-
Notifications
You must be signed in to change notification settings - Fork 2.8k
/
createSat.go
59 lines (49 loc) · 1.83 KB
/
createSat.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
// Copyright 2021 Harness Inc. All rights reserved.
// Use of this source code is governed by the Polyform Free Trial License
// that can be found in the LICENSE.md file for this repository.
package serviceaccount
import (
"encoding/json"
"net/http"
"time"
"github.com/harness/gitness/internal/api/render"
"github.com/harness/gitness/internal/api/request"
"github.com/harness/gitness/internal/guard"
"github.com/harness/gitness/internal/store"
"github.com/harness/gitness/internal/token"
"github.com/harness/gitness/types"
"github.com/harness/gitness/types/enum"
"github.com/rs/zerolog/hlog"
)
type createSatRequest struct {
Name string `json:"name"`
LifeTime time.Duration `json:"lifetime"`
Grants enum.AccessGrant `json:"grants"`
}
// HandleCreateSAT returns an http.HandlerFunc that creates a new SAT and
// writes a json-encoded TokenResponse to the http.Response body.
func HandleCreateSAT(guard *guard.Guard, tokenStore store.TokenStore) http.HandlerFunc {
return guard.ServiceAccount(
enum.PermissionServiceAccountEdit,
func(w http.ResponseWriter, r *http.Request) {
log := hlog.FromRequest(r)
ctx := r.Context()
principal, _ := request.PrincipalFrom(ctx)
in := new(createSatRequest)
err := json.NewDecoder(r.Body).Decode(in)
if err != nil {
render.BadRequestf(w, "Invalid request body: %s.", err)
return
}
// We need the service account for which the SAT gets created, differs from executing principal
sa, _ := request.ServiceAccountFrom(ctx)
token, jwtToken, err := token.CreateSAT(ctx, tokenStore, principal,
sa, in.Name, in.LifeTime, in.Grants)
if err != nil {
log.Err(err).Msg("failed to create sat")
render.UserfiedErrorOrInternal(w, err)
return
}
render.JSON(w, http.StatusOK, &types.TokenResponse{Token: *token, AccessToken: jwtToken})
})
}