Initial commit

2025-09-02 21:55:44 +00:00 · 2019-08-04 10:41:32 -07:00
commit c0299c1506
2045 changed files with 724722 additions and 0 deletions
--- a/pkg/server/api.go
+++ b/pkg/server/api.go
@@ -0,0 +1,157 @@
+package server
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"sync"
+
+	"golang.org/x/sync/semaphore"
+
+	"github.com/rancher/norman/pkg/types/values"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	"github.com/gorilla/mux"
+	"github.com/rancher/naok/pkg/accesscontrol"
+	"github.com/rancher/naok/pkg/attributes"
+	"github.com/rancher/naok/pkg/schemas"
+	"github.com/rancher/norman/pkg/api"
+	"github.com/rancher/norman/pkg/store/proxy"
+	"github.com/rancher/norman/pkg/subscribe"
+	"github.com/rancher/norman/pkg/types"
+	"github.com/rancher/norman/pkg/urlbuilder"
+	"k8s.io/apiserver/pkg/authentication/user"
+)
+
+func newAPIServer(cf proxy.ClientGetter, as *accesscontrol.AccessStore, sf schemas.SchemaFactory) http.Handler {
+	a := &apiServer{
+		Router: mux.NewRouter(),
+		cf:     cf,
+		as:     as,
+		sf:     sf,
+		server: api.NewAPIServer(),
+	}
+	a.Router.StrictSlash(true)
+	a.server.AccessControl = accesscontrol.NewAccessControl()
+	a.routes()
+	return a
+}
+
+type apiServer struct {
+	*mux.Router
+	cf     proxy.ClientGetter
+	as     *accesscontrol.AccessStore
+	sf     schemas.SchemaFactory
+	server *api.Server
+}
+
+func (a *apiServer) newSchemas() (*types.Schemas, error) {
+	schemas, err := schemas.DefaultSchemaFactory()
+	if err != nil {
+		return nil, err
+	}
+
+	sSchema := schemas.Schema("schema")
+	sSchema.CollectionFormatter = a.schemaCollectionFormatter(sSchema.CollectionFormatter)
+
+	schemas.DefaultMapper = newDefaultMapper
+	subscribe.Register(schemas)
+	return schemas, nil
+}
+
+func (a *apiServer) schemaCollectionFormatter(next types.CollectionFormatter) types.CollectionFormatter {
+	return func(request *types.APIRequest, collection *types.GenericCollection) {
+		if next != nil {
+			next(request, collection)
+		}
+
+		wg := sync.WaitGroup{}
+		sem := semaphore.NewWeighted(100)
+
+		for _, item := range collection.Data {
+			resource, ok := item.(*types.RawResource)
+			if !ok {
+				continue
+			}
+
+			schema := request.Schemas.Schema(resource.ID)
+			if schema == nil {
+				continue
+			}
+
+			access := accesscontrol.GetAccessListMap(schema)
+			if !access.Grants("list", "*", "*") {
+				continue
+			}
+
+			wg.Add(1)
+			if err := sem.Acquire(context.TODO(), 1); err != nil {
+				panic(err)
+			}
+			go func() {
+				defer func() {
+					sem.Release(1)
+					wg.Done()
+				}()
+
+				client, err := a.cf.Client(request, schema)
+				if err != nil {
+					return
+				}
+
+				fmt.Println("listing", attributes.GVK(schema))
+				resp, err := client.List(v1.ListOptions{})
+				if err != nil {
+					return
+				}
+				if len(resp.Items) > 0 {
+					values.PutValue(resource.Values, len(resp.Items), "attributes", "count")
+				}
+			}()
+		}
+
+		wg.Wait()
+	}
+}
+
+func (a *apiServer) common(rw http.ResponseWriter, req *http.Request) (*types.APIRequest, bool) {
