extern/zrok
1
1
Fork 0
mirror of https://github.com/openziti/zrok.git synced 2025-06-24 11:41:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

roughed in /agent/enroll (#967)

Browse Source
This commit is contained in:
Michael Quigley 2025-05-30 15:06:01 -04:00
parent ca88575782
commit 2a0a1cf4d9
No known key found for this signature in database
GPG Key ID: 9B60314A9DD20A62
6 changed files with 92 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
controller/agentController/config.go
View File

@ -1,5 +1,6 @@
package agentController package agentController
type Config struct { type Config struct {
ZId string
IdentityPath string IdentityPath string
} }

77
controller/agentEnroll.go Normal file
View File

@ -0,0 +1,77 @@
package controller
import (
"github.com/go-openapi/runtime/middleware"
"github.com/openziti/zrok/controller/zrokEdgeSdk"
"github.com/openziti/zrok/rest_model_zrok"
"github.com/openziti/zrok/rest_server_zrok/operations/agent"
"github.com/sirupsen/logrus"
)
type agentEnrollHandler struct{}
func newAgentEnrollHandler() *agentEnrollHandler {
return &agentEnrollHandler{}
}
func (h *agentEnrollHandler) Handle(params agent.EnrollParams, principal *rest_model_zrok.Principal) middleware.Responder {
// start transaction early, if it fails, don't bother creating ziti resources
trx, err := str.Begin()
if err != nil {
logrus.Errorf("error starting transaction for '%v': %v", principal.Email, err)
return agent.NewEnrollInternalServerError()
}
defer trx.Rollback()
env, err := str.FindEnvironmentForAccount(params.Body.EnvZID, int(principal.ID), trx)
if err != nil {
logrus.Errorf("error finding environment '%v' for '%v': %v", params.Body.EnvZID, principal.Email, err)
return agent.NewEnrollUnauthorized()
}
if _, err := str.FindAgentEnrollmentForEnvironment(env.Id, trx); err == nil {
logrus.Errorf("environment '%v' (%v) is already enrolled!", params.Body.EnvZID, principal.Email)
return agent.NewEnrollBadRequest()
}
client, err := zrokEdgeSdk.Client(cfg.Ziti)
if err != nil {
logrus.Errorf("error getting ziti client for '%v': %v", principal.Email, err)
return agent.NewEnrollInternalServerError()
}
token, err := CreateToken()
if err != nil {
logrus.Errorf("error creating agent enrollment token for '%v': %v", principal.Email, err)
return agent.NewEnrollInternalServerError()
}
logrus.Infof("enrollment token: %v", token)
zId, err := zrokEdgeSdk.CreateService(token, nil, map[string]interface{}{"zrokEnvZId": env.ZId}, client)
if err != nil {
logrus.Errorf("error creating agent remoting service for '%v' (%v): %v", env.ZId, principal.Email, err)
return agent.NewEnrollInternalServerError()
}
if err := zrokEdgeSdk.CreateServicePolicyBind(env.ZId+"-"+token+"-bind", zId, env.ZId, zrokEdgeSdk.ZrokAgentRemoteTags(token, env.ZId).SubTags, client); err != nil {
logrus.Errorf("error creating agent remoting bind policy for '%v' (%v): %v", env.ZId, principal.Email, err.Error())
return agent.NewEnrollInternalServerError()
}
if err := zrokEdgeSdk.CreateServicePolicyDial(env.ZId+"-"+token+"-dial", zId, []string{cfg.AgentController.ZId}, zrokEdgeSdk.ZrokAgentRemoteTags(token, env.ZId).SubTags, client); err != nil {
logrus.Errorf("error creating agent remoting dial policy for '%v' (%v): %v", env.ZId, principal.Email, err.Error())
return agent.NewEnrollInternalServerError()
}
if err := zrokEdgeSdk.CreateShareServiceEdgeRouterPolicy(env.ZId, token, zId, client); err != nil {
logrus.Errorf("error creating agent remoting serp for '%v' (%v): %v", env.ZId, principal.Email, err)
return agent.NewEnrollInternalServerError()
}
if err := trx.Commit(); err != nil {
logrus.Errorf("error committing agent enrollment record for '%v' (%v): %v", env.ZId, principal.Email, err)
return agent.NewEnrollInternalServerError()
}
return agent.NewEnrollOK().WithPayload(&agent.EnrollOKBody{Token: token})
}

