diff --git a/cmd/zrok/enable.go b/cmd/zrok/enable.go index 9d84406c..6326c3ea 100644 --- a/cmd/zrok/enable.go +++ b/cmd/zrok/enable.go @@ -34,7 +34,7 @@ func enable(_ *cobra.Command, args []string) { if err := zrokdir.WriteToken(token); err != nil { panic(err) } - if err := zrokdir.WriteIdentity(resp.Payload.Identity); err != nil { + if err := zrokdir.WriteIdentity(resp.Payload.Cfg); err != nil { panic(err) } logrus.Infof("enabled, identity = '%v'", resp.Payload.Identity) diff --git a/controller/controller.go b/controller/controller.go index 932cb759..d4e471d0 100644 --- a/controller/controller.go +++ b/controller/controller.go @@ -9,6 +9,7 @@ import ( "github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations" "github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/identity" "github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/metadata" + "github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/tunnel" "github.com/pkg/errors" ) @@ -30,6 +31,7 @@ func Run(cfg *Config) error { api.MetadataVersionHandler = metadata.VersionHandlerFunc(versionHandler) api.IdentityCreateAccountHandler = identity.CreateAccountHandlerFunc(createAccountHandler) api.IdentityEnableHandler = identity.EnableHandlerFunc(enableHandler) + api.TunnelTunnelHandler = tunnel.TunnelHandlerFunc(tunnelHandler) server := rest_server_zrok.NewServer(api) defer func() { _ = server.Shutdown() }() diff --git a/controller/enable.go b/controller/enable.go index e030bf5f..4709e3cf 100644 --- a/controller/enable.go +++ b/controller/enable.go @@ -3,7 +3,6 @@ package controller import ( "bytes" "context" - "crypto/x509" "encoding/json" "fmt" "github.com/go-openapi/runtime/middleware" @@ -13,10 +12,8 @@ import ( "github.com/openziti/edge/rest_management_api_client" identity_edge "github.com/openziti/edge/rest_management_api_client/identity" rest_model_edge "github.com/openziti/edge/rest_model" - "github.com/openziti/edge/rest_util" sdk_config "github.com/openziti/sdk-golang/ziti/config" "github.com/openziti/sdk-golang/ziti/enroll" - "github.com/pkg/errors" "github.com/sirupsen/logrus" "time" ) @@ -38,27 +35,20 @@ func enableHandler(params identity.EnableParams) middleware.Responder { } logrus.Infof("found account '%v'", a.Username) - ctrlAddress := "https://linux:1280" - caCerts, err := rest_util.GetControllerWellKnownCas(ctrlAddress) + client, err := edgeClient() if err != nil { - panic(errors.Wrap(err, "error getting cas")) - } - caPool := x509.NewCertPool() - for _, ca := range caCerts { - caPool.AddCert(ca) - } - client, err := rest_util.NewEdgeManagementClientWithUpdb("admin", "admin", ctrlAddress, caPool) - if err != nil { - panic(err) + logrus.Errorf("error getting edge client: %v", err) + return middleware.Error(500, err.Error()) } ident, err := createIdentity(a, client) if err != nil { logrus.Error(err) - panic(err) + return middleware.Error(500, err.Error()) } cfg, err := enrollIdentity(ident.Payload.Data.ID, client) if err != nil { - panic(err) + logrus.Error(err) + return middleware.Error(500, err.Error()) } resp := identity.NewEnableCreated().WithPayload(&rest_model_zrok.EnableResponse{ @@ -79,7 +69,7 @@ func enableHandler(params identity.EnableParams) middleware.Responder { func createIdentity(a *store.Account, client *rest_management_api_client.ZitiEdgeManagement) (*identity_edge.CreateIdentityCreated, error) { iIsAdmin := false - iId, err := generateIdentityId() + iId, err := randomId() if err != nil { return nil, err } diff --git a/controller/identity.go b/controller/identity.go index 91682fd1..3e7cfa33 100644 --- a/controller/identity.go +++ b/controller/identity.go @@ -14,8 +14,8 @@ func generateApiToken() (string, error) { return hex.EncodeToString(bytes), nil } -func generateIdentityId() (string, error) { - bytes := make([]byte, 16) +func randomId() (string, error) { + bytes := make([]byte, 8) if _, err := rand.Read(bytes); err != nil { return "", errors.Wrap(err, "error generating random identity id") } diff --git a/controller/tunnel.go b/controller/tunnel.go new file mode 100644 index 00000000..799dd0f2 --- /dev/null +++ b/controller/tunnel.go @@ -0,0 +1,51 @@ +package controller + +import ( + "context" + "github.com/go-openapi/runtime/middleware" + "github.com/openziti-test-kitchen/zrok/rest_model_zrok" + "github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/tunnel" + "github.com/openziti/edge/rest_management_api_client/service" + "github.com/openziti/edge/rest_model" + "github.com/sirupsen/logrus" + "time" +) + +func tunnelHandler(params tunnel.TunnelParams) middleware.Responder { + edge, err := edgeClient() + if err != nil { + logrus.Error(err) + return middleware.Error(500, err.Error()) + } + + serviceId, err := randomId() + if err != nil { + logrus.Error(err) + return middleware.Error(500, err.Error()) + } + logrus.Infof("using service '%v'", serviceId) + + svcConfigs := make([]string, 0) + svcEnc := true + svc := &rest_model.ServiceCreate{ + Configs: svcConfigs, + EncryptionRequired: &svcEnc, + Name: &serviceId, + } + svcParams := &service.CreateServiceParams{ + Service: svc, + Context: context.Background(), + } + svcParams.SetTimeout(30 * time.Second) + _, err = edge.Service.CreateService(svcParams, nil) + if err != nil { + logrus.Error(err) + return middleware.Error(500, err.Error()) + } + logrus.Infof("created service '%v'", serviceId) + + resp := tunnel.NewTunnelCreated().WithPayload(&rest_model_zrok.TunnelResponse{ + Service: serviceId, + }) + return resp +} diff --git a/controller/ziti.go b/controller/ziti.go new file mode 100644 index 00000000..1f7b4243 --- /dev/null +++ b/controller/ziti.go @@ -0,0 +1,20 @@ +package controller + +import ( + "crypto/x509" + "github.com/openziti/edge/rest_management_api_client" + "github.com/openziti/edge/rest_util" +) + +func edgeClient() (*rest_management_api_client.ZitiEdgeManagement, error) { + ctrlAddress := "https://linux:1280" + caCerts, err := rest_util.GetControllerWellKnownCas(ctrlAddress) + if err != nil { + return nil, err + } + caPool := x509.NewCertPool() + for _, ca := range caCerts { + caPool.AddCert(ca) + } + return rest_util.NewEdgeManagementClientWithUpdb("admin", "admin", ctrlAddress, caPool) +}