diff --git a/server/handler/legacy_gate_test.go b/server/handler/legacy_gate_test.go index e49405f..4f3e4b4 100644 --- a/server/handler/legacy_gate_test.go +++ b/server/handler/legacy_gate_test.go @@ -67,3 +67,49 @@ func TestVmCreateEventHonorsLegacyGate(t *testing.T) { } }) } + +func TestLegacyInventoryEndpointsAreGatedWhenDisabled(t *testing.T) { + h := newLegacyGateHandler(false) + + cases := []struct { + name string + method string + path string + body string + call func(*Handler, *httptest.ResponseRecorder, *http.Request) + }{ + { + name: "import vm", + method: http.MethodPost, + path: "/api/import/vm", + body: `{"name":"vm1"}`, + call: func(h *Handler, rr *httptest.ResponseRecorder, req *http.Request) { h.VmImport(rr, req) }, + }, + { + name: "cleanup vm", + method: http.MethodDelete, + path: "/api/inventory/vm/delete?vm_id=vm-1&datacenter_name=dc1", + call: func(h *Handler, rr *httptest.ResponseRecorder, req *http.Request) { h.VmCleanup(rr, req) }, + }, + { + name: "update vm details", + method: http.MethodPost, + path: "/api/inventory/vm/update", + call: func(h *Handler, rr *httptest.ResponseRecorder, req *http.Request) { h.VmUpdateDetails(rr, req) }, + }, + } + + for _, tc := range cases { + t.Run(tc.name, func(t *testing.T) { + req := httptest.NewRequest(tc.method, tc.path, strings.NewReader(tc.body)) + rr := httptest.NewRecorder() + tc.call(h, rr, req) + if rr.Code != http.StatusGone { + t.Fatalf("expected %d, got %d", http.StatusGone, rr.Code) + } + if !strings.Contains(rr.Body.String(), "deprecated") { + t.Fatalf("expected deprecated response, got: %s", rr.Body.String()) + } + }) + } +} diff --git a/server/handler/vmCleanup.go b/server/handler/vmCleanup.go index f445336..cbe574e 100644 --- a/server/handler/vmCleanup.go +++ b/server/handler/vmCleanup.go @@ -10,9 +10,10 @@ import ( ) // VmCleanup removes a VM from inventory by ID and datacenter. -// @Summary Cleanup VM inventory entry -// @Description Removes a VM inventory entry by VM ID and datacenter name. +// @Summary Cleanup VM inventory entry (deprecated) +// @Description Deprecated: Removes a VM inventory entry by VM ID and datacenter name. // @Tags inventory +// @Deprecated // @Produce json // @Param vm_id query string true "VM ID" // @Param datacenter_name query string true "Datacenter name" @@ -20,6 +21,10 @@ import ( // @Failure 400 {object} models.ErrorResponse "Invalid request" // @Router /api/inventory/vm/delete [delete] func (h *Handler) VmCleanup(w http.ResponseWriter, r *http.Request) { + if h.denyLegacyAPI(w, "/api/inventory/vm/delete") { + return + } + ctx := context.Background() // Get the parameters diff --git a/server/handler/vmImport.go b/server/handler/vmImport.go index 242f3f3..e849089 100644 --- a/server/handler/vmImport.go +++ b/server/handler/vmImport.go @@ -15,9 +15,10 @@ import ( ) // VmImport ingests a bulk VM import payload. -// @Summary Import VMs -// @Description Imports existing VM inventory data in bulk. +// @Summary Import VMs (deprecated) +// @Description Deprecated: Imports existing VM inventory data in bulk. // @Tags inventory +// @Deprecated // @Accept json // @Produce json // @Param import body models.ImportReceived true "Bulk import payload" @@ -25,6 +26,10 @@ import ( // @Failure 500 {object} models.ErrorResponse "Server error" // @Router /api/import/vm [post] func (h *Handler) VmImport(w http.ResponseWriter, r *http.Request) { + if h.denyLegacyAPI(w, "/api/import/vm") { + return + } + // Read request body reqBody, err := io.ReadAll(r.Body) if err != nil { diff --git a/server/handler/vmUpdateDetails.go b/server/handler/vmUpdateDetails.go index 4c3643a..1f9da03 100644 --- a/server/handler/vmUpdateDetails.go +++ b/server/handler/vmUpdateDetails.go @@ -9,14 +9,19 @@ import ( ) // VmUpdateDetails refreshes inventory metadata from vCenter. -// @Summary Refresh VM details -// @Description Queries vCenter and updates inventory records with missing details. +// @Summary Refresh VM details (deprecated) +// @Description Deprecated: Queries vCenter and updates inventory records with missing details. // @Tags inventory +// @Deprecated // @Produce json // @Success 200 {object} models.StatusMessageResponse "Update completed" // @Failure 500 {object} models.ErrorResponse "Server error" // @Router /api/inventory/vm/update [post] func (h *Handler) VmUpdateDetails(w http.ResponseWriter, r *http.Request) { + if h.denyLegacyAPI(w, "/api/inventory/vm/update") { + return + } + var matchFound bool var inventoryId int64 var srmPlaceholder string diff --git a/server/router/router.go b/server/router/router.go index 398efd1..b2afc9f 100644 --- a/server/router/router.go +++ b/server/router/router.go @@ -53,7 +53,7 @@ func New(logger *slog.Logger, database db.Database, buildTime string, sha1ver st mux.HandleFunc("/api/inventory/vm/delete", h.VmCleanup) // add missing data to VMs - //mux.HandleFunc("/api/inventory/vm/update", h.VmUpdateDetails) + mux.HandleFunc("/api/inventory/vm/update", h.VmUpdateDetails) // Legacy/maintenance endpoints are gated by settings.enable_legacy_api. mux.HandleFunc("/api/cleanup/updates", h.UpdateCleanup)