Optum · joshmarsh · Dec 12, 2019 · Nov 20, 2019 · Nov 20, 2019 · Nov 21, 2019
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,7 +7,7 @@
 - Fixed bug where child account's DCEPrincipal role trusted itself rather than the master account
 - Add GetUsageByPrincipal
 - Fix default `budget_notification_from_email` TF var (See #143)
-
+- Add `GET /auth` and `GET /auth/{file+}` endpoints for retrieving credentials web page
 
 ## v0.23.0
 

diff --git a/cmd/lambda/accounts/create.go b/cmd/lambda/accounts/create.go
@@ -29,7 +29,7 @@ func CreateAccount(w http.ResponseWriter, r *http.Request) {
 	err = decoder.Decode(&request)
 
 	if err != nil {
-		WriteAPIErrorResponse(w, http.StatusBadRequest, "ClientError", "invalid request parameters")
+		response.WriteAPIErrorResponse(w, http.StatusBadRequest, "ClientError", "invalid request parameters")
 		return
 	}
 
@@ -41,7 +41,7 @@ func CreateAccount(w http.ResponseWriter, r *http.Request) {
 	// Validate the request body
 	isValid, validationRes := request.Validate()
 	if !isValid {
-		WriteAPIErrorResponse(w, http.StatusBadRequest, "ClientError", *validationRes)
+		response.WriteAPIErrorResponse(w, http.StatusBadRequest, "ClientError", *validationRes)
 		return
 	}
 
@@ -50,11 +50,11 @@ func CreateAccount(w http.ResponseWriter, r *http.Request) {
 	if err != nil {
 		log.Printf("Failed to add account %s to pool: %s",
 			request.ID, err.Error())
-		WriteAPIErrorResponse(w, http.StatusInternalServerError, "ServerError", "")
+		response.WriteAPIErrorResponse(w, http.StatusInternalServerError, "ServerError", "")
 		return
 	}
 	if existingAccount != nil {
-		WriteAlreadyExistsError(w)
+		response.WriteAlreadyExistsError(w)
 		return
 	}
 
@@ -66,7 +66,7 @@ func CreateAccount(w http.ResponseWriter, r *http.Request) {
 	})
 
 	if err != nil {
-		WriteRequestValidationError(
+		response.WriteRequestValidationError(
 			w,
 			fmt.Sprintf("Unable to add account %s to pool: adminRole is not assumable by the master account", request.ID),
 		)
@@ -89,7 +89,7 @@ func CreateAccount(w http.ResponseWriter, r *http.Request) {
 	createRolRes, policyHash, err := createPrincipalRole(account, masterAccountID)
 	if err != nil {
 		log.Printf("failed to create principal role for %s: %s", request.ID, err)
-		WriteServerErrorWithResponse(w, "Internal server error")
+		response.WriteServerErrorWithResponse(w, "Internal server error")
 		return
 	}
 	account.PrincipalRoleArn = createRolRes.RoleArn
@@ -100,15 +100,15 @@ func CreateAccount(w http.ResponseWriter, r *http.Request) {
 	if err != nil {
 		log.Printf("Failed to add account %s to pool: %s",
 			request.ID, err.Error())
-		WriteServerErrorWithResponse(w, "Internal server error")
+		response.WriteServerErrorWithResponse(w, "Internal server error")
 		return
 	}
 
 	// Add Account to Reset Queue
 	err = Queue.SendMessage(&resetQueueURL, &account.ID)
 	if err != nil {
 		log.Printf("Failed to add account %s to reset Queue: %s", account.ID, err)
-		WriteServerErrorWithResponse(w, "Internal server error")
+		response.WriteServerErrorWithResponse(w, "Internal server error")
 		return
 	}
 
@@ -117,7 +117,7 @@ func CreateAccount(w http.ResponseWriter, r *http.Request) {
 	snsMessage, err := common.PrepareSNSMessageJSON(accountResponse)
 	if err != nil {
 		log.Printf("Failed to create SNS account-created message for %s: %s", account.ID, err)
-		WriteServerErrorWithResponse(w, "Internal server error")
+		response.WriteServerErrorWithResponse(w, "Internal server error")
 		return
 	}
 
