manageiq-api-common 0.1.0

data/lib/generators/shared_utilities/orm_helper.rb

@@ -0,0 +1,25 @@
+module SharedUtilities
+  module OrmHelper
+    private
+
+    def model_exists?
+      File.exist?(File.join(destination_root, model_path))
+    end
+
+    def migration_exists?(table_name)
+      Dir.glob("#{File.join(destination_root, migration_path)}/[0-9]*_*.rb").grep(/\d+_add_devise_to_#{table_name}.rb$/).first
+    end
+
+    def migration_path
+      if Rails.version >= '5.0.3'
+        db_migrate_path
+      else
+        @migration_path ||= File.join("db", "migrate")
+      end
+    end
+
+    def model_path
+      @model_path ||= File.join("app", "models", "#{file_path}.rb")
+    end
+  end
+end

data/lib/generators/shared_utilities/templates/migration.rb

@@ -0,0 +1,27 @@
+class Create<%= table_name.camelize %> < ActiveRecord::Migration<%= migration_version %>
+  def change
+    create_table :<%= table_name %><%= primary_key_type %> do |t|
+  <%= migration_data -%>
+
+<% attributes.each do |attribute| -%>
+      t.<%= attribute.type %> :<%= attribute.name %>
+<% end -%>
+      t.references "resource", :polymorphic => true, :index => true
+      t.string     :name
+      t.string     :authtype
+      t.string     :status
+      t.string     :status_details
+      t.bigint     :tenant_id
+
+      t.timestamps
+    end
+
+    create_table :encryptions<%= primary_key_type %> do |t|
+      t.references "authentication", :index => true
+      t.string :secret
+      t.bigint :tenant_id
+
+      t.timestamps
+    end
+  end
+end

data/lib/generators/shared_utilities/templates/migration_existing.rb

@@ -0,0 +1,28 @@
+class UpdateOn<%= table_name.camelize %> < ActiveRecord::Migration<%= migration_version %>
+  def self.up
+    change_table :<%= table_name %> do |t|
+  <%= migration_data -%>
+
+<% attributes.each do |attribute| -%>
+      t.<%= attribute.type %> :<%= attribute.name %>
+<% end -%>
+
+      # Uncomment below if timestamps were not included in your original model.
+      # t.timestamps null: false
+    end
+
+    # Assumption is made there is no 'encryptions' table, so creating it here
+    create_table :encryptions<%= primary_key_type %> do |t|
+      t.references "<%= table_name %>", :index => true
+      t.string :secret
+      t.bigint :tenant_id
+
+      t.timestamps
+    end
+  end
+
+  def self.down
+    # By default, we don't want to make any assumption about how to roll back a migration when your
+    # model already existed. Please edit below which fields you would like to remove in this migration.
+    raise ActiveRecord::IrreversibleMigration
+  end

data/lib/manageiq-api-common.rb

@@ -0,0 +1 @@
+require 'manageiq/api/common'

data/lib/manageiq/api/common.rb

@@ -0,0 +1,13 @@
+require "manageiq/api/common/api_error"
+require "manageiq/api/common/engine"
+require "manageiq/api/common/entitlement"
+require "manageiq/api/common/error_document"
+require "manageiq/api/common/filter"
+require "manageiq/api/common/inflections"
+require "manageiq/api/common/logging"
+require "manageiq/api/common/metrics"
+require "manageiq/api/common/open_api"
+require "manageiq/api/common/option_redirect_enhancements"
+require "manageiq/api/common/request"
+require "manageiq/api/common/routing"
+require "manageiq/api/common/user"

data/lib/manageiq/api/common/api_error.rb

@@ -0,0 +1,21 @@
+module ManageIQ
+  module API
+    module Common
+      class ApiError < StandardError
+        attr_reader :errors
+
+        def initialize(status, detail)
+          @errors = ErrorDocument.new.add(status, detail)
+        end
+
+        def status
+          @errors.status
+        end
+
+        def add(status, detail)
+          @errors.add(status, detail)
+        end
+      end
+    end
+  end
+end

data/lib/manageiq/api/common/application_controller_mixins/api_doc.rb

@@ -0,0 +1,39 @@
+module ManageIQ
+  module API
+    module Common
+      module ApplicationControllerMixins
+        module ApiDoc
+          def self.included(other)
+            other.extend(self::ClassMethods)
+          end
+
+          private
+
+          def api_doc
+            self.class.send(:api_doc)
+          end
+
+          def api_doc_definition
+            self.class.send(:api_doc_definition)
+          end
+
+          module ClassMethods
+            private
+
+            def api_doc
+              @api_doc ||= ::ManageIQ::API::Common::OpenApi::Docs.instance[api_version[1..-1].sub(/x/, ".")]
+            end
+
+            def api_doc_definition
+              @api_doc_definition ||= api_doc.definitions[model.name]
+            end
+
+            def api_version
+              @api_version ||= name.split("::")[1].downcase
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/manageiq/api/common/application_controller_mixins/common.rb

