1 files changed, 109 insertions, 0 deletions
diff --git a/app/controllers/api_account_list.go b/app/controllers/api_account_list.go
new file mode 100644
index 0000000..f69db6a
--- /dev/null
+++ b/app/controllers/api_account_list.go
@@ -0,0 +1,109 @@
+package controllers
+import (
+        "context"
+        "net/http"
+        "code.crute.us/mcrute/cloud-identity-broker/app/middleware"
+        "code.crute.us/mcrute/cloud-identity-broker/app/models"
+        glecho "code.crute.us/mcrute/golib/echo"
+        "code.crute.us/mcrute/golib/echo/controller"
+        "github.com/labstack/echo/v4"
+)
+type jsonAccount struct {
+        Vendor               string `json:"vendor,omitempty"`
+        AccountNumber        int    `json:"account_number"`
+        ShortName            string `json:"short_name"`
+        Name                 string `json:"name"`
+        ConsoleUrl           string `json:"get_console_url,omitempty"`
+        ConsoleRedirectUrl   string `json:"console_redirect_url,omitempty"`
+        CredentialsUrl       string `json:"credentials_url"`
+        GlobalCredentialsUrl string `json:"global_credential_url,omitempty"`
+}
+func jsonAccountFromAccount(c echo.Context, a *models.Account) *jsonAccount {
+        return &jsonAccount{
+                AccountNumber:        a.AccountNumber,
+                ShortName:            a.ShortName,
+                Name:                 a.Name,
+                ConsoleUrl:           glecho.URLFor(c, "/api/account", a.ShortName, "console").String(),
+                ConsoleRedirectUrl:   glecho.URLFor(c, "/api/account", a.ShortName, "console").Query("redirect", "1").String(),
+                CredentialsUrl:       glecho.URLFor(c, "/api/account", a.ShortName, "credentials").String(),
+                GlobalCredentialsUrl: glecho.URLFor(c, "/api/account", a.ShortName, "credentials/global").String(),
+        }
+}
+type APIAccountListHandler struct {
+        store models.AccountStore
+}
+func NewAPIAccountListHandler(s models.AccountStore) echo.HandlerFunc {
+        al := &APIAccountListHandler{store: s}
+        h := &controller.ContentTypeNegotiatingHandler{
+                DefaultHandler: al.HandleV1,
+                Handlers: map[string]echo.HandlerFunc{
+                        contentTypeV1: al.HandleV1,
+                        contentTypeV2: al.HandleV2,
+                },
+        }
+        return h.Handle
+}
+// getAccountList returns the account list. This does the same work that
+// GetContext would do for most AWSAPI handlers but is a little different
+// because it deals with lists of accounts.
+//
+// Authorization of the account is handled within the store. The store will not
+// return accounts for which the user does not have access.
+func (h *APIAccountListHandler) getAccountList(c echo.Context) ([]*models.Account, error) {
+        principal, err := middleware.GetAuthorizedPrincipal(c)
+        if err != nil {
+                return nil, echo.ErrUnauthorized
+        }
+        accounts, err := h.store.ListForUser(context.Background(), principal)
+        if err != nil {
+                c.Logger().Errorf("Unable to load account list: %w", err)
+                return nil, echo.ErrInternalServerError
+        }
+        return accounts, nil
+}
+// HandleV1 returns a list of JSON account objects
+func (h *APIAccountListHandler) HandleV1(c echo.Context) error {
+        accounts, err := h.getAccountList(c)
+        if err != nil {
+                return err
+        }
+        out := []*jsonAccount{}
+        for _, a := range accounts {
+                ja := jsonAccountFromAccount(c, a)
+                ja.Vendor = "aws"
+                out = append(out, ja)
+        }
+        return c.JSON(http.StatusOK, out)
+}
+// HandleV2 returns a map of lists of account objects. the key to the map is
+// the short name of the cloud provider.
