2022-07-26 22:21:49 +02:00
|
|
|
package controller
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
2022-07-26 22:36:47 +02:00
|
|
|
"fmt"
|
2022-07-26 22:21:49 +02:00
|
|
|
"github.com/go-openapi/runtime/middleware"
|
2022-07-29 22:03:53 +02:00
|
|
|
"github.com/openziti-test-kitchen/zrok/controller/store"
|
2022-07-26 22:21:49 +02:00
|
|
|
"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
|
|
|
|
|
"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/tunnel"
|
2022-07-27 15:49:54 +02:00
|
|
|
"github.com/openziti/edge/rest_management_api_client"
|
2022-07-26 23:26:39 +02:00
|
|
|
"github.com/openziti/edge/rest_management_api_client/edge_router_policy"
|
2022-07-26 22:21:49 +02:00
|
|
|
"github.com/openziti/edge/rest_management_api_client/service"
|
2022-07-26 22:36:47 +02:00
|
|
|
"github.com/openziti/edge/rest_management_api_client/service_edge_router_policy"
|
2022-07-26 23:17:37 +02:00
|
|
|
"github.com/openziti/edge/rest_management_api_client/service_policy"
|
2022-07-26 22:21:49 +02:00
|
|
|
"github.com/openziti/edge/rest_model"
|
|
|
|
|
"github.com/sirupsen/logrus"
|
|
|
|
|
"time"
|
|
|
|
|
)
|
|
|
|
|
|
2022-07-28 20:32:49 +02:00
|
|
|
func tunnelHandler(params tunnel.TunnelParams, principal *rest_model_zrok.Principal) middleware.Responder {
|
|
|
|
|
logrus.Infof("tunneling for '%v' (%v)", principal.Username, principal.Token)
|
2022-07-29 22:03:53 +02:00
|
|
|
|
|
|
|
|
tx, err := str.Begin()
|
|
|
|
|
if err != nil {
|
|
|
|
|
logrus.Errorf("error starting transaction: %v", err)
|
|
|
|
|
return tunnel.NewTunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
|
|
|
|
|
}
|
2022-07-29 22:21:47 +02:00
|
|
|
defer func() { _ = tx.Rollback() }()
|
2022-07-29 22:03:53 +02:00
|
|
|
|
2022-08-03 20:25:27 +02:00
|
|
|
envId := params.Body.ZitiIdentityID
|
2022-08-03 19:43:54 +02:00
|
|
|
if envs, err := str.FindEnvironmentsForAccount(int(principal.ID), tx); err == nil {
|
2022-08-01 21:44:26 +02:00
|
|
|
found := false
|
2022-08-03 19:43:54 +02:00
|
|
|
for _, env := range envs {
|
|
|
|
|
if env.ZitiIdentityId == envId {
|
2022-08-01 21:44:26 +02:00
|
|
|
logrus.Infof("found identity '%v' for user '%v'", envId, principal.Username)
|
|
|
|
|
found = true
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if !found {
|
2022-08-03 19:43:54 +02:00
|
|
|
logrus.Errorf("environment '%v' not found for user '%v'", envId, principal.Username)
|
2022-08-01 21:44:26 +02:00
|
|
|
return tunnel.NewTunnelUnauthorized().WithPayload("bad environment identity")
|
|
|
|
|
}
|
|
|
|
|
} else {
|
2022-08-03 19:43:54 +02:00
|
|
|
logrus.Errorf("error finding environments for account '%v'", principal.Username)
|
2022-08-01 21:44:26 +02:00
|
|
|
return tunnel.NewTunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
|
|
|
|
|
}
|
|
|
|
|
|
2022-07-26 22:21:49 +02:00
|
|
|
edge, err := edgeClient()
|
|
|
|
|
if err != nil {
|
|
|
|
|
logrus.Error(err)
|
2022-07-29 22:03:53 +02:00
|
|
|
return tunnel.NewTunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
|
2022-07-26 22:21:49 +02:00
|
|
|
}
|
2022-07-27 15:49:54 +02:00
|
|
|
svcName, err := randomId()
|
