tenant

package
v0.12.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 7, 2023 License: BSD-3-Clause Imports: 49 Imported by: 0

Documentation

Index

Constants

View Source
const ServiceName = "tenant"

Variables

This section is empty.

Functions

func FixtureEvents added in v0.9.0

func FixtureEvents() (events []*api.Event)

Return fake events

Types

type EnsignClient added in v0.7.0

type EnsignClient struct {
	// contains filtered or unexported fields
}

EnsignClient wraps an Ensign SDK client for specific usage. This is not strictly necessary but it allows us to specify how Tenant is interacting with Ensign. For example, in request handlers we want to make Ensign requests with the user's permissions which requires per-rpc authentication.

func NewEnsignClient added in v0.7.0

func NewEnsignClient(conf config.SDKConfig) (ensign *EnsignClient, err error)

NewEnsignClient creates an Ensign client from the configuration

func (*EnsignClient) GetMockServer added in v0.8.0

func (c *EnsignClient) GetMockServer() *mock.Ensign

Expose the mock server to the tests

func (*EnsignClient) InvokeOnce added in v0.7.0

func (c *EnsignClient) InvokeOnce(token string) *sdk.Client

InvokeOnce exposes a clone of the SDK client for a single call using the provided token for per-rpc authentication. This should be used in request handlers where Ensign requests are made on behalf of the user.

func (*EnsignClient) Subscribe added in v0.7.1

func (c *EnsignClient) Subscribe(topic string) (sub *sdk.Subscription, err error)

Subscribe uses the credentials in the client to subscribe to a topic and returns the subscriber channel.

func (*EnsignClient) WaitForReady added in v0.7.1

func (c *EnsignClient) WaitForReady() (attempts int, err error)

WaitForReady is a client-side wait that blocks until the Ensign server is ready to accept requests or the timeout is exceeded.

type Server

type Server struct {
	service.Server
	// contains filtered or unexported fields
}

Server implements the service.Service interface and provides handlers to respond to Tenant-specific API routes and requests.

func New

func New(conf config.Config) (s *Server, err error)

func (*Server) APIKeyCreate added in v0.2.0

func (s *Server) APIKeyCreate(c *gin.Context)

TODO: Implement by factoring out common code from ProjectAPIKeyCreate

func (*Server) APIKeyDelete added in v0.2.0

func (s *Server) APIKeyDelete(c *gin.Context)

APIKeyDelete deletes an API key by forwarding the request to Quarterdeck.

Route: DELETE /v1/apikeys/:apiKeyID

func (*Server) APIKeyDetail added in v0.2.0

func (s *Server) APIKeyDetail(c *gin.Context)

APIKeyDetail returns details about a specific API key.

Route: GET /v1/apikeys/:apiKeyID

func (*Server) APIKeyList added in v0.2.0

func (s *Server) APIKeyList(c *gin.Context)

TODO: Implement by factoring out common code from ProjectAPIKeyCreate

func (*Server) APIKeyPermissions added in v0.5.0

func (s *Server) APIKeyPermissions(c *gin.Context)

APIKeyPermissions returns the API key permissions available to the user by forwarding the request to Quarterdeck.

Route: GET /v1/apikeys/permissions

func (*Server) APIKeyUpdate added in v0.2.0

func (s *Server) APIKeyUpdate(c *gin.Context)

APIKeyUpdate updates an API key by forwarding the request to Quarterdeck.

Route: PUT /v1/apikeys/:apiKeyID

func (*Server) Available

func (s *Server) Available() gin.HandlerFunc

Available is middleware that uses healthy boolean to return a service unavailable http status code if the server is shutting down or in maintenance mode. This middleware must be fairly early on in the chain to ensure that complex handling does not slow the shutdown of the server.

func (*Server) EnsignProjectToken added in v0.8.0

func (s *Server) EnsignProjectToken(ctx context.Context, userID, projectID ulid.ULID) (_ string, err error)

EnsignProjectToken is a helper method to request access to an Ensign project on behalf of a user. This type of access is different from API keys; it requires obtaining a short-lived access token from the Quarterdeck service by providing user credentials. It also only carries permissions for managing topics (e.g. no pub/sub) based on the permissions the user had when the token was issued. This method makes an external request to Quarterdeck but uses a cache to avoid repeated requests. This method only returns an error if the request to Quarterdeck fails.

func (*Server) ForgotPassword added in v0.11.0

func (s *Server) ForgotPassword(c *gin.Context)

ForgotPassword is a publicly accessible endpoint that allows users to request a password reset by forwarding a POST request with an email address to Quarterdeck. If the email exists in the database then an email is sent to the user with a password reset link. This endpoint always returns a 204 No Content response to prevent revealing information about registered email addresses and users.

