blob: 1b1673fe00f944b790eecdb16013b309774a93fc [file]
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package opa
import (
"net/http"
"strings"
)
import (
"github.com/gin-gonic/gin"
perrors "github.com/pkg/errors"
)
import (
adminconfig "github.com/apache/dubbo-go-pixiu/admin/config"
"github.com/apache/dubbo-go-pixiu/admin/logic"
)
// @Tags Config
// @Summary upload OPA policy (server mode)
// @Router /config/api/opa/policy [put]
func PutOPAPolicy(c *gin.Context) {
// For PUT, we typically expect Form Data
serverURL := resolveOPAServerURL(c.PostForm("server_url"))
policyID := resolveOPAPolicyID(c.PostForm("policy_id"))
bearerToken := c.PostForm("bearer_token")
content := c.PostForm("content")
if content == "" {
c.JSON(http.StatusOK, adminconfig.WithError(perrors.New("rego content is required")))
return
}
if err := logic.BizPutOPAPolicy(serverURL, policyID, bearerToken, content); err != nil {
c.JSON(http.StatusOK, adminconfig.WithError(err))
return
}
c.JSON(http.StatusOK, adminconfig.WithRet("Update Success"))
}
// @Tags Config
// @Summary get OPA policy (server mode)
// @Router /config/api/opa/policy [get]
func GetOPAPolicy(c *gin.Context) {
var query adminconfig.OPAQuery
if err := c.ShouldBindQuery(&query); err != nil {
c.JSON(http.StatusOK, adminconfig.WithError(err))
return
}
serverURL := resolveOPAServerURL(query.ServerURL)
policyID := resolveOPAPolicyID(query.PolicyID)
result, err := logic.BizGetOPAPolicy(serverURL, policyID, query.BearerToken)
if err != nil {
c.JSON(http.StatusOK, adminconfig.WithError(err))
return
}
c.JSON(http.StatusOK, adminconfig.WithRet(result))
}
// @Tags Config
// @Summary delete OPA policy (server mode)
// @Router /config/api/opa/policy [delete]
func DeleteOPAPolicy(c *gin.Context) {
var query adminconfig.OPAQuery
if err := c.ShouldBindQuery(&query); err != nil {
c.JSON(http.StatusOK, adminconfig.WithError(err))
return
}
serverURL := resolveOPAServerURL(query.ServerURL)
policyID := resolveOPAPolicyID(query.PolicyID)
if err := logic.BizDeleteOPAPolicy(serverURL, policyID, query.BearerToken); err != nil {
c.JSON(http.StatusOK, adminconfig.WithError(err))
return
}
c.JSON(http.StatusOK, adminconfig.WithRet("Delete Success"))
}
func resolveOPAServerURL(serverURL string) string {
serverURL = strings.TrimSpace(serverURL)
if serverURL != "" {
return serverURL
}
if adminconfig.Bootstrap != nil {
if trimmed := strings.TrimSpace(adminconfig.Bootstrap.OPA.ServerURL); trimmed != "" {
return trimmed
}
}
return adminconfig.DefaultOPAServerURL
}
func resolveOPAPolicyID(policyID string) string {
policyID = strings.TrimSpace(policyID)
if policyID != "" {
return policyID
}
if adminconfig.Bootstrap != nil {
if trimmed := strings.TrimSpace(adminconfig.Bootstrap.OPA.PolicyID); trimmed != "" {
return trimmed
}
}
return adminconfig.DefaultOPAPolicyID
}