zrok/controller/enable.go

package controller

import (
	"bytes"
	"encoding/json"
	"github.com/go-openapi/runtime/middleware"
	"github.com/jmoiron/sqlx"
	"github.com/openziti/zrok/controller/store"
	"github.com/openziti/zrok/controller/zrokEdgeSdk"
	"github.com/openziti/zrok/rest_model_zrok"
	"github.com/openziti/zrok/rest_server_zrok/operations/environment"
	"github.com/pkg/errors"
	"github.com/sirupsen/logrus"
)

type enableHandler struct{}

func newEnableHandler() *enableHandler {
	return &enableHandler{}
}

func (h *enableHandler) Handle(params environment.EnableParams, principal *rest_model_zrok.Principal) middleware.Responder {
	// start transaction early; if it fails, don't bother creating ziti resources
	trx, err := str.Begin()
	if err != nil {
		logrus.Errorf("error starting transaction for user '%v': %v", principal.Email, err)
		return environment.NewEnableInternalServerError()
	}
	defer func() { _ = trx.Rollback() }()

	if err := h.checkLimits(principal, trx); err != nil {
		logrus.Errorf("limits error for user '%v': %v", principal.Email, err)
		return environment.NewEnableUnauthorized()
	}

	client, err := zrokEdgeSdk.Client(cfg.Ziti)
	if err != nil {
		logrus.Errorf("error getting edge client for user '%v': %v", principal.Email, err)
		return environment.NewEnableInternalServerError()
	}

	uniqueToken, err := createShareToken()
	if err != nil {
		logrus.Errorf("error creating unique identity token for user '%v': %v", principal.Email, err)
		return environment.NewEnableInternalServerError()
	}

	ident, err := zrokEdgeSdk.CreateEnvironmentIdentity(uniqueToken, principal.Email, params.Body.Description, client)
	if err != nil {
		logrus.Errorf("error creating environment identity for user '%v': %v", principal.Email, err)
		return environment.NewEnableInternalServerError()
	}

	envZId := ident.Payload.Data.ID
	cfg, err := zrokEdgeSdk.EnrollIdentity(envZId, client)
	if err != nil {
		logrus.Errorf("error enrolling environment identity for user '%v': %v", principal.Email, err)
		return environment.NewEnableInternalServerError()
	}

	if err := zrokEdgeSdk.CreateEdgeRouterPolicy(envZId, envZId, client); err != nil {
		logrus.Errorf("error creating edge router policy for user '%v': %v", principal.Email, err)
		return environment.NewEnableInternalServerError()
	}

	envId, err := str.CreateEnvironment(int(principal.ID), &store.Environment{
		Description: params.Body.Description,
		Host:        params.Body.Host,
		Address:     realRemoteAddress(params.HTTPRequest),
		ZId:         envZId,
	}, trx)
	if err != nil {
		logrus.Errorf("error storing created identity for user '%v': %v", principal.Email, err)
		_ = trx.Rollback()
		return environment.NewEnableInternalServerError()
	}

	if err := trx.Commit(); err != nil {
		logrus.Errorf("error committing for user '%v': %v", principal.Email, err)
		return environment.NewEnableInternalServerError()
	}
	logrus.Infof("created environment for '%v', with ziti identity '%v', and database id '%v'", principal.Email, ident.Payload.Data.ID, envId)

	resp := environment.NewEnableCreated().WithPayload(&rest_model_zrok.EnableResponse{
		Identity: envZId,
	})

	var out bytes.Buffer
	enc := json.NewEncoder(&out)
	enc.SetEscapeHTML(false)
	err = enc.Encode(&cfg)
	if err != nil {
		panic(err)
	}
	resp.Payload.Cfg = out.String()

	return resp
}

func (h *enableHandler) checkLimits(principal *rest_model_zrok.Principal, trx *sqlx.Tx) error {
	if !principal.Limitless {
		if limitsAgent != nil {
			ok, err := limitsAgent.CanCreateEnvironment(int(principal.ID), trx)
			if err != nil {
				return errors.Wrapf(err, "error checking environment limits for '%v'", principal.Email)
			}
			if !ok {
				return errors.Errorf("environment limit check failed for '%v'", principal.Email)
			}
		}
	}
	return nil
}
skeleton bits for zrok enable 2022-07-25 23:05:44 +02:00			`package controller`

			`import (`
rough and sketchy identity creation and enrollment 2022-07-26 18:26:58 +02:00			`"bytes"`
			`"encoding/json"`
skeleton bits for zrok enable 2022-07-25 23:05:44 +02:00			`"github.com/go-openapi/runtime/middleware"`
share limits check owned by limits.Agent now (#277) 2023-03-21 21:34:45 +01:00			`"github.com/jmoiron/sqlx"`
openziti-rest-kitchen -> openziti (#158) 2023-01-13 21:01:34 +01:00			`"github.com/openziti/zrok/controller/store"`
			`"github.com/openziti/zrok/controller/zrokEdgeSdk"`
			`"github.com/openziti/zrok/rest_model_zrok"`
			`"github.com/openziti/zrok/rest_server_zrok/operations/environment"`
environment limits (#96) 2023-01-13 16:19:11 +01:00			`"github.com/pkg/errors"`
skeleton bits for zrok enable 2022-07-25 23:05:44 +02:00			`"github.com/sirupsen/logrus"`
			`)`

centralized environment limits check (#277) 2023-03-21 21:18:17 +01:00			`type enableHandler struct{}`
configurable edge client (#31) 2022-08-12 17:03:15 +02:00
centralized environment limits check (#277) 2023-03-21 21:18:17 +01:00			`func newEnableHandler() *enableHandler {`
			`return &enableHandler{}`
configurable edge client (#31) 2022-08-12 17:03:15 +02:00			`}`

api namespace/naming polish 2022-11-30 17:43:00 +01:00			`func (h enableHandler) Handle(params environment.EnableParams, principal rest_model_zrok.Principal) middleware.Responder {`
record service alloc/dealloc (#10) 2022-07-29 22:03:53 +02:00			`// start transaction early; if it fails, don't bother creating ziti resources`
share limits check owned by limits.Agent now (#277) 2023-03-21 21:34:45 +01:00			`trx, err := str.Begin()`
record service alloc/dealloc (#10) 2022-07-29 22:03:53 +02:00			`if err != nil {`
operational improvements in log messages (#186) 2023-01-30 17:38:55 +01:00			`logrus.Errorf("error starting transaction for user '%v': %v", principal.Email, err)`
api namespace/naming polish 2022-11-30 17:43:00 +01:00			`return environment.NewEnableInternalServerError()`
record service alloc/dealloc (#10) 2022-07-29 22:03:53 +02:00			`}`
share limits check owned by limits.Agent now (#277) 2023-03-21 21:34:45 +01:00			`defer func() { _ = trx.Rollback() }()`
record service alloc/dealloc (#10) 2022-07-29 22:03:53 +02:00
share limits check owned by limits.Agent now (#277) 2023-03-21 21:34:45 +01:00			`if err := h.checkLimits(principal, trx); err != nil {`
operational improvements in log messages (#186) 2023-01-30 17:38:55 +01:00			`logrus.Errorf("limits error for user '%v': %v", principal.Email, err)`
environment limits (#96) 2023-01-13 16:19:11 +01:00			`return environment.NewEnableUnauthorized()`
			`}`

