diff --git a/daemon/daemonapi/delete_object_kvstore_entry.go b/daemon/daemonapi/delete_object_kvstore_entry.go index 9ed28ed39..2b4802062 100644 --- a/daemon/daemonapi/delete_object_kvstore_entry.go +++ b/daemon/daemonapi/delete_object_kvstore_entry.go @@ -10,13 +10,12 @@ import ( "github.com/opensvc/om3/core/naming" "github.com/opensvc/om3/core/object" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) DeleteObjectKVStoreEntry(ctx echo.Context, namespace string, kind naming.Kind, name string, params api.DeleteObjectKVStoreEntryParams) error { log := LogHandler(ctx, "DeleteObjectKVStoreEntry") - if v, err := assertGrant(ctx, rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot); !v { + if v, err := assertAdmin(ctx, namespace); !v { return err } diff --git a/daemon/daemonapi/get_cluster_config_file.go b/daemon/daemonapi/get_cluster_config_file.go index 3347a1347..5eeac4b65 100644 --- a/daemon/daemonapi/get_cluster_config_file.go +++ b/daemon/daemonapi/get_cluster_config_file.go @@ -12,6 +12,9 @@ import ( ) func (a *DaemonAPI) GetClusterConfigFile(ctx echo.Context) error { + if v, err := assertRoot(ctx); !v { + return err + } logName := "GetClusterConfigFile" log := LogHandler(ctx, logName) log.Debugf("%s: starting", logName) diff --git a/daemon/daemonapi/get_daemon_events.go b/daemon/daemonapi/get_daemon_events.go index 92a994ce5..6c8e80ab8 100644 --- a/daemon/daemonapi/get_daemon_events.go +++ b/daemon/daemonapi/get_daemon_events.go @@ -143,7 +143,7 @@ func (a *DaemonAPI) getPeerDaemonEvents(ctx echo.Context, nodename string, param // getLocalDaemonEvents handles streaming local daemon events based on provided filters, selectors, and parameters. func (a *DaemonAPI) getLocalDaemonEvents(ctx echo.Context, params api.GetDaemonEventsParams) error { - if v, err := assertRole(ctx, rbac.RoleRoot, rbac.RoleJoin, rbac.RoleLeave); err != nil { + if v, err := assertRole(ctx, rbac.RoleGuest, rbac.RoleOperator, rbac.RoleAdmin, rbac.RoleRoot, rbac.RoleJoin, rbac.RoleLeave); err != nil { return err } else if !v { return nil @@ -181,6 +181,9 @@ func (a *DaemonAPI) getLocalDaemonEvents(ctx echo.Context, params api.GetDaemonE evCtx = ctx.Request().Context() cancel context.CancelFunc ) + hasRoot := grantsFromContext(ctx).HasRole(rbac.RoleRoot) + userGrants := grantsFromContext(ctx) + log := LogHandler(ctx, handlerName) log.Debugf("starting") defer log.Debugf("done") @@ -208,6 +211,19 @@ func (a *DaemonAPI) getLocalDaemonEvents(ctx echo.Context, params api.GetDaemonE return false } + // isAllowed returns false if a message has a namespace label that + // doesn't match any of the user's guest grant. + isAllowed := func(msg pubsub.Messager) bool { + if hasRoot { + return true + } + labels := msg.GetLabels() + if namespace, ok := labels["namespace"]; ok { + return userGrants.Has(rbac.RoleGuest, namespace) + } + return true + } + // isSelected returns true when msg has path label that is selected or // doesn't have a path label. isSelected := func(msg pubsub.Messager) bool { @@ -393,6 +409,11 @@ func (a *DaemonAPI) getLocalDaemonEvents(ctx echo.Context, params api.GetDaemonE case <-evCtx.Done(): return nil case i := <-sub.C: + if ev, ok := i.(pubsub.Messager); ok { + if !isAllowed(ev) { + continue + } + } if hasSelector { switch ev := i.(type) { case *msgbus.ObjectCreated: diff --git a/daemon/daemonapi/get_daemon_status.go b/daemon/daemonapi/get_daemon_status.go index b31aea698..dec69dde4 100644 --- a/daemon/daemonapi/get_daemon_status.go +++ b/daemon/daemonapi/get_daemon_status.go @@ -30,6 +30,9 @@ var ( // // Serve 2s cached data. func (a *DaemonAPI) GetDaemonStatus(ctx echo.Context, params api.GetDaemonStatusParams) error { + if v, err := assertRoot(ctx); !v { + return err + } now := time.Now() subRefreshed.Lock() if now.After(subRefreshed.updated.Add(daemonRefreshInterval)) { diff --git a/daemon/daemonapi/get_dns_dump.go b/daemon/daemonapi/get_dns_dump.go index a8aa0944c..c9387f142 100644 --- a/daemon/daemonapi/get_dns_dump.go +++ b/daemon/daemonapi/get_dns_dump.go @@ -10,5 +10,8 @@ import ( // GetDNSDump returns the DNS zone content. func (a *DaemonAPI) GetDNSDump(ctx echo.Context) error { + if v, err := assertRoot(ctx); !v { + return err + } return ctx.JSON(http.StatusOK, dns.GetZone()) } diff --git a/daemon/daemonapi/get_instance.go b/daemon/daemonapi/get_instance.go index c3537fd7c..7875848c1 100644 --- a/daemon/daemonapi/get_instance.go +++ b/daemon/daemonapi/get_instance.go @@ -31,6 +31,10 @@ func (a *DaemonAPI) GetInstances(ctx echo.Context, params api.GetInstancesParams if !meta.HasNode(config.Node) { continue } + if _, err := assertGuest(ctx, config.Path.Namespace); err != nil { + continue + } + monitor := instance.MonitorData.GetByPathAndNode(config.Path, config.Node) status := instance.StatusData.GetByPathAndNode(config.Path, config.Node) d := api.InstanceItem{ diff --git a/daemon/daemonapi/get_instance_config_file.go b/daemon/daemonapi/get_instance_config_file.go index f799ca373..97a6c06bd 100644 --- a/daemon/daemonapi/get_instance_config_file.go +++ b/daemon/daemonapi/get_instance_config_file.go @@ -13,6 +13,9 @@ import ( ) func (a *DaemonAPI) GetInstanceConfigFile(ctx echo.Context, nodename, namespace string, kind naming.Kind, name string) error { + if _, err := assertGuest(ctx, namespace); err != nil { + return err + } if a.localhost == nodename { logName := "GetInstanceConfigFile" log := LogHandler(ctx, logName) diff --git a/daemon/daemonapi/get_instance_resource_info.go b/daemon/daemonapi/get_instance_resource_info.go index 033ff725b..e23459d8d 100644 --- a/daemon/daemonapi/get_instance_resource_info.go +++ b/daemon/daemonapi/get_instance_resource_info.go @@ -15,6 +15,9 @@ import ( ) func (a *DaemonAPI) GetInstanceResourceInfo(ctx echo.Context, nodename, namespace string, kind naming.Kind, name string) error { + if _, err := assertGuest(ctx, namespace); err != nil { + return err + } if a.localhost == nodename { return a.getLocalInstanceResourceInfo(ctx, namespace, kind, name) } diff --git a/daemon/daemonapi/get_instance_schedule.go b/daemon/daemonapi/get_instance_schedule.go index 5c59db630..b32152ceb 100644 --- a/daemon/daemonapi/get_instance_schedule.go +++ b/daemon/daemonapi/get_instance_schedule.go @@ -11,6 +11,9 @@ import ( ) func (a *DaemonAPI) GetInstanceSchedule(ctx echo.Context, nodename, namespace string, kind naming.Kind, name string) error { + if _, err := assertGuest(ctx, namespace); err != nil { + return err + } if a.localhost == nodename { return a.getLocalInstanceSchedule(ctx, namespace, kind, name) } diff --git a/daemon/daemonapi/get_instances_logs.go b/daemon/daemonapi/get_instances_logs.go index 6e1e4cb30..d06c1ab9d 100644 --- a/daemon/daemonapi/get_instances_logs.go +++ b/daemon/daemonapi/get_instances_logs.go @@ -10,6 +10,9 @@ import ( ) func (a *DaemonAPI) GetInstanceLogs(ctx echo.Context, nodename string, namespace string, kind naming.Kind, name string, params api.GetInstanceLogsParams) error { + if _, err := assertGuest(ctx, namespace); err != nil { + return err + } p, err := naming.NewPath(namespace, kind, name) if err != nil { JSONProblemf(ctx, http.StatusBadRequest, "Invalid parameter", "%s", err) diff --git a/daemon/daemonapi/get_network.go b/daemon/daemonapi/get_network.go index 7522f2c70..43415ee87 100644 --- a/daemon/daemonapi/get_network.go +++ b/daemon/daemonapi/get_network.go @@ -13,6 +13,9 @@ import ( // GetNetworks returns network status list. func (a *DaemonAPI) GetNetworks(ctx echo.Context, params api.GetNetworksParams) error { + if _, err := assertRoot(ctx); err != nil { + return err + } var items api.NetworkItems n, err := object.NewNode(object.WithVolatile(true)) if err != nil { diff --git a/daemon/daemonapi/get_network_ip.go b/daemon/daemonapi/get_network_ip.go index b65413420..ab8839cc6 100644 --- a/daemon/daemonapi/get_network_ip.go +++ b/daemon/daemonapi/get_network_ip.go @@ -40,6 +40,9 @@ func GetClusterIPs() clusterip.L { // GetNetworkIP returns network status list. func (a *DaemonAPI) GetNetworkIP(ctx echo.Context, params api.GetNetworkIPParams) error { + if _, err := assertRoot(ctx); err != nil { + return err + } n, err := object.NewNode(object.WithVolatile(true)) if err != nil { return JSONProblemf(ctx, http.StatusInternalServerError, "Failed to allocate a new object.Node", fmt.Sprint(err)) diff --git a/daemon/daemonapi/get_node.go b/daemon/daemonapi/get_node.go index fc65fa114..5f293ab87 100644 --- a/daemon/daemonapi/get_node.go +++ b/daemon/daemonapi/get_node.go @@ -10,6 +10,9 @@ import ( ) func (a *DaemonAPI) GetNodes(ctx echo.Context, params api.GetNodesParams) error { + if _, err := assertRoot(ctx); err != nil { + return err + } meta := Meta{ Context: ctx, Node: params.Node, diff --git a/daemon/daemonapi/get_node_capabilities.go b/daemon/daemonapi/get_node_capabilities.go index bf63608bd..2845eee17 100644 --- a/daemon/daemonapi/get_node_capabilities.go +++ b/daemon/daemonapi/get_node_capabilities.go @@ -11,6 +11,9 @@ import ( ) func (a *DaemonAPI) GetNodeCapabilities(ctx echo.Context, nodename string) error { + if _, err := assertRoot(ctx); err != nil { + return err + } if a.localhost == nodename { return a.getLocalCapabilities(ctx) } diff --git a/daemon/daemonapi/get_node_config.go b/daemon/daemonapi/get_node_config.go index 04ecda580..cd9d8bb8a 100644 --- a/daemon/daemonapi/get_node_config.go +++ b/daemon/daemonapi/get_node_config.go @@ -14,6 +14,9 @@ import ( ) func (a *DaemonAPI) GetNodeConfig(ctx echo.Context, nodename string, params api.GetNodeConfigParams) error { + if _, err := assertRoot(ctx); err != nil { + return err + } if a.localhost == nodename { return a.GetLocalNodeConfig(ctx, nodename, params) } diff --git a/daemon/daemonapi/get_node_config_file.go b/daemon/daemonapi/get_node_config_file.go index fea290bfd..641910789 100644 --- a/daemon/daemonapi/get_node_config_file.go +++ b/daemon/daemonapi/get_node_config_file.go @@ -9,12 +9,11 @@ import ( "github.com/opensvc/om3/core/client" "github.com/opensvc/om3/core/rawconfig" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" "github.com/opensvc/om3/util/file" ) func (a *DaemonAPI) GetNodeConfigFile(ctx echo.Context, nodename string) error { - if v, err := assertRole(ctx, rbac.RoleRoot); !v { + if _, err := assertRoot(ctx); err != nil { return err } if a.localhost == nodename { diff --git a/daemon/daemonapi/get_node_config_get.go b/daemon/daemonapi/get_node_config_get.go index 2509b9c0c..58d10fdf4 100644 --- a/daemon/daemonapi/get_node_config_get.go +++ b/daemon/daemonapi/get_node_config_get.go @@ -8,14 +8,13 @@ import ( "github.com/opensvc/om3/core/clusternode" "github.com/opensvc/om3/core/object" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" "github.com/opensvc/om3/util/key" ) func (a *DaemonAPI) GetNodeConfigGet(ctx echo.Context, nodename string, params api.GetNodeConfigGetParams) error { //log := LogHandler(ctx, "GetNodeConfigGet") - if v, err := assertGrant(ctx, rbac.GrantRoot); !v { + if _, err := assertRoot(ctx); err != nil { return err } diff --git a/daemon/daemonapi/get_node_drbd_allocation.go b/daemon/daemonapi/get_node_drbd_allocation.go index d9bff0c65..811170507 100644 --- a/daemon/daemonapi/get_node_drbd_allocation.go +++ b/daemon/daemonapi/get_node_drbd_allocation.go @@ -10,7 +10,6 @@ import ( "github.com/opensvc/om3/core/client" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" "github.com/opensvc/om3/util/drbd" ) @@ -75,7 +74,7 @@ func init() { } func (a *DaemonAPI) GetNodeDRBDAllocation(ctx echo.Context, nodename string) error { - if v, err := assertGrant(ctx, rbac.GrantRoot); !v { + if _, err := assertRoot(ctx); err != nil { return err } if a.localhost == nodename { diff --git a/daemon/daemonapi/get_node_drbd_config.go b/daemon/daemonapi/get_node_drbd_config.go index 16c8348d7..d0e9bed65 100644 --- a/daemon/daemonapi/get_node_drbd_config.go +++ b/daemon/daemonapi/get_node_drbd_config.go @@ -10,19 +10,18 @@ import ( "github.com/opensvc/om3/core/client" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) GetNodeDRBDConfig(ctx echo.Context, nodename string, params api.GetNodeDRBDConfigParams) error { + if _, err := assertRoot(ctx); err != nil { + return err + } log := LogHandler(ctx, "GetNodeDRBDConfig") log.Debugf("starting") if params.Name == "" { log.Warnf("invalid file name: %s", params.Name) return JSONProblemf(ctx, http.StatusBadRequest, "Invalid parameter", "invalid file name: %s", params.Name) } - if v, err := assertGrant(ctx, rbac.GrantRoot); !v { - return err - } if a.localhost == nodename { return a.getLocalDRBDConfig(ctx, params) } diff --git a/daemon/daemonapi/get_node_drivers.go b/daemon/daemonapi/get_node_drivers.go index 8c488f5bb..2a42c24a2 100644 --- a/daemon/daemonapi/get_node_drivers.go +++ b/daemon/daemonapi/get_node_drivers.go @@ -12,6 +12,9 @@ import ( ) func (a *DaemonAPI) GetNodeDriver(ctx echo.Context, nodename api.InPathNodeName) error { + if _, err := assertRoot(ctx); err != nil { + return err + } if a.localhost == nodename { return a.getLocalNodeDriver(ctx) } diff --git a/daemon/daemonapi/get_node_logs.go b/daemon/daemonapi/get_node_logs.go index 223302ead..3f79b331c 100644 --- a/daemon/daemonapi/get_node_logs.go +++ b/daemon/daemonapi/get_node_logs.go @@ -20,6 +20,9 @@ import ( // GetNodeLogs feeds publications in rss format. func (a *DaemonAPI) GetNodeLogs(ctx echo.Context, nodename string, params api.GetNodeLogsParams) error { + if _, err := assertRoot(ctx); err != nil { + return err + } if nodename == a.localhost || nodename == "localhost" { return a.getLocalNodeLogs(ctx, params) } else if !clusternode.Has(nodename) { diff --git a/daemon/daemonapi/get_node_ping.go b/daemon/daemonapi/get_node_ping.go index b2f8addba..14ef08c45 100644 --- a/daemon/daemonapi/get_node_ping.go +++ b/daemon/daemonapi/get_node_ping.go @@ -10,6 +10,9 @@ import ( ) func (a *DaemonAPI) GetNodePing(ctx echo.Context, nodename api.InPathNodeName) error { + if _, err := assertRoot(ctx); err != nil { + return err + } if a.localhost == nodename { return a.getLocalNodePing(ctx) } diff --git a/daemon/daemonapi/get_node_schedule.go b/daemon/daemonapi/get_node_schedule.go index 282b378f5..520daf381 100644 --- a/daemon/daemonapi/get_node_schedule.go +++ b/daemon/daemonapi/get_node_schedule.go @@ -12,6 +12,9 @@ import ( ) func (a *DaemonAPI) GetNodeSchedule(ctx echo.Context, nodename string) error { + if _, err := assertRoot(ctx); err != nil { + return err + } if a.localhost == nodename { return a.getLocalSchedule(ctx) } diff --git a/daemon/daemonapi/get_node_ssh_hostkeys.go b/daemon/daemonapi/get_node_ssh_hostkeys.go index 7d9cdc530..39f087034 100644 --- a/daemon/daemonapi/get_node_ssh_hostkeys.go +++ b/daemon/daemonapi/get_node_ssh_hostkeys.go @@ -13,6 +13,9 @@ import ( ) func (a *DaemonAPI) GetNodeSSHHostkeys(ctx echo.Context, nodename string) error { + if _, err := assertRoot(ctx); err != nil { + return err + } if a.localhost == nodename { return a.getLocalSSHHostkeys(ctx) } diff --git a/daemon/daemonapi/get_node_ssh_key.go b/daemon/daemonapi/get_node_ssh_key.go index d8b032aed..610680521 100644 --- a/daemon/daemonapi/get_node_ssh_key.go +++ b/daemon/daemonapi/get_node_ssh_key.go @@ -17,6 +17,9 @@ import ( ) func (a *DaemonAPI) GetNodeSSHKey(ctx echo.Context, nodename string) error { + if _, err := assertRoot(ctx); err != nil { + return err + } if a.localhost == nodename { return a.getLocalSSHKey(ctx) } diff --git a/daemon/daemonapi/get_node_system_disk.go b/daemon/daemonapi/get_node_system_disk.go index b19c6c2bf..f47a5f0aa 100644 --- a/daemon/daemonapi/get_node_system_disk.go +++ b/daemon/daemonapi/get_node_system_disk.go @@ -13,6 +13,9 @@ import ( ) func (a *DaemonAPI) GetNodeSystemDisk(ctx echo.Context, nodename api.InPathNodeName) error { + if _, err := assertRoot(ctx); err != nil { + return err + } if a.localhost == nodename { return a.getLocalNodeSystemDisk(ctx) } diff --git a/daemon/daemonapi/get_node_system_group.go b/daemon/daemonapi/get_node_system_group.go index 77e0f6fca..6a982f6b3 100644 --- a/daemon/daemonapi/get_node_system_group.go +++ b/daemon/daemonapi/get_node_system_group.go @@ -13,6 +13,9 @@ import ( ) func (a *DaemonAPI) GetNodeSystemGroup(ctx echo.Context, nodename api.InPathNodeName) error { + if _, err := assertRoot(ctx); err != nil { + return err + } if a.localhost == nodename { return a.getLocalNodeSystemGroup(ctx) } diff --git a/daemon/daemonapi/get_node_system_hardware.go b/daemon/daemonapi/get_node_system_hardware.go index c1b1adc40..4a878eaac 100644 --- a/daemon/daemonapi/get_node_system_hardware.go +++ b/daemon/daemonapi/get_node_system_hardware.go @@ -13,6 +13,9 @@ import ( ) func (a *DaemonAPI) GetNodeSystemHardware(ctx echo.Context, nodename api.InPathNodeName) error { + if _, err := assertRoot(ctx); err != nil { + return err + } if a.localhost == nodename { return a.getLocalNodeSystemHardware(ctx) } diff --git a/daemon/daemonapi/get_node_system_ipaddress.go b/daemon/daemonapi/get_node_system_ipaddress.go index 5b0311756..019db01cf 100644 --- a/daemon/daemonapi/get_node_system_ipaddress.go +++ b/daemon/daemonapi/get_node_system_ipaddress.go @@ -13,6 +13,9 @@ import ( ) func (a *DaemonAPI) GetNodeSystemIPAddress(ctx echo.Context, nodename api.InPathNodeName) error { + if _, err := assertRoot(ctx); err != nil { + return err + } if a.localhost == nodename { return a.getLocalNodeSystemIPAddress(ctx) } diff --git a/daemon/daemonapi/get_node_system_package.go b/daemon/daemonapi/get_node_system_package.go index 07ebed8ce..4488f1080 100644 --- a/daemon/daemonapi/get_node_system_package.go +++ b/daemon/daemonapi/get_node_system_package.go @@ -13,6 +13,9 @@ import ( ) func (a *DaemonAPI) GetNodeSystemPackage(ctx echo.Context, nodename api.InPathNodeName) error { + if _, err := assertRoot(ctx); err != nil { + return err + } if a.localhost == nodename { return a.getLocalNodeSystemPackage(ctx) } diff --git a/daemon/daemonapi/get_node_system_patch.go b/daemon/daemonapi/get_node_system_patch.go index 58a882378..136c1b0be 100644 --- a/daemon/daemonapi/get_node_system_patch.go +++ b/daemon/daemonapi/get_node_system_patch.go @@ -13,6 +13,9 @@ import ( ) func (a *DaemonAPI) GetNodeSystemPatch(ctx echo.Context, nodename api.InPathNodeName) error { + if _, err := assertRoot(ctx); err != nil { + return err + } if a.localhost == nodename { return a.getLocalNodeSystemPatch(ctx) } diff --git a/daemon/daemonapi/get_node_system_property.go b/daemon/daemonapi/get_node_system_property.go index bb24c3dd6..5f36e5d94 100644 --- a/daemon/daemonapi/get_node_system_property.go +++ b/daemon/daemonapi/get_node_system_property.go @@ -13,6 +13,9 @@ import ( ) func (a *DaemonAPI) GetNodeSystemProperty(ctx echo.Context, nodename api.InPathNodeName) error { + if _, err := assertRoot(ctx); err != nil { + return err + } if a.localhost == nodename { return a.getLocalNodeSystemProperty(ctx) } diff --git a/daemon/daemonapi/get_node_system_san_initiator.go b/daemon/daemonapi/get_node_system_san_initiator.go index 35ae5f309..0be97f133 100644 --- a/daemon/daemonapi/get_node_system_san_initiator.go +++ b/daemon/daemonapi/get_node_system_san_initiator.go @@ -13,6 +13,9 @@ import ( ) func (a *DaemonAPI) GetNodeSystemSANInitiator(ctx echo.Context, nodename api.InPathNodeName) error { + if _, err := assertRoot(ctx); err != nil { + return err + } if a.localhost == nodename { return a.getLocalNodeSystemSANInitiator(ctx) } diff --git a/daemon/daemonapi/get_node_system_san_path.go b/daemon/daemonapi/get_node_system_san_path.go index 3aa433b51..7f23a876f 100644 --- a/daemon/daemonapi/get_node_system_san_path.go +++ b/daemon/daemonapi/get_node_system_san_path.go @@ -13,6 +13,9 @@ import ( ) func (a *DaemonAPI) GetNodeSystemSANPath(ctx echo.Context, nodename api.InPathNodeName) error { + if _, err := assertRoot(ctx); err != nil { + return err + } if a.localhost == nodename { return a.getLocalNodeSystemSANPath(ctx) } diff --git a/daemon/daemonapi/get_node_system_user.go b/daemon/daemonapi/get_node_system_user.go index 0a2e6415c..75826a65e 100644 --- a/daemon/daemonapi/get_node_system_user.go +++ b/daemon/daemonapi/get_node_system_user.go @@ -13,6 +13,9 @@ import ( ) func (a *DaemonAPI) GetNodeSystemUser(ctx echo.Context, nodename api.InPathNodeName) error { + if _, err := assertRoot(ctx); err != nil { + return err + } if a.localhost == nodename { return a.getLocalNodeSystemUser(ctx) } diff --git a/daemon/daemonapi/get_nodes_info.go b/daemon/daemonapi/get_nodes_info.go index 1e436d5da..b110c487b 100644 --- a/daemon/daemonapi/get_nodes_info.go +++ b/daemon/daemonapi/get_nodes_info.go @@ -8,6 +8,9 @@ import ( ) func (a *DaemonAPI) GetNodesInfo(ctx echo.Context) error { + if _, err := assertRoot(ctx); err != nil { + return err + } log := LogHandler(ctx, "GetNodesInfo") log.Debugf("starting") // TODO returned value should be cached diff --git a/daemon/daemonapi/get_object.go b/daemon/daemonapi/get_object.go index fa3e1c353..78e3dec05 100644 --- a/daemon/daemonapi/get_object.go +++ b/daemon/daemonapi/get_object.go @@ -9,7 +9,6 @@ import ( "github.com/opensvc/om3/core/naming" "github.com/opensvc/om3/core/object" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) GetObjects(ctx echo.Context, params api.GetObjectsParams) error { @@ -51,7 +50,7 @@ func (a *DaemonAPI) getObjects(ctx echo.Context, pathSelector *string) (api.Obje } l := make(api.ObjectItems, 0) for _, p := range meta.Paths() { - if !grantsFromContext(ctx).HasGrant(rbac.NewGrant(rbac.RoleGuest, p.Namespace), rbac.NewGrant(rbac.RoleAdmin, p.Namespace), rbac.GrantRoot) { + if _, err := assertGuest(ctx, p.Namespace); err != nil { continue } ostat := object.StatusData.GetByPath(p) diff --git a/daemon/daemonapi/get_object_config.go b/daemon/daemonapi/get_object_config.go index 8d90c7b40..7674ed407 100644 --- a/daemon/daemonapi/get_object_config.go +++ b/daemon/daemonapi/get_object_config.go @@ -16,6 +16,9 @@ import ( ) func (a *DaemonAPI) GetObjectConfig(ctx echo.Context, namespace string, kind naming.Kind, name string, params api.GetObjectConfigParams) error { + if _, err := assertGuest(ctx, namespace); err != nil { + return err + } var ( evaluate bool impersonate string diff --git a/daemon/daemonapi/get_object_config_file.go b/daemon/daemonapi/get_object_config_file.go index 89ee785df..582c69189 100644 --- a/daemon/daemonapi/get_object_config_file.go +++ b/daemon/daemonapi/get_object_config_file.go @@ -14,6 +14,10 @@ import ( ) func (a *DaemonAPI) GetObjectConfigFile(ctx echo.Context, namespace string, kind naming.Kind, name string) error { + if _, err := assertGuest(ctx, namespace); err != nil { + return err + } + logName := "GetObjectConfigFile" log := LogHandler(ctx, logName) log.Debugf("%s: starting", logName) diff --git a/daemon/daemonapi/get_object_config_get.go b/daemon/daemonapi/get_object_config_get.go index a92cd2487..f23ba6c89 100644 --- a/daemon/daemonapi/get_object_config_get.go +++ b/daemon/daemonapi/get_object_config_get.go @@ -9,17 +9,14 @@ import ( "github.com/opensvc/om3/core/naming" "github.com/opensvc/om3/core/object" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" "github.com/opensvc/om3/util/key" ) func (a *DaemonAPI) GetObjectConfigGet(ctx echo.Context, namespace string, kind naming.Kind, name string, params api.GetObjectConfigGetParams) error { - log := LogHandler(ctx, "GetObjectConfigGet") - - if v, err := assertGrant(ctx, rbac.NewGrant(rbac.RoleGuest, namespace), rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot); !v { + if _, err := assertGuest(ctx, namespace); err != nil { return err } - + log := LogHandler(ctx, "GetObjectConfigGet") r := api.KeywordList{ Kind: "KeywordList", Items: make(api.KeywordItems, 0), diff --git a/daemon/daemonapi/get_object_kvstore.go b/daemon/daemonapi/get_object_kvstore.go index 54e9b142c..c6e6cefa8 100644 --- a/daemon/daemonapi/get_object_kvstore.go +++ b/daemon/daemonapi/get_object_kvstore.go @@ -10,14 +10,19 @@ import ( "github.com/opensvc/om3/core/naming" "github.com/opensvc/om3/core/object" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) GetObjectKVStore(ctx echo.Context, namespace string, kind naming.Kind, name string, params api.GetObjectKVStoreParams) error { log := LogHandler(ctx, "GetObjectKVStore") - if v, err := assertGrant(ctx, rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot); !v { - return err + if kind == naming.KindSec { + if _, err := assertAdmin(ctx, namespace); err != nil { + return err + } + } else { + if _, err := assertGuest(ctx, namespace); err != nil { + return err + } } result := make(api.KVStoreEntries, 0) diff --git a/daemon/daemonapi/get_object_kvstore_entry.go b/daemon/daemonapi/get_object_kvstore_entry.go index b7f9bd6c2..edb6237a2 100644 --- a/daemon/daemonapi/get_object_kvstore_entry.go +++ b/daemon/daemonapi/get_object_kvstore_entry.go @@ -11,14 +11,19 @@ import ( "github.com/opensvc/om3/core/naming" "github.com/opensvc/om3/core/object" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) GetObjectKVStoreEntry(ctx echo.Context, namespace string, kind naming.Kind, name string, params api.GetObjectKVStoreEntryParams) error { log := LogHandler(ctx, "GetObjectKVStoreEntry") - if v, err := assertGrant(ctx, rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot); !v { - return err + if kind == naming.KindSec { + if _, err := assertAdmin(ctx, namespace); err != nil { + return err + } + } else { + if _, err := assertGuest(ctx, namespace); err != nil { + return err + } } p, err := naming.NewPath(namespace, kind, name) diff --git a/daemon/daemonapi/get_object_kvstore_keys.go b/daemon/daemonapi/get_object_kvstore_keys.go index b4be95b15..87ab108ef 100644 --- a/daemon/daemonapi/get_object_kvstore_keys.go +++ b/daemon/daemonapi/get_object_kvstore_keys.go @@ -10,14 +10,13 @@ import ( "github.com/opensvc/om3/core/naming" "github.com/opensvc/om3/core/object" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" "github.com/opensvc/om3/util/key" ) func (a *DaemonAPI) GetObjectKVStoreKeys(ctx echo.Context, namespace string, kind naming.Kind, name string) error { log := LogHandler(ctx, "GetObjectKVStore") - if v, err := assertGrant(ctx, rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot); !v { + if _, err := assertGuest(ctx, namespace); err != nil { return err } diff --git a/daemon/daemonapi/get_object_resource_info.go b/daemon/daemonapi/get_object_resource_info.go index 2f107416e..f4bf15863 100644 --- a/daemon/daemonapi/get_object_resource_info.go +++ b/daemon/daemonapi/get_object_resource_info.go @@ -13,6 +13,9 @@ import ( ) func (a *DaemonAPI) GetObjectResourceInfo(ctx echo.Context, namespace string, kind naming.Kind, name string) error { + if _, err := assertGuest(ctx, namespace); err != nil { + return err + } path, err := naming.NewPath(namespace, kind, name) if err != nil { return JSONProblemf(ctx, http.StatusInternalServerError, "New path", "%s", err) diff --git a/daemon/daemonapi/get_object_schedule.go b/daemon/daemonapi/get_object_schedule.go index b6a1332b7..bcae3ab60 100644 --- a/daemon/daemonapi/get_object_schedule.go +++ b/daemon/daemonapi/get_object_schedule.go @@ -13,6 +13,9 @@ import ( ) func (a *DaemonAPI) GetObjectSchedule(ctx echo.Context, namespace string, kind naming.Kind, name string) error { + if _, err := assertGuest(ctx, namespace); err != nil { + return err + } path, err := naming.NewPath(namespace, kind, name) if err != nil { return JSONProblemf(ctx, http.StatusInternalServerError, "New path", "%s", err) diff --git a/daemon/daemonapi/get_object_selector.go b/daemon/daemonapi/get_object_selector.go index 8b7e7f28f..2bd06fed2 100644 --- a/daemon/daemonapi/get_object_selector.go +++ b/daemon/daemonapi/get_object_selector.go @@ -25,8 +25,11 @@ func (a *DaemonAPI) GetObjectPaths(ctx echo.Context, params api.GetObjectPathsPa return JSONProblem(ctx, http.StatusInternalServerError, "Server error", "expand selection") } result := api.ObjectPaths{} - for _, v := range matchedPaths { - result = append(result, v.String()) + for _, path := range matchedPaths { + if _, err := assertGuest(ctx, path.Namespace); err != nil { + continue + } + result = append(result, path.String()) } return ctx.JSON(http.StatusOK, result) } diff --git a/daemon/daemonapi/get_pool.go b/daemon/daemonapi/get_pool.go index bb600a74d..1686c3196 100644 --- a/daemon/daemonapi/get_pool.go +++ b/daemon/daemonapi/get_pool.go @@ -10,6 +10,9 @@ import ( ) func (a *DaemonAPI) GetPools(ctx echo.Context, params api.GetPoolsParams) error { + if _, err := assertRoot(ctx); err != nil { + return err + } var items api.PoolItems for _, e := range pool.StatusData.GetAll() { if params.Name != nil && *params.Name != e.Name { diff --git a/daemon/daemonapi/get_pool_volume.go b/daemon/daemonapi/get_pool_volume.go index 7c763b7d9..047a28545 100644 --- a/daemon/daemonapi/get_pool_volume.go +++ b/daemon/daemonapi/get_pool_volume.go @@ -12,6 +12,9 @@ import ( ) func (a *DaemonAPI) GetPoolVolumes(ctx echo.Context, params api.GetPoolVolumesParams) error { + if _, err := assertRoot(ctx); err != nil { + return err + } l := getPoolVolumes(params.Name) return ctx.JSON(http.StatusOK, api.PoolVolumeList{Kind: "PoolVolumeList", Items: l}) } diff --git a/daemon/daemonapi/get_resource.go b/daemon/daemonapi/get_resource.go index 7c25ac7ad..ce0ecb52c 100644 --- a/daemon/daemonapi/get_resource.go +++ b/daemon/daemonapi/get_resource.go @@ -26,6 +26,9 @@ func (a *DaemonAPI) GetResources(ctx echo.Context, params api.GetResourcesParams configs := instance.ConfigData.GetAll() items := make(api.ResourceItems, 0) for _, config := range configs { + if _, err := assertGuest(ctx, config.Path.Namespace); err != nil { + continue + } if !meta.HasPath(config.Path.String()) { continue } diff --git a/daemon/daemonapi/lib_handlers.go b/daemon/daemonapi/lib_handlers.go index f80c665a5..f58f241d8 100644 --- a/daemon/daemonapi/lib_handlers.go +++ b/daemon/daemonapi/lib_handlers.go @@ -40,7 +40,7 @@ type ( var ( contextApiSubQS = contextKey("api-sub-queue-size") - labelAPI = pubsub.Label{"origin", "api"} + labelOriginAPI = pubsub.Label{"origin", "api"} ) func New(ctx context.Context) *DaemonAPI { diff --git a/daemon/daemonapi/lib_instance_action.go b/daemon/daemonapi/lib_instance_action.go index 61692c738..fa9ced06f 100644 --- a/daemon/daemonapi/lib_instance_action.go +++ b/daemon/daemonapi/lib_instance_action.go @@ -34,12 +34,12 @@ func (a *DaemonAPI) apiExec(ctx echo.Context, p naming.Path, requesterSid uuid.U ), ) labels := []pubsub.Label{ - labelAPI, + labelOriginAPI, {"sid", sid.String()}, {"requester_sid", requesterSid.String()}, } if !p.IsZero() { - labels = append(labels, pubsub.Label{"path", p.String()}) + labels = append(labels, pubsub.Label{"namespace", p.Namespace}, pubsub.Label{"path", p.String()}) } log.Infof("-> exec %s", cmd) msg := msgbus.Exec{Command: cmd.String(), Node: hostname.Hostname(), Origin: "api"} diff --git a/daemon/daemonapi/lib_object_action.go b/daemon/daemonapi/lib_object_action.go index b7d9645d5..b871bdcd6 100644 --- a/daemon/daemonapi/lib_object_action.go +++ b/daemon/daemonapi/lib_object_action.go @@ -32,7 +32,7 @@ func (a *DaemonAPI) postObjectAction(eCtx echo.Context, namespace string, kind n } msg, setImonErr := msgbus.NewSetInstanceMonitorWithErr(ctx, p, a.localhost, value) - a.EventBus.Pub(msg, pubsub.Label{"path", p.String()}, labelAPI) + a.EventBus.Pub(msg, pubsub.Label{"namespace", p.Namespace}, pubsub.Label{"path", p.String()}, labelOriginAPI) return JSONFromSetInstanceMonitorError(eCtx, &value, setImonErr.Receive()) } diff --git a/daemon/daemonapi/lib_pubsub.go b/daemon/daemonapi/lib_pubsub.go index ff6dcd9f6..f635ce8d0 100644 --- a/daemon/daemonapi/lib_pubsub.go +++ b/daemon/daemonapi/lib_pubsub.go @@ -10,15 +10,15 @@ import ( ) func (a *DaemonAPI) announceSub(name string) { - a.EventBus.Pub(&msgbus.ClientSubscribed{Time: time.Now(), Name: name}, a.LabelLocalhost, labelAPI) + a.EventBus.Pub(&msgbus.ClientSubscribed{Time: time.Now(), Name: name}, a.LabelLocalhost, labelOriginAPI) } func (a *DaemonAPI) announceUnsub(name string) { - a.EventBus.Pub(&msgbus.ClientUnsubscribed{Time: time.Now(), Name: name}, a.LabelLocalhost, labelAPI) + a.EventBus.Pub(&msgbus.ClientUnsubscribed{Time: time.Now(), Name: name}, a.LabelLocalhost, labelOriginAPI) } func (a *DaemonAPI) announceNodeState(log *plog.Logger, state node.MonitorState) { log.Infof("announce node state %s", state) - a.EventBus.Pub(&msgbus.SetNodeMonitor{Node: a.localhost, Value: node.MonitorUpdate{State: &state}}, labelAPI) + a.EventBus.Pub(&msgbus.SetNodeMonitor{Node: a.localhost, Value: node.MonitorUpdate{State: &state}}, labelOriginAPI) time.Sleep(2 * daemondata.PropagationInterval()) } diff --git a/daemon/daemonapi/lib_rbac.go b/daemon/daemonapi/lib_rbac.go index d92f18691..e7ecb89ea 100644 --- a/daemon/daemonapi/lib_rbac.go +++ b/daemon/daemonapi/lib_rbac.go @@ -10,6 +10,26 @@ import ( "github.com/opensvc/om3/daemon/rbac" ) +// assertGuest asserts that the authenticated user has is either granted the "guest", "operator" or "admin" role on the namespace or is granted the "root" role. +func assertGuest(ctx echo.Context, namespace string) (bool, error) { + return assertGrant(ctx, rbac.NewGrant(rbac.RoleGuest, namespace), rbac.NewGrant(rbac.RoleOperator, namespace), rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot) +} + +// assertOperator asserts that the authenticated user has is either granted the "operator" or "admin" role on the namespace or is granted the "root" role. +func assertOperator(ctx echo.Context, namespace string) (bool, error) { + return assertGrant(ctx, rbac.NewGrant(rbac.RoleOperator, namespace), rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot) +} + +// assertAdmin asserts that the authenticated user has is either granted the "admin" role on the namespace or is granted the "root" role. +func assertAdmin(ctx echo.Context, namespace string) (bool, error) { + return assertGrant(ctx, rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot) +} + +// assertRoot asserts that the authenticated user has is granted the "root" role. +func assertRoot(ctx echo.Context) (bool, error) { + return assertGrant(ctx, rbac.GrantRoot) +} + func assertStrategy(ctx echo.Context, expected string) (bool, error) { if strategy := strategyFromContext(ctx); strategy != expected { return false, JSONForbiddenStrategy(ctx, strategy, expected) diff --git a/daemon/daemonapi/patch_object_kvstore.go b/daemon/daemonapi/patch_object_kvstore.go index feeaba2af..4b3cb5d7a 100644 --- a/daemon/daemonapi/patch_object_kvstore.go +++ b/daemon/daemonapi/patch_object_kvstore.go @@ -10,13 +10,12 @@ import ( "github.com/opensvc/om3/core/naming" "github.com/opensvc/om3/core/object" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PatchObjectKVStore(ctx echo.Context, namespace string, kind naming.Kind, name string) error { log := LogHandler(ctx, "PatchObjectKVStore") - if v, err := assertGrant(ctx, rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot); !v { + if _, err := assertAdmin(ctx, namespace); err != nil { return err } diff --git a/daemon/daemonapi/post_cluster_action.go b/daemon/daemonapi/post_cluster_action.go index a40d1b0f3..312269f92 100644 --- a/daemon/daemonapi/post_cluster_action.go +++ b/daemon/daemonapi/post_cluster_action.go @@ -25,6 +25,10 @@ func (a *DaemonAPI) PostClusterActionUnfreeze(ctx echo.Context) error { } func (a *DaemonAPI) PostClusterAction(eCtx echo.Context, globalExpect node.MonitorGlobalExpect) error { + if _, err := assertRoot(eCtx); err != nil { + return err + } + if mon := node.MonitorData.GetByNode(a.localhost); mon == nil { return JSONProblemf(eCtx, http.StatusNotFound, "Not found", "node monitor not found: %s", a.localhost) } @@ -38,6 +42,6 @@ func (a *DaemonAPI) PostClusterAction(eCtx echo.Context, globalExpect node.Monit } msg, err := msgbus.NewSetNodeMonitorWithErr(ctx, a.localhost, value) - a.EventBus.Pub(msg, a.LabelLocalhost, labelAPI) + a.EventBus.Pub(msg, a.LabelLocalhost, labelOriginAPI) return JSONFromSetNodeMonitorError(eCtx, &value, err.Receive()) } diff --git a/daemon/daemonapi/post_daemon_join.go b/daemon/daemonapi/post_daemon_join.go index 20143a6b9..3c0578743 100644 --- a/daemon/daemonapi/post_daemon_join.go +++ b/daemon/daemonapi/post_daemon_join.go @@ -24,6 +24,6 @@ func (a *DaemonAPI) PostDaemonJoin(ctx echo.Context, params api.PostDaemonJoinPa return JSONProblem(ctx, http.StatusBadRequest, "Invalid parameters", "Missing node param") } log.Infof("publish join request for node %s", node) - a.EventBus.Pub(&msgbus.JoinRequest{Node: node}, a.LabelLocalhost, labelAPI) + a.EventBus.Pub(&msgbus.JoinRequest{Node: node}, a.LabelLocalhost, labelOriginAPI) return ctx.JSON(http.StatusOK, nil) } diff --git a/daemon/daemonapi/post_daemon_leave.go b/daemon/daemonapi/post_daemon_leave.go index 7ceba9b9c..60c55ecbe 100644 --- a/daemon/daemonapi/post_daemon_leave.go +++ b/daemon/daemonapi/post_daemon_leave.go @@ -26,6 +26,6 @@ func (a *DaemonAPI) PostDaemonLeave(ctx echo.Context, params api.PostDaemonLeave return JSONProblem(ctx, http.StatusBadRequest, "Invalid parameters", "Missing node param") } log.Infof("publish leave request for node %s", node) - a.EventBus.Pub(&msgbus.LeaveRequest{Node: node}, a.LabelLocalhost, labelAPI) + a.EventBus.Pub(&msgbus.LeaveRequest{Node: node}, a.LabelLocalhost, labelOriginAPI) return ctx.JSON(http.StatusOK, nil) } diff --git a/daemon/daemonapi/post_daemon_logs_control.go b/daemon/daemonapi/post_daemon_logs_control.go index cc3a235d0..f619462de 100644 --- a/daemon/daemonapi/post_daemon_logs_control.go +++ b/daemon/daemonapi/post_daemon_logs_control.go @@ -10,6 +10,10 @@ import ( ) func (a *DaemonAPI) PostDaemonLogsControl(ctx echo.Context) error { + if _, err := assertRoot(ctx); err != nil { + return err + } + var ( payload api.PostDaemonLogsControl ) diff --git a/daemon/daemonapi/post_daemon_restart.go b/daemon/daemonapi/post_daemon_restart.go index 29a3ec513..7e987a71f 100644 --- a/daemon/daemonapi/post_daemon_restart.go +++ b/daemon/daemonapi/post_daemon_restart.go @@ -11,6 +11,10 @@ import ( ) func (a *DaemonAPI) PostDaemonRestart(ctx echo.Context, nodename string) error { + if _, err := assertRoot(ctx); err != nil { + return err + } + if nodename == a.localhost { return a.localPostDaemonRestart(ctx) } else if !clusternode.Has(nodename) { diff --git a/daemon/daemonapi/post_daemon_shutdown.go b/daemon/daemonapi/post_daemon_shutdown.go index 8ea25584f..eeeac1ef0 100644 --- a/daemon/daemonapi/post_daemon_shutdown.go +++ b/daemon/daemonapi/post_daemon_shutdown.go @@ -20,6 +20,10 @@ import ( ) func (a *DaemonAPI) PostDaemonShutdown(ctx echo.Context, nodename string, params api.PostDaemonShutdownParams) error { + if _, err := assertRoot(ctx); err != nil { + return err + } + if nodename == a.localhost { return a.localPostDaemonShutdown(ctx, params) } else if !clusternode.Has(nodename) { @@ -125,7 +129,7 @@ func (a *DaemonAPI) localPostDaemonShutdown(eCtx echo.Context, params api.PostDa value := instance.MonitorUpdate{CandidateOrchestrationID: orchestrationID, State: &idleState} msg, setImonErr := msgbus.NewSetInstanceMonitorWithErr(ctx, p, a.localhost, value) - a.EventBus.Pub(msg, pubsub.Label{"path", p.String()}, labelAPI) + a.EventBus.Pub(msg, pubsub.Label{"namespace", p.Namespace}, pubsub.Label{"path", p.String()}, labelOriginAPI) if err := setImonErr.Receive(); err != nil { log.Warnf("can't revert %s state %s to idle: %s", p, currentState, err) @@ -156,7 +160,7 @@ func (a *DaemonAPI) localPostDaemonShutdown(eCtx echo.Context, params api.PostDa } msg, setImonErr := msgbus.NewSetInstanceMonitorWithErr(ctx, p, a.localhost, value) - a.EventBus.Pub(msg, pubsub.Label{"path", p.String()}, labelAPI) + a.EventBus.Pub(msg, pubsub.Label{"namespace", p.Namespace}, pubsub.Label{"path", p.String()}, labelOriginAPI) err := setImonErr.Receive() cancel() @@ -183,7 +187,7 @@ func (a *DaemonAPI) localPostDaemonShutdown(eCtx echo.Context, params api.PostDa a.announceNodeState(log, node.MonitorStateShutdownSuccess) log.Infof("ask daemon do stop") a.EventBus.Pub(&msgbus.DaemonCtl{Component: "daemon", Action: "stop"}, - pubsub.Label{"id", "daemon"}, a.LabelLocalhost, labelAPI) + pubsub.Label{"id", "daemon"}, a.LabelLocalhost, labelOriginAPI) log.Infof("succeed") return JSONProblem(eCtx, http.StatusOK, "all objects are now shutdown, daemon will stop", "") } diff --git a/daemon/daemonapi/post_daemon_stop.go b/daemon/daemonapi/post_daemon_stop.go index 5987c5210..cb257246e 100644 --- a/daemon/daemonapi/post_daemon_stop.go +++ b/daemon/daemonapi/post_daemon_stop.go @@ -14,6 +14,10 @@ import ( ) func (a *DaemonAPI) PostDaemonStop(ctx echo.Context, nodename string) error { + if _, err := assertRoot(ctx); err != nil { + return err + } + if nodename == a.localhost { return a.localPostDaemonStop(ctx) } else if !clusternode.Has(nodename) { @@ -40,6 +44,6 @@ func (a *DaemonAPI) localPostDaemonStop(ctx echo.Context) error { a.announceNodeState(log, node.MonitorStateMaintenance) a.EventBus.Pub(&msgbus.DaemonCtl{Component: "daemon", Action: "stop"}, - pubsub.Label{"id", "daemon"}, a.LabelLocalhost, labelAPI) + pubsub.Label{"id", "daemon"}, a.LabelLocalhost, labelOriginAPI) return ctx.JSON(http.StatusOK, api.DaemonPid{Pid: os.Getpid()}) } diff --git a/daemon/daemonapi/post_daemon_sub_action.go b/daemon/daemonapi/post_daemon_sub_action.go index 369875dd9..899a8d531 100644 --- a/daemon/daemonapi/post_daemon_sub_action.go +++ b/daemon/daemonapi/post_daemon_sub_action.go @@ -11,6 +11,10 @@ import ( ) func (a *DaemonAPI) PostDaemonSubAction(ctx echo.Context) error { + if _, err := assertRoot(ctx); err != nil { + return err + } + log := LogHandler(ctx, "PostDaemonSubAction") log.Debugf("starting") @@ -38,7 +42,7 @@ func (a *DaemonAPI) PostDaemonSubAction(ctx echo.Context) error { log.Infof("asking to %s sub components: %s", action, subs) for _, sub := range payload.Subs { log.Infof("ask to %s sub component: %s", action, sub) - a.EventBus.Pub(&msgbus.DaemonCtl{Component: sub, Action: action}, pubsub.Label{"id", sub}, labelAPI) + a.EventBus.Pub(&msgbus.DaemonCtl{Component: sub, Action: action}, pubsub.Label{"id", sub}, labelOriginAPI) } return JSONProblemf(ctx, http.StatusOK, "daemon routines action queued", "%s %s", action, subs) } diff --git a/daemon/daemonapi/post_instance_action_boot.go b/daemon/daemonapi/post_instance_action_boot.go index 30bb93c4b..d81d9b2b0 100644 --- a/daemon/daemonapi/post_instance_action_boot.go +++ b/daemon/daemonapi/post_instance_action_boot.go @@ -9,10 +9,12 @@ import ( "github.com/opensvc/om3/core/client" "github.com/opensvc/om3/core/naming" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PostInstanceActionBoot(ctx echo.Context, nodename, namespace string, kind naming.Kind, name string, params api.PostInstanceActionBootParams) error { + if _, err := assertAdmin(ctx, namespace); err != nil { + return err + } if a.localhost == nodename { return a.postLocalInstanceActionBoot(ctx, namespace, kind, name, params) } @@ -22,10 +24,6 @@ func (a *DaemonAPI) PostInstanceActionBoot(ctx echo.Context, nodename, namespace } func (a *DaemonAPI) postLocalInstanceActionBoot(ctx echo.Context, namespace string, kind naming.Kind, name string, params api.PostInstanceActionBootParams) error { - if v, err := assertGrant(ctx, rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot); !v { - return err - } - log := LogHandler(ctx, "PostInstanceActionBoot") var requesterSid uuid.UUID p, err := naming.NewPath(namespace, kind, name) diff --git a/daemon/daemonapi/post_instance_action_delete.go b/daemon/daemonapi/post_instance_action_delete.go index 3a33d4095..2cacef012 100644 --- a/daemon/daemonapi/post_instance_action_delete.go +++ b/daemon/daemonapi/post_instance_action_delete.go @@ -9,10 +9,12 @@ import ( "github.com/opensvc/om3/core/client" "github.com/opensvc/om3/core/naming" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PostInstanceActionDelete(ctx echo.Context, nodename, namespace string, kind naming.Kind, name string, params api.PostInstanceActionDeleteParams) error { + if _, err := assertAdmin(ctx, namespace); err != nil { + return err + } if a.localhost == nodename { return a.postLocalInstanceActionDelete(ctx, namespace, kind, name, params) } @@ -22,9 +24,6 @@ func (a *DaemonAPI) PostInstanceActionDelete(ctx echo.Context, nodename, namespa } func (a *DaemonAPI) postLocalInstanceActionDelete(ctx echo.Context, namespace string, kind naming.Kind, name string, params api.PostInstanceActionDeleteParams) error { - if v, err := assertGrant(ctx, rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot); !v { - return err - } log := LogHandler(ctx, "PostInstanceActionDelete") var requesterSid uuid.UUID p, err := naming.NewPath(namespace, kind, name) diff --git a/daemon/daemonapi/post_instance_action_freeze.go b/daemon/daemonapi/post_instance_action_freeze.go index 78781e85d..aaa97bb2e 100644 --- a/daemon/daemonapi/post_instance_action_freeze.go +++ b/daemon/daemonapi/post_instance_action_freeze.go @@ -9,10 +9,12 @@ import ( "github.com/opensvc/om3/core/client" "github.com/opensvc/om3/core/naming" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PostInstanceActionFreeze(ctx echo.Context, nodename, namespace string, kind naming.Kind, name string, params api.PostInstanceActionFreezeParams) error { + if _, err := assertOperator(ctx, namespace); err != nil { + return err + } if a.localhost == nodename { return a.postLocalInstanceActionFreeze(ctx, namespace, kind, name, params) } @@ -22,9 +24,6 @@ func (a *DaemonAPI) PostInstanceActionFreeze(ctx echo.Context, nodename, namespa } func (a *DaemonAPI) postLocalInstanceActionFreeze(ctx echo.Context, namespace string, kind naming.Kind, name string, params api.PostInstanceActionFreezeParams) error { - if v, err := assertGrant(ctx, rbac.NewGrant(rbac.RoleOperator, namespace), rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot); !v { - return err - } log := LogHandler(ctx, "PostInstanceActionFreeze") var requesterSid uuid.UUID p, err := naming.NewPath(namespace, kind, name) diff --git a/daemon/daemonapi/post_instance_action_provision.go