Route: POST /v1/forgot-password

func (*Server) GetEnsignClient added in v0.8.0

func (s *Server) GetEnsignClient() *EnsignClient

Expose the Ensign client to the tests (only allowed in testing mode).

func (*Server) GetTaskManager added in v0.5.2

func (s *Server) GetTaskManager() *radish.TaskManager

Expose the task manager to the tests (only allowed in testing mode).

func (*Server) InviteAccept added in v0.10.0

func (s *Server) InviteAccept(c *gin.Context)

InviteAccept is an authenticated endpoint to accept an invitation to join an organization. The invitation token must be provided in the request body, and the email in the user claims must match the email address in the token. If the invitation is invalid this endpoint returns a 404. If successful, the user is logged into the organization and credentials are set as cookies. Frontends should use this endpoint when a user is already logged in and is accepting an invitation. If the user is not logged in, the Login endpoint should be used instead.

Route: /invites/accept

func (*Server) InvitePreview added in v0.5.2

func (s *Server) InvitePreview(c *gin.Context)

InvitePreview returns "preview" information about an invite given a token. This endpoint must not be authenticated because unauthorized users should be able to accept organization invitations. Frontends should use this endpoint to validate an invitation token after the user has clicked on an invitation link in their email. The preview must contain enough information so the user knows which organization they are joining and also whether or not the email address is already registered to an account. This allows frontends to know whether or not to prompt the user to login or to create a new account.

Route: /invites/:token

func (*Server) Login added in v0.3.0

func (s *Server) Login(c *gin.Context)

Login is a publically accessible endpoint that allows users to login into their account via Quarterdeck and receive access and refresh tokens for future requests. Access and refresh tokens are set in the cookies for the convenience of frontends.

Route: POST /v1/login

func (*Server) MaintenanceRoutes added in v0.5.2

func (s *Server) MaintenanceRoutes(router *gin.Engine) (err error)

func (*Server) MemberCreate added in v0.2.0

func (s *Server) MemberCreate(c *gin.Context)

MemberCreate starts the team member invitation process by forwarding the request to Quarterdeck. If successful, an invitation email is sent to the email address in the request and a unverified member is created in Trtl, returning a 201 Created response.

Route: /member

func (*Server) MemberDelete added in v0.2.0

func (s *Server) MemberDelete(c *gin.Context)

MemberDelete attempts to delete a team member from an organization by forwarding the request to Quarterdeck. If the deleted field is set to true in the Quarterdeck response, the team member is deleted from the Tenant database. If the deleted field is not set in the response, then additional confirmation is required from the user so this endpoint returns the confirmation details which includes a token. The token must be provided to the MemberDeleteConfirm endpoint to complete the delete. Otherwise, the team member is not deleted.

Route: /member/:memberID

func (*Server) MemberDetail added in v0.2.0

func (s *Server) MemberDetail(c *gin.Context)

MemberDetail retrieves a summary detail of a member by its ID and returns a 200 OK response.

Route: /member/:memberID

func (*Server) MemberList added in v0.2.0

func (s *Server) MemberList(c *gin.Context)

MemberList retrieves members assigned to a specified organization and returns a 200 OK response.

Route: /member

func (*Server) MemberRoleUpdate added in v0.5.2

func (s *Server) MemberRoleUpdate(c *gin.Context)

func (*Server) MemberUpdate added in v0.2.0

func (s *Server) MemberUpdate(c *gin.Context)

MemberUpdate updates the record of a member with a given ID. This endpoint is used to update metadata for team members but does not allow user profile information to be updated. Multiple errors may be returned if there are multiple errors in the profile.

route: /member/:memberID

func (*Server) OrganizationDetail added in v0.4.0

func (s *Server) OrganizationDetail(c *gin.Context)

Organization Detail fetches the details for an organization from Quarterdeck.

