2022-10-06 20:52:52 +02:00
|
|
|
package controller
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
|
|
|
|
"fmt"
|
2022-11-22 21:31:02 +01:00
|
|
|
"github.com/openziti-test-kitchen/zrok/build"
|
|
|
|
|
"github.com/openziti-test-kitchen/zrok/model"
|
2022-10-06 20:52:52 +02:00
|
|
|
"github.com/openziti/edge/rest_management_api_client"
|
|
|
|
|
"github.com/openziti/edge/rest_management_api_client/config"
|
2022-10-07 20:17:15 +02:00
|
|
|
"github.com/openziti/edge/rest_management_api_client/edge_router_policy"
|
|
|
|
|
identity_edge "github.com/openziti/edge/rest_management_api_client/identity"
|
2022-10-06 20:52:52 +02:00
|
|
|
"github.com/openziti/edge/rest_management_api_client/service"
|
2022-11-22 21:31:02 +01:00
|
|
|
edge_service "github.com/openziti/edge/rest_management_api_client/service"
|
2022-10-06 20:52:52 +02:00
|
|
|
"github.com/openziti/edge/rest_management_api_client/service_edge_router_policy"
|
|
|
|
|
"github.com/openziti/edge/rest_management_api_client/service_policy"
|
2022-11-22 21:31:02 +01:00
|
|
|
"github.com/openziti/edge/rest_model"
|
2022-12-02 14:28:40 +01:00
|
|
|
rest_model_edge "github.com/openziti/edge/rest_model"
|
|
|
|
|
sdk_config "github.com/openziti/sdk-golang/ziti/config"
|
|
|
|
|
"github.com/openziti/sdk-golang/ziti/enroll"
|
2022-10-06 20:52:52 +02:00
|
|
|
"github.com/sirupsen/logrus"
|
|
|
|
|
"time"
|
|
|
|
|
)
|
|
|
|
|
|
2022-11-30 18:10:00 +01:00
|
|
|
func createServiceEdgeRouterPolicy(envZId, svcToken, svcZId string, edge *rest_management_api_client.ZitiEdgeManagement) error {
|
2022-11-22 21:31:02 +01:00
|
|
|
edgeRouterRoles := []string{"#all"}
|
|
|
|
|
semantic := rest_model.SemanticAllOf
|
|
|
|
|
serviceRoles := []string{fmt.Sprintf("@%v", svcZId)}
|
|
|
|
|
serp := &rest_model.ServiceEdgeRouterPolicyCreate{
|
|
|
|
|
EdgeRouterRoles: edgeRouterRoles,
|
2022-11-30 18:10:00 +01:00
|
|
|
Name: &svcToken,
|
2022-11-22 21:31:02 +01:00
|
|
|
Semantic: &semantic,
|
|
|
|
|
ServiceRoles: serviceRoles,
|
2022-12-02 14:28:40 +01:00
|
|
|
Tags: zrokServiceTags(svcToken),
|
2022-11-22 21:31:02 +01:00
|
|
|
}
|
|
|
|
|
serpParams := &service_edge_router_policy.CreateServiceEdgeRouterPolicyParams{
|
|
|
|
|
Policy: serp,
|
|
|
|
|
Context: context.Background(),
|
|
|
|
|
}
|
|
|
|
|
serpParams.SetTimeout(30 * time.Second)
|
|
|
|
|
resp, err := edge.ServiceEdgeRouterPolicy.CreateServiceEdgeRouterPolicy(serpParams, nil)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
logrus.Infof("created service edge router policy '%v' for service '%v' for environment '%v'", resp.Payload.Data.ID, svcZId, envZId)
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2022-11-30 18:10:00 +01:00
|
|
|
func deleteServiceEdgeRouterPolicy(envZId, svcToken string, edge *rest_management_api_client.ZitiEdgeManagement) error {
|
|
|
|
|
filter := fmt.Sprintf("tags.zrokServiceToken=\"%v\"", svcToken)
