Skip to content

Commit

Permalink
Merge pull request #501 from jmpsec/update-api-yaml-2
Browse files Browse the repository at this point in the history 
Update OpenAPI yaml with the enroll/remove actions endpoints
  • Loading branch information
@javuto
javuto authored Sep 8, 2024
2 parents 3eb24cd + 10bccb0 commit 53291f1
Show file tree
Hide file tree
Showing 2 changed files with 217 additions and 11 deletions.
38 changes: 27 additions & 11 deletions api/handlers-environments.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -225,22 +225,26 @@ func apiEnvEnrollActionsHandler(w http.ResponseWriter, r *http.Request) {
// Extract environment
envVar := r.PathValue("env")
if envVar == "" {
apiErrorResponse(w, "error with environment", http.StatusInternalServerError, nil)
incMetric(metricAPIQueriesErr)
apiErrorResponse(w, "error getting environment", http.StatusInternalServerError, nil)
incMetric(metricAPIEnvsErr)
return
}
// Get environment
// Get environment by name
env, err := envs.Get(envVar)
if err != nil {
apiErrorResponse(w, "error getting environment", http.StatusInternalServerError, nil)
incMetric(metricAPIQueriesErr)
if err.Error() == "record not found" {
apiErrorResponse(w, "environment not found", http.StatusNotFound, err)
} else {
apiErrorResponse(w, "error getting environment", http.StatusInternalServerError, err)
}
incMetric(metricAPIEnvsErr)
return
}
// Get context data and check access
ctx := r.Context().Value(contextKey(contextAPI)).(contextValue)
if !apiUsers.CheckPermissions(ctx[ctxUser], users.AdminLevel, env.UUID) {
apiErrorResponse(w, "no access", http.StatusForbidden, fmt.Errorf("attempt to use API by user %s", ctx[ctxUser]))
incMetric(metricAPIQueriesErr)
incMetric(metricAPIEnvsErr)
return
}
// Extract action
Expand Down Expand Up @@ -315,6 +319,10 @@ func apiEnvEnrollActionsHandler(w http.ResponseWriter, r *http.Request) {
return
}
msgReturn = "RPM updated successfully"
default:
apiErrorResponse(w, "invalid action", http.StatusBadRequest, fmt.Errorf("invalid action %s", actionVar))
incMetric(metricAPIEnvsErr)
return
}
// Return query name as serialized response
utils.HTTPResponse(w, utils.JSONApplicationUTF8, http.StatusOK, types.ApiGenericResponse{Message: msgReturn})
Expand All @@ -328,15 +336,19 @@ func apiEnvRemoveActionsHandler(w http.ResponseWriter, r *http.Request) {
// Extract environment
envVar := r.PathValue("env")
if envVar == "" {
apiErrorResponse(w, "error with environment", http.StatusInternalServerError, nil)
incMetric(metricAPIQueriesErr)
apiErrorResponse(w, "error getting environment", http.StatusInternalServerError, nil)
incMetric(metricAPIEnvsErr)
return
}
// Get environment
// Get environment by name
env, err := envs.Get(envVar)
if err != nil {
apiErrorResponse(w, "error getting environment", http.StatusInternalServerError, nil)
incMetric(metricAPIQueriesErr)
if err.Error() == "record not found" {
apiErrorResponse(w, "environment not found", http.StatusNotFound, err)
} else {
apiErrorResponse(w, "error getting environment", http.StatusInternalServerError, err)
}
incMetric(metricAPIEnvsErr)
return
}
// Get context data and check access
Expand Down Expand Up @@ -389,6 +401,10 @@ func apiEnvRemoveActionsHandler(w http.ResponseWriter, r *http.Request) {
return
}
msgReturn = "remove set to not expire"
default:
apiErrorResponse(w, "invalid action", http.StatusBadRequest, fmt.Errorf("invalid action %s", actionVar))
incMetric(metricAPIEnvsErr)
return
}
// Return query name as serialized response
utils.HTTPResponse(w, utils.JSONApplicationUTF8, http.StatusOK, types.ApiGenericResponse{Message: msgReturn})
Expand Down
190 changes: 190 additions & 0 deletions osctrl-api.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -909,6 +909,122 @@ paths:
security:
- Authorization:
- read
post:
tags:
- environments
summary: Get enroll values for an environment
description: Returns each of the node enrollment values (secret, certificate, flags, one-liner) for the requested osctrl environment