Route: GET /v1/organizations/:orgID

func (*Server) OrganizationList added in v0.5.2

func (s *Server) OrganizationList(c *gin.Context)

OrganizationList fetches the list of organizations the authenticated user is a part of from Quarterdeck.

Route: GET /v1/organization

func (*Server) ProfileDetail added in v0.10.0

func (s *Server) ProfileDetail(c *gin.Context)

ProfileDetail retrieves profile information for the authenticated user based on their current claims.

Route: GET /profile

func (*Server) ProfileUpdate added in v0.10.0

func (s *Server) ProfileUpdate(c *gin.Context)

ProfileUpdate allows a user to update their own profile information within the context of their current logged in organization. This endpoint is also used to update profile information during the onboarding process, so it may make a request to Quarterdeck to update organization info for new users. Multiple errors may be returned if there are multiple errors in the onboarding information.

Route: PUT /profile

func (*Server) ProjectAPIKeyCreate added in v0.2.0

func (s *Server) ProjectAPIKeyCreate(c *gin.Context)

ProjectAPIKeyCreate creates a new API key in a project by forwarding the request to Quarterdeck.

Route: POST /v1/projects/:projectID/apikeys

func (*Server) ProjectAPIKeyList added in v0.2.0

func (s *Server) ProjectAPIKeyList(c *gin.Context)

ProjectAPIKeyList lists API keys in the specified project by forwarding the request to Quarterdeck.

Route: GET /v1/projects/:projectID/apikeys

func (*Server) ProjectCreate added in v0.2.0

func (s *Server) ProjectCreate(c *gin.Context)

ProjectCreate adds a new project to an organization in the database and returns a 201 StatusCreated response.

Route: /project

func (*Server) ProjectDelete added in v0.2.0

func (s *Server) ProjectDelete(c *gin.Context)

ProjectDelete deletes a project from a user's request with a given ID and returns a 200 OK response instead of an error response.

Route: /project/:projectID

func (*Server) ProjectDetail added in v0.2.0

func (s *Server) ProjectDetail(c *gin.Context)

ProjectDetail retrieves a summary detail of a project by its ID and returns a 200 OK response.

Route: /project/:projectID

func (*Server) ProjectList added in v0.2.0

func (s *Server) ProjectList(c *gin.Context)

ProjectList retrieves projects assigned to a specified organization and returns a 200 OK response.

Route: /projects

func (*Server) ProjectPatch added in v0.7.0

func (s *Server) ProjectPatch(c *gin.Context)

ProjectPatch applies a partial update to a project identified by the project ID in the URL and the tenant ID in the request body.

Route: /project/:projectID

func (*Server) ProjectQuery added in v0.9.0

func (s *Server) ProjectQuery(c *gin.Context)

ProjectQuery executes simple queries on topics in a project using enSQL. This endpoint forwards the query to Ensign and a limited number of results to the client. Clients that require more results or complex queries should use the SDKs instead.

Route: /projects/:projectID/query

func (*Server) ProjectTopicCreate added in v0.2.0

func (s *Server) ProjectTopicCreate(c *gin.Context)

ProjectTopicCreate adds a topic to a project in the database and returns a 201 StatusCreated response.

Route: /projects/:projectID/topics

func (*Server) ProjectTopicList added in v0.2.0

func (s *Server) ProjectTopicList(c *gin.Context)

ProjectTopicList retrieves topics assigned to a specified project and returns a 200 OK response.

Route: /projects/:projectID/topics

func (*Server) ProjectUpdate added in v0.2.0

func (s *Server) ProjectUpdate(c *gin.Context)

ProjectUpdate updates the record of a project with a given ID and returns a 200 OK response.

Route: /project/:projectID

func (*Server) ProtectLogin added in v0.2.0

func (s *Server) ProtectLogin(c *gin.Context)

ProtectLogin prepares the front-end for login by setting the double cookie tokens for CSRF protection.

func (*Server) Refresh added in v0.3.0

func (s *Server) Refresh(c *gin.Context)

Refresh is a publicly accessible endpoint that allows users to refresh their access token using their refresh token. This enables frontend clients to provide a seamless login experience for the user.

Route: POST /v1/refresh

func (*Server) Register added in v0.3.0

func (s *Server) Register(c *gin.Context)

Register is a publicly accessible endpoint that allows new users to create an account via Quarterdeck by providing an email address and password.

