diff options
author | Mike Crute <mike@crute.us> | 2021-11-16 14:46:24 -0800 |
---|---|---|
committer | Mike Crute <mike@crute.us> | 2021-11-17 07:56:10 -0800 |
commit | cc58a3da7d647de8520e33dc4356672d2ed1a366 (patch) | |
tree | 1b232a0d51446eb6370cfb13932190d31ce053df /app/controllers/aws.go | |
parent | a42d794a286154a3106551e6e483861af2a9ef16 (diff) | |
download | cloud-identity-broker-cc58a3da7d647de8520e33dc4356672d2ed1a366.tar.bz2 cloud-identity-broker-cc58a3da7d647de8520e33dc4356672d2ed1a366.tar.xz cloud-identity-broker-cc58a3da7d647de8520e33dc4356672d2ed1a366.zip |
Import of source code
Diffstat (limited to 'app/controllers/aws.go')
-rw-r--r-- | app/controllers/aws.go | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/app/controllers/aws.go b/app/controllers/aws.go new file mode 100644 index 0000000..5b1765d --- /dev/null +++ b/app/controllers/aws.go | |||
@@ -0,0 +1,52 @@ | |||
1 | package controllers | ||
2 | |||
3 | import ( | ||
4 | "context" | ||
5 | |||
6 | "code.crute.us/mcrute/cloud-identity-broker/app/middleware" | ||
7 | "code.crute.us/mcrute/cloud-identity-broker/app/models" | ||
8 | "code.crute.us/mcrute/cloud-identity-broker/cloud/aws" | ||
9 | |||
10 | "github.com/labstack/echo/v4" | ||
11 | ) | ||
12 | |||
13 | type requestContext struct { | ||
14 | Account *models.Account | ||
15 | Principal *models.User | ||
16 | AWS aws.AWSClient | ||
17 | } | ||
18 | |||
19 | // AWSAPI is a capability that all handlers talking to the AWS APIs should use. | ||
20 | // This capability does common permission checks and populates a request | ||
21 | // context with user, account, and AWS API information. | ||
22 | type AWSAPI struct { | ||
23 | Store models.AccountStore | ||
24 | } | ||
25 | |||
26 | // GetContext checks that the user is authenticated and is authorized to access | ||
27 | // the requested AWS account. This should be the very first call in any handler | ||
28 | // that will eventually call the AWS APIs. Errors returned from this method are | ||
29 | // echo responses and can be returned directly to the client. | ||
30 | func (h *AWSAPI) GetContext(c echo.Context) (*requestContext, error) { | ||
31 | principal, err := middleware.GetAuthorizedPrincipal(c) | ||
32 | if err != nil { | ||
33 | return nil, echo.ErrUnauthorized | ||
34 | } | ||
35 | |||
36 | account, err := h.Store.GetForUser(context.Background(), c.Param("account"), principal) | ||
37 | if err != nil { | ||
38 | return nil, echo.NotFoundHandler(c) | ||
39 | } | ||
40 | |||
41 | ac, err := aws.NewAWSClientFromAccount(account) | ||
42 | if err != nil { | ||
43 | c.Logger().Errorf("Error building AWS client: %w", err) | ||
44 | return nil, echo.ErrInternalServerError | ||
45 | } | ||
46 | |||
47 | return &requestContext{ | ||
48 | Account: account, | ||
49 | Principal: principal, | ||
50 | AWS: ac, | ||
51 | }, nil | ||
52 | } | ||