Provide reason field for retrieving VPN auth key. (#640)

Author: Gerrit91

cmd/metal-api/internal/service/v1/machine.go

@@ -262,7 +262,7 @@ type MachineResponse struct {
 
 type MachineConsolePasswordRequest struct {
 	ID     string `json:"id" description:"id of the machine to get the consolepassword for"`
-	Reason string `json:"reason" description:"reason why the consolepassword is requested, typically a incident number with short description"`
+	Reason string `json:"reason" description:"reason why the consolepassword is requested, typically an incident number with short description"`
 }
 
 type MachineConsolePasswordResponse struct {

cmd/metal-api/internal/service/v1/vpn.go

@@ -11,4 +11,5 @@ type VPNRequest struct {
 	Pid        string         `json:"pid" description:"project ID"`
 	Ephemeral  bool           `json:"ephemeral" description:"specifies if auth key should be ephemeral"`
 	Expiration *time.Duration `json:"expiration" description:"expiration time" optional:"true"`
+	Reason     string         `json:"reason" description:"reason why the vpn key is requested, typically an incident number with short description"`
 }

cmd/metal-api/internal/service/vpn-service.go

@@ -23,18 +23,21 @@ import (
 type vpnResource struct {
 	webResource
 	headscaleClient *headscale.HeadscaleClient
+	reasonMinLength uint
 }
 
 // NewVPN returns a webservice for VPN specific endpoints.
 func NewVPN(
 	log *slog.Logger,
 	headscaleClient *headscale.HeadscaleClient,
+	reasonMinLength uint,
 ) *restful.WebService {
 	r := vpnResource{
 		webResource: webResource{
 			log: log,
 		},
 		headscaleClient: headscaleClient,
+		reasonMinLength: reasonMinLength,
 	}
 
 	return r.webService()
@@ -74,6 +77,11 @@ func (r *vpnResource) getVPNAuthKey(request *restful.Request, response *restful.
 		return
 	}
 
+	if uint(len(requestPayload.Reason)) < r.reasonMinLength {
+		r.sendError(request, response, httperrors.BadRequest(fmt.Errorf("reason must be at least %d characters long", r.reasonMinLength)))
+		return
+	}
+
 	pid := requestPayload.Pid
 	if ok := r.headscaleClient.UserExists(request.Request.Context(), pid); !ok {
 		r.sendError(

cmd/metal-api/main.go

@@ -778,7 +778,7 @@ func initRestServices(searchAuditBackend auditing.Auditing, allAuditBackends []a
 	restful.DefaultContainer.Add(service.NewFilesystemLayout(logger.WithGroup("filesystem-layout-service"), ds))
 	restful.DefaultContainer.Add(service.NewSwitch(logger.WithGroup("switch-service"), ds))
 	restful.DefaultContainer.Add(healthService)
-	restful.DefaultContainer.Add(service.NewVPN(logger.WithGroup("vpn-service"), headscaleClient))
+	restful.DefaultContainer.Add(service.NewVPN(logger.WithGroup("vpn-service"), headscaleClient, reasonMinLength))
 	restful.DefaultContainer.Add(rest.NewVersion(moduleName, &rest.VersionOpts{
 		BasePath:         service.BasePath,
 		MinClientVersion: minClientVersion.Original(),

spec/metal-api.json

@@ -2413,7 +2413,7 @@
           "type": "string"
         },
         "reason": {
-          "description": "reason why the consolepassword is requested, typically a incident number with short description",
+          "description": "reason why the consolepassword is requested, typically an incident number with short description",
           "type": "string"
         }
       },
@@ -5891,11 +5891,16 @@
         "pid": {
           "description": "project ID",
           "type": "string"
+        },
+        "reason": {
+          "description": "reason why the vpn key is requested, typically an incident number with short description",
+          "type": "string"
         }
       },
       "required": [
         "ephemeral",
-        "pid"
+        "pid",
+        "reason"
       ]
     },
     "v1.VPNResponse": {