akillibulut
/
porter
tükrözi: https://github.com/porter-dev/porter


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134
							package cluster

import (
	"net/http"

	"connectrpc.com/connect"
	porterv1 "github.com/porter-dev/api-contracts/generated/go/porter/v1"
	"github.com/porter-dev/porter/api/server/handlers"
	"github.com/porter-dev/porter/api/server/shared"
	"github.com/porter-dev/porter/api/server/shared/apierrors"
	"github.com/porter-dev/porter/api/server/shared/config"
	"github.com/porter-dev/porter/api/types"
	"github.com/porter-dev/porter/internal/compliance"
	"github.com/porter-dev/porter/internal/models"
	"github.com/porter-dev/porter/internal/telemetry"
)

// ListComplianceChecksHandler is the handler for /compliance/checks
type ListComplianceChecksHandler struct {
	handlers.PorterHandlerReadWriter
}

// NewListComplianceChecksHandler returns a new ListComplianceChecksHandler
func NewListComplianceChecksHandler(
	config *config.Config,
	decoderValidator shared.RequestDecoderValidator,
	writer shared.ResultWriter,
) *ListComplianceChecksHandler {
	return &ListComplianceChecksHandler{
		PorterHandlerReadWriter: handlers.NewDefaultPorterHandler(config, decoderValidator, writer),
	}
}

// ListComplianceChecksRequest is the expected format for a request to /compliance/checks
type ListComplianceChecksRequest struct {
	Vendor  compliance.Vendor  `schema:"vendor"`
	Profile compliance.Profile `schema:"profile"`
}

// ListComplianceChecksResponse is the expected format for a response from /compliance/checks
type ListComplianceChecksResponse struct {
	CheckGroups  []compliance.CheckGroup            `json:"check_groups,omitempty"`
	VendorChecks []compliance.VendorComplianceCheck `json:"vendor_checks,omitempty"`
}

// ServeHTTP retrieves the evaluated compliance checks for a cluster
func (c *ListComplianceChecksHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
	ctx, span := telemetry.NewSpan(r.Context(), "serve-compliance-checks")
	defer span.End()

	project, _ := ctx.Value(types.ProjectScope).(*models.Project)
	cluster, _ := ctx.Value(types.ClusterScope).(*models.Cluster)

	request := &ListComplianceChecksRequest{}
	if ok := c.DecodeAndValidate(w, r, request); !ok {
		err := telemetry.Error(ctx, span, nil, "error decoding request")
		c.HandleAPIError(w, r, apierrors.NewErrPassThroughToClient(err, http.StatusBadRequest))
		return
	}

	var vendor porterv1.EnumComplianceVendor
	if request.Vendor != "" {
		switch request.Vendor {
		case compliance.Vendor_Vanta:
			vendor = porterv1.EnumComplianceVendor_ENUM_COMPLIANCE_VENDOR_VANTA
		default:
			err := telemetry.Error(ctx, span, nil, "invalid vendor")
			c.HandleAPIError(w, r, apierrors.NewErrPassThroughToClient(err, http.StatusBadRequest))
			return
		}
	}

	var profile porterv1.EnumComplianceProfile
	if request.Profile != "" {
		switch request.Profile {
		case compliance.Profile_SOC2:
			profile = porterv1.EnumComplianceProfile_ENUM_COMPLIANCE_PROFILE_SOC2
		case compliance.Profile_HIPAA:
			profile = porterv1.EnumComplianceProfile_ENUM_COMPLIANCE_PROFILE_HIPAA
		default:
			err := telemetry.Error(ctx, span, nil, "invalid profile")
			c.HandleAPIError(w, r, apierrors.NewErrPassThroughToClient(err, http.StatusBadRequest))
			return
		}
	}

	req := connect.NewRequest(&porterv1.ContractComplianceChecksRequest{
		ProjectId: int64(project.ID),
		ClusterId: int64(cluster.ID),
		Vendor:    vendor,
		Profile:   profile,
	})

	ccpResp, err := c.Config().ClusterControlPlaneClient.ContractComplianceChecks(ctx, req)
	if err != nil {
		err := telemetry.Error(ctx, span, err, "error calling ccp for contract compliance checks")
		c.HandleAPIError(w, r, apierrors.NewErrPassThroughToClient(err, http.StatusInternalServerError))
		return
	}
	if ccpResp == nil {
		err := telemetry.Error(ctx, span, err, "ccp resp is nil")
		c.HandleAPIError(w, r, apierrors.NewErrPassThroughToClient(err, http.StatusInternalServerError))
		return
	}
	if ccpResp.Msg == nil {
		err := telemetry.Error(ctx, span, err, "ccp resp msg is nil")
		c.HandleAPIError(w, r, apierrors.NewErrPassThroughToClient(err, http.StatusInternalServerError))
		return
	}

	cgs, err := compliance.CheckGroupsFromProto(ctx, ccpResp.Msg.CheckGroups)
	if err != nil {
		err := telemetry.Error(ctx, span, err, "error converting compliance check groups from proto")
		c.HandleAPIError(w, r, apierrors.NewErrPassThroughToClient(err, http.StatusInternalServerError))
		return
	}
	telemetry.WithAttributes(span, telemetry.AttributeKV{Key: "num-check-groups", Value: len(cgs)})

	vendorChecks, err := compliance.VendorCheckGroupsFromProto(ctx, ccpResp.Msg.VendorChecks)
	if err != nil {
		err := telemetry.Error(ctx, span, err, "error converting vendor compliance check groups from proto")
		c.HandleAPIError(w, r, apierrors.NewErrPassThroughToClient(err, http.StatusInternalServerError))
		return
	}
	telemetry.WithAttributes(span, telemetry.AttributeKV{Key: "num-vendor-checks", Value: len(vendorChecks)})

	resp := &ListComplianceChecksResponse{
		CheckGroups:  cgs,
		VendorChecks: vendorChecks,
	}

	c.WriteResult(w, r, resp)
	w.WriteHeader(http.StatusOK)
}