zrok reserve; zrok release (#41)

cmd/zrok/release.go

@@ -0,0 +1,63 @@
+package main
+
+import (
+	ui "github.com/gizak/termui/v3"
+	httptransport "github.com/go-openapi/runtime/client"
+	"github.com/openziti-test-kitchen/zrok/rest_client_zrok/service"
+	"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
+	"github.com/openziti-test-kitchen/zrok/zrokdir"
+	"github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+)
+
+func init() {
+	rootCmd.AddCommand(newReleaseCommand().cmd)
+}
+
+type releaseCommand struct {
+	cmd *cobra.Command
+}
+
+func newReleaseCommand() *releaseCommand {
+	cmd := &cobra.Command{
+		Use:   "release <serviceToken>",
+		Short: "Release a reserved service",
+		Args:  cobra.ExactArgs(1),
+	}
+	command := &releaseCommand{cmd: cmd}
+	cmd.Run = command.run
+	return command
+}
+
+func (cmd *releaseCommand) run(_ *cobra.Command, args []string) {
+	svcToken := args[0]
+	env, err := zrokdir.LoadEnvironment()
+	if err != nil {
+		ui.Close()
+		if !panicInstead {
+			showError("unable to load environment; did you 'zrok enable'?", err)
+		}
+		panic(err)
+	}
+
+	zrok, err := zrokdir.ZrokClient(env.ApiEndpoint)
+	if err != nil {
+		ui.Close()
+		if !panicInstead {
+			showError("unable to create zrok client", err)
+		}
+		panic(err)
+	}
+	auth := httptransport.APIKeyAuth("X-TOKEN", "header", env.Token)
+	req := service.NewUnshareParams()
+	req.Body = &rest_model_zrok.UnshareRequest{
+		EnvZID:   env.ZId,
+		SvcToken: svcToken,
+		Reserved: true,
+	}
+	if _, err := zrok.Service.Unshare(req, auth); err != nil {
+		logrus.Errorf("error releasing service '%v': %v", svcToken, err)
+	}
+
+	logrus.Infof("reserved service '%v' released", svcToken)
+}

cmd/zrok/reserve.go

@@ -0,0 +1,108 @@
+package main
+
+import (
+	ui "github.com/gizak/termui/v3"
+	httptransport "github.com/go-openapi/runtime/client"
+	"github.com/openziti-test-kitchen/zrok/model"
+	"github.com/openziti-test-kitchen/zrok/rest_client_zrok/service"
+	"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
+	"github.com/openziti-test-kitchen/zrok/zrokdir"
+	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+	"net/url"
+	"strings"
+)
+
+func init() {
+	rootCmd.AddCommand(newReserveCommand().cmd)
+}
+
+type reserveCommand struct {
+	basicAuth []string
+	cmd       *cobra.Command
+}
+
+func newReserveCommand() *reserveCommand {
+	cmd := &cobra.Command{
+		Use:   "reserve <public|private> <targetEndpoint>",
+		Short: "Reserve a service",
+		Args:  cobra.ExactArgs(2),
+	}
+	command := &reserveCommand{cmd: cmd}
+	cmd.Flags().StringArrayVar(&command.basicAuth, "basic-auth", []string{}, "Basic authentication users (<username:password>,...)")
+	cmd.Run = command.run
+	return command
+}
+
+func (cmd *reserveCommand) run(_ *cobra.Command, args []string) {
+	shareMode := args[0]
+	if shareMode != "public" && shareMode != "private" {
+		showError("invalid sharing mode; expecting 'public' or 'private'", nil)
+	}
+
+	targetEndpoint, err := url.Parse(args[0])
+	if err != nil {
+		if !panicInstead {
+			showError("invalid target endpoint URL", err)
+		}
+		panic(err)
+	}
+	if targetEndpoint.Scheme == "" {
+		targetEndpoint.Scheme = "https"
+	}
+
+	env, err := zrokdir.LoadEnvironment()
+	if err != nil {
+		ui.Close()
+		if !panicInstead {
+			showError("unable to load environment; did you 'zrok enable'?", err)
+		}
+		panic(err)
+	}
+
+	zrok, err := zrokdir.ZrokClient(env.ApiEndpoint)
+	if err != nil {
+		ui.Close()
+		if !panicInstead {
+			showError("unable to create zrok client", err)
+		}
+		panic(err)
+	}
+	auth := httptransport.APIKeyAuth("X-TOKEN", "header", env.Token)
+	req := service.NewShareParams()
+	req.Body = &rest_model_zrok.ShareRequest{
+		EnvZID:               env.ZId,
+		ShareMode:            shareMode,
+		BackendMode:          "proxy",
+		BackendProxyEndpoint: targetEndpoint.String(),
+		AuthScheme:           string(model.None),
+		Reserved:             true,
+	}
+	if len(cmd.basicAuth) > 0 {
+		logrus.Infof("configuring basic auth")
+		req.Body.AuthScheme = string(model.Basic)
+		for _, pair := range cmd.basicAuth {
+			tokens := strings.Split(pair, ":")
+			if len(tokens) == 2 {
+				req.Body.AuthUsers = append(req.Body.AuthUsers, &rest_model_zrok.AuthUser{Username: strings.TrimSpace(tokens[0]), Password: strings.TrimSpace(tokens[1])})
+			} else {
+				panic(errors.Errorf("invalid username:password pair '%v'", pair))
+			}
+		}
+	}
+
+	resp, err := zrok.Service.Share(req, auth)
+	if err != nil {
+		ui.Close()
+		if !panicInstead {
+			showError("unable to create tunnel", err)
+		}
+		panic(err)
+	}
+
+	logrus.Infof("your reserved service token is '%v'", resp.Payload.SvcToken)
+	if resp.Payload.FrontendProxyEndpoint != "" {
+		logrus.Infof("your reserved service frontend is '%v'", resp.Payload.FrontendProxyEndpoint)
+	}
+}

