zrok/controller/enable.go

package controller

import (
	"bytes"
	"encoding/json"
	"github.com/go-openapi/runtime/middleware"
	"github.com/jmoiron/sqlx"
	"github.com/openziti/zrok/controller/limits"
	"github.com/openziti/zrok/controller/store"
	"github.com/openziti/zrok/controller/zrokEdgeSdk"
	"github.com/openziti/zrok/rest_model_zrok"
	"github.com/openziti/zrok/rest_server_zrok/operations/environment"
	"github.com/pkg/errors"
	"github.com/sirupsen/logrus"
)

type enableHandler struct {
	cfg *limits.Config
}

func newEnableHandler(cfg *limits.Config) *enableHandler {
	return &enableHandler{cfg: cfg}
}

func (h *enableHandler) Handle(params environment.EnableParams, principal *rest_model_zrok.Principal) middleware.Responder {
	// start transaction early; if it fails, don't bother creating ziti resources
	tx, err := str.Begin()
	if err != nil {
		logrus.Errorf("error starting transaction for user '%v': %v", principal.Email, err)
		return environment.NewEnableInternalServerError()
	}
	defer func() { _ = tx.Rollback() }()

	if err := h.checkLimits(principal, tx); err != nil {
		logrus.Errorf("limits error for user '%v': %v", principal.Email, err)
		return environment.NewEnableUnauthorized()
	}

	client, err := zrokEdgeSdk.Client(cfg.Ziti)
	if err != nil {
		logrus.Errorf("error getting edge client for user '%v': %v", principal.Email, err)
		return environment.NewEnableInternalServerError()
	}

	uniqueToken, err := createShareToken()
	if err != nil {
		logrus.Errorf("error creating unique identity token for user '%v': %v", principal.Email, err)
		return environment.NewEnableInternalServerError()
	}

	ident, err := zrokEdgeSdk.CreateEnvironmentIdentity(uniqueToken, principal.Email, params.Body.Description, client)
	if err != nil {
		logrus.Errorf("error creating environment identity for user '%v': %v", principal.Email, err)
		return environment.NewEnableInternalServerError()
	}

	envZId := ident.Payload.Data.ID
	cfg, err := zrokEdgeSdk.EnrollIdentity(envZId, client)
	if err != nil {
		logrus.Errorf("error enrolling environment identity for user '%v': %v", principal.Email, err)
		return environment.NewEnableInternalServerError()
	}

	if err := zrokEdgeSdk.CreateEdgeRouterPolicy(envZId, envZId, client); err != nil {
		logrus.Errorf("error creating edge router policy for user '%v': %v", principal.Email, err)
		return environment.NewEnableInternalServerError()
	}

	envId, err := str.CreateEnvironment(int(principal.ID), &store.Environment{
		Description: params.Body.Description,
		Host:        params.Body.Host,
		Address:     realRemoteAddress(params.HTTPRequest),
		ZId:         envZId,
	}, tx)
	if err != nil {
		logrus.Errorf("error storing created identity for user '%v': %v", principal.Email, err)
		_ = tx.Rollback()
		return environment.NewEnableInternalServerError()
	}

	if err := tx.Commit(); err != nil {
		logrus.Errorf("error committing for user '%v': %v", principal.Email, err)
		return environment.NewEnableInternalServerError()
	}
	logrus.Infof("created environment for '%v', with ziti identity '%v', and database id '%v'", principal.Email, ident.Payload.Data.ID, envId)

	resp := environment.NewEnableCreated().WithPayload(&rest_model_zrok.EnableResponse{
		Identity: envZId,
	})

	var out bytes.Buffer
	enc := json.NewEncoder(&out)
	enc.SetEscapeHTML(false)
	err = enc.Encode(&cfg)
	if err != nil {
		panic(err)
	}
	resp.Payload.Cfg = out.String()

	return resp
}

func (h *enableHandler) checkLimits(principal *rest_model_zrok.Principal, tx *sqlx.Tx) error {
	if !principal.Limitless && h.cfg.Environments > limits.Unlimited {
		envs, err := str.FindEnvironmentsForAccount(int(principal.ID), tx)
		if err != nil {
			return errors.Errorf("unable to find environments for account '%v': %v", principal.Email, err)
		}
		if len(envs)+1 > h.cfg.Environments {
			return errors.Errorf("would exceed environments limit of %d for '%v'", h.cfg.Environments, principal.Email)
		}
	}
	return nil
}
skeleton bits for zrok enable 2022-07-25 23:05:44 +02:00			`package controller`

			`import (`
rough and sketchy identity creation and enrollment 2022-07-26 18:26:58 +02:00			`"bytes"`
			`"encoding/json"`
skeleton bits for zrok enable 2022-07-25 23:05:44 +02:00			`"github.com/go-openapi/runtime/middleware"`
environment limits (#96) 2023-01-13 16:19:11 +01:00			`"github.com/jmoiron/sqlx"`
roughed in limits model that incorporates bandwidth limit specs (#235) 2023-03-10 20:25:29 +01:00			`"github.com/openziti/zrok/controller/limits"`
openziti-rest-kitchen -> openziti (#158) 2023-01-13 21:01:34 +01:00			`"github.com/openziti/zrok/controller/store"`
			`"github.com/openziti/zrok/controller/zrokEdgeSdk"`
			`"github.com/openziti/zrok/rest_model_zrok"`
			`"github.com/openziti/zrok/rest_server_zrok/operations/environment"`
environment limits (#96) 2023-01-13 16:19:11 +01:00			`"github.com/pkg/errors"`
skeleton bits for zrok enable 2022-07-25 23:05:44 +02:00			`"github.com/sirupsen/logrus"`
			`)`

environment limits (#96) 2023-01-13 16:19:11 +01:00			`type enableHandler struct {`
roughed in limits model that incorporates bandwidth limit specs (#235) 2023-03-10 20:25:29 +01:00			`cfg *limits.Config`
environment limits (#96) 2023-01-13 16:19:11 +01:00			`}`
configurable edge client (#31) 2022-08-12 17:03:15 +02:00
roughed in limits model that incorporates bandwidth limit specs (#235) 2023-03-10 20:25:29 +01:00			`func newEnableHandler(cfg limits.Config) enableHandler {`
environment limits (#96) 2023-01-13 16:19:11 +01:00			`return &enableHandler{cfg: cfg}`
configurable edge client (#31) 2022-08-12 17:03:15 +02:00			`}`

api namespace/naming polish 2022-11-30 17:43:00 +01:00			`func (h enableHandler) Handle(params environment.EnableParams, principal rest_model_zrok.Principal) middleware.Responder {`
record service alloc/dealloc (#10) 2022-07-29 22:03:53 +02:00			`// start transaction early; if it fails, don't bother creating ziti resources`
			`tx, err := str.Begin()`
			`if err != nil {`
operational improvements in log messages (#186) 2023-01-30 17:38:55 +01:00			`logrus.Errorf("error starting transaction for user '%v': %v", principal.Email, err)`
api namespace/naming polish 2022-11-30 17:43:00 +01:00			`return environment.NewEnableInternalServerError()`
record service alloc/dealloc (#10) 2022-07-29 22:03:53 +02:00			`}`
improvements to zrok_sdk_edge for identities (#112) 2022-12-14 20:57:55 +01:00			`defer func() { _ = tx.Rollback() }()`
record service alloc/dealloc (#10) 2022-07-29 22:03:53 +02:00
environment limits (#96) 2023-01-13 16:19:11 +01:00			`if err := h.checkLimits(principal, tx); err != nil {`
operational improvements in log messages (#186) 2023-01-30 17:38:55 +01:00			`logrus.Errorf("limits error for user '%v': %v", principal.Email, err)`
environment limits (#96) 2023-01-13 16:19:11 +01:00			`return environment.NewEnableUnauthorized()`
			`}`