@@ -126,18 +126,18 @@ func CreateAccount(w http.ResponseWriter, r *http.Request) {
 	_, err = SnsSvc.PublishMessage(&accountCreatedTopicArn, &snsMessage, true)
 	if err != nil {
 		log.Printf("Failed to publish SNS account-created message for %s: %s", account.ID, err)
-		WriteServerErrorWithResponse(w, "Internal server error")
+		response.WriteServerErrorWithResponse(w, "Internal server error")
 		return
 	}
 
 	accountResponseJSON, err := json.Marshal(accountResponse)
 	if err != nil {
 		log.Printf("ERROR: Failed to marshal account response for %s: %s", account.ID, err)
-		WriteServerErrorWithResponse(w, "Internal server error")
+		response.WriteServerErrorWithResponse(w, "Internal server error")
 		return
 	}
 
-	WriteAPIResponse(
+	response.WriteAPIResponse(
 		w,
 		http.StatusCreated,
 		string(accountResponseJSON),

diff --git a/cmd/lambda/accounts/delete.go b/cmd/lambda/accounts/delete.go
@@ -24,18 +24,18 @@ func DeleteAccount(w http.ResponseWriter, r *http.Request) {
 	if err != nil {
 		switch err.(type) {
 		case *db.AccountNotFoundError:
-			WriteNotFoundError(w)
+			response.WriteNotFoundError(w)
 			return
 		case *db.AccountLeasedError:
-			WriteAPIErrorResponse(
+			response.WriteAPIErrorResponse(
 				w,
 				http.StatusConflict,
 				"Conflict",
 				err.Error(),
 			)
 			return
 		default:
-			WriteServerErrorWithResponse(w, "Internal Server Error")
+			response.WriteServerErrorWithResponse(w, "Internal Server Error")
 			return
 		}
 	}
@@ -49,8 +49,8 @@ func DeleteAccount(w http.ResponseWriter, r *http.Request) {
 	// Push the account to the Reset Queue, so it gets cleaned up
 	sendToResetQueue(deletedAccount.ID)
 
-	// json.NewEncoder(w).Encode(response.CreateAPIResponse(http.StatusNoContent, ""))
-	WriteAPIResponse(w, http.StatusNoContent, "")
+	// json.NewEncoder(w).Encode(response.CreateAPIGatewayResponse(http.StatusNoContent, ""))
+	response.WriteAPIResponse(w, http.StatusNoContent, "")
 }
 
 // sendSNS sends notification to SNS that the delete has occurred.

diff --git a/cmd/lambda/accounts/get.go b/cmd/lambda/accounts/get.go
@@ -20,7 +20,7 @@ func GetAllAccounts(w http.ResponseWriter, r *http.Request) {
 	if err != nil {
 		errorMessage := fmt.Sprintf("Failed to query database: %s", err)
 		log.Print(errorMessage)
-		WriteServerErrorWithResponse(w, errorMessage)
+		response.WriteServerErrorWithResponse(w, errorMessage)
 	}
 
 	// Serialize them for the JSON response.
@@ -43,12 +43,12 @@ func GetAccountByID(w http.ResponseWriter, r *http.Request) {
 	if err != nil {
 		errorMessage := fmt.Sprintf("Failed List on Account Lease %s", accountID)
 		log.Print(errorMessage)
-		WriteServerErrorWithResponse(w, errorMessage)
+		response.WriteServerErrorWithResponse(w, errorMessage)
 		return
 	}
 
 	if account == nil {
-		WriteNotFoundError(w)
+		response.WriteNotFoundError(w)
 		return
 	}
 
@@ -68,11 +68,11 @@ func GetAccountByStatus(w http.ResponseWriter, r *http.Request) {
 	if err != nil {
 		errorMessage := fmt.Sprintf("Failed to query database: %s", err)
 		log.Print(errorMessage)
-		WriteServerErrorWithResponse(w, errorMessage)
+		response.WriteServerErrorWithResponse(w, errorMessage)
 	}
 
 	if len(accounts) == 0 {
-		WriteNotFoundError(w)
+		response.WriteNotFoundError(w)
 		return
 	}
 

