feat: cluster bearer token hide from dashboard (#2894) (#11)

* cluster token config removed mandatory

* api spec added for cluster update and create, and cluster list api changes for token

* fix check config for cluster token

Author: vikramdevtron

api/cluster/ClusterRestHandler.go

@@ -43,7 +43,6 @@ const CLUSTER_DELETE_SUCCESS_RESP = "Cluster deleted successfully."
 
 type ClusterRestHandler interface {
 	Save(w http.ResponseWriter, r *http.Request)
-	FindOne(w http.ResponseWriter, r *http.Request)
 	FindAll(w http.ResponseWriter, r *http.Request)
 
 	FindById(w http.ResponseWriter, r *http.Request)
@@ -153,29 +152,9 @@ func (impl ClusterRestHandlerImpl) Save(w http.ResponseWriter, r *http.Request)
 	common.WriteJsonResp(w, err, bean, http.StatusOK)
 }
 
-func (impl ClusterRestHandlerImpl) FindOne(w http.ResponseWriter, r *http.Request) {
-	vars := mux.Vars(r)
-	cName := vars["cluster_name"]
-	// RBAC enforcer applying
-	token := r.Header.Get("token")
-	if ok := impl.enforcer.Enforce(token, casbin.ResourceCluster, casbin.ActionGet, strings.ToLower(cName)); !ok {
-		common.WriteJsonResp(w, errors.New("unauthorized"), nil, http.StatusForbidden)
-		return
-	}
-	//RBAC enforcer Ends
-
-	envBean, err := impl.clusterService.FindOne(cName)
-	if err != nil {
-		impl.logger.Errorw("service err, FindOne", "error", err, "cluster name", cName)
-		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
-		return
-	}
-	common.WriteJsonResp(w, err, envBean, http.StatusOK)
-}
-
 func (impl ClusterRestHandlerImpl) FindAll(w http.ResponseWriter, r *http.Request) {
 	token := r.Header.Get("token")
-	clusterList, err := impl.clusterService.FindAll()
+	clusterList, err := impl.clusterService.FindAllWithoutConfig()
 	if err != nil {
 		impl.logger.Errorw("service err, FindAll", "err", err)
 		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)
@@ -203,7 +182,7 @@ func (impl ClusterRestHandlerImpl) FindById(w http.ResponseWriter, r *http.Reque
 		common.WriteJsonResp(w, err, nil, http.StatusBadRequest)
 		return
 	}
-	bean, err := impl.clusterService.FindById(i)
+	bean, err := impl.clusterService.FindByIdWithoutConfig(i)
 	if err != nil {
 		impl.logger.Errorw("service err, FindById", "err", err, "clusterId", id)
 		common.WriteJsonResp(w, err, nil, http.StatusInternalServerError)

pkg/cluster/ClusterService.go

@@ -50,7 +50,7 @@ type ClusterBean struct {
 	ServerUrl               string                     `json:"server_url,omitempty" validate:"url,required"`
 	PrometheusUrl           string                     `json:"prometheus_url,omitempty" validate:"validate-non-empty-url"`
 	Active                  bool                       `json:"active"`
-	Config                  map[string]string          `json:"config,omitempty" validate:"required"`
+	Config                  map[string]string          `json:"config,omitempty"`
 	PrometheusAuth          *PrometheusAuth            `json:"prometheusAuth,omitempty"`
 	DefaultClusterComponent []*DefaultClusterComponent `json:"defaultClusterComponent"`
 	AgentInstallationStage  int                        `json:"agentInstallationStage,notnull"` // -1=external, 0=not triggered, 1=progressing, 2=success, 3=fails
@@ -80,10 +80,12 @@ type ClusterService interface {
 	FindOne(clusterName string) (*ClusterBean, error)
 	FindOneActive(clusterName string) (*ClusterBean, error)
 	FindAll() ([]*ClusterBean, error)
+	FindAllWithoutConfig() ([]*ClusterBean, error)
 	FindAllActive() ([]ClusterBean, error)
 	DeleteFromDb(bean *ClusterBean, userId int32) error
 
 	FindById(id int) (*ClusterBean, error)
+	FindByIdWithoutConfig(id int) (*ClusterBean, error)
 	FindByIds(id []int) ([]ClusterBean, error)
 	Update(ctx context.Context, bean *ClusterBean, userId int32) (*ClusterBean, error)
 	Delete(bean *ClusterBean, userId int32) error
@@ -257,6 +259,17 @@ func (impl *ClusterServiceImpl) FindOneActive(clusterName string) (*ClusterBean,
 	return bean, nil
 }
 
+func (impl *ClusterServiceImpl) FindAllWithoutConfig() ([]*ClusterBean, error) {
+	models, err := impl.FindAll()
+	if err != nil {
+		return nil, err
+	}
+	for _, model := range models {
+		model.Config = map[string]string{"bearer_token": ""}
+	}
+	return models, nil
+}
+
 func (impl *ClusterServiceImpl) FindAll() ([]*ClusterBean, error) {
 	model, err := impl.clusterRepository.FindAllActive()
 	if err != nil {
@@ -326,6 +339,16 @@ func (impl *ClusterServiceImpl) FindById(id int) (*ClusterBean, error) {
 	return bean, nil
 }
 
