From 06b523d39f7b75fdff00a421c28a872df6930be1 Mon Sep 17 00:00:00 2001
From: Michael Quigley <michael@quigley.com>
Date: Tue, 26 Jul 2022 18:07:49 -0400
Subject: [PATCH] separate dial/bind service policies (#3)

---
 controller/tunnel.go | 31 ++++++++++++++++++++++++++++---
 1 file changed, 28 insertions(+), 3 deletions(-)

diff --git a/controller/tunnel.go b/controller/tunnel.go
index c014501d..dfeae4c9 100644
--- a/controller/tunnel.go
+++ b/controller/tunnel.go
@@ -51,14 +51,15 @@ func tunnelHandler(params tunnel.TunnelParams) middleware.Responder {
 	}
 	logrus.Infof("created service '%v'", serviceId)
 
-	// Service Policy
+	// Service Policy (Bind)
 	svcpIdRoles := []string{fmt.Sprintf("@%v", params.Body.Identity)}
+	svcpName := fmt.Sprintf("%v-bind", serviceId)
 	svcpPcRoles := []string{}
 	svcpSvcRoles := []string{fmt.Sprintf("@%v", svcResp.Payload.Data.ID)}
 	svcpDialBind := rest_model.DialBindBind
 	svcp := &rest_model.ServicePolicyCreate{
 		IdentityRoles:     svcpIdRoles,
-		Name:              &serviceId,
+		Name:              &svcpName,
 		PostureCheckRoles: svcpPcRoles,
 		Semantic:          &semantic,
 		ServiceRoles:      svcpSvcRoles,
@@ -74,7 +75,31 @@ func tunnelHandler(params tunnel.TunnelParams) middleware.Responder {
 		logrus.Error(err)
 		return middleware.Error(500, err.Error())
 	}
-	logrus.Infof("created service policy '%v'", serviceId)
+	logrus.Infof("created service policy '%v' (bind)", serviceId)
+
+	// Service Policy (Dial)
+	svcpIdRoles = []string{"@PyB606.S."} // @proxy
+	svcpName = fmt.Sprintf("%v-dial", serviceId)
+	svcpDialBind = rest_model.DialBindDial
+	svcp = &rest_model.ServicePolicyCreate{
+		IdentityRoles:     svcpIdRoles,
+		Name:              &svcpName,
+		PostureCheckRoles: svcpPcRoles,
+		Semantic:          &semantic,
+		ServiceRoles:      svcpSvcRoles,
+		Type:              &svcpDialBind,
+	}
+	svcpParams = &service_policy.CreateServicePolicyParams{
+		Policy:  svcp,
+		Context: context.Background(),
+	}
+	svcpParams.SetTimeout(30 * time.Second)
+	_, err = edge.ServicePolicy.CreateServicePolicy(svcpParams, nil)
+	if err != nil {
+		logrus.Error(err)
+		return middleware.Error(500, err.Error())
+	}
+	logrus.Infof("created service policy '%v' (dial)", serviceId)
 
 	// Service Edge Router Policy
 	serpErRoles := []string{"@tDnhG8jkG9"} // @linux-edge-router