal(t, http.StatusOK, rsp.Result().StatusCode)
var result map[string]any
require.NoError(t, json.NewDecoder(rsp.Body).Decode(&result))
resources, _ := result["resources"].([]any)
require.Len(t, resources, 2)
expected := []map[string]any{resource1, resource2}
require.Contains(t, expected, resources[0])
require.Contains(t, expected, resources[1])
// clean up
deleteResource(t, handler, resourceUri1)
deleteResource(t, handler, resourceUri2)
})
t.Run("should return empty list when no resources are found", func(t *testing.T) {
rsp := httptest.NewRecorder()
req := httptest.NewRequest("GET", "/demo/v2/artist?partition=default&peer_name=local&namespace=default", strings.NewReader(""))
req.Header.Add("x-consul-token", testACLTokenArtistListPolicy)
handler.ServeHTTP(rsp, req)
require.Equal(t, http.StatusOK, rsp.Result().StatusCode)
var result map[string]any
require.NoError(t, json.NewDecoder(rsp.Body).Decode(&result))
resources, _ := result["resources"].([]any)
require.Len(t, resources, 0)
})
t.Run("should return empty list when name prefix matches don't match", func(t *testing.T) {
createResource(t, handler, nil)
rsp := httptest.NewRecorder()
req := httptest.NewRequest("GET", "/demo/v2/artist?partition=default&peer_name=local&namespace=default&name_prefix=noname", strings.NewReader(""))
req.Header.Add("x-consul-token", testACLTokenArtistListPolicy)
handler.ServeHTTP(rsp, req)
require.Equal(t, http.StatusOK, rsp.Result().StatusCode)
var result map[string]any
require.NoError(t, json.NewDecoder(rsp.Body).Decode(&result))
resources, _ := result["resources"].([]any)
require.Len(t, resources, 0)
// clean up
deleteResource(t, handler, nil)
})
t.Run("should return list of resources matching name prefix", func(t *testing.T) {
resourceUri1 := &ResourceUri{group: "demo", version: "v2", kind: "artist", resourceName: "steve"}
resource1 := createResource(t, handler, resourceUri1)
resourceUri2 := &ResourceUri{group: "demo", version: "v2", kind: "artist", resourceName: "elvis"}
createResource(t, handler, resourceUri2)
rsp := httptest.NewRecorder()
req := httptest.NewRequest("GET", "/demo/v2/artist?partition=default&peer_name=local&namespace=default&name_prefix=steve", strings.NewReader(""))
req.Header.Add("x-consul-token", testACLTokenArtistListPolicy)
handler.ServeHTTP(rsp, req)
require.Equal(t, http.StatusOK, rsp.Result().StatusCode)
var result map[string]any
require.NoError(t, json.NewDecoder(rsp.Body).Decode(&result))
resources, _ := result["resources"].([]any)
require.Len(t, resources, 1)
require.Equal(t, resource1, resources[0])
// clean up
deleteResource(t, handler, resourceUri1)
deleteResource(t, handler, resourceUri2)
})
}