Skip to content

Commit 2ab144e

Browse files
motatoesmotatoes
authored
chore/rewrite mpl (#2266)
* first pass of rewrite * first pass of rewrite
1 parent cc5b7d3 commit 2ab144e

File tree

10 files changed

+279
-835
lines changed

10 files changed

+279
-835
lines changed

go.work.sum

Lines changed: 30 additions & 1 deletion
Large diffs are not rendered by default.

taco/.gitignore

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,2 @@
1-
taco
21
statesman
32
terraform-provider-opentaco

taco/internal/api/routes.go

Lines changed: 35 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -1,26 +1,26 @@
11
package api
22

33
import (
4-
"context"
5-
"fmt"
6-
"log"
7-
"net/http"
8-
"time"
9-
10-
"github.com/diggerhq/digger/opentaco/internal/analytics"
11-
"github.com/diggerhq/digger/opentaco/internal/tfe"
12-
13-
"github.com/diggerhq/digger/opentaco/internal/backend"
14-
authpkg "github.com/diggerhq/digger/opentaco/internal/auth"
15-
"github.com/diggerhq/digger/opentaco/internal/middleware"
16-
"github.com/diggerhq/digger/opentaco/internal/rbac"
17-
"github.com/diggerhq/digger/opentaco/internal/s3compat"
18-
unithandlers "github.com/diggerhq/digger/opentaco/internal/unit"
19-
"github.com/diggerhq/digger/opentaco/internal/observability"
20-
"github.com/diggerhq/digger/opentaco/internal/oidc"
21-
"github.com/diggerhq/digger/opentaco/internal/sts"
22-
"github.com/diggerhq/digger/opentaco/internal/storage"
23-
"github.com/labstack/echo/v4"
4+
"context"
5+
"fmt"
6+
"log"
7+
"net/http"
8+
"time"
9+
10+
"github.com/diggerhq/digger/opentaco/internal/analytics"
11+
"github.com/diggerhq/digger/opentaco/internal/tfe"
12+
13+
authpkg "github.com/diggerhq/digger/opentaco/internal/auth"
14+
"github.com/diggerhq/digger/opentaco/internal/backend"
15+
"github.com/diggerhq/digger/opentaco/internal/middleware"
16+
"github.com/diggerhq/digger/opentaco/internal/observability"
17+
"github.com/diggerhq/digger/opentaco/internal/oidc"
18+
"github.com/diggerhq/digger/opentaco/internal/rbac"
19+
"github.com/diggerhq/digger/opentaco/internal/s3compat"
20+
"github.com/diggerhq/digger/opentaco/internal/storage"
21+
"github.com/diggerhq/digger/opentaco/internal/sts"
22+
unithandlers "github.com/diggerhq/digger/opentaco/internal/unit"
23+
"github.com/labstack/echo/v4"
2424
)
2525

2626
// RegisterRoutes registers all API routes
@@ -29,15 +29,15 @@ func RegisterRoutes(e *echo.Echo, store storage.UnitStore, authEnabled bool) {
2929
health := observability.NewHealthHandler()
3030
e.GET("/healthz", health.Healthz)
3131
e.GET("/readyz", health.Readyz)
32-
32+
3333
// Info endpoint for CLI to detect storage type
3434
e.GET("/v1/info", func(c echo.Context) error {
3535
info := map[string]interface{}{
3636
"storage": map[string]interface{}{
3737
"type": "memory",
3838
},
3939
}
40-
40+
4141
// Check if we're using S3 storage
4242
if s3Store, ok := store.(storage.S3Store); ok {
4343
info["storage"] = map[string]interface{}{
@@ -46,11 +46,10 @@ func RegisterRoutes(e *echo.Echo, store storage.UnitStore, authEnabled bool) {
4646
"prefix": s3Store.GetS3Prefix(),
4747
}
4848
}
49-
49+
5050
return c.JSON(http.StatusOK, info)
5151
})
5252

53-
5453
// Prepare auth deps
5554
signer, err := authpkg.NewSignerFromEnv()
5655
if err != nil {
@@ -84,23 +83,23 @@ func RegisterRoutes(e *echo.Echo, store storage.UnitStore, authEnabled bool) {
8483
}
8584
return c.String(http.StatusOK, email)
8685
})
87-
86+
8887
e.POST("/v1/system-id/user-email", func(c echo.Context) error {
8988
var req struct {
9089
Email string `json:"email"`
9190
}
9291
if err := c.Bind(&req); err != nil {
9392
return c.JSON(http.StatusBadRequest, map[string]string{"error": "Invalid request"})
9493
}
95-
94+
9695
// Set user email in analytics system
9796
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
9897
defer cancel()
99-
98+
10099
if err := analytics.SetUserEmail(ctx, req.Email); err != nil {
101100
return c.JSON(http.StatusInternalServerError, map[string]string{"error": "Failed to set email"})
102101
}
103-
102+
104103
return c.JSON(http.StatusOK, map[string]string{"message": "Email set successfully"})
105104
})
106105

