extern/zrok
1
1
Fork 0
mirror of https://github.com/openziti/zrok.git synced 2025-06-24 19:51:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

configurable edge client (#31)

Browse Source
This commit is contained in:
Michael Quigley 2022-08-12 11:03:15 -04:00
parent 1ef84865f0
commit 1f36af7cf5
No known key found for this signature in database
GPG Key ID: 9B60314A9DD20A62
7 changed files with 60 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
controller/config.go
View File

@ -4,12 +4,14 @@ import (
"github.com/michaelquigley/cf" "github.com/michaelquigley/cf"
"github.com/openziti-test-kitchen/zrok/controller/store" "github.com/openziti-test-kitchen/zrok/controller/store"
"github.com/pkg/errors" "github.com/pkg/errors"
"github.com/sirupsen/logrus"
) )
type Config struct { type Config struct {
Endpoint *EndpointConfig Endpoint *EndpointConfig
Proxy *ProxyConfig Proxy *ProxyConfig
Store *store.Config Store *store.Config
Ziti *ZitiConfig
} }
type EndpointConfig struct { type EndpointConfig struct {
@ -22,10 +24,17 @@ type ProxyConfig struct {
Identities []string Identities []string
} }
type ZitiConfig struct {
ApiEndpoint string
Username string
Password string
}
func LoadConfig(path string) (*Config, error) { func LoadConfig(path string) (*Config, error) {
cfg := &Config{} cfg := &Config{}
if err := cf.BindYaml(cfg, path, cf.DefaultOptions()); err != nil { if err := cf.BindYaml(cfg, path, cf.DefaultOptions()); err != nil {
return nil, errors.Wrapf(err, "error loading controller config '%v'", path) return nil, errors.Wrapf(err, "error loading controller config '%v'", path)
} }
logrus.Info(cf.Dump(cfg, cf.DefaultOptions()))
return cfg, nil return cfg, nil
} }

5
controller/controller.go
View File

@ -8,7 +8,6 @@ import (
"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations" "github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations"
"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/identity" "github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/identity"
"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/metadata" "github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/metadata"
"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/tunnel"
"github.com/pkg/errors" "github.com/pkg/errors"
) )
@ -23,12 +22,12 @@ func Run(cfg *Config) error {
api := operations.NewZrokAPI(swaggerSpec) api := operations.NewZrokAPI(swaggerSpec)
api.KeyAuth = ZrokAuthenticate api.KeyAuth = ZrokAuthenticate
api.IdentityCreateAccountHandler = identity.CreateAccountHandlerFunc(createAccountHandler) api.IdentityCreateAccountHandler = identity.CreateAccountHandlerFunc(createAccountHandler)
api.IdentityEnableHandler = identity.EnableHandlerFunc(enableHandler) api.IdentityEnableHandler = newEnableHandler(cfg)
api.IdentityLoginHandler = identity.LoginHandlerFunc(loginHandler) api.IdentityLoginHandler = identity.LoginHandlerFunc(loginHandler)
api.MetadataOverviewHandler = metadata.OverviewHandlerFunc(overviewHandler) api.MetadataOverviewHandler = metadata.OverviewHandlerFunc(overviewHandler)
api.MetadataVersionHandler = metadata.VersionHandlerFunc(versionHandler) api.MetadataVersionHandler = metadata.VersionHandlerFunc(versionHandler)
api.TunnelTunnelHandler = newTunnelHandler(cfg) api.TunnelTunnelHandler = newTunnelHandler(cfg)
api.TunnelUntunnelHandler = tunnel.UntunnelHandlerFunc(untunnelHandler) api.TunnelUntunnelHandler = newUntunnelHandler(cfg)
if v, err := store.Open(cfg.Store); err == nil { if v, err := store.Open(cfg.Store); err == nil {
str = v str = v