2022-07-26 22:21:49 +02:00
|
|
|
if err != nil {
|
|
|
|
|
logrus.Error(err)
|
2022-07-29 22:03:53 +02:00
|
|
|
return tunnel.NewTunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
|
2022-07-26 22:21:49 +02:00
|
|
|
}
|
2022-07-27 15:49:54 +02:00
|
|
|
svcId, err := createService(svcName, edge)
|
|
|
|
|
if err != nil {
|
|
|
|
|
logrus.Error(err)
|
2022-07-29 22:03:53 +02:00
|
|
|
return tunnel.NewTunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
|
2022-07-27 15:49:54 +02:00
|
|
|
}
|
|
|
|
|
if err := createServicePolicyBind(svcName, svcId, envId, edge); err != nil {
|
|
|
|
|
logrus.Error(err)
|
2022-07-29 22:03:53 +02:00
|
|
|
return tunnel.NewTunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
|
2022-07-27 15:49:54 +02:00
|
|
|
}
|
|
|
|
|
if err := createServicePolicyDial(svcName, svcId, edge); err != nil {
|
|
|
|
|
logrus.Error(err)
|
2022-07-29 22:03:53 +02:00
|
|
|
return tunnel.NewTunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
|
2022-07-27 15:49:54 +02:00
|
|
|
}
|
|
|
|
|
if err := createServiceEdgeRouterPolicy(svcName, svcId, edge); err != nil {
|
|
|
|
|
logrus.Error(err)
|
2022-07-29 22:03:53 +02:00
|
|
|
return tunnel.NewTunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
|
2022-07-27 15:49:54 +02:00
|
|
|
}
|
|
|
|
|
if err := createEdgeRouterPolicy(svcName, envId, edge); err != nil {
|
|
|
|
|
logrus.Error(err)
|
2022-07-29 22:03:53 +02:00
|
|
|
return tunnel.NewTunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
|
2022-07-27 15:49:54 +02:00
|
|
|
}
|
|
|
|
|
|
2022-07-27 18:55:51 +02:00
|
|
|
logrus.Infof("allocated service '%v'", svcName)
|
|
|
|
|
|
2022-08-03 20:25:27 +02:00
|
|
|
sid, err := str.CreateService(int(principal.ID), &store.Service{
|
|
|
|
|
ZitiServiceId: svcId,
|
|
|
|
|
Endpoint: params.Body.Endpoint,
|
|
|
|
|
}, tx)
|
2022-07-29 22:03:53 +02:00
|
|
|
if err != nil {
|
|
|
|
|
logrus.Errorf("error creating service record: %v", err)
|
|
|
|
|
_ = tx.Rollback()
|
|
|
|
|
return tunnel.NewUntunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
|
|
|
|
|
}
|
|
|
|
|
if err := tx.Commit(); err != nil {
|
|
|
|
|
logrus.Errorf("error committing service record: %v", err)
|
|
|
|
|
return tunnel.NewTunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
|
|
|
|
|
}
|
|
|
|
|
logrus.Infof("recorded service '%v' with id '%v' for '%v'", svcId, sid, principal.Username)
|
|
|
|
|
|
|
|
|
|
return tunnel.NewTunnelCreated().WithPayload(&rest_model_zrok.TunnelResponse{
|
2022-07-27 15:49:54 +02:00
|
|
|
Service: svcName,
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func createService(name string, edge *rest_management_api_client.ZitiEdgeManagement) (serviceId string, err error) {
|
|
|
|
|
configs := make([]string, 0)
|
|
|
|
|
encryptionRequired := true
|
2022-07-26 22:21:49 +02:00
|
|
|
svc := &rest_model.ServiceCreate{
|
2022-07-27 15:49:54 +02:00
|
|
|
Configs: configs,
|
|
|
|
|
EncryptionRequired: &encryptionRequired,
|
|
|
|
|
Name: &name,
|
2022-07-26 22:21:49 +02:00
|
|
|
}
|
2022-07-27 15:49:54 +02:00
|
|
|
req := &service.CreateServiceParams{
|
2022-07-26 22:21:49 +02:00
|
|
|
