AgentInstanceAuthObjectPostProcessor.java

package io.cattle.platform.agent.instance.serialization;

import io.cattle.platform.agent.util.AgentUtils;
import io.cattle.platform.core.constants.AccountConstants;
import io.cattle.platform.core.constants.AgentConstants;
import io.cattle.platform.core.constants.InstanceConstants;
import io.cattle.platform.core.model.Account;
import io.cattle.platform.core.model.Agent;
import io.cattle.platform.core.model.Instance;
import io.cattle.platform.object.ObjectManager;
import io.cattle.platform.object.serialization.ObjectTypeSerializerPostProcessor;
import io.cattle.platform.object.util.DataAccessor;
import io.cattle.platform.object.util.DataUtils;

import java.util.List;
import java.util.Map;

import javax.inject.Inject;

public class AgentInstanceAuthObjectPostProcessor implements ObjectTypeSerializerPostProcessor {

    ObjectManager objectManager;

    @Override
    public String[] getTypes() {
        return new String[] { InstanceConstants.TYPE };
    }

    @Override
    public void process(Object obj, String type, Map<String, Object> data) {
        if (!(obj instanceof Instance)) {
            return;
        }

        Instance instance = (Instance) obj;

        Agent agent = objectManager.loadResource(Agent.class, instance.getAgentId());
        if (agent == null) {
            return;
        }

        List<Long> authedRoleAccountIds = DataAccessor.fieldLongList(agent, AgentConstants.FIELD_AUTHORIZED_ROLE_ACCOUNTS);
        if (authedRoleAccountIds.isEmpty()) {
            Map<String, Object> auth = AgentUtils.getAgentAuth(agent, objectManager);
            setAuthEnvVars(data, auth);
        } else {
            // Primary agent account
            Account account = objectManager.loadResource(Account.class, agent.getAccountId());
            Map<String, Object> auth = AgentUtils.getAccountScopedAuth(account, objectManager, account.getKind());
            setAuthEnvVars(data, auth);

            // Secondary authed roles
            for (Long accountId : authedRoleAccountIds) {
                account = objectManager.loadResource(Account.class, accountId);
                String scope = null;
                if (DataAccessor.fromDataFieldOf(account).withKey(AccountConstants.DATA_ACT_AS_RESOURCE_ACCOUNT).withDefault(false).as(Boolean.class)) {
                    scope = "ENVIRONMENT";
                } else if (DataAccessor.fromDataFieldOf(account).withKey(AccountConstants.DATA_ACT_AS_RESOURCE_ADMIN_ACCOUNT).withDefault(false)
                        .as(Boolean.class)) {
                    scope = "ENVIRONMENT_ADMIN";
                }
                if (scope != null) {
                    Map<String, Object> secondaryAuth = AgentUtils.getAccountScopedAuth(account, objectManager, scope);
                    setAuthEnvVars(data, secondaryAuth);
                }
            }
        }
    }

    void setAuthEnvVars(Map<String, Object> data, Map<String, Object> auth) {
        if (auth != null) {
            Map<String, Object> fields = DataUtils.getWritableFields(data);
            for (Map.Entry<String, Object> entry : auth.entrySet()) {
                DataAccessor.fromMap(fields).withScopeKey(InstanceConstants.FIELD_ENVIRONMENT).withKey(entry.getKey()).set(entry.getValue());
            }
        }
    }

    public ObjectManager getObjectManager() {
        return objectManager;
    }

    @Inject
    public void setObjectManager(ObjectManager objectManager) {
        this.objectManager = objectManager;
    }

}