+func (h *APIAccountListHandler) HandleV2(c echo.Context) error {
+        accounts, err := h.getAccountList(c)
+        if err != nil {
+                return err
+        }
+        out := map[string][]*jsonAccount{
+                "aws": []*jsonAccount{},
+        }
+        for _, a := range accounts {
+                ja := jsonAccountFromAccount(c, a)
+                out["aws"] = append(out["aws"], ja)
+        }
+        return c.JSON(http.StatusOK, out)
+}

diff --git a/app/controllers/api_account_list.go b/app/controllers/api_account_list.go new file mode 100644 index 0000000..f69db6a --- /dev/null +++ b/app/controllers/api_account_list.go
@@ -0,0 +1,109 @@
	1	package controllers
	2
	3	import (
	4	"context"
	5	"net/http"
	6
	7	"code.crute.us/mcrute/cloud-identity-broker/app/middleware"
	8	"code.crute.us/mcrute/cloud-identity-broker/app/models"
	9
	10	glecho "code.crute.us/mcrute/golib/echo"
	11	"code.crute.us/mcrute/golib/echo/controller"
	12	"github.com/labstack/echo/v4"
	13	)
	14
	15	type jsonAccount struct {
	16	Vendor string `json:"vendor,omitempty"`
	17	AccountNumber int `json:"account_number"`
	18	ShortName string `json:"short_name"`
	19	Name string `json:"name"`
	20	ConsoleUrl string `json:"get_console_url,omitempty"`
	21	ConsoleRedirectUrl string `json:"console_redirect_url,omitempty"`
	22	CredentialsUrl string `json:"credentials_url"`
	23	GlobalCredentialsUrl string `json:"global_credential_url,omitempty"`
	24	}
	25
	26	func jsonAccountFromAccount(c echo.Context, a models.Account) jsonAccount {
	27	return &jsonAccount{
	28	AccountNumber: a.AccountNumber,
	29	ShortName: a.ShortName,
	30	Name: a.Name,
	31	ConsoleUrl: glecho.URLFor(c, "/api/account", a.ShortName, "console").String(),
	32	ConsoleRedirectUrl: glecho.URLFor(c, "/api/account", a.ShortName, "console").Query("redirect", "1").String(),
	33	CredentialsUrl: glecho.URLFor(c, "/api/account", a.ShortName, "credentials").String(),
	34	GlobalCredentialsUrl: glecho.URLFor(c, "/api/account", a.ShortName, "credentials/global").String(),
	35	}
	36	}
	37
	38	type APIAccountListHandler struct {
	39	store models.AccountStore
	40	}
	41
	42	func NewAPIAccountListHandler(s models.AccountStore) echo.HandlerFunc {
	43	al := &APIAccountListHandler{store: s}
	44	h := &controller.ContentTypeNegotiatingHandler{
	45	DefaultHandler: al.HandleV1,
	46	Handlers: map[string]echo.HandlerFunc{
	47	contentTypeV1: al.HandleV1,
	48	contentTypeV2: al.HandleV2,
	49	},
	50	}
	51	return h.Handle
	52	}
	53
	54	// getAccountList returns the account list. This does the same work that
	55	// GetContext would do for most AWSAPI handlers but is a little different
	56	// because it deals with lists of accounts.
	57	//
	58	// Authorization of the account is handled within the store. The store will not
	59	// return accounts for which the user does not have access.
	60	func (h APIAccountListHandler) getAccountList(c echo.Context) ([]models.Account, error) {
	61	principal, err := middleware.GetAuthorizedPrincipal(c)
	62	if err != nil {
	63	return nil, echo.ErrUnauthorized
	64	}
	65
	66	accounts, err := h.store.ListForUser(context.Background(), principal)
	67	if err != nil {
	68	c.Logger().Errorf("Unable to load account list: %w", err)
	69	return nil, echo.ErrInternalServerError
	70	}
	71
	72	return accounts, nil
	73	}
	74
	75	// HandleV1 returns a list of JSON account objects
	76	func (h *APIAccountListHandler) HandleV1(c echo.Context) error {
	77	accounts, err := h.getAccountList(c)
	78	if err != nil {
	79	return err
	80	}
	81
	82	out := []*jsonAccount{}
	83	for _, a := range accounts {
	84	ja := jsonAccountFromAccount(c, a)
	85	ja.Vendor = "aws"
	86	out = append(out, ja)
	87	}
	88
	89	return c.JSON(http.StatusOK, out)
	90	}
	91
	92	// HandleV2 returns a map of lists of account objects. the key to the map is
	93	// the short name of the cloud provider.
	94	func (h *APIAccountListHandler) HandleV2(c echo.Context) error {
	95	accounts, err := h.getAccountList(c)
	96	if err != nil {
	97	return err
	98	}
	99
	100	out := map[string][]*jsonAccount{
	101	"aws": []*jsonAccount{},
	102	}
	103	for _, a := range accounts {
	104	ja := jsonAccountFromAccount(c, a)
	105	out["aws"] = append(out["aws"], ja)
	106	}
	107
	108	return c.JSON(http.StatusOK, out)
	109	}