Service: svc,
|
|
|
|
|
Context: context.Background(),
|
|
|
|
|
}
|
2022-07-27 15:49:54 +02:00
|
|
|
req.SetTimeout(30 * time.Second)
|
|
|
|
|
resp, err := edge.Service.CreateService(req, nil)
|
2022-07-26 22:21:49 +02:00
|
|
|
if err != nil {
|
2022-07-27 15:49:54 +02:00
|
|
|
return "", err
|
2022-07-26 22:21:49 +02:00
|
|
|
}
|
2022-07-27 15:49:54 +02:00
|
|
|
logrus.Infof("created service '%v'", resp.Payload.Data.ID)
|
|
|
|
|
return resp.Payload.Data.ID, nil
|
|
|
|
|
}
|
2022-07-26 22:21:49 +02:00
|
|
|
|
2022-07-27 15:49:54 +02:00
|
|
|
func createServicePolicyBind(svcName, svcId, envId string, edge *rest_management_api_client.ZitiEdgeManagement) error {
|
|
|
|
|
semantic := rest_model.SemanticAllOf
|
|
|
|
|
identityRoles := []string{fmt.Sprintf("@%v", envId)}
|
|
|
|
|
name := fmt.Sprintf("%v-bind", svcName)
|
|
|
|
|
postureCheckRoles := []string{}
|
|
|
|
|
serviceRoles := []string{fmt.Sprintf("@%v", svcId)}
|
|
|
|
|
dialBind := rest_model.DialBindBind
|
2022-07-26 23:17:37 +02:00
|
|
|
svcp := &rest_model.ServicePolicyCreate{
|
2022-07-27 15:49:54 +02:00
|
|
|
IdentityRoles: identityRoles,
|
|
|
|
|
Name: &name,
|
|
|
|
|
PostureCheckRoles: postureCheckRoles,
|
2022-07-26 23:17:37 +02:00
|
|
|
Semantic: &semantic,
|
2022-07-27 15:49:54 +02:00
|
|
|
ServiceRoles: serviceRoles,
|
|
|
|
|
Type: &dialBind,
|
2022-07-26 23:17:37 +02:00
|
|
|
}
|
2022-07-27 15:49:54 +02:00
|
|
|
req := &service_policy.CreateServicePolicyParams{
|
2022-07-26 23:17:37 +02:00
|
|
|
Policy: svcp,
|
|
|
|
|
Context: context.Background(),
|
|
|
|
|
}
|
2022-07-27 15:49:54 +02:00
|
|
|
req.SetTimeout(30 * time.Second)
|
2022-07-27 18:55:51 +02:00
|
|
|
resp, err := edge.ServicePolicy.CreateServicePolicy(req, nil)
|
2022-07-26 23:17:37 +02:00
|
|
|
if err != nil {
|
2022-07-27 15:49:54 +02:00
|
|
|
return err
|
2022-07-26 23:17:37 +02:00
|
|
|
}
|
2022-07-27 18:55:51 +02:00
|
|
|
logrus.Infof("created service policy '%v'", resp.Payload.Data.ID)
|
2022-07-27 15:49:54 +02:00
|
|
|
return nil
|
|
|
|
|
}
|
2022-07-27 00:07:49 +02:00
|
|
|
|
2022-07-27 15:49:54 +02:00
|
|
|
func createServicePolicyDial(svcName, svcId string, edge *rest_management_api_client.ZitiEdgeManagement) error {
|
|
|
|
|
identityRoles := []string{"@PyB606.S."} // @proxy
|
|
|
|
|
name := fmt.Sprintf("%v-dial", svcName)
|
|
|
|
|
postureCheckRoles := []string{}
|
|
|
|
|
semantic := rest_model.SemanticAllOf
|
|
|
|
|
serviceRoles := []string{fmt.Sprintf("@%v", svcId)}
|
|
|
|
|
dialBind := rest_model.DialBindDial
|
|
|
|
|
svcp := &rest_model.ServicePolicyCreate{
|
|
|
|
|
IdentityRoles: identityRoles,
|
|
|
|
|
Name: &name,
|
|
|
|
|
PostureCheckRoles: postureCheckRoles,
|
2022-07-27 00:07:49 +02:00
|
|
|
Semantic: &semantic,
|
2022-07-27 15:49:54 +02:00
|
|
|
ServiceRoles: serviceRoles,
|
|
|
|
|
Type: &dialBind,
|
2022-07-27 00:07:49 +02:00
|
|
|
}
|
2022-07-27 15:49:54 +02:00
|
|
|
req := &service_policy.CreateServicePolicyParams{
|
2022-07-27 00:07:49 +02:00
|
|
|
Policy: svcp,
|
|
|
|
|
Context: context.Background(),
|
|
|
|
|
}
|
2022-07-27 15:49:54 +02:00
|
|
|
req.SetTimeout(30 * time.Second)
|
