2024-04-30 22:58:09 +02:00
|
|
|
#!/usr/bin/env bash
|
|
|
|
|
|
|
|
set -o errexit
|
|
|
|
set -o nounset
|
|
|
|
set -o pipefail
|
|
|
|
# set -o xtrace
|
|
|
|
|
|
|
|
getZitiPublicFrontend(){
|
|
|
|
local RETURNED
|
|
|
|
local -A FIELDS
|
|
|
|
FIELDS[all]=0
|
|
|
|
FIELDS[zid]=1
|
|
|
|
FIELDS[name]=2
|
|
|
|
FIELDS[type]=3
|
|
|
|
FIELDS[attributes]=4
|
|
|
|
FIELDS[policy]=5
|
|
|
|
|
|
|
|
if (( $# )); then
|
|
|
|
RETURNED="$1"
|
|
|
|
shift
|
|
|
|
else
|
|
|
|
RETURNED="all"
|
|
|
|
fi
|
|
|
|
|
|
|
|
if (( $# )); then
|
|
|
|
echo "WARN: ignoring unexpected parameters: $*" >&2
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [[ -z "${FIELDS[$RETURNED]}" ]]; then
|
|
|
|
echo "ERROR: invalid return field $RETURNED" >&2
|
|
|
|
return 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
ziti edge list identities 'name="public"' --csv \
|
|
|
|
| awk -F, '$'${FIELDS[name]}'=="public" {print $'${FIELDS[$RETURNED]}';}'
|
|
|
|
}
|
|
|
|
|
|
|
|
getZrokPublicFrontend(){
|
|
|
|
local RETURNED
|
|
|
|
local -A FIELDS
|
|
|
|
FIELDS[all]=0
|
|
|
|
FIELDS[token]=1
|
|
|
|
FIELDS[zid]=2
|
|
|
|
FIELDS[name]=3
|
|
|
|
FIELDS[template]=4
|
|
|
|
FIELDS[created]=5
|
|
|
|
FIELDS[updated]=6
|
|
|
|
|
|
|
|
if (( $# )); then
|
|
|
|
RETURNED="$1"
|
|
|
|
shift
|
|
|
|
else
|
|
|
|
RETURNED="all"
|
|
|
|
fi
|
|
|
|
|
|
|
|
if (( $# )); then
|
|
|
|
echo "WARN: ignoring unexpected parameters: $*" >&2
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [[ -z "${FIELDS[$RETURNED]}" ]]; then
|
|
|
|
echo "ERROR: invalid return field $RETURNED" >&2
|
|
|
|
return 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
# strip ANSI sequences and return the first position from the line with a name exactly matching "public"
|
|
|
|
zrok admin list frontends | sed 's/\x1b\[[0-9;]*m//g' \
|
|
|
|
| awk '$'${FIELDS[name]}'=="public" {print $'${FIELDS[$RETURNED]}'}'
|
|
|
|
}
|
|
|
|
|
|
|
|
ziti edge login "https://ziti.${ZROK_DNS_ZONE}:${ZITI_CTRL_ADVERTISED_PORT}" \
|
|
|
|
--username admin \
|
|
|
|
--password "${ZITI_PWD}" \
|
|
|
|
--yes
|
|
|
|
|
|
|
|
if ! [[ -s ~/.zrok/identities/public.json ]]; then
|
|
|
|
mkdir -p ~/.zrok/identities
|
|
|
|
ziti edge create identity "public" --jwt-output-file /tmp/public.jwt
|
|
|
|
ziti edge enroll --jwt /tmp/public.jwt --out ~/.zrok/identities/public.json
|
|
|
|
fi
|
|
|
|
|
|
|
|
# find Ziti ID of default "public" frontend
|
|
|
|
ZITI_PUBLIC_ID="$(getZitiPublicFrontend zid)"
|
|
|
|
until [[ -n "${ZITI_PUBLIC_ID}" ]]; do
|
|
|
|
echo "DEBUG: waiting for default frontend "public" Ziti identity to be created"
|
|
|
|
sleep 3
|
|
|
|
ZITI_PUBLIC_ID="$(getZitiPublicFrontend zid)"
|
|
|
|
done
|
|
|
|
echo "DEBUG: 'public' ZITI_PUBLIC_ID=$ZITI_PUBLIC_ID"
|
|
|
|
|
|
|
|
until curl -sSf "${ZROK_API_ENDPOINT}/api/v1/version"; do
|
|
|
|
echo "DEBUG: waiting for zrok controller API version endpoint to respond"
|
|
|
|
sleep 3
|
|
|
|
done
|
|
|
|
|
|
|
|
# if default "public" frontend already exists
|
|
|
|
ZROK_PUBLIC_TOKEN=$(getZrokPublicFrontend token)
|
|
|
|
if [[ -n "${ZROK_PUBLIC_TOKEN}" ]]; then
|
|
|
|
|
|
|
|
# ensure the Ziti ID of the public frontend's identity is the same in Ziti and zrok
|
|
|
|
ZROK_PUBLIC_ZID=$(getZrokPublicFrontend zid)
|
|
|
|
if [[ "${ZITI_PUBLIC_ID}" != "${ZROK_PUBLIC_ZID}" ]]; then
|
|
|
|
echo "ERROR: existing Ziti Identity named 'public' with id '$ZITI_PUBLIC_ID' is from a previous zrok"\
|
|
|
|
"instance life cycle. Delete it then re-run zrok." >&2
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
echo "INFO: updating frontend"
|
|
|
|
zrok admin update frontend "${ZROK_PUBLIC_TOKEN}" \
|
2024-05-13 21:04:10 +02:00
|
|
|
--url-template "${ZROK_FRONTEND_SCHEME}://{token}.${ZROK_DNS_ZONE}:${ZROK_FRONTEND_PORT}"
|
2024-04-30 22:58:09 +02:00
|
|
|
else
|
|
|
|
echo "INFO: creating frontend"
|
|
|
|
zrok admin create frontend "${ZITI_PUBLIC_ID}" public \
|
2024-05-13 21:04:10 +02:00
|
|
|
"${ZROK_FRONTEND_SCHEME}://{token}.${ZROK_DNS_ZONE}:${ZROK_FRONTEND_PORT}"
|
2024-04-30 22:58:09 +02:00
|
|
|
fi
|
|
|
|
|
|
|
|
exec "${@}"
|