|
2022-10-06 20:52:52 +02:00
|
|
|
limit := int64(1)
|
|
|
|
|
offset := int64(0)
|
|
|
|
|
listReq := &service_edge_router_policy.ListServiceEdgeRouterPoliciesParams{
|
|
|
|
|
Filter: &filter,
|
|
|
|
|
Limit: &limit,
|
|
|
|
|
Offset: &offset,
|
|
|
|
|
Context: context.Background(),
|
|
|
|
|
}
|
|
|
|
|
listReq.SetTimeout(30 * time.Second)
|
|
|
|
|
listResp, err := edge.ServiceEdgeRouterPolicy.ListServiceEdgeRouterPolicies(listReq, nil)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
if len(listResp.Payload.Data) == 1 {
|
|
|
|
|
serpId := *(listResp.Payload.Data[0].ID)
|
|
|
|
|
req := &service_edge_router_policy.DeleteServiceEdgeRouterPolicyParams{
|
|
|
|
|
ID: serpId,
|
|
|
|
|
Context: context.Background(),
|
|
|
|
|
}
|
|
|
|
|
req.SetTimeout(30 * time.Second)
|
|
|
|
|
_, err := edge.ServiceEdgeRouterPolicy.DeleteServiceEdgeRouterPolicy(req, nil)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2022-11-08 21:07:18 +01:00
|
|
|
logrus.Infof("deleted service edge router policy '%v' for environment '%v'", serpId, envZId)
|
2022-10-06 20:52:52 +02:00
|
|
|
} else {
|
|
|
|
|
logrus.Infof("did not find a service edge router policy")
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2022-11-30 18:10:00 +01:00
|
|
|
func createServicePolicyBind(envZId, svcToken, svcZId string, edge *rest_management_api_client.ZitiEdgeManagement) error {
|
2022-11-22 21:31:02 +01:00
|
|
|
semantic := rest_model.SemanticAllOf
|
|
|
|
|
identityRoles := []string{fmt.Sprintf("@%v", envZId)}
|
2022-11-30 18:10:00 +01:00
|
|
|
name := fmt.Sprintf("%v-backend", svcToken)
|
2022-11-22 21:31:02 +01:00
|
|
|
var postureCheckRoles []string
|
|
|
|
|
serviceRoles := []string{fmt.Sprintf("@%v", svcZId)}
|
|
|
|
|
dialBind := rest_model.DialBindBind
|
|
|
|
|
svcp := &rest_model.ServicePolicyCreate{
|
|
|
|
|
IdentityRoles: identityRoles,
|
|
|
|
|
Name: &name,
|
|
|
|
|
PostureCheckRoles: postureCheckRoles,
|
|
|
|
|
Semantic: &semantic,
|
|
|
|
|
ServiceRoles: serviceRoles,
|
|
|
|
|
Type: &dialBind,
|
2022-12-02 14:28:40 +01:00
|
|
|
Tags: zrokServiceTags(svcToken),
|
2022-11-22 21:31:02 +01:00
|
|
|
}
|
|
|
|
|
req := &service_policy.CreateServicePolicyParams{
|
|
|
|
|
Policy: svcp,
|
|
|
|
|
Context: context.Background(),
|
|
|
|
|
}
|
|
|
|
|
req.SetTimeout(30 * time.Second)
|
|
|
|
|
resp, err := edge.ServicePolicy.CreateServicePolicy(req, nil)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
logrus.Infof("created bind service policy '%v' for service '%v' for environment '%v'", resp.Payload.Data.ID, svcZId, envZId)
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2022-11-30 18:10:00 +01:00
|
|
|
func deleteServicePolicyBind(envZId, svcToken string, edge *rest_management_api_client.ZitiEdgeManagement) error {
|
2022-11-22 20:12:35 +01:00
|
|
|
// type=2 == "Bind"
|
