Merge pull request #218 from xuzhu-591/feat-scoped-instance-requests

feat: make instance requests scoped in order to support scoped role s…
horizoncd · Apr 2, 2024 · 64e8fac · 64e8fac
2 parents 75d3ae5 + 60afd28
commit 64e8fac
Show file tree

Hide file tree

Showing 14 changed files with 266 additions and 149 deletions.
diff --git a/.github/workflows/unit-test.yml b/.github/workflows/unit-test.yml
@@ -47,7 +47,7 @@ jobs:
         run: |
           echo "PREFIX=$(go list -m)" >> $GITHUB_OUTPUT
 
-      - uses: paambaati/codeclimate-action@v3.2.0
+      - uses: paambaati/codeclimate-action@v5.0.0
         env:
           CC_TEST_REPORTER_ID: e47aa5e6270db938ee1bdd6dc9486f4f581beb1bcaee5d28be1633d68c8550c6
         with:

diff --git a/core/cmd/cmd.go b/core/cmd/cmd.go
@@ -146,7 +146,7 @@ import (
 	logmiddle "github.com/horizoncd/horizon/core/middleware/log"
 	metricsmiddle "github.com/horizoncd/horizon/core/middleware/metrics"
 	prehandlemiddle "github.com/horizoncd/horizon/core/middleware/prehandle"
-	regionmiddle "github.com/horizoncd/horizon/core/middleware/region"
+	scopemiddle "github.com/horizoncd/horizon/core/middleware/scope"
 	tagmiddle "github.com/horizoncd/horizon/core/middleware/tag"
 	tokenmiddle "github.com/horizoncd/horizon/core/middleware/token"
 	usermiddle "github.com/horizoncd/horizon/core/middleware/user"
@@ -286,9 +286,8 @@ func Init(ctx context.Context, flags *Flags, coreConfig *config.Config) {
 	var roleConfig roleconfig.Config
 	if err := yaml.Unmarshal(content, &roleConfig); err != nil {
 		panic(err)
-	} else {
-		log.Printf("the roleConfig = %+v\n", roleConfig)
 	}
+	log.Printf("the roleConfig = %+v\n", roleConfig)
 
 	// init db
 	mysqlDB, err := orm.NewMySQLDB(&orm.MySQL{
@@ -407,9 +406,9 @@ func Init(ctx context.Context, flags *Flags, coreConfig *config.Config) {
 	var oauthConfig oauthconfig.Scopes
 	if err = yaml.Unmarshal(content, &oauthConfig); err != nil {
 		panic(err)
-	} else {
-		log.Printf("the oauthScopeConfig = %+v\n", oauthConfig)
 	}
+	log.Printf("the oauthScopeConfig = %+v\n", oauthConfig)
+
 	scopeService, err := scopeservice.NewFileScopeService(oauthConfig)
 	if err != nil {
 		panic(err)
@@ -621,7 +620,7 @@ func Init(ctx context.Context, flags *Flags, coreConfig *config.Config) {
 		metricsmiddle.Middleware( // metrics middleware
 			middleware.MethodAndPathSkipper("*", regexp.MustCompile("^/health")),
 			middleware.MethodAndPathSkipper("*", regexp.MustCompile("^/metrics"))),
-		regionmiddle.Middleware(parameter, applicationRegionCtl),
+		scopemiddle.Middleware(parameter, applicationRegionCtl, manager),
 		tokenmiddle.MiddleWare(oauthCheckerCtl, authnSkippers...),
 		//  user middleware, check user and attach current user to context.
 		usermiddle.Middleware(parameter, store, coreConfig,

diff --git a/core/common/cluster.go b/core/common/cluster.go
@@ -24,7 +24,6 @@ const (
 	ClusterQueryByRelease     = "templateRelease"
 	ClusterQueryByRegion      = "region"
 	ClusterQueryTagSelector   = "tagSelector"
-	ClusterQueryScope         = "scope"
 	ClusterQueryMergePatch    = "mergePatch"
 	ClusterQueryTargetBranch  = "targetBranch"
 	ClusterQueryTargetCommit  = "targetCommit"

diff --git a/core/controller/access/controller.go b/core/controller/access/controller.go
@@ -83,7 +83,7 @@ func (c *controller) Review(ctx context.Context, apis []API) (map[string]map[str
 			continue
 		}
 		// 4.new request info by request
-		requestInfo, err := c.requestInfoFty.NewRequestInfo(req)
+		requestInfo, err := c.requestInfoFty.NewRequestInfo(ctx, req)
 		if err != nil {
 			return nil, perror.WithMessagef(err, "invalid api, url: %s, method: %s", api.URL, api.Method)
 		}

diff --git a/core/errors/horizonerrors.go b/core/errors/horizonerrors.go
@@ -200,20 +200,21 @@ func (e *HorizonErrListFailed) Error() string {
 
