sharang
9138731eea
internal/keycloak Adapter (HTTPAdapter + Mock). POST /v1/tenants now provisions a KC organization + IT_ADMIN invite when admin_email is set; KC failures emit keycloak.provision_failed but don't roll back. POST /v1/internal/keycloak/claims resolves the current claim bundle for any (tenant_id|tenant_slug|user_attrs.*) lookup. Mock used in tests + when KEYCLOAK_ADMIN_URL is empty. HTTPAdapter tested against an in-process stub KC (httptest.Server). Refs: M4.3
81 lines
2.8 KiB
Go
81 lines
2.8 KiB
Go
// Package server wires the HTTP surface for tenant-registry.
|
|
//
|
|
// All routes are registered in NewRouter; per-concern handlers live in
|
|
// peer files (tenants.go, catalog.go, apikeys.go, audit.go, keycloak.go).
|
|
package server
|
|
|
|
import (
|
|
"log/slog"
|
|
"net/http"
|
|
|
|
"gitea.meghsakha.com/platform/tenant-registry/internal/config"
|
|
"gitea.meghsakha.com/platform/tenant-registry/internal/keycloak"
|
|
"gitea.meghsakha.com/platform/tenant-registry/internal/store"
|
|
)
|
|
|
|
// Server bundles the dependencies every handler needs.
|
|
type Server struct {
|
|
Cfg *config.Config
|
|
Log *slog.Logger
|
|
Store store.Store
|
|
Keycloak keycloak.Adapter // never nil — main wires Mock when KC env is unset
|
|
}
|
|
|
|
// NewRouter builds the http.Handler with logging middleware applied.
|
|
func NewRouter(s *Server) http.Handler {
|
|
mux := http.NewServeMux()
|
|
|
|
// health + status
|
|
mux.HandleFunc("GET /healthz", s.healthz)
|
|
mux.HandleFunc("GET /readyz", s.readyz)
|
|
|
|
// tenants
|
|
mux.HandleFunc("POST /v1/tenants", s.createTenant)
|
|
mux.HandleFunc("GET /v1/tenants/{id}", s.getTenant)
|
|
mux.HandleFunc("GET /v1/tenants/by-slug/{slug}", s.getTenantBySlug)
|
|
mux.HandleFunc("POST /v1/tenants/{id}/activate", s.activateTenant)
|
|
mux.HandleFunc("POST /v1/tenants/{id}/cancel", s.cancelTenant)
|
|
|
|
// entitlements
|
|
mux.HandleFunc("GET /v1/entitlements", s.listTenantProducts)
|
|
|
|
// catalog
|
|
mux.HandleFunc("GET /v1/catalog", s.getCatalog)
|
|
mux.HandleFunc("POST /v1/catalog/request", s.catalogRequest)
|
|
mux.HandleFunc("POST /v1/catalog/trial-request", s.catalogTrialRequest)
|
|
|
|
// api keys
|
|
mux.HandleFunc("POST /v1/api-keys", s.createAPIKey)
|
|
mux.HandleFunc("GET /v1/api-keys", s.listAPIKeys)
|
|
mux.HandleFunc("DELETE /v1/api-keys/{id}", s.revokeAPIKey)
|
|
mux.HandleFunc("POST /v1/internal/api-keys/verify", s.verifyAPIKey)
|
|
|
|
// audit
|
|
mux.HandleFunc("POST /v1/audit", s.appendAudit)
|
|
mux.HandleFunc("GET /v1/audit", s.listAudit)
|
|
|
|
// keycloak claims refresh — the URL the protocol mapper would call at
|
|
// token issuance to grab the up-to-date entitlement bundle. Today the
|
|
// dev realm projects user attributes (set by SyncClaims) — this is
|
|
// the "pull" complement for when the realm is reconfigured to fetch.
|
|
mux.HandleFunc("POST /v1/internal/keycloak/claims", s.kcClaims)
|
|
|
|
return logRequest(s.Log)(mux)
|
|
}
|
|
|
|
func (s *Server) healthz(w http.ResponseWriter, _ *http.Request) {
|
|
writeJSON(w, http.StatusOK, map[string]string{"status": "ok"})
|
|
}
|
|
|
|
func (s *Server) readyz(w http.ResponseWriter, r *http.Request) {
|
|
if err := s.Store.Ping(r.Context()); err != nil {
|
|
writeError(w, http.StatusServiceUnavailable, "store_unavailable", err.Error())
|
|
return
|
|
}
|
|
if err := s.Keycloak.Health(r.Context()); err != nil {
|
|
writeError(w, http.StatusServiceUnavailable, "keycloak_unavailable", err.Error())
|
|
return
|
|
}
|
|
writeJSON(w, http.StatusOK, map[string]string{"status": "ready"})
|
|
}
|