Add token endpoint

This change adds a github registration endpoint that instances can use to fetch a github registration token. This change also invalidates disables access to an instance to the token and status updates endpoints once the instance transitions from "pending" or "installing" to any other state.
2022-12-01 18:00:22 +02:00 · 2022-12-01 18:00:22 +02:00 · a078645ab2
commit a078645ab2
parent eba42b0481
18 changed files with 252 additions and 77 deletions
--- a/database/sql/instances.go
+++ b/database/sql/instances.go
@ -16,8 +16,10 @@ package sql

 import (
 	"context"
+	"fmt"
 	runnerErrors "garm/errors"
 	"garm/params"
+	"garm/util"

 	"github.com/pkg/errors"
 	uuid "github.com/satori/go.uuid"
@ -30,14 +32,22 @@ func (s *sqlDatabase) CreateInstance(ctx context.Context, poolID string, param p
 	if err != nil {
 		return params.Instance{}, errors.Wrap(err, "fetching pool")
 	}
+	var ghToken []byte
+	if param.GithubRegistrationToken != nil {
+		ghToken, err = util.Aes256EncodeString(string(param.GithubRegistrationToken), s.cfg.Passphrase)
+		if err != nil {
+			return params.Instance{}, fmt.Errorf("failed to encrypt gh token")
+		}
+	}
 	newInstance := Instance{
-		Pool:         pool,
-		Name:         param.Name,
-		Status:       param.Status,
-		RunnerStatus: param.RunnerStatus,
-		OSType:       param.OSType,
-		OSArch:       param.OSArch,
-		CallbackURL:  param.CallbackURL,
+		Pool:                    pool,
+		Name:                    param.Name,
+		Status:                  param.Status,
+		RunnerStatus:            param.RunnerStatus,
+		OSType:                  param.OSType,
+		OSArch:                  param.OSArch,
+		CallbackURL:             param.CallbackURL,
+		GithubRegistrationToken: ghToken,
 	}
 	q := s.conn.Create(&newInstance)
 	if q.Error != nil {
@ -112,6 +122,15 @@ func (s *sqlDatabase) GetPoolInstanceByName(ctx context.Context, poolID string,
 	if err != nil {
 		return params.Instance{}, errors.Wrap(err, "fetching instance")
 	}
+
+	if instance.GithubRegistrationToken != nil {
+		token, err := util.Aes256DecodeString(instance.GithubRegistrationToken, s.cfg.Passphrase)
+		if err != nil {
+			return params.Instance{}, errors.Wrap(err, "decoing token")
+		}
+		instance.GithubRegistrationToken = []byte(token)
+	}
+
 	return s.sqlToParamsInstance(instance), nil
 }

@ -120,6 +139,14 @@ func (s *sqlDatabase) GetInstanceByName(ctx context.Context, instanceName string
 	if err != nil {
 		return params.Instance{}, errors.Wrap(err, "fetching instance")
 	}
+
+	if instance.GithubRegistrationToken != nil {
+		token, err := util.Aes256DecodeString(instance.GithubRegistrationToken, s.cfg.Passphrase)
+		if err != nil {
+			return params.Instance{}, errors.Wrap(err, "decoing token")
+		}
+		instance.GithubRegistrationToken = []byte(token)
+	}
 	return s.sqlToParamsInstance(instance), nil
 }

--- a/database/sql/models.go
+++ b/database/sql/models.go
@ -127,19 +127,20 @@ type InstanceStatusUpdate struct {
 type Instance struct {
 	Base

-	ProviderID    *string `gorm:"uniqueIndex"`
-	Name          string  `gorm:"uniqueIndex"`
-	AgentID       int64
-	OSType        config.OSType
-	OSArch        config.OSArch
-	OSName        string
-	OSVersion     string
-	Addresses     []Address `gorm:"foreignKey:InstanceID"`
-	Status        common.InstanceStatus
-	RunnerStatus  common.RunnerStatus
-	CallbackURL   string
-	ProviderFault []byte `gorm:"type:longblob"`
-	CreateAttempt int
+	ProviderID              *string `gorm:"uniqueIndex"`
+	Name                    string  `gorm:"uniqueIndex"`
+	AgentID                 int64
+	OSType                  config.OSType
+	OSArch                  config.OSArch
+	OSName                  string
+	OSVersion               string
+	Addresses               []Address `gorm:"foreignKey:InstanceID"`
+	Status                  common.InstanceStatus
+	RunnerStatus            common.RunnerStatus
+	CallbackURL             string
+	ProviderFault           []byte `gorm:"type:longblob"`
+	CreateAttempt           int
+	GithubRegistrationToken []byte `gorm:"type:longblob"`

 	PoolID uuid.UUID
 	Pool   Pool `gorm:"foreignKey:PoolID"`
--- a/database/sql/util.go
+++ b/database/sql/util.go
@ -29,21 +29,22 @@ func (s *sqlDatabase) sqlToParamsInstance(instance Instance) params.Instance {
 		id = *instance.ProviderID
 	}
 	ret := params.Instance{
-		ID:             instance.ID.String(),
-		ProviderID:     id,
-		AgentID:        instance.AgentID,
-		Name:           instance.Name,
-		OSType:         instance.OSType,
-		OSName:         instance.OSName,
-		OSVersion:      instance.OSVersion,
-		OSArch:         instance.OSArch,
-		Status:         instance.Status,
-		RunnerStatus:   instance.RunnerStatus,
-		PoolID:         instance.PoolID.String(),
-		CallbackURL:    instance.CallbackURL,
-		StatusMessages: []params.StatusMessage{},
-		CreateAttempt:  instance.CreateAttempt,
-		UpdatedAt:      instance.UpdatedAt,
+		ID:                      instance.ID.String(),
+		ProviderID:              id,
+		AgentID:                 instance.AgentID,
+		Name:                    instance.Name,
+		OSType:                  instance.OSType,
+		OSName:                  instance.OSName,
+		OSVersion:               instance.OSVersion,
+		OSArch:                  instance.OSArch,
+		Status:                  instance.Status,
+		RunnerStatus:            instance.RunnerStatus,
+		PoolID:                  instance.PoolID.String(),
+		CallbackURL:             instance.CallbackURL,
+		StatusMessages:          []params.StatusMessage{},
+		CreateAttempt:           instance.CreateAttempt,
+		UpdatedAt:               instance.UpdatedAt,
+		GithubRegistrationToken: instance.GithubRegistrationToken,
 	}

 	if len(instance.ProviderFault) > 0 {