 var (
 	// universal
-	ErrWriteFailed      = errors.New("write failed")
-	ErrReadFailed       = errors.New("read failed")
-	ErrNameConflict     = errors.New("name conflict")
-	ErrPathConflict     = errors.New("path conflict")
-	ErrPairConflict     = errors.New("entity pair conflict")
-	ErrSubResourceExist = errors.New("sub resource exist")
-	ErrNoPrivilege      = errors.New("no privilege")
-	ErrParamInvalid     = errors.New("parameter is invalid")
-	ErrForbidden        = errors.New("forbidden")
-	ErrDeadlineExceeded = errors.New("time limit exceeded")
-	ErrGenerateRandomID = errors.New("failed to generate random id")
-	ErrDisabled         = errors.New("entity is disabled")
-	ErrDuplicatedKey    = errors.New("duplicated keys")
-	ErrValidatingFailed = errors.New("validating failed")
+	ErrWriteFailed             = errors.New("write failed")
+	ErrReadFailed              = errors.New("read failed")
+	ErrNameConflict            = errors.New("name conflict")
+	ErrPathConflict            = errors.New("path conflict")
+	ErrPairConflict            = errors.New("entity pair conflict")
+	ErrSubResourceExist        = errors.New("sub resource exist")
+	ErrNoPrivilege             = errors.New("no privilege")
+	ErrParamInvalid            = errors.New("parameter is invalid")
+	ErrForbidden               = errors.New("forbidden")
+	ErrDeadlineExceeded        = errors.New("time limit exceeded")
+	ErrGenerateRandomID        = errors.New("failed to generate random id")
+	ErrDisabled                = errors.New("entity is disabled")
+	ErrDuplicatedKey           = errors.New("duplicated keys")
+	ErrValidatingFailed        = errors.New("validating failed")
+	ErrUnsupportedResourceType = errors.New("unsupported resource type")
 
 	// http
 	ErrHTTPRespNotAsExpected = errors.New("http response is not as expected")

diff --git a/core/http/api/v1/cluster/apis_basic.go b/core/http/api/v1/cluster/apis_basic.go
@@ -24,6 +24,7 @@ import (
 	"github.com/horizoncd/horizon/core/controller/cluster"
 	herrors "github.com/horizoncd/horizon/core/errors"
 	"github.com/horizoncd/horizon/lib/q"
+	hctx "github.com/horizoncd/horizon/pkg/context"
 	perror "github.com/horizoncd/horizon/pkg/errors"
 	"github.com/horizoncd/horizon/pkg/rbac/role"
 	"github.com/horizoncd/horizon/pkg/server/response"
@@ -183,7 +184,7 @@ func (a *API) Create(c *gin.Context) {
 		return
 	}
 
-	scope := c.Request.URL.Query().Get(common.ClusterQueryScope)
+	scope := hctx.GetScope(c, c.Request)
 	log.Infof(c, "scope: %v", scope)
 	scopeArray := strings.Split(scope, "/")
 	if len(scopeArray) != 2 {

diff --git a/core/http/api/v2/cluster/apis_basic.go b/core/http/api/v2/cluster/apis_basic.go
@@ -25,6 +25,7 @@ import (
 	"github.com/horizoncd/horizon/core/controller/cluster"
 	herrors "github.com/horizoncd/horizon/core/errors"
 	"github.com/horizoncd/horizon/lib/q"
+	hctx "github.com/horizoncd/horizon/pkg/context"
 	perror "github.com/horizoncd/horizon/pkg/errors"
 	"github.com/horizoncd/horizon/pkg/rbac/role"
 	"github.com/horizoncd/horizon/pkg/server/response"
@@ -191,7 +192,7 @@ func (a *API) Create(c *gin.Context) {
 		return
 	}
 
-	scope := c.Request.URL.Query().Get(common.ClusterQueryScope)
+	scope := hctx.GetScope(c, c.Request)
 	log.Infof(c, "scope: %v", scope)
 	scopeArray := strings.Split(scope, "/")
 	if len(scopeArray) != 2 {

diff --git a/core/middleware/prehandle/prehandle.go b/core/middleware/prehandle/prehandle.go
@@ -46,7 +46,7 @@ func init() {
 
 func Middleware(r *gin.Engine, mgr *managerparam.Manager, skippers ...middleware.Skipper) gin.HandlerFunc {
 	return middleware.New(func(c *gin.Context) {
-		requestInfo, err := RequestInfoFty.NewRequestInfo(c.Request)
+		requestInfo, err := RequestInfoFty.NewRequestInfo(c, c.Request)
 		if err != nil {
 			response.AbortWithRequestError(c, common.RequestInfoError, err.Error())
 			return
@@ -88,7 +88,7 @@ func Middleware(r *gin.Engine, mgr *managerparam.Manager, skippers ...middleware
 }
 
 func constructRBACParam(c *gin.Context) (*auth.AttributesRecord, error) {
-	requestInfo, err := RequestInfoFty.NewRequestInfo(c.Request)
+	requestInfo, err := RequestInfoFty.NewRequestInfo(c, c.Request)
 	if err != nil {
 		return nil, err
 	}

diff --git a/core/middleware/region/region.go b/core/middleware/region/region.go