b/daemon/daemonapi/post_instance_action_provision.go index 5429f589c..f5e27c95d 100644 --- a/daemon/daemonapi/post_instance_action_provision.go +++ b/daemon/daemonapi/post_instance_action_provision.go @@ -9,10 +9,12 @@ import ( "github.com/opensvc/om3/core/client" "github.com/opensvc/om3/core/naming" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PostInstanceActionProvision(ctx echo.Context, nodename, namespace string, kind naming.Kind, name string, params api.PostInstanceActionProvisionParams) error { + if _, err := assertAdmin(ctx, namespace); err != nil { + return err + } if a.localhost == nodename { return a.postLocalInstanceActionProvision(ctx, namespace, kind, name, params) } @@ -22,9 +24,6 @@ func (a *DaemonAPI) PostInstanceActionProvision(ctx echo.Context, nodename, name } func (a *DaemonAPI) postLocalInstanceActionProvision(ctx echo.Context, namespace string, kind naming.Kind, name string, params api.PostInstanceActionProvisionParams) error { - if v, err := assertGrant(ctx, rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot); !v { - return err - } log := LogHandler(ctx, "PostInstanceActionProvision") var requesterSid uuid.UUID p, err := naming.NewPath(namespace, kind, name) diff --git a/daemon/daemonapi/post_instance_action_prstart.go b/daemon/daemonapi/post_instance_action_prstart.go index 72c6912df..169ee0cb8 100644 --- a/daemon/daemonapi/post_instance_action_prstart.go +++ b/daemon/daemonapi/post_instance_action_prstart.go @@ -9,10 +9,12 @@ import ( "github.com/opensvc/om3/core/client" "github.com/opensvc/om3/core/naming" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PostInstanceActionPRStart(ctx echo.Context, nodename, namespace string, kind naming.Kind, name string, params api.PostInstanceActionPRStartParams) error { + if _, err := assertOperator(ctx, namespace); err != nil { + return err + } if a.localhost == nodename { return a.postLocalInstanceActionPRStart(ctx, namespace, kind, name, params) } @@ -22,10 +24,6 @@ func (a *DaemonAPI) PostInstanceActionPRStart(ctx echo.Context, nodename, namesp } func (a *DaemonAPI) postLocalInstanceActionPRStart(ctx echo.Context, namespace string, kind naming.Kind, name string, params api.PostInstanceActionPRStartParams) error { - if v, err := assertGrant(ctx, rbac.NewGrant(rbac.RoleOperator, namespace), rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot); !v { - return err - } - log := LogHandler(ctx, "PostInstanceActionPRStart") var requesterSid uuid.UUID p, err := naming.NewPath(namespace, kind, name) diff --git a/daemon/daemonapi/post_instance_action_prstop.go b/daemon/daemonapi/post_instance_action_prstop.go index 1497be951..03a04ab4d 100644 --- a/daemon/daemonapi/post_instance_action_prstop.go +++ b/daemon/daemonapi/post_instance_action_prstop.go @@ -9,10 +9,12 @@ import ( "github.com/opensvc/om3/core/client" "github.com/opensvc/om3/core/naming" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PostInstanceActionPRStop(ctx echo.Context, nodename, namespace string, kind naming.Kind, name string, params api.PostInstanceActionPRStopParams) error { + if _, err := assertOperator(ctx, namespace); err != nil { + return err + } if a.localhost == nodename { return a.postLocalInstanceActionPRStop(ctx, namespace, kind, name, params) } @@ -22,10 +24,6 @@ func (a *DaemonAPI) PostInstanceActionPRStop(ctx echo.Context, nodename, namespa } func (a *DaemonAPI) postLocalInstanceActionPRStop(ctx echo.Context, namespace string, kind naming.Kind, name string, params api.PostInstanceActionPRStopParams) error { - if v, err := assertGrant(ctx, rbac.NewGrant(rbac.RoleOperator, namespace), rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot); !v { - return err - } - log := LogHandler(ctx, "PostInstanceActionPRStop") var requesterSid uuid.UUID p, err := naming.NewPath(namespace, kind, name) diff --git a/daemon/daemonapi/post_instance_action_push_resinfo.go b/daemon/daemonapi/post_instance_action_push_resinfo.go index b2b7d945f..a900c3901 100644 --- a/daemon/daemonapi/post_instance_action_push_resinfo.go +++ b/daemon/daemonapi/post_instance_action_push_resinfo.go @@ -9,10 +9,12 @@ import ( "github.com/opensvc/om3/core/client" "github.com/opensvc/om3/core/naming" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PostInstanceActionPushResourceInfo(ctx echo.Context, nodename, namespace string, kind naming.Kind, name string, params api.PostInstanceActionPushResourceInfoParams) error { + if _, err := assertOperator(ctx, namespace); err != nil { + return err + } if a.localhost == nodename { return a.postLocalInstanceActionPushResourceInfo(ctx, namespace, kind, name, params) } @@ -22,9 +24,6 @@ func (a *DaemonAPI) PostInstanceActionPushResourceInfo(ctx echo.Context, nodenam } func (a *DaemonAPI) postLocalInstanceActionPushResourceInfo(ctx echo.Context, namespace string, kind naming.Kind, name string, params api.PostInstanceActionPushResourceInfoParams) error { - if v, err := assertGrant(ctx, rbac.NewGrant(rbac.RoleOperator, namespace), rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot); !v { - return err - } log := LogHandler(ctx, "PostInstanceActionPushResourceInfo") var requesterSid uuid.UUID p, err := naming.NewPath(namespace, kind, name) diff --git a/daemon/daemonapi/post_instance_action_restart.go b/daemon/daemonapi/post_instance_action_restart.go index 44b20c864..b4ab2e25a 100644 --- a/daemon/daemonapi/post_instance_action_restart.go +++ b/daemon/daemonapi/post_instance_action_restart.go @@ -9,10 +9,12 @@ import ( "github.com/opensvc/om3/core/client" "github.com/opensvc/om3/core/naming" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PostInstanceActionRestart(ctx echo.Context, nodename, namespace string, kind naming.Kind, name string, params api.PostInstanceActionRestartParams) error { + if _, err := assertOperator(ctx, namespace); err != nil { + return err + } if a.localhost == nodename { return a.postLocalInstanceActionRestart(ctx, namespace, kind, name, params) } @@ -22,10 +24,6 @@ func (a *DaemonAPI) PostInstanceActionRestart(ctx echo.Context, nodename, namesp } func (a *DaemonAPI) postLocalInstanceActionRestart(ctx echo.Context, namespace string, kind naming.Kind, name string, params api.PostInstanceActionRestartParams) error { - if v, err := assertGrant(ctx, rbac.NewGrant(rbac.RoleOperator, namespace), rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot); !v { - return err - } - log := LogHandler(ctx, "PostInstanceActionRestart") var requesterSid uuid.UUID p, err := naming.NewPath(namespace, kind, name) diff --git a/daemon/daemonapi/post_instance_action_run.go b/daemon/daemonapi/post_instance_action_run.go index ca7a1d5c0..20c23187d 100644 --- a/daemon/daemonapi/post_instance_action_run.go +++ b/daemon/daemonapi/post_instance_action_run.go @@ -9,10 +9,12 @@ import ( "github.com/opensvc/om3/core/client" "github.com/opensvc/om3/core/naming" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PostInstanceActionRun(ctx echo.Context, nodename, namespace string, kind naming.Kind, name string, params api.PostInstanceActionRunParams) error { + if _, err := assertOperator(ctx, namespace); err != nil { + return err + } if a.localhost == nodename { return a.postLocalInstanceActionRun(ctx, namespace, kind, name, params) } @@ -22,10 +24,6 @@ func (a *DaemonAPI) PostInstanceActionRun(ctx echo.Context, nodename, namespace } func (a *DaemonAPI) postLocalInstanceActionRun(ctx echo.Context, namespace string, kind naming.Kind, name string, params api.PostInstanceActionRunParams) error { - if v, err := assertGrant(ctx, rbac.NewGrant(rbac.RoleOperator, namespace), rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot); !v { - return err - } - log := LogHandler(ctx, "PostInstanceActionRun") var requesterSid uuid.UUID p, err := naming.NewPath(namespace, kind, name) diff --git a/daemon/daemonapi/post_instance_action_shutdown.go b/daemon/daemonapi/post_instance_action_shutdown.go index ea4f65e45..e1251e3e9 100644 --- a/daemon/daemonapi/post_instance_action_shutdown.go +++ b/daemon/daemonapi/post_instance_action_shutdown.go @@ -9,10 +9,12 @@ import ( "github.com/opensvc/om3/core/client" "github.com/opensvc/om3/core/naming" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PostInstanceActionShutdown(ctx echo.Context, nodename, namespace string, kind naming.Kind, name string, params api.PostInstanceActionShutdownParams) error { + if _, err := assertOperator(ctx, namespace); err != nil { + return err + } if a.localhost == nodename { return a.postLocalInstanceActionShutdown(ctx, namespace, kind, name, params) } @@ -22,9 +24,6 @@ func (a *DaemonAPI) PostInstanceActionShutdown(ctx echo.Context, nodename, names } func (a *DaemonAPI) postLocalInstanceActionShutdown(ctx echo.Context, namespace string, kind naming.Kind, name string, params api.PostInstanceActionShutdownParams) error { - if v, err := assertGrant(ctx, rbac.NewGrant(rbac.RoleOperator, namespace), rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot); !v { - return err - } log := LogHandler(ctx, "PostInstanceActionShutdown") var requesterSid uuid.UUID p, err := naming.NewPath(namespace, kind, name) diff --git a/daemon/daemonapi/post_instance_action_start.go b/daemon/daemonapi/post_instance_action_start.go index 18e48066a..07bd04571 100644 --- a/daemon/daemonapi/post_instance_action_start.go +++ b/daemon/daemonapi/post_instance_action_start.go @@ -9,10 +9,12 @@ import ( "github.com/opensvc/om3/core/client" "github.com/opensvc/om3/core/naming" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PostInstanceActionStart(ctx echo.Context, nodename, namespace string, kind naming.Kind, name string, params api.PostInstanceActionStartParams) error { + if _, err := assertOperator(ctx, namespace); err != nil { + return err + } if a.localhost == nodename { return a.postLocalInstanceActionStart(ctx, namespace, kind, name, params) } @@ -22,10 +24,6 @@ func (a *DaemonAPI) PostInstanceActionStart(ctx echo.Context, nodename, namespac } func (a *DaemonAPI) postLocalInstanceActionStart(ctx echo.Context, namespace string, kind naming.Kind, name string, params api.PostInstanceActionStartParams) error { - if v, err := assertGrant(ctx, rbac.NewGrant(rbac.RoleOperator, namespace), rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot); !v { - return err - } - log := LogHandler(ctx, "PostInstanceActionStart") var requesterSid uuid.UUID p, err := naming.NewPath(namespace, kind, name) diff --git a/daemon/daemonapi/post_instance_action_startstandby.go b/daemon/daemonapi/post_instance_action_startstandby.go index 5afe4b035..f54e62be9 100644 --- a/daemon/daemonapi/post_instance_action_startstandby.go +++ b/daemon/daemonapi/post_instance_action_startstandby.go @@ -9,10 +9,12 @@ import ( "github.com/opensvc/om3/core/client" "github.com/opensvc/om3/core/naming" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PostInstanceActionStartStandby(ctx echo.Context, nodename, namespace string, kind naming.Kind, name string, params api.PostInstanceActionStartStandbyParams) error { + if _, err := assertOperator(ctx, namespace); err != nil { + return err + } if a.localhost == nodename { return a.postLocalInstanceActionStartStandby(ctx, namespace, kind, name, params) } @@ -22,10 +24,6 @@ func (a *DaemonAPI) PostInstanceActionStartStandby(ctx echo.Context, nodename, n } func (a *DaemonAPI) postLocalInstanceActionStartStandby(ctx echo.Context, namespace string, kind naming.Kind, name string, params api.PostInstanceActionStartStandbyParams) error { - if v, err := assertGrant(ctx, rbac.NewGrant(rbac.RoleOperator, namespace), rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot); !v { - return err - } - log := LogHandler(ctx, "PostInstanceActionStartStandby") var requesterSid uuid.UUID p, err := naming.NewPath(namespace, kind, name) diff --git a/daemon/daemonapi/post_instance_action_status.go b/daemon/daemonapi/post_instance_action_status.go index d28997c37..e0f5f79fd 100644 --- a/daemon/daemonapi/post_instance_action_status.go +++ b/daemon/daemonapi/post_instance_action_status.go @@ -9,10 +9,12 @@ import ( "github.com/opensvc/om3/core/client" "github.com/opensvc/om3/core/naming" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PostInstanceActionStatus(ctx echo.Context, nodename, namespace string, kind naming.Kind, name string, params api.PostInstanceActionStatusParams) error { + if _, err := assertOperator(ctx, namespace); err != nil { + return err + } if a.localhost == nodename { return a.postLocalInstanceActionStatus(ctx, namespace, kind, name, params) } @@ -22,10 +24,6 @@ func (a *DaemonAPI) PostInstanceActionStatus(ctx echo.Context, nodename, namespa } func (a *DaemonAPI) postLocalInstanceActionStatus(ctx echo.Context, namespace string, kind naming.Kind, name string, params api.PostInstanceActionStatusParams) error { - if v, err := assertGrant(ctx, rbac.NewGrant(rbac.RoleOperator, namespace), rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot); !v { - return err - } - log := LogHandler(ctx, "PostInstanceActionStatus") var requesterSid uuid.UUID p, err := naming.NewPath(namespace, kind, name) diff --git a/daemon/daemonapi/post_instance_action_stop.go b/daemon/daemonapi/post_instance_action_stop.go index a64d6a915..d9510fc57 100644 --- a/daemon/daemonapi/post_instance_action_stop.go +++ b/daemon/daemonapi/post_instance_action_stop.go @@ -9,10 +9,12 @@ import ( "github.com/opensvc/om3/core/client" "github.com/opensvc/om3/core/naming" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PostInstanceActionStop(ctx echo.Context, nodename, namespace string, kind naming.Kind, name string, params api.PostInstanceActionStopParams) error { + if _, err := assertOperator(ctx, namespace); err != nil { + return err + } if a.localhost == nodename { return a.postLocalInstanceActionStop(ctx, namespace, kind, name, params) } @@ -35,9 +37,6 @@ func (a *DaemonAPI) postPeerInstanceActionStop(ctx echo.Context, nodename, names } func (a *DaemonAPI) postLocalInstanceActionStop(ctx echo.Context, namespace string, kind naming.Kind, name string, params api.PostInstanceActionStopParams) error { - if v, err := assertGrant(ctx, rbac.NewGrant(rbac.RoleOperator, namespace), rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot); !v { - return err - } log := LogHandler(ctx, "PostInstanceActionStop") var requesterSid uuid.UUID p, err := naming.NewPath(namespace, kind, name) diff --git a/daemon/daemonapi/post_instance_action_sync_ingest.go b/daemon/daemonapi/post_instance_action_sync_ingest.go index bad536b90..7331dc018 100644 --- a/daemon/daemonapi/post_instance_action_sync_ingest.go +++ b/daemon/daemonapi/post_instance_action_sync_ingest.go @@ -9,10 +9,12 @@ import ( "github.com/opensvc/om3/core/client" "github.com/opensvc/om3/core/naming" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PostInstanceActionSyncIngest(ctx echo.Context, nodename, namespace string, kind naming.Kind, name string, params api.PostInstanceActionSyncIngestParams) error { + if _, err := assertOperator(ctx, namespace); err != nil { + return err + } if a.localhost == nodename { return a.postLocalInstanceActionSyncIngest(ctx, namespace, kind, name, params) } @@ -35,9 +37,6 @@ func (a *DaemonAPI) postPeerInstanceActionSyncIngest(ctx echo.Context, nodename, } func (a *DaemonAPI) postLocalInstanceActionSyncIngest(ctx echo.Context, namespace string, kind