feat: init base work of redirect

Author: batleforc

.compose/authelia/.gitignore

@@ -1,2 +1,5 @@
 notification.txt
-db.sqlite3
+db.sqlite3
+private.pem
+public.pem
+configuration.yml

.compose/authelia/configuration.yml

@@ -78,7 +78,8 @@ identity_providers:
     jwks:
       - key_id: "kube_login"
         key: |
-          
+          {{ secret "/config/private.pem" | nindent 10 }}
+
 
 
 

Cargo.lock

@@ -19,8 +19,8 @@ tasks:
     env:
       KUBECONFIG: ./kubeconfig.local.yaml
       OTEL_EXPORTER_OTLP_ENDPOINT: "http://localhost:5081/api/default"
-      OTEL_EXPORTER_OTLP_HEADERS: "Authorization=Basic cm9vdEBleGFtcGxlLmNvbTpBaU9hZHozNHp6RHdWSHkw,organization=default,stream-name=default"
-      REDIS_URL: redis://:{{ .REDIS_PASSWORD }}@localhost:6379/prorxyauthk8s
+      OTEL_EXPORTER_OTLP_HEADERS: "Authorization=Basic cm9vdEBleGFtcGxlLmNvbTpDb21wbGV4cGFzcyMxMjM=,organization=default,stream-name=default"
+      REDIS_URL: redis://:{{ .REDIS_PASSWORD }}@localhost:6379
     silent: true
     cmds:
       - echo "Running the backend"
@@ -49,6 +49,14 @@ tasks:
         fi
       - command -v docker && PUID="$(id -u)" PGID="$(id -g)" docker compose up || true
       - command -v podman && PUID="$(id -u)" PGID="$(id -g)"  podman compose up || true
+  init:service:
+    desc: "Initialize the service task"
+    silent: true
+    cmds:
+      - echo "Initializing the service task"
+      - echo "Generating self-signed certificates for local development"
+      - docker run --rm -u "$(id -u):$(id -g)" -v "$(pwd)/.compose/authelia":/keys authelia/authelia:latest authelia crypto pair rsa generate --directory /keys
+
   recu:
     desc: "Run all gen jobs"
     silent: true

Taskfile.yaml

@@ -9,7 +9,10 @@ utoipa-actix-web = { workspace = true }
 actix-web = { workspace = true }
 tracing = { workspace = true }
 deadpool-redis = { workspace = true }
+reqwest = { workspace = true }
+serde = { workspace = true }
 
 common = { path = "../common" }
+crd = { path = "../crd" }
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

libs/api/Cargo.toml

@@ -1 +1,2 @@
 pub mod base;
+pub mod redirect;

libs/api/src/cluster/mod.rs

@@ -0,0 +1,88 @@
+use actix_web::{delete, get, patch, post, put, web, HttpRequest, Responder};
+use common::State;
+use redirect::redirect;
+use tracing::instrument;
+
+pub mod redirect;
+
+// https://kubernetes.io/docs/reference/using-api/api-concepts/#api-verbs
+
+/// Cluster redirect
+///
+/// Redirect to the cluster if exists
+#[utoipa::path(
+    tag = "clusters",
+    responses(
+        (status = 200, description = "ATM nothing real"),
+        (status = 500, description = "Internal server error."),
+    )
+)]
+#[get("/{ns}/{cluster}/{path:.*}")]
+#[instrument(name = "get_redirect", skip(data))]
+pub async fn get_redirect(req: HttpRequest, data: web::Data<State>) -> impl Responder {
+    redirect(req, data).await
+}
+
+/// Cluster redirect
+///
+/// Redirect to the cluster if exists
+#[utoipa::path(
+    tag = "clusters",
+    responses(
+        (status = 200, description = "ATM nothing real"),
+        (status = 500, description = "Internal server error."),
+    )
+)]
+#[post("/{ns}/{cluster}/{path:.*}")]
+#[instrument(name = "post_redirect", skip(data))]
+pub async fn post_redirect(req: HttpRequest, data: web::Data<State>) -> impl Responder {
+    redirect(req, data).await
+}
+
+/// Cluster redirect
+///
+/// Redirect to the cluster if exists
+#[utoipa::path(
+    tag = "clusters",
+    responses(
+        (status = 200, description = "ATM nothing real"),
+        (status = 500, description = "Internal server error."),
+    )
+)]
+#[put("/{ns}/{cluster}/{path:.*}")]
+#[instrument(name = "put_redirect", skip(data))]
+pub async fn put_redirect(req: HttpRequest, data: web::Data<State>) -> impl Responder {
+    redirect(req, data).await
+}
+
+/// Cluster redirect
+///
+/// Redirect to the cluster if exists
+#[utoipa::path(
+    tag = "clusters",
+    responses(
+        (status = 200, description = "ATM nothing real"),
+        (status = 500, description = "Internal server error."),
+    )
+)]
+#[patch("/{ns}/{cluster}/{path:.*}")]
+#[instrument(name = "patch_redirect", skip(data))]
+pub async fn patch_redirect(req: HttpRequest, data: web::Data<State>) -> impl Responder {
+    redirect(req, data).await
+}
+
+/// Cluster redirect
+///
+/// Redirect to the cluster if exists
+#[utoipa::path(
+    tag = "clusters",
+    responses(
+        (status = 200, description = "ATM nothing real"),
+        (status = 500, description = "Internal server error."),
+    )
+)]
+#[delete("/{ns}/{cluster}/{path:.*}")]
+#[instrument(name = "delete_redirect", skip(data))]
+pub async fn delete_redirect(req: HttpRequest, data: web::Data<State>) -> impl Responder {
+    redirect(req, data).await
+}

