return 403 for forbiden requests

NorskHelsenett · Jan 21, 2025 · ed2e75d · ed2e75d
1 parent b22c605
commit ed2e75d
Show file tree

Hide file tree

Showing 34 changed files with 1,457 additions and 602 deletions.
diff --git a/internal/controllers/aclcontroller/acl_controller.go b/internal/controllers/aclcontroller/acl_controller.go
@@ -416,6 +416,7 @@ func Update() gin.HandlerFunc {
 		_ = apiconnections.RabbitMQConnection.SendMessage(ctx, payload, messagebuscontracts.Route_Acl_Update, nil)
 
 		c.JSON(http.StatusOK, created)
+
 	}
 }
 
@@ -488,7 +489,7 @@ func Delete() gin.HandlerFunc {
 //	@Param			id	path		string	true	"id"
 //	@Success		200	{string}	Status
 //	@Failure		403	{string}	Forbidden
-//	@Failure		401	{string}	Unauthorized
+//	@Failure		401	{object}	rorerror.RorError
 //	@Failure		500	{string}	Failure	message
 //	@Router			/v1/acl/migrate [get]
 //	@Security		ApiKey || AccessToken

diff --git a/internal/controllers/clusterscontroller/clusters_controller.go b/internal/controllers/clusterscontroller/clusters_controller.go
@@ -53,7 +53,7 @@ func init() {
 //	@Param			id	path		string	true	"id"
 //	@Success		200	{object}	apicontracts.Cluster
 //	@Failure		403	{string}	Forbidden
-//	@Failure		401	{string}	Unauthorized
+//	@Failure		401	{object}	rorerror.RorError
 //	@Failure		500	{string}	Failure	message
 //	@Router			/v1/cluster/{clusterid} [get]
 //	@Router			/v1/clusters/{clusterid} [get]
@@ -103,7 +103,7 @@ func ClusterGetById() gin.HandlerFunc {
 //	@Param			id	path		string	true	"id"
 //	@Success		200	{bool}		bool
 //	@Failure		403	{string}	Forbidden
-//	@Failure		401	{string}	Unauthorized
+//	@Failure		401	{object}	rorerror.RorError
 //	@Failure		500	{string}	Failure	message
 //	@Router			/v1/cluster/{clusterid}/exists [get]
 //	@Router			/v1/clusters/{clusterid}/exists [get]
@@ -201,12 +201,12 @@ func ClusterByFilter() gin.HandlerFunc {
 //	@Tags			clusters
 //	@Accept			application/json
 //	@Produce		application/json
-//	@Success		200												{array}		apicontracts.Cluster
-//	@Failure		403												{string}	Forbidden
-//	@Failure		401												{string}	Unauthorized
-//	@Failure		500												{string}	Failure	message
+//	@Success		200											{array}		apicontracts.Cluster
+//	@Failure		403											{string}	Forbidden
+//	@Failure		401											{object}	rorerror.RorError
+//	@Failure		500											{string}	Failure	message
 //	@Router			/v1/clusters/workspace/{workspaceId}/filter	[get]
-//	@Param			filter											body	apicontracts.Filter	true	"Filter"
+//	@Param			filter										body	apicontracts.Filter	true	"Filter"
 //	@Param			workspaceId									path	string				true	"workspaceId"
 //	@Security		ApiKey || AccessToken
 func ClusterGetByWorkspaceId() gin.HandlerFunc {
@@ -282,7 +282,7 @@ func ClusterGetByWorkspaceId() gin.HandlerFunc {
 //	@Param			id	path		string	true	"id"
 //	@Success		200	{bool}		bool
 //	@Failure		403	{string}	Forbidden
-//	@Failure		401	{string}	Unauthorized
+//	@Failure		401	{object}	rorerror.RorError
 //	@Failure		500	{string}	Failure	message
 //	@Router			/v1/clusters/{clusterid}/metadata [get]
 //	@Security		ApiKey || AccessToken
@@ -314,7 +314,7 @@ func GetMetadata() gin.HandlerFunc {
 //	@Param			id	path		string	true	"id"
 //	@Success		200	{bool}		bool
 //	@Failure		403	{string}	Forbidden
-//	@Failure		401	{string}	Unauthorized
+//	@Failure		401	{object}	rorerror.RorError
 //	@Failure		500	{string}	Failure	message
 //	@Router			/v1/cluster/{clusterid}/metadata [patch]
 //	@Router			/v1/clusters/{clusterid}/metadata [patch]
@@ -376,7 +376,7 @@ func UpdateMetadata() gin.HandlerFunc {
 			},
 		})
 		if err != nil || clusters.DataCount != 1 {
-			c.JSON(http.StatusUnauthorized, nil)
+			c.JSON(http.StatusForbidden, nil)
 			return
 		}
 