diff --git a/cmd/lambda/accounts/list.go b/cmd/lambda/accounts/list.go
@@ -24,7 +24,7 @@ func (controller listController) Call(ctx context.Context, req *events.APIGatewa
 	if err != nil {
 		errorMessage := fmt.Sprintf("Failed to query database: %s", err)
 		log.Print(errorMessage)
-		return response.CreateAPIErrorResponse(http.StatusInternalServerError,
+		return response.CreateAPIGatewayErrorResponse(http.StatusInternalServerError,
 			response.CreateErrorResponse(
 				"ServerError", errorMessage)), nil
 	}
@@ -42,12 +42,12 @@ func (controller listController) Call(ctx context.Context, req *events.APIGatewa
 	if err != nil {
 		errorMessage := fmt.Sprintf("Failed to serialize data: %s", err)
 		log.Print(errorMessage)
-		return response.CreateAPIErrorResponse(http.StatusInternalServerError,
+		return response.CreateAPIGatewayErrorResponse(http.StatusInternalServerError,
 			response.CreateErrorResponse(
 				"ServerError", errorMessage)), nil
 	}
 
 	body := string(messageBytes)
 
-	return response.CreateAPIResponse(http.StatusOK, body), nil
+	return response.CreateAPIGatewayResponse(http.StatusOK, body), nil
 }
diff --git a/cmd/lambda/accounts/main.go b/cmd/lambda/accounts/main.go
@@ -2,18 +2,15 @@ package main
 
 import (
 	"context"
-	"encoding/json"
 	"fmt"
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/iam"
 	"log"
-	"net/http"
 	"strings"
 
 	"github.com/aws/aws-sdk-go/service/s3"
 	"github.com/aws/aws-sdk-go/service/s3/s3manager"
 
-	"github.com/Optum/dce/pkg/api/response"
 	"github.com/Optum/dce/pkg/common"
 	"github.com/Optum/dce/pkg/rolemanager"
 	"github.com/aws/aws-sdk-go/aws/session"
@@ -187,68 +184,3 @@ func newAWSSession() *session.Session {
 	}
 	return awsSession
 }
-
-// WriteServerErrorWithResponse - Writes a server error with the specific message.
-func WriteServerErrorWithResponse(w http.ResponseWriter, message string) {
-	WriteAPIErrorResponse(
-		w,
-		http.StatusInternalServerError,
-		"ServerError",
-		message,
-	)
-}
-
-// WriteAPIErrorResponse - Writes the error response out to the provided ResponseWriter
-func WriteAPIErrorResponse(w http.ResponseWriter, responseCode int,
-	errCode string, errMessage string) {
-	// Create the Error Response
-	errResp := response.CreateErrorResponse(errCode, errMessage)
-	apiResponse, err := json.Marshal(errResp)
-
-	// Should most likely not return an error since response.ErrorResponse
-	// is structured to be json compatible
-	if err != nil {
-		log.Printf("Failed to Create Valid Error Response: %s", err)
-		WriteAPIResponse(w, http.StatusInternalServerError, fmt.Sprintf(
-			"{\"error\":\"Failed to Create Valid Error Response: %s\"", err))
-	}
-
-	// Write an error
-	WriteAPIResponse(w, responseCode, string(apiResponse))
-}
-
-// WriteAPIResponse - Writes the response out to the provided ResponseWriter
-func WriteAPIResponse(w http.ResponseWriter, status int, body string) {
-	w.WriteHeader(status)
-	w.Write([]byte(body))
-}
-
-// WriteAlreadyExistsError - Writes the already exists error.
-func WriteAlreadyExistsError(w http.ResponseWriter) {
-	WriteAPIErrorResponse(
-		w,
-		http.StatusConflict,
-		"AlreadyExistsError",
-		"The requested resource cannot be created, as it conflicts with an existing resource",
-	)
-}
-
-// WriteRequestValidationError - Writes a request validate error with the given message.
-func WriteRequestValidationError(w http.ResponseWriter, message string) {
-	WriteAPIErrorResponse(
-		w,
-		http.StatusBadRequest,
-		"RequestValidationError",
-		message,
-	)
-}
-
-// WriteNotFoundError - Writes a request validate error with the given message.
-func WriteNotFoundError(w http.ResponseWriter) {
-	WriteAPIErrorResponse(
-		w,
-		http.StatusNotFound,
-		"NotFound",
-		"The requested resource could not be found.",
-	)
-}
diff --git a/cmd/lambda/accounts/update.go b/cmd/lambda/accounts/update.go
@@ -36,7 +36,7 @@ func UpdateAccountByID(w http.ResponseWriter, r *http.Request) {
 	decoder := json.NewDecoder(r.Body)
 	err := decoder.Decode(&request)
 	if err != nil {
-		WriteAPIErrorResponse(w, http.StatusBadRequest, "ClientError", "invalid request parameters")
+		response.WriteAPIErrorResponse(w, http.StatusBadRequest, "ClientError", "invalid request parameters")
 		return
 	}
 	request.ID = &accountID
@@ -50,7 +50,7 @@ func UpdateAccountByID(w http.ResponseWriter, r *http.Request) {
 		})
 