libs/api/src/cluster/redirect/mod.rs

@@ -0,0 +1,44 @@
+use actix_web::{web, HttpRequest, HttpResponse, Responder};
+use common::State;
+use crd::ProxyKubeApi;
+use deadpool_redis::redis::AsyncTypedCommands;
+use tracing::{error, instrument};
+
+#[instrument(name = "main_redirect", skip(data))]
+pub async fn redirect(req: HttpRequest, data: web::Data<State>) -> impl Responder {
+    let ns: String = req.match_info().get("ns").unwrap().parse().unwrap();
+    let cluster: String = req.match_info().get("cluster").unwrap().parse().unwrap();
+    let path: String = req.match_info().get("path").unwrap().parse().unwrap();
+    let mut conn = match data.get_redis_conn().await {
+        Ok(conn) => conn,
+        Err(e) => return HttpResponse::ServiceUnavailable().body(e.to_string()),
+    };
+    let proxy_json = match conn.get(format!("proxyk8sauth:{}/{}", ns, cluster)).await {
+        Ok(Some(proxy)) => proxy,
+        Ok(None) => return HttpResponse::NotFound().finish(),
+        Err(e) => return HttpResponse::ServiceUnavailable().body(e.to_string()),
+    };
+
+    let proxy = match ProxyKubeApi::from_json(&proxy_json) {
+        Some(proxy) => proxy,
+        None => {
+            error!("Couldn't parse object");
+            return HttpResponse::NotFound().finish();
+        }
+    };
+
+    let url_to_call = match proxy
+        .spec
+        .service
+        .url_to_call(data.client.clone(), "default".to_string())
+        .await
+    {
+        Ok(url) => url,
+        Err(err) => {
+            error!(err);
+            return HttpResponse::NotFound().finish();
+        }
+    };
+    // https://github.com/actix/examples/blob/master/http-proxy/src/main.rs#L56
+    HttpResponse::Ok().body(format!("{}/{}", url_to_call, path))
+}

libs/api/src/cluster/redirect/redirect.rs

@@ -1,4 +1,8 @@
-use crate::{api_doc::ApiDoc, base::health, cluster::base::base_cluster};
+use crate::{
+    api_doc::ApiDoc,
+    base::health,
+    cluster::{base::base_cluster, redirect},
+};
 use actix_web::App;
 use utoipa::{openapi::OpenApi as OpenApiType, OpenApi};
 use utoipa_actix_web::{scope, service_config::ServiceConfig, AppExt};
@@ -15,7 +19,12 @@ pub fn init_api() -> impl FnOnce(&mut ServiceConfig) {
 
 pub fn init_cluster_api() -> impl FnOnce(&mut ServiceConfig) {
     |cfg: &mut ServiceConfig| {
-        cfg.service(base_cluster);
+        cfg.service(base_cluster)
+            .service(redirect::get_redirect)
+            .service(redirect::post_redirect)
+            .service(redirect::put_redirect)
+            .service(redirect::patch_redirect)
+            .service(redirect::delete_redirect);
     }
 }
 

libs/api/src/lib.rs

@@ -44,6 +44,88 @@
           }
         }
       }
+    },
+    "/clusters/{ns}/{cluster}/{path}": {
+      "get": {
+        "tags": [
+          "clusters"
+        ],
+        "summary": "Cluster redirect",
+        "description": "Redirect to the cluster if exists",
+        "operationId": "get_redirect",
+        "responses": {
+          "200": {
+            "description": "ATM nothing real"
+          },
+          "500": {
+            "description": "Internal server error."
+          }
+        }
+      },
+      "put": {
+        "tags": [
+          "clusters"
+        ],
+        "summary": "Cluster redirect",
+        "description": "Redirect to the cluster if exists",
+        "operationId": "put_redirect",
+        "responses": {
+          "200": {
+            "description": "ATM nothing real"
+          },
+          "500": {
+            "description": "Internal server error."
+          }
+        }
+      },
+      "post": {
+        "tags": [
+          "clusters"
+        ],
+        "summary": "Cluster redirect",
+        "description": "Redirect to the cluster if exists",
+        "operationId": "post_redirect",
+        "responses": {
+          "200": {
+            "description": "ATM nothing real"
+          },
+          "500": {
+            "description": "Internal server error."
+          }
+        }
+      },
+      "delete": {
+        "tags": [
+          "clusters"
+        ],
+        "summary": "Cluster redirect",
+        "description": "Redirect to the cluster if exists",
+        "operationId": "delete_redirect",
+        "responses": {
+          "200": {
+            "description": "ATM nothing real"
+          },
+          "500": {
+            "description": "Internal server error."
+          }
+        }
+      },
+      "patch": {
+        "tags": [
+          "clusters"
+        ],
+        "summary": "Cluster redirect",
+        "description": "Redirect to the cluster if exists",
+        "operationId": "patch_redirect",
+        "responses": {
+          "200": {
+            "description": "ATM nothing real"
+          },
+          "500": {
+            "description": "Internal server error."
+          }
+        }
+      }
     }
   },
   "components": {},