operationId: apiEnvEnrollActionsHandler
parameters:
- name: env
in: path
description: Name or UUID of the requested osctrl environment
required: true
schema:
type: string
- name: target
in: path
description: Target to retrieve (secret, cert, flags, enroll.sh, enroll.ps1)
required: true
schema:
type: string
responses:
200:
description: successful operation
content:
application/json:
schema:
type: array
items:
$ref: "#/components/schemas/ApiDataResponse"
400:
description: bad request
content:
application/json:
schema:
$ref: "#/components/schemas/ApiErrorResponse"
403:
description: no access
content:
application/json:
schema:
$ref: "#/components/schemas/ApiErrorResponse"
404:
description: no environments
content:
application/json:
schema:
$ref: "#/components/schemas/ApiErrorResponse"
500:
description: error getting environments
content:
application/json:
schema:
$ref: "#/components/schemas/ApiErrorResponse"
security:
- Authorization:
- read
/environments/{env}/enroll/{action}:
post:
tags:
- environments
summary: Perform enroll actions for an environment
description: Executes an action (extend/rotate/expire/notexpire) in the enrollment URL for the requested osctrl environment
operationId: apiEnvEnrollActionsHandler
parameters:
- name: env
in: path
description: Name or UUID of the requested osctrl environment
required: true
schema:
type: string
- name: action
in: path
description: Action to execute (extend, rotate, expire, notexpire)
required: true
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: "#/components/schemas/ApiActionsRequest"
responses:
200:
description: successful operation
content:
application/json:
schema:
type: array
items:
$ref: "#/components/schemas/ApiDataResponse"
400:
description: bad request
content:
application/json:
schema:
$ref: "#/components/schemas/ApiErrorResponse"
403:
description: no access
content:
application/json:
schema:
$ref: "#/components/schemas/ApiErrorResponse"
404:
description: no environments
content:
application/json:
schema:
$ref: "#/components/schemas/ApiErrorResponse"
500:
description: error getting environments
content:
application/json:
schema:
$ref: "#/components/schemas/ApiErrorResponse"
security:
- Authorization:
- admin
/environments/{env}/remove/{target}:
get:
tags:
Expand Down Expand Up @@ -965,6 +1081,67 @@ paths:
security:
- Authorization:
- read
/environments/{env}/remove/{action}:
post:
tags:
- environments
summary: Perform remove actions for an environment
description: Executes an action (extend/rotate/expire/notexpire) in the remove URL for the requested osctrl environment
operationId: apiEnvRemoveActionsHandler
parameters:
- name: env
in: path
description: Name or UUID of the requested osctrl environment
required: true
schema:
type: string
- name: action
in: path
description: Action to execute (extend, rotate, expire, notexpire)
required: true
schema:
type: string
requestBody:
content:
application/json:
schema:
$ref: "#/components/schemas/ApiActionsRequest"
responses:
200:
description: successful operation
content:
application/json:
schema:
type: array
items:
$ref: "#/components/schemas/ApiDataResponse"
400:
description: bad request
content:
application/json:
schema:
$ref: "#/components/schemas/ApiErrorResponse"
403:
description: no access
content:
application/json:
schema:
$ref: "#/components/schemas/ApiErrorResponse"
404:
description: no environments
content:
application/json:
schema:
$ref: "#/components/schemas/ApiErrorResponse"
500:
description: error getting environments
content:
application/json:
schema:
$ref: "#/components/schemas/ApiErrorResponse"
security:
- Authorization:
- admin
/tags:
get:
tags:
Expand Down Expand Up @@ -1670,6 +1847,19 @@ components:
format: int64
Info:
type: string
ApiActionsRequest:
type: object
properties:
Certificate:
type: string
MacPkgURL:
type: string
MsiPkgURL:
type: string
RpmPkgURL:
type: string
DebPkgURL:
type: string
securitySchemes:
Authorization:
type: http
Expand Down

0 comments on commit 53291f1

Please sign in to comment.