diff --git a/api/handlers-environments.go b/api/handlers-environments.go index 5eccdfc1..66055985 100644 --- a/api/handlers-environments.go +++ b/api/handlers-environments.go @@ -225,22 +225,26 @@ func apiEnvEnrollActionsHandler(w http.ResponseWriter, r *http.Request) { // Extract environment envVar := r.PathValue("env") if envVar == "" { - apiErrorResponse(w, "error with environment", http.StatusInternalServerError, nil) - incMetric(metricAPIQueriesErr) + apiErrorResponse(w, "error getting environment", http.StatusInternalServerError, nil) + incMetric(metricAPIEnvsErr) return } - // Get environment + // Get environment by name env, err := envs.Get(envVar) if err != nil { - apiErrorResponse(w, "error getting environment", http.StatusInternalServerError, nil) - incMetric(metricAPIQueriesErr) + if err.Error() == "record not found" { + apiErrorResponse(w, "environment not found", http.StatusNotFound, err) + } else { + apiErrorResponse(w, "error getting environment", http.StatusInternalServerError, err) + } + incMetric(metricAPIEnvsErr) return } // Get context data and check access ctx := r.Context().Value(contextKey(contextAPI)).(contextValue) if !apiUsers.CheckPermissions(ctx[ctxUser], users.AdminLevel, env.UUID) { apiErrorResponse(w, "no access", http.StatusForbidden, fmt.Errorf("attempt to use API by user %s", ctx[ctxUser])) - incMetric(metricAPIQueriesErr) + incMetric(metricAPIEnvsErr) return } // Extract action @@ -315,6 +319,10 @@ func apiEnvEnrollActionsHandler(w http.ResponseWriter, r *http.Request) { return } msgReturn = "RPM updated successfully" + default: + apiErrorResponse(w, "invalid action", http.StatusBadRequest, fmt.Errorf("invalid action %s", actionVar)) + incMetric(metricAPIEnvsErr) + return } // Return query name as serialized response utils.HTTPResponse(w, utils.JSONApplicationUTF8, http.StatusOK, types.ApiGenericResponse{Message: msgReturn}) @@ -328,15 +336,19 @@ func apiEnvRemoveActionsHandler(w http.ResponseWriter, r *http.Request) { // Extract environment envVar := r.PathValue("env") if envVar == "" { - apiErrorResponse(w, "error with environment", http.StatusInternalServerError, nil) - incMetric(metricAPIQueriesErr) + apiErrorResponse(w, "error getting environment", http.StatusInternalServerError, nil) + incMetric(metricAPIEnvsErr) return } - // Get environment + // Get environment by name env, err := envs.Get(envVar) if err != nil { - apiErrorResponse(w, "error getting environment", http.StatusInternalServerError, nil) - incMetric(metricAPIQueriesErr) + if err.Error() == "record not found" { + apiErrorResponse(w, "environment not found", http.StatusNotFound, err) + } else { + apiErrorResponse(w, "error getting environment", http.StatusInternalServerError, err) + } + incMetric(metricAPIEnvsErr) return } // Get context data and check access @@ -389,6 +401,10 @@ func apiEnvRemoveActionsHandler(w http.ResponseWriter, r *http.Request) { return } msgReturn = "remove set to not expire" + default: + apiErrorResponse(w, "invalid action", http.StatusBadRequest, fmt.Errorf("invalid action %s", actionVar)) + incMetric(metricAPIEnvsErr) + return } // Return query name as serialized response utils.HTTPResponse(w, utils.JSONApplicationUTF8, http.StatusOK, types.ApiGenericResponse{Message: msgReturn}) diff --git a/osctrl-api.yaml b/osctrl-api.yaml index 72e260f6..c074abfe 100644 --- a/osctrl-api.yaml +++ b/osctrl-api.yaml @@ -909,6 +909,122 @@ paths: security: - Authorization: - read + post: + tags: + - environments + summary: Get enroll values for an environment + description: Returns each of the node enrollment values (secret, certificate, flags, one-liner) for the requested osctrl environment + operationId: apiEnvEnrollActionsHandler + parameters: + - name: env + in: path + description: Name or UUID of the requested osctrl environment + required: true + schema: + type: string + - name: target + in: path + description: Target to retrieve (secret, cert, flags, enroll.sh, enroll.ps1) + required: true + schema: + type: string + responses: + 200: + description: successful operation + content: + application/json: + schema: + type: array + items: + $ref: "#/components/schemas/ApiDataResponse" + 400: + description: bad request + content: + application/json: + schema: + $ref: "#/components/schemas/ApiErrorResponse" + 403: + description: no access + content: + application/json: + schema: + $ref: "#/components/schemas/ApiErrorResponse" + 404: + description: no environments + content: + application/json: + schema: + $ref: "#/components/schemas/ApiErrorResponse" + 500: + description: error getting environments + content: + application/json: + schema: + $ref: "#/components/schemas/ApiErrorResponse" + security: + - Authorization: + - read + /environments/{env}/enroll/{action}: + post: + tags: + - environments + summary: Perform enroll actions for an environment + description: Executes an action (extend/rotate/expire/notexpire) in the enrollment URL for the requested osctrl environment + operationId: apiEnvEnrollActionsHandler + parameters: + - name: env + in: path + description: Name or UUID of the requested osctrl environment + required: true + schema: + type: string + - name: action + in: path + description: Action to execute (extend, rotate, expire, notexpire) + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: "#/components/schemas/ApiActionsRequest" + responses: + 200: + description: successful operation + content: + application/json: + schema: + type: array + items: + $ref: "#/components/schemas/ApiDataResponse" + 400: + description: bad request + content: + application/json: + schema: + $ref: "#/components/schemas/ApiErrorResponse" + 403: + description: no access + content: + application/json: + schema: + $ref: "#/components/schemas/ApiErrorResponse" + 404: + description: no environments + content: + application/json: + schema: + $ref: "#/components/schemas/ApiErrorResponse" + 500: + description: error getting environments + content: + application/json: + schema: + $ref: "#/components/schemas/ApiErrorResponse" + security: + - Authorization: + - admin /environments/{env}/remove/{target}: get: tags: @@ -965,6 +1081,67 @@ paths: security: - Authorization: - read + /environments/{env}/remove/{action}: + post: + tags: + - environments + summary: Perform remove actions for an environment + description: Executes an action (extend/rotate/expire/notexpire) in the remove URL for the requested osctrl environment + operationId: apiEnvRemoveActionsHandler + parameters: + - name: env + in: path + description: Name or UUID of the requested osctrl environment + required: true + schema: + type: string + - name: action + in: path + description: Action to execute (extend, rotate, expire, notexpire) + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: "#/components/schemas/ApiActionsRequest" + responses: + 200: + description: successful operation + content: + application/json: + schema: + type: array + items: + $ref: "#/components/schemas/ApiDataResponse" + 400: + description: bad request + content: + application/json: + schema: + $ref: "#/components/schemas/ApiErrorResponse" + 403: + description: no access + content: + application/json: + schema: + $ref: "#/components/schemas/ApiErrorResponse" + 404: + description: no environments + content: + application/json: + schema: + $ref: "#/components/schemas/ApiErrorResponse" + 500: + description: error getting environments + content: + application/json: + schema: + $ref: "#/components/schemas/ApiErrorResponse" + security: + - Authorization: + - admin /tags: get: tags: @@ -1670,6 +1847,19 @@ components: format: int64 Info: type: string + ApiActionsRequest: + type: object + properties: + Certificate: + type: string + MacPkgURL: + type: string + MsiPkgURL: + type: string + RpmPkgURL: + type: string + DebPkgURL: + type: string securitySchemes: Authorization: type: http