raw draft of policy-manager

createpolicy.go

@@ -0,0 +1,113 @@
+package main
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"log"
+	"net/http"
+	"time"
+)
+
+type CreatePolicyRequest struct {
+	PolicyName     string `json:"policyname"`
+	PolicyDocument Policy `json:"policy"`
+}
+
+func CreatePolicy(w http.ResponseWriter, r *http.Request) {
+	// Only allow POST method
+	if r.Method != http.MethodPost {
+		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
+		return
+	}
+
+	// XXX Temporary Account Handler
+	accountid := r.Header.Get("Account")
+	if accountid == "" {
+		http.Error(w, "Account header is required", http.StatusUnauthorized)
+		return
+	}
+
+	// Optional: enforce content type
+	if r.Header.Get("Content-Type") != "application/json" {
+		http.Error(w, "Content-Type must be application/json", http.StatusUnsupportedMediaType)
+		return
+	}
+
+	// Read body with size limit (protect against huge requests)
+	const maxBodyBytes = 1 << 20 // 1 MB
+	r.Body = http.MaxBytesReader(w, r.Body, maxBodyBytes)
+
+	// Decode JSON into our struct
+	var policydocumentrequest CreatePolicyRequest
+	decoder := json.NewDecoder(r.Body)
+	decoder.DisallowUnknownFields() // strict mode - reject unknown fields
+
+	if err := decoder.Decode(&policydocumentrequest); err != nil {
+		switch {
+		case err == io.EOF:
+			http.Error(w, "Empty request body", http.StatusBadRequest)
+		case err.Error() == "http: request body too large":
+			http.Error(w, "Request body too large (max 1MB)", http.StatusRequestEntityTooLarge)
+		default:
+			http.Error(w, fmt.Sprintf("Invalid JSON: %v", err), http.StatusBadRequest)
+		}
+		return
+	}
+
+	// Optional: basic validation
+	if policydocumentrequest.PolicyDocument.Actions == nil || policydocumentrequest.PolicyDocument.Effect == "" || policydocumentrequest.PolicyDocument.Resources == nil {
+		http.Error(w, "Missing required fields: id and title", http.StatusBadRequest)
+		return
+	}
+
+	// Process the results
+	log.Printf("New Policy: Account:%s, PolicyIdentifier=%s, Actions=%q, Effect=%q, Resources=%q, Comment=%q",
+		accountid, policydocumentrequest.PolicyDocument.PolicyIdentifier, policydocumentrequest.PolicyDocument.Actions,
+		policydocumentrequest.PolicyDocument.Effect, policydocumentrequest.PolicyDocument.Resources, policydocumentrequest.PolicyDocument.Comment)
+
+	// Check if policy with the same name already exists for the account
+	checkExisting := pool.QueryRow(context.Background(),
+		"SELECT FROM policies WHERE accountid = $1 AND policyname = $2",
+		accountid, policydocumentrequest.PolicyName)
+	err := checkExisting.Scan()
+	if err == nil {
+		pri := "pri:iam::" + accountid + ":policy/" + policydocumentrequest.PolicyName
+		response := map[string]interface{}{
+			"status":    "fail",
+			"pri":       pri,
+			"message":   "Policy " + policydocumentrequest.PolicyName + " already exists: " + pri,
+			"timestamp": fmt.Sprintf("%d", time.Now().Unix()),
+		}
+
+		json.NewEncoder(w).Encode(response)
+		http.Error(w, "Policy with the same name already exists for this account", http.StatusConflict)
+		return
+	}
+
+	_, err = pool.Exec(context.Background(),
+		"INSERT INTO policies (accountid, policyname, document) VALUES($1, $2, $3) ON CONFLICT DO NOTHING",
+		accountid, policydocumentrequest.PolicyName, policydocumentrequest.PolicyDocument)
+	if err != nil {
+		log.Printf("Error inserting policy: %v", err)
+		http.Error(w, "Internal Server Error", http.StatusInternalServerError)
+		return
+	}
+
+	// Success response
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(http.StatusCreated)
+
+	// arnservice:region:account-id:resource-type:resource-id
+	pri := "pri:iam::" + accountid + ":policy/" + policydocumentrequest.PolicyName
+
+	response := map[string]interface{}{
+		"status":    "success",
+		"pri":       pri,
+		"message":   "Policy created",
+		"timestamp": fmt.Sprintf("%d", time.Now().Unix()),
+	}
+
+	json.NewEncoder(w).Encode(response)
+}