cmd/zrok/share_again.go

@@ -1,126 +0,0 @@
-package main
-
-import (
-	ui "github.com/gizak/termui/v3"
-	"github.com/go-openapi/runtime"
-	httptransport "github.com/go-openapi/runtime/client"
-	"github.com/openziti-test-kitchen/zrok/endpoints/backend"
-	"github.com/openziti-test-kitchen/zrok/rest_client_zrok"
-	"github.com/openziti-test-kitchen/zrok/rest_client_zrok/service"
-	"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
-	"github.com/openziti-test-kitchen/zrok/zrokdir"
-	"github.com/sirupsen/logrus"
-	"github.com/spf13/cobra"
-	"net/url"
-	"os"
-	"os/signal"
-	"syscall"
-	"time"
-)
-
-func init() {
-	shareCmd.AddCommand(newShareAgainCommand().cmd)
-}
-
-type shareAgainCommand struct {
-	cmd *cobra.Command
-}
-
-func newShareAgainCommand() *shareAgainCommand {
-	cmd := &cobra.Command{
-		Use:   "again <serviceToken> <targetEndpoint>",
-		Short: "Share a previously reserved service again",
-		Args:  cobra.ExactArgs(2),
-	}
-	command := &shareAgainCommand{cmd: cmd}
-	cmd.Run = command.run
-	return command
-}
-
-func (cmd *shareAgainCommand) run(_ *cobra.Command, args []string) {
-	targetEndpoint, err := url.Parse(args[1])
-	if err != nil {
-		if !panicInstead {
-			showError("invalid target endpoint URL", err)
-		}
-		panic(err)
-	}
-	if targetEndpoint.Scheme == "" {
-		targetEndpoint.Scheme = "https"
-	}
-
-	env, err := zrokdir.LoadEnvironment()
-	if err != nil {
-		if !panicInstead {
-			showError("unable to load environment; did you 'zrok enable'?", err)
-		}
-		panic(err)
-	}
-	zif, err := zrokdir.ZitiIdentityFile("backend")
-	if err != nil {
-		if !panicInstead {
-			showError("unable to load ziti identity configuration", err)
-		}
-		panic(err)
-	}
-	svcToken := args[0]
-	cfg := &backend.Config{
-		IdentityPath:    zif,
-		EndpointAddress: targetEndpoint.String(),
-		Service:         svcToken,
-	}
-
-	zrok, err := zrokdir.ZrokClient(env.ApiEndpoint)
-	if err != nil {
-		if !panicInstead {
-			showError("unable to create zrok client", err)
-		}
-		panic(err)
-	}
-	auth := httptransport.APIKeyAuth("X-TOKEN", "header", env.Token)
-
-	c := make(chan os.Signal)
-	signal.Notify(c, os.Interrupt, syscall.SIGTERM)
-	go func() {
-		<-c
-		cmd.destroy(env.ZId, cfg, zrok, auth)
-		os.Exit(0)
-	}()
-
-	httpProxy, err := backend.NewHTTP(cfg)
-	if err != nil {
-		ui.Close()
-		if !panicInstead {
-			showError("unable to create http backend", err)
-		}
-		panic(err)
-	}
-
-	go func() {
-		if err := httpProxy.Run(); err != nil {
-			if !panicInstead {
-				showError("unable to run http proxy", err)
-			}
-			panic(err)
-		}
-	}()
-
-	logrus.Infof("share your zrok service; use this command for access: 'zrok access private %v'", svcToken)
-	for {
-		time.Sleep(30 * time.Second)
-	}
-}
-
-func (self *shareAgainCommand) destroy(id string, cfg *backend.Config, zrok *rest_client_zrok.Zrok, auth runtime.ClientAuthInfoWriter) {
-	logrus.Debugf("shutting down '%v'", cfg.Service)
-	req := service.NewUnshareParams()
-	req.Body = &rest_model_zrok.UnshareRequest{
-		EnvZID:   id,
-		SvcToken: cfg.Service,
-	}
-	if _, err := zrok.Service.Unshare(req, auth); err == nil {
-		logrus.Debugf("shutdown complete")
-	} else {
-		logrus.Errorf("error shutting down: %v", err)
-	}
-}