Route: POST /v1/register

func (*Server) ResendEmail added in v0.10.0

func (s *Server) ResendEmail(c *gin.Context)

ResendEmail is a publicly accessible endpoint that allows users to resend emails to the email address in the POST request by forwarding the request to Quarterdeck. If the email address belongs to a user who has not been verified then this endpoint will send a new verification email by forwarding the request to Quarterdeck. If there is an orgID in the request and the user is invited to that organization but has not accepted the invite then the invitation email is resent. Because this is an unauthenticated endpoint, it always returns a 204 No Content response to prevent revealing information about registered email addresses and users.

Route: POST /v1/resend

func (*Server) ResetCache added in v0.8.0

func (s *Server) ResetCache()

Reset the cache from the tests (only allowed in testing mode)

func (*Server) ResetPassword added in v0.11.0

func (s *Server) ResetPassword(c *gin.Context)

ResetPassword is a publicly accessible endpoint that allows users to reset their password by forwarding a POST request with a reset token and a new password to Quarterdeck. If the password reset was successful then this endpoint returns a confirmation email to the user and a 204 No Content response.

Route: POST /v1/reset-password

func (*Server) ResetTaskManager added in v0.5.2

func (s *Server) ResetTaskManager()

Reset the task manager from the tests (only allowed in testing mode)

func (*Server) Routes added in v0.4.0

func (s *Server) Routes(router *gin.Engine) (err error)

Sets up the server's middleware and routes

func (*Server) Setup added in v0.4.0

func (s *Server) Setup() (err error)

Setup the server before the routes are configured.

func (*Server) Started added in v0.4.0

func (s *Server) Started() (err error)

Called when the server has been started and is ready.

func (*Server) Status

func (s *Server) Status(c *gin.Context)

Status handler returns the current health status of the server

func (*Server) Stop added in v0.4.0

func (s *Server) Stop(context.Context) (err error)

Cleanup when the server is being shutdown. Note that in tests you should call Shutdown() to ensure the server stops and not this method.

func (*Server) Switch added in v0.5.2

func (s *Server) Switch(c *gin.Context)

Switch is an authenticated endpoint that allows human users to switch between organizations that they are a member of. This exists to allow users to fetch new access and refresh tokens without having to re-enter their credentials. This endpoint is not available to machine users with API key credentials, since API keys can only exist in one project in one organization. If the user is already authenticated with the requested organization, this endpoint returns an error. The refresh endpoint should be used if the access token simply needs to be refreshed.

func (*Server) TenantCreate added in v0.2.0

func (s *Server) TenantCreate(c *gin.Context)

TenantCreate adds a new tenant to the database and returns a 201 StatusCreated response.

Route: /tenant

func (*Server) TenantDelete added in v0.2.0

func (s *Server) TenantDelete(c *gin.Context)

TenantDelete deletes a tenant from a user's request with a given ID and returns a 200 OK response instead of an an error response.

Route: /tenant/:tenantID

func (*Server) TenantDetail added in v0.2.0

func (s *Server) TenantDetail(c *gin.Context)

TenantDetail retrieves a summary detail of a tenant by its ID and returns a 200 OK response.

Route: /tenant/:tenantID

func (*Server) TenantList added in v0.2.0

func (s *Server) TenantList(c *gin.Context)

TenantList retrieves tenants assigned to a specified organization and returns a 200 OK response.

Route: /tenant

func (*Server) TenantProjectCreate added in v0.2.0

func (s *Server) TenantProjectCreate(c *gin.Context)

TenantProjectCreate adds a new tenant project to the database and returns a 201 StatusCreated response.

Route: /tenant/:tenantID/projects

func (*Server) TenantProjectList added in v0.2.0

func (s *Server) TenantProjectList(c *gin.Context)

TenantProjectList retrieves projects assigned to a specified tenant and returns a 200 OK response.

Route: /tenant/:tenantID/projects

func (*Server) TenantProjectPatch added in v0.7.0

func (s *Server) TenantProjectPatch(c *gin.Context)

TenantProjectPatch applies a partial update to a project identified by the tenantID and projectID in the URL.