naming.Kind, name string, params api.PostInstanceActionSyncIngestParams) error { - if v, err := assertGrant(ctx, rbac.NewGrant(rbac.RoleOperator, namespace), rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot); !v { - return err - } log := LogHandler(ctx, "PostInstanceActionSyncIngest") var requesterSid uuid.UUID p, err := naming.NewPath(namespace, kind, name) diff --git a/daemon/daemonapi/post_instance_action_unfreeze.go b/daemon/daemonapi/post_instance_action_unfreeze.go index 504982b29..6ba8f2630 100644 --- a/daemon/daemonapi/post_instance_action_unfreeze.go +++ b/daemon/daemonapi/post_instance_action_unfreeze.go @@ -9,10 +9,12 @@ import ( "github.com/opensvc/om3/core/client" "github.com/opensvc/om3/core/naming" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PostInstanceActionUnfreeze(ctx echo.Context, nodename, namespace string, kind naming.Kind, name string, params api.PostInstanceActionUnfreezeParams) error { + if _, err := assertOperator(ctx, namespace); err != nil { + return err + } if a.localhost == nodename { return a.postLocalInstanceActionUnfreeze(ctx, namespace, kind, name, params) } @@ -22,9 +24,6 @@ func (a *DaemonAPI) PostInstanceActionUnfreeze(ctx echo.Context, nodename, names } func (a *DaemonAPI) postLocalInstanceActionUnfreeze(ctx echo.Context, namespace string, kind naming.Kind, name string, params api.PostInstanceActionUnfreezeParams) error { - if v, err := assertGrant(ctx, rbac.NewGrant(rbac.RoleOperator, namespace), rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot); !v { - return err - } log := LogHandler(ctx, "PostInstanceActionUnfreeze") var requesterSid uuid.UUID p, err := naming.NewPath(namespace, kind, name) diff --git a/daemon/daemonapi/post_instance_action_unprovision.go b/daemon/daemonapi/post_instance_action_unprovision.go index 203400b73..8fad11d15 100644 --- a/daemon/daemonapi/post_instance_action_unprovision.go +++ b/daemon/daemonapi/post_instance_action_unprovision.go @@ -9,10 +9,12 @@ import ( "github.com/opensvc/om3/core/client" "github.com/opensvc/om3/core/naming" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PostInstanceActionUnprovision(ctx echo.Context, nodename, namespace string, kind naming.Kind, name string, params api.PostInstanceActionUnprovisionParams) error { + if _, err := assertAdmin(ctx, namespace); err != nil { + return err + } if a.localhost == nodename { return a.postLocalInstanceActionUnprovision(ctx, namespace, kind, name, params) } @@ -22,9 +24,6 @@ func (a *DaemonAPI) PostInstanceActionUnprovision(ctx echo.Context, nodename, na } func (a *DaemonAPI) postLocalInstanceActionUnprovision(ctx echo.Context, namespace string, kind naming.Kind, name string, params api.PostInstanceActionUnprovisionParams) error { - if v, err := assertGrant(ctx, rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot); !v { - return err - } log := LogHandler(ctx, "PostInstanceActionUnprovision") var requesterSid uuid.UUID p, err := naming.NewPath(namespace, kind, name) diff --git a/daemon/daemonapi/post_instance_clear.go b/daemon/daemonapi/post_instance_clear.go index 868107293..30a17fecb 100644 --- a/daemon/daemonapi/post_instance_clear.go +++ b/daemon/daemonapi/post_instance_clear.go @@ -13,6 +13,9 @@ import ( ) func (a *DaemonAPI) PostInstanceClear(ctx echo.Context, nodename, namespace string, kind naming.Kind, name string) error { + if _, err := assertOperator(ctx, namespace); err != nil { + return err + } if a.localhost == nodename { return a.postLocalInstanceClear(ctx, namespace, kind, name) } @@ -35,6 +38,6 @@ func (a *DaemonAPI) postLocalInstanceClear(ctx echo.Context, namespace string, k Node: a.localhost, Value: instMonitor, } - a.EventBus.Pub(&msg, pubsub.Label{"path", p.String()}, labelAPI) + a.EventBus.Pub(&msg, pubsub.Label{"namespace", p.Namespace}, pubsub.Label{"path", p.String()}, labelOriginAPI) return ctx.JSON(http.StatusOK, nil) } diff --git a/daemon/daemonapi/post_instance_progress.go b/daemon/daemonapi/post_instance_progress.go index dec692017..d11755e76 100644 --- a/daemon/daemonapi/post_instance_progress.go +++ b/daemon/daemonapi/post_instance_progress.go @@ -39,9 +39,10 @@ func (a *DaemonAPI) PostInstanceProgress(ctx echo.Context, namespace string, kin isPartial = *payload.IsPartial } a.EventBus.Pub(&msgbus.ProgressInstanceMonitor{Path: p, Node: a.localhost, SessionID: payload.SessionID, State: state, IsPartial: isPartial}, + pubsub.Label{"namespace", p.Namespace}, pubsub.Label{"path", p.String()}, a.LabelLocalhost, - labelAPI, + labelOriginAPI, ) return ctx.JSON(http.StatusOK, nil) } diff --git a/daemon/daemonapi/post_instance_state_file.go b/daemon/daemonapi/post_instance_state_file.go index eb9fdd1ea..748f63036 100644 --- a/daemon/daemonapi/post_instance_state_file.go +++ b/daemon/daemonapi/post_instance_state_file.go @@ -15,10 +15,12 @@ import ( "github.com/opensvc/om3/core/naming" "github.com/opensvc/om3/core/object" "github.com/opensvc/om3/core/resource" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PostInstanceStateFile(ctx echo.Context, nodename, namespace string, kind naming.Kind, name string) error { + if _, err := assertRoot(ctx); err != nil { + return err + } if nodename == a.localhost || nodename == "localhost" { return a.postLocalObjectStateFile(ctx, namespace, kind, name) } @@ -34,9 +36,6 @@ func (a *DaemonAPI) PostInstanceStateFile(ctx echo.Context, nodename, namespace } func (a *DaemonAPI) postLocalObjectStateFile(ctx echo.Context, namespace string, kind naming.Kind, name string) error { - if v, err := assertGrant(ctx, rbac.GrantRoot); !v { - return err - } p, err := naming.NewPath(namespace, kind, name) if err != nil { return JSONProblemf(ctx, http.StatusBadRequest, "Bad request path", fmt.Sprint(err)) diff --git a/daemon/daemonapi/post_instance_status.go b/daemon/daemonapi/post_instance_status.go index defa8570f..6ca95d1e4 100644 --- a/daemon/daemonapi/post_instance_status.go +++ b/daemon/daemonapi/post_instance_status.go @@ -31,9 +31,10 @@ func (a *DaemonAPI) PostInstanceStatus(ctx echo.Context, namespace string, kind return err } a.EventBus.Pub(&msgbus.InstanceStatusPost{Path: p, Node: a.localhost, Value: payload}, + pubsub.Label{"namespace", p.Namespace}, pubsub.Label{"path", p.String()}, a.LabelLocalhost, - labelAPI, + labelOriginAPI, ) return ctx.JSON(http.StatusOK, nil) } diff --git a/daemon/daemonapi/post_node_action_abort.go b/daemon/daemonapi/post_node_action_abort.go index de5e00de7..9c4c4a4f0 100644 --- a/daemon/daemonapi/post_node_action_abort.go +++ b/daemon/daemonapi/post_node_action_abort.go @@ -13,6 +13,9 @@ import ( ) func (a *DaemonAPI) PostPeerActionAbort(ctx echo.Context, nodename string) error { + if _, err := assertRoot(ctx); err != nil { + return err + } if nodename == a.localhost { return a.localNodeActionAbort(ctx) } @@ -30,6 +33,6 @@ func (a *DaemonAPI) localNodeActionAbort(ctx echo.Context) error { CandidateOrchestrationID: uuid.New(), }, } - a.EventBus.Pub(&msg, labelAPI) + a.EventBus.Pub(&msg, labelOriginAPI) return ctx.JSON(http.StatusOK, api.OrchestrationQueued{OrchestrationID: msg.Value.CandidateOrchestrationID}) } diff --git a/daemon/daemonapi/post_node_action_drain.go b/daemon/daemonapi/post_node_action_drain.go index 98e08b679..c2bcc2454 100644 --- a/daemon/daemonapi/post_node_action_drain.go +++ b/daemon/daemonapi/post_node_action_drain.go @@ -14,6 +14,9 @@ import ( ) func (a *DaemonAPI) PostPeerActionDrain(ctx echo.Context, nodename string) error { + if _, err := assertRoot(ctx); err != nil { + return err + } if nodename == a.localhost { return a.localNodeActionDrain(ctx) } @@ -37,7 +40,7 @@ func (a *DaemonAPI) localNodeActionDrain(eCtx echo.Context) error { } msg, errReceiver := msgbus.NewSetNodeMonitorWithErr(ctx, a.localhost, value) - a.EventBus.Pub(msg, a.LabelLocalhost, labelAPI) + a.EventBus.Pub(msg, a.LabelLocalhost, labelOriginAPI) return JSONFromSetNodeMonitorError(eCtx, &value, errReceiver.Receive()) } diff --git a/daemon/daemonapi/post_node_action_freeze.go b/daemon/daemonapi/post_node_action_freeze.go index 5d7dd3ee7..873176242 100644 --- a/daemon/daemonapi/post_node_action_freeze.go +++ b/daemon/daemonapi/post_node_action_freeze.go @@ -9,10 +9,12 @@ import ( "github.com/opensvc/om3/core/client" "github.com/opensvc/om3/core/naming" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PostPeerActionFreeze(ctx echo.Context, nodename string, params api.PostPeerActionFreezeParams) error { + if _, err := assertRoot(ctx); err != nil { + return err + } if nodename == a.localhost { return a.localNodeActionFreeze(ctx, params) } @@ -22,9 +24,6 @@ func (a *DaemonAPI) PostPeerActionFreeze(ctx echo.Context, nodename string, para } func (a *DaemonAPI) localNodeActionFreeze(ctx echo.Context, params api.PostPeerActionFreezeParams) error { - if v, err := assertGrant(ctx, rbac.GrantRoot); !v { - return err - } log := LogHandler(ctx, "PostPeerActionFreeze") var requesterSid uuid.UUID args := []string{"node", "freeze", "--local"} diff --git a/daemon/daemonapi/post_node_action_push_asset.go b/daemon/daemonapi/post_node_action_push_asset.go index aa7d0fe00..fe1452ba1 100644 --- a/daemon/daemonapi/post_node_action_push_asset.go +++ b/daemon/daemonapi/post_node_action_push_asset.go @@ -9,10 +9,12 @@ import ( "github.com/opensvc/om3/core/client" "github.com/opensvc/om3/core/naming" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PostNodeActionPushAsset(ctx echo.Context, nodename string, params api.PostNodeActionPushAssetParams) error { + if _, err := assertRoot(ctx); err != nil { + return err + } if nodename == a.localhost { return a.localNodeActionPushAsset(ctx, params) } @@ -22,9 +24,6 @@ func (a *DaemonAPI) PostNodeActionPushAsset(ctx echo.Context, nodename string, p } func (a *DaemonAPI) localNodeActionPushAsset(ctx echo.Context, params api.PostNodeActionPushAssetParams) error { - if v, err := assertGrant(ctx, rbac.GrantRoot); !v { - return err - } log := LogHandler(ctx, "PostNodeActionPushAsset") var requesterSid uuid.UUID args := []string{"node", "push", "asset", "--local"} diff --git a/daemon/daemonapi/post_node_action_push_disk.go b/daemon/daemonapi/post_node_action_push_disk.go index f127407ef..cd2e888d5 100644 --- a/daemon/daemonapi/post_node_action_push_disk.go +++ b/daemon/daemonapi/post_node_action_push_disk.go @@ -9,10 +9,12 @@ import ( "github.com/opensvc/om3/core/client" "github.com/opensvc/om3/core/naming" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PostNodeActionPushDisk(ctx echo.Context, nodename string, params api.PostNodeActionPushDiskParams) error { + if _, err := assertRoot(ctx); err != nil { + return err + } if nodename == a.localhost { return a.localNodeActionPushDisk(ctx, params) } @@ -22,9 +24,6 @@ func (a *DaemonAPI) PostNodeActionPushDisk(ctx echo.Context, nodename string, pa } func (a *DaemonAPI) localNodeActionPushDisk(ctx echo.Context, params api.PostNodeActionPushDiskParams) error { - if v, err := assertGrant(ctx, rbac.GrantRoot); !v { - return err - } log := LogHandler(ctx, "PostNodeActionPushDisk") var requesterSID uuid.UUID args := []string{"node", "push", "disk", "--local"} diff --git a/daemon/daemonapi/post_node_action_push_patch.go b/daemon/daemonapi/post_node_action_push_patch.go index 7f98cb492..29b9f94c5 100644 --- a/daemon/daemonapi/post_node_action_push_patch.go +++ b/daemon/daemonapi/post_node_action_push_patch.go @@ -9,10 +9,12 @@ import ( "github.com/opensvc/om3/core/client" "github.com/opensvc/om3/core/naming" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PostNodeActionPushPatch(ctx echo.Context, nodename string, params api.PostNodeActionPushPatchParams) error { + if _, err := assertRoot(ctx); err != nil { + return err + } if nodename == a.localhost { return a.localNodeActionPushPatch(ctx, params) } @@ -22,9 +24,6 @@ func (a *DaemonAPI) PostNodeActionPushPatch(ctx echo.Context, nodename string, p } func (a *DaemonAPI) localNodeActionPushPatch(ctx echo.Context, params api.PostNodeActionPushPatchParams) error { - if v, err := assertGrant(ctx, rbac.GrantRoot); !v { - return err - } log := LogHandler(ctx, "PostNodeActionPushPatch") var requesterSID uuid.UUID args := []string{"node", "push", "patch", "--local"} diff --git a/daemon/daemonapi/post_node_action_push_pkg.go b/daemon/daemonapi/post_node_action_push_pkg.go index 803e39ebf..55a619d1e 100644 --- a/daemon/daemonapi/post_node_action_push_pkg.go +++ b/daemon/daemonapi/post_node_action_push_pkg.go @@ -9,10 +9,12 @@ import ( "github.com/opensvc/om3/core/client" "github.com/opensvc/om3/core/naming" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PostNodeActionPushPkg(ctx echo.Context, nodename string, params api.PostNodeActionPushPkgParams) error { + if _, err := assertRoot(ctx); err != nil { + return err + } if nodename == a.localhost { return a.localNodeActionPushPkg(ctx, params) } @@ -22,9 +24,6 @@ func (a *DaemonAPI) PostNodeActionPushPkg(ctx echo.Context, nodename string, par } func (a *DaemonAPI) localNodeActionPushPkg(ctx echo.Context, params api.PostNodeActionPushPkgParams) error { - if v, err := assertGrant(ctx, rbac.GrantRoot); !v { - return err - } log := LogHandler(ctx, "PostNodeActionPushPkg") var requesterSid uuid.UUID args := []string{"node", "push", "pkg", "--local"} diff --git a/daemon/daemonapi/post_node_action_scan_capabilities.go b/daemon/daemonapi/post_node_action_scan_capabilities.go index 407f14504..7b4988a98 100644 --- a/daemon/daemonapi/post_node_action_scan_capabilities.go +++ b/daemon/daemonapi/post_node_action_scan_capabilities.go @@ -9,10 +9,12 @@ import ( "github.com/opensvc/om3/core/client" "github.com/opensvc/om3/core/naming" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PostNodeActionScanCapabilities(ctx echo.Context, nodename string, params api.PostNodeActionScanCapabilitiesParams) error { + if _, err := assertRoot(ctx); err != nil { + return err + } if nodename == a.localhost { return a.localNodeActionScanCapabilities(ctx, params) } @@ -22,9 +24,6 @@ func (a *DaemonAPI) PostNodeActionScanCapabilities(ctx echo.Context, nodename st } func (a *DaemonAPI) localNodeActionScanCapabilities(ctx echo.Context, params api.PostNodeActionScanCapabilitiesParams) error { - if v, err := assertGrant(ctx, rbac.GrantRoot); !v { - return err - } log := LogHandler(ctx, "PostNodeActionScanCapabilities") var requesterSid uuid.UUID args := []string{"node", "scan", "capabilities", "--local"} diff --git a/daemon/daemonapi/post_node_action_sysreport.go b/daemon/daemonapi/post_node_action_sysreport.go index 8166700eb..ed44810ad 100644 --- a/daemon/daemonapi/post_node_action_sysreport.go +++ b/daemon/daemonapi/post_node_action_sysreport.go @@ -9,10 +9,12 @@ import ( "github.com/opensvc/om3/core/client" "github.com/opensvc/om3/core/naming" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PostNodeActionSysreport(ctx echo.Context, nodename string, params api.PostNodeActionSysreportParams) error { + if _, err := assertRoot(ctx); err != nil { + return err + } if nodename == a.localhost { return a.localNodeActionSysreport(ctx, params) } @@ -22,9 +24,6 @@ func (a *DaemonAPI) PostNodeActionSysreport(ctx echo.Context, nodename string, p } func (a *DaemonAPI) localNodeActionSysreport(ctx echo.Context, params api.PostNodeActionSysreportParams) error { - if v, err := assertGrant(ctx, rbac.GrantRoot); !v { - return err - } log := LogHandler(ctx, "PostNodeActionSysreport") var