cmd/zrok/share_public.go

@@ -42,7 +42,7 @@ func newSharePublicCommand() *sharePublicCommand {
 	}
 	command := &sharePublicCommand{cmd: cmd}
 	cmd.Flags().BoolVarP(&command.quiet, "quiet", "q", false, "Disable TUI 'chrome' for quiet operation")
-	cmd.Flags().StringArrayVar(&command.basicAuth, "basic-auth", []string{}, "Basic authentication users (<username:password>,...")
+	cmd.Flags().StringArrayVar(&command.basicAuth, "basic-auth", []string{}, "Basic authentication users (<username:password>,...)")
 	cmd.Run = command.run
 	return command
 }

controller/share.go

@@ -78,6 +78,7 @@ func (h *shareHandler) Handle(params service.ShareParams, principal *rest_model_
 
 	logrus.Debugf("allocated service '%v'", svcToken)
 
+	reserved := params.Body.Reserved
 	sid, err := str.CreateService(envId, &store.Service{
 		ZId:                  svcZId,
 		Token:                svcToken,
@@ -85,7 +86,7 @@ func (h *shareHandler) Handle(params service.ShareParams, principal *rest_model_
 		BackendMode:          params.Body.BackendMode,
 		FrontendEndpoint:     &frontendEndpoints[0],
 		BackendProxyEndpoint: &params.Body.BackendProxyEndpoint,
-		Reserved:             false,
+		Reserved:             reserved,
 	}, tx)
 	if err != nil {
 		logrus.Errorf("error creating service record: %v", err)

controller/unshare.go

@@ -75,7 +75,7 @@ func (h *unshareHandler) Handle(params service.UnshareParams, principal *rest_mo
 		return service.NewUnshareInternalServerError()
 	}
 
-	if !ssvc.Reserved {
+	if ssvc.Reserved == params.Body.Reserved {
 		// single tag-based service deallocator; should work regardless of sharing mode
 		if err := h.deallocateResources(senv, ssvc, svcToken, svcZId, edge); err != nil {
 			logrus.Errorf("error unsharing ziti resources for '%v': %v", ssvc, err)

rest_model_zrok/share_request.go

@@ -40,6 +40,9 @@ type ShareRequest struct {
 	// frontend selection
 	FrontendSelection []string `json:"frontendSelection"`
 
+	// reserved
+	Reserved bool `json:"reserved,omitempty"`
+
 	// share mode
 	// Enum: [public private]
 	ShareMode string `json:"shareMode,omitempty"`

rest_model_zrok/unshare_request.go

@@ -20,6 +20,9 @@ type UnshareRequest struct {
 	// env z Id
 	EnvZID string `json:"envZId,omitempty"`
 
+	// reserved
+	Reserved bool `json:"reserved,omitempty"`
+
 	// svc token
 	SvcToken string `json:"svcToken,omitempty"`
 }

rest_server_zrok/embedded_spec.go

@@ -736,6 +736,9 @@ func init() {
             "type": "string"
           }
         },
+        "reserved": {
+          "type": "boolean"
+        },
         "shareMode": {
           "type": "string",
           "enum": [
@@ -776,6 +779,9 @@ func init() {
         "envZId": {
           "type": "string"
         },
+        "reserved": {
+          "type": "boolean"
+        },
         "svcToken": {
           "type": "string"
         }
@@ -1528,6 +1534,9 @@ func init() {
             "type": "string"
           }
         },
+        "reserved": {
+          "type": "boolean"
+        },
         "shareMode": {
           "type": "string",
           "enum": [
@@ -1568,6 +1577,9 @@ func init() {
         "envZId": {
           "type": "string"
         },
+        "reserved": {
+          "type": "boolean"
+        },
         "svcToken": {
           "type": "string"
         }

specs/zrok.yml

@@ -491,6 +491,8 @@ definitions:
         type: array
         items:
           $ref: "#/definitions/authUser"
+      reserved:
+        type: boolean
 
   shareResponse:
     type: object
@@ -517,6 +519,8 @@ definitions:
         type: string
       svcToken:
         type: string
+      reserved:
+        type: boolean
 
   verifyRequest:
     type: object

ui/src/api/types.js

@@ -152,6 +152,7 @@
  * @property {string} backendProxyEndpoint 
  * @property {string} authScheme 
  * @property {module:types.authUser[]} authUsers 
+ * @property {boolean} reserved 
  */
 
 /**
@@ -177,6 +178,7 @@
  * 
  * @property {string} envZId 
  * @property {string} svcToken 
+ * @property {boolean} reserved 
  */
 
 /**