@@ -401,7 +401,7 @@ func UpdateMetadata() gin.HandlerFunc {
 //	@Produce		application/json
 //	@Success		200	{bool}		bool
 //	@Failure		403	{string}	Forbidden
-//	@Failure		401	{string}	Unauthorized
+//	@Failure		401	{object}	rorerror.RorError
 //	@Failure		500	{string}	Failure	message
 //	@Router			/v1/cluster/heartbeat [post]
 //	@Router			/v1/clusters/heartbeat [post]
@@ -466,7 +466,7 @@ func RegisterHeartbeat() gin.HandlerFunc {
 //	@Produce		application/json
 //	@Success		200	{array}		apicontracts.ClusterControlPlaneMetadata
 //	@Failure		403	{string}	Forbidden
-//	@Failure		401	{string}	Unauthorized
+//	@Failure		401	{object}	rorerror.RorError
 //	@Failure		500	{string}	Failure	message
 //	@Router			/v1/clusters/controlPlanesMetadata [get]
 //	@Security		ApiKey || AccessToken
@@ -508,12 +508,12 @@ func GetControlPlanesMetadata() gin.HandlerFunc {
 //	@Tags			clusters
 //	@Accept			application/json
 //	@Produce		application/json
-//	@Param			id	path		string	true	"id"
-//	@Param			credentials				body	apicontracts.KubeconfigCredentials	true	"Credentials"
-//	@Success		200	{object}	apicontracts.ClusterKubeconfig
-//	@Failure		403	{string}	Forbidden
-//	@Failure		401	{string}	Unauthorized
-//	@Failure		500	{string}	Failure	message
+//	@Param			id			path		string								true	"id"
+//	@Param			credentials	body		apicontracts.KubeconfigCredentials	true	"Credentials"
+//	@Success		200			{object}	apicontracts.ClusterKubeconfig
+//	@Failure		403			{string}	Forbidden
+//	@Failure		401			{object}	rorerror.RorError
+//	@Failure		500			{string}	Failure	message
 //	@Router			/v1/clusters/{clusterid}/login [post]
 //	@Security		ApiKey || AccessToken
 func GetKubeconfig() gin.HandlerFunc {
@@ -625,11 +625,11 @@ func GetKubeconfig() gin.HandlerFunc {
 //	@Tags			clusters
 //	@Accept			application/json
 //	@Produce		application/json
-//	@Param			credentials				body	apicontracts.Cluster	true	"Credentials"
-//	@Success		200	{string}	ClusterId
-//	@Failure		403	{string}	Forbidden
-//	@Failure		401	{string}	Unauthorized
-//	@Failure		500	{string}	Failure	message
+//	@Param			credentials	body		apicontracts.Cluster	true	"Credentials"
+//	@Success		200			{string}	ClusterId
+//	@Failure		403			{string}	Forbidden
+//	@Failure		401			{object}	rorerror.RorError
+//	@Failure		500			{string}	Failure	message
 //	@Router			/v1/clusters [post]
 //	@Security		ApiKey || AccessToken
 func CreateCluster() gin.HandlerFunc {

