Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 urania
|
c4180bada1 |
@@ -32,7 +32,7 @@ func (m *Module) Permissions() []rbac.Permission {
|
||||
}
|
||||
|
||||
func (m *Module) Register(api huma.API) {
|
||||
registerReads(api)
|
||||
registerReads(api, m)
|
||||
registerWrites(api, m)
|
||||
registerHosts(api)
|
||||
}
|
||||
|
||||
@@ -87,6 +87,30 @@ func TestNetworkingHandlers(t *testing.T) {
|
||||
t.Errorf("list interfaces: got %d, want %d", resp.Code, http.StatusOK)
|
||||
}
|
||||
|
||||
// 1b. Test GET /api/networking/interfaces/{name} (used by edit-form prefill).
|
||||
// Asserts the backend's Snapshot output is returned verbatim as the body, so
|
||||
// the same shape can feed straight into PUT.
|
||||
resp = api.Get("/api/networking/interfaces/eth0")
|
||||
if resp.Code != http.StatusOK {
|
||||
t.Errorf("get interface: got %d, want %d", resp.Code, http.StatusOK)
|
||||
}
|
||||
var ifaceRes GetInterfaceConfigOutput
|
||||
if err := json.Unmarshal(resp.Body.Bytes(), &ifaceRes.Body); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if ifaceRes.Body.Method != "dhcp" || ifaceRes.Body.Address != "192.168.1.10/24" {
|
||||
t.Errorf("get interface: got %+v, want snapshot result", ifaceRes.Body)
|
||||
}
|
||||
|
||||
// Same endpoint with no backend should return 501.
|
||||
noBackend := &Module{}
|
||||
noBackendMux := http.NewServeMux()
|
||||
noBackendAPI := humatest.Wrap(t, humago.New(noBackendMux, huma.DefaultConfig("Test", "1.0.0")))
|
||||
noBackend.Register(noBackendAPI)
|
||||
if got := noBackendAPI.Get("/api/networking/interfaces/eth0").Code; got != http.StatusNotImplemented {
|
||||
t.Errorf("get interface without backend: got %d, want 501", got)
|
||||
}
|
||||
|
||||
// 2. Test GET /api/networking/routes
|
||||
resp = api.Get("/api/networking/routes")
|
||||
if resp.Code != http.StatusOK {
|
||||
|
||||
@@ -53,7 +53,47 @@ type DNSOutput struct {
|
||||
}
|
||||
}
|
||||
|
||||
func registerReads(api huma.API) {
|
||||
// GetInterfaceConfigInput carries the path param; matches the PUT endpoint's
|
||||
// IfacePathInput so the frontend can use the same path for both verbs.
|
||||
type GetInterfaceConfigInput struct {
|
||||
Name string `path:"name" example:"eth0" doc:"Interface name"`
|
||||
}
|
||||
|
||||
// GetInterfaceConfigOutput returns the same IfaceConfig shape that PUT
|
||||
// accepts, so the form can be pre-filled directly from this response.
|
||||
type GetInterfaceConfigOutput struct {
|
||||
Body IfaceConfig
|
||||
}
|
||||
|
||||
func registerReads(api huma.API, m *Module) {
|
||||
huma.Register(api, huma.Operation{
|
||||
OperationID: "networking-get-interface",
|
||||
Method: "GET",
|
||||
Path: "/api/networking/interfaces/{name}",
|
||||
Summary: "Get an interface's current configuration",
|
||||
Description: "Returns the IfaceConfig the backend currently has for this " +
|
||||
"interface (method, address/prefix, gateway, DNS, IPv6). Same schema as " +
|
||||
"PUT /api/networking/interfaces/{name}, so the frontend can prefill an " +
|
||||
"edit form from this response directly. Returns 501 when no backend was " +
|
||||
"detected (nmcli / networkd / ifupdown).",
|
||||
Tags: []string{tagNetworking},
|
||||
Metadata: op("read"),
|
||||
Errors: readErrors,
|
||||
}, func(ctx context.Context, in *GetInterfaceConfigInput) (*GetInterfaceConfigOutput, error) {
|
||||
if m.be == nil {
|
||||
return nil, huma.Error501NotImplemented("", errNoBackend)
|
||||
}
|
||||
if err := validateIface(in.Name); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
cfg, err := m.be.Snapshot(ctx, in.Name)
|
||||
if err != nil {
|
||||
return nil, huma.Error500InternalServerError("snapshot failed", err)
|
||||
}
|
||||
return &GetInterfaceConfigOutput{Body: cfg}, nil
|
||||
})
|
||||
|
||||
|
||||
huma.Register(api, huma.Operation{
|
||||
OperationID: "networking-list-interfaces",
|
||||
Method: "GET",
|
||||
|
||||
@@ -3,14 +3,22 @@ package services
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"os/exec"
|
||||
"regexp"
|
||||
"strings"
|
||||
"syscall"
|
||||
|
||||
"nadir/internal/oscmd"
|
||||
|
||||
"github.com/danielgtaylor/huma/v2"
|
||||
)
|
||||
|
||||
// selfUnit is nadir's own systemd unit name. Acting on it via the normal
|
||||
// synchronous path would have systemd SIGTERM the very process serving the
|
||||
// request, so the client sees a dropped connection / 500 even though the
|
||||
// action succeeded. We detach those calls into a Setsid subprocess instead.