ziti edge client in sdk package (#128) 2023-03-07 20:31:39 +01:00			`client, err := zrokEdgeSdk.Client(cfg.Ziti)`
rough and sketchy identity creation and enrollment 2022-07-26 18:26:58 +02:00			`if err != nil {`
operational improvements in log messages (#186) 2023-01-30 17:38:55 +01:00			`logrus.Errorf("error getting edge client for user '%v': %v", principal.Email, err)`
api namespace/naming polish 2022-11-30 17:43:00 +01:00			`return environment.NewEnableInternalServerError()`
rough and sketchy identity creation and enrollment 2022-07-26 18:26:58 +02:00			`}`
environment limits (#96) 2023-01-13 16:19:11 +01:00
a random token will work better 2023-01-10 22:43:58 +01:00			`uniqueToken, err := createShareToken()`
			`if err != nil {`
operational improvements in log messages (#186) 2023-01-30 17:38:55 +01:00			`logrus.Errorf("error creating unique identity token for user '%v': %v", principal.Email, err)`
a random token will work better 2023-01-10 22:43:58 +01:00			`return environment.NewEnableInternalServerError()`
			`}`
environment limits (#96) 2023-01-13 16:19:11 +01:00
a random token will work better 2023-01-10 22:43:58 +01:00			`ident, err := zrokEdgeSdk.CreateEnvironmentIdentity(uniqueToken, principal.Email, params.Body.Description, client)`
rough and sketchy identity creation and enrollment 2022-07-26 18:26:58 +02:00			`if err != nil {`
operational improvements in log messages (#186) 2023-01-30 17:38:55 +01:00			`logrus.Errorf("error creating environment identity for user '%v': %v", principal.Email, err)`
api namespace/naming polish 2022-11-30 17:43:00 +01:00			`return environment.NewEnableInternalServerError()`
rough and sketchy identity creation and enrollment 2022-07-26 18:26:58 +02:00			`}`
environment limits (#96) 2023-01-13 16:19:11 +01:00
create missing erps for ctrl and frontend identities (#131) 2022-12-05 21:00:22 +01:00			`envZId := ident.Payload.Data.ID`
let's try embracing more camel case 2022-12-14 20:40:45 +01:00			`cfg, err := zrokEdgeSdk.EnrollIdentity(envZId, client)`
rough and sketchy identity creation and enrollment 2022-07-26 18:26:58 +02:00			`if err != nil {`
operational improvements in log messages (#186) 2023-01-30 17:38:55 +01:00			`logrus.Errorf("error enrolling environment identity for user '%v': %v", principal.Email, err)`
api namespace/naming polish 2022-11-30 17:43:00 +01:00			`return environment.NewEnableInternalServerError()`
rough and sketchy identity creation and enrollment 2022-07-26 18:26:58 +02:00			`}`
environment limits (#96) 2023-01-13 16:19:11 +01:00
let's try embracing more camel case 2022-12-14 20:40:45 +01:00			`if err := zrokEdgeSdk.CreateEdgeRouterPolicy(envZId, envZId, client); err != nil {`
operational improvements in log messages (#186) 2023-01-30 17:38:55 +01:00			`logrus.Errorf("error creating edge router policy for user '%v': %v", principal.Email, err)`
api namespace/naming polish 2022-11-30 17:43:00 +01:00			`return environment.NewEnableInternalServerError()`
create edge router policy for identity at enable time, not tunnel time 2022-08-17 19:43:16 +02:00			`}`
environment limits (#96) 2023-01-13 16:19:11 +01:00
elaboration 2022-08-03 20:25:27 +02:00			`envId, err := str.CreateEnvironment(int(principal.ID), &store.Environment{`
more naming simplification 2022-10-19 18:24:43 +02:00			`Description: params.Body.Description,`
			`Host: params.Body.Host,`
			`Address: realRemoteAddress(params.HTTPRequest),`
create missing erps for ctrl and frontend identities (#131) 2022-12-05 21:00:22 +01:00			`ZId: envZId,`
share limits check owned by limits.Agent now (#277) 2023-03-21 21:34:45 +01:00			`}, trx)`
fix authentication transaction; record created identities (#10) 2022-07-29 21:54:13 +02:00			`if err != nil {`
operational improvements in log messages (#186) 2023-01-30 17:38:55 +01:00			`logrus.Errorf("error storing created identity for user '%v': %v", principal.Email, err)`
share limits check owned by limits.Agent now (#277) 2023-03-21 21:34:45 +01:00			`_ = trx.Rollback()`
api namespace/naming polish 2022-11-30 17:43:00 +01:00			`return environment.NewEnableInternalServerError()`
fix authentication transaction; record created identities (#10) 2022-07-29 21:54:13 +02:00			`}`
environment limits (#96) 2023-01-13 16:19:11 +01:00
share limits check owned by limits.Agent now (#277) 2023-03-21 21:34:45 +01:00			`if err := trx.Commit(); err != nil {`
operational improvements in log messages (#186) 2023-01-30 17:38:55 +01:00			`logrus.Errorf("error committing for user '%v': %v", principal.Email, err)`
api namespace/naming polish 2022-11-30 17:43:00 +01:00			`return environment.NewEnableInternalServerError()`
fix authentication transaction; record created identities (#10) 2022-07-29 21:54:13 +02:00			`}`
wiring in the environment ziti identity for better correlation in logs (#90) 2022-11-08 21:07:18 +01:00			`logrus.Infof("created environment for '%v', with ziti identity '%v', and database id '%v'", principal.Email, ident.Payload.Data.ID, envId)`
fix authentication transaction; record created identities (#10) 2022-07-29 21:54:13 +02:00
api namespace/naming polish 2022-11-30 17:43:00 +01:00			`resp := environment.NewEnableCreated().WithPayload(&rest_model_zrok.EnableResponse{`
create missing erps for ctrl and frontend identities (#131) 2022-12-05 21:00:22 +01:00			`Identity: envZId,`
skeleton bits for zrok enable 2022-07-25 23:05:44 +02:00			`})`
rough and sketchy identity creation and enrollment 2022-07-26 18:26:58 +02:00
			`var out bytes.Buffer`
			`enc := json.NewEncoder(&out)`
			`enc.SetEscapeHTML(false)`
			`err = enc.Encode(&cfg)`
			`if err != nil {`
			`panic(err)`
			`}`
			`resp.Payload.Cfg = out.String()`

			`return resp`
			`}`
environment limits (#96) 2023-01-13 16:19:11 +01:00
share limits check owned by limits.Agent now (#277) 2023-03-21 21:34:45 +01:00			`func (h enableHandler) checkLimits(principal rest_model_zrok.Principal, trx *sqlx.Tx) error {`
centralized environment limits check (#277) 2023-03-21 21:18:17 +01:00			`if !principal.Limitless {`
			`if limitsAgent != nil {`
share limits check owned by limits.Agent now (#277) 2023-03-21 21:34:45 +01:00			`ok, err := limitsAgent.CanCreateEnvironment(int(principal.ID), trx)`
centralized environment limits check (#277) 2023-03-21 21:18:17 +01:00			`if err != nil {`
share limits check owned by limits.Agent now (#277) 2023-03-21 21:34:45 +01:00			`return errors.Wrapf(err, "error checking environment limits for '%v'", principal.Email)`
centralized environment limits check (#277) 2023-03-21 21:18:17 +01:00			`}`
			`if !ok {`
share limits check owned by limits.Agent now (#277) 2023-03-21 21:34:45 +01:00			`return errors.Errorf("environment limit check failed for '%v'", principal.Email)`
centralized environment limits check (#277) 2023-03-21 21:18:17 +01:00			`}`
environment limits (#96) 2023-01-13 16:19:11 +01:00			`}`
			`}`
			`return nil`
			`}`