extern/zrok
1
1
Fork 0
mirror of https://github.com/openziti/zrok.git synced 2025-01-03 04:29:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

refactor public sharing backend to use frontend selection, rather than hard-wired frontend zids (#110)

Browse Source
This commit is contained in:
Michael Quigley 2022-12-06 11:48:59 -05:00
parent 95adcfe10a
commit 081a558ba2
No known key found for this signature in database
GPG Key ID: 9B60314A9DD20A62
7 changed files with 33 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
cmd/zrok/share_public.go
View File

@ -29,9 +29,10 @@ func init() {
} }
type sharePublicCommand struct { type sharePublicCommand struct {
quiet bool quiet bool
basicAuth []string basicAuth []string
cmd *cobra.Command frontendSelection []string
cmd *cobra.Command
} }
func newSharePublicCommand() *sharePublicCommand { func newSharePublicCommand() *sharePublicCommand {
@ -43,6 +44,7 @@ func newSharePublicCommand() *sharePublicCommand {
command := &sharePublicCommand{cmd: cmd} command := &sharePublicCommand{cmd: cmd}
cmd.Flags().BoolVarP(&command.quiet, "quiet", "q", false, "Disable TUI 'chrome' for quiet operation") cmd.Flags().BoolVarP(&command.quiet, "quiet", "q", false, "Disable TUI 'chrome' for quiet operation")
cmd.Flags().StringArrayVar(&command.basicAuth, "basic-auth", []string{}, "Basic authentication users (<username:password>,...)") cmd.Flags().StringArrayVar(&command.basicAuth, "basic-auth", []string{}, "Basic authentication users (<username:password>,...)")
cmd.Flags().StringArrayVar(&command.frontendSelection, "frontends", []string{"public"}, "Selected frontends to use for the share")
cmd.Run = command.run cmd.Run = command.run
return command return command
} }
@ -104,6 +106,7 @@ func (self *sharePublicCommand) run(_ *cobra.Command, args []string) {
req.Body = &rest_model_zrok.ShareRequest{ req.Body = &rest_model_zrok.ShareRequest{
EnvZID: env.ZId, EnvZID: env.ZId,
ShareMode: "public", ShareMode: "public",
FrontendSelection: self.frontendSelection,
BackendMode: "proxy", BackendMode: "proxy",
BackendProxyEndpoint: cfg.EndpointAddress, BackendProxyEndpoint: cfg.EndpointAddress,
AuthScheme: string(model.None), AuthScheme: string(model.None),

6
controller/config.go
View File

@ -12,7 +12,6 @@ type Config struct {
V int V int
Admin *AdminConfig Admin *AdminConfig
Endpoint *EndpointConfig Endpoint *EndpointConfig
Proxy *ProxyConfig
Email *EmailConfig Email *EmailConfig
Registration *RegistrationConfig Registration *RegistrationConfig
Store *store.Config Store *store.Config
@ -30,11 +29,6 @@ type EndpointConfig struct {
Port int Port int
} }
type ProxyConfig struct {
UrlTemplate string
Identities []string
}
type EmailConfig struct { type EmailConfig struct {
Host string Host string
Port int Port int

4
controller/edge.go
View File

@ -158,7 +158,7 @@ func deleteServicePolicyBind(envZId, svcToken string, edge *rest_management_api_
return deleteServicePolicy(envZId, fmt.Sprintf("tags.zrokServiceToken=\"%v\" and type=2", svcToken), edge) return deleteServicePolicy(envZId, fmt.Sprintf("tags.zrokServiceToken=\"%v\" and type=2", svcToken), edge)
} }
func createServicePolicyDial(envZId, svcToken, svcZId string, edge *rest_management_api_client.ZitiEdgeManagement, tags ...*rest_model.Tags) error { func createServicePolicyDial(envZId, svcToken, svcZId string, dialZIds []string, edge *rest_management_api_client.ZitiEdgeManagement, tags ...*rest_model.Tags) error {
allTags := zrokServiceTags(svcToken) allTags := zrokServiceTags(svcToken)
for _, t := range tags { for _, t := range tags {
for k, v := range t.SubTags { for k, v := range t.SubTags {
@ -167,7 +167,7 @@ func createServicePolicyDial(envZId, svcToken, svcZId string, edge *rest_managem
} }
var identityRoles []string var identityRoles []string
for _, proxyIdentity := range cfg.Proxy.Identities { for _, proxyIdentity := range dialZIds {
identityRoles = append(identityRoles, "@"+proxyIdentity) identityRoles = append(identityRoles, "@"+proxyIdentity)
logrus.Infof("added proxy identity role '%v'", proxyIdentity) logrus.Infof("added proxy identity role '%v'", proxyIdentity)
} }

