From 081a558ba2c78da103622967bd977928acdfec51 Mon Sep 17 00:00:00 2001
From: Michael Quigley <michael@quigley.com>
Date: Tue, 6 Dec 2022 11:48:59 -0500
Subject: [PATCH] refactor public sharing backend to use frontend selection,
 rather than hard-wired frontend zids (#110)

---
 cmd/zrok/share_public.go    |  9 ++++++---
 controller/config.go        |  6 ------
 controller/edge.go          |  4 ++--
 controller/share.go         | 16 +++++++++++++++-
 controller/share_private.go |  2 +-
 controller/share_public.go  | 10 +++++++---
 controller/util.go          |  4 ++--
 7 files changed, 33 insertions(+), 18 deletions(-)

diff --git a/cmd/zrok/share_public.go b/cmd/zrok/share_public.go
index 86cde75d..7482c717 100644
--- a/cmd/zrok/share_public.go
+++ b/cmd/zrok/share_public.go
@@ -29,9 +29,10 @@ func init() {
 }
 
 type sharePublicCommand struct {
-	quiet     bool
-	basicAuth []string
-	cmd       *cobra.Command
+	quiet             bool
+	basicAuth         []string
+	frontendSelection []string
+	cmd               *cobra.Command
 }
 
 func newSharePublicCommand() *sharePublicCommand {
@@ -43,6 +44,7 @@ func newSharePublicCommand() *sharePublicCommand {
 	command := &sharePublicCommand{cmd: cmd}
 	cmd.Flags().BoolVarP(&command.quiet, "quiet", "q", false, "Disable TUI 'chrome' for quiet operation")
 	cmd.Flags().StringArrayVar(&command.basicAuth, "basic-auth", []string{}, "Basic authentication users (<username:password>,...)")
+	cmd.Flags().StringArrayVar(&command.frontendSelection, "frontends", []string{"public"}, "Selected frontends to use for the share")
 	cmd.Run = command.run
 	return command
 }
@@ -104,6 +106,7 @@ func (self *sharePublicCommand) run(_ *cobra.Command, args []string) {
 	req.Body = &rest_model_zrok.ShareRequest{
 		EnvZID:               env.ZId,
 		ShareMode:            "public",
+		FrontendSelection:    self.frontendSelection,
 		BackendMode:          "proxy",
 		BackendProxyEndpoint: cfg.EndpointAddress,
 		AuthScheme:           string(model.None),
diff --git a/controller/config.go b/controller/config.go
index feebdc1b..ec918f89 100644
--- a/controller/config.go
+++ b/controller/config.go
@@ -12,7 +12,6 @@ type Config struct {
 	V            int
 	Admin        *AdminConfig
 	Endpoint     *EndpointConfig
-	Proxy        *ProxyConfig
 	Email        *EmailConfig
 	Registration *RegistrationConfig
 	Store        *store.Config
@@ -30,11 +29,6 @@ type EndpointConfig struct {
 	Port int
 }
 
-type ProxyConfig struct {
-	UrlTemplate string
-	Identities  []string
-}
-
 type EmailConfig struct {
 	Host     string
 	Port     int
diff --git a/controller/edge.go b/controller/edge.go
index bd704b36..dc3c4079 100644
--- a/controller/edge.go
+++ b/controller/edge.go
@@ -158,7 +158,7 @@ func deleteServicePolicyBind(envZId, svcToken string, edge *rest_management_api_
 	return deleteServicePolicy(envZId, fmt.Sprintf("tags.zrokServiceToken=\"%v\" and type=2", svcToken), edge)
 }
 
-func createServicePolicyDial(envZId, svcToken, svcZId string, edge *rest_management_api_client.ZitiEdgeManagement, tags ...*rest_model.Tags) error {
+func createServicePolicyDial(envZId, svcToken, svcZId string, dialZIds []string, edge *rest_management_api_client.ZitiEdgeManagement, tags ...*rest_model.Tags) error {
 	allTags := zrokServiceTags(svcToken)
 	for _, t := range tags {
 		for k, v := range t.SubTags {
@@ -167,7 +167,7 @@ func createServicePolicyDial(envZId, svcToken, svcZId string, edge *rest_managem
 	}
 