@@ -0,0 +1,27 @@
+module ManageIQ
+  module API
+    module Common
+      module ApplicationControllerMixins
+        module Common
+          def self.included(other)
+            other.extend(self::ClassMethods)
+          end
+
+          private
+
+          def model
+            self.class.send(:model)
+          end
+
+          module ClassMethods
+            private
+
+            def model
+              @model ||= controller_name.classify.constantize
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/manageiq/api/common/application_controller_mixins/openapi_enabled.rb

@@ -0,0 +1,13 @@
+module ManageIQ
+  module API
+    module Common
+      module ApplicationControllerMixins
+        module OpenapiEnabled
+          def self.included(other)
+            other.class_attribute :openapi_enabled, :default => true
+          end
+        end
+      end
+    end
+  end
+end

data/lib/manageiq/api/common/application_controller_mixins/parameters.rb

@@ -0,0 +1,113 @@
+module ManageIQ
+  module API
+    module Common
+      module ApplicationControllerMixins
+        module Parameters
+
+          def self.included(other)
+            other.include(OpenapiEnabled)
+          end
+
+          def params_for_create
+            check_if_openapi_enabled
+            # We already validate this with OpenAPI validator, that validates every request, so we shouldn't do it again here.
+            body_params.permit!
+          end
+
+          def safe_params_for_list
+            check_if_openapi_enabled
+            # :limit & :offset can be passed in for pagination purposes, but shouldn't show up as params for filtering purposes
+            @safe_params_for_list ||= params.merge(params_for_polymorphic_subcollection).permit(*permitted_params, :filter => {})
+          end
+
+          def permitted_params
+            check_if_openapi_enabled
+            api_doc_definition.all_attributes + [:limit, :offset] + [subcollection_foreign_key]
+          end
+
+          def subcollection_foreign_key
+            "#{request_path_parts["primary_collection_name"].singularize}_id"
+          end
+
+          def params_for_polymorphic_subcollection
+            return {} unless subcollection?
+            return {} unless reflection = primary_collection_model&.reflect_on_association(request_path_parts["subcollection_name"])
+            return {} unless as = reflection.options[:as]
+            {"#{as}_type" => primary_collection_model.name, "#{as}_id" => request_path_parts["primary_collection_id"]}
+          end
+
+          def primary_collection_model
+            @primary_collection_model ||= request_path_parts["primary_collection_name"].singularize.classify.safe_constantize
+          end
+
+          def params_for_list
+            check_if_openapi_enabled
+            safe_params = safe_params_for_list.slice(*all_attributes_for_index)
+            if safe_params[subcollection_foreign_key_using_through_relation]
+              # If this is a through relation, we need to replace the :foreign_key by the foreign key with right table
+              # information. So e.g. :container_images with :tags subcollection will have {:container_image_id => ID} and we need
+              # to replace it with {:container_images_tags => {:container_image_id => ID}}, where :container_images_tags is the
+              # name of the mapping table.
+              safe_params[through_relation_klass.table_name.to_sym] = {
+                subcollection_foreign_key_using_through_relation => safe_params.delete(subcollection_foreign_key_using_through_relation)
+              }
+            end
+
+            safe_params
+          end
+
+          def through_relation_klass
+            check_if_openapi_enabled
+            return unless subcollection?
+            return unless reflection = primary_collection_model&.reflect_on_association(request_path_parts["subcollection_name"])
+            return unless through = reflection.options[:through]
+
+            primary_collection_model&.reflect_on_association(through).klass
+          end
+
+          def through_relation_name
+            check_if_openapi_enabled
+            # Through relation name taken from the subcollection model side, so we can use this for table join.
+            return unless through_relation_klass
+            return unless through_relation_association = model.reflect_on_all_associations.detect { |x| !x.polymorphic? && x.klass == through_relation_klass }
+
+            through_relation_association.name
+          end
+
+          def subcollection_foreign_key_using_through_relation
+            return unless through_relation_klass
+
+            subcollection_foreign_key
+          end
+
+          def all_attributes_for_index
+            check_if_openapi_enabled
+            api_doc_definition.all_attributes + [subcollection_foreign_key_using_through_relation]
+          end
+
+          def filtered
+            check_if_openapi_enabled
+            ManageIQ::API::Common::Filter.new(model, safe_params_for_list[:filter], api_doc_definition).apply
+          end
+
+          def pagination_limit
+            safe_params_for_list[:limit]
+          end
+
+          def pagination_offset
+            safe_params_for_list[:offset]
+          end
+
+          def params_for_update
+            check_if_openapi_enabled
+            body_params.permit(*api_doc_definition.all_attributes - api_doc_definition.read_only_attributes)
+          end
+
+          def check_if_openapi_enabled
+            raise ArgumentError, "Openapi not enabled" unless self.class.openapi_enabled
+          end
+        end
+      end
+    end
+  end
+end

data/lib/manageiq/api/common/application_controller_mixins/request_body_validation.rb

@@ -0,0 +1,61 @@
+module ManageIQ
+  module API
+    module Common
+      module ApplicationControllerMixins
+        module RequestBodyValidation
+          class BodyParseError < ::RuntimeError
+          end
+
+          def self.included(other)
+            ActionController::Parameters.action_on_unpermitted_parameters = :raise
+
+            other.include(OpenapiEnabled)
+
+            other.before_action(:validate_request)
+
+            other.rescue_from(ActionController::UnpermittedParameters) do |exception|
+              error_document = ManageIQ::API::Common::ErrorDocument.new.add(400, exception.message)
+              render :json => error_document.to_h, :status => error_document.status
+            end
+
+            other.rescue_from(ManageIQ::API::Common::ApplicationControllerMixins::RequestBodyValidation::BodyParseError) do |_exception|
+              error_document = ManageIQ::API::Common::ErrorDocument.new.add(400, "Failed to parse request body, expected JSON")
+              render :json => error_document.to_h, :status => error_document.status
+            end
+          end
+
+          private
+
+          def body_params
+            @body_params ||= begin
+              raw_body    = request.body.read
+              parsed_body = raw_body.blank? ? {} : JSON.parse(raw_body)
+              ActionController::Parameters.new(parsed_body).permit!
+            rescue JSON::ParserError
+              raise ManageIQ::API::Common::ApplicationControllerMixins::RequestBodyValidation::BodyParseError
+            end
+          end
+
+          # Validates against openapi.json
+          # - only for HTTP POST/PATCH
+          def validate_request
+            return unless request.post? || request.patch?
+            return unless self.class.openapi_enabled
+
+            api_version = self.class.send(:api_version)[1..-1].sub(/x/, ".")
+
+            self.class.send(:api_doc).validate!(
+              request.method,
+              request.path,
+              api_version,
+              body_params.as_json
+            )
+          rescue OpenAPIParser::OpenAPIError => exception
+            error_document = ManageIQ::API::Common::ErrorDocument.new.add(400, exception.message)
+            render :json => error_document.to_h, :status => :bad_request
+          end
+        end
+      end
+    end
+  end
+end

data/lib/manageiq/api/common/application_controller_mixins/request_path.rb

@@ -0,0 +1,75 @@
+module ManageIQ
+  module API
+    module Common
+      module ApplicationControllerMixins
+        module RequestPath
+          class RequestPathError < ::RuntimeError
+          end
+
+          def self.included(other)
+            other.extend(self::ClassMethods)
+
+            other.before_action(:validate_primary_collection_id)
+
+            other.rescue_from(ManageIQ::API::Common::ApplicationControllerMixins::RequestPath::RequestPathError) do |exception|
+              error_document = ManageIQ::API::Common::ErrorDocument.new.add(400, exception.message)
+              render :json => error_document.to_h, :status => error_document.status
+            end
+          end
+
+          def request_path
+            request.env["REQUEST_URI"]
+          end
+
+          def request_path_parts
+            @request_path_parts ||= begin
+              path, _query = request_path.split("?")
+              path.match(/\/(?<full_version_string>v\d+.\d+)\/(?<primary_collection_name>\w+)(\/(?<primary_collection_id>[^\/]+)(\/(?<subcollection_name>\w+))?)?/)&.named_captures || {}
+            end
+          end
+
+          def subcollection?
+            !!(request_path_parts["subcollection_name"] && request_path_parts["primary_collection_id"] && request_path_parts["primary_collection_name"])
+          end
+
+          private
+
+          def id_regexp
+            self.class.send(:id_regexp, request_path_parts["primary_collection_name"])
+          end
+
+          def validate_primary_collection_id
+            id = request_path_parts["primary_collection_id"]
+            return if id.blank?
+
+            raise RequestPathError, "ID is invalid" unless id.match(id_regexp)
+          end
+
+          module ClassMethods
+            private
+
+            def id_regexp(primary_collection_name)
+              @id_regexp ||= begin
+                id_parameter = id_parameter_from_api_doc(primary_collection_name)
+                id_parameter ? id_parameter.fetch_path("schema", "pattern") : /^\d+$/
+              end
+            end
+
+            def id_parameter_from_api_doc(primary_collection_name)
+              # Find the id parameter in the documented route
+              id_parameter = api_doc.paths.fetch_path("/#{primary_collection_name}/{id}", "get", "parameters", 0)
+              # The route isn't documented, return nil
+              return unless id_parameter
+
+              # Return the id parameter or resolve the reference to it and return that
+              reference = id_parameter["$ref"]
+              return id_parameter unless reference
+
+              api_doc.parameters[reference.split("parameters/").last]
+            end
+          end
+        end
+      end
+    end
+  end
+end