setup

.gitignore

@@ -1 +0,0 @@
-oc-datacenter

Dockerfile

@@ -1,30 +1,53 @@
+ARG KUBERNETES_HOST=${KUBERNETES_HOST:-"127.0.0.1"}
+
+FROM golang:alpine AS deps
+
+WORKDIR /app
+COPY go.mod go.sum ./
+RUN sed -i '/replace/d' go.mod
+RUN go mod download
+
+#----------------------------------------------------------------------------------------------
+
 FROM golang:alpine AS builder
 
 WORKDIR /app 
 
-COPY . .
-
 RUN apk add git
 
-RUN go get github.com/beego/bee/v2 && go install github.com/beego/bee/v2@master
+RUN go install github.com/beego/bee/v2@latest
 
-RUN timeout 15 bee run -gendoc=true -downdoc=true -runmode=dev || :
+WORKDIR /oc-datacenter
 
-RUN sed -i 's/http:\/\/127.0.0.1:8080\/swagger\/swagger.json/swagger.json/g' swagger/index.html
+COPY --from=deps /go/pkg /go/pkg
+COPY --from=deps /app/go.mod /app/go.sum ./
 
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-w -s" -o setup .
+RUN export CGO_ENABLED=0 && \
+    export GOOS=linux && \
+    export GOARCH=amd64 && \
+    export BUILD_FLAGS="-ldflags='-w -s'"
 
-RUN ls /app
+COPY . .
 
-FROM scratch
+RUN sed -i '/replace/d' go.mod
+RUN if [ ! -f swagger/index.html ]; then timeout 15 bee run --gendoc=true --downdoc=true; fi
+RUN bee generate routers
+RUN bee generate docs
+RUN bee pack
+RUN mkdir -p /app/extracted && tar -zxvf oc-datacenter.tar.gz -C /app/extracted
+RUN sed -i 's/http:\/\/127.0.0.1:8080\/swagger\/swagger.json/swagger.json/g' /app/extracted/swagger/index.html
+
+#----------------------------------------------------------------------------------------------
+
+FROM golang:alpine
+
+ENV KUBERNETES_SERVICE_HOST=$KUBERNETES_HOST
 
 WORKDIR /app
-
+COPY --from=builder /app/extracted/oc-datacenter /usr/bin/ 
-COPY --from=builder /app/setup /usr/bin/setup
+COPY --from=builder /app/extracted/swagger /app/swagger
-COPY --from=builder /app/swagger /app/swagger
+COPY --from=builder /app/extracted/docker_datacenter.json /etc/oc/datacenter.json
-
-COPY docker_datacenter.json /etc/oc/datacenter.json
 
 EXPOSE 8080
 
-ENTRYPOINT ["setup"]
+ENTRYPOINT ["oc-datacenter"]

Makefile

@@ -0,0 +1,35 @@
+.DEFAULT_GOAL := all
+
+build: clean
+	bee pack
+
+run:
+	bee run -gendoc=true -downdoc=true
+
+purge:
+	lsof -t -i:8092 | xargs kill | true
+
+run-dev:
+	bee generate routers && bee run -gendoc=true -downdoc=true -runmode=prod
+
+dev: purge run-dev
+
+debug:
+	bee run -downdebug -gendebug
+
+clean:
+	rm -rf oc-datacenter.tar.gz
+
+docker:
+	DOCKER_BUILDKIT=1 docker build -t oc/oc-datacenter:0.0.1 -f Dockerfile .
+	docker tag oc/oc-datacenter:0.0.1 oc/oc-datacenter:latest
+
+publish-kind:
+	kind load docker-image oc/oc-datacenter:0.0.1 --name opencloud
+
+publish-registry:
+	@echo "TODO"
+
+all: docker publish-kind publish-registry
+
+.PHONY: build run clean docker publish-kind publish-registry

README.md

@@ -7,6 +7,9 @@ To build :
     bee generate routers
     bee run -gendoc=true -downdoc=true
 
+OR 
+    make dev
+
 If default Swagger page is displayed instead of tyour api, change url in swagger/index.html file to :
 
     url: "swagger.json"
@@ -14,7 +17,52 @@ If default Swagger page is displayed instead of tyour api, change url in swagger
 Note on particular process :
 - set a bookin delete all related workflow booking before creating new ones. (no update of existing ones)
 
+## Admiralty
+
+The routes in /admiralty will trigger actions on the DC's Kubernetes API to retrieve information on Admiralty resources.
+
+### Targets
+
+Remote clusters that can be used by Admiralty to delegate pods.
+
+To set up a target Admiralty needs to associate a `secret` which contains an edited version of the target's `kubeconfig`. 
+
+Once the Target is set the remote cluster appears in the output of `kubectl get nodes` under the name `admiralty-<namespace>-<target name>-*`
+
+**TODO** : We might need a way to test if an IP is associated to an admiralty target 
+
 # Docker Kube Settings
 
 Set up your base64 key from your ~/.kube/config.
-Don't forget to set up your external IP in docker_datacenter.json
+Don't forget to set up your external IP in docker_datacenter.json
+## Admiralty
+
+The routes in /admiralty will trigger actions on the DC's Kubernetes API to retrieve information on Admiralty resources.
+
+### Targets
+
+Remote clusters that can be used by Admiralty to delegate pods.
+
+To set up a target Admiralty needs to associate a `secret` which contains an edited version of the target's `kubeconfig`. 
+
+Once the Target is set the remote cluster appears in the output of `kubectl get nodes` under the name `admiralty-<namespace>-<target name>-*`
+
+**TODO** : We might need a way to test if an IP is associated to an admiralty target 
+
+# Docker Kube Settings
+
+Set up your base64 key from your ~/.kube/config.
+Don't forget to set up your external IP in docker_datacenter.json
+## Admiralty
+
+The routes in /admiralty will trigger actions on the DC's Kubernetes API to retrieve information on Admiralty resources.
+
+### Targets
+
+Remote clusters that can be used by Admiralty to delegate pods.
+
+To set up a target Admiralty needs to associate a `secret` which contains an edited version of the target's `kubeconfig`. 
+
+Once the Target is set the remote cluster appears in the output of `kubectl get nodes` under the name `admiralty-<namespace>-<target name>-*`
+
+**TODO** : We might need a way to test if an IP is associated to an admiralty target 

conf/app.conf

@@ -1,5 +1,5 @@
 appname = oc-datacenter
-httpport = 8080
+httpport = 8092
 runmode = dev
 autorender = false
 copyrequestbody = true
@@ -7,4 +7,4 @@ EnableDocs = true
 sqlconn = 
 
 MONGO_URL = "mongodb://127.0.0.1:27017/beego-demo"
-MONGO_DATABASE = "DC_myDC-demo_06042021"
+MONGO_DATABASE = "DC_myDC-demo_06042021"

conf/config.go

@@ -19,4 +19,4 @@ func GetConfig() *Config {
 		instance = &Config{}
 	})
 	return instance
-}
+}

