extern/zrok
1
1
Fork 0
mirror of https://github.com/openziti/zrok.git synced 2025-02-22 13:11:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

configurable edge client (#31)

Browse Source
This commit is contained in:
Michael Quigley 2022-08-12 11:03:15 -04:00
parent 1ef84865f0
commit 1f36af7cf5
No known key found for this signature in database
GPG Key ID: 9B60314A9DD20A62
7 changed files with 60 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
controller/config.go
View File

@ -4,12 +4,14 @@ import (
"github.com/michaelquigley/cf"
"github.com/openziti-test-kitchen/zrok/controller/store"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
)
type Config struct {
Endpoint *EndpointConfig
Proxy *ProxyConfig
Store *store.Config
Ziti *ZitiConfig
}
type EndpointConfig struct {
@ -22,10 +24,17 @@ type ProxyConfig struct {
Identities []string
}
type ZitiConfig struct {
ApiEndpoint string
Username string
Password string
}
func LoadConfig(path string) (*Config, error) {
cfg := &Config{}
if err := cf.BindYaml(cfg, path, cf.DefaultOptions()); err != nil {
return nil, errors.Wrapf(err, "error loading controller config '%v'", path)
}
logrus.Info(cf.Dump(cfg, cf.DefaultOptions()))
return cfg, nil
}

5
controller/controller.go
View File

@ -8,7 +8,6 @@ import (
"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations"
"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/identity"
"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/metadata"
"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/tunnel"
"github.com/pkg/errors"
)
@ -23,12 +22,12 @@ func Run(cfg *Config) error {
api := operations.NewZrokAPI(swaggerSpec)
api.KeyAuth = ZrokAuthenticate
api.IdentityCreateAccountHandler = identity.CreateAccountHandlerFunc(createAccountHandler)
api.IdentityEnableHandler = identity.EnableHandlerFunc(enableHandler)
api.IdentityEnableHandler = newEnableHandler(cfg)
api.IdentityLoginHandler = identity.LoginHandlerFunc(loginHandler)
api.MetadataOverviewHandler = metadata.OverviewHandlerFunc(overviewHandler)
api.MetadataVersionHandler = metadata.VersionHandlerFunc(versionHandler)
api.TunnelTunnelHandler = newTunnelHandler(cfg)
api.TunnelUntunnelHandler = tunnel.UntunnelHandlerFunc(untunnelHandler)
api.TunnelUntunnelHandler = newUntunnelHandler(cfg)
if v, err := store.Open(cfg.Store); err == nil {
str = v

20
controller/enable.go
View File

@ -19,7 +19,15 @@ import (
"time"
)
func enableHandler(params identity.EnableParams, principal *rest_model_zrok.Principal) middleware.Responder {
type enableHandler struct {
cfg *Config
}
func newEnableHandler(cfg *Config) *enableHandler {
return &enableHandler{cfg: cfg}
}
func (self *enableHandler) Handle(params identity.EnableParams, principal *rest_model_zrok.Principal) middleware.Responder {
// start transaction early; if it fails, don't bother creating ziti resources
tx, err := str.Begin()
if err != nil {
@ -27,17 +35,17 @@ func enableHandler(params identity.EnableParams, principal *rest_model_zrok.Prin
return identity.NewCreateAccountInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
}
client, err := edgeClient()
client, err := edgeClient(self.cfg.Ziti)
if err != nil {
logrus.Errorf("error getting edge client: %v", err)
return identity.NewEnableInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
}
ident, err := createIdentity(principal.Username, client)
ident, err := self.createIdentity(principal.Username, client)
if err != nil {
logrus.Error(err)
return identity.NewEnableInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
}
cfg, err := enrollIdentity(ident.Payload.Data.ID, client)
cfg, err := self.enrollIdentity(ident.Payload.Data.ID, client)
if err != nil {
logrus.Error(err)
return identity.NewEnableInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
@ -78,7 +86,7 @@ func enableHandler(params identity.EnableParams, principal *rest_model_zrok.Prin
return resp
}
func createIdentity(username string, client *rest_management_api_client.ZitiEdgeManagement) (*identity_edge.CreateIdentityCreated, error) {
func (_ *enableHandler) createIdentity(username string, client *rest_management_api_client.ZitiEdgeManagement) (*identity_edge.CreateIdentityCreated, error) {
iIsAdmin := false
iId, err := randomId()
if err != nil {
@ -104,7 +112,7 @@ func createIdentity(username string, client *rest_management_api_client.ZitiEdge
return resp, nil
}
func enrollIdentity(id string, client *rest_management_api_client.ZitiEdgeManagement) (*sdk_config.Config, error) {
func (_ *enableHandler) enrollIdentity(id string, client *rest_management_api_client.ZitiEdgeManagement) (*sdk_config.Config, error) {
p := &identity_edge.DetailIdentityParams{
Context: context.Background(),
ID: id,

2
controller/tunnel.go
View File

@ -55,7 +55,7 @@ func (self *tunnelHandler) Handle(params tunnel.TunnelParams, principal *rest_mo
return tunnel.NewTunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
}
edge, err := edgeClient()
edge, err := edgeClient(self.cfg.Ziti)
if err != nil {
logrus.Error(err)
return tunnel.NewTunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))

42
controller/untunnel.go
View File

@ -17,7 +17,15 @@ import (
"time"
)
func untunnelHandler(params tunnel.UntunnelParams, principal *rest_model_zrok.Principal) middleware.Responder {
type untunnelHandler struct {
cfg *Config
}
func newUntunnelHandler(cfg *Config) *untunnelHandler {
return &untunnelHandler{cfg: cfg}
}
func (self *untunnelHandler) Handle(params tunnel.UntunnelParams, principal *rest_model_zrok.Principal) middleware.Responder {
logrus.Infof("untunneling for '%v' (%v)", principal.Username, principal.Token)
tx, err := str.Begin()
@ -27,13 +35,13 @@ func untunnelHandler(params tunnel.UntunnelParams, principal *rest_model_zrok.Pr
}
defer func() { _ = tx.Rollback() }()
edge, err := edgeClient()
edge, err := edgeClient(self.cfg.Ziti)
if err != nil {
logrus.Error(err)
return tunnel.NewUntunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
}
svcName := params.Body.Service
svcId, err := findServiceId(svcName, edge)
svcId, err := self.findServiceId(svcName, edge)
if err != nil {
logrus.Error(err)
return tunnel.NewUntunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
@ -74,23 +82,23 @@ func untunnelHandler(params tunnel.UntunnelParams, principal *rest_model_zrok.Pr
return tunnel.NewUntunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
}
if err := deleteEdgeRouterPolicy(svcName, edge); err != nil {
if err := self.deleteEdgeRouterPolicy(svcName, edge); err != nil {
logrus.Error(err)
return tunnel.NewUntunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
}
if err := deleteServiceEdgeRouterPolicy(svcName, edge); err != nil {
if err := self.deleteServiceEdgeRouterPolicy(svcName, edge); err != nil {
logrus.Error(err)
return tunnel.NewUntunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
}
if err := deleteServicePolicyDial(svcName, edge); err != nil {
if err := self.deleteServicePolicyDial(svcName, edge); err != nil {
logrus.Error(err)
return tunnel.NewUntunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
}
if err := deleteServicePolicyBind(svcName, edge); err != nil {
if err := self.deleteServicePolicyBind(svcName, edge); err != nil {
logrus.Error(err)
return tunnel.NewUntunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
}
if err := deleteService(svcId, edge); err != nil {
if err := self.deleteService(svcId, edge); err != nil {
logrus.Error(err)
return tunnel.NewUntunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
}
@ -110,7 +118,7 @@ func untunnelHandler(params tunnel.UntunnelParams, principal *rest_model_zrok.Pr
return tunnel.NewUntunnelOK()
}
func findServiceId(svcName string, edge *rest_management_api_client.ZitiEdgeManagement) (string, error) {
func (_ *untunnelHandler) findServiceId(svcName string, edge *rest_management_api_client.ZitiEdgeManagement) (string, error) {
filter := fmt.Sprintf("name=\"%v\"", svcName)
limit := int64(1)
offset := int64(0)
@ -131,7 +139,7 @@ func findServiceId(svcName string, edge *rest_management_api_client.ZitiEdgeMana
return "", errors.Errorf("service '%v' not found", svcName)
}
func deleteEdgeRouterPolicy(svcName string, edge *rest_management_api_client.ZitiEdgeManagement) error {
func (_ *untunnelHandler) deleteEdgeRouterPolicy(svcName string, edge *rest_management_api_client.ZitiEdgeManagement) error {
filter := fmt.Sprintf("name=\"%v\"", svcName)
limit := int64(1)
offset := int64(0)
@ -164,7 +172,7 @@ func deleteEdgeRouterPolicy(svcName string, edge *rest_management_api_client.Zit
return nil
}
func deleteServiceEdgeRouterPolicy(svcName string, edge *rest_management_api_client.ZitiEdgeManagement) error {
func (_ *untunnelHandler) deleteServiceEdgeRouterPolicy(svcName string, edge *rest_management_api_client.ZitiEdgeManagement) error {
filter := fmt.Sprintf("name=\"%v\"", svcName)
limit := int64(1)
offset := int64(0)
@ -197,15 +205,15 @@ func deleteServiceEdgeRouterPolicy(svcName string, edge *rest_management_api_cli
return nil
}
func deleteServicePolicyBind(svcName string, edge *rest_management_api_client.ZitiEdgeManagement) error {
return deleteServicePolicy(fmt.Sprintf("name=\"%v-bind\"", svcName), edge)
func (self *untunnelHandler) deleteServicePolicyBind(svcName string, edge *rest_management_api_client.ZitiEdgeManagement) error {
return self.deleteServicePolicy(fmt.Sprintf("name=\"%v-bind\"", svcName), edge)
}
func deleteServicePolicyDial(svcName string, edge *rest_management_api_client.ZitiEdgeManagement) error {
return deleteServicePolicy(fmt.Sprintf("name=\"%v-dial\"", svcName), edge)
func (self *untunnelHandler) deleteServicePolicyDial(svcName string, edge *rest_management_api_client.ZitiEdgeManagement) error {
return self.deleteServicePolicy(fmt.Sprintf("name=\"%v-dial\"", svcName), edge)
}
func deleteServicePolicy(filter string, edge *rest_management_api_client.ZitiEdgeManagement) error {
func (_ *untunnelHandler) deleteServicePolicy(filter string, edge *rest_management_api_client.ZitiEdgeManagement) error {
limit := int64(1)
offset := int64(0)
listReq := &service_policy.ListServicePoliciesParams{
@ -237,7 +245,7 @@ func deleteServicePolicy(filter string, edge *rest_management_api_client.ZitiEdg
return nil
}
func deleteService(svcId string, edge *rest_management_api_client.ZitiEdgeManagement) error {
func (_ *untunnelHandler) deleteService(svcId string, edge *rest_management_api_client.ZitiEdgeManagement) error {
req := &service.DeleteServiceParams{
ID: svcId,
Context: context.Background(),

7
controller/util.go
View File

@ -29,9 +29,8 @@ func ZrokAuthenticate(token string) (*rest_model_zrok.Principal, error) {
}
}
func edgeClient() (*rest_management_api_client.ZitiEdgeManagement, error) {
ctrlAddress := "https://linux:1280"
caCerts, err := rest_util.GetControllerWellKnownCas(ctrlAddress)
func edgeClient(cfg *ZitiConfig) (*rest_management_api_client.ZitiEdgeManagement, error) {
caCerts, err := rest_util.GetControllerWellKnownCas(cfg.ApiEndpoint)
if err != nil {
return nil, err
}
@ -39,7 +38,7 @@ func edgeClient() (*rest_management_api_client.ZitiEdgeManagement, error) {
for _, ca := range caCerts {
caPool.AddCert(ca)
}
return rest_util.NewEdgeManagementClientWithUpdb("admin", "admin", ctrlAddress, caPool)
return rest_util.NewEdgeManagementClientWithUpdb(cfg.Username, cfg.Password, cfg.ApiEndpoint, caPool)
}
func generateApiToken() (string, error) {

7
etc/ctrl.yml
View File

@ -15,4 +15,9 @@ proxy:
- "-zbBF8eVb-"
store:
path: zrok.db
path: zrok.db
ziti:
api_endpoint: "https://127.0.0.1:1280"
username: admin
password: admin