mirror of
https://github.com/openziti/zrok.git
synced 2025-01-18 03:48:51 +01:00
refactor public sharing backend to use frontend selection, rather than hard-wired frontend zids (#110)
This commit is contained in:
parent
95adcfe10a
commit
081a558ba2
@ -29,9 +29,10 @@ func init() {
|
||||
}
|
||||
|
||||
type sharePublicCommand struct {
|
||||
quiet bool
|
||||
basicAuth []string
|
||||
cmd *cobra.Command
|
||||
quiet bool
|
||||
basicAuth []string
|
||||
frontendSelection []string
|
||||
cmd *cobra.Command
|
||||
}
|
||||
|
||||
func newSharePublicCommand() *sharePublicCommand {
|
||||
@ -43,6 +44,7 @@ func newSharePublicCommand() *sharePublicCommand {
|
||||
command := &sharePublicCommand{cmd: cmd}
|
||||
cmd.Flags().BoolVarP(&command.quiet, "quiet", "q", false, "Disable TUI 'chrome' for quiet operation")
|
||||
cmd.Flags().StringArrayVar(&command.basicAuth, "basic-auth", []string{}, "Basic authentication users (<username:password>,...)")
|
||||
cmd.Flags().StringArrayVar(&command.frontendSelection, "frontends", []string{"public"}, "Selected frontends to use for the share")
|
||||
cmd.Run = command.run
|
||||
return command
|
||||
}
|
||||
@ -104,6 +106,7 @@ func (self *sharePublicCommand) run(_ *cobra.Command, args []string) {
|
||||
req.Body = &rest_model_zrok.ShareRequest{
|
||||
EnvZID: env.ZId,
|
||||
ShareMode: "public",
|
||||
FrontendSelection: self.frontendSelection,
|
||||
BackendMode: "proxy",
|
||||
BackendProxyEndpoint: cfg.EndpointAddress,
|
||||
AuthScheme: string(model.None),
|
||||
|
@ -12,7 +12,6 @@ type Config struct {
|
||||
V int
|
||||
Admin *AdminConfig
|
||||
Endpoint *EndpointConfig
|
||||
Proxy *ProxyConfig
|
||||
Email *EmailConfig
|
||||
Registration *RegistrationConfig
|
||||
Store *store.Config
|
||||
@ -30,11 +29,6 @@ type EndpointConfig struct {
|
||||
Port int
|
||||
}
|
||||
|
||||
type ProxyConfig struct {
|
||||
UrlTemplate string
|
||||
Identities []string
|
||||
}
|
||||
|
||||
type EmailConfig struct {
|
||||
Host string
|
||||
Port int
|
||||
|
@ -158,7 +158,7 @@ func deleteServicePolicyBind(envZId, svcToken string, edge *rest_management_api_
|
||||
return deleteServicePolicy(envZId, fmt.Sprintf("tags.zrokServiceToken=\"%v\" and type=2", svcToken), edge)
|
||||
}
|
||||
|
||||
func createServicePolicyDial(envZId, svcToken, svcZId string, edge *rest_management_api_client.ZitiEdgeManagement, tags ...*rest_model.Tags) error {
|
||||
func createServicePolicyDial(envZId, svcToken, svcZId string, dialZIds []string, edge *rest_management_api_client.ZitiEdgeManagement, tags ...*rest_model.Tags) error {
|
||||
allTags := zrokServiceTags(svcToken)
|
||||
for _, t := range tags {
|
||||
for k, v := range t.SubTags {
|
||||
@ -167,7 +167,7 @@ func createServicePolicyDial(envZId, svcToken, svcZId string, edge *rest_managem
|
||||
}
|
||||
|
||||
var identityRoles []string
|
||||
for _, proxyIdentity := range cfg.Proxy.Identities {
|
||||
for _, proxyIdentity := range dialZIds {
|
||||
identityRoles = append(identityRoles, "@"+proxyIdentity)
|
||||
logrus.Infof("added proxy identity role '%v'", proxyIdentity)
|
||||
}
|
||||
|
@ -60,7 +60,21 @@ func (h *shareHandler) Handle(params service.ShareParams, principal *rest_model_
|
||||
var frontendEndpoints []string
|
||||
switch params.Body.ShareMode {