requesterSid uuid.UUID args := []string{"node", "sysreport", "--local"} diff --git a/daemon/daemonapi/post_node_action_unfreeze.go b/daemon/daemonapi/post_node_action_unfreeze.go index 178f269ba..499cbb27e 100644 --- a/daemon/daemonapi/post_node_action_unfreeze.go +++ b/daemon/daemonapi/post_node_action_unfreeze.go @@ -9,10 +9,12 @@ import ( "github.com/opensvc/om3/core/client" "github.com/opensvc/om3/core/naming" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PostPeerActionUnfreeze(ctx echo.Context, nodename string, params api.PostPeerActionUnfreezeParams) error { + if _, err := assertRoot(ctx); err != nil { + return err + } if nodename == a.localhost { return a.localNodeActionUnfreeze(ctx, params) } @@ -22,9 +24,6 @@ func (a *DaemonAPI) PostPeerActionUnfreeze(ctx echo.Context, nodename string, pa } func (a *DaemonAPI) localNodeActionUnfreeze(ctx echo.Context, params api.PostPeerActionUnfreezeParams) error { - if v, err := assertGrant(ctx, rbac.GrantRoot); !v { - return err - } log := LogHandler(ctx, "PostPeerActionUnfreeze") var requesterSid uuid.UUID args := []string{"node", "unfreeze", "--local"} diff --git a/daemon/daemonapi/post_node_clear.go b/daemon/daemonapi/post_node_clear.go index 60ec96f55..50636c73c 100644 --- a/daemon/daemonapi/post_node_clear.go +++ b/daemon/daemonapi/post_node_clear.go @@ -10,8 +10,11 @@ import ( ) func (a *DaemonAPI) PostNodeClear(ctx echo.Context) error { + if v, err := assertRoot(ctx); !v { + return err + } state := node.MonitorStateIdle a.EventBus.Pub(&msgbus.SetNodeMonitor{Node: a.localhost, Value: node.MonitorUpdate{State: &state}}, - labelAPI) + labelOriginAPI) return ctx.JSON(http.StatusOK, nil) } diff --git a/daemon/daemonapi/post_node_config_update.go b/daemon/daemonapi/post_node_config_update.go index 6bf33352c..3eb502825 100644 --- a/daemon/daemonapi/post_node_config_update.go +++ b/daemon/daemonapi/post_node_config_update.go @@ -9,14 +9,11 @@ import ( "github.com/opensvc/om3/core/keyop" "github.com/opensvc/om3/core/object" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" "github.com/opensvc/om3/util/key" ) func (a *DaemonAPI) PostNodeConfigUpdate(ctx echo.Context, nodename string, params api.PostNodeConfigUpdateParams) error { - //log := LogHandler(ctx, "PostObjectConfigUpdate") - - if v, err := assertGrant(ctx, rbac.GrantRoot); !v { + if _, err := assertRoot(ctx); err != nil { return err } if nodename == a.localhost { diff --git a/daemon/daemonapi/post_node_drbd_config.go b/daemon/daemonapi/post_node_drbd_config.go index 1e16c5ced..f2b3ffa09 100644 --- a/daemon/daemonapi/post_node_drbd_config.go +++ b/daemon/daemonapi/post_node_drbd_config.go @@ -11,11 +11,10 @@ import ( "github.com/opensvc/om3/core/client" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PostNodeDRBDConfig(ctx echo.Context, nodename string, params api.PostNodeDRBDConfigParams) error { - if v, err := assertGrant(ctx, rbac.GrantRoot); !v { + if _, err := assertRoot(ctx); err != nil { return err } payload := api.PostNodeDRBDConfigRequest{} diff --git a/daemon/daemonapi/post_object_action_abort.go b/daemon/daemonapi/post_object_action_abort.go index a73838a9a..f66dc18f8 100644 --- a/daemon/daemonapi/post_object_action_abort.go +++ b/daemon/daemonapi/post_object_action_abort.go @@ -7,11 +7,10 @@ import ( "github.com/opensvc/om3/core/client" "github.com/opensvc/om3/core/instance" "github.com/opensvc/om3/core/naming" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PostObjectActionAbort(ctx echo.Context, namespace string, kind naming.Kind, name string) error { - if v, err := assertGrant(ctx, rbac.NewGrant(rbac.RoleOperator, namespace), rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot); !v { + if _, err := assertOperator(ctx, namespace); err != nil { return err } return a.postObjectAction(ctx, namespace, kind, name, instance.MonitorGlobalExpectAborted, func(c *client.T) (*http.Response, error) { diff --git a/daemon/daemonapi/post_object_action_delete.go b/daemon/daemonapi/post_object_action_delete.go index db47ac59d..83fe17eda 100644 --- a/daemon/daemonapi/post_object_action_delete.go +++ b/daemon/daemonapi/post_object_action_delete.go @@ -7,11 +7,10 @@ import ( "github.com/opensvc/om3/core/client" "github.com/opensvc/om3/core/instance" "github.com/opensvc/om3/core/naming" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PostObjectActionDelete(ctx echo.Context, namespace string, kind naming.Kind, name string) error { - if v, err := assertGrant(ctx, rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot); !v { + if _, err := assertAdmin(ctx, namespace); err != nil { return err } return a.postObjectAction(ctx, namespace, kind, name, instance.MonitorGlobalExpectDeleted, func(c *client.T) (*http.Response, error) { diff --git a/daemon/daemonapi/post_object_action_freeze.go b/daemon/daemonapi/post_object_action_freeze.go index ee8eb7878..9d8c15098 100644 --- a/daemon/daemonapi/post_object_action_freeze.go +++ b/daemon/daemonapi/post_object_action_freeze.go @@ -7,11 +7,10 @@ import ( "github.com/opensvc/om3/core/client" "github.com/opensvc/om3/core/instance" "github.com/opensvc/om3/core/naming" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PostObjectActionFreeze(ctx echo.Context, namespace string, kind naming.Kind, name string) error { - if v, err := assertGrant(ctx, rbac.NewGrant(rbac.RoleOperator, namespace), rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot); !v { + if _, err := assertOperator(ctx, namespace); err != nil { return err } return a.postObjectAction(ctx, namespace, kind, name, instance.MonitorGlobalExpectFrozen, func(c *client.T) (*http.Response, error) { diff --git a/daemon/daemonapi/post_object_action_giveback.go b/daemon/daemonapi/post_object_action_giveback.go index 7f7498bb4..110084ca5 100644 --- a/daemon/daemonapi/post_object_action_giveback.go +++ b/daemon/daemonapi/post_object_action_giveback.go @@ -7,11 +7,10 @@ import ( "github.com/opensvc/om3/core/client" "github.com/opensvc/om3/core/instance" "github.com/opensvc/om3/core/naming" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PostObjectActionGiveback(ctx echo.Context, namespace string, kind naming.Kind, name string) error { - if v, err := assertGrant(ctx, rbac.NewGrant(rbac.RoleOperator, namespace), rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot); !v { + if _, err := assertOperator(ctx, namespace); err != nil { return err } return a.postObjectAction(ctx, namespace, kind, name, instance.MonitorGlobalExpectPlaced, func(c *client.T) (*http.Response, error) { diff --git a/daemon/daemonapi/post_object_action_provision.go b/daemon/daemonapi/post_object_action_provision.go index d5b752f7e..b085d523f 100644 --- a/daemon/daemonapi/post_object_action_provision.go +++ b/daemon/daemonapi/post_object_action_provision.go @@ -7,11 +7,10 @@ import ( "github.com/opensvc/om3/core/client" "github.com/opensvc/om3/core/instance" "github.com/opensvc/om3/core/naming" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PostObjectActionProvision(ctx echo.Context, namespace string, kind naming.Kind, name string) error { - if v, err := assertGrant(ctx, rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot); !v { + if _, err := assertAdmin(ctx, namespace); err != nil { return err } return a.postObjectAction(ctx, namespace, kind, name, instance.MonitorGlobalExpectProvisioned, func(c *client.T) (*http.Response, error) { diff --git a/daemon/daemonapi/post_object_action_purge.go b/daemon/daemonapi/post_object_action_purge.go index 84a64f1e3..34a6c9b7d 100644 --- a/daemon/daemonapi/post_object_action_purge.go +++ b/daemon/daemonapi/post_object_action_purge.go @@ -8,11 +8,10 @@ import ( "github.com/opensvc/om3/core/client" "github.com/opensvc/om3/core/instance" "github.com/opensvc/om3/core/naming" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PostObjectActionPurge(ctx echo.Context, namespace string, kind naming.Kind, name string) error { - if v, err := assertGrant(ctx, rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot); !v { + if _, err := assertAdmin(ctx, namespace); err != nil { return err } return a.postObjectAction(ctx, namespace, kind, name, instance.MonitorGlobalExpectPurged, func(c *client.T) (*http.Response, error) { diff --git a/daemon/daemonapi/post_object_action_restart.go b/daemon/daemonapi/post_object_action_restart.go index 7d497ff89..1093ff678 100644 --- a/daemon/daemonapi/post_object_action_restart.go +++ b/daemon/daemonapi/post_object_action_restart.go @@ -12,12 +12,11 @@ import ( "github.com/opensvc/om3/core/naming" "github.com/opensvc/om3/daemon/api" "github.com/opensvc/om3/daemon/msgbus" - "github.com/opensvc/om3/daemon/rbac" "github.com/opensvc/om3/util/pubsub" ) func (a *DaemonAPI) PostObjectActionRestart(eCtx echo.Context, namespace string, kind naming.Kind, name string) error { - if v, err := assertGrant(eCtx, rbac.NewGrant(rbac.RoleOperator, namespace), rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot); !v { + if _, err := assertOperator(eCtx, namespace); err != nil { return err } p, err := naming.NewPath(namespace, kind, name) @@ -46,7 +45,7 @@ func (a *DaemonAPI) PostObjectActionRestart(eCtx echo.Context, namespace string, msg, setInstanceMonitorErr := msgbus.NewSetInstanceMonitorWithErr(ctx, p, a.localhost, value) - a.EventBus.Pub(msg, pubsub.Label{"path", p.String()}, labelAPI) + a.EventBus.Pub(msg, pubsub.Label{"namespace", p.Namespace}, pubsub.Label{"path", p.String()}, labelOriginAPI) return JSONFromSetInstanceMonitorError(eCtx, &value, setInstanceMonitorErr.Receive()) } diff --git a/daemon/daemonapi/post_object_action_start.go b/daemon/daemonapi/post_object_action_start.go index 12a6b88ed..dbcf2b279 100644 --- a/daemon/daemonapi/post_object_action_start.go +++ b/daemon/daemonapi/post_object_action_start.go @@ -7,11 +7,10 @@ import ( "github.com/opensvc/om3/core/client" "github.com/opensvc/om3/core/instance" "github.com/opensvc/om3/core/naming" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PostObjectActionStart(ctx echo.Context, namespace string, kind naming.Kind, name string) error { - if v, err := assertGrant(ctx, rbac.NewGrant(rbac.RoleOperator, namespace), rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot); !v { + if _, err := assertOperator(ctx, namespace); err != nil { return err } return a.postObjectAction(ctx, namespace, kind, name, instance.MonitorGlobalExpectStarted, func(c *client.T) (*http.Response, error) { diff --git a/daemon/daemonapi/post_object_action_stop.go b/daemon/daemonapi/post_object_action_stop.go index 0330d5617..f9a260217 100644 --- a/daemon/daemonapi/post_object_action_stop.go +++ b/daemon/daemonapi/post_object_action_stop.go @@ -7,11 +7,10 @@ import ( "github.com/opensvc/om3/core/client" "github.com/opensvc/om3/core/instance" "github.com/opensvc/om3/core/naming" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PostObjectActionStop(ctx echo.Context, namespace string, kind naming.Kind, name string) error { - if v, err := assertGrant(ctx, rbac.NewGrant(rbac.RoleOperator, namespace), rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot); !v { + if _, err := assertOperator(ctx, namespace); err != nil { return err } return a.postObjectAction(ctx, namespace, kind, name, instance.MonitorGlobalExpectStopped, func(c *client.T) (*http.Response, error) { diff --git a/daemon/daemonapi/post_object_action_switch.go b/daemon/daemonapi/post_object_action_switch.go index c64c85016..73b1169e4 100644 --- a/daemon/daemonapi/post_object_action_switch.go +++ b/daemon/daemonapi/post_object_action_switch.go @@ -13,12 +13,11 @@ import ( "github.com/opensvc/om3/core/naming" "github.com/opensvc/om3/daemon/api" "github.com/opensvc/om3/daemon/msgbus" - "github.com/opensvc/om3/daemon/rbac" "github.com/opensvc/om3/util/pubsub" ) func (a *DaemonAPI) PostObjectActionSwitch(eCtx echo.Context, namespace string, kind naming.Kind, name string) error { - if v, err := assertGrant(eCtx, rbac.NewGrant(rbac.RoleOperator, namespace), rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot); !v { + if _, err := assertOperator(eCtx, namespace); err != nil { return err } p, err := naming.NewPath(namespace, kind, name) @@ -46,7 +45,7 @@ func (a *DaemonAPI) PostObjectActionSwitch(eCtx echo.Context, namespace string, msg, setInstanceMonitorErr := msgbus.NewSetInstanceMonitorWithErr(ctx, p, a.localhost, value) - a.EventBus.Pub(msg, pubsub.Label{"path", p.String()}, labelAPI) + a.EventBus.Pub(msg, pubsub.Label{"namespace", p.Namespace}, pubsub.Label{"path", p.String()}, labelOriginAPI) return JSONFromSetInstanceMonitorError(eCtx, &value, setInstanceMonitorErr.Receive()) } diff --git a/daemon/daemonapi/post_object_action_unfreeze.go b/daemon/daemonapi/post_object_action_unfreeze.go index bd33defe5..c31537106 100644 --- a/daemon/daemonapi/post_object_action_unfreeze.go +++ b/daemon/daemonapi/post_object_action_unfreeze.go @@ -7,11 +7,10 @@ import ( "github.com/opensvc/om3/core/client" "github.com/opensvc/om3/core/instance" "github.com/opensvc/om3/core/naming" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PostObjectActionUnfreeze(ctx echo.Context, namespace string, kind naming.Kind, name string) error { - if v, err := assertGrant(ctx, rbac.NewGrant(rbac.RoleOperator, namespace), rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot); !v { + if _, err := assertOperator(ctx, namespace); err != nil { return err } return a.postObjectAction(ctx, namespace, kind, name, instance.MonitorGlobalExpectThawed, func(c *client.T) (*http.Response, error) { diff --git a/daemon/daemonapi/post_object_action_unprovision.go b/daemon/daemonapi/post_object_action_unprovision.go index 353e6a421..34640c61c 100644 --- a/daemon/daemonapi/post_object_action_unprovision.go +++ b/daemon/daemonapi/post_object_action_unprovision.go @@ -7,11 +7,10 @@ import ( "github.com/opensvc/om3/core/client" "github.com/opensvc/om3/core/instance" "github.com/opensvc/om3/core/naming" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PostObjectActionUnprovision(ctx echo.Context, namespace string, kind naming.Kind, name string) error { - if v, err := assertGrant(ctx, rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot); !v { + if _, err := assertAdmin(ctx, namespace); err != nil { return err } return a.postObjectAction(ctx, namespace, kind, name, instance.MonitorGlobalExpectUnprovisioned, func(c *client.T) (*http.Response, error) { diff --git a/daemon/daemonapi/post_object_config_file.go b/daemon/daemonapi/post_object_config_file.go index 817ce03a2..3bcab2058 100644 --- a/daemon/daemonapi/post_object_config_file.go +++ b/daemon/daemonapi/post_object_config_file.go @@ -11,6 +11,9 @@ import ( ) func (a *DaemonAPI) PostObjectConfigFile(ctx echo.Context, namespace string, kind naming.Kind, name string) error { + if _, err := assertAdmin(ctx, namespace); err != nil { + return err + } p, err := naming.NewPath(namespace, kind, name) if err != nil { return JSONProblemf(ctx, http.StatusBadRequest, "Bad request path", fmt.Sprint(err)) diff --git a/daemon/daemonapi/post_object_config_update.go b/daemon/daemonapi/post_object_config_update.go index 8d94a7043..cb6d1b715 100644 --- a/daemon/daemonapi/post_object_config_update.go +++ b/daemon/daemonapi/post_object_config_update.go @@ -21,7 +21,7 @@ var ( func (a *DaemonAPI) PostObjectConfigUpdate(ctx echo.Context, namespace string, kind