登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
1 Star 0 Fork 0

ryancartoon / sensu-go

代码 Issues 0 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
apid.go 8.22 KB
一键复制 编辑 原始数据 按行查看 历史
Eric Chlebek 提交于 2019-06-19 12:41 . API: Delete events associated with deleted entity (#3066)
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283
package apid



import (

	"context"

	"crypto/tls"

	"encoding/json"

	"fmt"

	"net/http"

	"sync"

	"sync/atomic"

	"time"



	"github.com/coreos/etcd/clientv3"

	"github.com/gorilla/mux"

	"github.com/prometheus/client_golang/prometheus/promhttp"

	"github.com/sensu/sensu-go/backend/apid/actions"

	"github.com/sensu/sensu-go/backend/apid/middlewares"

	"github.com/sensu/sensu-go/backend/apid/routers"

	"github.com/sensu/sensu-go/backend/authentication"

	"github.com/sensu/sensu-go/backend/authorization/rbac"

	"github.com/sensu/sensu-go/backend/messaging"

	"github.com/sensu/sensu-go/backend/store"

	"github.com/sensu/sensu-go/types"

)



// APId is the backend HTTP API.

type APId struct {

	Authenticator    *authentication.Authenticator

	HTTPServer       *http.Server

	CoreSubrouter    *mux.Router

	GraphQLSubrouter *mux.Router



	stopping            chan struct{}

	running             *atomic.Value

	wg                  *sync.WaitGroup

	errChan             chan error

	bus                 messaging.MessageBus

	store               store.Store

	eventStore          store.EventStore

	queueGetter         types.QueueGetter

	tls                 *types.TLSOptions

	cluster             clientv3.Cluster

	etcdClientTLSConfig *tls.Config

	clusterVersion      string

}



// Option is a functional option.

type Option func(*APId) error



// Config configures APId.

type Config struct {

	ListenAddress       string

	URL                 string

	Bus                 messaging.MessageBus

	Store               store.Store

	EventStore          store.EventStore

	QueueGetter         types.QueueGetter

	TLS                 *types.TLSOptions

	Cluster             clientv3.Cluster

	EtcdClientTLSConfig *tls.Config

	Authenticator       *authentication.Authenticator

	ClusterVersion      string

}



// New creates a new APId.

func New(c Config, opts ...Option) (*APId, error) {

	a := &APId{

		store:               c.Store,

		eventStore:          c.EventStore,

		queueGetter:         c.QueueGetter,

		tls:                 c.TLS,

		bus:                 c.Bus,

		stopping:            make(chan struct{}, 1),

		running:             &atomic.Value{},

		wg:                  &sync.WaitGroup{},

		errChan:             make(chan error, 1),

		cluster:             c.Cluster,

		etcdClientTLSConfig: c.EtcdClientTLSConfig,

		Authenticator:       c.Authenticator,

		clusterVersion:      c.ClusterVersion,

	}



	// prepare TLS configs (both server and client)

	var tlsServerConfig, tlsClientConfig *tls.Config

	var err error

	if c.TLS != nil {

		tlsServerConfig, err = c.TLS.ToServerTLSConfig()

		if err != nil {

			return nil, err

		}



		// TODO(gbolo): since the backend does not yet support mutual TLS

		// this client does not need a cert and key. Once we do support

		// mutual TLS we need new options for client cert and key

		cTLSOptions := types.TLSOptions{

			TrustedCAFile: c.TLS.TrustedCAFile,

			// TODO(palourde): We should avoid using the loopback interface

			InsecureSkipVerify: true,

		}

		tlsClientConfig, err = cTLSOptions.ToClientTLSConfig()

		if err != nil {

			return nil, err

		}

	}



	router := mux.NewRouter().UseEncodedPath()

	router.NotFoundHandler = middlewares.SimpleLogger{}.Then(http.HandlerFunc(notFoundHandler))

	router.Handle("/metrics", promhttp.Handler())

	registerUnauthenticatedResources(router, a.store, a.cluster, a.etcdClientTLSConfig, a.clusterVersion, a.bus)

	a.registerGraphQLService(router, c.URL, tlsClientConfig)

	registerAuthenticationResources(router, a.store, a.Authenticator)

	a.registerRestrictedResources(router)



	a.HTTPServer = &http.Server{

		Addr:         c.ListenAddress,

		Handler:      router,

		WriteTimeout: 15 * time.Second,

		ReadTimeout:  15 * time.Second,

		TLSConfig:    tlsServerConfig,

	}



	for _, o := range opts {

		if err := o(a); err != nil {

			return nil, err

		}

	}



	return a, nil

}



func notFoundHandler(w http.ResponseWriter, req *http.Request) {

	w.WriteHeader(http.StatusNotFound)

	resp := map[string]interface{}{

		"message": "not found", "code": actions.NotFound,

	}

	_ = json.NewEncoder(w).Encode(resp)

}



// Start APId.

func (a *APId) Start() error {

	logger.Info("starting apid on address: ", a.HTTPServer.Addr)

	a.wg.Add(1)



	go func() {

		defer a.wg.Done()

		var err error

		if a.tls != nil {

			// TLS configuration comes from ToServerTLSConfig

			err = a.HTTPServer.ListenAndServeTLS("", "")