+func (impl *ClusterServiceImpl) FindByIdWithoutConfig(id int) (*ClusterBean, error) {
+	model, err := impl.FindById(id)
+	if err != nil {
+		return nil, err
+	}
+	//empty bearer token as it will be hidden for user
+	model.Config = map[string]string{"bearer_token": ""}
+	return model, nil
+}
+
 func (impl *ClusterServiceImpl) FindByIds(ids []int) ([]ClusterBean, error) {
 	models, err := impl.clusterRepository.FindByIds(ids)
 	if err != nil {
@@ -349,11 +372,6 @@ func (impl *ClusterServiceImpl) FindByIds(ids []int) ([]ClusterBean, error) {
 }
 
 func (impl *ClusterServiceImpl) Update(ctx context.Context, bean *ClusterBean, userId int32) (*ClusterBean, error) {
-	//validating config
-	err := impl.CheckIfConfigIsValid(bean)
-	if err != nil {
-		return nil, err
-	}
 	model, err := impl.clusterRepository.FindById(bean.Id)
 	if err != nil {
 		impl.logger.Error(err)
@@ -372,8 +390,16 @@ func (impl *ClusterServiceImpl) Update(ctx context.Context, bean *ClusterBean, u
 	// check whether config modified or not, if yes create informer with updated config
 	dbConfig := model.Config["bearer_token"]
 	requestConfig := bean.Config["bearer_token"]
+	if len(requestConfig) == 0 {
+		bean.Config = model.Config
+	}
 	if bean.ServerUrl != model.ServerUrl || dbConfig != requestConfig {
 		bean.HasConfigOrUrlChanged = true
+		//validating config
+		err := impl.CheckIfConfigIsValid(bean)
+		if err != nil {
+			return nil, err
+		}
 	}
 	model.ClusterName = bean.ClusterName
 	model.ServerUrl = bean.ServerUrl

pkg/cluster/ClusterServiceExtended.go

@@ -59,6 +59,17 @@ func NewClusterServiceImplExtended(repository repository.ClusterRepository, envi
 	return clusterServiceExt
 }
 
+func (impl *ClusterServiceImplExtended) FindAllWithoutConfig() ([]*ClusterBean, error) {
+	beans, err := impl.FindAll()
+	if err != nil {
+		return nil, err
+	}
+	for _, bean := range beans {
+		bean.Config = map[string]string{"bearer_token": ""}
+	}
+	return beans, nil
+}
+
 func (impl *ClusterServiceImplExtended) FindAll() ([]*ClusterBean, error) {
 	beans, err := impl.ClusterServiceImpl.FindAll()
 	if err != nil {

specs/cluster_api_spec.yaml

@@ -3,6 +3,77 @@ info:
   version: 1.0.0
   title: Devtron Labs
 paths:
+  /orchestrator/cluster:
+    put:
+      description: Update Cluster
+      operationId: UpdateCluster
+      requestBody:
+        description: A JSON object containing the cluster config
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/ClusterBean'
+      responses:
+        '200':
+          description: Successfully update the cluster
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ClusterBean'
+        '400':
+          description: Bad Request. Input Validation(decode) error/wrong request body.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '500':
+          description: Internal Server Error
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '401':
+          description: Unauthorized User
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+    get:
+      description: Get Cluster
+      operationId: GetCluster
+      parameters:
+        - name: id
+          in: query
+          description: cluster id.
+          required: true
+          schema:
+            type: integer
+      responses:
+        '200':
+          description: Successfully get cluster
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/ClusterBean'
+        '400':
+          description: Bad Request. Input Validation(decode) error/wrong request body.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '500':
+          description: Internal Server Error
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+        '401':
+          description: Unauthorized User
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
   /orchestrator/cluster/auth-list:
     get:
       description: list of accessible cluster
@@ -34,6 +105,53 @@ paths:
 # components mentioned below
 components:
   schemas:
+    ClusterBean:
+      type: object
+      properties:
+        id:
+          type: integer
+        cluster_name:
+          type: string
+        server_url:
+          type: string
+        prometheus_url:
+          type: string
+        active:
+          type: boolean
+        config:
+          type: object
+          properties:
+            bearer_token:
+              type: string
+              description: it will be empty while fetching, and if no change while updating
+        k8sversion:
+          type: string
+    PrometheusAuth:
+      type: object
+      properties:
+        userName:
+          type: string
+        password:
+          type: string
+        tlsClientCert:
+          type: string
+        tlsClientKey:
+          type: string
+    DefaultClusterComponent:
+      type: object
+      properties:
+        name:
+          type: string
+        appId:
+          type: integer
+        installedAppId:
+          type: integer
+        envId:
+          type: integer
+        envname:
+          type: string
+        status:
+          type: string
     Cluster:
       type: object
       required: