feat(whitelist): Add support for IP whitelisting

Author: kmala

api/appsettings.go

@@ -16,11 +16,17 @@ type AppSettings struct {
 	// Maintenance determines if the application is taken down for maintenance or not.
 	Maintenance *bool `json:"maintenance,omitempty"`
 	// Routable determines if the application should be exposed by the router.
-	Routable *bool `json:"routable,omitempty"`
+	Routable  *bool    `json:"routable,omitempty"`
+	Whitelist []string `json:"whitelist,omitempty"`
 }
 
 // NewRoutable returns a default value for the AppSettings.Routable field.
 func NewRoutable() *bool {
 	b := true
 	return &b
 }
+
+// Whitelist is the structure of POST /v2/app/<app id>/whitelist/.
+type Whitelist struct {
+	Addresses []string `json:"addresses"`
+}

appsettings/appsettings_test.go

@@ -18,6 +18,7 @@ const appSettingsFixture string = `
     "app": "example-go",
     "maintenance": true,
     "routable": true,
+    "whitelist": ["1.2.3.4", "0.0.0.0/0"],
     "created": "2014-01-01T00:00:00UTC",
     "updated": "2014-01-01T00:00:00UTC",
     "uuid": "de1bf5b5-4a72-4f94-a10c-d2a3741cdf75"
@@ -30,14 +31,15 @@ const appSettingsUnsetFixture string = `
     "app": "unset-test",
 	  "maintenance": true,
     "routable": true,
+    "whitelist": ["1.2.3.4", "0.0.0.0/0"],
     "created": "2014-01-01T00:00:00UTC",
     "updated": "2014-01-01T00:00:00UTC",
     "uuid": "de1bf5b5-4a72-4f94-a10c-d2a3741cdf75"
 }
 `
 
-const appSettingsSetExpected string = `{"maintenance":true,"routable":true}`
-const appSettingsUnsetExpected string = `{"maintenance":true,"routable":true}`
+const appSettingsSetExpected string = `{"maintenance":true,"routable":true,"whitelist":["1.2.3.4","0.0.0.0/0"]}`
+const appSettingsUnsetExpected string = `{"maintenance":true,"routable":true,"whitelist":["1.2.3.4","0.0.0.0/0"]}`
 
 var trueVar = true
 
@@ -126,6 +128,7 @@ func TestAppSettingsSet(t *testing.T) {
 		App:         "example-go",
 		Routable:    api.NewRoutable(),
 		Maintenance: &trueVar,
+		Whitelist:   []string{"1.2.3.4", "0.0.0.0/0"},
 		Created:     "2014-01-01T00:00:00UTC",
 		Updated:     "2014-01-01T00:00:00UTC",
 		UUID:        "de1bf5b5-4a72-4f94-a10c-d2a3741cdf75",
@@ -134,6 +137,7 @@ func TestAppSettingsSet(t *testing.T) {
 	appSettingsVars := api.AppSettings{
 		Maintenance: &trueVar,
 		Routable:    api.NewRoutable(),
+		Whitelist:   []string{"1.2.3.4", "0.0.0.0/0"},
 	}
 
 	actual, err := Set(deis, "example-go", appSettingsVars)
@@ -164,6 +168,7 @@ func TestAppSettingsUnset(t *testing.T) {
 		App:         "unset-test",
 		Maintenance: &trueVar,
 		Routable:    api.NewRoutable(),
+		Whitelist:   []string{"1.2.3.4", "0.0.0.0/0"},
 		Created:     "2014-01-01T00:00:00UTC",
 		Updated:     "2014-01-01T00:00:00UTC",
 		UUID:        "de1bf5b5-4a72-4f94-a10c-d2a3741cdf75",
@@ -172,6 +177,7 @@ func TestAppSettingsUnset(t *testing.T) {
 	appSettingsVars := api.AppSettings{
 		Maintenance: &trueVar,
 		Routable:    api.NewRoutable(),
+		Whitelist:   []string{"1.2.3.4", "0.0.0.0/0"},
 	}
 