diff --git a/internal/controllers/clusterscontroller/clusterviews.go b/internal/controllers/clusterscontroller/clusterviews.go
@@ -32,7 +32,7 @@ import (
 //	@Param			id	path		string	true	"id"
 //	@Success		200	{string}	This	is		not	the	view	you	are	looking	for
 //	@Failure		403	{string}	Forbidden
-//	@Failure		401	{string}	Unauthorized
+//	@Failure		401	{object}	rorerror.RorError
 //	@Failure		500	{string}	Failure	message
 //	@Router			/v1/clusters/{clusterid}/views/ingresses [get]
 //	@Router			/v1/clusters/{clusterid}/views/nodes [get]
@@ -60,7 +60,7 @@ func DummyView() gin.HandlerFunc {
 //	@Param			id	path		string	true	"id"
 //	@Success		200	{string}	This	is		not	the	view	you	are	looking	for
 //	@Failure		403	{string}	Forbidden
-//	@Failure		401	{string}	Unauthorized
+//	@Failure		401	{object}	rorerror.RorError
 //	@Failure		500	{string}	Failure	message
 //	@Router			/v1/clusters/{clusterid}/views/policyreports [get]
 //	@Security		ApiKey || AccessToken
@@ -107,7 +107,7 @@ func PolicyreportsView() gin.HandlerFunc {
 //	@Param			type	query		viewsmodels.PolicyreportGlobalQueryType	true	"type"
 //	@Success		200		{string}	This									is		not	the	view	you	are	looking	for
 //	@Failure		403		{string}	Forbidden
-//	@Failure		401		{string}	Unauthorized
+//	@Failure		401		{object}	rorerror.RorError
 //	@Failure		500		{string}	Failure	message
 //	@Router			/v1/clusters/{clusterid}/views/policyreports [get]
 //	@Security		ApiKey || AccessToken
@@ -159,7 +159,7 @@ func PolicyreportSummaryView() gin.HandlerFunc {
 //	@Param			type	query		viewsmodels.PolicyreportGlobalQueryType	true	"type"
 //	@Success		200		{string}	This									is		not	the	view	you	are	looking	for
 //	@Failure		403		{string}	Forbidden
-//	@Failure		401		{string}	Unauthorized
+//	@Failure		401		{object}	rorerror.RorError
 //	@Failure		500		{string}	Failure	message
 //	@Router			/v1/clusters/{clusterid}/views/policyreports [get]
 //	@Security		ApiKey || AccessToken
@@ -209,7 +209,7 @@ func VulnerabilityreportSummaryView() gin.HandlerFunc {
 //	@Param			id	path		string	true	"id"
 //	@Success		200	{string}	This	is		not	the	view	you	are	looking	for
 //	@Failure		403	{string}	Forbidden
-//	@Failure		401	{string}	Unauthorized
+//	@Failure		401	{object}	rorerror.RorError
 //	@Failure		500	{string}	Failure	message
 //	@Router			/v1/clusters/{clusterid}/views/vulnerabilityreports [get]
 //	@Security		ApiKey || AccessToken
@@ -256,7 +256,7 @@ func VulnerabilityReportsView() gin.HandlerFunc {
 //	@Param			cveid	path		string	true	"cveid"
 //	@Success		200		{string}	This	is		not	the	view	you	are	looking	for
 //	@Failure		403		{string}	Forbidden
-//	@Failure		401		{string}	Unauthorized
+//	@Failure		401		{object}	rorerror.RorError
 //	@Failure		500		{string}	Failure	message
 //	@Router			/v1/clusters/views/vulnerabilityreports/byid/:cveid [get]
 //	@Security		ApiKey || AccessToken
@@ -294,16 +294,16 @@ func VulnerabilityReportsViewById() gin.HandlerFunc {
 
 // VulnerabilityReportsGlobal godoc
 //
-//	@Summary		Get vulnerability reports summary per cluster
+//	@Summary	Get vulnerability reports summary per cluster
 //	@Schemes
 //	@Description	Shows a summary of trivy vulnerability reports per cluster categorized by amount of critical/high/medium/low vulnerabilities.
 //	@Tags			clusters
 //	@Accept			application/json
 //	@Produce		application/json
-//	@Success		200		{object}	[]viewsmodels.VulnerabilityReportsView
-//	@Failure		403		{string}	Forbidden
-//	@Failure		401		{string}	Unauthorized
-//	@Failure		500		{string}	Failure	message
+//	@Success		200	{object}	[]viewsmodels.VulnerabilityReportsView
+//	@Failure		403	{string}	Forbidden
+//	@Failure		401	{object}	rorerror.RorError
+//	@Failure		500	{string}	Failure	message
 //	@Router			/v1/clusters/views/vulnerabilityreports [get]
 //	@Security		ApiKey || AccessToken
 func VulnerabilityReportsGlobal() gin.HandlerFunc {
@@ -341,9 +341,9 @@ func VulnerabilityReportsGlobal() gin.HandlerFunc {
 //	@Accept			application/json
 //	@Produce		application/json
 //	@Query			cveid	{string}
-//	@Success		200		{string}	This	is		not	the	view	you	are	looking	for
+//	@Success		200		{string}	This	is	not	the	view	you	are	looking	for
 //	@Failure		403		{string}	Forbidden
-//	@Failure		401		{string}	Unauthorized
+//	@Failure		401		{object}	rorerror.RorError
 //	@Failure		500		{string}	Failure	message
 //	@Router			/v1/clusters/views/vulnerabilityreports/byid [get]
 //	@Security		ApiKey || AccessToken
@@ -387,11 +387,11 @@ func GlobalVulnerabilityReportsViewById() gin.HandlerFunc {
 //	@Tags			clusters
 //	@Accept			application/json
 //	@Produce		application/json
-//	@Param			clusterid	path	string	true	"clusterid"
-//	@Success		200		{array}		viewsmodels.ComplianceReport
-//	@Failure		403		{string}	Forbidden
-//	@Failure		401		{string}	Unauthorized
-//	@Failure		500		{string}	Failure	message
+//	@Param			clusterid	path		string	true	"clusterid"
+//	@Success		200			{array}		viewsmodels.ComplianceReport
+//	@Failure		403			{string}	Forbidden
+//	@Failure		401			{object}	rorerror.RorError
+//	@Failure		500			{string}	Failure	message
 //	@Router			/v1/clusters/:clusterid/views/compliancereports [get]
 //	@Security		ApiKey || AccessToken
 func ComplianceReports() gin.HandlerFunc {
@@ -428,16 +428,16 @@ func ComplianceReports() gin.HandlerFunc {
 