 	var identityRoles []string
-	for _, proxyIdentity := range cfg.Proxy.Identities {
+	for _, proxyIdentity := range dialZIds {
 		identityRoles = append(identityRoles, "@"+proxyIdentity)
 		logrus.Infof("added proxy identity role '%v'", proxyIdentity)
 	}
diff --git a/controller/share.go b/controller/share.go
index edec7059..441c8a61 100644
--- a/controller/share.go
+++ b/controller/share.go
@@ -60,7 +60,21 @@ func (h *shareHandler) Handle(params service.ShareParams, principal *rest_model_
 	var frontendEndpoints []string
 	switch params.Body.ShareMode {
 	case "public":
-		svcZId, frontendEndpoints, err = newPublicResourceAllocator().allocate(envZId, svcToken, params, edge)
+		var frontendZIds []string
+		var frontendTemplates []string
+		for _, frontendSelection := range params.Body.FrontendSelection {
+			sfe, err := str.FindFrontendPubliclyNamed(frontendSelection, tx)
+			if err != nil {
+				logrus.Error(err)
+				return service.NewUpdateShareNotFound()
+			}
+			if sfe != nil && sfe.UrlTemplate != nil {
+				frontendZIds = append(frontendZIds, sfe.ZId)
+				frontendTemplates = append(frontendTemplates, *sfe.UrlTemplate)
+				logrus.Infof("added frontend selection '%v' with ziti identity '%v' for service '%v'", svcToken)
+			}
+		}
+		svcZId, frontendEndpoints, err = newPublicResourceAllocator().allocate(envZId, svcToken, frontendZIds, frontendTemplates, params, edge)
 		if err != nil {
 			logrus.Error(err)
 			return service.NewShareInternalServerError()
diff --git a/controller/share_private.go b/controller/share_private.go
index 5fa9dc3c..e59f9fc2 100644
--- a/controller/share_private.go
+++ b/controller/share_private.go
@@ -35,5 +35,5 @@ func (a *privateResourceAllocator) allocate(envZId, svcToken string, params serv
 		return "", nil, err
 	}
 
-	return svcZId, []string{proxyUrl(svcToken)}, nil
+	return svcZId, nil, nil
 }
diff --git a/controller/share_public.go b/controller/share_public.go
index 2bd136c6..5cef94c5 100644
--- a/controller/share_public.go
+++ b/controller/share_public.go
@@ -12,7 +12,7 @@ func newPublicResourceAllocator() *publicResourceAllocator {
 	return &publicResourceAllocator{}
 }
 
-func (a *publicResourceAllocator) allocate(envZId, svcToken string, params service.ShareParams, edge *rest_management_api_client.ZitiEdgeManagement) (svcZId string, frontendEndpoints []string, err error) {
+func (a *publicResourceAllocator) allocate(envZId, svcToken string, frontendZIds, frontendTemplates []string, params service.ShareParams, edge *rest_management_api_client.ZitiEdgeManagement) (svcZId string, frontendEndpoints []string, err error) {
 	var authUsers []*model.AuthUser
 	for _, authUser := range params.Body.AuthUsers {
 		authUsers = append(authUsers, &model.AuthUser{authUser.Username, authUser.Password})
@@ -31,7 +31,7 @@ func (a *publicResourceAllocator) allocate(envZId, svcToken string, params servi
 		return "", nil, err
 	}
 
-	if err := createServicePolicyDial(envZId, svcToken, svcZId, edge); err != nil {
+	if err := createServicePolicyDial(envZId, svcToken, svcZId, frontendZIds, edge); err != nil {
 		return "", nil, err
 	}
 
@@ -39,5 +39,9 @@ func (a *publicResourceAllocator) allocate(envZId, svcToken string, params servi
 		return "", nil, err
 	}
 
-	return svcZId, []string{proxyUrl(svcToken)}, nil
+	for _, frontendTemplate := range frontendTemplates {
+		frontendEndpoints = append(frontendEndpoints, proxyUrl(svcToken, frontendTemplate))
+	}
+
+	return svcZId, frontendEndpoints, nil
 }
diff --git a/controller/util.go b/controller/util.go
index 54fa1f6f..c9a68c0b 100644
--- a/controller/util.go
+++ b/controller/util.go
@@ -102,6 +102,6 @@ func realRemoteAddress(req *http.Request) string {
 	return ip
 }
 
-func proxyUrl(svcToken string) string {
-	return strings.Replace(cfg.Proxy.UrlTemplate, "{svcToken}", svcToken, -1)
+func proxyUrl(svcToken, template string) string {
+	return strings.Replace(template, "{svcToken}", svcToken, -1)
 }