 	actual, err := Set(deis, "unset-test", appSettingsVars)
@@ -202,6 +208,7 @@ func TestAppSettingsList(t *testing.T) {
 		App:         "example-go",
 		Maintenance: &trueVar,
 		Routable:    api.NewRoutable(),
+		Whitelist:   []string{"1.2.3.4", "0.0.0.0/0"},
 		Created:     "2014-01-01T00:00:00UTC",
 		Updated:     "2014-01-01T00:00:00UTC",
 		UUID:        "de1bf5b5-4a72-4f94-a10c-d2a3741cdf75",

whitelist/whitelist.go

@@ -0,0 +1,67 @@
+// Package whitelist provides methods for managing an app's whitelisted IP's.
+package whitelist
+
+import (
+	"encoding/json"
+	"fmt"
+
+	deis "github.com/deis/controller-sdk-go"
+	"github.com/deis/controller-sdk-go/api"
+)
+
+// List IP's whitelisted for an app.
+func List(c *deis.Client, appID string) (api.Whitelist, error) {
+	u := fmt.Sprintf("/v2/apps/%s/whitelist/", appID)
+	res, reqErr := c.Request("GET", u, nil)
+	if reqErr != nil && !deis.IsErrAPIMismatch(reqErr) {
+		return api.Whitelist{}, reqErr
+	}
+	defer res.Body.Close()
+
+	whitelist := api.Whitelist{}
+	if err := json.NewDecoder(res.Body).Decode(&whitelist); err != nil {
+		return api.Whitelist{}, err
+	}
+
+	return whitelist, reqErr
+}
+
+// Add adds addresses to an app's whitelist.
+func Add(c *deis.Client, appID string, addresses []string) (api.Whitelist, error) {
+	u := fmt.Sprintf("/v2/apps/%s/whitelist/", appID)
+
+	req := api.Whitelist{Addresses: addresses}
+	body, err := json.Marshal(req)
+	if err != nil {
+		return api.Whitelist{}, err
+	}
+	res, reqErr := c.Request("POST", u, body)
+	if reqErr != nil && !deis.IsErrAPIMismatch(reqErr) {
+		return api.Whitelist{}, reqErr
+	}
+	defer res.Body.Close()
+
+	d := api.Whitelist{}
+	if err = json.NewDecoder(res.Body).Decode(&d); err != nil {
+		return api.Whitelist{}, err
+	}
+
+	return d, reqErr
+}
+
+// Delete removes addresses from an app's whitelist.
+func Delete(c *deis.Client, appID string, addresses []string) error {
+	u := fmt.Sprintf("/v2/apps/%s/whitelist/", appID)
+
+	req := api.Whitelist{Addresses: addresses}
+	body, err := json.Marshal(req)
+	if err != nil {
+		return err
+	}
+
+	_, reqErr := c.Request("DELETE", u, body)
+	if reqErr != nil && !deis.IsErrAPIMismatch(reqErr) {
+		return reqErr
+	}
+	return nil
+}

