2022-09-02 16:50:13 +02:00
|
|
|
package controller
|
|
|
|
|
|
|
|
|
|
import (
|
2022-09-02 18:45:54 +02:00
|
|
|
"context"
|
|
|
|
|
"fmt"
|
2022-09-02 16:50:13 +02:00
|
|
|
"github.com/go-openapi/runtime/middleware"
|
2022-09-02 18:45:54 +02:00
|
|
|
"github.com/jmoiron/sqlx"
|
2022-09-02 16:50:13 +02:00
|
|
|
"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
|
|
|
|
|
"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/identity"
|
2022-09-02 18:45:54 +02:00
|
|
|
"github.com/openziti/edge/rest_management_api_client"
|
|
|
|
|
"github.com/openziti/edge/rest_management_api_client/edge_router_policy"
|
|
|
|
|
identity_edge "github.com/openziti/edge/rest_management_api_client/identity"
|
|
|
|
|
"github.com/pkg/errors"
|
2022-09-02 16:50:13 +02:00
|
|
|
"github.com/sirupsen/logrus"
|
2022-09-02 18:45:54 +02:00
|
|
|
"time"
|
2022-09-02 16:50:13 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type disableHandler struct {
|
|
|
|
|
cfg *Config
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func newDisableHandler(cfg *Config) *disableHandler {
|
|
|
|
|
return &disableHandler{cfg: cfg}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (self *disableHandler) Handle(params identity.DisableParams, principal *rest_model_zrok.Principal) middleware.Responder {
|
2022-09-02 18:45:54 +02:00
|
|
|
tx, err := str.Begin()
|
2022-09-02 16:50:13 +02:00
|
|
|
if err != nil {
|
|
|
|
|
logrus.Errorf("error starting transaction: %v", err)
|
|
|
|
|
return identity.NewDisableInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
|
|
|
|
|
}
|
2022-09-02 18:45:54 +02:00
|
|
|
defer func() { _ = tx.Rollback() }()
|
|
|
|
|
envId, err := self.checkZitiIdentity(params.Body.Identity, principal, tx)
|
|
|
|
|
if err != nil {
|
|
|
|
|
logrus.Errorf("identity check failed: %v", err)
|
|
|
|
|
return identity.NewDisableUnauthorized()
|
|
|
|
|
}
|
2022-09-02 19:07:27 +02:00
|
|
|
if err := self.removeEnvironment(envId, tx); err != nil {
|
2022-09-02 18:45:54 +02:00
|
|
|
logrus.Errorf("error removing environment: %v", err)
|
|
|
|
|
return identity.NewDisableInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
|
|
|
|
|
}
|
|
|
|
|
edge, err := edgeClient(self.cfg.Ziti)
|
|
|
|
|
if err != nil {
|
|
|
|
|
logrus.Errorf("error getting edge client: %v", err)
|
|
|
|
|
return identity.NewDisableInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
|
|
|
|
|
}
|
|
|
|
|
if err := self.deleteEdgeRouterPolicy(params.Body.Identity, edge); err != nil {
|
|
|
|
|
logrus.Errorf("error deleting edge router policy: %v", err)
|
|
|
|
|
return identity.NewDisableInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
|
|
|
|
|
}
|
|
|
|
|
if err := self.deleteIdentity(params.Body.Identity, edge); err != nil {
|
|
|
|
|
logrus.Errorf("error deleting identity: %v", err)
|
|
|
|
|
return identity.NewDisableInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
|
|
|
|
|
}
|
|
|
|
|
if err := tx.Commit(); err != nil {
|
|
|
|
|
logrus.Errorf("error committing: %v", err)
|
|
|
|
|
}
|
2022-09-02 16:50:13 +02:00
|
|
|
return identity.NewDisableOK()
|
|
|
|
|
}
|
2022-09-02 18:45:54 +02:00
|
|
|
|
|
|
|
|
func (self *disableHandler) checkZitiIdentity(id string, principal *rest_model_zrok.Principal, tx *sqlx.Tx) (int, error) {
|
|
|
|
|
envs, err := str.FindEnvironmentsForAccount(int(principal.ID), tx)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return -1, err
|
|
|
|
|
}
|
|
|
|
|
for _, env := range envs {
|
|
|
|
|
if env.ZitiIdentityId == id {
|
|
|
|
|
return env.Id, nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return -1, errors.Errorf("no such environment '%v'", id)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (self *disableHandler) deleteEdgeRouterPolicy(id string, edge *rest_management_api_client.ZitiEdgeManagement) error {
|
|
|
|
|
filter := fmt.Sprintf("name=\"zrok-%v\"", id)
|
|
|
|
|
limit := int64(0)
|
|
|
|
|
offset := int64(0)
|
|
|
|
|
listReq := &edge_router_policy.ListEdgeRouterPoliciesParams{
|
|
|
|
|
Filter: &filter,
|
|
|
|
|
Limit: &limit,
|
|
|
|
|
Offset: &offset,
|
|
|
|
|
Context: context.Background(),
|
|
|
|
|
}
|
|
|
|
|
listReq.SetTimeout(30 * time.Second)
|
|
|
|
|
listResp, err := edge.EdgeRouterPolicy.ListEdgeRouterPolicies(listReq, nil)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
if len(listResp.Payload.Data) == 1 {
|
|
|
|
|
erpId := *(listResp.Payload.Data[0].ID)
|
|
|
|
|
req := &edge_router_policy.DeleteEdgeRouterPolicyParams{
|
|
|
|
|
ID: erpId,
|
|
|
|
|
Context: context.Background(),
|
|
|
|
|
}
|
|
|
|
|
_, err := edge.EdgeRouterPolicy.DeleteEdgeRouterPolicy(req, nil)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
logrus.Infof("deleted edge router policy '%v'", erpId)
|
|
|
|
|
} else {
|
|
|
|
|
logrus.Infof("found '%d' edge router policies, expected 1", len(listResp.Payload.Data))
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (self *disableHandler) deleteIdentity(id string, edge *rest_management_api_client.ZitiEdgeManagement) error {
|
|
|
|
|
req := &identity_edge.DeleteIdentityParams{
|
|
|
|
|
ID: id,
|
|
|
|
|
Context: context.Background(),
|
|
|
|
|
}
|
|
|
|
|
req.SetTimeout(30 * time.Second)
|
|
|
|
|
_, err := edge.Identity.DeleteIdentity(req, nil)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
logrus.Infof("deleted identity '%v'", id)
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (self *disableHandler) removeEnvironment(envId int, tx *sqlx.Tx) error {
|
|
|
|
|
if err := str.DeleteEnvironment(envId, tx); err != nil {
|
|
|
|
|
return errors.Wrapf(err, "error deleting environment '%d'", envId)
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