		} else {

			err = a.HTTPServer.ListenAndServe()

		}

		if err != nil && err != http.ErrServerClosed {

			a.errChan <- fmt.Errorf("failed to start http/https server %s", err)

		}

	}()



	return nil

}



// Stop httpApi.

func (a *APId) Stop() error {

	if err := a.HTTPServer.Shutdown(context.TODO()); err != nil {

		// failure/timeout shutting down the server gracefully

		logger.Error("failed to shutdown http server gracefully - forcing shutdown")

		if closeErr := a.HTTPServer.Close(); closeErr != nil {

			logger.Error("failed to shutdown http server forcefully")

		}

	}



	a.running.Store(false)

	close(a.stopping)

	a.wg.Wait()

	close(a.errChan)



	return nil

}



// Err returns a channel to listen for terminal errors on.

func (a *APId) Err() <-chan error {

	return a.errChan

}



// Name returns the daemon name

func (a *APId) Name() string {

	return "apid"

}



func registerUnauthenticatedResources(

	router *mux.Router,

	store store.Store,

	cluster clientv3.Cluster,

	etcdClientTLSConfig *tls.Config,

	clusterVersion string,

	bus messaging.MessageBus,

) {

	mountRouters(

		NewSubrouter(

			router.NewRoute(),

			middlewares.SimpleLogger{},

			middlewares.LimitRequest{},

		),

		routers.NewHealthRouter(actions.NewHealthController(store, cluster, etcdClientTLSConfig)),

		routers.NewVersionRouter(actions.NewVersionController(clusterVersion)),

		routers.NewTessenMetricRouter(actions.NewTessenMetricController(bus)),

	)

}



func (a *APId) registerGraphQLService(router *mux.Router, url string, tls *tls.Config) {

	a.GraphQLSubrouter = NewSubrouter(

		router.NewRoute(),

		middlewares.SimpleLogger{},

		middlewares.LimitRequest{},

		// TODO: Currently the web app relies on receiving a 401 to determine if

		//       a user is not authenticated. However, in the future we should

		//       allow requests without an access token to continue so that

		//       unauthenticated clients can still fetch the schema. Useful for

		//       implementing tools like GraphiQL.

		//

		//       https://github.com/graphql/graphiql

		//       https://graphql.org/learn/introspection/

		middlewares.Authentication{IgnoreUnauthorized: false},

		middlewares.AllowList{Store: a.store, IgnoreMissingClaims: true},

	)

	mountRouters(

		a.GraphQLSubrouter,

		routers.NewGraphQLRouter(url, tls, a.store),

	)

}



func registerAuthenticationResources(router *mux.Router, store store.Store, authenticator *authentication.Authenticator) {

	mountRouters(

		NewSubrouter(

			router.NewRoute(),

			middlewares.SimpleLogger{},

			middlewares.RefreshToken{},

			middlewares.LimitRequest{},

		),

		routers.NewAuthenticationRouter(store, authenticator),

	)

}



func (a *APId) registerRestrictedResources(router *mux.Router) {

	a.CoreSubrouter = NewSubrouter(

		router.NewRoute().

			PathPrefix("/api/{group:core}/{version:v2}/"),

		middlewares.SimpleLogger{},

		middlewares.Namespace{},

		middlewares.Authentication{},

		middlewares.AllowList{Store: a.store},

		middlewares.AuthorizationAttributes{},

		middlewares.Authorization{Authorizer: &rbac.Authorizer{Store: a.store}},

		middlewares.LimitRequest{},

		middlewares.Pagination{},

	)

	mountRouters(

		a.CoreSubrouter,

		routers.NewAssetRouter(a.store),

		routers.NewChecksRouter(a.store, a.queueGetter),

		routers.NewClusterRolesRouter(a.store),

		routers.NewClusterRoleBindingsRouter(a.store),

		routers.NewClusterRouter(actions.NewClusterController(a.cluster, a.store)),

		routers.NewEntitiesRouter(a.store, a.eventStore),

		routers.NewEventFiltersRouter(a.store),

		routers.NewEventsRouter(a.eventStore, a.bus),

		routers.NewExtensionsRouter(a.store),

		routers.NewHandlersRouter(a.store),

		routers.NewHooksRouter(a.store),

		routers.NewMutatorsRouter(a.store),

		routers.NewNamespacesRouter(a.store),

		routers.NewRolesRouter(a.store),

		routers.NewRoleBindingsRouter(a.store),

		routers.NewSilencedRouter(a.store),

		routers.NewTessenRouter(actions.NewTessenController(a.store, a.bus)),

		routers.NewUsersRouter(a.store),

	)

}



func mountRouters(parent *mux.Router, subRouters ...routers.Router) {

	for _, subRouter := range subRouters {

		subRouter.Mount(parent)

	}

}
1
https://gitee.com/ryancartoon/sensu-go.git
git@gitee.com:ryancartoon/sensu-go.git
ryancartoon
sensu-go
sensu-go
v5.10.1
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部