20
controller/enable.go
View File

@ -19,7 +19,15 @@ import (
"time" "time"
) )
func enableHandler(params identity.EnableParams, principal *rest_model_zrok.Principal) middleware.Responder { type enableHandler struct {
cfg *Config
}
func newEnableHandler(cfg *Config) *enableHandler {
return &enableHandler{cfg: cfg}
}
func (self *enableHandler) Handle(params identity.EnableParams, principal *rest_model_zrok.Principal) middleware.Responder {
// start transaction early; if it fails, don't bother creating ziti resources // start transaction early; if it fails, don't bother creating ziti resources
tx, err := str.Begin() tx, err := str.Begin()
if err != nil { if err != nil {
@ -27,17 +35,17 @@ func enableHandler(params identity.EnableParams, principal *rest_model_zrok.Prin
return identity.NewCreateAccountInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error())) return identity.NewCreateAccountInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
} }
client, err := edgeClient() client, err := edgeClient(self.cfg.Ziti)
if err != nil { if err != nil {
logrus.Errorf("error getting edge client: %v", err) logrus.Errorf("error getting edge client: %v", err)
return identity.NewEnableInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error())) return identity.NewEnableInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
} }
ident, err := createIdentity(principal.Username, client) ident, err := self.createIdentity(principal.Username, client)
if err != nil { if err != nil {
logrus.Error(err) logrus.Error(err)
return identity.NewEnableInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error())) return identity.NewEnableInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
} }
cfg, err := enrollIdentity(ident.Payload.Data.ID, client) cfg, err := self.enrollIdentity(ident.Payload.Data.ID, client)
if err != nil { if err != nil {
logrus.Error(err) logrus.Error(err)
return identity.NewEnableInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error())) return identity.NewEnableInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
@ -78,7 +86,7 @@ func enableHandler(params identity.EnableParams, principal *rest_model_zrok.Prin
return resp return resp
} }
func createIdentity(username string, client *rest_management_api_client.ZitiEdgeManagement) (*identity_edge.CreateIdentityCreated, error) { func (_ *enableHandler) createIdentity(username string, client *rest_management_api_client.ZitiEdgeManagement) (*identity_edge.CreateIdentityCreated, error) {
iIsAdmin := false iIsAdmin := false
iId, err := randomId() iId, err := randomId()
if err != nil { if err != nil {
@ -104,7 +112,7 @@ func createIdentity(username string, client *rest_management_api_client.ZitiEdge
return resp, nil return resp, nil
} }
func enrollIdentity(id string, client *rest_management_api_client.ZitiEdgeManagement) (*sdk_config.Config, error) { func (_ *enableHandler) enrollIdentity(id string, client *rest_management_api_client.ZitiEdgeManagement) (*sdk_config.Config, error) {
p := &identity_edge.DetailIdentityParams{ p := &identity_edge.DetailIdentityParams{
Context: context.Background(), Context: context.Background(),
ID: id, ID: id,

2
controller/tunnel.go
View File

@ -55,7 +55,7 @@ func (self *tunnelHandler) Handle(params tunnel.TunnelParams, principal *rest_mo
return tunnel.NewTunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error())) return tunnel.NewTunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
} }
edge, err := edgeClient() edge, err := edgeClient(self.cfg.Ziti)
if err != nil { if err != nil {
logrus.Error(err) logrus.Error(err)
return tunnel.NewTunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error())) return tunnel.NewTunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))