 // ComplianceReportsGlobal godoc
 //
-//	@Summary		Get compliance reports summary per cluster
+//	@Summary	Get compliance reports summary per cluster
 //	@Schemes
 //	@Description	Shows a summary of trivy compliance reports per cluster categorized by amount failed or passed.
 //	@Tags			clusters
 //	@Accept			application/json
 //	@Produce		application/json
-//	@Success		200		{object}	[]viewsmodels.ComplianceReport
-//	@Failure		403		{string}	Forbidden
-//	@Failure		401		{string}	Unauthorized
-//	@Failure		500		{string}	Failure	message
+//	@Success		200	{object}	[]viewsmodels.ComplianceReport
+//	@Failure		403	{string}	Forbidden
+//	@Failure		401	{object}	rorerror.RorError
+//	@Failure		500	{string}	Failure	message
 //	@Router			/v1/clusters/views/compliancereports [get]
 //	@Security		ApiKey || AccessToken
 func ComplianceReportsGlobal() gin.HandlerFunc {
@@ -474,12 +474,12 @@ func ComplianceReportsGlobal() gin.HandlerFunc {
 //	@Accept			application/json
 //	@Produce		application/json
 
-// @Success	200	{string}	Get	data	for	the	cluster
-// @Failure	403	{string}	Forbidden
-// @Failure	401	{string}	Unauthorized
-// @Failure	500	{string}	Failure	message
-// @Router		/v1/clusters/self [get]
-// @Security	ApiKey || AccessToken
+//	@Success	200	{string}	Get	data	for	the	cluster
+//	@Failure	403	{string}	Forbidden
+//	@Failure	401	{string}	Unauthorized
+//	@Failure	500	{string}	Failure	message
+//	@Router		/v1/clusters/self [get]
+//	@Security	ApiKey || AccessToken
 func GetSelf() gin.HandlerFunc {
 	return func(c *gin.Context) {
 		ctx, cancel := gincontext.GetRorContextFromGinContext(c)

diff --git a/internal/controllers/datacenterscontroller/datacenters_controller.go b/internal/controllers/datacenterscontroller/datacenters_controller.go
@@ -36,7 +36,7 @@ func init() {
 //	@Produce		application/json
 //	@Success		200				{array}		apicontracts.Datacenter
 //	@Failure		403				{string}	Forbidden
-//	@Failure		401				{string}	Unauthorized
+//	@Failure		401				{object}	rorerror.RorError
 //	@Failure		500				{string}	Failure	message
 //	@Router			/v1/datacenters	[get]
 //	@Security		ApiKey || AccessToken
@@ -47,8 +47,8 @@ func GetAll() gin.HandlerFunc {
 