controllers/admiralty.go

@@ -0,0 +1,545 @@
+package controllers
+
+import (
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"oc-datacenter/conf"
+	"oc-datacenter/infrastructure"
+	"oc-datacenter/models"
+	"slices"
+	"time"
+
+	beego "github.com/beego/beego/v2/server/web"
+	jwt "github.com/golang-jwt/jwt/v5"
+	"gopkg.in/yaml.v2"
+	v1 "k8s.io/api/core/v1"
+)
+
+type KubeInfo struct {
+	Url 			*string
+	KubeCA   		*string
+	KubeCert 		*string
+	KubeKey 		*string
+}
+
+type RemoteKubeconfig struct {
+	Data	*string
+}
+
+type KubeUser struct {
+	Name 	string
+	User 	struct {
+		Token 	string
+	}
+}
+
+type KubeconfigToken struct {
+	ApiVersion		string		`yaml:"apiVersion"`
+	Kind			string		`yaml:"kind"`
+	Preferences		string		`yaml:"preferences"`
+	CurrentContext	string		`yaml:"current-context"`
+	Clusters []struct{			
+		Cluster struct{	
+			CA		string		`yaml:"certificate-authority-data"`
+			Server	string		`yaml:"server"`
+		
+		}						`yaml:"cluster"`
+		Name		string		`yaml:"name"`
+	} 							`yaml:"clusters"`
+	Contexts []struct{
+		Context	struct{
+			Cluster	string		`yaml:"cluster"`
+			User 	string		`yaml:"user"`
+		}						`yaml:"context"`
+		Name 		string		`yaml:"name"`
+	}							`yaml:"contexts"`
+	Users	[]struct{
+		Name 		string		`yaml:"name"`
+		User struct {
+			Token	string		`yaml:"token"`
+		}						`yaml:"user"`
+	}							`yaml:"users"`
+}
+
+
+
+// Operations about the admiralty objects of the datacenter
+type AdmiraltyController struct {
+	beego.Controller
+}
+
+// @Title GetAllTargets
+// @Description find all Admiralty Target
+// @Success 200 
+// @router /targets [get]
+func (c *AdmiraltyController) GetAllTargets() {
+	serv, err := infrastructure.NewService()
+	if err != nil {
+		// change code to 500
+		HandleControllerErrors(c.Controller,500,&err,nil)
+		// c.Ctx.Output.SetStatus(500)
+		// c.ServeJSON()
+		// c.Data["json"] = map[string]string{"error": err.Error()}
+		return
+	}
+	
+	res, err := serv.GetTargets(c.Ctx.Request.Context())
+	c.Data["json"] = res
+	c.ServeJSON()
+}
+
+// @Title GetOneTarget
+// @Description find one Admiralty Target
+// @Param id path string true "the name of the target to get"
+// @Success 200 
+// @router /targets/:execution [get]
+func (c *AdmiraltyController) GetOneTarget() {
+	id := c.Ctx.Input.Param(":execution")
+	serv, err := infrastructure.NewService()
+	if err != nil {
+		// change code to 500
+		c.Ctx.Output.SetStatus(500)
+		c.ServeJSON()
+		c.Data["json"] = map[string]string{"error": err.Error()}
+		return
+	}
+	
+	res, err := serv.GetTargets(c.Ctx.Request.Context())
+	id = "target-"+id
+	found := slices.Contains(res,id)
+	if !found {
+		c.Ctx.Output.SetStatus(404)
+		c.ServeJSON()
+	}
+
+	c.Data["json"] = id
+	c.ServeJSON()
+}
+
+// @Title CreateSource
+// @Description Create an Admiralty Source on remote cluster
+// @Param execution path 	string 		true	"execution id of the workflow"
+// @Success 201 
+// @router /source/:execution [post]
+func (c *AdmiraltyController) CreateSource() {
+
+	execution := c.Ctx.Input.Param(":execution")
+	fmt.Println("execution :: ", execution)
+	fmt.Println("input :: ", c.Ctx.Input)
+	serv, err := infrastructure.NewKubernetesService()
+	if err != nil {
+		// change code to 500
+		c.Ctx.Output.SetStatus(500)
+		c.ServeJSON()
+		c.Data["json"] = map[string]string{"error": err.Error()}
+		c.ServeJSON()
+		return
+	}
+
+	res, err := serv.CreateAdmiraltySource(c.Ctx.Request.Context(),execution)
+	if err != nil {
+		// change code to 500
+		c.Ctx.Output.SetStatus(500)
+		c.Data["json"] = map[string]string{"error": err.Error()}
+		c.ServeJSON()
+		return
+	}
+	
+	// TODO : Return a description of the created resource
+	var respData map[string]interface{}
+	err = json.Unmarshal(res,&respData)
+	
+	c.Ctx.Output.SetStatus(201)
+	c.Data["json"] = respData
+	c.ServeJSON()
+	
+}
+
+// @Title CreateAdmiraltyTarget
+// @Description Create an Admiralty Target in the namespace associated to the executionID
+// @Param execution path 	string 		true	"execution id of the workflow"
+// @Success 201
+// @router /target/:execution [post]
+func (c *AdmiraltyController) CreateAdmiraltyTarget(){
+	var data map[string]interface{}
+	
+	execution := c.Ctx.Input.Param(":execution")
+
+
+	serv, err := infrastructure.NewService()
+	if err != nil {
+		// change code to 500
+		c.Ctx.Output.SetStatus(500)
+		c.Data["json"] = map[string]string{"error": err.Error()}
+		c.ServeJSON()
+		return
+	}
+
+	resp, err := serv.CreateAdmiraltyTarget(c.Ctx.Request.Context(),execution)
+	if err != nil {
+		// change code to 500
+		c.Ctx.Output.SetStatus(500)
+		c.Data["json"] = map[string]string{"error": err.Error()}
+		c.ServeJSON()
+		return
+	}
+	if resp == nil {
+		fmt.Println("Error while trying to create Admiralty target")
+		fmt.Println(resp)
+		fmt.Println(err)
+		c.Ctx.Output.SetStatus(401)
+		c.Data["json"] = map[string]string{"error" : "Could not perform the action" }
+		c.ServeJSON()
+		return
+	}
+
+	err = json.Unmarshal(resp,&data)
+	if err != nil {
+		// change code to 500
+		c.Ctx.Output.SetStatus(500)
+		c.ServeJSON()
+		c.Data["json"] = map[string]string{"error": err.Error()}
+		return
+	}
+	c.Ctx.Output.SetStatus(201)
+	c.Data["json"] = data
+	c.ServeJSON()
+
+}
+
+// @Title GetKubeSecret
+// @Description Retrieve the secret created from a Kubeconfig that will be associated to an Admiralty Target
+
+// @Param execution path 	string 		true	"execution id of the workflow"
+// @Success 200 
+// @router /secret/:execution [get]
+func(c *AdmiraltyController) GetKubeSecret() {
+	var data map[string]interface{} 
+	
+	execution := c.Ctx.Input.Param(":execution")
+
+	serv, err := infrastructure.NewService()
+	if err != nil {
+		// change code to 500
+		c.Ctx.Output.SetStatus(500)
+		c.Data["json"] = map[string]string{"error": err.Error()}
+		c.ServeJSON()
+		return
+	}
+
+	resp, err := serv.GetKubeconfigSecret(c.Ctx.Request.Context(),execution)
+	if err != nil {
+		// change code to 500
+		c.Ctx.Output.SetStatus(500)
+		c.Data["json"] = map[string]string{"error": err.Error()}
+		c.ServeJSON()
+		return
+	}
+	if resp == nil {
+		c.Ctx.Output.SetStatus(404)
+		c.ServeJSON()
+		return
+	}
+	
+	err = json.Unmarshal(resp,&data)
+	if err != nil {
+		// change code to 500
+		c.Ctx.Output.SetStatus(500)
+		c.ServeJSON()
+		c.Data["json"] = map[string]string{"error": err.Error()}
+		return
+	}
+
+	c.Data["json"] = data
+	c.ServeJSON()
+}
+
+
+// @Title CreateKubeSecret
+// @Description Creat a secret from a Kubeconfig that will be associated to an Admiralty Target
+
+// @Param execution path 	string 		true	"execution id of the workflow"
+// @Param kubeconfig 	body	controllers.RemoteKubeconfig 		true 	"Kubeconfig to use when creating secret"
+// @Success 201 
+// @router /secret/:execution [post]
+func (c *AdmiraltyController) CreateKubeSecret() {
+	var kubeconfig 	RemoteKubeconfig
+	var respData	map[string]interface{}
+
+	data := c.Ctx.Input.CopyBody(100000)
+
+	err := json.Unmarshal(data, &kubeconfig)
+	if err != nil {
+		fmt.Println("Error when retrieving the data for kubeconfig from request")
+		fmt.Println(err)
+		c.Ctx.Output.SetStatus(500)
+		c.Data["json"] = map[string]string{"error": err.Error()}
+		c.ServeJSON()
+		return
+	}
+
+	
+	execution := c.Ctx.Input.Param(":execution")
+
+
+	serv, err := infrastructure.NewService()
+	if err != nil {
+		// change code to 500
+		c.Ctx.Output.SetStatus(500)
+		c.Data["json"] = map[string]string{"error": err.Error()}
+		c.ServeJSON()
+		return
+	}
+
+	resp, err := serv.CreateKubeconfigSecret(c.Ctx.Request.Context(),*kubeconfig.Data,execution)
+	if err != nil {
+		// change code to 500
+		c.Ctx.Output.SetStatus(500)
+		c.Data["json"] = map[string]string{"error": err.Error()}
+		c.ServeJSON()
+		return
+	}
+
+	err = json.Unmarshal(resp,&respData)
+	c.Ctx.Output.SetStatus(201)
+	c.Data["json"] = respData
+	c.ServeJSON()
+
+}
+
+// @name GetAdmiraltyNodes
+// @description	Allows user to test if an admiralty connection has already been established : Target and valid Secret set up on the local host  and Source set up on remote host
+// @Param execution path 	string 		true	"execution id of the workflow"
+// @Success 200 
+// @router /node/:execution [get]
+func (c *AdmiraltyController) GetNodeReady(){
+	var secret v1.Secret
+	
+	execution := c.Ctx.Input.Param(":execution")
+
+
+	serv, err := infrastructure.NewService()
+	if err != nil {
+		// change code to 500
+		c.Ctx.Output.SetStatus(500)
+		c.Data["json"] = map[string]string{"error": err.Error()}
+		c.ServeJSON()
+		return
+	}
+
+	node, err := serv.GetOneNode(c.Ctx.Request.Context(),execution)
+	if err != nil {
+		// change code to 500
+		c.Ctx.Output.SetStatus(500)
+		c.Data["json"] = map[string]string{"error": err.Error()}
+		c.ServeJSON()
+		return
+	}
+	if node == nil {
+		c.Ctx.Output.SetStatus(404)
+		c.Data["json"] = map[string]string{
+			"error" : "the node for " + execution + " can't be found, make sure both target and source resources are set up on local and remote hosts",
+		}
+		c.ServeJSON()
+		return
+	}
+
+	resp, err := serv.GetKubeconfigSecret(c.Ctx.Request.Context(),execution)
+	if err != nil {
+		// change code to 500
+		c.Ctx.Output.SetStatus(500)
+		c.Data["json"] = map[string]string{"error": err.Error()}
+		c.ServeJSON()
+		return
+	}
+	if resp == nil {
+		c.Ctx.Output.SetStatus(500)
+		c.Data["json"] = map[string]string{"error": "Nodes was up but the secret can't be found"}
+		c.ServeJSON()
+		return
+	}
+	
+
+	// Extract JWT token RS265 encoded
+	var editedKubeconfig map[string]interface{}
+	json.Unmarshal(resp,&secret)
+	byteEditedKubeconfig := secret.Data["config"]
+	err = yaml.Unmarshal(byteEditedKubeconfig,&editedKubeconfig)
+	// err = json.Unmarshal(byteEditedKubeconfig,&editedKubeconfig)
+	if err != nil {
+		fmt.Println("Error while retrieving the kubeconfig from secret-",execution)
+		fmt.Println(err)
+		c.Ctx.Output.SetStatus(500)
+		c.Data["json"] = err
+		c.ServeJSON()
+		return
+	}
+	
+	token, err := retrieveTokenFromKonfig(editedKubeconfig)
+	if err != nil {
+		fmt.Println("Error while trying to retrieve token for kubeconfing")
+		fmt.Println(err)
+		HandleControllerErrors(c.Controller,500,&err,nil)
+	}
+	
+	// Decode token
+	isExpired, err := isTokenExpired(token)
+	if err != nil {
+		fmt.Println("Error veryfing token's expiration")
+		c.Ctx.Output.SetStatus(500)
+		c.Data["json"] = err
+		c.ServeJSON()
+	}
+
+	if *isExpired {
+		c.Data["json"] = map[string]string{
+			"token" : "token in the secret is expired and must be regenerated",
+		}
+		c.Ctx.Output.SetStatus(410)
+		c.ServeJSON()
+	}
+
+	c.Data["json"] = map[string]bool{"ok": true}
+	c.ServeJSON()
+	
+}
+
+func retrieveTokenFromKonfig(editedKubeconfig map[string]interface{}) (string,error) {
+	var kubeUsers []KubeUser
+	b, err := yaml.Marshal(editedKubeconfig["users"])
+	if err != nil {
+		fmt.Println("Error while retrieving the users attribute from the Kubeconfig")
+		fmt.Println(err)
+		return "", err
+	}
+	err = yaml.Unmarshal(b,&kubeUsers)
+	if err != nil {
+		fmt.Println("Error while unmarshalling users attribute from kubeconfig")
+		fmt.Println(err)
+		return "", nil
+	}
+	fmt.Println(kubeUsers)
+	token := kubeUsers[0].User.Token
+
+	return token, nil
+}
+
+func isTokenExpired(token string) (*bool, error){
+	t, _, err := new(jwt.Parser).ParseUnverified(token, jwt.MapClaims{})
+	if err != nil {
+		fmt.Println("couldn't decode token")
+		return nil, err
+	}
+
+	expiration, err := t.Claims.GetExpirationTime()
+	if err != nil {
+		fmt.Println("Error while checking token's expiration time")
+		return nil, err
+	}
+	fmt.Println("Expiration date : " + expiration.UTC().Format("2006-01-02T15:04:05"))
+
+	expired := expiration.Unix() < time.Now().Unix()
+
+	return &expired, nil
+} 
+
+// @name Get Admiralty Kubeconfig
+// @description	Retrieve a kubeconfig from the host with the token to authenticate as the SA from the namespace identified with execution id
+
+// @Param execution path 	string 		true	"execution id of the workflow"
+// @Success 200 
+// @router /kubeconfig/:execution [get]
+func (c *AdmiraltyController) GetAdmiraltyKubeconfig() {
+	
+	execution := c.Ctx.Input.Param(":execution")
+
+
+	serv, err := infrastructure.NewService()
+	if err != nil {
+		// change code to 500
+		c.Ctx.Output.SetStatus(500)
+		c.Data["json"] = map[string]string{"error": err.Error()}
+		c.ServeJSON()
+		return
+	}
+
+	generatedToken, err := serv.GenerateToken(c.Ctx.Request.Context(),execution,3600)
+	if err != nil {
+		fmt.Println("Couldn't generate a token for ns-", execution)
+		fmt.Println(err)
+		c.Ctx.Output.SetStatus(500)
+		c.Data["json"] = map[string]string{"error": err.Error()}
+		c.ServeJSON()
+		return
+	}
+
+	kubeconfig, err := NewHostKubeWithToken(generatedToken)
+	if err != nil {
+		fmt.Println("Could not retrieve the Kubeconfig edited with token")
+		fmt.Println(err)
+		c.Ctx.Output.SetStatus(500)
+		c.Data["json"] = map[string]string{"error": err.Error()}
+		c.ServeJSON()
+		return
+	}
+
+	b, err := json.Marshal(kubeconfig)
+	if err != nil {
+		fmt.Println("Error while marshalling kubeconfig")
+		c.Ctx.Output.SetStatus(500)
+		c.Data["json"] = map[string]string{"error": err.Error()}
+		c.ServeJSON()
+	}
+
+	encodedKubeconfig := base64.StdEncoding.EncodeToString(b)
+	c.Data["json"] = map[string]string{
+		"data": encodedKubeconfig,
+	}
+	
+	c.ServeJSON()
+}
+
+
+func NewHostKubeWithToken(token string) (*models.KubeConfigValue, error){
+	if len(token) == 0 {
+		return nil, fmt.Errorf("you didn't provide a token to be inserted in the Kubeconfig")
+	}
+
+	encodedCA := base64.StdEncoding.EncodeToString([]byte(conf.GetConfig().KubeCA))
+
+	hostKube := models.KubeConfigValue{
+		APIVersion: "v1",
+		CurrentContext: "default",
+		Kind: "Config",
+		Preferences: struct{}{},
+		Clusters: []models.KubeconfigNamedCluster{
+			{
+				Name: "default",
+				Cluster: models.KubeconfigCluster{
+					Server: "https://" + conf.GetConfig().KubeHost + ":6443",
+					CertificateAuthorityData: encodedCA,
+				},
+			},
+		},
+		Contexts: []models.KubeconfigNamedContext{
+			{
+				Name: "default",
+				Context: models.KubeconfigContext{
+					Cluster: "default",
+					User: "default",
+				},
+			},
+		},
+		Users: []models.KubeconfigUser{
+			models.KubeconfigUser{
+				Name: "default",
+				User: models.KubeconfigUserKeyPair{
+					Token: token,
+				},
+			},
+		},
+	}
+
+	return &hostKube, nil
+}

controllers/booking.go

@@ -20,6 +20,8 @@ type BookingController struct {
 	beego.Controller
 }
 
+var BookingExample booking.Booking
+
 // @Title Search
 // @Description search bookings by execution
 // @Param	id		path 	string	true		"id execution"
@@ -198,7 +200,6 @@ func (o *BookingController) Check() {
 // @Success 200 {object} models.object
 // @router / [post]
 func (o *BookingController) Post() {
-	fmt.Println("POST")
 	/*
 	 * This function is used to create a booking.
 	 * It takes the following parameters:
@@ -209,7 +210,13 @@ func (o *BookingController) Post() {
 	 */
 	var resp booking.Booking
 	user, peerID, groups := oclib.ExtractTokenInfo(*o.Ctx.Request)
-	json.Unmarshal(o.Ctx.Input.CopyBody(10000000), &resp)
+	err := json.Unmarshal(o.Ctx.Input.CopyBody(10000000), &resp)
+	if err != nil {
+		fmt.Println("Error unmarshalling")
+		fmt.Println(err)
+		fmt.Println(resp)
+	}
+
 	dc_id := resp.ResourceID
 	// delete all previous bookings
 	isDraft := o.Ctx.Input.Query("is_draft")
@@ -239,7 +246,11 @@ func (o *BookingController) Post() {
 		o.ServeJSON()
 		return
 	}
-	fmt.Println("there was an error creating the namespace", o.createNamespace(resp.ExecutionsID))
+
+	/*if err := o.createNamespace(resp.ExecutionsID); err != nil {
+		fmt.Println(err.Error())
+	}*/
+
 	o.Data["json"] = map[string]interface{}{
 		"data":  []interface{}{b},
 		"code":  200,

controllers/datacenter.go

@@ -21,12 +21,12 @@ func (o *DatacenterController) GetAll() {
 	isDraft := o.Ctx.Input.Query("is_draft")
 	storages := oclib.NewRequest(oclib.LibDataEnum(oclib.STORAGE_RESOURCE), user, peerID, groups, nil).Search(&dbs.Filters{
 		Or: map[string][]dbs.Filter{
-			"abstractintanciatedresource.abstractresource.abstractobject.creator_id": {{Operator: dbs.EQUAL.String(), Value: peerID}},
+			"abstractinstanciatedresource.abstractresource.abstractobject.creator_id": {{Operator: dbs.EQUAL.String(), Value: peerID}},
 		},
 	}, "", isDraft == "true")
 	computes := oclib.NewRequest(oclib.LibDataEnum(oclib.COMPUTE_RESOURCE), user, peerID, groups, nil).Search(&dbs.Filters{
 		Or: map[string][]dbs.Filter{
-			"abstractintanciatedresource.abstractresource.abstractobject.creator_id": {{Operator: dbs.EQUAL.String(), Value: peerID}},
+			"abstractinstanciatedresource.abstractresource.abstractobject.creator_id": {{Operator: dbs.EQUAL.String(), Value: peerID}},
 		},
 	}, "", isDraft == "true")
 	storages.Data = append(storages.Data, computes.Data...)
@@ -49,15 +49,15 @@ func (o *DatacenterController) Get() {
 	id := o.Ctx.Input.Param(":id")
 	storages := oclib.NewRequest(oclib.LibDataEnum(oclib.STORAGE_RESOURCE), user, peerID, groups, nil).Search(&dbs.Filters{
 		Or: map[string][]dbs.Filter{
-			"abstractintanciatedresource.abstractresource.abstractobject.id":         {{Operator: dbs.EQUAL.String(), Value: id}},
+			"abstractinstanciatedresource.abstractresource.abstractobject.id":         {{Operator: dbs.EQUAL.String(), Value: id}},
-			"abstractintanciatedresource.abstractresource.abstractobject.creator_id": {{Operator: dbs.EQUAL.String(), Value: peerID}},
+			"abstractinstanciatedresource.abstractresource.abstractobject.creator_id": {{Operator: dbs.EQUAL.String(), Value: peerID}},
 		},
 	}, "", isDraft == "true")
 	if len(storages.Data) == 0 {
 		computes := oclib.NewRequest(oclib.LibDataEnum(oclib.COMPUTE_RESOURCE), user, peerID, groups, nil).Search(&dbs.Filters{
 			Or: map[string][]dbs.Filter{
-				"abstractintanciatedresource.abstractresource.abstractobject.id":         {{Operator: dbs.EQUAL.String(), Value: id}},
+				"abstractinstanciatedresource.abstractresource.abstractobject.id":         {{Operator: dbs.EQUAL.String(), Value: id}},
-				"abstractintanciatedresource.abstractresource.abstractobject.creator_id": {{Operator: dbs.EQUAL.String(), Value: peerID}},
+				"abstractinstanciatedresource.abstractresource.abstractobject.creator_id": {{Operator: dbs.EQUAL.String(), Value: peerID}},
 			},
 		}, "", isDraft == "true")
 		if len(computes.Data) == 0 {

controllers/error_handler.go

@@ -0,0 +1,21 @@
+package controllers
+
+import (
+	"fmt"
+
+	beego "github.com/beego/beego/v2/server/web"
+)
+
+func HandleControllerErrors(c beego.Controller, code int, err *error, data *map[string]interface{}, messages ...string) {
+	for _, mess := range messages {
+		fmt.Println(mess)
+	}
+	if data != nil {
+		c.Data["json"] = data
+	}
+	if err != nil {
+		c.Data["json"] = map[string]string{"error": (*err).Error()}
+	}
+	c.Ctx.Output.SetStatus(code)
+	c.ServeJSON()
+}

