extern/zrok
1
1
Fork 0
mirror of https://github.com/openziti/zrok.git synced 2025-06-20 01:37:52 +02:00
Code Issues Packages Projects Releases Wiki Activity

controller no longer needs an identity; identity management organization (#369)

Browse Source
This commit is contained in:
Michael Quigley 2023-07-14 09:42:06 -04:00
parent 04b0b64ebf
commit 1c8ab67bf1
No known key found for this signature in database
GPG Key ID: 9B60314A9DD20A62
3 changed files with 17 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/zrok/adminBootstrap.go
View File

@ -14,7 +14,6 @@ func init() {
type adminBootstrap struct { type adminBootstrap struct {
cmd *cobra.Command cmd *cobra.Command
skipCtrl bool
skipFrontend bool skipFrontend bool
} }
@ -26,7 +25,6 @@ func newAdminBootstrap() *adminBootstrap {
} }
command := &adminBootstrap{cmd: cmd} command := &adminBootstrap{cmd: cmd}
cmd.Run = command.run cmd.Run = command.run
cmd.Flags().BoolVar(&command.skipCtrl, "skip-ctrl", false, "Skip controller (ctrl) identity bootstrapping")
cmd.Flags().BoolVar(&command.skipFrontend, "skip-frontend", false, "Skip frontend identity bootstrapping") cmd.Flags().BoolVar(&command.skipFrontend, "skip-frontend", false, "Skip frontend identity bootstrapping")
return command return command
} }
@ -38,7 +36,7 @@ func (cmd *adminBootstrap) run(_ *cobra.Command, args []string) {
panic(err) panic(err)
} }
logrus.Infof(cf.Dump(inCfg, cf.DefaultOptions())) logrus.Infof(cf.Dump(inCfg, cf.DefaultOptions()))
if err := controller.Bootstrap(cmd.skipCtrl, cmd.skipFrontend, inCfg); err != nil { if err := controller.Bootstrap(cmd.skipFrontend, inCfg); err != nil {
panic(err) panic(err)
} }
logrus.Info("bootstrap complete!") logrus.Info("bootstrap complete!")