@@ -111,7 +110,6 @@ func RegisterRoutes(e *echo.Echo, store storage.UnitStore, authEnabled bool) {
111110
e.GET("/oauth/oidc-callback", authHandler.OAuthOIDCCallback)
112111
e.GET("/oauth/debug", authHandler.DebugConfig)
113112

114-
115113
// API v1 protected group - JWT tokens only
116114
v1 := e.Group("/v1")
117115
if authEnabled {
@@ -170,7 +168,7 @@ func RegisterRoutes(e *echo.Echo, store storage.UnitStore, authEnabled bool) {
170168
v1.GET("/backend/*", middleware.JWTOnlyRBACMiddleware(rbacManager, signer, rbac.ActionUnitRead, "*")(backendHandler.GetState))
171169
v1.POST("/backend/*", middleware.JWTOnlyRBACMiddleware(rbacManager, signer, rbac.ActionUnitWrite, "*")(backendHandler.UpdateState))
172170
v1.PUT("/backend/*", middleware.JWTOnlyRBACMiddleware(rbacManager, signer, rbac.ActionUnitWrite, "*")(backendHandler.UpdateState))
173-
// Explicitly wire non-standard HTTP methods used by Terraform backend
171+
// Explicitly wire non-standard HTTP methods used by Terraform backend
174172
jwtVerifyFn := middleware.JWTOnlyVerifier(signer)
175173
e.Add("LOCK", "/v1/backend/*", middleware.RequireAuth(jwtVerifyFn)(middleware.JWTOnlyRBACMiddleware(rbacManager, signer, rbac.ActionUnitLock, "*")(backendHandler.HandleLockUnlock)))
176174
e.Add("UNLOCK", "/v1/backend/*", middleware.RequireAuth(jwtVerifyFn)(middleware.JWTOnlyRBACMiddleware(rbacManager, signer, rbac.ActionUnitLock, "*")(backendHandler.HandleLockUnlock)))
@@ -200,13 +198,13 @@ func RegisterRoutes(e *echo.Echo, store storage.UnitStore, authEnabled bool) {
200198
// RBAC routes (only available with S3 storage)
201199
if rbacManager != nil {
202200
rbacHandler := rbac.NewHandler(rbacManager, signer)
203-
201+
204202
// RBAC initialization (no auth required for init)
205203
v1.POST("/rbac/init", rbacHandler.Init)
206-
204+
207205
// RBAC user info (handle auth gracefully in handler, like /v1/auth/me)
208206
e.GET("/v1/rbac/me", rbacHandler.Me)
209-
207+
210208
// RBAC management routes (require RBAC manage permission)
211209
v1.POST("/rbac/users/assign", rbacHandler.AssignRole)
212210
v1.POST("/rbac/users/revoke", rbacHandler.RevokeRole)
@@ -224,14 +222,14 @@ func RegisterRoutes(e *echo.Echo, store storage.UnitStore, authEnabled bool) {
224222
// RBAC not available with memory storage - add catch-all route
225223
v1.Any("/rbac/*", func(c echo.Context) error {
226224
return c.JSON(http.StatusBadRequest, map[string]string{
227-
"error": "RBAC requires S3 storage",
225+
"error": "RBAC requires S3 storage",
228226
"message": "RBAC is only available when using S3 storage. Please configure S3 storage to use RBAC features.",
229227
})
230228
})
231229
}
232230

233231
// TFE api - inject auth handler, storage, and RBAC dependencies
234-
tfeHandler := tfe.NewTFETokenHandler(authHandler, store, rbacManager) // Pass rbacManager (may be nil)
232+
tfeHandler := tfe.NewTFETokenHandler(authHandler, store, rbacManager) // Pass rbacManager (may be nil)
235233

236234
// Create protected TFE group - opaque tokens only
237235
tfeGroup := e.Group("/tfe/api/v2")
@@ -261,6 +259,8 @@ func RegisterRoutes(e *echo.Echo, store storage.UnitStore, authEnabled bool) {
261259

262260
// Keep discovery endpoints unprotected (needed for terraform login)
263261
e.GET("/.well-known/terraform.json", tfeHandler.GetWellKnownJson)
262+
e.GET("/tfe/api/v2/motd", tfeHandler.MessageOfTheDay)
263+
264264
e.GET("/tfe/app/oauth2/auth", tfeHandler.AuthLogin)
265265
e.POST("/tfe/oauth2/token", tfeHandler.AuthTokenExchange)
266266

taco/internal/domain/tfe_id.go

Lines changed: 0 additions & 124 deletions
This file was deleted.

taco/internal/domain/tfe_kind.go

Lines changed: 0 additions & 36 deletions
This file was deleted.

0 commit comments

Comments
 (0)