 		if err != nil {
-			WriteRequestValidationError(
+			response.WriteRequestValidationError(
 				w,
 				fmt.Sprintf("Unable to update account %s: "+
 					"admin role is not assumable by the master account",
@@ -78,7 +78,7 @@ func UpdateAccountByID(w http.ResponseWriter, r *http.Request) {
 		accountPartial.Metadata = *request.Metadata
 	}
 	if len(fieldsToUpdate) == 0 {
-		WriteRequestValidationError(
+		response.WriteRequestValidationError(
 			w,
 			fmt.Sprintf("Unable to update account %s: "+
 				"no updatable fields provided",
@@ -92,23 +92,23 @@ func UpdateAccountByID(w http.ResponseWriter, r *http.Request) {
 	if err != nil {
 		// If the account doesn't exist, return a 404
 		if _, ok := err.(*db.NotFoundError); ok {
-			WriteNotFoundError(w)
+			response.WriteNotFoundError(w)
 			return
 		}
 		// Other DB errors return a 500
 		log.Printf("ERROR: Failed to update account %s: %s", *request.ID, err)
-		WriteServerErrorWithResponse(w, "Internal Server Error")
+		response.WriteServerErrorWithResponse(w, "Internal Server Error")
 		return
 	}
 
 	accountJSON, err := json.Marshal(response.AccountResponse(*acct))
 	if err != nil {
 		log.Printf("ERROR: Failed to marshal account response for %s: %s", *request.ID, err)
-		WriteServerErrorWithResponse(w, "Internal server error")
+		response.WriteServerErrorWithResponse(w, "Internal server error")
 		return
 	}
 
-	WriteAPIResponse(
+	response.WriteAPIResponse(
 		w,
 		http.StatusOK,
 		string(accountJSON),

diff --git a/cmd/lambda/credentials_web_page/credentials_web_page b/cmd/lambda/credentials_web_page/credentials_web_page
diff --git a/cmd/lambda/credentials_web_page/get.go b/cmd/lambda/credentials_web_page/get.go
@@ -0,0 +1,49 @@
+package main
+
+import (
+	"fmt"
+	"github.com/Optum/dce/pkg/api/response"
+	"html/template"
+	"log"
+	"net/http"
+	"path/filepath"
+	"strings"
+)
+
+func GetAuthPage(w http.ResponseWriter, r *http.Request) {
+	lp := filepath.Join("views", "index.html")
+
+	tmpl, err := template.ParseFiles(lp)
+	if err != nil {
+		errorMessage := fmt.Sprintf("Failed to load web page: %s", err)
+		log.Print(errorMessage)
+		response.WriteServerErrorWithResponse(w, errorMessage)
+	}
+	if err := tmpl.Execute(w, Config); err != nil {
+		errorMessage := fmt.Sprintf("Failed to load web page: %s", err)
+		log.Print(errorMessage)
+		response.WriteServerErrorWithResponse(w, errorMessage)
+	}
+	w.Header().Set("Content-Type", "text/html")
+	w.WriteHeader(http.StatusOK)
+}
+
+func GetAuthPageAssets(w http.ResponseWriter, r *http.Request) {
+	fs := http.FileServer(http.Dir("./public"))
+	sp := http.StripPrefix("/auth/public", fs)
+
+	splitStr := strings.Split(r.URL.Path, ".")
+	ext := splitStr[len(splitStr)-1]
+	var contentType string
+	switch ext {
+	case "css":
+		contentType = "text/css"
+	case "js":
+		contentType = "text/javascript"
+	default:
+		contentType = "application/json"
+	}
+
+	w.Header().Set("Content-Type", contentType)
+	sp.ServeHTTP(w, r)
+}