|
||||
const selfUnit = "nadir"
|
||||
|
||||
const tagServices = "Services"
|
||||
|
||||
var (
|
||||
@@ -136,6 +144,9 @@ func registerServices(api huma.API) {
|
||||
if err := ensureExists(in.Unit); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if isSelf(in.Unit) {
|
||||
return runDetached(c.action, in.Unit)
|
||||
}
|
||||
if _, err := oscmd.Run("systemctl", c.action, "--", in.Unit); err != nil {
|
||||
return nil, huma.Error500InternalServerError("systemctl "+c.action+" failed", err)
|
||||
}
|
||||
@@ -144,6 +155,27 @@ func registerServices(api huma.API) {
|
||||
}
|
||||
}
|
||||
|
||||
// isSelf reports whether unit names nadir's own service, with or without the
|
||||
// .service suffix.
|
||||
func isSelf(unit string) bool {
|
||||
return unit == selfUnit || unit == selfUnit+".service"
|
||||
}
|
||||
|
||||
// runDetached fires systemctl in a new session so a "systemctl restart nadir"
|
||||
// (or stop) doesn't kill its own caller before the HTTP response is written.
|
||||
// Returns success once the subprocess has *started* — the actual systemd
|
||||
// operation may complete after the response is sent, which is the whole point.
|
||||
func runDetached(action, unit string) (*oscmd.StatusOutput, error) {
|
||||
cmd := exec.Command("systemctl", action, "--", unit)
|
||||
cmd.SysProcAttr = &syscall.SysProcAttr{Setsid: true}
|
||||
if err := cmd.Start(); err != nil {
|
||||
return nil, huma.Error500InternalServerError("could not start detached systemctl", err)
|
||||
}
|
||||
// Reap in the background so the child doesn't become a zombie.
|
||||
go cmd.Wait()
|
||||
return oscmd.OK(), nil
|
||||
}
|
||||
|
||||
// validateUnit guards against empty, flag-like, or malformed unit names.
|
||||
func validateUnit(unit string) error {
|
||||
if unit == "" || strings.HasPrefix(unit, "-") || !unitNameRe.MatchString(unit) {
|
||||
|
||||
@@ -19,3 +19,22 @@ func TestValidateUnit(t *testing.T) {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// TestIsSelf pins the dispatch that detaches stop/restart-of-self into a
|
||||
// Setsid subprocess. Both "nadir" and "nadir.service" must match; anything
|
||||
// else (including substrings) must not, or unrelated services would also get
|
||||
// detached and bypass the synchronous error path.
|
||||
func TestIsSelf(t *testing.T) {
|
||||
yes := []string{"nadir", "nadir.service"}
|
||||
for _, u := range yes {
|
||||
if !isSelf(u) {
|
||||
t.Errorf("isSelf(%q) = false, want true", u)
|
||||
}
|
||||
}
|
||||
no := []string{"", "sshd.service", "nadir-something.service", "nadir.timer", "not-nadir.service"}
|
||||
for _, u := range no {
|
||||
if isSelf(u) {
|
||||
t.Errorf("isSelf(%q) = true, want false", u)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user