2022-11-30 18:10:00 +01:00
|
|
|
return deleteServicePolicy(envZId, fmt.Sprintf("tags.zrokServiceToken=\"%v\" and type=2", svcToken), edge)
|
2022-10-06 20:52:52 +02:00
|
|
|
}
|
|
|
|
|
|
2022-11-30 18:10:00 +01:00
|
|
|
func createServicePolicyDial(envZId, svcToken, svcZId string, edge *rest_management_api_client.ZitiEdgeManagement, tags ...*rest_model.Tags) error {
|
2022-12-02 14:28:40 +01:00
|
|
|
allTags := zrokServiceTags(svcToken)
|
2022-11-23 19:00:01 +01:00
|
|
|
for _, t := range tags {
|
|
|
|
|
for k, v := range t.SubTags {
|
|
|
|
|
allTags.SubTags[k] = v
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-11-22 21:31:02 +01:00
|
|
|
var identityRoles []string
|
|
|
|
|
for _, proxyIdentity := range cfg.Proxy.Identities {
|
|
|
|
|
identityRoles = append(identityRoles, "@"+proxyIdentity)
|
|
|
|
|
logrus.Infof("added proxy identity role '%v'", proxyIdentity)
|
|
|
|
|
}
|
2022-11-30 18:10:00 +01:00
|
|
|
name := fmt.Sprintf("%v-dial", svcToken)
|
2022-11-22 21:31:02 +01:00
|
|
|
var postureCheckRoles []string
|
|
|
|
|
semantic := rest_model.SemanticAllOf
|
|
|
|
|
serviceRoles := []string{fmt.Sprintf("@%v", svcZId)}
|
|
|
|
|
dialBind := rest_model.DialBindDial
|
|
|
|
|
svcp := &rest_model.ServicePolicyCreate{
|
|
|
|
|
IdentityRoles: identityRoles,
|
|
|
|
|
Name: &name,
|
|
|
|
|
PostureCheckRoles: postureCheckRoles,
|
|
|
|
|
Semantic: &semantic,
|
|
|
|
|
ServiceRoles: serviceRoles,
|
|
|
|
|
Type: &dialBind,
|
2022-11-23 19:00:01 +01:00
|
|
|
Tags: allTags,
|
2022-11-22 21:31:02 +01:00
|
|
|
}
|
|
|
|
|
req := &service_policy.CreateServicePolicyParams{
|
|
|
|
|
Policy: svcp,
|
|
|
|
|
Context: context.Background(),
|
|
|
|
|
}
|
|
|
|
|
req.SetTimeout(30 * time.Second)
|
|
|
|
|
resp, err := edge.ServicePolicy.CreateServicePolicy(req, nil)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
logrus.Infof("created dial service policy '%v' for service '%v' for environment '%v'", resp.Payload.Data.ID, svcZId, envZId)
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2022-11-30 18:10:00 +01:00
|
|
|
func deleteServicePolicyDial(envZId, svcToken string, edge *rest_management_api_client.ZitiEdgeManagement) error {
|
2022-11-22 20:12:35 +01:00
|
|
|
// type=1 == "Dial"
|
2022-11-30 18:10:00 +01:00
|
|
|
return deleteServicePolicy(envZId, fmt.Sprintf("tags.zrokServiceToken=\"%v\" and type=1", svcToken), edge)
|
2022-10-06 20:52:52 +02:00
|
|
|
}
|
|
|
|
|
|
2022-11-08 21:07:18 +01:00
|
|
|
func deleteServicePolicy(envZId, filter string, edge *rest_management_api_client.ZitiEdgeManagement) error {
|
2022-10-06 20:52:52 +02:00
|
|
|
limit := int64(1)
|
|
|
|
|
offset := int64(0)
|
|
|
|
|
listReq := &service_policy.ListServicePoliciesParams{
|
|
|
|
|
Filter: &filter,
|
|
|
|
|
Limit: &limit,
|
|
|
|
|
Offset: &offset,
|
|
|
|
|
Context: context.Background(),
|
|
|
|
|
}
|
|
|
|
|
listReq.SetTimeout(30 * time.Second)
