diff --git a/cmd/handlers.go b/cmd/handlers.go index 90de8b4..f8db656 100644 --- a/cmd/handlers.go +++ b/cmd/handlers.go @@ -9,4 +9,5 @@ func RegisterPublicHandlers(r *gin.RouterGroup) { func RegisterPrivateHandlers(r *gin.RouterGroup) { registerUserHandlers(r) registerMyLabHandlers(r) + registerOnboardingHandlers(r) } diff --git a/cmd/onboarding-handler.go b/cmd/onboarding-handler.go new file mode 100644 index 0000000..8a38cf1 --- /dev/null +++ b/cmd/onboarding-handler.go @@ -0,0 +1,28 @@ +package cmd + +import ( + "net/http" + + "github.com/inseefrlab/onyxia-api/internal/helm" + + "github.com/gin-gonic/gin" +) + +// @Summary Init a namespace for a user or a group +// @Schemes +// @Description Create or replace the namespace of the user or the namespace of a group if the user is in the requested group and the according rbac policies. with the group prefix / user prefix of the region +// @Tags Onboarding +// @Produce json +// @Success 200 +// @Router /onboarding [post] +func onboarding(c *gin.Context) { + myServices := MyServices{} + for _, release := range helm.ListReleases() { + myServices.Apps = append(myServices.Apps, App{ID: release.Name, Chart: release.Chart.Name()}) + } + c.JSON(http.StatusOK, myServices) +} + +func registerOnboardingHandlers(r *gin.RouterGroup) { + r.POST("/onboarding", onboarding) +} diff --git a/internal/configuration/config.yaml b/internal/configuration/config.yaml index b486d52..0a9b490 100644 --- a/internal/configuration/config.yaml +++ b/internal/configuration/config.yaml @@ -1,5 +1,69 @@ authentication: - issuerURI: + mode: none +oidc: + issuer-uri: + clientID: audience: + username-claim: + groups-claim: + extra-query-params: rootPath: /api -regions: \ No newline at end of file +regions: +- id: kub + name: Kubernetes (in-cluster) + description: The in-cluster Kubernetes region. + onyxiaAPI: + baseURL: '' + services: + type: KUBERNETES + initScript: https://git.lab.sspcloud.fr/innovation/plateforme-onyxia/services-ressources/-/raw/master/onyxia-init.sh + singleNamespace: true + namespacePrefix: user- + usernamePrefix: oidc- + groupNamespacePrefix: projet- + authenticationMode: serviceAccount + quotas: + allowUserModification: true + enabled: false + default: + requests.memory: 10Gi + requests.cpu: '10' + limits.memory: 10Gi + limits.cpu: '10' + requests.storage: 100Gi + count/pods: '50' + userEnabled: false + user: + requests.memory: 11Gi + requests.cpu: '11' + limits.memory: 11Gi + limits.cpu: '11' + requests.storage: 101Gi + count/pods: '51' + groupEnabled: false + group: + requests.memory: 12Gi + requests.cpu: '12' + limits.memory: 12Gi + limits.cpu: '12' + requests.storage: 102Gi + count/pods: '52' + defaultConfiguration: + IPProtection: false + networkPolicy: false + expose: + domain: fakedomain.kub.example.com + ingress: true + route: false + istio: + enabled: false + gateways: [] + monitoring: + URLPattern: https://graphana.kub.example.com/$appIdSlug + data: {} + auth: + type: openidconnect + location: + name: Paris + lat: 48.8453225 + long: 2.3024401 \ No newline at end of file diff --git a/internal/configuration/configuration.go b/internal/configuration/configuration.go index c711c5c..701f640 100644 --- a/internal/configuration/configuration.go +++ b/internal/configuration/configuration.go @@ -1,5 +1,25 @@ package configuration +type Configuration struct { + Authentication Authentication + RootPath string + Regions []Region + OIDC OIDC `json:"oidc"` +} + +type Authentication struct { + Mode string `json:"mode"` +} + +type OIDC struct { + IssuerURI string `json:"issuer-uri"` + ClientID string `json:"clientID"` + Audience string `json:"audience"` + UsernameClaim string `json:"username-claim"` + GroupsClaim string `json:"groups-claim"` + ExtraQueryParams string `json:"extra-query-params"` +} + type Region struct { ID string `json:"id"` Name string `json:"name"` @@ -153,14 +173,3 @@ type Region struct { URL string `json:"URL"` } `json:"git"` } - -type Configuration struct { - Authentication Authentication - RootPath string - Regions []Region -} - -type Authentication struct { - IssuerURI string - Audience string -} diff --git a/main.go b/main.go index 4e69976..6b60cef 100644 --- a/main.go +++ b/main.go @@ -4,6 +4,7 @@ import ( "context" "fmt" "net/http" + "strings" "time" oidc "github.com/coreos/go-oidc/v3/oidc" @@ -34,17 +35,17 @@ func main() { zap.ReplaceGlobals(zap.Must(zap.NewProduction())) - if configuration.Config.Authentication.IssuerURI != "" { - fmt.Printf("Using authentication with issuer %s", configuration.Config.Authentication.IssuerURI) + if strings.EqualFold(configuration.Config.Authentication.Mode, "openidconnect") { + fmt.Printf("Using OIDC authentication with issuer %s", configuration.Config.OIDC.IssuerURI) fmt.Println() client := &http.Client{ Timeout: time.Duration(6000) * time.Second, } ctx := oidc.ClientContext(context.Background(), client) - provider, _ := oidc.NewProvider(ctx, configuration.Config.Authentication.IssuerURI) + provider, _ := oidc.NewProvider(ctx, configuration.Config.OIDC.IssuerURI) oidcConfig := &oidc.Config{} - if configuration.Config.Authentication.Audience != "" { - oidcConfig.ClientID = configuration.Config.Authentication.Audience + if configuration.Config.OIDC.Audience != "" { + oidcConfig.ClientID = configuration.Config.OIDC.Audience } else { zap.L().Warn("Token audience validation disabled") oidcConfig.SkipClientIDCheck = true