create missing erps for ctrl and frontend identities (#131)

2024-11-22 16:13:47 +01:00 · 2022-12-05 15:00:22 -05:00 · 2022-12-05 15:00:22 -05:00 · 0dcd614cd5
commit 0dcd614cd5
parent f385d9de3b
4 changed files with 38 additions and 26 deletions
--- a/cmd/zrok/admin_bootstrap.go
+++ b/cmd/zrok/admin_bootstrap.go
@ -12,7 +12,9 @@ func init() {
 }

 type adminBootstrap struct {
-	cmd *cobra.Command
+	cmd          *cobra.Command
+	skipCtrl     bool
+	skipFrontend bool
 }

 func newAdminBootstrap() *adminBootstrap {
@ -23,6 +25,8 @@ func newAdminBootstrap() *adminBootstrap {
 	}
 	command := &adminBootstrap{cmd: cmd}
 	cmd.Run = command.run
+	cmd.Flags().BoolVar(&command.skipCtrl, "skip-ctrl", false, "Skip controller (ctrl) identity bootstrapping")
+	cmd.Flags().BoolVar(&command.skipFrontend, "skip-frontend", false, "Slip frontend identity bootstrapping")
 	return command
 }

@ -33,7 +37,7 @@ func (cmd *adminBootstrap) run(_ *cobra.Command, args []string) {
 		panic(err)
 	}
 	logrus.Infof(cf.Dump(inCfg, cf.DefaultOptions()))
-	if err := controller.Bootstrap(inCfg); err != nil {
+	if err := controller.Bootstrap(cmd.skipCtrl, cmd.skipFrontend, inCfg); err != nil {
 		panic(err)
 	}
 	logrus.Info("bootstrap complete!")
--- a/controller/bootstrap.go
+++ b/controller/bootstrap.go
@ -17,7 +17,7 @@ import (
 	"time"
 )

-func Bootstrap(inCfg *Config) error {
+func Bootstrap(skipCtrl, skipFrontend bool, inCfg *Config) error {
 	cfg = inCfg

 	edge, err := edgeClient()
@ -25,28 +25,32 @@ func Bootstrap(inCfg *Config) error {
 		return err
 	}

-	if ctrlZId, err := getIdentityId("ctrl"); err == nil {
-		logrus.Infof("controller identity: %v", ctrlZId)
-		if err := assertIdentity(ctrlZId, edge); err != nil {
+	if !skipCtrl {
+		if ctrlZId, err := getIdentityId("ctrl"); err == nil {
+			logrus.Infof("controller identity: %v", ctrlZId)
+			if err := assertIdentity(ctrlZId, edge); err != nil {
+				panic(err)
+			}
+			if err := assertErpForIdentity("ctrl", ctrlZId, edge); err != nil {
+				panic(err)
+			}
+		} else {
 			panic(err)
 		}
-		if err := assertErpForIdentity("ctrl", ctrlZId, edge); err != nil {
-			panic(err)
-		}
-	} else {
-		panic(err)
 	}

-	if frontendZId, err := getIdentityId("frontend"); err == nil {
-		logrus.Infof("frontend identity: %v", frontendZId)
-		if err := assertIdentity(frontendZId, edge); err != nil {
+	if !skipFrontend {
+		if frontendZId, err := getIdentityId("frontend"); err == nil {
+			logrus.Infof("frontend identity: %v", frontendZId)
+			if err := assertIdentity(frontendZId, edge); err != nil {
+				panic(err)
+			}
+			if err := assertErpForIdentity("frontend", frontendZId, edge); err != nil {
+				panic(err)
+			}
+		} else {
 			panic(err)
 		}
-		if err := assertErpForIdentity("frontend", frontendZId, edge); err != nil {
-			panic(err)
-		}
-	} else {
-		panic(err)
 	}

 	if err := assertZrokProxyConfigType(edge); err != nil {
@ -143,7 +147,10 @@ func assertErpForIdentity(name, zId string, edge *rest_management_api_client.Zit
 		return errors.Wrapf(err, "error listing edge router policies for '%v' (%v)", name, zId)
 	}
 	if len(listResp.Payload.Data) != 1 {
-		return errors.Errorf("found %d erps for '%v' (%v)", name, zId)
+		logrus.Infof("creating erp for '%v' (%v)", name, zId)
+		if err := createEdgeRouterPolicy(name, zId, edge); err != nil {
+			return errors.Wrapf(err, "error creating erp for '%v' (%v)", name, zId)
+		}
 	}
 	logrus.Infof("asserted erps for '%v' (%v)", name, zId)
 	return nil
--- a/controller/edge.go
+++ b/controller/edge.go
@ -288,14 +288,14 @@ func deleteService(envZId, svcZId string, edge *rest_management_api_client.ZitiE
 	return nil
 }

-func createEdgeRouterPolicy(zId string, edge *rest_management_api_client.ZitiEdgeManagement) error {
+func createEdgeRouterPolicy(name, zId string, edge *rest_management_api_client.ZitiEdgeManagement) error {
 	edgeRouterRoles := []string{"#all"}
 	identityRoles := []string{fmt.Sprintf("@%v", zId)}
 	semantic := rest_model_edge.SemanticAllOf
 	erp := &rest_model_edge.EdgeRouterPolicyCreate{
 		EdgeRouterRoles: edgeRouterRoles,
 		IdentityRoles:   identityRoles,
-		Name:            &zId,
+		Name:            &name,
 		Semantic:        &semantic,
 		Tags:            zrokTags(),
 	}
--- a/controller/enable.go
+++ b/controller/enable.go
@ -35,12 +35,13 @@ func (h *enableHandler) Handle(params environment.EnableParams, principal *rest_
 		logrus.Error(err)
 		return environment.NewEnableInternalServerError()
 	}
-	cfg, err := enrollIdentity(ident.Payload.Data.ID, client)
+	envZId := ident.Payload.Data.ID
+	cfg, err := enrollIdentity(envZId, client)
 	if err != nil {
 		logrus.Error(err)
 		return environment.NewEnableInternalServerError()
 	}
-	if err := createEdgeRouterPolicy(ident.Payload.Data.ID, client); err != nil {
+	if err := createEdgeRouterPolicy(envZId, envZId, client); err != nil {
 		logrus.Error(err)
 		return environment.NewEnableInternalServerError()
 	}
@ -48,7 +49,7 @@ func (h *enableHandler) Handle(params environment.EnableParams, principal *rest_
 		Description: params.Body.Description,
 		Host:        params.Body.Host,
 		Address:     realRemoteAddress(params.HTTPRequest),
-		ZId:         ident.Payload.Data.ID,
+		ZId:         envZId,
 	}, tx)
 	if err != nil {
 		logrus.Errorf("error storing created identity: %v", err)
@ -62,7 +63,7 @@ func (h *enableHandler) Handle(params environment.EnableParams, principal *rest_
 	logrus.Infof("created environment for '%v', with ziti identity '%v', and database id '%v'", principal.Email, ident.Payload.Data.ID, envId)

 	resp := environment.NewEnableCreated().WithPayload(&rest_model_zrok.EnableResponse{
-		Identity: ident.Payload.Data.ID,
+		Identity: envZId,
 	})

 	var out bytes.Buffer