From 15d289cc8721cc957efc135b30d3e4e155c6c61a Mon Sep 17 00:00:00 2001 From: Michael Quigley Date: Mon, 5 Dec 2022 15:40:42 -0500 Subject: [PATCH] create ctrl and frontend identities if missing (#131) --- controller/bootstrap.go | 64 ++++++++++++++++++++++++++++++++--------- controller/edge.go | 21 +++++++++----- controller/enable.go | 2 +- 3 files changed, 65 insertions(+), 22 deletions(-) diff --git a/controller/bootstrap.go b/controller/bootstrap.go index 816c2b24..9b53e400 100644 --- a/controller/bootstrap.go +++ b/controller/bootstrap.go @@ -1,7 +1,9 @@ package controller import ( + "bytes" "context" + "encoding/json" "fmt" "github.com/openziti-test-kitchen/zrok/model" "github.com/openziti-test-kitchen/zrok/zrokdir" @@ -10,6 +12,7 @@ import ( "github.com/openziti/edge/rest_management_api_client/edge_router_policy" "github.com/openziti/edge/rest_management_api_client/identity" "github.com/openziti/edge/rest_model" + rest_model_edge "github.com/openziti/edge/rest_model" "github.com/openziti/sdk-golang/ziti" config2 "github.com/openziti/sdk-golang/ziti/config" "github.com/pkg/errors" @@ -25,30 +28,38 @@ func Bootstrap(skipCtrl, skipFrontend bool, inCfg *Config) error { return err } + var ctrlZId string if !skipCtrl { - if ctrlZId, err := getIdentityId("ctrl"); err == nil { + if ctrlZId, err = getIdentityId("ctrl"); err == nil { logrus.Infof("controller identity: %v", ctrlZId) - if err := assertIdentity(ctrlZId, edge); err != nil { - panic(err) - } - if err := assertErpForIdentity("ctrl", ctrlZId, edge); err != nil { - panic(err) - } } else { + ctrlZId, err = bootstrapIdentity("ctrl", edge) + if err != nil { + panic(err) + } + } + if err := assertIdentity(ctrlZId, edge); err != nil { + panic(err) + } + if err := assertErpForIdentity("ctrl", ctrlZId, edge); err != nil { panic(err) } } + var frontendZId string if !skipFrontend { - if frontendZId, err := getIdentityId("frontend"); err == nil { + if frontendZId, err = getIdentityId("frontend"); err == nil { logrus.Infof("frontend identity: %v", frontendZId) - if err := assertIdentity(frontendZId, edge); err != nil { - panic(err) - } - if err := assertErpForIdentity("frontend", frontendZId, edge); err != nil { - panic(err) - } } else { + frontendZId, err = bootstrapIdentity("frontend", edge) + if err != nil { + panic(err) + } + } + if err := assertIdentity(frontendZId, edge); err != nil { + panic(err) + } + if err := assertErpForIdentity("frontend", frontendZId, edge); err != nil { panic(err) } } @@ -131,6 +142,31 @@ func assertIdentity(zId string, edge *rest_management_api_client.ZitiEdgeManagem return nil } +func bootstrapIdentity(name string, edge *rest_management_api_client.ZitiEdgeManagement) (string, error) { + idc, err := createIdentity(name, rest_model_edge.IdentityTypeDevice, nil, edge) + if err != nil { + return "", errors.Wrap(err, "error creating 'ctrl' identity") + } + + zId := idc.Payload.Data.ID + cfg, err := enrollIdentity(zId, edge) + if err != nil { + return "", errors.Wrap(err, "error enrolling 'ctrl' identity") + } + + var out bytes.Buffer + enc := json.NewEncoder(&out) + enc.SetEscapeHTML(false) + err = enc.Encode(&cfg) + if err != nil { + return "", errors.Wrapf(err, "error encoding identity config '%v'", name) + } + if err := zrokdir.SaveZitiIdentity(name, out.String()); err != nil { + return "", errors.Wrapf(err, "error saving identity config '%v'", name) + } + return zId, nil +} + func assertErpForIdentity(name, zId string, edge *rest_management_api_client.ZitiEdgeManagement) error { logrus.Infof("asserting erps for '%v'", name) filter := fmt.Sprintf("name=\"%v\" and tags.zrok != null", name) diff --git a/controller/edge.go b/controller/edge.go index 4eba485a..8373c35b 100644 --- a/controller/edge.go +++ b/controller/edge.go @@ -344,26 +344,33 @@ func deleteEdgeRouterPolicy(envZId string, edge *rest_management_api_client.Ziti return nil } -func createIdentity(email string, client *rest_management_api_client.ZitiEdgeManagement) (*identity_edge.CreateIdentityCreated, error) { - iIsAdmin := false +func createEnvironmentIdentity(accountEmail string, client *rest_management_api_client.ZitiEdgeManagement) (*identity_edge.CreateIdentityCreated, error) { name, err := createToken() if err != nil { return nil, err } identityType := rest_model_edge.IdentityTypeUser + moreTags := map[string]interface{}{"zrokEmail": accountEmail} + return createIdentity(name, identityType, moreTags, client) +} + +func createIdentity(name string, identityType rest_model_edge.IdentityType, moreTags map[string]interface{}, client *rest_management_api_client.ZitiEdgeManagement) (*identity_edge.CreateIdentityCreated, error) { + isAdmin := false tags := zrokTags() - tags.SubTags["zrokEmail"] = email - i := &rest_model_edge.IdentityCreate{ + for k, v := range moreTags { + tags.SubTags[k] = v + } + req := identity_edge.NewCreateIdentityParams() + req.Identity = &rest_model_edge.IdentityCreate{ Enrollment: &rest_model_edge.IdentityCreateEnrollment{Ott: true}, - IsAdmin: &iIsAdmin, + IsAdmin: &isAdmin, Name: &name, RoleAttributes: nil, ServiceHostingCosts: nil, Tags: tags, Type: &identityType, } - req := identity_edge.NewCreateIdentityParams() - req.Identity = i + req.SetTimeout(30 * time.Second) resp, err := client.Identity.CreateIdentity(req, nil) if err != nil { return nil, err diff --git a/controller/enable.go b/controller/enable.go index 3973bee0..1c3b8dba 100644 --- a/controller/enable.go +++ b/controller/enable.go @@ -30,7 +30,7 @@ func (h *enableHandler) Handle(params environment.EnableParams, principal *rest_ logrus.Errorf("error getting edge client: %v", err) return environment.NewEnableInternalServerError() } - ident, err := createIdentity(principal.Email, client) + ident, err := createEnvironmentIdentity(principal.Email, client) if err != nil { logrus.Error(err) return environment.NewEnableInternalServerError()