42
controller/untunnel.go
View File

@ -17,7 +17,15 @@ import (
"time" "time"
) )
func untunnelHandler(params tunnel.UntunnelParams, principal *rest_model_zrok.Principal) middleware.Responder { type untunnelHandler struct {
cfg *Config
}
func newUntunnelHandler(cfg *Config) *untunnelHandler {
return &untunnelHandler{cfg: cfg}
}
func (self *untunnelHandler) Handle(params tunnel.UntunnelParams, principal *rest_model_zrok.Principal) middleware.Responder {
logrus.Infof("untunneling for '%v' (%v)", principal.Username, principal.Token) logrus.Infof("untunneling for '%v' (%v)", principal.Username, principal.Token)
tx, err := str.Begin() tx, err := str.Begin()
@ -27,13 +35,13 @@ func untunnelHandler(params tunnel.UntunnelParams, principal *rest_model_zrok.Pr
} }
defer func() { _ = tx.Rollback() }() defer func() { _ = tx.Rollback() }()
edge, err := edgeClient() edge, err := edgeClient(self.cfg.Ziti)
if err != nil { if err != nil {
logrus.Error(err) logrus.Error(err)
return tunnel.NewUntunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error())) return tunnel.NewUntunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
} }
svcName := params.Body.Service svcName := params.Body.Service
svcId, err := findServiceId(svcName, edge) svcId, err := self.findServiceId(svcName, edge)
if err != nil { if err != nil {
logrus.Error(err) logrus.Error(err)
return tunnel.NewUntunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error())) return tunnel.NewUntunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
@ -74,23 +82,23 @@ func untunnelHandler(params tunnel.UntunnelParams, principal *rest_model_zrok.Pr
return tunnel.NewUntunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error())) return tunnel.NewUntunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
} }
if err := deleteEdgeRouterPolicy(svcName, edge); err != nil { if err := self.deleteEdgeRouterPolicy(svcName, edge); err != nil {
logrus.Error(err) logrus.Error(err)
return tunnel.NewUntunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error())) return tunnel.NewUntunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
} }
if err := deleteServiceEdgeRouterPolicy(svcName, edge); err != nil { if err := self.deleteServiceEdgeRouterPolicy(svcName, edge); err != nil {
logrus.Error(err) logrus.Error(err)
return tunnel.NewUntunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error())) return tunnel.NewUntunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
} }
if err := deleteServicePolicyDial(svcName, edge); err != nil { if err := self.deleteServicePolicyDial(svcName, edge); err != nil {
logrus.Error(err) logrus.Error(err)
return tunnel.NewUntunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error())) return tunnel.NewUntunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
} }
if err := deleteServicePolicyBind(svcName, edge); err != nil { if err := self.deleteServicePolicyBind(svcName, edge); err != nil {
logrus.Error(err) logrus.Error(err)
return tunnel.NewUntunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error())) return tunnel.NewUntunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
} }
if err := deleteService(svcId, edge); err != nil { if err := self.deleteService(svcId, edge); err != nil {
logrus.Error(err) logrus.Error(err)
return tunnel.NewUntunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error())) return tunnel.NewUntunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
} }
@ -110,7 +118,7 @@ func untunnelHandler(params tunnel.UntunnelParams, principal *rest_model_zrok.Pr
return tunnel.NewUntunnelOK() return tunnel.NewUntunnelOK()
} }
func findServiceId(svcName string, edge *rest_management_api_client.ZitiEdgeManagement) (string, error) { func (_ *untunnelHandler) findServiceId(svcName string, edge *rest_management_api_client.ZitiEdgeManagement) (string, error) {
filter := fmt.Sprintf("name=\"%v\"", svcName) filter := fmt.Sprintf("name=\"%v\"", svcName)
limit := int64(1) limit := int64(1)
offset := int64(0) offset := int64(0)
@ -131,7 +139,7 @@ func findServiceId(svcName string, edge *rest_management_api_client.ZitiEdgeMana
return "", errors.Errorf("service '%v' not found", svcName) return "", errors.Errorf("service '%v' not found", svcName)
} }
func deleteEdgeRouterPolicy(svcName string, edge *rest_management_api_client.ZitiEdgeManagement) error { func (_ *untunnelHandler) deleteEdgeRouterPolicy(svcName string, edge *rest_management_api_client.ZitiEdgeManagement) error {
filter := fmt.Sprintf("name=\"%v\"", svcName) filter := fmt.Sprintf("name=\"%v\"", svcName)
limit := int64(1) limit := int64(1)
offset := int64(0) offset := int64(0)
@ -164,7 +172,7 @@ func deleteEdgeRouterPolicy(svcName string, edge *rest_management_api_client.Zit
return nil return nil
} }
func deleteServiceEdgeRouterPolicy(svcName string, edge *rest_management_api_client.ZitiEdgeManagement) error { func (_ *untunnelHandler) deleteServiceEdgeRouterPolicy(svcName string, edge *rest_management_api_client.ZitiEdgeManagement) error {
filter := fmt.Sprintf("name=\"%v\"", svcName) filter := fmt.Sprintf("name=\"%v\"", svcName)
limit := int64(1) limit := int64(1)
offset := int64(0) offset := int64(0)
@ -197,15 +205,15 @@ func deleteServiceEdgeRouterPolicy(svcName string, edge *rest_management_api_cli
return nil return nil
} }
func deleteServicePolicyBind(svcName string, edge *rest_management_api_client.ZitiEdgeManagement) error { func (self *untunnelHandler) deleteServicePolicyBind(svcName string, edge *rest_management_api_client.ZitiEdgeManagement) error {
return deleteServicePolicy(fmt.Sprintf("name=\"%v-bind\"", svcName), edge) return self.deleteServicePolicy(fmt.Sprintf("name=\"%v-bind\"", svcName), edge)
} }
func deleteServicePolicyDial(svcName string, edge *rest_management_api_client.ZitiEdgeManagement) error { func (self *untunnelHandler) deleteServicePolicyDial(svcName string, edge *rest_management_api_client.ZitiEdgeManagement) error {
return deleteServicePolicy(fmt.Sprintf("name=\"%v-dial\"", svcName), edge) return self.deleteServicePolicy(fmt.Sprintf("name=\"%v-dial\"", svcName), edge)
} }
func deleteServicePolicy(filter string, edge *rest_management_api_client.ZitiEdgeManagement) error { func (_ *untunnelHandler) deleteServicePolicy(filter string, edge *rest_management_api_client.ZitiEdgeManagement) error {
limit := int64(1) limit := int64(1)
offset := int64(0) offset := int64(0)
listReq := &service_policy.ListServicePoliciesParams{ listReq := &service_policy.ListServicePoliciesParams{
@ -237,7 +245,7 @@ func deleteServicePolicy(filter string, edge *rest_management_api_client.ZitiEdg
return nil return nil
} }
func deleteService(svcId string, edge *rest_management_api_client.ZitiEdgeManagement) error { func (_ *untunnelHandler) deleteService(svcId string, edge *rest_management_api_client.ZitiEdgeManagement) error {
req := &service.DeleteServiceParams{ req := &service.DeleteServiceParams{
ID: svcId, ID: svcId,
Context: context.Background(), Context: context.Background(),