controllers/session.go

@@ -40,7 +40,7 @@ func (o *SessionController) GetToken() {
 		return
 	}
 	fmt.Println("BLAPO", id, duration)
-	token, err := serv.GetToken(o.Ctx.Request.Context(), id, duration)
+	token, err := serv.GenerateToken(o.Ctx.Request.Context(), id, duration)
 	if err != nil {
 		// change code to 500
 		o.Ctx.Output.SetStatus(500)

controllers/version.go

@@ -15,7 +15,10 @@ type VersionController struct {
 // @Success 200
 // @router / [get]
 func (c *VersionController) GetAll() {
-	c.Data["json"] = map[string]string{"version": "1"}
+	c.Data["json"] = map[string]string{
+		"service": "oc-datacenter",
+		"version": "1",
+	}
 	c.ServeJSON()
 }
 

datacenter.json

@@ -1,5 +1,7 @@
 {
-    "port": 8080,
+    "MONGO_URL": "mongodb://mongo:27017/",
-    "MONGO_URL":"mongodb://localhost:27017/", 
+    "NATS_URL": "nats://localhost:4222",
-    "MONGO_DATABASE":"DC_myDC"
+    "MONGO_DATABASE": "DC_myDC",
+    "KUBERNETES_SERVICE_HOST": "172.16.0.183",
+    "port": "8092"
 }

docker-compose.base.yml

@@ -1,34 +0,0 @@
-version: '3.4'
-
-services:
-  mongo:
-    image: 'mongo:latest'
-    networks: 
-      - catalog
-    ports:
-      - 27017:27017
-    container_name: mongo
-    volumes: 
-      - oc-catalog-data:/data/db
-      - oc-catalog-data:/data/configdb
-  
-  mongo-express:
-    image: "mongo-express:latest"
-    restart: always
-    depends_on: 
-      - mongo
-    networks: 
-      - catalog
-    ports:
-      - 8081:8081
-    environment:
-      - ME_CONFIG_BASICAUTH_USERNAME=test
-      - ME_CONFIG_BASICAUTH_PASSWORD=test
-
-volumes:
-  oc-catalog-data:
-
-networks: 
-  catalog:
-    external: true
-    # name: catalog

docker-compose.yml

@@ -2,6 +2,9 @@ version: '3.4'
 
 services:
   oc-datacenter:
+    env_file:
+    - path: ./env.env
+      required: false
     environment: 
       - MONGO_DATABASE=DC_myDC
     image: 'oc-datacenter:latest'
@@ -10,14 +13,17 @@ services:
     labels:
         - "traefik.enable=true"
         - "traefik.http.routers.datacenter.entrypoints=web"
-        - "traefik.http.middlewares.auth.forwardauth.address=http://oc-auth:8080/oc/forward"
+        - "traefik.http.routers.datacenter.rule=PathPrefix(`/datacenter`)"
-        - "traefik.http.routers.workflow.rule=PathPrefix(/datacenter)"
+        - "traefik.http.services.datacenter.loadbalancer.server.port=8080"
-        - "traefik.http.routers.datacenter.tls=false"
+        - "traefik.http.middlewares.datacenter-rewrite.replacepathregex.regex=^/datacenter(.*)"
-        - "traefik.http.routers.datacenter.middlewares=auth"
+        - "traefik.http.middlewares.datacenter-rewrite.replacepathregex.replacement=/oc$$1"
+        - "traefik.http.routers.datacenter.middlewares=datacenter-rewrite"
+        - "traefik.http.middlewares.datacenter.forwardauth.address=http://oc-auth:8080/oc/forward"
     container_name: oc-datacenter
     networks: 
-      - catalog
+      - oc
+
 
 networks: 
-  catalog:
+  oc:
     external: true

docker_datacenter.json

@@ -1,9 +1,5 @@
 {
     "MONGO_URL":"mongodb://mongo:27017/", 
     "NATS_URL":"nats://nats:4222",
-    "MONGO_DATABASE":"DC_myDC",
+    "MONGO_DATABASE":"DC_myDC"    
-    "KUBERNETES_SERVICE_HOST" : "192.168.1.69",
-    "KUBE_CA" : "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkekNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdGMyVnkKZG1WeUxXTmhRREUzTWpNeE1USXdNell3SGhjTk1qUXdPREE0TVRBeE16VTJXaGNOTXpRd09EQTJNVEF4TXpVMgpXakFqTVNFd0h3WURWUVFEREJock0zTXRjMlZ5ZG1WeUxXTmhRREUzTWpNeE1USXdNell3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFTVlk3ZHZhNEdYTVdkMy9jMlhLN3JLYjlnWXgyNSthaEE0NmkyNVBkSFAKRktQL2UxSVMyWVF0dzNYZW1TTUQxaStZdzJSaVppNUQrSVZUamNtNHdhcnFvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVWtlUVJpNFJiODduME5yRnZaWjZHClc2SU55NnN3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUlnRXA5ck04WmdNclRZSHYxZjNzOW5DZXZZeWVVa3lZUk4KWjUzazdoaytJS1FDSVFDbk05TnVGKzlTakIzNDFacGZ5ays2NEpWdkpSM3BhcmVaejdMd2lhNm9kdz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K",
-    "KUBE_CERT":"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJrVENDQVRlZ0F3SUJBZ0lJWUxWNkFPQkdrU1F3Q2dZSUtvWkl6ajBFQXdJd0l6RWhNQjhHQTFVRUF3d1kKYXpOekxXTnNhV1Z1ZEMxallVQXhOekl6TVRFeU1ETTJNQjRYRFRJME1EZ3dPREV3TVRNMU5sb1hEVEkxTURndwpPREV3TVRNMU5sb3dNREVYTUJVR0ExVUVDaE1PYzNsemRHVnRPbTFoYzNSbGNuTXhGVEFUQmdOVkJBTVRESE41CmMzUmxiVHBoWkcxcGJqQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VIQTBJQUJGQ2Q1MFdPeWdlQ2syQzcKV2FrOWY4MVAvSkJieVRIajRWOXBsTEo0ck5HeHFtSjJOb2xROFYxdUx5RjBtOTQ2Nkc0RmRDQ2dqaXFVSk92Swp3NVRPNnd5alNEQkdNQTRHQTFVZER3RUIvd1FFQXdJRm9EQVRCZ05WSFNVRUREQUtCZ2dyQmdFRkJRY0RBakFmCkJnTlZIU01FR0RBV2dCVFJkOFI5cXVWK2pjeUVmL0ovT1hQSzMyS09XekFLQmdncWhrak9QUVFEQWdOSUFEQkYKQWlFQTArbThqTDBJVldvUTZ0dnB4cFo4NVlMalF1SmpwdXM0aDdnSXRxS3NmUVVDSUI2M2ZNdzFBMm5OVWU1TgpIUGZOcEQwSEtwcVN0Wnk4djIyVzliYlJUNklZCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJlRENDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdFkyeHAKWlc1MExXTmhRREUzTWpNeE1USXdNell3SGhjTk1qUXdPREE0TVRBeE16VTJXaGNOTXpRd09EQTJNVEF4TXpVMgpXakFqTVNFd0h3WURWUVFEREJock0zTXRZMnhwWlc1MExXTmhRREUzTWpNeE1USXdNell3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFRc3hXWk9pbnIrcVp4TmFEQjVGMGsvTDF5cE01VHAxOFRaeU92ektJazQKRTFsZWVqUm9STW0zNmhPeVljbnN3d3JoNnhSUnBpMW5RdGhyMzg0S0Z6MlBvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVTBYZkVmYXJsZm8zTWhIL3lmemx6Cnl0OWlqbHN3Q2dZSUtvWkl6ajBFQXdJRFNRQXdSZ0loQUxJL2dNYnNMT3MvUUpJa3U2WHVpRVMwTEE2cEJHMXgKcnBlTnpGdlZOekZsQWlFQW1wdjBubjZqN3M0MVI0QzFNMEpSL0djNE53MHdldlFmZWdEVGF1R2p3cFk9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K",
-    "KUBE_DATA": "LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSU5ZS1BFb1dhd1NKUzJlRW5oWmlYMk5VZlY1ZlhKV2krSVNnV09TNFE5VTlvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFVUozblJZN0tCNEtUWUx0WnFUMS96VS84a0Z2Sk1lUGhYMm1Vc25pczBiR3FZblkyaVZEeApYVzR2SVhTYjNqcm9iZ1YwSUtDT0twUWs2OHJEbE03ckRBPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo="
 }

docs/admiralty_setup.puml

@@ -0,0 +1,21 @@
+@startuml
+
+boundary "oc-workflow" as workflow
+boundary "oc-monitord" as monitord
+boundary "local oc-datacenter" as locdc
+boundary "remote oc-datacenter" as rocdc
+
+workflow --> locdc : POST /booking/ {booking object}
+locdc --> locdc : create Namespace + ServiceAccount
+workflow --> rocdc : POST /boking/
+rocdc --> rocdc : create \nNamespace + \nServiceAccount
+monitord --> monitord : retrieves a Workflow to execute
+monitord --> monitord : workflow needs repartited execution
+' monitord --> rocdc : POST /????? (route that use the same \nmethods as /booking/ to create NS & SA)
+monitord --> rocdc : POST /admiralty/source
+monitord --> rocdc : GET /admiralty/kubeconfig/:execution_id
+rocdc -> monitord : base64 encoded edited kubeconfig with token (**how to make it secure** ???)
+monitord --> locdc : POST /admiralty/secret/:execution_id
+monitord --> locdc : POST /admiralty/target/:execution_id
+monitord --> locdc : GET /admiralty/nodes/:execution_id \n(if the node is up it means ALL GOOD)
+@enduml