|
||||
case "public":
|
||||
svcZId, frontendEndpoints, err = newPublicResourceAllocator().allocate(envZId, svcToken, params, edge)
|
||||
var frontendZIds []string
|
||||
var frontendTemplates []string
|
||||
for _, frontendSelection := range params.Body.FrontendSelection {
|
||||
sfe, err := str.FindFrontendPubliclyNamed(frontendSelection, tx)
|
||||
if err != nil {
|
||||
logrus.Error(err)
|
||||
return service.NewUpdateShareNotFound()
|
||||
}
|
||||
if sfe != nil && sfe.UrlTemplate != nil {
|
||||
frontendZIds = append(frontendZIds, sfe.ZId)
|
||||
frontendTemplates = append(frontendTemplates, *sfe.UrlTemplate)
|
||||
logrus.Infof("added frontend selection '%v' with ziti identity '%v' for service '%v'", svcToken)
|
||||
}
|
||||
}
|
||||
svcZId, frontendEndpoints, err = newPublicResourceAllocator().allocate(envZId, svcToken, frontendZIds, frontendTemplates, params, edge)
|
||||
if err != nil {
|
||||
logrus.Error(err)
|
||||
return service.NewShareInternalServerError()
|
||||
|
@ -35,5 +35,5 @@ func (a *privateResourceAllocator) allocate(envZId, svcToken string, params serv
|
||||
return "", nil, err
|
||||
}
|
||||
|
||||
return svcZId, []string{proxyUrl(svcToken)}, nil
|
||||
return svcZId, nil, nil
|
||||
}
|
||||
|
@ -12,7 +12,7 @@ func newPublicResourceAllocator() *publicResourceAllocator {
|
||||
return &publicResourceAllocator{}
|
||||
}
|
||||
|
||||
func (a *publicResourceAllocator) allocate(envZId, svcToken string, params service.ShareParams, edge *rest_management_api_client.ZitiEdgeManagement) (svcZId string, frontendEndpoints []string, err error) {
|
||||
func (a *publicResourceAllocator) allocate(envZId, svcToken string, frontendZIds, frontendTemplates []string, params service.ShareParams, edge *rest_management_api_client.ZitiEdgeManagement) (svcZId string, frontendEndpoints []string, err error) {
|
||||
var authUsers []*model.AuthUser
|
||||
for _, authUser := range params.Body.AuthUsers {
|
||||
authUsers = append(authUsers, &model.AuthUser{authUser.Username, authUser.Password})
|
||||
@ -31,7 +31,7 @@ func (a *publicResourceAllocator) allocate(envZId, svcToken string, params servi
|
||||
return "", nil, err
|
||||
}
|
||||
|
||||
if err := createServicePolicyDial(envZId, svcToken, svcZId, edge); err != nil {
|
||||
if err := createServicePolicyDial(envZId, svcToken, svcZId, frontendZIds, edge); err != nil {
|
||||
return "", nil, err
|
||||
}
|
||||
|
||||
@ -39,5 +39,9 @@ func (a *publicResourceAllocator) allocate(envZId, svcToken string, params servi
|
||||
return "", nil, err
|
||||
}
|
||||
|
||||
return svcZId, []string{proxyUrl(svcToken)}, nil
|
||||
for _, frontendTemplate := range frontendTemplates {
|
||||
frontendEndpoints = append(frontendEndpoints, proxyUrl(svcToken, frontendTemplate))
|
||||
}
|
||||
|
||||
return svcZId, frontendEndpoints, nil
|
||||
}
|
||||
|
@ -102,6 +102,6 @@ func realRemoteAddress(req *http.Request) string {
|
||||
return ip
|
||||
}
|
||||
|
||||
func proxyUrl(svcToken string) string {
|
||||
return strings.Replace(cfg.Proxy.UrlTemplate, "{svcToken}", svcToken, -1)
|
||||
func proxyUrl(svcToken, template string) string {
|
||||
return strings.Replace(template, "{svcToken}", svcToken, -1)
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user