+	user := &user.DefaultInfo{
+		Name:   "admin",
+		Groups: []string{"system:masters"},
+	}
+
+	accessSet := a.as.AccessFor(user)
+	schemas, err := a.sf.Schemas("", accessSet, a.newSchemas)
+	if err != nil {
+		rw.Write([]byte(err.Error()))
+		rw.WriteHeader(http.StatusInternalServerError)
+	}
+
+	urlBuilder, err := urlbuilder.New(req, a, schemas)
+	if err != nil {
+		rw.Write([]byte(err.Error()))
+		rw.WriteHeader(http.StatusInternalServerError)
+		return nil, false
+	}
+
+	return &types.APIRequest{
+		Schemas:    schemas,
+		Request:    req,
+		Response:   rw,
+		URLBuilder: urlBuilder,
+	}, true
+}
+
+func (a *apiServer) Schema(base string, schema *types.Schema) string {
+	gvr := attributes.GVR(schema)
+
+	if gvr.Group == "" && gvr.Version != "" && gvr.Resource != "" {
+		return urlbuilder.ConstructBasicURL(base, "api", gvr.Version, gvr.Resource)
+	}
+
+	if gvr.Resource != "" {
+		return urlbuilder.ConstructBasicURL(base, "apis", gvr.Group, gvr.Version, gvr.Resource)
+	}
+
+	return urlbuilder.ConstructBasicURL(base, "v1", schema.PluralName)
+}
--- a/pkg/server/mapper.go
+++ b/pkg/server/mapper.go
@@ -0,0 +1,31 @@
+package server
+
+import (
+	"fmt"
+
+	"github.com/rancher/norman/pkg/types"
+	"github.com/rancher/norman/pkg/types/values"
+)
+
+func newDefaultMapper() types.Mapper {
+	return &defaultMapper{}
+}
+
+type defaultMapper struct {
+	types.EmptyMapper
+}
+
+func (d *defaultMapper) FromInternal(data map[string]interface{}) {
+	if _, ok := data["id"]; ok || data == nil {
+		return
+	}
+
+	name := values.GetValueN(data, "metadata", "name")
+	namespace := values.GetValueN(data, "metadata", "namespace")
+
+	if namespace == "" {
+		data["id"] = name
+	} else {
+		data["id"] = fmt.Sprintf("%s/%s", namespace, name)
+	}
+}
--- a/pkg/server/routes.go
+++ b/pkg/server/routes.go
@@ -0,0 +1,66 @@
+package server
+
+import (
+	"net/http"
+
+	"github.com/rancher/naok/pkg/attributes"
+
+	"github.com/gorilla/mux"
+	"github.com/rancher/norman/pkg/types"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+)
+
+type APIFunc func(*types.APIRequest)
+
+func (a *apiServer) routes() {
+	a.Path("/api/{version}/{resource}").Handler(a.handle(a.k8sAPI))
+	a.Path("/api/{version}/{resource}/{nameorns}").Handler(a.handle(a.k8sAPI))
+	a.Path("/api/{version}/{resource}/{namespace}/{name}").Handler(a.handle(a.k8sAPI))
+
+	a.Path("/apis/{group}/{version}/{resource}").Handler(a.handle(a.k8sAPI))
+	a.Path("/apis/{group}/{version}/{resource}/{nameorns}").Handler(a.handle(a.k8sAPI))
+	a.Path("/apis/{group}/{version}/{resource}/{namespace}/{name}").Handler(a.handle(a.k8sAPI))
+
+	a.Path("/v1/{type}").Handler(a.handle(nil))
+	a.Path("/v1/{type}/{name}").Handler(a.handle(nil))
+}
+
+func (a *apiServer) handle(apiFunc APIFunc) http.Handler {
+	return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
+		a.api(rw, req, apiFunc)
+	})
+}
+
+func (a *apiServer) api(rw http.ResponseWriter, req *http.Request, apiFunc APIFunc) {
+	apiOp, ok := a.common(rw, req)
+	if ok {
+		if apiFunc != nil {
+			apiFunc(apiOp)
+		}
+		a.server.Handle(apiOp)