env.env

@@ -0,0 +1,4 @@
+KUBERNETES_SERVICE_HOST=kubernetes.default.svc.cluster.local
+KUBE_CA="LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkakNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdGMyVnkKZG1WeUxXTmhRREUzTnpNeE1qY3dPVFl3SGhjTk1qWXdNekV3TURjeE9ERTJXaGNOTXpZd016QTNNRGN4T0RFMgpXakFqTVNFd0h3WURWUVFEREJock0zTXRjMlZ5ZG1WeUxXTmhRREUzTnpNeE1qY3dPVFl3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFReG81cXQ0MGxEekczRHJKTE1wRVBrd0ZBY1FmbC8vVE1iWjZzemMreHAKbmVzVzRTSTdXK1lWdFpRYklmV2xBMTRaazQvRFlDMHc1YlgxZU94RVVuL0pvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVXBLM2pGK25IRlZSbDcwb3ZRVGZnCmZabGNQZE13Q2dZSUtvWkl6ajBFQXdJRFJ3QXdSQUlnVnkyaUx0Y0xaYm1vTnVoVHdKbU5sWlo3RVlBYjJKNW0KSjJYbG1UbVF5a2tDSUhLbzczaDBkdEtUZTlSa0NXYTJNdStkS1FzOXRFU0tBV0x1emlnYXBHYysKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo="
+KUBE_CERT="LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJrakNDQVRlZ0F3SUJBZ0lJQUkvSUg2R2Rodm93Q2dZSUtvWkl6ajBFQXdJd0l6RWhNQjhHQTFVRUF3d1kKYXpOekxXTnNhV1Z1ZEMxallVQXhOemN6TVRJM01EazJNQjRYRFRJMk1ETXhNREEzTVRneE5sb1hEVEkzTURNeApNREEzTVRneE5sb3dNREVYTUJVR0ExVUVDaE1PYzNsemRHVnRPbTFoYzNSbGNuTXhGVEFUQmdOVkJBTVRESE41CmMzUmxiVHBoWkcxcGJqQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VIQTBJQUJQTTdBVEZQSmFMMjUrdzAKUU1vZUIxV2hBRW4vWnViM0tSRERrYnowOFhwQWJ2akVpdmdnTkdpdG4wVmVsaEZHamRmNHpBT29Nd1J3M21kbgpYSGtHVDB5alNEQkdNQTRHQTFVZER3RUIvd1FFQXdJRm9EQVRCZ05WSFNVRUREQUtCZ2dyQmdFRkJRY0RBakFmCkJnTlZIU01FR0RBV2dCUVZLOThaMEMxcFFyVFJSMGVLZHhIa2o0ejFJREFLQmdncWhrak9QUVFEQWdOSkFEQkcKQWlFQXZYWll6Zk9iSUtlWTRtclNsRmt4ZS80a0E4K01ieDc1UDFKRmNlRS8xdGNDSVFDNnM0ZXlZclhQYmNWSgpxZm5EamkrZ1RacGttN0tWSTZTYTlZN2FSRGFabUE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQpNSUlCZURDQ0FSMmdBd0lCQWdJQkFEQUtCZ2dxaGtqT1BRUURBakFqTVNFd0h3WURWUVFEREJock0zTXRZMnhwClpXNTBMV05oUURFM056TXhNamN3T1RZd0hoY05Nall3TXpFd01EY3hPREUyV2hjTk16WXdNekEzTURjeE9ERTIKV2pBak1TRXdId1lEVlFRRERCaHJNM010WTJ4cFpXNTBMV05oUURFM056TXhNamN3T1RZd1dUQVRCZ2NxaGtqTwpQUUlCQmdncWhrak9QUU1CQndOQ0FBUzV1NGVJbStvVnV1SFI0aTZIOU1kVzlyUHdJbFVPNFhIMEJWaDRUTGNlCkNkMnRBbFVXUW5FakxMdlpDWlVaYTlzTlhKOUVtWWt5S0dtQWR2TE9FbUVrbzBJd1FEQU9CZ05WSFE4QkFmOEUKQkFNQ0FxUXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QWRCZ05WSFE0RUZnUVVGU3ZmR2RBdGFVSzAwVWRIaW5jUgo1SStNOVNBd0NnWUlLb1pJemowRUF3SURTUUF3UmdJaEFMY2xtQnR4TnpSVlBvV2hoVEVKSkM1Z3VNSGsvcFZpCjFvYXJ2UVJxTWRKcUFpRUEyR1dNTzlhZFFYTEQwbFZKdHZMVkc1M3I0M0lxMHpEUUQwbTExMVZyL1MwPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="
+KUBE_DATA="LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUVkSTRZN3lRU1ZwRGNrblhsQmJEaXBWZHRMWEVsYVBkN3VBZHdBWFFya2xvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFOHpzQk1VOGxvdmJuN0RSQXloNEhWYUVBU2Y5bTV2Y3BFTU9SdlBUeGVrQnUrTVNLK0NBMAphSzJmUlY2V0VVYU4xL2pNQTZnekJIRGVaMmRjZVFaUFRBPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo="

go.mod

@@ -5,9 +5,11 @@ go 1.23.0
 toolchain go1.23.3
 
 require (
-	cloud.o-forge.io/core/oc-lib v0.0.0-20250213085018-271cc2caa026
+	cloud.o-forge.io/core/oc-lib v0.0.0-20250219142942-5111c9c8bec7
 	github.com/beego/beego/v2 v2.3.1
+	github.com/golang-jwt/jwt/v5 v5.2.2
 	go.mongodb.org/mongo-driver v1.17.1
+	gopkg.in/yaml.v2 v2.4.0
 	k8s.io/api v0.32.1
 	k8s.io/apimachinery v0.32.1
 	k8s.io/client-go v0.32.1

go.sum

@@ -1,11 +1,5 @@
-cloud.o-forge.io/core/oc-lib v0.0.0-20250205160221-88b7cfe2fd0f h1:6V+Z81ywYoDYSVMnM4PVaJYXFgCN3xSG3ddiUPn4jL8=
+cloud.o-forge.io/core/oc-lib v0.0.0-20250219142942-5111c9c8bec7 h1:fh6SzBPenzIxufIIzExtx4jEE4OhFposqn3EbHFr92Q=
-cloud.o-forge.io/core/oc-lib v0.0.0-20250205160221-88b7cfe2fd0f/go.mod h1:2roQbUpv3a6mTIr5oU1ux31WbN8YucyyQvCQ0FqwbcE=
+cloud.o-forge.io/core/oc-lib v0.0.0-20250219142942-5111c9c8bec7/go.mod h1:2roQbUpv3a6mTIr5oU1ux31WbN8YucyyQvCQ0FqwbcE=
-cloud.o-forge.io/core/oc-lib v0.0.0-20250212150815-c7c1535ba91a h1:kfTSMCOxYiVGNJWD4OrV7YYTf6t4geKxWpGz4EucpEA=
-cloud.o-forge.io/core/oc-lib v0.0.0-20250212150815-c7c1535ba91a/go.mod h1:2roQbUpv3a6mTIr5oU1ux31WbN8YucyyQvCQ0FqwbcE=
-cloud.o-forge.io/core/oc-lib v0.0.0-20250213072626-4920322d0afb h1:EybP8jPpIiN5RLiBxr3cvvF9KIaC+uWvzM23ga0t1yI=
-cloud.o-forge.io/core/oc-lib v0.0.0-20250213072626-4920322d0afb/go.mod h1:2roQbUpv3a6mTIr5oU1ux31WbN8YucyyQvCQ0FqwbcE=
-cloud.o-forge.io/core/oc-lib v0.0.0-20250213085018-271cc2caa026 h1:CYwpofGfpAhMDrT6jqvu9NI/tcgxCD8PKJZDKEfTvVI=
-cloud.o-forge.io/core/oc-lib v0.0.0-20250213085018-271cc2caa026/go.mod h1:2roQbUpv3a6mTIr5oU1ux31WbN8YucyyQvCQ0FqwbcE=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/beego/beego/v2 v2.3.1 h1:7MUKMpJYzOXtCUsTEoXOxsDV/UcHw6CPbaWMlthVNsc=
 github.com/beego/beego/v2 v2.3.1/go.mod h1:5cqHsOHJIxkq44tBpRvtDe59GuVRVv/9/tyVDxd5ce4=
@@ -56,6 +50,10 @@ github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZ
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
+github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
+github.com/golang-jwt/jwt/v5 v5.2.2 h1:Rl4B7itRWVtYIHFrSNd7vhTiz9UpLdi6gZhZ3wEeDy8=
+github.com/golang-jwt/jwt/v5 v5.2.2/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
 github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
 github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
@@ -266,6 +264,8 @@ gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

infrastructure/interface.go

@@ -4,15 +4,23 @@ import (
 	"context"
 	"errors"
 	"oc-datacenter/conf"
+
+	v1 "k8s.io/api/core/v1"
 )
 
 type Infrastructure interface {
 	CreateNamespace(ctx context.Context, ns string) error
 	DeleteNamespace(ctx context.Context, ns string) error
-	GetToken(ctx context.Context, ns string, duration int) (string, error)
+	GenerateToken(ctx context.Context, ns string, duration int) (string, error)
 	CreateServiceAccount(ctx context.Context, ns string) error
 	CreateRoleBinding(ctx context.Context, ns string, roleBinding string, role string) error
 	CreateRole(ctx context.Context, ns string, role string, groups [][]string, resources [][]string, verbs [][]string) error
+	GetTargets(ctx context.Context) ([]string,error)
+	CreateAdmiraltySource(context context.Context,executionId string) ([]byte, error)
+	CreateKubeconfigSecret(context context.Context,kubeconfig string, executionId string) ([]byte, error) 
+	GetKubeconfigSecret(context context.Context,executionId string) ([]byte, error)
+	CreateAdmiraltyTarget(context context.Context,executionId string)([]byte,error)
+	GetOneNode(context context.Context,executionID string) (*v1.Node, error)
 }
 
 var _service = map[string]func() (Infrastructure, error){
@@ -26,3 +34,4 @@ func NewService() (Infrastructure, error) {
 	}
 	return service()
 }
+

infrastructure/kubernetes.go

@@ -1,14 +1,20 @@
 package infrastructure
 
 import (
+	"bytes"
 	"context"
+	"encoding/base64"
+	"encoding/json"
 	"errors"
 	"fmt"
+	"html/template"
 	"oc-datacenter/conf"
+	"strings"
 
 	authv1 "k8s.io/api/authentication/v1"
 	v1 "k8s.io/api/core/v1"
 	rbacv1 "k8s.io/api/rbac/v1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/rest"
@@ -42,8 +48,37 @@ func NewKubernetesService() (Infrastructure, error) {
 	}, nil
 }
 