Route: /tenant/:tenantID/projects/:projectID

func (*Server) TenantStats added in v0.3.0

func (s *Server) TenantStats(c *gin.Context)

TenantStats is a statistical view endpoint which returns high level counts of resources associated with a single Tenant.

Route: /tenant/:tenantID/stats

func (*Server) TenantUpdate added in v0.2.0

func (s *Server) TenantUpdate(c *gin.Context)

TenantUpdate will update a tenants record and returns a 200 OK response.

Route: /tenant/:tenantID

func (*Server) TopicCreate added in v0.2.0

func (s *Server) TopicCreate(c *gin.Context)

Route: /topics

func (*Server) TopicDelete added in v0.2.0

func (s *Server) TopicDelete(c *gin.Context)

TopicDelete completely destroys a topic, removing the metadata in Trtl and as well as all of the data in Ensign. Because this is irreversible, the first call returns a confirmation token to the user. The user must provide this token in a subsequent request in order to confirm the deletion. Because this operation is asynchronous, the endpoint returns a 202 Accepted response.

Route: /topic/:topicID

func (*Server) TopicDetail

func (s *Server) TopicDetail(c *gin.Context)

TopicDetail retrieves a summary detail of a topic with a given ID and returns a 200 OK response.

Route: /topic/:topicID

func (*Server) TopicEvents added in v0.9.0

func (s *Server) TopicEvents(c *gin.Context)

TopicEvents returns an event info "breakdown" for the topic, which includes info about all of the schema Types in the topic and the number of events and storage each schema Type contributes to.

Route: /topic/:topicID/events

func (*Server) TopicList

func (s *Server) TopicList(c *gin.Context)

TopicList retrieves topics assigned to a specified organization and returns a 200 OK response.

Route: /topics

func (*Server) TopicStats added in v0.8.0

func (s *Server) TopicStats(c *gin.Context)

TopicStats returns a snapshot of statistics for a topic with a given ID in a 200 OK response.

Route: /topic/:topicID/stats

func (*Server) TopicUpdate added in v0.2.0

func (s *Server) TopicUpdate(c *gin.Context)

TopicUpdate updates the record of a topic with a given ID and returns a 200 OK response. The editable fields are the topic name and state, although the topic state can only be set to READONLY which archives the topic.

Route: /topic/:topicID

func (*Server) UpdateProjectStats added in v0.7.0

func (s *Server) UpdateProjectStats(ctx context.Context, userID, projectID ulid.ULID) (err error)

UpdateProjectStats updates the stat fields on a project by performing readonly queries to Quarterdeck and Ensign. Because this requires a few RPCs, it should be called in a background task where possible to avoid blocking user requests. The context passed to this method must contain authentication credentials in order to query Quarterdeck which must include the topics:read and projects:read permissions. TODO: This data can be updated asynchronously once the Ensign "meta" topics are up and running.

func (*Server) VerifyEmail added in v0.5.0

func (s *Server) VerifyEmail(c *gin.Context)

VerifyEmail is a publicly accessible endpoint that allows users to verify their email address by supplying a token that was sent to their email address. If the token has already been verified, this endpoint returns a 202 Accepted response.

Route: POST /v1/verify

type TopicSubscriber added in v0.7.1

type TopicSubscriber struct {
	// contains filtered or unexported fields
}

TopicSubscriber is a struct with a go routine that subscribes to the Ensign "meta topic" topic and applies asynchronous updates to the topics in the Tenant database.

func NewTopicSubscriber added in v0.7.1

func NewTopicSubscriber(conf config.MetaTopicConfig) (sub *TopicSubscriber, err error)

func (*TopicSubscriber) GetEnsignClient added in v0.8.0

func (s *TopicSubscriber) GetEnsignClient() *EnsignClient

Expose the Ensign client for testing purposes.

func (*TopicSubscriber) Run added in v0.7.1

func (s *TopicSubscriber) Run(wg *sync.WaitGroup) error

Run the topic subscriber under the waitgroup. This allows the caller to wait for the subscriber to graacefully exit after calling Stop().

func (*TopicSubscriber) Stop added in v0.7.1

func (s *TopicSubscriber) Stop()

Stop the topic subscriber.

func (*TopicSubscriber) Subscribe added in v0.7.1

func (s *TopicSubscriber) Subscribe()

Directories

Path Synopsis
api
v1

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL