zrok/controller/enable.go

114 lines
3.8 KiB
Go
Raw Normal View History

2022-07-25 23:05:44 +02:00
package controller
import (
"bytes"
"encoding/json"
2022-07-25 23:05:44 +02:00
"github.com/go-openapi/runtime/middleware"
2023-01-13 16:19:11 +01:00
"github.com/jmoiron/sqlx"
"github.com/openziti/zrok/controller/store"
"github.com/openziti/zrok/controller/zrokEdgeSdk"
"github.com/openziti/zrok/rest_model_zrok"
"github.com/openziti/zrok/rest_server_zrok/operations/environment"
2023-01-13 16:19:11 +01:00
"github.com/pkg/errors"
2022-07-25 23:05:44 +02:00
"github.com/sirupsen/logrus"
)
2023-01-13 16:19:11 +01:00
type enableHandler struct {
cfg *LimitsConfig
}
2022-08-12 17:03:15 +02:00
2023-01-13 16:19:11 +01:00
func newEnableHandler(cfg *LimitsConfig) *enableHandler {
return &enableHandler{cfg: cfg}
2022-08-12 17:03:15 +02:00
}
2022-11-30 17:43:00 +01:00
func (h *enableHandler) Handle(params environment.EnableParams, principal *rest_model_zrok.Principal) middleware.Responder {
2022-07-29 22:03:53 +02:00
// start transaction early; if it fails, don't bother creating ziti resources
tx, err := str.Begin()
if err != nil {
logrus.Errorf("error starting transaction for user '%v': %v", principal.Email, err)
2022-11-30 17:43:00 +01:00
return environment.NewEnableInternalServerError()
2022-07-29 22:03:53 +02:00
}
defer func() { _ = tx.Rollback() }()
2022-07-29 22:03:53 +02:00
2023-01-13 16:19:11 +01:00
if err := h.checkLimits(principal, tx); err != nil {
logrus.Errorf("limits error for user '%v': %v", principal.Email, err)
2023-01-13 16:19:11 +01:00
return environment.NewEnableUnauthorized()
}
client, err := edgeClient()
if err != nil {
logrus.Errorf("error getting edge client for user '%v': %v", principal.Email, err)
2022-11-30 17:43:00 +01:00
return environment.NewEnableInternalServerError()
}
2023-01-13 16:19:11 +01:00
2023-01-10 22:43:58 +01:00
uniqueToken, err := createShareToken()
if err != nil {
logrus.Errorf("error creating unique identity token for user '%v': %v", principal.Email, err)
2023-01-10 22:43:58 +01:00
return environment.NewEnableInternalServerError()
}
2023-01-13 16:19:11 +01:00
2023-01-10 22:43:58 +01:00
ident, err := zrokEdgeSdk.CreateEnvironmentIdentity(uniqueToken, principal.Email, params.Body.Description, client)
if err != nil {
logrus.Errorf("error creating environment identity for user '%v': %v", principal.Email, err)
2022-11-30 17:43:00 +01:00
return environment.NewEnableInternalServerError()
}
2023-01-13 16:19:11 +01:00
envZId := ident.Payload.Data.ID
2022-12-14 20:40:45 +01:00
cfg, err := zrokEdgeSdk.EnrollIdentity(envZId, client)
if err != nil {
logrus.Errorf("error enrolling environment identity for user '%v': %v", principal.Email, err)
2022-11-30 17:43:00 +01:00
return environment.NewEnableInternalServerError()
}
2023-01-13 16:19:11 +01:00
2022-12-14 20:40:45 +01:00
if err := zrokEdgeSdk.CreateEdgeRouterPolicy(envZId, envZId, client); err != nil {
logrus.Errorf("error creating edge router policy for user '%v': %v", principal.Email, err)
2022-11-30 17:43:00 +01:00
return environment.NewEnableInternalServerError()
}
2023-01-13 16:19:11 +01:00
2022-08-03 20:25:27 +02:00
envId, err := str.CreateEnvironment(int(principal.ID), &store.Environment{
2022-10-19 18:24:43 +02:00
Description: params.Body.Description,
Host: params.Body.Host,
Address: realRemoteAddress(params.HTTPRequest),
ZId: envZId,
2022-08-03 20:25:27 +02:00
}, tx)
if err != nil {
logrus.Errorf("error storing created identity for user '%v': %v", principal.Email, err)
_ = tx.Rollback()
2022-11-30 17:43:00 +01:00
return environment.NewEnableInternalServerError()
}
2023-01-13 16:19:11 +01:00
if err := tx.Commit(); err != nil {
logrus.Errorf("error committing for user '%v': %v", principal.Email, err)
2022-11-30 17:43:00 +01:00
return environment.NewEnableInternalServerError()
}
logrus.Infof("created environment for '%v', with ziti identity '%v', and database id '%v'", principal.Email, ident.Payload.Data.ID, envId)
2022-11-30 17:43:00 +01:00
resp := environment.NewEnableCreated().WithPayload(&rest_model_zrok.EnableResponse{
Identity: envZId,
2022-07-25 23:05:44 +02:00
})
var out bytes.Buffer
enc := json.NewEncoder(&out)
enc.SetEscapeHTML(false)
err = enc.Encode(&cfg)
if err != nil {
panic(err)
}
resp.Payload.Cfg = out.String()
return resp
}
2023-01-13 16:19:11 +01:00
func (h *enableHandler) checkLimits(principal *rest_model_zrok.Principal, tx *sqlx.Tx) error {
2023-01-13 19:16:10 +01:00
if !principal.Limitless && h.cfg.Environments > Unlimited {
2023-01-13 16:19:11 +01:00
envs, err := str.FindEnvironmentsForAccount(int(principal.ID), tx)
if err != nil {
return errors.Errorf("unable to find environments for account '%v': %v", principal.Email, err)
}
if len(envs)+1 > h.cfg.Environments {
return errors.Errorf("would exceed environments limit of %d for '%v'", h.cfg.Environments, principal.Email)
}
}
return nil
}