+func NewRemoteKubernetesService(url string, ca string, cert string, key string) (Infrastructure, error) {
+	decodedCa, _ := base64.StdEncoding.DecodeString(ca)
+	decodedCert, _ := base64.StdEncoding.DecodeString(cert)
+	decodedKey, _ := base64.StdEncoding.DecodeString(key)
+
+	config := &rest.Config{
+		Host: url + ":6443",
+		TLSClientConfig: rest.TLSClientConfig{
+			CAData:   decodedCa,
+			CertData: decodedCert,
+			KeyData:  decodedKey,
+		},
+	}
+	// Create clientset
+	clientset, err := kubernetes.NewForConfig(config)
+	fmt.Println("NewForConfig", clientset, err)
+	if err != nil {
+		return nil, errors.New("Error creating Kubernetes client: " + err.Error())
+	}
+	if clientset == nil {
+		return nil, errors.New("Error creating Kubernetes client: clientset is nil")
+	}
+
+	return &KubernetesService{
+		Set: clientset,
+	}, nil
+}
+
 func (k *KubernetesService) CreateNamespace(ctx context.Context, ns string) error {
 	// Define the namespace
+	fmt.Println("ExecutionID in CreateNamespace() : ", ns)
 	namespace := &v1.Namespace{
 		ObjectMeta: metav1.ObjectMeta{
 			Name: ns,
@@ -139,7 +174,10 @@ func (k *KubernetesService) DeleteNamespace(ctx context.Context, ns string) erro
 	return nil
 }
 
-func (k *KubernetesService) GetToken(ctx context.Context, ns string, duration int) (string, error) {
+// Returns the string representing the token generated for the serviceAccount
+// in the namespace identified by the value `ns` with the name sa-`ns`, which is valid for
+// `duration` seconds
+func (k *KubernetesService) GenerateToken(ctx context.Context, ns string, duration int) (string, error) {
 	// Define TokenRequest (valid for 1 hour)
 	d := int64(duration)
 	tokenRequest := &authv1.TokenRequest{
@@ -156,3 +194,280 @@ func (k *KubernetesService) GetToken(ctx context.Context, ns string, duration in
 	}
 	return token.Status.Token, nil
 }
+
+// Needs refactoring :
+//   - Retrieving the metada (in a method that Unmarshall the part of the json in a metadata object)
+func (k *KubernetesService) GetTargets(ctx context.Context) ([]string, error) {
+
+	var listTargets []string
+	resp, err := getCDRapiKube(*k.Set, ctx, "/apis/multicluster.admiralty.io/v1alpha1/targets")
+	if err != nil {
+		return nil, err
+	}
+
+	fmt.Println(string(resp))
+	var targetDict map[string]interface{}
+	err = json.Unmarshal(resp, &targetDict)
+	if err != nil {
+		fmt.Println("TODO: handle the error when unmarshalling k8s API response")
+		return nil, err
+	}
+
+	b, _ := json.MarshalIndent(targetDict, "", " ")
+	fmt.Println(string(b))
+
+	data := targetDict["items"].([]interface{})
+
+	for _, item := range data {
+		var metadata metav1.ObjectMeta
+		item := item.(map[string]interface{})
+		byteMetada, err := json.Marshal(item["metadata"])
+
+		if err != nil {
+			fmt.Println("Error while Marshalling metadata field")
+			return nil, err
+		}
+		err = json.Unmarshal(byteMetada, &metadata)
+		if err != nil {
+			fmt.Println("Error while Unmarshalling metadata field to the library object")
+			return nil, err
+		}
+
+		listTargets = append(listTargets, metadata.Name)
+	}
+
+	return listTargets, nil
+
+}
+
+// Admiralty Target allows a cluster to deploy pods to remote cluster
+//
+// The remote  cluster must :
+//
+// - have declared a Source resource
+//
+// - have declared the same namespace as the one where the pods are created in the local cluster
+//
+// - have delcared a serviceAccount with sufficient permission to create pods
+func (k *KubernetesService) CreateAdmiraltyTarget(context context.Context, executionId string) ([]byte, error) {
+	exists, err := k.GetKubeconfigSecret(context, executionId)
+	if err != nil {
+		fmt.Println("Error verifying kube-secret before creating target")
+		return nil, err
+	}
+
+	if exists == nil {
+		fmt.Println("Target needs to be binded to a secret in namespace ", executionId)
+		return nil, nil // Maybe we could create a wrapper for errors and add more info to have
+	}
+
+	var targetManifest string
+	var tpl bytes.Buffer
+	tmpl, err := template.New("target").
+		Parse("{\"apiVersion\": \"multicluster.admiralty.io/v1alpha1\", \"kind\": \"Target\", \"metadata\": {\"name\": \"target-{{.ExecutionId}}\"}, \"spec\": { \"kubeconfigSecret\" :{\"name\": \"kube-secret-{{.ExecutionId}}\"}} }")
+	if err != nil {
+		fmt.Println("Error creating the template for the target Manifest")
+		return nil, err
+	}
+
+	err = tmpl.Execute(&tpl, map[string]string{"ExecutionId": executionId})
+	targetManifest = tpl.String()
+	resp, err := postCDRapiKube(
+		*k.Set,
+		context,
+		"/apis/multicluster.admiralty.io/v1alpha1/namespaces/"+executionId+"/targets",
+		[]byte(targetManifest),
+		map[string]string{"fieldManager": "kubectl-client-side-apply"},
+		map[string]string{"fieldValidation": "Strict"},
+	)
+
+	if err != nil {
+		fmt.Println("Error trying to create a Source on remote cluster : ", err, " : ", resp)
+		return nil, err
+	}
+
+	return resp, nil
+}
+
+// Admiralty Source allows a cluster to receive pods from a remote cluster
+//
+// The source must be associated to a serviceAccount, which will execute the pods locally.
+// This serviceAccount must have sufficient permission to create and patch pods
+//
+// This method is temporary to implement the use of Admiralty, but must be edited
+// to rather contact the oc-datacenter from the remote cluster to create the source
+// locally and retrieve the token for the serviceAccount
+func (k *KubernetesService) CreateAdmiraltySource(context context.Context, executionId string) ([]byte, error) {
+	var sourceManifest string
+	var tpl bytes.Buffer
+	tmpl, err := template.New("source").
+		Parse("{\"apiVersion\": \"multicluster.admiralty.io/v1alpha1\", \"kind\": \"Source\", \"metadata\": {\"name\": \"source-{{.ExecutionId}}\"}, \"spec\": {\"serviceAccountName\": \"sa-{{.ExecutionId}}\"} }")
+	if err != nil {
+		fmt.Println("Error creating the template for the source Manifest")
+		return nil, err
+	}
+
+	err = tmpl.Execute(&tpl, map[string]string{"ExecutionId": executionId})
+	sourceManifest = tpl.String()
+
+	resp, err := postCDRapiKube(
+		*k.Set,
+		context,
+		"/apis/multicluster.admiralty.io/v1alpha1/namespaces/"+executionId+"/sources",
+		[]byte(sourceManifest),
+		map[string]string{"fieldManager": "kubectl-client-side-apply"},
+		map[string]string{"fieldValidation": "Strict"},
+	)
+
+	// We can add more info to the log with the content of resp if not nil
+	if err != nil {
+		fmt.Println("Error trying to create a Source on remote cluster : ", err, " : ", resp)
+		return nil, err
+	}
+
+	return resp, nil
+}
+
+// Create a secret from a kubeconfing. Use it to create the secret binded to an Admiralty
+// target, which must contain the serviceAccount's token value
+func (k *KubernetesService) CreateKubeconfigSecret(context context.Context, kubeconfig string, executionId string) ([]byte, error) {
+	config, err := base64.StdEncoding.DecodeString(kubeconfig)
+	// config, err := base64.RawStdEncoding.DecodeString(kubeconfig)
+	if err != nil {
+		fmt.Println("Error while encoding kubeconfig")
+		fmt.Println(err)
+		return nil, err
+	}
+
+	secretManifest := &v1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "kube-secret-" + executionId,
+			Namespace: executionId,
+		},
+		Data: map[string][]byte{
+			"config": config,
+		},
+	}
+
+	exists, err := k.GetKubeconfigSecret(context, executionId)
+	if err != nil {
+		fmt.Println("Error verifying if kube secret exists in namespace ", executionId)
+		return nil, err
+	}
+	if exists != nil {
+		fmt.Println("kube-secret already exists in namespace", executionId)
+		fmt.Println("Overriding existing kube-secret with a newer resource")
+		// TODO : implement DeleteKubeConfigSecret(executionID)
+		deleted, err := k.DeleteKubeConfigSecret(executionId)
+		_ = deleted
+		_ = err
+	}
+	resp, err := k.Set.CoreV1().
+		Secrets(executionId).
+		Create(context, secretManifest, metav1.CreateOptions{})
+
+	if err != nil {
+		fmt.Println("Error while trying to contact API to get secret kube-secret-" + executionId)
+		fmt.Println(err)
+		return nil, err
+	}
+
+	data, err := json.Marshal(resp)
+	if err != nil {
+		fmt.Println("Couldn't marshal resp from : ", data)
+		fmt.Println(err)
+		return nil, err
+	}
+	return data, nil
+}
+
+func (k *KubernetesService) GetKubeconfigSecret(context context.Context, executionId string) ([]byte, error) {
+	resp, err := k.Set.CoreV1().
+		Secrets(executionId).
+		Get(context, "kube-secret-"+executionId, metav1.GetOptions{})
+
+	if err != nil {
+		if apierrors.IsNotFound(err) {
+			fmt.Println("kube-secret not found for execution", executionId)
+			return nil, nil
+		}
+		fmt.Println("Error while trying to contact API to get secret kube-secret-" + executionId)
+		fmt.Println(err)
+		return nil, err
+	}
+
+	data, err := json.Marshal(resp)
+
+	if err != nil {
+		fmt.Println("Couldn't marshal resp from : ", data)
+		fmt.Println(err)
+		return nil, err
+	}
+
+	return data, nil
+}
+
+func (k *KubernetesService) DeleteKubeConfigSecret(executionID string) ([]byte, error) {
+
+	return []byte{}, nil
+}
+
+func getCDRapiKube(client kubernetes.Clientset, ctx context.Context, path string) ([]byte, error) {
+	resp, err := client.RESTClient().Get().
+		AbsPath(path).
+		DoRaw(ctx) // from https://stackoverflow.com/questions/60764908/how-to-access-kubernetes-crd-using-client-go
+
+	if err != nil {
+		fmt.Println("Error from k8s API when getting "+path+" : ", err)
+		return nil, err
+	}
+
+	return resp, nil
+}
+
+func postCDRapiKube(client kubernetes.Clientset, ctx context.Context, path string, body []byte, params ...map[string]string) ([]byte, error) {
+	req := client.RESTClient().
+		Post().
+		AbsPath(path).
+		Body(body)
+
+	for _, param := range params {
+		for k, v := range param {
+			req = req.Param(k, v)
+		}
+	}
+
+	resp, err := req.DoRaw(ctx)
+
+	if err != nil {
+		fmt.Println("Error from k8s API when posting "+string(body)+" to "+path+" : ", err)
+		return nil, err
+	}
+
+	return resp, nil
+}
+
+// Returns the Kubernetes' Node object corresponding to the executionID if it exists on this host
+//
+// The node is created when an admiralty Target (on host) can connect to an admiralty Source (on remote)
+func (k *KubernetesService) GetOneNode(context context.Context, executionID string) (*v1.Node, error) {
+	res, err := k.Set.CoreV1().
+		Nodes().
+		List(
+			context,
+			metav1.ListOptions{},
+		)
+	if err != nil {
+		fmt.Println("Error getting the list of nodes from k8s API")
+		fmt.Println(err)
+		return nil, err
+	}
+
+	for _, node := range res.Items {
+		if isNode := strings.Contains(node.Name, "admiralty-"+executionID+"-target-"+executionID+"-"); isNode {
+			return &node, nil
+		}
+	}
+
+	return nil, nil
+}