ziti edge client in sdk package (#128) 2023-03-07 20:31:39 +01:00			`client, err := zrokEdgeSdk.Client(cfg.Ziti)`
rough and sketchy identity creation and enrollment 2022-07-26 18:26:58 +02:00			`if err != nil {`
operational improvements in log messages (#186) 2023-01-30 17:38:55 +01:00			`logrus.Errorf("error getting edge client for user '%v': %v", principal.Email, err)`
api namespace/naming polish 2022-11-30 17:43:00 +01:00			`return environment.NewEnableInternalServerError()`
rough and sketchy identity creation and enrollment 2022-07-26 18:26:58 +02:00			`}`
environment limits (#96) 2023-01-13 16:19:11 +01:00
a random token will work better 2023-01-10 22:43:58 +01:00			`uniqueToken, err := createShareToken()`
			`if err != nil {`
operational improvements in log messages (#186) 2023-01-30 17:38:55 +01:00			`logrus.Errorf("error creating unique identity token for user '%v': %v", principal.Email, err)`
a random token will work better 2023-01-10 22:43:58 +01:00			`return environment.NewEnableInternalServerError()`
			`}`
environment limits (#96) 2023-01-13 16:19:11 +01:00
a random token will work better 2023-01-10 22:43:58 +01:00			`ident, err := zrokEdgeSdk.CreateEnvironmentIdentity(uniqueToken, principal.Email, params.Body.Description, client)`
rough and sketchy identity creation and enrollment 2022-07-26 18:26:58 +02:00			`if err != nil {`
operational improvements in log messages (#186) 2023-01-30 17:38:55 +01:00			`logrus.Errorf("error creating environment identity for user '%v': %v", principal.Email, err)`
api namespace/naming polish 2022-11-30 17:43:00 +01:00			`return environment.NewEnableInternalServerError()`
rough and sketchy identity creation and enrollment 2022-07-26 18:26:58 +02:00			`}`
environment limits (#96) 2023-01-13 16:19:11 +01:00
create missing erps for ctrl and frontend identities (#131) 2022-12-05 21:00:22 +01:00			`envZId := ident.Payload.Data.ID`
let's try embracing more camel case 2022-12-14 20:40:45 +01:00			`cfg, err := zrokEdgeSdk.EnrollIdentity(envZId, client)`
rough and sketchy identity creation and enrollment 2022-07-26 18:26:58 +02:00			`if err != nil {`
operational improvements in log messages (#186) 2023-01-30 17:38:55 +01:00			`logrus.Errorf("error enrolling environment identity for user '%v': %v", principal.Email, err)`
api namespace/naming polish 2022-11-30 17:43:00 +01:00			`return environment.NewEnableInternalServerError()`
rough and sketchy identity creation and enrollment 2022-07-26 18:26:58 +02:00			`}`
environment limits (#96) 2023-01-13 16:19:11 +01:00
let's try embracing more camel case 2022-12-14 20:40:45 +01:00			`if err := zrokEdgeSdk.CreateEdgeRouterPolicy(envZId, envZId, client); err != nil {`
operational improvements in log messages (#186) 2023-01-30 17:38:55 +01:00			`logrus.Errorf("error creating edge router policy for user '%v': %v", principal.Email, err)`
api namespace/naming polish 2022-11-30 17:43:00 +01:00			`return environment.NewEnableInternalServerError()`
create edge router policy for identity at enable time, not tunnel time 2022-08-17 19:43:16 +02:00			`}`
environment limits (#96) 2023-01-13 16:19:11 +01:00
elaboration 2022-08-03 20:25:27 +02:00			`envId, err := str.CreateEnvironment(int(principal.ID), &store.Environment{`
more naming simplification 2022-10-19 18:24:43 +02:00			`Description: params.Body.Description,`
			`Host: params.Body.Host,`
			`Address: realRemoteAddress(params.HTTPRequest),`
create missing erps for ctrl and frontend identities (#131) 2022-12-05 21:00:22 +01:00			`ZId: envZId,`
elaboration 2022-08-03 20:25:27 +02:00			`}, tx)`
fix authentication transaction; record created identities (#10) 2022-07-29 21:54:13 +02:00			`if err != nil {`
operational improvements in log messages (#186) 2023-01-30 17:38:55 +01:00			`logrus.Errorf("error storing created identity for user '%v': %v", principal.Email, err)`
fix authentication transaction; record created identities (#10) 2022-07-29 21:54:13 +02:00			`_ = tx.Rollback()`
api namespace/naming polish 2022-11-30 17:43:00 +01:00			`return environment.NewEnableInternalServerError()`
fix authentication transaction; record created identities (#10) 2022-07-29 21:54:13 +02:00			`}`
environment limits (#96) 2023-01-13 16:19:11 +01:00
fix authentication transaction; record created identities (#10) 2022-07-29 21:54:13 +02:00			`if err := tx.Commit(); err != nil {`
operational improvements in log messages (#186) 2023-01-30 17:38:55 +01:00			`logrus.Errorf("error committing for user '%v': %v", principal.Email, err)`
api namespace/naming polish 2022-11-30 17:43:00 +01:00			`return environment.NewEnableInternalServerError()`
fix authentication transaction; record created identities (#10) 2022-07-29 21:54:13 +02:00			`}`
wiring in the environment ziti identity for better correlation in logs (#90) 2022-11-08 21:07:18 +01:00			`logrus.Infof("created environment for '%v', with ziti identity '%v', and database id '%v'", principal.Email, ident.Payload.Data.ID, envId)`
fix authentication transaction; record created identities (#10) 2022-07-29 21:54:13 +02:00
api namespace/naming polish 2022-11-30 17:43:00 +01:00			`resp := environment.NewEnableCreated().WithPayload(&rest_model_zrok.EnableResponse{`
create missing erps for ctrl and frontend identities (#131) 2022-12-05 21:00:22 +01:00			`Identity: envZId,`
skeleton bits for zrok enable 2022-07-25 23:05:44 +02:00			`})`
rough and sketchy identity creation and enrollment 2022-07-26 18:26:58 +02:00
			`var out bytes.Buffer`
			`enc := json.NewEncoder(&out)`
			`enc.SetEscapeHTML(false)`
			`err = enc.Encode(&cfg)`
			`if err != nil {`
			`panic(err)`
			`}`
			`resp.Payload.Cfg = out.String()`

			`return resp`
			`}`
environment limits (#96) 2023-01-13 16:19:11 +01:00
			`func (h enableHandler) checkLimits(principal rest_model_zrok.Principal, tx *sqlx.Tx) error {`
roughed in limits model that incorporates bandwidth limit specs (#235) 2023-03-10 20:25:29 +01:00			`if !principal.Limitless && h.cfg.Environments > limits.Unlimited {`
environment limits (#96) 2023-01-13 16:19:11 +01:00			`envs, err := str.FindEnvironmentsForAccount(int(principal.ID), tx)`
			`if err != nil {`
			`return errors.Errorf("unable to find environments for account '%v': %v", principal.Email, err)`
			`}`
			`if len(envs)+1 > h.cfg.Environments {`
			`return errors.Errorf("would exceed environments limit of %d for '%v'", h.cfg.Environments, principal.Email)`
			`}`
			`}`
			`return nil`
			`}`