2022-07-27 18:55:51 +02:00
|
|
|
resp, err := edge.ServicePolicy.CreateServicePolicy(req, nil)
|
2022-07-27 00:07:49 +02:00
|
|
|
if err != nil {
|
2022-07-27 15:49:54 +02:00
|
|
|
return err
|
2022-07-27 00:07:49 +02:00
|
|
|
}
|
2022-07-27 18:55:51 +02:00
|
|
|
logrus.Infof("created service policy '%v'", resp.Payload.Data.ID)
|
2022-07-27 15:49:54 +02:00
|
|
|
return nil
|
|
|
|
|
}
|
2022-07-26 23:17:37 +02:00
|
|
|
|
2022-07-27 15:49:54 +02:00
|
|
|
func createServiceEdgeRouterPolicy(svcName, svcId string, edge *rest_management_api_client.ZitiEdgeManagement) error {
|
2022-08-01 19:46:18 +02:00
|
|
|
edgeRouterRoles := []string{"#all"}
|
2022-07-27 15:49:54 +02:00
|
|
|
semantic := rest_model.SemanticAllOf
|
|
|
|
|
serviceRoles := []string{fmt.Sprintf("@%v", svcId)}
|
2022-07-26 22:36:47 +02:00
|
|
|
serp := &rest_model.ServiceEdgeRouterPolicyCreate{
|
2022-07-27 15:49:54 +02:00
|
|
|
EdgeRouterRoles: edgeRouterRoles,
|
|
|
|
|
Name: &svcName,
|
2022-07-26 23:17:37 +02:00
|
|
|
Semantic: &semantic,
|
2022-07-27 15:49:54 +02:00
|
|
|
ServiceRoles: serviceRoles,
|
2022-07-26 22:36:47 +02:00
|
|
|
}
|
|
|
|
|
serpParams := &service_edge_router_policy.CreateServiceEdgeRouterPolicyParams{
|
|
|
|
|
Policy: serp,
|
|
|
|
|
Context: context.Background(),
|
|
|
|
|
}
|
|
|
|
|
serpParams.SetTimeout(30 * time.Second)
|
2022-07-27 18:55:51 +02:00
|
|
|
resp, err := edge.ServiceEdgeRouterPolicy.CreateServiceEdgeRouterPolicy(serpParams, nil)
|
2022-07-26 22:36:47 +02:00
|
|
|
if err != nil {
|
2022-07-27 15:49:54 +02:00
|
|
|
return err
|
2022-07-26 22:36:47 +02:00
|
|
|
}
|
2022-07-27 18:55:51 +02:00
|
|
|
logrus.Infof("created service edge router policy '%v'", resp.Payload.Data.ID)
|
2022-07-27 15:49:54 +02:00
|
|
|
return nil
|
|
|
|
|
}
|
2022-07-26 22:36:47 +02:00
|
|
|
|
2022-07-27 15:49:54 +02:00
|
|
|
func createEdgeRouterPolicy(svcName, envId string, edge *rest_management_api_client.ZitiEdgeManagement) error {
|
2022-08-01 19:46:18 +02:00
|
|
|
edgeRouterRoles := []string{"#all"}
|
2022-07-27 15:49:54 +02:00
|
|
|
identityRoles := []string{fmt.Sprintf("@%v", envId)}
|
|
|
|
|
semantic := rest_model.SemanticAllOf
|
2022-07-26 23:26:39 +02:00
|
|
|
erp := &rest_model.EdgeRouterPolicyCreate{
|
2022-07-27 15:49:54 +02:00
|
|
|
EdgeRouterRoles: edgeRouterRoles,
|
|
|
|
|
IdentityRoles: identityRoles,
|
|
|
|
|
Name: &svcName,
|
2022-07-26 23:26:39 +02:00
|
|
|
Semantic: &semantic,
|
|
|
|
|
}
|
2022-07-27 18:17:37 +02:00
|
|
|
req := &edge_router_policy.CreateEdgeRouterPolicyParams{
|
2022-07-26 23:26:39 +02:00
|
|
|
Policy: erp,
|
|
|
|
|
Context: context.Background(),
|
|
|
|
|
}
|
2022-07-27 18:17:37 +02:00
|
|
|
req.SetTimeout(30 * time.Second)
|
2022-07-27 18:55:51 +02:00
|
|
|
resp, err := edge.EdgeRouterPolicy.CreateEdgeRouterPolicy(req, nil)
|
2022-07-26 23:26:39 +02:00
|
|
|
if err != nil {
|
2022-07-27 15:49:54 +02:00
|
|
|
return err
|
2022-07-26 23:26:39 +02:00
|
|
|
}
|
2022-07-27 18:55:51 +02:00
|
|
|
logrus.Infof("created edge router policy '%v'", resp.Payload.Data.ID)
|
2022-07-27 15:49:54 +02:00
|
|
|
return nil
|
2022-07-26 22:21:49 +02:00
|
|
|
}
|