main.go

@@ -4,10 +4,12 @@ import (
 	"encoding/base64"
 	"oc-datacenter/conf"
 	_ "oc-datacenter/routers"
+	"os"
 
 	oclib "cloud.o-forge.io/core/oc-lib"
 	"cloud.o-forge.io/core/oc-lib/tools"
 	beego "github.com/beego/beego/v2/server/web"
+	"github.com/beego/beego/v2/server/web/filter/cors"
 )
 
 const appname = "oc-datacenter"
@@ -19,7 +21,7 @@ func main() {
 	// Load the right config file
 	o := oclib.GetConfLoader()
 	conf.GetConfig().Mode = o.GetStringDefault("MODE", "kubernetes")
-	conf.GetConfig().KubeHost = o.GetStringDefault("KUBERNETES_SERVICE_HOST", "")
+	conf.GetConfig().KubeHost = o.GetStringDefault("KUBERNETES_SERVICE_HOST", os.Getenv("KUBERNETES_SERVICE_HOST"))
 	conf.GetConfig().KubePort = o.GetStringDefault("KUBERNETES_SERVICE_PORT", "6443")
 
 	sDec, err := base64.StdEncoding.DecodeString(o.GetStringDefault("KUBE_CA", ""))
@@ -50,6 +52,12 @@ func main() {
 	beego.BConfig.WebConfig.StaticDir["/swagger"] = "swagger"
 	api := &tools.API{}
 	api.Discovered(beego.BeeApp.Handlers.GetAllControllerInfo())
-
+	beego.InsertFilter("*", beego.BeforeRouter, cors.Allow(&cors.Options{
+		AllowAllOrigins:  true,
+		AllowMethods:     []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"},
+		AllowHeaders:     []string{"Origin", "Authorization", "Content-Type"},
+		ExposeHeaders:    []string{"Content-Length", "Content-Type"},
+		AllowCredentials: true,
+	}))
 	beego.Run()
 }

models/kubeconfig.go

@@ -0,0 +1,56 @@
+package models
+
+// KubeConfigValue is a struct used to create a kubectl configuration YAML file.
+type KubeConfigValue struct {
+	APIVersion     string                   `yaml:"apiVersion" json:"apiVersion"`
+	Kind           string                   `yaml:"kind" json:"kind"`
+	Clusters       []KubeconfigNamedCluster `yaml:"clusters" json:"clusters"`
+	Users          []KubeconfigUser         `yaml:"users" json:"users"`
+	Contexts       []KubeconfigNamedContext `yaml:"contexts" json:"contexts"`
+	CurrentContext string                   `yaml:"current-context" json:"current-context"`
+	Preferences    struct{}                 `yaml:"preferences" json:"preferences"`
+}
+
+// KubeconfigUser is a struct used to create a kubectl configuration YAML file
+type KubeconfigUser struct {
+	Name string                `yaml:"name" json:"name"`
+	User KubeconfigUserKeyPair `yaml:"user" json:"user"`
+
+}
+
+// KubeconfigUserKeyPair is a struct used to create a kubectl configuration YAML file
+type KubeconfigUserKeyPair struct {
+	Token				  string				 `yaml:"token" json:"token"`
+}
+
+// KubeconfigAuthProvider is a struct used to create a kubectl authentication provider
+type KubeconfigAuthProvider struct {
+	Name   string            `yaml:"name" json:"name"`
+	Config map[string]string `yaml:"config" json:"config"`
+}
+
+// KubeconfigNamedCluster is a struct used to create a kubectl configuration YAML file
+type KubeconfigNamedCluster struct {
+	Name    string            `yaml:"name" json:"name"`
+	Cluster KubeconfigCluster `yaml:"cluster" json:"cluster"`
+}
+
+// KubeconfigCluster is a struct used to create a kubectl configuration YAML file
+type KubeconfigCluster struct {
+	Server                   string `yaml:"server" json:"server"`
+	CertificateAuthorityData string `yaml:"certificate-authority-data" json:"certificate-authority-data"`
+	CertificateAuthority     string `yaml:"certificate-authority" json:"certificate-authority"`
+}
+
+// KubeconfigNamedContext is a struct used to create a kubectl configuration YAML file
+type KubeconfigNamedContext struct {
+	Name    string            `yaml:"name" json:"name"`
+	Context KubeconfigContext `yaml:"context" json:"context"`
+}
+
+// KubeconfigContext is a struct used to create a kubectl configuration YAML file
+type KubeconfigContext struct {
+	Cluster   string `yaml:"cluster" json:"cluster"`
+	Namespace string `yaml:"namespace,omitempty" json:"namespace,omitempty"`
+	User      string `yaml:"user" json:"user"`
+}

routers/commentsRouter.go

@@ -7,6 +7,78 @@ import (
 
 func init() {
 
+    beego.GlobalControllerRouter["oc-datacenter/controllers:AdmiraltyController"] = append(beego.GlobalControllerRouter["oc-datacenter/controllers:AdmiraltyController"],
+        beego.ControllerComments{
+            Method: "GetAdmiraltyKubeconfig",
+            Router: `/kubeconfig/:execution`,
+            AllowHTTPMethods: []string{"get"},
+            MethodParams: param.Make(),
+            Filters: nil,
+            Params: nil})
+
+    beego.GlobalControllerRouter["oc-datacenter/controllers:AdmiraltyController"] = append(beego.GlobalControllerRouter["oc-datacenter/controllers:AdmiraltyController"],
+        beego.ControllerComments{
+            Method: "GetNodeReady",
+            Router: `/node/:execution`,
+            AllowHTTPMethods: []string{"get"},
+            MethodParams: param.Make(),
+            Filters: nil,
+            Params: nil})
+
+    beego.GlobalControllerRouter["oc-datacenter/controllers:AdmiraltyController"] = append(beego.GlobalControllerRouter["oc-datacenter/controllers:AdmiraltyController"],
+        beego.ControllerComments{
+            Method: "GetKubeSecret",
+            Router: `/secret/:execution`,
+            AllowHTTPMethods: []string{"get"},
+            MethodParams: param.Make(),
+            Filters: nil,
+            Params: nil})
+
+    beego.GlobalControllerRouter["oc-datacenter/controllers:AdmiraltyController"] = append(beego.GlobalControllerRouter["oc-datacenter/controllers:AdmiraltyController"],
+        beego.ControllerComments{
+            Method: "CreateKubeSecret",
+            Router: `/secret/:execution`,
+            AllowHTTPMethods: []string{"post"},
+            MethodParams: param.Make(),
+            Filters: nil,
+            Params: nil})
+
+    beego.GlobalControllerRouter["oc-datacenter/controllers:AdmiraltyController"] = append(beego.GlobalControllerRouter["oc-datacenter/controllers:AdmiraltyController"],
+        beego.ControllerComments{
+            Method: "CreateSource",
+            Router: `/source/:execution`,
+            AllowHTTPMethods: []string{"post"},
+            MethodParams: param.Make(),
+            Filters: nil,
+            Params: nil})
+
+    beego.GlobalControllerRouter["oc-datacenter/controllers:AdmiraltyController"] = append(beego.GlobalControllerRouter["oc-datacenter/controllers:AdmiraltyController"],
+        beego.ControllerComments{
+            Method: "CreateAdmiraltyTarget",
+            Router: `/target/:execution`,
+            AllowHTTPMethods: []string{"post"},
+            MethodParams: param.Make(),
+            Filters: nil,
+            Params: nil})
+
+    beego.GlobalControllerRouter["oc-datacenter/controllers:AdmiraltyController"] = append(beego.GlobalControllerRouter["oc-datacenter/controllers:AdmiraltyController"],
+        beego.ControllerComments{
+            Method: "GetAllTargets",
+            Router: `/targets`,
+            AllowHTTPMethods: []string{"get"},
+            MethodParams: param.Make(),
+            Filters: nil,
+            Params: nil})
+
+    beego.GlobalControllerRouter["oc-datacenter/controllers:AdmiraltyController"] = append(beego.GlobalControllerRouter["oc-datacenter/controllers:AdmiraltyController"],
+        beego.ControllerComments{
+            Method: "GetOneTarget",
+            Router: `/targets/:execution`,
+            AllowHTTPMethods: []string{"get"},
+            MethodParams: param.Make(),
+            Filters: nil,
+            Params: nil})
+
     beego.GlobalControllerRouter["oc-datacenter/controllers:BookingController"] = append(beego.GlobalControllerRouter["oc-datacenter/controllers:BookingController"],
         beego.ControllerComments{
             Method: "GetAll",

