extern/zrok
1
1
Fork 0
mirror of https://github.com/openziti/zrok.git synced 2025-06-19 17:27:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

separate dial/bind service policies (#3)

Browse Source
This commit is contained in:
Michael Quigley 2022-07-26 18:07:49 -04:00
parent 3d9a7107c0
commit 06b523d39f
No known key found for this signature in database
GPG Key ID: 9B60314A9DD20A62
1 changed files with 28 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
controller/tunnel.go
View File

@ -51,14 +51,15 @@ func tunnelHandler(params tunnel.TunnelParams) middleware.Responder {
} }
logrus.Infof("created service '%v'", serviceId) logrus.Infof("created service '%v'", serviceId)
// Service Policy // Service Policy (Bind)
svcpIdRoles := []string{fmt.Sprintf("@%v", params.Body.Identity)} svcpIdRoles := []string{fmt.Sprintf("@%v", params.Body.Identity)}
svcpName := fmt.Sprintf("%v-bind", serviceId)
svcpPcRoles := []string{} svcpPcRoles := []string{}
svcpSvcRoles := []string{fmt.Sprintf("@%v", svcResp.Payload.Data.ID)} svcpSvcRoles := []string{fmt.Sprintf("@%v", svcResp.Payload.Data.ID)}
svcpDialBind := rest_model.DialBindBind svcpDialBind := rest_model.DialBindBind
svcp := &rest_model.ServicePolicyCreate{ svcp := &rest_model.ServicePolicyCreate{
IdentityRoles: svcpIdRoles, IdentityRoles: svcpIdRoles,
Name: &serviceId, Name: &svcpName,
PostureCheckRoles: svcpPcRoles, PostureCheckRoles: svcpPcRoles,
Semantic: &semantic, Semantic: &semantic,
ServiceRoles: svcpSvcRoles, ServiceRoles: svcpSvcRoles,
@ -74,7 +75,31 @@ func tunnelHandler(params tunnel.TunnelParams) middleware.Responder {
logrus.Error(err) logrus.Error(err)
return middleware.Error(500, err.Error()) return middleware.Error(500, err.Error())
} }
logrus.Infof("created service policy '%v'", serviceId) logrus.Infof("created service policy '%v' (bind)", serviceId)
// Service Policy (Dial)
svcpIdRoles = []string{"@PyB606.S."} // @proxy
svcpName = fmt.Sprintf("%v-dial", serviceId)
svcpDialBind = rest_model.DialBindDial
svcp = &rest_model.ServicePolicyCreate{
IdentityRoles: svcpIdRoles,
Name: &svcpName,
PostureCheckRoles: svcpPcRoles,
Semantic: &semantic,
ServiceRoles: svcpSvcRoles,
Type: &svcpDialBind,
}
svcpParams = &service_policy.CreateServicePolicyParams{
Policy: svcp,
Context: context.Background(),
}
svcpParams.SetTimeout(30 * time.Second)
_, err = edge.ServicePolicy.CreateServicePolicy(svcpParams, nil)
if err != nil {
logrus.Error(err)
return middleware.Error(500, err.Error())
}
logrus.Infof("created service policy '%v' (dial)", serviceId)
// Service Edge Router Policy // Service Edge Router Policy
serpErRoles := []string{"@tDnhG8jkG9"} // @linux-edge-router serpErRoles := []string{"@tDnhG8jkG9"} // @linux-edge-router