|
|
|
|
|
listResp, err := edge.ServicePolicy.ListServicePolicies(listReq, nil)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
if len(listResp.Payload.Data) == 1 {
|
|
|
|
|
spId := *(listResp.Payload.Data[0].ID)
|
|
|
|
|
req := &service_policy.DeleteServicePolicyParams{
|
|
|
|
|
ID: spId,
|
|
|
|
|
Context: context.Background(),
|
|
|
|
|
}
|
|
|
|
|
req.SetTimeout(30 * time.Second)
|
|
|
|
|
_, err := edge.ServicePolicy.DeleteServicePolicy(req, nil)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2022-11-08 21:07:18 +01:00
|
|
|
logrus.Infof("deleted service policy '%v' for environment '%v'", spId, envZId)
|
2022-10-06 20:52:52 +02:00
|
|
|
} else {
|
|
|
|
|
logrus.Infof("did not find a service policy")
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2022-11-30 18:10:00 +01:00
|
|
|
func createConfig(envZId, svcToken string, authSchemeStr string, authUsers []*model.AuthUser, edge *rest_management_api_client.ZitiEdgeManagement) (cfgID string, err error) {
|
2022-11-22 21:31:02 +01:00
|
|
|
authScheme, err := model.ParseAuthScheme(authSchemeStr)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", err
|
|
|
|
|
}
|
|
|
|
|
cfg := &model.ProxyConfig{
|
|
|
|
|
AuthScheme: authScheme,
|
|
|
|
|
}
|
|
|
|
|
if cfg.AuthScheme == model.Basic {
|
|
|
|
|
cfg.BasicAuth = &model.BasicAuth{}
|
|
|
|
|
for _, authUser := range authUsers {
|
|
|
|
|
cfg.BasicAuth.Users = append(cfg.BasicAuth.Users, &model.AuthUser{Username: authUser.Username, Password: authUser.Password})
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
cfgCrt := &rest_model.ConfigCreate{
|
|
|
|
|
ConfigTypeID: &zrokProxyConfigId,
|
|
|
|
|
Data: cfg,
|
2022-11-30 18:10:00 +01:00
|
|
|
Name: &svcToken,
|
2022-12-02 14:28:40 +01:00
|
|
|
Tags: zrokServiceTags(svcToken),
|
2022-11-22 21:31:02 +01:00
|
|
|
}
|
|
|
|
|
cfgReq := &config.CreateConfigParams{
|
|
|
|
|
Config: cfgCrt,
|
|
|
|
|
Context: context.Background(),
|
|
|
|
|
}
|
|
|
|
|
cfgReq.SetTimeout(30 * time.Second)
|
|
|
|
|
cfgResp, err := edge.Config.CreateConfig(cfgReq, nil)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", err
|
|
|
|
|
}
|
|
|
|
|
logrus.Infof("created config '%v' for environment '%v'", cfgResp.Payload.Data.ID, envZId)
|
|
|
|
|
return cfgResp.Payload.Data.ID, nil
|
|
|
|
|
}
|
|
|
|
|
|
2022-11-30 18:10:00 +01:00
|
|
|
func deleteConfig(envZId, svcToken string, edge *rest_management_api_client.ZitiEdgeManagement) error {
|
|
|
|
|
filter := fmt.Sprintf("tags.zrokServiceToken=\"%v\"", svcToken)
|
2022-10-07 20:17:15 +02:00
|
|
|
limit := int64(0)
|
|
|
|
|
offset := int64(0)
|
|
|
|
|
listReq := &config.ListConfigsParams{
|
|
|
|
|
Filter: &filter,
|
|
|
|
|
Limit: &limit,
|
|
|
|
|
Offset: &offset,
|
|
|
|
|
Context: context.Background(),
|
|
|
|
|
}
|
|
|
|
|
listReq.SetTimeout(30 * time.Second)
|
|
|
|
|