 		_, err := gincontext.GetUserFromGinContext(c)
 		if err != nil {
-			c.JSON(http.StatusUnauthorized, rorerror.RorError{
-				Status:  http.StatusUnauthorized,
+			c.JSON(http.StatusForbidden, rorerror.RorError{
+				Status:  http.StatusForbidden,
 				Message: "Could not fetch user",
 			})
 			return
@@ -59,8 +59,8 @@ func GetAll() gin.HandlerFunc {
 
 		datacenters, err := datacentersservice.GetAllByUser(ctx)
 		if err != nil {
-			c.JSON(http.StatusUnauthorized, rorerror.RorError{
-				Status:  http.StatusUnauthorized,
+			c.JSON(http.StatusForbidden, rorerror.RorError{
+				Status:  http.StatusForbidden,
 				Message: "Could not fetch datacenters",
 			})
 			return
@@ -80,7 +80,7 @@ func GetAll() gin.HandlerFunc {
 //	@Produce		application/json
 //	@Success		200									{object}	apicontracts.Datacenter
 //	@Failure		403									{string}	Forbidden
-//	@Failure		401									{string}	Unauthorized
+//	@Failure		401									{object}	rorerror.RorError
 //	@Failure		500									{string}	Failure	message
 //	@Router			/v1/datacenters/{datacenterName}	[get]
 //	@Param			datacenterName						path	string	true	"datacenterName"
@@ -97,8 +97,8 @@ func GetByName() gin.HandlerFunc {
 
 		datacenter, err := datacentersservice.GetByName(ctx, datacenterName)
 		if err != nil {
-			c.JSON(http.StatusUnauthorized, rorerror.RorError{
-				Status:  http.StatusUnauthorized,
+			c.JSON(http.StatusForbidden, rorerror.RorError{
+				Status:  http.StatusForbidden,
 				Message: "Could not fetch datacenter",
 			})
 			return
@@ -113,19 +113,19 @@ func GetByName() gin.HandlerFunc {
 	}
 }
 
-// @Summary	Get datacenter by id
-// @Schemes
-// @Description	Get datacenter by id
-// @Tags			datacenters
-// @Accept			application/json
-// @Produce		application/json
-// @Success		200									{object}	apicontracts.Datacenter
-// @Failure		403									{string}	Forbidden
-// @Failure		401									{string}	Unauthorized
-// @Failure		500									{string}	Failure	message
-// @Router			/v1/datacenters/id/{id}	[get]
-// @Param			id						path	string	true	"id"
-// @Security		ApiKey || AccessToken
+//	@Summary	Get datacenter by id
+//	@Schemes
+//	@Description	Get datacenter by id
+//	@Tags			datacenters
+//	@Accept			application/json
+//	@Produce		application/json
+//	@Success		200						{object}	apicontracts.Datacenter
+//	@Failure		403						{string}	Forbidden
+//	@Failure		401						{string}	Unauthorized
+//	@Failure		500						{string}	Failure	message
+//	@Router			/v1/datacenters/id/{id}	[get]
+//	@Param			id						path	string	true	"id"
+//	@Security		ApiKey || AccessToken
 func GetById() gin.HandlerFunc {
 	// todo scheduled for deletion
 	return func(c *gin.Context) {
@@ -138,8 +138,8 @@ func GetById() gin.HandlerFunc {
 
 		datacenter, err := datacentersservice.GetById(ctx, datacenterId)
 		if err != nil {
-			c.JSON(http.StatusUnauthorized, rorerror.RorError{
-				Status:  http.StatusUnauthorized,
+			c.JSON(http.StatusForbidden, rorerror.RorError{
+				Status:  http.StatusForbidden,
 				Message: "Could not fetch datacenter",
 			})
 			return
@@ -164,7 +164,7 @@ func GetById() gin.HandlerFunc {
 //	@Produce		application/json
 //	@Success		200				{array}		apicontracts.Datacenter
 //	@Failure		403				{string}	Forbidden
-//	@Failure		401				{string}	Unauthorized
+//	@Failure		401				{object}	rorerror.RorError
 //	@Failure		500				{string}	Failure					message
 //	@Param			datacenter		body		apicontracts.Datacenter	true	"Datacenter"
 //	@Router			/v1/datacenters	[post]
@@ -238,7 +238,7 @@ func Create() gin.HandlerFunc {
 //	@Produce		application/json
 //	@Success		200								{array}		apicontracts.Datacenter
 //	@Failure		403								{string}	Forbidden
-//	@Failure		401								{string}	Unauthorized
+//	@Failure		401								{object}	rorerror.RorError
 //	@Failure		500								{string}	Failure					message
 //	@Param			datacenterId					path		string					true	"datacenterId"
 //	@Param			datacenter						body		apicontracts.Datacenter	true	"Datacenter"