routers/router.go

@@ -18,6 +18,7 @@ func init() {
 		beego.NSInclude(
 			&controllers.DatacenterController{},
 		),
+
 		beego.NSNamespace("/session",
 			beego.NSInclude(
 				&controllers.SessionController{},
@@ -33,6 +34,11 @@ func init() {
 				&controllers.VersionController{},
 			),
 		),
+		beego.NSNamespace("/admiralty",
+			beego.NSInclude(
+				&controllers.AdmiraltyController{},
+			),
+		),
 	)
 
 	beego.AddNamespace(ns)

swagger/swagger.json

@@ -37,6 +37,180 @@
                 }
             }
         },
+        "/admiralty/kubeconfig/{execution}": {
+            "get": {
+                "tags": [
+                    "admiralty"
+                ],
+                "parameters": [
+                    {
+                        "in": "path",
+                        "name": "execution",
+                        "description": "execution id of the workflow",
+                        "required": true,
+                        "type": "string"
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": ""
+                    }
+                }
+            }
+        },
+        "/admiralty/node/{execution}": {
+            "get": {
+                "tags": [
+                    "admiralty"
+                ],
+                "parameters": [
+                    {
+                        "in": "path",
+                        "name": "execution",
+                        "description": "execution id of the workflow",
+                        "required": true,
+                        "type": "string"
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": ""
+                    }
+                }
+            }
+        },
+        "/admiralty/secret/{execution}": {
+            "get": {
+                "tags": [
+                    "admiralty"
+                ],
+                "parameters": [
+                    {
+                        "in": "path",
+                        "name": "execution",
+                        "description": "execution id of the workflow",
+                        "required": true,
+                        "type": "string"
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": ""
+                    }
+                }
+            },
+            "post": {
+                "tags": [
+                    "admiralty"
+                ],
+                "parameters": [
+                    {
+                        "in": "path",
+                        "name": "execution",
+                        "description": "execution id of the workflow",
+                        "required": true,
+                        "type": "string"
+                    },
+                    {
+                        "in": "body",
+                        "name": "kubeconfig",
+                        "description": "Kubeconfig to use when creating secret",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/controllers.RemoteKubeconfig"
+                        }
+                    }
+                ],
+                "responses": {
+                    "201": {
+                        "description": ""
+                    }
+                }
+            }
+        },
+        "/admiralty/source/{execution}": {
+            "post": {
+                "tags": [
+                    "admiralty"
+                ],
+                "description": "Create an Admiralty Source on remote cluster\n\u003cbr\u003e",
+                "operationId": "AdmiraltyController.CreateSource",
+                "parameters": [
+                    {
+                        "in": "path",
+                        "name": "execution",
+                        "description": "execution id of the workflow",
+                        "required": true,
+                        "type": "string"
+                    }
+                ],
+                "responses": {
+                    "201": {
+                        "description": ""
+                    }
+                }
+            }
+        },
+        "/admiralty/target/{execution}": {
+            "post": {
+                "tags": [
+                    "admiralty"
+                ],
+                "description": "Create an Admiralty Target in the namespace associated to the executionID\n\u003cbr\u003e",
+                "operationId": "AdmiraltyController.CreateAdmiraltyTarget",
+                "parameters": [
+                    {
+                        "in": "path",
+                        "name": "execution",
+                        "description": "execution id of the workflow",
+                        "required": true,
+                        "type": "string"
+                    }
+                ],
+                "responses": {
+                    "201": {
+                        "description": ""
+                    }
+                }
+            }
+        },
+        "/admiralty/targets": {
+            "get": {
+                "tags": [
+                    "admiralty"
+                ],
+                "description": "find all Admiralty Target\n\u003cbr\u003e",
+                "operationId": "AdmiraltyController.GetAllTargets",
+                "responses": {
+                    "200": {
+                        "description": ""
+                    }
+                }
+            }
+        },
+        "/admiralty/targets/{execution}": {
+            "get": {
+                "tags": [
+                    "admiralty"
+                ],
+                "description": "find one Admiralty Target\n\u003cbr\u003e",
+                "operationId": "AdmiraltyController.GetOneTarget",
+                "parameters": [
+                    {
+                        "in": "path",
+                        "name": "id",
+                        "description": "the name of the target to get",
+                        "required": true,
+                        "type": "string"
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": ""
+                    }
+                }
+            }
+        },
         "/booking/": {
             "get": {
                 "tags": [
@@ -143,7 +317,7 @@
                     "booking"
                 ],
                 "description": "search bookings by execution\n\u003cbr\u003e",
-                "operationId": "BookingController.Search",
+                "operationId": "BookingController.ExecutionSearch",
                 "parameters": [
                     {
                         "in": "path",
@@ -342,6 +516,15 @@
         }
     },
     "definitions": {
+        "controllers.RemoteKubeconfig": {
+            "title": "RemoteKubeconfig",
+            "type": "object",
+            "properties": {
+                "Data": {
+                    "type": "string"
+                }
+            }
+        },
         "models.compute": {
             "title": "compute",
             "type": "object"
@@ -360,9 +543,17 @@
             "name": "booking",
             "description": "Operations about workspace\n"
         },
+        {
+            "name": "session",
+            "description": "Operations about session and token management\n"
+        },
         {
             "name": "version",
             "description": "VersionController operations for Version\n"
+        },
+        {
+            "name": "admiralty",
+            "description": "Operations about the admiralty objects of the datacenter\n"
         }
     ]
 }

swagger/swagger.yml

@@ -49,6 +49,125 @@ paths:
       responses:
         "200":
           description: '{booking} models.booking'
+  /admiralty/kubeconfig/{execution}:
+    get:
+      tags:
+      - admiralty
+      parameters:
+      - in: path
+        name: execution
+        description: execution id of the workflow
+        required: true
+        type: string
+      responses:
+        "200":
+          description: ""
+  /admiralty/node/{execution}:
+    get:
+      tags:
+      - admiralty
+      parameters:
+      - in: path
+        name: execution
+        description: execution id of the workflow
+        required: true
+        type: string
+      responses:
+        "200":
+          description: ""
+  /admiralty/secret/{execution}:
+    get:
+      tags:
+      - admiralty
+      parameters:
+      - in: path
+        name: execution
+        description: execution id of the workflow
+        required: true
+        type: string
+      responses:
+        "200":
+          description: ""
+    post:
+      tags:
+      - admiralty
+      parameters:
+      - in: path
+        name: execution
+        description: execution id of the workflow
+        required: true
+        type: string
+      - in: body
+        name: kubeconfig
+        description: Kubeconfig to use when creating secret
+        required: true
+        schema:
+          $ref: '#/definitions/controllers.RemoteKubeconfig'
+      responses:
+        "201":
+          description: ""
+  /admiralty/source/{execution}:
+    post:
+      tags:
+      - admiralty
+      description: |-
+        Create an Admiralty Source on remote cluster
+        <br>
+      operationId: AdmiraltyController.CreateSource
+      parameters:
+      - in: path
+        name: execution
+        description: execution id of the workflow
+        required: true
+        type: string
+      responses:
+        "201":
+          description: ""
+  /admiralty/target/{execution}:
+    post:
+      tags:
+      - admiralty
+      description: |-
+        Create an Admiralty Target in the namespace associated to the executionID
+        <br>
+      operationId: AdmiraltyController.CreateAdmiraltyTarget
+      parameters:
+      - in: path
+        name: execution
+        description: execution id of the workflow
+        required: true
+        type: string
+      responses:
+        "201":
+          description: ""
+  /admiralty/targets:
+    get:
+      tags:
+      - admiralty
+      description: |-
+        find all Admiralty Target
+        <br>
+      operationId: AdmiraltyController.GetAllTargets
+      responses:
+        "200":
+          description: ""
+  /admiralty/targets/{execution}:
+    get:
+      tags:
+      - admiralty
+      description: |-
+        find one Admiralty Target
+        <br>
+      operationId: AdmiraltyController.GetOneTarget
+      parameters:
+      - in: path
+        name: id
+        description: the name of the target to get
+        required: true
+        type: string
+      responses:
+        "200":
+          description: ""
   /booking/:
     get:
       tags:
@@ -193,7 +312,7 @@ paths:
       description: |-
         search bookings by execution
         <br>
-      operationId: BookingController.Search
+      operationId: BookingController.ExecutionSearch
       parameters:
       - in: path
         name: id
@@ -250,6 +369,12 @@ paths:
         "200":
           description: ""
 definitions:
+  controllers.RemoteKubeconfig:
+    title: RemoteKubeconfig
+    type: object
+    properties:
+      Data:
+        type: string
   models.compute:
     title: compute
     type: object
@@ -263,6 +388,12 @@ tags:
 - name: booking
   description: |
     Operations about workspace
+- name: session
+  description: |
+    Operations about session and token management
 - name: version
   description: |
     VersionController operations for Version
+- name: admiralty
+  description: |
+    Operations about the admiralty objects of the datacenter