whitelist/whitelist_test.go

@@ -0,0 +1,168 @@
+package whitelist
+
+import (
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"net/http/httptest"
+	"reflect"
+	"testing"
+
+	deis "github.com/deis/controller-sdk-go"
+	"github.com/deis/controller-sdk-go/api"
+)
+
+const whitelistFixture string = `
+{
+    "addresses": ["1.2.3.4", "0.0.0.0/0"]
+}`
+
+const whitelistCreateExpected string = `{"addresses":["1.2.3.4","0.0.0.0/0"]}`
+
+type fakeHTTPServer struct{}
+
+func (fakeHTTPServer) ServeHTTP(res http.ResponseWriter, req *http.Request) {
+	res.Header().Add("DEIS_API_VERSION", deis.APIVersion)
+
+	if req.URL.Path == "/v2/apps/example-go/whitelist/" && req.Method == "GET" {
+		res.Write([]byte(whitelistFixture))
+		return
+	}
+
+	if req.URL.Path == "/v2/apps/example-go/whitelist/" && req.Method == "POST" {
+		body, err := ioutil.ReadAll(req.Body)
+
+		if err != nil {
+			fmt.Println(err)
+			res.WriteHeader(http.StatusInternalServerError)
+			res.Write(nil)
+		}
+
+		if string(body) != whitelistCreateExpected {
+			fmt.Printf("Expected '%s', Got '%s'\n", whitelistCreateExpected, body)
+			res.WriteHeader(http.StatusInternalServerError)
+			res.Write(nil)
+			return
+		}
+
+		res.WriteHeader(http.StatusCreated)
+		res.Write([]byte(whitelistFixture))
+		return
+	}
+
+	if req.URL.Path == "/v2/apps/example-go/whitelist/" && req.Method == "DELETE" {
+		res.WriteHeader(http.StatusNoContent)
+		res.Write([]byte(whitelistFixture))
+		return
+	}
+
+	if req.URL.Path == "/v2/apps/invalidjson-test/whitelist/" && req.Method == "POST" {
+		res.WriteHeader(http.StatusCreated)
+		res.Write([]byte(`"addresses": "test"`))
+		return
+	}
+
+	if req.URL.Path == "/v2/apps/invalidjson-test/whitelist/" && req.Method == "GET" {
+		res.Write([]byte(`"addresses": "test"`))
+		return
+	}
+
+	fmt.Printf("Unrecognized URL %s\n", req.URL)
+	res.WriteHeader(http.StatusNotFound)
+	res.Write(nil)
+}
+
+func TestWhitelistList(t *testing.T) {
+	t.Parallel()
+
+	expected := api.Whitelist{
+		Addresses: []string{"1.2.3.4", "0.0.0.0/0"},
+	}
+
+	handler := fakeHTTPServer{}
+	server := httptest.NewServer(handler)
+	defer server.Close()
+
+	deis, err := deis.New(false, server.URL, "abc")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	actual, err := List(deis, "example-go")
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if !reflect.DeepEqual(expected, actual) {
+		t.Error(fmt.Errorf("Expected %v, Got %v", expected, actual))
+	}
+}
+
+func TestWhitelistAdd(t *testing.T) {
+	t.Parallel()
+
+	expected := api.Whitelist{
+		Addresses: []string{"1.2.3.4", "0.0.0.0/0"},
+	}
+
+	handler := fakeHTTPServer{}
+	server := httptest.NewServer(handler)
+	defer server.Close()
+
+	deis, err := deis.New(false, server.URL, "abc")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	actual, err := Add(deis, "example-go", []string{"1.2.3.4", "0.0.0.0/0"})
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if !reflect.DeepEqual(expected, actual) {
+		t.Error(fmt.Errorf("Expected %v, Got %v", expected, actual))
+	}
+}
+
+func TestWhitelistRemove(t *testing.T) {
+	t.Parallel()
+
+	handler := fakeHTTPServer{}
+	server := httptest.NewServer(handler)
+	defer server.Close()
+
+	deis, err := deis.New(false, server.URL, "abc")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err = Delete(deis, "example-go", []string{"1.2.3.4"}); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestAppSettingsInvalidJson(t *testing.T) {
+	t.Parallel()
+
+	handler := fakeHTTPServer{}
+	server := httptest.NewServer(&handler)
+	defer server.Close()
+
+	deis, err := deis.New(false, server.URL, "abc")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	_, err = List(deis, "invalidjson-test")
+	expected := "json: cannot unmarshal string into Go value of type api.Whitelist"
+	if err == nil || !reflect.DeepEqual(expected, err.Error()) {
+		t.Errorf("Expected %v, Got %v", expected, err)
+	}
+
+	_, err = Add(deis, "invalidjson-test", []string{"1.2.3.4"})
+	if err == nil || !reflect.DeepEqual(expected, err.Error()) {
+		t.Errorf("Expected %v, Got %v", expected, err)
+	}
+}