listResp, err := edge.Config.ListConfigs(listReq, nil)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
for _, cfg := range listResp.Payload.Data {
|
|
|
|
|
deleteReq := &config.DeleteConfigParams{
|
|
|
|
|
ID: *cfg.ID,
|
|
|
|
|
Context: context.Background(),
|
|
|
|
|
}
|
|
|
|
|
deleteReq.SetTimeout(30 * time.Second)
|
|
|
|
|
_, err := edge.Config.DeleteConfig(deleteReq, nil)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2022-11-08 21:07:18 +01:00
|
|
|
logrus.Infof("deleted config '%v' for '%v'", *cfg.ID, envZId)
|
2022-10-07 20:17:15 +02:00
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2022-11-30 18:10:00 +01:00
|
|
|
func createService(envZId, svcToken, cfgId string, edge *rest_management_api_client.ZitiEdgeManagement) (serviceId string, err error) {
|
2022-11-22 21:31:02 +01:00
|
|
|
configs := []string{cfgId}
|
|
|
|
|
encryptionRequired := true
|
|
|
|
|
svc := &rest_model.ServiceCreate{
|
|
|
|
|
Configs: configs,
|
|
|
|
|
EncryptionRequired: &encryptionRequired,
|
2022-11-30 18:10:00 +01:00
|
|
|
Name: &svcToken,
|
2022-12-02 14:28:40 +01:00
|
|
|
Tags: zrokServiceTags(svcToken),
|
2022-11-22 21:31:02 +01:00
|
|
|
}
|
|
|
|
|
req := &edge_service.CreateServiceParams{
|
|
|
|
|
Service: svc,
|
|
|
|
|
Context: context.Background(),
|
|
|
|
|
}
|
|
|
|
|
req.SetTimeout(30 * time.Second)
|
|
|
|
|
resp, err := edge.Service.CreateService(req, nil)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", err
|
|
|
|
|
}
|
2022-11-30 18:10:00 +01:00
|
|
|
logrus.Infof("created zrok service named '%v' (with ziti id '%v') for environment '%v'", svcToken, resp.Payload.Data.ID, envZId)
|
2022-11-22 21:31:02 +01:00
|
|
|
return resp.Payload.Data.ID, nil
|
|
|
|
|
}
|
|
|
|
|
|
2022-11-30 18:10:00 +01:00
|
|
|
func deleteService(envZId, svcZId string, edge *rest_management_api_client.ZitiEdgeManagement) error {
|
2022-10-06 20:52:52 +02:00
|
|
|
req := &service.DeleteServiceParams{
|
2022-11-30 18:10:00 +01:00
|
|
|
ID: svcZId,
|
2022-10-06 20:52:52 +02:00
|
|
|
Context: context.Background(),
|
|
|
|
|
}
|
|
|
|
|
req.SetTimeout(30 * time.Second)
|
|
|
|
|
_, err := edge.Service.DeleteService(req, nil)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2022-11-30 18:10:00 +01:00
|
|
|
logrus.Infof("deleted service '%v' for environment '%v'", svcZId, envZId)
|
2022-10-06 20:52:52 +02:00
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2022-12-05 21:00:22 +01:00
|
|
|
func createEdgeRouterPolicy(name, zId string, edge *rest_management_api_client.ZitiEdgeManagement) error {
|
2022-12-02 14:28:40 +01:00
|
|
|
edgeRouterRoles := []string{"#all"}
|
|
|
|
|
identityRoles := []string{fmt.Sprintf("@%v", zId)}
|
|
|
|
|
semantic := rest_model_edge.SemanticAllOf
|
|
|
|
|
erp := &rest_model_edge.EdgeRouterPolicyCreate{
|
|
|
|
|
EdgeRouterRoles: edgeRouterRoles,
|
|
|
|
|
IdentityRoles: identityRoles,
|
