feat: playbooks

api/errors.go

@@ -0,0 +1,86 @@
+package api
+
+import (
+	"errors"
+	"fmt"
+)
+
+// Application error codes.
+//
+// These are meant to be generic and they map well to HTTP error codes.
+const (
+	ECONFLICT       = "conflict"
+	EFORBIDDEN      = "forbidden"
+	EINTERNAL       = "internal"
+	EINVALID        = "invalid"
+	ENOTFOUND       = "not_found"
+	ENOTIMPLEMENTED = "not_implemented"
+	EUNAUTHORIZED   = "unauthorized"
+)
+
+// Error represents an application-specific error.
+type Error struct {
+	// Machine-readable error code.
+	Code string
+
+	// Human-readable error message.
+	Message string
+
+	// DebugInfo contains low-level internal error details that should only be logged.
+	// End-users should never see this.
+	DebugInfo string
+}
+
+// Error implements the error interface. Not used by the application otherwise.
+func (e *Error) Error() string {
+	return fmt.Sprintf("error: code=%s message=%s", e.Code, e.Message)
+}
+
+// WithDebugInfo wraps an application error with a debug message.
+func (e *Error) WithDebugInfo(msg string, args ...any) *Error {
+	e.DebugInfo = fmt.Sprintf(msg, args...)
+	return e
+}
+
+// ErrorCode unwraps an application error and returns its code.
+// Non-application errors always return EINTERNAL.
+func ErrorCode(err error) string {
+	var e *Error
+	if err == nil {
+		return ""
+	} else if errors.As(err, &e) {
+		return e.Code
+	}
+	return EINTERNAL
+}
+
+// ErrorMessage unwraps an application error and returns its message.
+// Non-application errors always return "Internal error".
+func ErrorMessage(err error) string {
+	var e *Error
+	if err == nil {
+		return ""
+	} else if errors.As(err, &e) {
+		return e.Message
+	}
+	return "Internal error."
+}
+
+// ErrorDebugInfo unwraps an application error and returns its debug message.
+func ErrorDebugInfo(err error) string {
+	var e *Error
+	if err == nil {
+		return ""
+	} else if errors.As(err, &e) {
+		return e.DebugInfo
+	}
+	return ""
+}
+
+// Errorf is a helper function to return an Error with a given code and formatted message.
+func Errorf(code string, format string, args ...any) *Error {
+	return &Error{
+		Code:    code,
+		Message: fmt.Sprintf(format, args...),
+	}
+}

api/global.go

@@ -15,10 +15,24 @@ import (
 	"k8s.io/client-go/kubernetes"
 )
 
+// contextKey represents an internal key for adding context fields.
+type contextKey int
+
+// List of context keys.
+// These are used to store request-scoped information.
 const (
-	UserIDHeaderKey = "X-User-ID"
+	// stores current logged in user
+	userContextKey contextKey = iota
 )
 
+// ContextUser carries basic information of the current logged in user
+type ContextUser struct {
+	ID    uuid.UUID
+	Email string
+}
+
+const UserIDHeaderKey = "X-User-ID"
+
 var SystemUserID *uuid.UUID
 var CanaryCheckerPath string
 var ApmHubPath string
@@ -61,10 +75,27 @@ func (c *Context) DB() *gorm.DB {
 	return c.db.WithContext(c.Context)
 }
 
+func (c *Context) WithUser(user *ContextUser) {
+	c.Context = gocontext.WithValue(c.Context, userContextKey, user)
+}
+
+func (c *Context) User() *ContextUser {
+	user, ok := c.Context.Value(userContextKey).(*ContextUser)
+	if !ok {
+		return nil
+	}
+
+	return user
+}
+
 func (c *Context) GetEnvVarValue(input types.EnvVar) (string, error) {
 	return duty.GetEnvValueFromCache(c.Kubernetes, input, c.Namespace)
 }
 