36
controller/bootstrap.go
View File

@ -6,12 +6,12 @@ import (
"encoding/json" "encoding/json"
"fmt" "fmt"
"github.com/openziti/edge-api/rest_management_api_client" "github.com/openziti/edge-api/rest_management_api_client"
"github.com/openziti/edge-api/rest_management_api_client/config" restMgmtEdgeConfig "github.com/openziti/edge-api/rest_management_api_client/config"
"github.com/openziti/edge-api/rest_management_api_client/edge_router_policy" "github.com/openziti/edge-api/rest_management_api_client/edge_router_policy"
"github.com/openziti/edge-api/rest_management_api_client/identity" "github.com/openziti/edge-api/rest_management_api_client/identity"
rest_model_edge "github.com/openziti/edge-api/rest_model" restModelEdge "github.com/openziti/edge-api/rest_model"
"github.com/openziti/sdk-golang/ziti" "github.com/openziti/sdk-golang/ziti"
zrok_config "github.com/openziti/zrok/controller/config" "github.com/openziti/zrok/controller/config"
"github.com/openziti/zrok/controller/store" "github.com/openziti/zrok/controller/store"
"github.com/openziti/zrok/controller/zrokEdgeSdk" "github.com/openziti/zrok/controller/zrokEdgeSdk"
"github.com/openziti/zrok/environment" "github.com/openziti/zrok/environment"
@ -21,7 +21,7 @@ import (
"time" "time"
) )
func Bootstrap(skipCtrl, skipFrontend bool, inCfg *zrok_config.Config) error { func Bootstrap(skipFrontend bool, inCfg *config.Config) error {
cfg = inCfg cfg = inCfg
if v, err := store.Open(cfg.Store); err == nil { if v, err := store.Open(cfg.Store); err == nil {
@ -36,26 +36,6 @@ func Bootstrap(skipCtrl, skipFrontend bool, inCfg *zrok_config.Config) error {
return errors.Wrap(err, "error connecting to the ziti edge management api") return errors.Wrap(err, "error connecting to the ziti edge management api")
} }
var ctrlZId string
if !skipCtrl {
logrus.Info("creating identity for controller ziti access")
if ctrlZId, err = getIdentityId("ctrl"); err == nil {
logrus.Infof("controller identity: %v", ctrlZId)
} else {
ctrlZId, err = bootstrapIdentity("ctrl", edge)
if err != nil {
panic(err)
}
}
if err := assertIdentity(ctrlZId, edge); err != nil {
panic(err)
}
if err := assertErpForIdentity("ctrl", ctrlZId, edge); err != nil {
panic(err)
}
}
var frontendZId string var frontendZId string
if !skipFrontend { if !skipFrontend {
logrus.Info("creating identity for frontend ziti access") logrus.Info("creating identity for frontend ziti access")
@ -103,7 +83,7 @@ func assertZrokProxyConfigType(edge *rest_management_api_client.ZitiEdgeManageme
filter := fmt.Sprintf("name=\"%v\"", model.ZrokProxyConfig) filter := fmt.Sprintf("name=\"%v\"", model.ZrokProxyConfig)
limit := int64(100) limit := int64(100)
offset := int64(0) offset := int64(0)
listReq := &config.ListConfigTypesParams{ listReq := &restMgmtEdgeConfig.ListConfigTypesParams{
Filter: &filter, Filter: &filter,
Limit: &limit, Limit: &limit,
Offset: &offset, Offset: &offset,
@ -116,8 +96,8 @@ func assertZrokProxyConfigType(edge *rest_management_api_client.ZitiEdgeManageme
} }
if len(listResp.Payload.Data) < 1 { if len(listResp.Payload.Data) < 1 {
name := model.ZrokProxyConfig name := model.ZrokProxyConfig
ct := &rest_model_edge.ConfigTypeCreate{Name: &name} ct := &restModelEdge.ConfigTypeCreate{Name: &name}
createReq := &config.CreateConfigTypeParams{ConfigType: ct} createReq := &restMgmtEdgeConfig.CreateConfigTypeParams{ConfigType: ct}
createReq.SetTimeout(30 * time.Second) createReq.SetTimeout(30 * time.Second)
createResp, err := edge.Config.CreateConfigType(createReq, nil) createResp, err := edge.Config.CreateConfigType(createReq, nil)
if err != nil { if err != nil {
@ -186,7 +166,7 @@ func bootstrapIdentity(name string, edge *rest_management_api_client.ZitiEdgeMan
return "", errors.Wrap(err, "error loading environment root") return "", errors.Wrap(err, "error loading environment root")
} }
idc, err := zrokEdgeSdk.CreateIdentity(name, rest_model_edge.IdentityTypeDevice, nil, edge) idc, err := zrokEdgeSdk.CreateIdentity(name, restModelEdge.IdentityTypeDevice, nil, edge)
if err != nil { if err != nil {
return "", errors.Wrapf(err, "error creating '%v' identity", name) return "", errors.Wrapf(err, "error creating '%v' identity", name)
} }

10
environment/api.go
View File

@ -2,25 +2,31 @@ package environment
import ( import (
"github.com/openziti/zrok/environment/env_core" "github.com/openziti/zrok/environment/env_core"
"github.com/openziti/zrok/environment/env_v0_3"
"github.com/openziti/zrok/rest_client_zrok" "github.com/openziti/zrok/rest_client_zrok"
"github.com/pkg/errors" "github.com/pkg/errors"
) )
// Root is the primary interface encapsulating the on-disk environment data.
type Root interface { type Root interface {
Metadata() *env_core.Metadata Metadata() *env_core.Metadata
Obliterate() error
HasConfig() (bool, error) HasConfig() (bool, error)
Config() *env_core.Config Config() *env_core.Config
SetConfig(cfg *env_core.Config) error SetConfig(cfg *env_core.Config) error
Client() (*rest_client_zrok.Zrok, error) Client() (*rest_client_zrok.Zrok, error)
ApiEndpoint() (string, string) ApiEndpoint() (string, string)
IsEnabled() bool
Environment() *env_core.Environment Environment() *env_core.Environment
SetEnvironment(env *env_core.Environment) error SetEnvironment(env *env_core.Environment) error
DeleteEnvironment() error DeleteEnvironment() error
IsEnabled() bool
ZitiIdentityFile(name string) (string, error) ZitiIdentityFile(name string) (string, error)
SaveZitiIdentity(name, data string) error SaveZitiIdentity(name, data string) error
DeleteZitiIdentity(name string) error DeleteZitiIdentity(name string) error
Obliterate() error
} }
func LoadRoot() (Root, error) { func LoadRoot() (Root, error) {