naming.Kind, name string, params api.PostObjectConfigUpdateParams) error { log := LogHandler(ctx, "PostObjectConfigUpdate") - if v, err := assertGrant(ctx, rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot); !v { + if _, err := assertAdmin(ctx, namespace); err != nil { return err } diff --git a/daemon/daemonapi/post_object_kvstore_entry.go b/daemon/daemonapi/post_object_kvstore_entry.go index 3433d8731..6a7f793fe 100644 --- a/daemon/daemonapi/post_object_kvstore_entry.go +++ b/daemon/daemonapi/post_object_kvstore_entry.go @@ -11,13 +11,12 @@ import ( "github.com/opensvc/om3/core/naming" "github.com/opensvc/om3/core/object" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PostObjectKVStoreEntry(ctx echo.Context, namespace string, kind naming.Kind, name string, params api.PostObjectKVStoreEntryParams) error { log := LogHandler(ctx, "PostObjectKVStoreEntry") - if v, err := assertGrant(ctx, rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot); !v { + if _, err := assertAdmin(ctx, namespace); err != nil { return err } diff --git a/daemon/daemonapi/post_svc_disable.go b/daemon/daemonapi/post_svc_disable.go index 4d0715e3a..4842b6e79 100644 --- a/daemon/daemonapi/post_svc_disable.go +++ b/daemon/daemonapi/post_svc_disable.go @@ -10,13 +10,12 @@ import ( "github.com/opensvc/om3/core/naming" "github.com/opensvc/om3/core/object" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PostSvcDisable(ctx echo.Context, namespace string, name string, params api.PostSvcDisableParams) error { log := LogHandler(ctx, "PostSvcDisable") - if v, err := assertGrant(ctx, rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot); !v { + if _, err := assertAdmin(ctx, namespace); err != nil { return err } diff --git a/daemon/daemonapi/post_svc_enable.go b/daemon/daemonapi/post_svc_enable.go index ed74bc0b5..670efbc19 100644 --- a/daemon/daemonapi/post_svc_enable.go +++ b/daemon/daemonapi/post_svc_enable.go @@ -10,13 +10,12 @@ import ( "github.com/opensvc/om3/core/naming" "github.com/opensvc/om3/core/object" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PostSvcEnable(ctx echo.Context, namespace string, name string, params api.PostSvcEnableParams) error { log := LogHandler(ctx, "PostSvcEnable") - if v, err := assertGrant(ctx, rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot); !v { + if _, err := assertAdmin(ctx, namespace); err != nil { return err } diff --git a/daemon/daemonapi/put_cluster_config_file.go b/daemon/daemonapi/put_cluster_config_file.go index 6ae2e38c4..6dcd4ac55 100644 --- a/daemon/daemonapi/put_cluster_config_file.go +++ b/daemon/daemonapi/put_cluster_config_file.go @@ -7,5 +7,8 @@ import ( ) func (a *DaemonAPI) PutClusterConfigFile(ctx echo.Context) error { + if v, err := assertRoot(ctx); !v { + return err + } return a.writeObjectConfigFile(ctx, naming.Cluster) } diff --git a/daemon/daemonapi/put_node_config_file.go b/daemon/daemonapi/put_node_config_file.go index 0177b0338..bcac37db2 100644 --- a/daemon/daemonapi/put_node_config_file.go +++ b/daemon/daemonapi/put_node_config_file.go @@ -8,6 +8,9 @@ import ( ) func (a *DaemonAPI) PutNodeConfigFile(ctx echo.Context, nodename string) error { + if v, err := assertRoot(ctx); !v { + return err + } if nodename == a.localhost { return a.writeNodeConfigFile(ctx, nodename) } diff --git a/daemon/daemonapi/put_node_ssh_trust.go b/daemon/daemonapi/put_node_ssh_trust.go index 6debfcd2e..67f37d766 100644 --- a/daemon/daemonapi/put_node_ssh_trust.go +++ b/daemon/daemonapi/put_node_ssh_trust.go @@ -9,12 +9,14 @@ import ( "github.com/labstack/echo/v4" "github.com/opensvc/om3/core/client" "github.com/opensvc/om3/core/cluster" - "github.com/opensvc/om3/daemon/rbac" "github.com/opensvc/om3/util/sshnode" "golang.org/x/crypto/ssh" ) func (a *DaemonAPI) PutNodeSSHTrust(ctx echo.Context, nodename string) error { + if _, err := assertRoot(ctx); err != nil { + return err + } if nodename == a.localhost { return a.localPutNodeSSHTrust(ctx) } @@ -25,9 +27,6 @@ func (a *DaemonAPI) PutNodeSSHTrust(ctx echo.Context, nodename string) error { func (a *DaemonAPI) localPutNodeSSHTrust(ctx echo.Context) error { log := LogHandler(ctx, "PutNodeSSHTrust") - if v, err := assertGrant(ctx, rbac.GrantRoot); !v { - return err - } clusterConfigData := cluster.ConfigData.Get() authorizedKeys, err := sshnode.GetAuthorizedKeysMap() diff --git a/daemon/daemonapi/put_object_config_file.go b/daemon/daemonapi/put_object_config_file.go index eff109550..058363721 100644 --- a/daemon/daemonapi/put_object_config_file.go +++ b/daemon/daemonapi/put_object_config_file.go @@ -11,6 +11,9 @@ import ( ) func (a *DaemonAPI) PutObjectConfigFile(ctx echo.Context, namespace string, kind naming.Kind, name string) error { + if v, err := assertAdmin(ctx, namespace); !v { + return err + } p, err := naming.NewPath(namespace, kind, name) if err != nil { return JSONProblemf(ctx, http.StatusBadRequest, "Bad request path", fmt.Sprint(err)) diff --git a/daemon/daemonapi/put_object_kvstore_entry.go b/daemon/daemonapi/put_object_kvstore_entry.go index ef3baee2c..3bd980187 100644 --- a/daemon/daemonapi/put_object_kvstore_entry.go +++ b/daemon/daemonapi/put_object_kvstore_entry.go @@ -12,13 +12,12 @@ import ( "github.com/opensvc/om3/core/naming" "github.com/opensvc/om3/core/object" "github.com/opensvc/om3/daemon/api" - "github.com/opensvc/om3/daemon/rbac" ) func (a *DaemonAPI) PutObjectKVStoreEntry(ctx echo.Context, namespace string, kind naming.Kind, name string, params api.PutObjectKVStoreEntryParams) error { log := LogHandler(ctx, "PutObjectKVStoreEntry") - if v, err := assertGrant(ctx, rbac.NewGrant(rbac.RoleAdmin, namespace), rbac.GrantRoot); !v { + if _, err := assertAdmin(ctx, namespace); err != nil { return err } diff --git a/daemon/daemondata/apply_full.go b/daemon/daemondata/apply_full.go index dad649b98..62e5ed56e 100644 --- a/daemon/daemondata/apply_full.go +++ b/daemon/daemondata/apply_full.go @@ -367,6 +367,7 @@ func (d *data) pubMsgFromNodeInstanceDiffForNode(peer string, current *remoteInf // ObjectCreated is published by icfg, before initial // InstanceConfigUpdated publication. d.bus.Pub(&msgbus.ObjectCreated{Path: toPath[s], Node: peer}, + pubsub.Label{"namespace", toPath[s].Namespace}, pubsub.Label{"path", s}, pubsub.Label{"node", peer}, labelFromPeer, @@ -374,6 +375,7 @@ func (d *data) pubMsgFromNodeInstanceDiffForNode(peer string, current *remoteInf } instance.ConfigData.Set(toPath[s], peer, d.clusterData.Cluster.Node[peer].Instance[s].Config.DeepCopy()) d.bus.Pub(&msgbus.InstanceConfigUpdated{Path: toPath[s], Node: peer, Value: *d.clusterData.Cluster.Node[peer].Instance[s].Config.DeepCopy()}, + pubsub.Label{"namespace", toPath[s].Namespace}, pubsub.Label{"path", s}, pubsub.Label{"node", peer}, labelFromPeer, @@ -382,6 +384,7 @@ func (d *data) pubMsgFromNodeInstanceDiffForNode(peer string, current *remoteInf for _, s := range removes { instance.ConfigData.Unset(toPath[s], peer) d.bus.Pub(&msgbus.InstanceConfigDeleted{Path: toPath[s], Node: peer}, + pubsub.Label{"namespace", toPath[s].Namespace}, pubsub.Label{"path", s}, pubsub.Label{"node", peer}, labelFromPeer, @@ -392,6 +395,7 @@ func (d *data) pubMsgFromNodeInstanceDiffForNode(peer string, current *remoteInf for _, s := range updates { instance.StatusData.Set(toPath[s], peer, d.clusterData.Cluster.Node[peer].Instance[s].Status.DeepCopy()) d.bus.Pub(&msgbus.InstanceStatusUpdated{Path: toPath[s], Node: peer, Value: *d.clusterData.Cluster.Node[peer].Instance[s].Status.DeepCopy()}, + pubsub.Label{"namespace", toPath[s].Namespace}, pubsub.Label{"path", s}, pubsub.Label{"node", peer}, labelFromPeer, @@ -400,6 +404,7 @@ func (d *data) pubMsgFromNodeInstanceDiffForNode(peer string, current *remoteInf for _, s := range removes { instance.StatusData.Unset(toPath[s], peer) d.bus.Pub(&msgbus.InstanceStatusDeleted{Path: toPath[s], Node: peer}, + pubsub.Label{"namespace", toPath[s].Namespace}, pubsub.Label{"path", s}, pubsub.Label{"node", peer}, labelFromPeer, @@ -410,6 +415,7 @@ func (d *data) pubMsgFromNodeInstanceDiffForNode(peer string, current *remoteInf for _, s := range updates { instance.MonitorData.Set(toPath[s], peer, d.clusterData.Cluster.Node[peer].Instance[s].Monitor.DeepCopy()) d.bus.Pub(&msgbus.InstanceMonitorUpdated{Path: toPath[s], Node: peer, Value: *d.clusterData.Cluster.Node[peer].Instance[s].Monitor.DeepCopy()}, + pubsub.Label{"namespace", toPath[s].Namespace}, pubsub.Label{"path", s}, pubsub.Label{"node", peer}, labelFromPeer, @@ -418,6 +424,7 @@ func (d *data) pubMsgFromNodeInstanceDiffForNode(peer string, current *remoteInf for _, s := range removes { instance.MonitorData.Unset(toPath[s], peer) d.bus.Pub(&msgbus.InstanceMonitorDeleted{Path: toPath[s], Node: peer}, + pubsub.Label{"namespace", toPath[s].Namespace}, pubsub.Label{"path", s}, pubsub.Label{"node", peer}, labelFromPeer, diff --git a/daemon/daemondata/node_data.go b/daemon/daemondata/node_data.go index 4ddc627cf..2176e0573 100644 --- a/daemon/daemondata/node_data.go +++ b/daemon/daemondata/node_data.go @@ -86,15 +86,15 @@ func (d *data) dropPeer(peer string) { d.log.Infof("unset and publish deleted peer %s components", peer) for p := range instance.ConfigData.GetByNode(peer) { instance.ConfigData.Unset(p, peer) - d.bus.Pub(&msgbus.InstanceConfigDeleted{Node: peer, Path: p}, append(peerLabels, pubsub.Label{"path", p.String()})...) + d.bus.Pub(&msgbus.InstanceConfigDeleted{Node: peer, Path: p}, append(peerLabels, pubsub.Label{"namespace", p.Namespace}, pubsub.Label{"path", p.String()})...) } for p := range instance.StatusData.GetByNode(peer) { instance.StatusData.Unset(p, peer) - d.bus.Pub(&msgbus.InstanceStatusDeleted{Node: peer, Path: p}, append(peerLabels, pubsub.Label{"path", p.String()})...) + d.bus.Pub(&msgbus.InstanceStatusDeleted{Node: peer, Path: p}, append(peerLabels, pubsub.Label{"namespace", p.Namespace}, pubsub.Label{"path", p.String()})...) } for p := range instance.MonitorData.GetByNode(peer) { instance.MonitorData.Unset(p, peer) - d.bus.Pub(&msgbus.InstanceMonitorDeleted{Node: peer, Path: p}, append(peerLabels, pubsub.Label{"path", p.String()})...) + d.bus.Pub(&msgbus.InstanceMonitorDeleted{Node: peer, Path: p}, append(peerLabels, pubsub.Label{"namespace", p.Namespace}, pubsub.Label{"path", p.String()})...) } if v := node.MonitorData.GetByNode(peer); v != nil { node.DropNode(peer) diff --git a/daemon/daemonvip/main.go b/daemon/daemonvip/main.go index 9d1bc5c4e..a2d86da52 100644 --- a/daemon/daemonvip/main.go +++ b/daemon/daemonvip/main.go @@ -253,7 +253,7 @@ func (t *T) orchestrate(g instance.MonitorGlobalExpect) error { value := instance.MonitorUpdate{GlobalExpect: &g, CandidateOrchestrationID: uuid.New()} msg, setInstanceMonitorErr := msgbus.NewSetInstanceMonitorWithErr(ctx, vipPath, t.localhost, value) - t.bus.Pub(msg, []pubsub.Label{{"node", t.localhost}, {"path", vipPath.String()}}...) + t.bus.Pub(msg, []pubsub.Label{{"node", t.localhost}, pubsub.Label{"namespace", vipPath.Namespace}, {"path", vipPath.String()}}...) err := setInstanceMonitorErr.Receive() switch { diff --git a/daemon/discover/cfg.go b/daemon/discover/cfg.go index 3683d6122..6c5936683 100644 --- a/daemon/discover/cfg.go +++ b/daemon/discover/cfg.go @@ -189,7 +189,7 @@ func (t *Manager) onInstanceStatusUpdated(c *msgbus.InstanceStatusUpdated) { bus := pubsub.BusFromContext(t.ctx) for _, entry := range entries { filename := filepath.Join(runDir, entry.Name()) - t.PubDebounce(bus, filename, &msgbus.RunFileUpdated{File: filename, Path: path, RID: rid, At: file.ModTime(filename)}, t.labelLocalhost, pubsub.Label{"path", path.String()}) + t.PubDebounce(bus, filename, &msgbus.RunFileUpdated{File: filename, Path: path, RID: rid, At: file.ModTime(filename)}, t.labelLocalhost, pubsub.Label{"namespace", path.Namespace}, pubsub.Label{"path", path.String()}) } } for rid, _ := range c.Value.Resources { @@ -489,6 +489,7 @@ func (t *Manager) onHbMessageTypeUpdated(c *msgbus.HbMessageTypeUpdated) { Scope: append([]string{}, ev.Scope...), UpdatedAt: ev.UpdatedAt, }, + pubsub.Label{"namespace", p.Namespace}, pubsub.Label{"path", p.String()}, t.labelLocalhost, ) diff --git a/daemon/discover/fs_watcher.go b/daemon/discover/fs_watcher.go index c2752564d..eb5b86e0d 100644 --- a/daemon/discover/fs_watcher.go +++ b/daemon/discover/fs_watcher.go @@ -136,7 +136,7 @@ func (t *Manager) fsWatcherStart() (func(), error) { } */ log.Debugf("publish msgbus.ConfigFileUpdated config file %s", filename) - t.PubDebounce(bus, filename, &msgbus.ConfigFileUpdated{Path: p, File: filename}, pubsub.Label{"path", p.String()}) + t.PubDebounce(bus, filename, &msgbus.ConfigFileUpdated{Path: p, File: filename}, pubsub.Label{"namespace", p.Namespace}, pubsub.Label{"path", p.String()}) } return nil }, @@ -197,7 +197,7 @@ func (t *Manager) fsWatcherStart() (func(), error) { log.Warnf("failed to parse path and rid from %s: %s", filename, err) continue } - t.PubDebounce(bus, filename, &msgbus.RunFileRemoved{File: filename, Path: path, RID: rid, At: time.Now()}, t.labelLocalhost, pubsub.Label{"path", path.String()}) + t.PubDebounce(bus, filename, &msgbus.RunFileRemoved{File: filename, Path: path, RID: rid, At: time.Now()}, t.labelLocalhost, pubsub.Label{"namespace", path.Namespace}, pubsub.Label{"path", path.String()}) case event.Op&fsnotify.Create != 0: log.Debugf("detect updated file %s (%s)", filename, event.Op) path, rid, err := runFilenameToPathAndRID(filename) @@ -205,7 +205,7 @@ func (t *Manager) fsWatcherStart() (func(), error) { log.Warnf("failed to parse path and rid from %s: %s", filename, err) continue } - t.PubDebounce(bus, filename, &msgbus.RunFileUpdated{File: filename, Path: path, RID: rid, At: file.ModTime(filename)}, t.labelLocalhost, pubsub.Label{"path", path.String()}) + t.PubDebounce(bus, filename, &msgbus.RunFileUpdated{File: filename, Path: path, RID: rid, At: file.ModTime(filename)}, t.labelLocalhost, pubsub.Label{"namespace", path.Namespace}, pubsub.Label{"path", path.String()}) } case strings.HasSuffix(filename, "frozen"): if filename != nodeFrozenFile { @@ -239,11 +239,11 @@ func (t *Manager) fsWatcherStart() (func(), error) { case event.Op&removeMask != 0: if !file.Exists(filename) { log.Debugf("detect removed file %s (%s)", filename, event.Op) - t.PubDebounce(bus, filename, &msgbus.ConfigFileRemoved{Path: p, File: filename}, pubsub.Label{"path", p.String()}) + t.PubDebounce(bus, filename, &msgbus.ConfigFileRemoved{Path: p, File: filename}, pubsub.Label{"namespace", p.Namespace}, pubsub.Label{"path", p.String()}) } case event.Op&updateMask != 0: log.Debugf("detect updated file %s (%s)", filename, event.Op) - t.PubDebounce(bus, filename, &msgbus.ConfigFileUpdated{Path: p, File: filename}, pubsub.Label{"path", p.String()}) + t.PubDebounce(bus, filename, &msgbus.ConfigFileUpdated{Path: p, File: filename}, pubsub.Label{"namespace", p.Namespace}, pubsub.Label{"path", p.String()}) } case dirCreated(event): if event.Name == "." { diff --git a/daemon/dns/main_cmd.go b/daemon/dns/main_cmd.go index d094ff8e6..76cde50e7 100644 --- a/daemon/dns/main_cmd.go +++ b/daemon/dns/main_cmd.go @@ -74,7 +74,7 @@ func (t *Manager) pubDeleted(record Record, p naming.Path, node string) { Type: record.Type, TTL: record.TTL, Content: record.Content, - }, pubsub.Label{"node", node}, pubsub.Label{"path", p.String()}) + }, pubsub.Label{"node", node}, pubsub.Label{"namespace", p.Namespace}, pubsub.Label{"path", p.String()}) } func (t *Manager) pubUpdated(record Record, p naming.Path, node string) { @@ -85,7 +85,7 @@ func (t *Manager) pubUpdated(record Record, p naming.Path, node string) { Type: record.Type, TTL: record.TTL, Content: record.Content, - }, pubsub.Label{"node", node}, pubsub.Label{"path", p.String()}) + }, pubsub.Label{"node", node}, pubsub.Label{"namespace", p.Namespace}, pubsub.Label{"path", p.String()}) } func (t *Manager) onInstanceStatusDeleted(c *msgbus.InstanceStatusDeleted) { diff --git a/daemon/icfg/main.go b/daemon/icfg/main.go index efaec661a..35902e2fa 100644 --- a/daemon/icfg/main.go +++ b/daemon/icfg/main.go @@ -112,6 +112,7 @@ func Start(parent context.Context, p naming.Path, filename string, svcDiscoverCm WithPrefix("daemon: icfg: " + p.String() + ": "), pubLabel: []pubsub.Label{ + {"namespace", p.Namespace}, {"path", p.String()}, {"node", localhost}, }, @@ -240,9 +241,7 @@ func (t *Manager) updateConfig(newConfig *instance.Config) { } t.instanceConfig = *newConfig instance.ConfigData.Set(t.path, t.localhost, newConfig.DeepCopy()) - t.bus.Pub(&msgbus.InstanceConfigUpdated{Path: t.path, Node: t.localhost, Value: *newConfig.DeepCopy()}, - t.pubLabel..., - ) + t.bus.Pub(&msgbus.InstanceConfigUpdated{Path: t.path, Node: t.localhost, Value: *newConfig.DeepCopy()}, t.pubLabel...) t.published = true } diff --git a/daemon/imon/crm_actions.go b/daemon/imon/crm_actions.go index 1834923a1..9b48ccd97 100644 --- a/daemon/imon/crm_actions.go +++ b/daemon/imon/crm_actions.go @@ -89,7 +89,7 @@ func (t *Manager) crmDelete() error { t.pubsubBus.Pub(&msgbus.InstanceConfigDeleting{ Path: t.path, Node: t.localhost, - }, t.labelPath, t.labelLocalhost) + }, t.pubLabels...) return t.crmAction("delete", t.path.String(), "delete", "--local") } @@ -166,7 +166,7 @@ func (t *Manager) crmDefaultAction(title string, cmdArgs ...string) error { "OSVC_SESSION_ID="+sid.String(), ), ) - labels := []pubsub.Label{t.labelLocalhost, t.labelPath, {"origin", "imon"}, {"sid", sid.String()}} + labels := append(t.pubLabels, pubsub.Label{"origin", "imon"}, pubsub.Label{"sid", sid.String()}) if title != "" { t.loggerWithState().Infof("-> exec %s", append([]string{cmdPath}, cmdArgs...)) } else { diff --git a/daemon/imon/main.go b/daemon/imon/main.go index e008986a7..1bfdf9ef6 100644 --- a/daemon/imon/main.go +++ b/daemon/imon/main.go @@ -105,6 +105,7 @@ type ( labelLocalhost pubsub.Label labelPath pubsub.Label + pubLabels []pubsub.Label // delayDuration is the minimum duration between two imon orchestrate, // update. @@ -232,6 +233,11 @@ func start(parent context.Context, qs pubsub.QueueSizer, p naming.Path, nodes [] labelLocalhost: pubsub.Label{"node", localhost}, labelPath: pubsub.Label{"path", id}, + pubLabels: []pubsub.Label{ + {"namespace", p.Namespace}, + {"path", id}, + {"node", localhost}, + }, } t.log = t.newLogger(uuid.Nil) @@ -336,15 +342,9 @@ func (t *Manager) worker(initialNodes []string) { } }() instance.StatusData.Unset(t.path, t.localhost) - t.pubsubBus.Pub(&msgbus.InstanceStatusDeleted{Path: t.path, Node: t.localhost}, - t.labelPath, - t.labelLocalhost, - ) + t.pubsubBus.Pub(&msgbus.InstanceStatusDeleted{Path: t.path, Node: t.localhost}, t.pubLabels...) instance.MonitorData.Unset(t.path, t.localhost) - t.pubsubBus.Pub(&msgbus.InstanceMonitorDeleted{Path: t.path, Node: t.localhost}, - t.labelPath, - t.labelLocalhost, - ) + t.pubsubBus.Pub(&msgbus.InstanceMonitorDeleted{Path: t.path, Node: t.localhost}, t.pubLabels...) go func() { tC := time.After(t.drainDuration) for { @@ -450,10 +450,7 @@ func (t *Manager) update() { newValue := t.state instance.MonitorData.Set(t.path, t.localhost, newValue.DeepCopy()) - t.pubsubBus.Pub(&msgbus.InstanceMonitorUpdated{Path: t.path, Node: t.localhost, Value: newValue}, - t.labelPath, - t.labelLocalhost, - ) + t.pubsubBus.Pub(&msgbus.InstanceMonitorUpdated{Path: t.path, Node: t.localhost, Value: newValue}, t.pubLabels...) } func (t *Manager) transitionTo(newState instance.MonitorState) { diff --git a/daemon/imon/main_cmd.go b/daemon/imon/main_cmd.go index 286207eef..431ccbd6f 100644 --- a/daemon/imon/main_cmd.go +++ b/daemon/imon/main_cmd.go @@ -450,7 +450,7 @@ func (t *Manager) onSetInstanceMonitor(c *msgbus.SetInstanceMonitor) { Path: t.path, Node: t.localhost, Value: c.Value, - }, t.labelPath, t.labelLocalhost) + }, t.pubLabels...) } doGlobalExpect := func() error { @@ -589,10 +589,7 @@ func (t *Manager) onSetInstanceMonitor(c *msgbus.SetInstanceMonitor) { Reason: fmt.Sprintf("set instance monitor request => no changes: %v", c.Value), GlobalExpect: c.Value.GlobalExpect, GlobalExpectOptions: c.Value.GlobalExpectOptions, - }, - t.labelPath, - t.labelLocalhost, - ) + }, t.pubLabels...) } } diff --git a/daemon/imon/non_crm_action.go b/daemon/imon/non_crm_action.go index d75678564..9a2c6426a 100644 --- a/daemon/imon/non_crm_action.go +++ b/daemon/imon/non_crm_action.go @@ -47,10 +47,7 @@ func (t *Manager) freeze() error { t.log.Errorf("freeze: %s", err) return err } - t.pubsubBus.Pub(&msgbus.InstanceFrozenFileUpdated{Path: t.path, At: frozen}, - t.labelPath, - t.labelLocalhost, - ) + t.pubsubBus.Pub(&msgbus.InstanceFrozenFileUpdated{Path: t.path, At: frozen}, t.pubLabels...) return nil } @@ -72,9 +69,6 @@ func (t *Manager) unfreeze() error { instanceStatus.FrozenAt = time.Time{} t.instStatus[t.localhost] = instanceStatus } - t.pubsubBus.Pub(&msgbus.InstanceFrozenFileRemoved{Path: t.path, At: time.Now()}, - t.labelLocalhost, - t.labelPath, - ) + t.pubsubBus.Pub(&msgbus.InstanceFrozenFileRemoved{Path: t.path, At: time.Now()}, t.pubLabels...) return nil } diff --git a/daemon/imon/orchestrate_test.go b/daemon/imon/orchestrate_test.go index 5346c574c..f456e0fe9 100644 --- a/daemon/imon/orchestrate_test.go +++ b/daemon/imon/orchestrate_test.go @@ -660,7 +660,7 @@ func orchestrateTestFunc(t *testing.T, c tCase) { } msg, setImonErr := msgbus.NewSetInstanceMonitorWithErr(ctx, p, hostname.Hostname(), value) t.Logf("try delete orchestration with : %v", msg) - bus.Pub(msg, pubsub.Label{"path", "obj"}, pubsub.Label{"origin", "api"}) + bus.Pub(msg, pubsub.Label{"namespace", "root"}, pubsub.Label{"path", "obj"}, pubsub.Label{"origin", "api"}) require.NoError(t, setImonErr.Receive()) t.Logf("waiting for delete, deleting") @@ -753,6 +753,7 @@ func crmBuilder(t *testing.T, setup *daemonhelper.D, p naming.Path, sideEffect m FrozenAt: time.Time{}, } bus.Pub(&msgbus.InstanceStatusPost{Path: p, Node: hostname.Hostname(), Value: v}, + pubsub.Label{"namespace", p.Namespace}, pubsub.Label{"path", p.String()}, pubsub.Label{"node", hostname.Hostname()}, ) @@ -762,6 +763,7 @@ func crmBuilder(t *testing.T, setup *daemonhelper.D, p naming.Path, sideEffect m for _, e := range se.events { t.Logf("--- crmAction %s %v publish sid effect %s %v", title, cmdArgs, reflect.TypeOf(e), e) bus.Pub(e, + pubsub.Label{"namespace", p.Namespace}, pubsub.Label{"path", p.String()}, pubsub.Label{"node", hostname.Hostname()}, ) diff --git a/daemon/imon/orchestration.go b/daemon/imon/orchestration.go index 871be0b13..44242cae6 100644 --- a/daemon/imon/orchestration.go +++ b/daemon/imon/orchestration.go @@ -165,10 +165,7 @@ func (t *Manager) endOrchestration() { GlobalExpect: globalExpect, GlobalExpectUpdatedAt: globalExpectUpdatedAt, GlobalExpectOptions: globalExpectOptions, - }, - t.labelPath, - t.labelLocalhost, - ) + }, t.pubLabels...) t.acceptedOrchestrationID = uuid.UUID{} } t.log = t.newLogger(uuid.Nil) diff --git a/daemon/imon/orchestration_resource_restart.go b/daemon/imon/orchestration_resource_restart.go index 2ef41c353..27b4eb03d 100644 --- a/daemon/imon/orchestration_resource_restart.go +++ b/daemon/imon/orchestration_resource_restart.go @@ -178,9 +178,7 @@ func (t *Manager) pubMonitorAction(rid string, action instance.MonitorAction) { Node: t.localhost, Action: action, RID: rid, - }, - t.labelPath, - t.labelLocalhost) + }, t.pubLabels...) } // orchestrateResourceRestart manages the restart orchestration process for resources, diff --git a/daemon/istat/main.go b/daemon/istat/main.go index 024ad76a9..8830cf5d7 100644 --- a/daemon/istat/main.go +++ b/daemon/istat/main.go @@ -107,36 +107,37 @@ func (t *T) worker() { case <-t.ctx.Done(): return case i := <-t.sub.C: - switch m := i.(type) { + switch msg := i.(type) { case *msgbus.InstanceConfigDeleted: - t.onInstanceConfigDeleted(m) + t.onInstanceConfigDeleted(msg) case *msgbus.InstanceFrozenFileRemoved: - t.onInstanceFrozenFileRemoved(m) + t.onInstanceFrozenFileRemoved(msg) case *msgbus.InstanceFrozenFileUpdated: - t.onInstanceFrozenFileUpdated(m) + t.onInstanceFrozenFileUpdated(msg) case *msgbus.RunFileRemoved: - t.onRunFileDeleted(m) + t.onRunFileDeleted(msg) case *msgbus.RunFileUpdated: - t.onRunFileUpdated(m) + t.onRunFileUpdated(msg) case *msgbus.InstanceStatusPost: - t.onInstanceStatusPost(m) + t.onInstanceStatusPost(msg) } } } } -func (t *T) onInstanceConfigDeleted(m *msgbus.InstanceConfigDeleted) { - s := m.Path.String() - delete(t.iStatusM, m.Path.String()) - instance.StatusData.Unset(m.Path, t.localhost) - t.bus.Pub(&msgbus.InstanceStatusDeleted{Path: m.Path, Node: t.localhost}, +func (t *T) onInstanceConfigDeleted(msg *msgbus.InstanceConfigDeleted) { + s := msg.Path.String() + delete(t.iStatusM, msg.Path.String()) + instance.StatusData.Unset(msg.Path, t.localhost) + t.bus.Pub(&msgbus.InstanceStatusDeleted{Path: msg.Path, Node: t.localhost}, t.labelLocalhost, + pubsub.Label{"namespace", msg.Path.Namespace}, pubsub.Label{"path", s}, ) } -func (t *T) onInstanceFrozenFileRemoved(fileRemoved *msgbus.InstanceFrozenFileRemoved) { - s := fileRemoved.Path.String() +func (t *T) onInstanceFrozenFileRemoved(msg *msgbus.InstanceFrozenFileRemoved) { + s := msg.Path.String() iStatus, ok := t.iStatusM[s] if !ok { // no instance status to update @@ -147,13 +148,14 @@ func (t *T) onInstanceFrozenFileRemoved(fileRemoved *msgbus.InstanceFrozenFileRe return } iStatus.FrozenAt = time.Time{} - if iStatus.UpdatedAt.Before(fileRemoved.At) { - iStatus.UpdatedAt = fileRemoved.At + if iStatus.UpdatedAt.Before(msg.At) { + iStatus.UpdatedAt = msg.At } t.iStatusM[s] = iStatus - instance.StatusData.Set(fileRemoved.Path, t.localhost, iStatus.DeepCopy()) - t.bus.Pub(&msgbus.InstanceStatusUpdated{Path: fileRemoved.Path, Node: t.localhost, Value: *iStatus.DeepCopy()}, + instance.StatusData.Set(msg.Path, t.localhost, iStatus.DeepCopy()) + t.bus.Pub(&msgbus.InstanceStatusUpdated{Path: msg.Path, Node: t.localhost, Value: *iStatus.DeepCopy()}, t.labelLocalhost, + pubsub.Label{"namespace", msg.Path.Namespace}, pubsub.Label{"path", s}, ) } @@ -179,6 +181,7 @@ func (t *T) onRunFileUpdated(msg *msgbus.RunFileUpdated) { instance.StatusData.Set(msg.Path, t.localhost, iStatus.DeepCopy()) t.bus.Pub(&msgbus.InstanceStatusUpdated{Path: msg.Path, Node: t.localhost, Value: *iStatus.DeepCopy()}, t.labelLocalhost, + pubsub.Label{"namespace", msg.Path.Namespace}, pubsub.Label{"path", s}, ) } @@ -205,43 +208,46 @@ func (t *T) onRunFileDeleted(msg *msgbus.RunFileRemoved) { instance.StatusData.Set(msg.Path, t.localhost, iStatus.DeepCopy()) t.bus.Pub(&msgbus.InstanceStatusUpdated{Path: msg.Path, Node: t.localhost, Value: *iStatus.DeepCopy()}, t.labelLocalhost, + pubsub.Label{"namespace", msg.Path.Namespace}, pubsub.Label{"path", s}, ) } -func (t *T) onInstanceFrozenFileUpdated(frozen *msgbus.InstanceFrozenFileUpdated) { - s := frozen.Path.String() +func (t *T) onInstanceFrozenFileUpdated(msg *msgbus.InstanceFrozenFileUpdated) { + s := msg.Path.String() iStatus, ok := t.iStatusM[s] if !ok { // no instance status to update return } - if frozen.At.Before(iStatus.FrozenAt) { + if msg.At.Before(iStatus.FrozenAt) { // skip event from past return } - iStatus.FrozenAt = frozen.At - if frozen.At.After(iStatus.UpdatedAt) { - iStatus.UpdatedAt = frozen.At + iStatus.FrozenAt = msg.At + if msg.At.After(iStatus.UpdatedAt) { + iStatus.UpdatedAt = msg.At } t.iStatusM[s] = iStatus - instance.StatusData.Set(frozen.Path, t.localhost, iStatus.DeepCopy()) - t.bus.Pub(&msgbus.InstanceStatusUpdated{Path: frozen.Path, Node: t.localhost, Value: *iStatus.DeepCopy()}, + instance.StatusData.Set(msg.Path, t.localhost, iStatus.DeepCopy()) + t.bus.Pub(&msgbus.InstanceStatusUpdated{Path: msg.Path, Node: t.localhost, Value: *iStatus.DeepCopy()}, t.labelLocalhost, + pubsub.Label{"namespace", msg.Path.Namespace}, pubsub.Label{"path", s}, ) } -func (t *T) onInstanceStatusPost(post *msgbus.InstanceStatusPost) { - if instance.ConfigData.GetByPathAndNode(post.Path, t.localhost) == nil { +func (t *T) onInstanceStatusPost(msg *msgbus.InstanceStatusPost) { + if instance.ConfigData.GetByPathAndNode(msg.Path, t.localhost) == nil { return } - s := post.Path.String() - t.iStatusM[s] = post.Value - instance.StatusData.Set(post.Path, post.Node, post.Value.DeepCopy()) - t.bus.Pub(&msgbus.InstanceStatusUpdated{Path: post.Path, Node: post.Node, Value: post.Value}, + s := msg.Path.String() + t.iStatusM[s] = msg.Value + instance.StatusData.Set(msg.Path, msg.Node, msg.Value.DeepCopy()) + t.bus.Pub(&msgbus.InstanceStatusUpdated{Path: msg.Path, Node: msg.Node, Value: msg.Value}, t.labelLocalhost, + pubsub.Label{"namespace", msg.Path.Namespace}, pubsub.Label{"path", s}) } diff --git a/daemon/omon/main.go b/daemon/omon/main.go index c07123e1e..8d6472f90 100644 --- a/daemon/omon/main.go +++ b/daemon/omon/main.go @@ -112,7 +112,11 @@ func Start(ctx context.Context, subQS pubsub.QueueSizer, p naming.Path, cfg inst ctx: ctx, - pubLabel: []pubsub.Label{{"path", p.String()}, {"node", localhost}}, + pubLabel: []pubsub.Label{ + {"namespace", p.Namespace}, + {"path", p.String()}, + {"node", localhost}, + }, localhost: localhost, @@ -412,15 +416,9 @@ func (t *Manager) updateStatus() { func (t *Manager) delete() { object.StatusData.Unset(t.path) - t.bus.Pub(&msgbus.ObjectStatusDeleted{Path: t.path, Node: t.localhost}, - t.pubLabel..., - ) - t.bus.Pub(&msgbus.ObjectDeleted{Path: t.path, Node: t.localhost}, - t.pubLabel..., - ) - t.bus.Pub(&msgbus.ObjectStatusDone{Path: t.path}, - t.pubLabel..., - ) + t.bus.Pub(&msgbus.ObjectStatusDeleted{Path: t.path, Node: t.localhost}, t.pubLabel...) + t.bus.Pub(&msgbus.ObjectDeleted{Path: t.path, Node: t.localhost}, t.pubLabel...) + t.bus.Pub(&msgbus.ObjectStatusDone{Path: t.path}, t.pubLabel...) } func (t *Manager) update() { @@ -428,9 +426,7 @@ func (t *Manager) update() { value := t.status.DeepCopy() t.log.Debugf("update avail %s", value.Avail) object.StatusData.Set(t.path, t.status.DeepCopy()) - t.bus.Pub(&msgbus.ObjectStatusUpdated{Path: t.path, Node: t.localhost, Value: *value, SrcEv: t.srcEvent}, - t.pubLabel..., - ) + t.bus.Pub(&msgbus.ObjectStatusUpdated{Path: t.path, Node: t.localhost, Value: *value, SrcEv: t.srcEvent}, t.pubLabel...) } func (t *Manager) startInstanceMonitor(scopes []string) (context.CancelFunc, error) { diff --git a/daemon/scheduler/jobs.go b/daemon/scheduler/jobs.go index 5388ed735..5b2b6e762 100644 --- a/daemon/scheduler/jobs.go +++ b/daemon/scheduler/jobs.go @@ -22,7 +22,7 @@ func (o *T) action(e schedule.Entry) error { } else { p := e.Path.String() cmdArgs = append(cmdArgs, p) - labels = append(labels, pubsub.Label{"path", p}) + labels = append(labels, pubsub.Label{"namespace", e.Path.Namespace}, pubsub.Label{"path", p}) } switch e.Action { case "status":