2022-12-05 21:00:22 +01:00
|
|
|
Name: &name,
|
2022-12-02 14:28:40 +01:00
|
|
|
Semantic: &semantic,
|
|
|
|
|
Tags: zrokTags(),
|
|
|
|
|
}
|
|
|
|
|
req := &edge_router_policy.CreateEdgeRouterPolicyParams{
|
|
|
|
|
Policy: erp,
|
|
|
|
|
Context: context.Background(),
|
|
|
|
|
}
|
|
|
|
|
req.SetTimeout(30 * time.Second)
|
|
|
|
|
resp, err := edge.EdgeRouterPolicy.CreateEdgeRouterPolicy(req, nil)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
logrus.Infof("created edge router policy '%v' for ziti identity '%v'", resp.Payload.Data.ID, zId)
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2022-11-30 18:10:00 +01:00
|
|
|
func deleteEdgeRouterPolicy(envZId string, edge *rest_management_api_client.ZitiEdgeManagement) error {
|
|
|
|
|
filter := fmt.Sprintf("name=\"%v\"", envZId)
|
2022-10-06 20:52:52 +02:00
|
|
|
limit := int64(0)
|
|
|
|
|
offset := int64(0)
|
2022-10-07 20:17:15 +02:00
|
|
|
listReq := &edge_router_policy.ListEdgeRouterPoliciesParams{
|
2022-10-06 20:52:52 +02:00
|
|
|
Filter: &filter,
|
|
|
|
|
Limit: &limit,
|
|
|
|
|
Offset: &offset,
|
|
|
|
|
Context: context.Background(),
|
|
|
|
|
}
|
|
|
|
|
listReq.SetTimeout(30 * time.Second)
|
2022-10-07 20:17:15 +02:00
|
|
|
listResp, err := edge.EdgeRouterPolicy.ListEdgeRouterPolicies(listReq, nil)
|
2022-10-06 20:52:52 +02:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2022-10-07 20:17:15 +02:00
|
|
|
if len(listResp.Payload.Data) == 1 {
|
|
|
|
|
erpId := *(listResp.Payload.Data[0].ID)
|
|
|
|
|
req := &edge_router_policy.DeleteEdgeRouterPolicyParams{
|
|
|
|
|
ID: erpId,
|
2022-10-06 20:52:52 +02:00
|
|
|
Context: context.Background(),
|
|
|
|
|
}
|
2022-10-07 20:17:15 +02:00
|
|
|
_, err := edge.EdgeRouterPolicy.DeleteEdgeRouterPolicy(req, nil)
|
2022-10-06 20:52:52 +02:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2022-11-08 21:07:18 +01:00
|
|
|
logrus.Infof("deleted edge router policy '%v' for environment '%v'", erpId, envZId)
|
2022-10-07 20:17:15 +02:00
|
|
|
} else {
|
|
|
|
|
logrus.Infof("found '%d' edge router policies, expected 1", len(listResp.Payload.Data))
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2022-12-02 14:28:40 +01:00
|
|
|
func createIdentity(email string, client *rest_management_api_client.ZitiEdgeManagement) (*identity_edge.CreateIdentityCreated, error) {
|
|
|
|
|
iIsAdmin := false
|
|
|
|
|
name, err := createToken()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
identityType := rest_model_edge.IdentityTypeUser
|
|
|
|
|
tags := zrokTags()
|
|
|
|
|
tags.SubTags["zrokEmail"] = email
|
|
|
|
|
i := &rest_model_edge.IdentityCreate{
|
|
|
|
|
Enrollment: &rest_model_edge.IdentityCreateEnrollment{Ott: true},
|
|
|
|
|
IsAdmin: &iIsAdmin,
|
|
|
|
|
Name: &name,
|
|
|
|
|
RoleAttributes: nil,
|
|
|
|
|
ServiceHostingCosts: nil,
|
|
|
|
|
Tags: tags,
|
|
|
|
|
Type: &identityType,