7
controller/util.go
View File

@ -29,9 +29,8 @@ func ZrokAuthenticate(token string) (*rest_model_zrok.Principal, error) {
} }
} }
func edgeClient() (*rest_management_api_client.ZitiEdgeManagement, error) { func edgeClient(cfg *ZitiConfig) (*rest_management_api_client.ZitiEdgeManagement, error) {
ctrlAddress := "https://linux:1280" caCerts, err := rest_util.GetControllerWellKnownCas(cfg.ApiEndpoint)
caCerts, err := rest_util.GetControllerWellKnownCas(ctrlAddress)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -39,7 +38,7 @@ func edgeClient() (*rest_management_api_client.ZitiEdgeManagement, error) {
for _, ca := range caCerts { for _, ca := range caCerts {
caPool.AddCert(ca) caPool.AddCert(ca)
} }
return rest_util.NewEdgeManagementClientWithUpdb("admin", "admin", ctrlAddress, caPool) return rest_util.NewEdgeManagementClientWithUpdb(cfg.Username, cfg.Password, cfg.ApiEndpoint, caPool)
} }
func generateApiToken() (string, error) { func generateApiToken() (string, error) {

7
etc/ctrl.yml
View File

@ -15,4 +15,9 @@ proxy:
- "-zbBF8eVb-" - "-zbBF8eVb-"
store: store:
path: zrok.db path: zrok.db
ziti:
api_endpoint: "https://127.0.0.1:1280"
username: admin
password: admin