11
controller/agentPing.go
View File

@ -5,22 +5,19 @@ import (
"github.com/go-openapi/runtime/middleware" "github.com/go-openapi/runtime/middleware"
"github.com/openziti/zrok/agent/agentGrpc" "github.com/openziti/zrok/agent/agentGrpc"
"github.com/openziti/zrok/controller/agentController" "github.com/openziti/zrok/controller/agentController"
"github.com/openziti/zrok/controller/config"
"github.com/openziti/zrok/rest_model_zrok" "github.com/openziti/zrok/rest_model_zrok"
"github.com/openziti/zrok/rest_server_zrok/operations/agent" "github.com/openziti/zrok/rest_server_zrok/operations/agent"
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
) )
type agentPingHandler struct { type agentPingHandler struct{}
cfg *config.Config
}
func newAgentPingHandler(cfg *config.Config) *agentPingHandler { func newAgentPingHandler() *agentPingHandler {
return &agentPingHandler{cfg: cfg} return &agentPingHandler{}
} }
func (h *agentPingHandler) Handle(params agent.PingParams, principal *rest_model_zrok.Principal) middleware.Responder { func (h *agentPingHandler) Handle(params agent.PingParams, principal *rest_model_zrok.Principal) middleware.Responder {
acli, aconn, err := agentController.NewAgentClient(params.Body.EnvZID, h.cfg.AgentController) acli, aconn, err := agentController.NewAgentClient(params.Body.EnvZID, cfg.AgentController)
if err != nil { if err != nil {
logrus.Errorf("error creating agent client for '%v' (%v): %v", params.Body.EnvZID, principal.Email, err) logrus.Errorf("error creating agent client for '%v' (%v): %v", params.Body.EnvZID, principal.Email, err)
return agent.NewPingInternalServerError() return agent.NewPingInternalServerError()

3
controller/controller.go
View File

@ -66,7 +66,8 @@ func Run(inCfg *config.Config) error {
api.AdminRemoveOrganizationMemberHandler = newRemoveOrganizationMemberHandler() api.AdminRemoveOrganizationMemberHandler = newRemoveOrganizationMemberHandler()
api.AdminUpdateFrontendHandler = newUpdateFrontendHandler() api.AdminUpdateFrontendHandler = newUpdateFrontendHandler()
if cfg.AgentController != nil { if cfg.AgentController != nil {
api.AgentPingHandler = newAgentPingHandler(cfg) api.AgentEnrollHandler = newAgentEnrollHandler()
api.AgentPingHandler = newAgentPingHandler()
} }
api.EnvironmentEnableHandler = newEnableHandler() api.EnvironmentEnableHandler = newEnableHandler()
api.EnvironmentDisableHandler = newDisableHandler() api.EnvironmentDisableHandler = newDisableHandler()

2
controller/zrokEdgeSdk/service.go
View File

@ -41,7 +41,7 @@ func CreateShareService(envZId, shrToken, cfgZId string, edge *rest_management_a
return shrZId, nil return shrZId, nil
} }
func CreateService(name string, cfgZIds []string, addlTags map[string]interface{}, edge *rest_management_api_client.ZitiEdgeManagement) (shrZId string, err error) { func CreateService(name string, cfgZIds []string, addlTags map[string]interface{}, edge *rest_management_api_client.ZitiEdgeManagement) (zId string, err error) {
encryptionRequired := true encryptionRequired := true
svc := &rest_model.ServiceCreate{ svc := &rest_model.ServiceCreate{
EncryptionRequired: &encryptionRequired, EncryptionRequired: &encryptionRequired,

7
controller/zrokEdgeSdk/tags.go
View File

@ -19,6 +19,13 @@ func ZrokShareTags(shrToken string) *rest_model.Tags {
return tags return tags
} }
func ZrokAgentRemoteTags(enrollmentToken, envZId string) *rest_model.Tags {
tags := ZrokTags()
tags.SubTags["zrokAgentRemote"] = enrollmentToken
tags.SubTags["zrokEnvZId"] = envZId
return tags
}
func MergeTags(tags *rest_model.Tags, addl map[string]interface{}) *rest_model.Tags { func MergeTags(tags *rest_model.Tags, addl map[string]interface{}) *rest_model.Tags {
for k, v := range addl { for k, v := range addl {
tags.SubTags[k] = v tags.SubTags[k] = v