+func (ctx *Context) GetEnvValueFromCache(env types.EnvVar) (string, error) {
+	return duty.GetEnvValueFromCache(ctx.Kubernetes, env, ctx.Namespace)
+}
+
 func (c *Context) HydrateConnection(connectionName string) (*models.Connection, error) {
 	if connectionName == "" || !strings.HasPrefix(connectionName, "connection://") {
 		return nil, nil

api/http.go

@@ -1,11 +1,48 @@
 package api
 
+import (
+	"net/http"
+
+	"github.com/flanksource/commons/logger"
+	"github.com/labstack/echo/v4"
+)
+
 type HTTPError struct {
 	Error   string `json:"error"`
-	Message string `json:"message"`
+	Message string `json:"message,omitempty"`
 }
 
 type HTTPSuccess struct {
 	Message string `json:"message"`
 	Payload any    `json:"payload,omitempty"`
 }
+
+func WriteError(c echo.Context, err error) error {
+	code, message := ErrorCode(err), ErrorMessage(err)
+
+	if debugInfo := ErrorDebugInfo(err); debugInfo != "" {
+		logger.WithValues("code", code, "error", message).Errorf(debugInfo)
+	}
+
+	return c.JSON(ErrorStatusCode(code), &HTTPError{Error: message})
+}
+
+// lookup of application error codes to HTTP status codes.
+var codes = map[string]int{
+	ECONFLICT:       http.StatusConflict,
+	EINVALID:        http.StatusBadRequest,
+	ENOTFOUND:       http.StatusNotFound,
+	EFORBIDDEN:      http.StatusForbidden,
+	ENOTIMPLEMENTED: http.StatusNotImplemented,
+	EUNAUTHORIZED:   http.StatusUnauthorized,
+	EINTERNAL:       http.StatusInternalServerError,
+}
+
+// ErrorStatusCode returns the associated HTTP status code for an application error code.
+func ErrorStatusCode(code string) int {
+	if v, ok := codes[code]; ok {
+		return v
+	}
+
+	return http.StatusInternalServerError
+}