16
controller/share.go
View File

@ -60,7 +60,21 @@ func (h *shareHandler) Handle(params service.ShareParams, principal *rest_model_
var frontendEndpoints []string var frontendEndpoints []string
switch params.Body.ShareMode { switch params.Body.ShareMode {
case "public": case "public":
svcZId, frontendEndpoints, err = newPublicResourceAllocator().allocate(envZId, svcToken, params, edge) var frontendZIds []string
var frontendTemplates []string
for _, frontendSelection := range params.Body.FrontendSelection {
sfe, err := str.FindFrontendPubliclyNamed(frontendSelection, tx)
if err != nil {
logrus.Error(err)
return service.NewUpdateShareNotFound()
}
if sfe != nil && sfe.UrlTemplate != nil {
frontendZIds = append(frontendZIds, sfe.ZId)
frontendTemplates = append(frontendTemplates, *sfe.UrlTemplate)
logrus.Infof("added frontend selection '%v' with ziti identity '%v' for service '%v'", svcToken)
}
}
svcZId, frontendEndpoints, err = newPublicResourceAllocator().allocate(envZId, svcToken, frontendZIds, frontendTemplates, params, edge)
if err != nil { if err != nil {
logrus.Error(err) logrus.Error(err)
return service.NewShareInternalServerError() return service.NewShareInternalServerError()

2
controller/share_private.go
View File

@ -35,5 +35,5 @@ func (a *privateResourceAllocator) allocate(envZId, svcToken string, params serv
return "", nil, err return "", nil, err
} }
return svcZId, []string{proxyUrl(svcToken)}, nil return svcZId, nil, nil
} }

10
controller/share_public.go
View File

@ -12,7 +12,7 @@ func newPublicResourceAllocator() *publicResourceAllocator {
return &publicResourceAllocator{} return &publicResourceAllocator{}
} }
func (a *publicResourceAllocator) allocate(envZId, svcToken string, params service.ShareParams, edge *rest_management_api_client.ZitiEdgeManagement) (svcZId string, frontendEndpoints []string, err error) { func (a *publicResourceAllocator) allocate(envZId, svcToken string, frontendZIds, frontendTemplates []string, params service.ShareParams, edge *rest_management_api_client.ZitiEdgeManagement) (svcZId string, frontendEndpoints []string, err error) {
var authUsers []*model.AuthUser var authUsers []*model.AuthUser
for _, authUser := range params.Body.AuthUsers { for _, authUser := range params.Body.AuthUsers {
authUsers = append(authUsers, &model.AuthUser{authUser.Username, authUser.Password}) authUsers = append(authUsers, &model.AuthUser{authUser.Username, authUser.Password})
@ -31,7 +31,7 @@ func (a *publicResourceAllocator) allocate(envZId, svcToken string, params servi
return "", nil, err return "", nil, err
} }
if err := createServicePolicyDial(envZId, svcToken, svcZId, edge); err != nil { if err := createServicePolicyDial(envZId, svcToken, svcZId, frontendZIds, edge); err != nil {
return "", nil, err return "", nil, err
} }
@ -39,5 +39,9 @@ func (a *publicResourceAllocator) allocate(envZId, svcToken string, params servi
return "", nil, err return "", nil, err
} }
return svcZId, []string{proxyUrl(svcToken)}, nil for _, frontendTemplate := range frontendTemplates {
frontendEndpoints = append(frontendEndpoints, proxyUrl(svcToken, frontendTemplate))
}
return svcZId, frontendEndpoints, nil
} }

4
controller/util.go
View File

@ -102,6 +102,6 @@ func realRemoteAddress(req *http.Request) string {
return ip return ip
} }
func proxyUrl(svcToken string) string { func proxyUrl(svcToken, template string) string {
return strings.Replace(cfg.Proxy.UrlTemplate, "{svcToken}", svcToken, -1) return strings.Replace(template, "{svcToken}", svcToken, -1)
} }