create missing erps for ctrl and frontend identities (#131)

This commit is contained in:
Michael Quigley 2022-12-05 15:00:22 -05:00
parent f385d9de3b
commit 0dcd614cd5
No known key found for this signature in database
GPG Key ID: 9B60314A9DD20A62
4 changed files with 38 additions and 26 deletions

View File

@ -12,7 +12,9 @@ func init() {
}
type adminBootstrap struct {
cmd *cobra.Command
cmd *cobra.Command
skipCtrl bool
skipFrontend bool
}
func newAdminBootstrap() *adminBootstrap {
@ -23,6 +25,8 @@ func newAdminBootstrap() *adminBootstrap {
}
command := &adminBootstrap{cmd: cmd}
cmd.Run = command.run
cmd.Flags().BoolVar(&command.skipCtrl, "skip-ctrl", false, "Skip controller (ctrl) identity bootstrapping")
cmd.Flags().BoolVar(&command.skipFrontend, "skip-frontend", false, "Slip frontend identity bootstrapping")
return command
}
@ -33,7 +37,7 @@ func (cmd *adminBootstrap) run(_ *cobra.Command, args []string) {
panic(err)
}
logrus.Infof(cf.Dump(inCfg, cf.DefaultOptions()))
if err := controller.Bootstrap(inCfg); err != nil {
if err := controller.Bootstrap(cmd.skipCtrl, cmd.skipFrontend, inCfg); err != nil {
panic(err)
}
logrus.Info("bootstrap complete!")

View File

@ -17,7 +17,7 @@ import (
"time"
)
func Bootstrap(inCfg *Config) error {
func Bootstrap(skipCtrl, skipFrontend bool, inCfg *Config) error {
cfg = inCfg
edge, err := edgeClient()
@ -25,28 +25,32 @@ func Bootstrap(inCfg *Config) error {
return err
}
if ctrlZId, err := getIdentityId("ctrl"); err == nil {
logrus.Infof("controller identity: %v", ctrlZId)
if err := assertIdentity(ctrlZId, edge); err != nil {
if !skipCtrl {
if ctrlZId, err := getIdentityId("ctrl"); err == nil {
logrus.Infof("controller identity: %v", ctrlZId)
if err := assertIdentity(ctrlZId, edge); err != nil {
panic(err)
}
if err := assertErpForIdentity("ctrl", ctrlZId, edge); err != nil {
panic(err)
}
} else {
panic(err)
}
if err := assertErpForIdentity("ctrl", ctrlZId, edge); err != nil {
panic(err)
}
} else {
panic(err)
}
if frontendZId, err := getIdentityId("frontend"); err == nil {
logrus.Infof("frontend identity: %v", frontendZId)
if err := assertIdentity(frontendZId, edge); err != nil {
if !skipFrontend {
if frontendZId, err := getIdentityId("frontend"); err == nil {
logrus.Infof("frontend identity: %v", frontendZId)
if err := assertIdentity(frontendZId, edge); err != nil {
panic(err)
}
if err := assertErpForIdentity("frontend", frontendZId, edge); err != nil {
panic(err)
}
} else {
panic(err)
}
if err := assertErpForIdentity("frontend", frontendZId, edge); err != nil {
panic(err)
}
} else {
panic(err)
}
if err := assertZrokProxyConfigType(edge); err != nil {
@ -143,7 +147,10 @@ func assertErpForIdentity(name, zId string, edge *rest_management_api_client.Zit
return errors.Wrapf(err, "error listing edge router policies for '%v' (%v)", name, zId)
}
if len(listResp.Payload.Data) != 1 {
return errors.Errorf("found %d erps for '%v' (%v)", name, zId)
logrus.Infof("creating erp for '%v' (%v)", name, zId)
if err := createEdgeRouterPolicy(name, zId, edge); err != nil {
return errors.Wrapf(err, "error creating erp for '%v' (%v)", name, zId)
}
}
logrus.Infof("asserted erps for '%v' (%v)", name, zId)
return nil

View File

@ -288,14 +288,14 @@ func deleteService(envZId, svcZId string, edge *rest_management_api_client.ZitiE
return nil
}
func createEdgeRouterPolicy(zId string, edge *rest_management_api_client.ZitiEdgeManagement) error {
func createEdgeRouterPolicy(name, zId string, edge *rest_management_api_client.ZitiEdgeManagement) error {
edgeRouterRoles := []string{"#all"}
identityRoles := []string{fmt.Sprintf("@%v", zId)}
semantic := rest_model_edge.SemanticAllOf
erp := &rest_model_edge.EdgeRouterPolicyCreate{
EdgeRouterRoles: edgeRouterRoles,
IdentityRoles: identityRoles,
Name: &zId,
Name: &name,
Semantic: &semantic,
Tags: zrokTags(),
}

View File

@ -35,12 +35,13 @@ func (h *enableHandler) Handle(params environment.EnableParams, principal *rest_
logrus.Error(err)
return environment.NewEnableInternalServerError()
}
cfg, err := enrollIdentity(ident.Payload.Data.ID, client)
envZId := ident.Payload.Data.ID
cfg, err := enrollIdentity(envZId, client)
if err != nil {
logrus.Error(err)
return environment.NewEnableInternalServerError()
}
if err := createEdgeRouterPolicy(ident.Payload.Data.ID, client); err != nil {
if err := createEdgeRouterPolicy(envZId, envZId, client); err != nil {
logrus.Error(err)
return environment.NewEnableInternalServerError()
}
@ -48,7 +49,7 @@ func (h *enableHandler) Handle(params environment.EnableParams, principal *rest_
Description: params.Body.Description,
Host: params.Body.Host,
Address: realRemoteAddress(params.HTTPRequest),
ZId: ident.Payload.Data.ID,
ZId: envZId,
}, tx)
if err != nil {
logrus.Errorf("error storing created identity: %v", err)
@ -62,7 +63,7 @@ func (h *enableHandler) Handle(params environment.EnableParams, principal *rest_
logrus.Infof("created environment for '%v', with ziti identity '%v', and database id '%v'", principal.Email, ident.Payload.Data.ID, envId)
resp := environment.NewEnableCreated().WithPayload(&rest_model_zrok.EnableResponse{
Identity: ident.Payload.Data.ID,
Identity: envZId,
})
var out bytes.Buffer