api/v1/playbook_actions.go

@@ -0,0 +1,142 @@
+package v1
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/flanksource/duty"
+	"github.com/flanksource/duty/models"
+	"github.com/flanksource/duty/types"
+	"k8s.io/client-go/kubernetes"
+)
+
+type ExecAction struct {
+	// Script can be a inline script or a path to a script that needs to be executed
+	// On windows executed via powershell and in darwin and linux executed using bash
+	Script      string          `yaml:"script" json:"script"`
+	Connections ExecConnections `yaml:"connections,omitempty" json:"connections,omitempty"`
+}
+
+type ExecConnections struct {
+	AWS   *AWSConnection   `yaml:"aws,omitempty" json:"aws,omitempty"`
+	GCP   *GCPConnection   `yaml:"gcp,omitempty" json:"gcp,omitempty"`
+	Azure *AzureConnection `yaml:"azure,omitempty" json:"azure,omitempty"`
+}
+
+type connectionContext interface {
+	context.Context
+	HydrateConnection(connectionName string) (*models.Connection, error)
+	GetEnvValueFromCache(env types.EnvVar) (string, error)
+}
+
+type GCPConnection struct {
+	// ConnectionName of the connection. It'll be used to populate the endpoint and credentials.
+	ConnectionName string        `yaml:"connection,omitempty" json:"connection,omitempty"`
+	Endpoint       string        `yaml:"endpoint" json:"endpoint,omitempty"`
+	Credentials    *types.EnvVar `yaml:"credentials" json:"credentials,omitempty"`
+}
+
+// HydrateConnection attempts to find the connection by name
+// and populate the endpoint and credentials.
+func (g *GCPConnection) HydrateConnection(ctx connectionContext) error {
+	connection, err := ctx.HydrateConnection(g.ConnectionName)
+	if err != nil {
+		return err
+	}
+
+	if connection != nil {
+		g.Credentials = &types.EnvVar{ValueStatic: connection.Certificate}
+		g.Endpoint = connection.URL
+	}
+
+	return nil
+}
+
+type AzureConnection struct {
+	ConnectionName string        `yaml:"connection,omitempty" json:"connection,omitempty"`
+	ClientID       *types.EnvVar `yaml:"clientID,omitempty" json:"clientID,omitempty"`
+	ClientSecret   *types.EnvVar `yaml:"clientSecret,omitempty" json:"clientSecret,omitempty"`
+	TenantID       string        `yaml:"tenantID,omitempty" json:"tenantID,omitempty"`
+}
+
+// HydrateConnection attempts to find the connection by name
+// and populate the endpoint and credentials.
+func (g *AzureConnection) HydrateConnection(ctx connectionContext) error {
+	connection, err := ctx.HydrateConnection(g.ConnectionName)
+	if err != nil {
+		return err
+	}
+
+	if connection != nil {
+		g.ClientID = &types.EnvVar{ValueStatic: connection.Username}
+		g.ClientSecret = &types.EnvVar{ValueStatic: connection.Password}
+		g.TenantID = connection.Properties["tenantID"]
+	}
+
+	return nil
+}
+
+type AWSConnection struct {
+	// ConnectionName of the connection. It'll be used to populate the endpoint, accessKey and secretKey.
+	ConnectionName string       `yaml:"connection,omitempty" json:"connection,omitempty"`
+	AccessKey      types.EnvVar `yaml:"accessKey" json:"accessKey,omitempty"`
+	SecretKey      types.EnvVar `yaml:"secretKey" json:"secretKey,omitempty"`
+	SessionToken   types.EnvVar `yaml:"sessionToken,omitempty" json:"sessionToken,omitempty"`
+	Region         string       `yaml:"region,omitempty" json:"region,omitempty"`
+	Endpoint       string       `yaml:"endpoint,omitempty" json:"endpoint,omitempty"`
+	// Skip TLS verify when connecting to aws
+	SkipTLSVerify bool `yaml:"skipTLSVerify,omitempty" json:"skipTLSVerify,omitempty"`
+	// glob path to restrict matches to a subset
+	ObjectPath string `yaml:"objectPath,omitempty" json:"objectPath,omitempty"`
+	// Use path style path: http://s3.amazonaws.com/BUCKET/KEY instead of http://BUCKET.s3.amazonaws.com/KEY
+	UsePathStyle bool `yaml:"usePathStyle,omitempty" json:"usePathStyle,omitempty"`
+}
+
+// Populate populates an AWSConnection with credentials and other information.
+// If a connection name is specified, it'll be used to populate the endpoint, accessKey and secretKey.
+func (t *AWSConnection) Populate(ctx connectionContext, k8s kubernetes.Interface, namespace string) error {
+	if t.ConnectionName != "" {
+		connection, err := ctx.HydrateConnection(t.ConnectionName)
+		if err != nil {
+			return fmt.Errorf("could not parse EC2 access key: %v", err)
+		}
+
+		t.AccessKey.ValueStatic = connection.Username
+		t.SecretKey.ValueStatic = connection.Password
+		if t.Endpoint == "" {
+			t.Endpoint = connection.URL
+		}
+
+		t.SkipTLSVerify = connection.InsecureTLS
+		if t.Region == "" {
+			if region, ok := connection.Properties["region"]; ok {
+				t.Region = region
+			}
+		}
+	}
+
+	if accessKey, err := duty.GetEnvValueFromCache(k8s, t.AccessKey, namespace); err != nil {
+		return fmt.Errorf("could not parse AWS access key id: %v", err)
+	} else {
+		t.AccessKey.ValueStatic = accessKey
+	}
+
+	if secretKey, err := duty.GetEnvValueFromCache(k8s, t.SecretKey, namespace); err != nil {
+		return fmt.Errorf(fmt.Sprintf("Could not parse AWS secret access key: %v", err))
+	} else {
+		t.SecretKey.ValueStatic = secretKey
+	}
+
+	if sessionToken, err := duty.GetEnvValueFromCache(k8s, t.SessionToken, namespace); err != nil {
+		return fmt.Errorf(fmt.Sprintf("Could not parse AWS session token: %v", err))
+	} else {
+		t.SessionToken.ValueStatic = sessionToken
+	}
+
+	return nil
+}
+
+type PlaybookAction struct {
+	Name string      `yaml:"name" json:"name"`
+	Exec *ExecAction `json:"exec,omitempty" yaml:"exec,omitempty"`
+}