2022-07-25 23:05:44 +02:00
|
|
|
package controller
|
|
|
|
|
|
|
|
|
|
import (
|
2022-07-26 18:26:58 +02:00
|
|
|
"bytes"
|
|
|
|
|
"context"
|
|
|
|
|
"encoding/json"
|
|
|
|
|
"fmt"
|
2022-07-25 23:05:44 +02:00
|
|
|
"github.com/go-openapi/runtime/middleware"
|
2022-07-26 18:26:58 +02:00
|
|
|
"github.com/openziti-test-kitchen/zrok/controller/store"
|
2022-07-26 21:16:02 +02:00
|
|
|
"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
|
|
|
|
|
"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/identity"
|
2022-07-26 18:26:58 +02:00
|
|
|
"github.com/openziti/edge/rest_management_api_client"
|
|
|
|
|
identity_edge "github.com/openziti/edge/rest_management_api_client/identity"
|
|
|
|
|
rest_model_edge "github.com/openziti/edge/rest_model"
|
|
|
|
|
sdk_config "github.com/openziti/sdk-golang/ziti/config"
|
|
|
|
|
"github.com/openziti/sdk-golang/ziti/enroll"
|
2022-07-25 23:05:44 +02:00
|
|
|
"github.com/sirupsen/logrus"
|
2022-07-26 18:26:58 +02:00
|
|
|
"time"
|
2022-07-25 23:05:44 +02:00
|
|
|
)
|
|
|
|
|
|
2022-07-27 20:45:16 +02:00
|
|
|
func enableHandler(_ identity.EnableParams, principal *rest_model_zrok.Principal) middleware.Responder {
|
|
|
|
|
tx, err := Str.Begin()
|
2022-07-25 23:05:44 +02:00
|
|
|
if err != nil {
|
|
|
|
|
logrus.Errorf("error starting transaction: %v", err)
|
2022-07-27 19:38:35 +02:00
|
|
|
return identity.NewCreateAccountInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
|
2022-07-25 23:05:44 +02:00
|
|
|
}
|
2022-07-27 20:45:16 +02:00
|
|
|
a, err := Str.FindAccountWithToken(string(*principal), tx)
|
2022-07-25 23:05:44 +02:00
|
|
|
if err != nil {
|
|
|
|
|
logrus.Errorf("error finding account: %v", err)
|
2022-07-27 19:38:35 +02:00
|
|
|
return identity.NewCreateAccountBadRequest().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
|
2022-07-25 23:05:44 +02:00
|
|
|
}
|
|
|
|
|
if a == nil {
|
|
|
|
|
logrus.Errorf("account not found: %v", err)
|
2022-07-27 19:38:35 +02:00
|
|
|
return identity.NewEnableNotFound()
|
2022-07-25 23:05:44 +02:00
|
|
|
}
|
|
|
|
|
logrus.Infof("found account '%v'", a.Username)
|
|
|
|
|
|
2022-07-26 22:21:49 +02:00
|
|
|
client, err := edgeClient()
|
2022-07-26 18:26:58 +02:00
|
|
|
if err != nil {
|
2022-07-26 22:21:49 +02:00
|
|
|
logrus.Errorf("error getting edge client: %v", err)
|
2022-07-27 19:38:35 +02:00
|
|
|
return identity.NewEnableInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
|
2022-07-26 18:26:58 +02:00
|
|
|
}
|
|
|
|
|
ident, err := createIdentity(a, client)
|
|
|
|
|
if err != nil {
|
|
|
|
|
logrus.Error(err)
|
2022-07-27 19:38:35 +02:00
|
|
|
return identity.NewEnableInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
|
2022-07-26 18:26:58 +02:00
|
|
|
}
|
|
|
|
|
cfg, err := enrollIdentity(ident.Payload.Data.ID, client)
|
|
|
|
|
if err != nil {
|
2022-07-26 22:21:49 +02:00
|
|
|
logrus.Error(err)
|
2022-07-27 19:38:35 +02:00
|
|
|
return identity.NewEnableInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
|
2022-07-26 18:26:58 +02:00
|
|
|
}
|
|
|
|
|
|
2022-07-26 21:16:02 +02:00
|
|
|
resp := identity.NewEnableCreated().WithPayload(&rest_model_zrok.EnableResponse{
|
2022-07-26 18:26:58 +02:00
|
|
|
Identity: ident.Payload.Data.ID,
|
2022-07-25 23:05:44 +02:00
|
|
|
})
|
2022-07-26 18:26:58 +02:00
|
|
|
|
|
|
|
|
var out bytes.Buffer
|
|
|
|
|
enc := json.NewEncoder(&out)
|
|
|
|
|
enc.SetEscapeHTML(false)
|
|
|
|
|
err = enc.Encode(&cfg)
|
|
|
|
|
if err != nil {
|
|
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
resp.Payload.Cfg = out.String()
|
|
|
|
|
|
|
|
|
|
return resp
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func createIdentity(a *store.Account, client *rest_management_api_client.ZitiEdgeManagement) (*identity_edge.CreateIdentityCreated, error) {
|
|
|
|
|
iIsAdmin := false
|
2022-07-26 22:21:49 +02:00
|
|
|
iId, err := randomId()
|
2022-07-26 18:26:58 +02:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2022-07-27 19:38:35 +02:00
|
|
|
name := fmt.Sprintf("%v-%v", a.Username, iId)
|
|
|
|
|
identityType := rest_model_edge.IdentityTypeUser
|
2022-07-26 18:26:58 +02:00
|
|
|
i := &rest_model_edge.IdentityCreate{
|
|
|
|
|
Enrollment: &rest_model_edge.IdentityCreateEnrollment{Ott: true},
|
|
|
|
|
IsAdmin: &iIsAdmin,
|
2022-07-27 19:38:35 +02:00
|
|
|
Name: &name,
|
2022-07-26 18:26:58 +02:00
|
|
|
RoleAttributes: nil,
|
|
|
|
|
ServiceHostingCosts: nil,
|
|
|
|
|
Tags: nil,
|
2022-07-27 19:38:35 +02:00
|
|
|
Type: &identityType,
|
2022-07-26 18:26:58 +02:00
|
|
|
}
|
2022-07-27 19:38:35 +02:00
|
|
|
req := identity_edge.NewCreateIdentityParams()
|
|
|
|
|
req.Identity = i
|
|
|
|
|
resp, err := client.Identity.CreateIdentity(req, nil)
|
2022-07-26 18:26:58 +02:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2022-07-27 19:38:35 +02:00
|
|
|
return resp, nil
|
2022-07-26 18:26:58 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func enrollIdentity(id string, client *rest_management_api_client.ZitiEdgeManagement) (*sdk_config.Config, error) {
|
|
|
|
|
p := &identity_edge.DetailIdentityParams{
|
|
|
|
|
Context: context.Background(),
|
|
|
|
|
ID: id,
|
|
|
|
|
}
|
|
|
|
|
p.SetTimeout(30 * time.Second)
|
|
|
|
|
resp, err := client.Identity.DetailIdentity(p, nil)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
tkn, _, err := enroll.ParseToken(resp.GetPayload().Data.Enrollment.Ott.JWT)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
flags := enroll.EnrollmentFlags{
|
|
|
|
|
Token: tkn,
|
|
|
|
|
KeyAlg: "RSA",
|
|
|
|
|
}
|
|
|
|
|
conf, err := enroll.Enroll(flags)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return conf, nil
|
2022-07-25 23:05:44 +02:00
|
|
|
}
|
