feat: Tenant TargetedInstanceCreation capability initial implemnetation

api/pkg/api/handler/expectedmachine.go

@@ -58,7 +58,7 @@ func ValidateProviderOrTenantSiteAccess(ctx context.Context, logger zerolog.Logg
 		hasAccess = tsCount > 0
 
 		// Check if Tenant is privileged
-		if !hasAccess && tenant.Config.TargetedInstanceCreation {
+		if !hasAccess && common.TenantHasTargetedInstanceCreation(tenant) {
 			// Check if privileged tenant has an account with the Site's Infrastructure Provider
 			taDAO := cdbm.NewTenantAccountDAO(dbSession)
 			_, taCount, err := taDAO.GetAll(ctx, nil, cdbm.TenantAccountFilterInput{

api/pkg/api/handler/instance.go

@@ -830,7 +830,7 @@ func (cih CreateInstanceHandler) Handle(c echo.Context) error {
 
 		// Begin validating Machine ID
 		if apiRequest.MachineID != nil {
-			if tenant.Config == nil || !tenant.Config.TargetedInstanceCreation {
+			if !common.TenantHasTargetedInstanceCreation(tenant) {
 				logger.Warn().Msg("tenant does not have capability to create instances from specific machine")
 				return cutil.NewAPIError(http.StatusForbidden, "Tenant does not have capability to create Instances using specific Machine ID", nil)
 			}
@@ -4746,7 +4746,7 @@ func (dih DeleteInstanceHandler) Handle(c echo.Context) error {
 		}
 		// if caller attempt to set IsRepairTenant then it must be a tenant with targetedInstanceCreation capability
 		if apiRequest.IsRepairTenant != nil && *apiRequest.IsRepairTenant {
-			if instance.Tenant.Config == nil || !instance.Tenant.Config.TargetedInstanceCreation {
+			if !common.TenantHasTargetedInstanceCreation(instance.Tenant) {
 				logger.Warn().Msg("tenant does not have capability to set IsRepairTenant")
 				return cutil.NewAPIError(http.StatusForbidden, "Tenant does not have capability to set IsRepairTenant", nil)
 			}

api/pkg/api/handler/machine.go

@@ -241,7 +241,7 @@ func (gamh GetAllMachineHandler) Handle(c echo.Context) error {
 
 	if tenant != nil {
 		// Check if Tenant is privileged
-		if tenant.Config.TargetedInstanceCreation {
+		if common.TenantHasTargetedInstanceCreation(tenant) {
 			// Get IDs for all Providers the privileged Tenant has an account with
 			taDAO := cdbm.NewTenantAccountDAO(gamh.dbSession)
 			tas, _, serr := taDAO.GetAll(ctx, nil, cdbm.TenantAccountFilterInput{
@@ -614,7 +614,7 @@ func (gmh GetMachineHandler) Handle(c echo.Context) error {
 		isProviderOrPrivilegedTenant = true
 	} else if tenant != nil {
 		// Check if Tenant is privileged
-		if tenant.Config.TargetedInstanceCreation {
+		if common.TenantHasTargetedInstanceCreation(tenant) {
 			// Check if privileged Tenant has an account with Infrastructure Provider
 			taDAO := cdbm.NewTenantAccountDAO(gmh.dbSession)
 			_, taCount, serr := taDAO.GetAll(ctx, nil, cdbm.TenantAccountFilterInput{
@@ -758,7 +758,7 @@ func (umh UpdateMachineHandler) Handle(c echo.Context) error {
 	// Validate if Tenant is allowed to update Machine
 	if tenant != nil {
 		// Check if Tenant is privileged
-		if tenant.Config.TargetedInstanceCreation {
+		if common.TenantHasTargetedInstanceCreation(tenant) {
 			// Check if privileged Tenant has an account with Infrastructure Provider
 			taDAO := cdbm.NewTenantAccountDAO(umh.dbSession)
 			_, taCount, serr := taDAO.GetAll(ctx, nil, cdbm.TenantAccountFilterInput{

api/pkg/api/handler/site.go

@@ -649,7 +649,7 @@ func (gsh GetSiteHandler) Handle(c echo.Context) error {
 
 		if !isAssociated {
 			// Check if Tenant is privileged
-			if tenant.Config != nil && tenant.Config.TargetedInstanceCreation {
+			if common.TenantHasTargetedInstanceCreation(tenant) {
 				taDAO := cdbm.NewTenantAccountDAO(gsh.dbSession)
 				tas, _, serr := taDAO.GetAll(ctx, nil, cdbm.TenantAccountFilterInput{
 					InfrastructureProviderID: &st.InfrastructureProviderID,
@@ -894,7 +894,7 @@ func (gash GetAllSiteHandler) Handle(c echo.Context) error {
 
 		// If Tenant is privileged (has TargetedInstanceCreation capability),
 		// also retrieve all Sites from Providers they have a Tenant Account with
-		if tenant.Config != nil && tenant.Config.TargetedInstanceCreation {
+		if common.TenantHasTargetedInstanceCreation(tenant) {
 			taDAO := cdbm.NewTenantAccountDAO(gash.dbSession)
 			tas, _, serr := taDAO.GetAll(ctx, nil, cdbm.TenantAccountFilterInput{
 				TenantIDs: []uuid.UUID{tenant.ID},
@@ -1224,7 +1224,7 @@ func (gssdh GetSiteStatusDetailsHandler) Handle(c echo.Context) error {
 
 		if !isAssociated {
 			// Check if Tenant is privileged
-			if tenant.Config != nil && tenant.Config.TargetedInstanceCreation {
+			if common.TenantHasTargetedInstanceCreation(tenant) {
 				taDAO := cdbm.NewTenantAccountDAO(gssdh.dbSession)
 				tas, _, serr := taDAO.GetAll(ctx, nil, cdbm.TenantAccountFilterInput{
 					InfrastructureProviderID: &st.InfrastructureProviderID,

api/pkg/api/handler/sku.go

@@ -105,7 +105,7 @@ func (gash GetAllSkuHandler) Handle(c echo.Context) error {
 		}
 	} else if tenant != nil {
 		// Check if Tenant is privileged
-		if !tenant.Config.TargetedInstanceCreation {
+		if !common.TenantHasTargetedInstanceCreation(tenant) {
 			logger.Warn().Msg("Tenant doesn't have targeted Instance creation capability, access denied")
 			return cutil.NewAPIErrorResponse(c, http.StatusForbidden, "Tenant must have targeted Instance creation capability in order to retrieve SKUs", nil)
 		}
@@ -274,7 +274,7 @@ func (gsh GetSkuHandler) Handle(c echo.Context) error {
 		}
 	} else if tenant != nil {
 		// Check if Tenant is privileged
-		if !tenant.Config.TargetedInstanceCreation {
+		if !common.TenantHasTargetedInstanceCreation(tenant) {
 			logger.Warn().Msg("Tenant doesn't have targeted Instance creation capability, access denied")
 			return cutil.NewAPIErrorResponse(c, http.StatusForbidden, "Tenant must have targeted Instance creation capability in order to retrieve SKU", nil)
 		}