+	}
+}
+
+func (a *apiServer) k8sAPI(apiOp *types.APIRequest) {
+	vars := mux.Vars(apiOp.Request)
+	apiOp.Name = vars["name"]
+	apiOp.Type = a.sf.ByGVR(schema.GroupVersionResource{
+		Version:  vars["version"],
+		Group:    vars["group"],
+		Resource: vars["resource"],
+	})
+
+	nOrN := vars["nameorns"]
+	if nOrN != "" {
+		schema := apiOp.Schemas.Schema(apiOp.Type)
+		if attributes.Namespaced(schema) {
+			vars["namespace"] = nOrN
+		} else {
+			vars["name"] = nOrN
+		}
+	}
+
+	if namespace := vars["namespace"]; namespace != "" {
+		apiOp.Namespaces = []string{namespace}
+	}
+}
--- a/pkg/server/server.go
+++ b/pkg/server/server.go
@@ -0,0 +1,95 @@
+package server
+
+import (
+	"context"
+	"net/http"
+
+	"github.com/rancher/norman/pkg/store/proxy"
+
+	"github.com/rancher/naok/pkg/accesscontrol"
+	"github.com/rancher/naok/pkg/client"
+	"github.com/rancher/naok/pkg/schemas"
+	"github.com/rancher/wrangler-api/pkg/generated/controllers/apiextensions.k8s.io"
+	"github.com/rancher/wrangler-api/pkg/generated/controllers/apiregistration.k8s.io"
+	rbaccontroller "github.com/rancher/wrangler-api/pkg/generated/controllers/rbac"
+	"github.com/rancher/wrangler/pkg/kubeconfig"
+	"github.com/rancher/wrangler/pkg/start"
+	"github.com/sirupsen/logrus"
+	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/rest"
+)
+
+type Config struct {
+	Kubeconfig string
+	Namespace  string
+}
+
+func Run(ctx context.Context, cfg Config) error {
+	restConfig, err := kubeconfig.GetNonInteractiveClientConfig(cfg.Kubeconfig).ClientConfig()
+	if err != nil {
+		return err
+	}
+
+	rbac, err := rbaccontroller.NewFactoryFromConfig(restConfig)
+	if err != nil {
+		return err
+	}
+
+	k8s, err := kubernetes.NewForConfig(restConfig)
+	if err != nil {
+		return err
+	}
+
+	api, err := apiregistration.NewFactoryFromConfig(restConfig)
+	if err != nil {
+		return err
+	}
+
+	crd, err := apiextensions.NewFactoryFromConfig(restConfig)
+	if err != nil {
+		return err
+	}
+
+	starter, err := startAPI(ctx, restConfig, k8s, crd, api, rbac)
+	if err != nil {
+		return err
+	}
+
+	if err := start.All(ctx, 5, api, crd, rbac); err != nil {
+		return err
+	}
+
+	if err := starter(); err != nil {
+		return err
+	}
+
+	<-ctx.Done()
+	return nil
+}
+
+func startAPI(ctx context.Context, restConfig *rest.Config, k8s *kubernetes.Clientset, crd *apiextensions.Factory,
+	api *apiregistration.Factory, rbac *rbaccontroller.Factory) (func() error, error) {
+
+	cf, err := client.NewFactory(restConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	sf := schemas.Register(ctx,
+		cf,
+		k8s.Discovery(),
+		crd.Apiextensions().V1beta1().CustomResourceDefinition(),
+		api.Apiregistration().V1().APIService(),
+	)
+
+	accessStore := accesscontrol.NewAccessStore(rbac.Rbac().V1())
+
+	return func() error {
+		return serve(cf, accessStore, sf)
+	}, nil
+}
+
+func serve(cf proxy.ClientGetter, as *accesscontrol.AccessStore, sf schemas.SchemaFactory) error {
+	logrus.Infof("listening on :8989")
+	return http.ListenAndServe(":8989", newAPIServer(cf, as, sf))
+}