|
|
|
|
|
}
|
|
|
|
|
req := identity_edge.NewCreateIdentityParams()
|
|
|
|
|
req.Identity = i
|
|
|
|
|
resp, err := client.Identity.CreateIdentity(req, nil)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return resp, nil
|
|
|
|
|
}
|
|
|
|
|
|
2022-12-02 14:44:17 +01:00
|
|
|
func getIdentity(zId string, client *rest_management_api_client.ZitiEdgeManagement) (*identity_edge.ListIdentitiesOK, error) {
|
|
|
|
|
filter := fmt.Sprintf("id=\"%v\"", zId)
|
|
|
|
|
limit := int64(0)
|
|
|
|
|
offset := int64(0)
|
|
|
|
|
req := &identity_edge.ListIdentitiesParams{
|
|
|
|
|
Filter: &filter,
|
|
|
|
|
Limit: &limit,
|
|
|
|
|
Offset: &offset,
|
|
|
|
|
Context: context.Background(),
|
|
|
|
|
}
|
|
|
|
|
req.SetTimeout(30 * time.Second)
|
|
|
|
|
resp, err := client.Identity.ListIdentities(req, nil)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return resp, nil
|
|
|
|
|
}
|
|
|
|
|
|
2022-12-02 14:28:40 +01:00
|
|
|
func enrollIdentity(zId string, client *rest_management_api_client.ZitiEdgeManagement) (*sdk_config.Config, error) {
|
|
|
|
|
p := &identity_edge.DetailIdentityParams{
|
|
|
|
|
Context: context.Background(),
|
|
|
|
|
ID: zId,
|
|
|
|
|
}
|
|
|
|
|
p.SetTimeout(30 * time.Second)
|
|
|
|
|
resp, err := client.Identity.DetailIdentity(p, nil)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
tkn, _, err := enroll.ParseToken(resp.GetPayload().Data.Enrollment.Ott.JWT)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
flags := enroll.EnrollmentFlags{
|
|
|
|
|
Token: tkn,
|
|
|
|
|
KeyAlg: "RSA",
|
|
|
|
|
}
|
|
|
|
|
conf, err := enroll.Enroll(flags)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return conf, nil
|
|
|
|
|
}
|
|
|
|
|
|
2022-10-07 20:17:15 +02:00
|
|
|
func deleteIdentity(id string, edge *rest_management_api_client.ZitiEdgeManagement) error {
|
|
|
|
|
req := &identity_edge.DeleteIdentityParams{
|
|
|
|
|
ID: id,
|
|
|
|
|
Context: context.Background(),
|
|
|
|
|
}
|
|
|
|
|
req.SetTimeout(30 * time.Second)
|
|
|
|
|
_, err := edge.Identity.DeleteIdentity(req, nil)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
2022-10-06 20:52:52 +02:00
|
|
|
}
|
2022-11-08 21:07:18 +01:00
|
|
|
logrus.Infof("deleted environment identity '%v'", id)
|
2022-10-06 20:52:52 +02:00
|
|
|
return nil
|
|
|
|
|
}
|
2022-11-22 21:31:02 +01:00
|
|
|
|
2022-12-02 14:28:40 +01:00
|
|
|
func zrokTags() *rest_model.Tags {
|
2022-11-22 21:31:02 +01:00
|
|
|
return &rest_model.Tags{
|
|
|
|
|
SubTags: map[string]interface{}{
|
2022-12-02 14:28:40 +01:00
|
|
|
"zrok": build.String(),
|
2022-11-22 21:31:02 +01:00
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
}
|
2022-12-02 14:28:40 +01:00
|
|
|
|
|
|
|
|
func zrokServiceTags(svcToken string) *rest_model.Tags {
|
|
|
|
|
tags := zrokTags()
|
|
|
|
|
tags.SubTags["zrokServiceToken"] = svcToken
|
|
|
|
|
return tags
|
|
|
|
|
}
|
