mirror of
https://github.com/openziti/zrok.git
synced 2025-01-20 12:58:59 +01:00
zrok reserve; zrok release (#41)
This commit is contained in:
parent
f9143c3a5b
commit
3f5c5003de
63
cmd/zrok/release.go
Normal file
63
cmd/zrok/release.go
Normal file
@ -0,0 +1,63 @@
|
|||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
ui "github.com/gizak/termui/v3"
|
||||||
|
httptransport "github.com/go-openapi/runtime/client"
|
||||||
|
"github.com/openziti-test-kitchen/zrok/rest_client_zrok/service"
|
||||||
|
"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
|
||||||
|
"github.com/openziti-test-kitchen/zrok/zrokdir"
|
||||||
|
"github.com/sirupsen/logrus"
|
||||||
|
"github.com/spf13/cobra"
|
||||||
|
)
|
||||||
|
|
||||||
|
func init() {
|
||||||
|
rootCmd.AddCommand(newReleaseCommand().cmd)
|
||||||
|
}
|
||||||
|
|
||||||
|
type releaseCommand struct {
|
||||||
|
cmd *cobra.Command
|
||||||
|
}
|
||||||
|
|
||||||
|
func newReleaseCommand() *releaseCommand {
|
||||||
|
cmd := &cobra.Command{
|
||||||
|
Use: "release <serviceToken>",
|
||||||
|
Short: "Release a reserved service",
|
||||||
|
Args: cobra.ExactArgs(1),
|
||||||
|
}
|
||||||
|
command := &releaseCommand{cmd: cmd}
|
||||||
|
cmd.Run = command.run
|
||||||
|
return command
|
||||||
|
}
|
||||||
|
|
||||||
|
func (cmd *releaseCommand) run(_ *cobra.Command, args []string) {
|
||||||
|
svcToken := args[0]
|
||||||
|
env, err := zrokdir.LoadEnvironment()
|
||||||
|
if err != nil {
|
||||||
|
ui.Close()
|
||||||
|
if !panicInstead {
|
||||||
|
showError("unable to load environment; did you 'zrok enable'?", err)
|
||||||
|
}
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
zrok, err := zrokdir.ZrokClient(env.ApiEndpoint)
|
||||||
|
if err != nil {
|
||||||
|
ui.Close()
|
||||||
|
if !panicInstead {
|
||||||
|
showError("unable to create zrok client", err)
|
||||||
|
}
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
auth := httptransport.APIKeyAuth("X-TOKEN", "header", env.Token)
|
||||||
|
req := service.NewUnshareParams()
|
||||||
|
req.Body = &rest_model_zrok.UnshareRequest{
|
||||||
|
EnvZID: env.ZId,
|
||||||
|
SvcToken: svcToken,
|
||||||
|
Reserved: true,
|
||||||
|
}
|
||||||
|
if _, err := zrok.Service.Unshare(req, auth); err != nil {
|
||||||
|
logrus.Errorf("error releasing service '%v': %v", svcToken, err)
|
||||||
|
}
|
||||||
|
|
||||||
|
logrus.Infof("reserved service '%v' released", svcToken)
|
||||||
|
}
|
108
cmd/zrok/reserve.go
Normal file
108
cmd/zrok/reserve.go
Normal file
@ -0,0 +1,108 @@
|
|||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
ui "github.com/gizak/termui/v3"
|
||||||
|
httptransport "github.com/go-openapi/runtime/client"
|
||||||
|
"github.com/openziti-test-kitchen/zrok/model"
|
||||||
|
"github.com/openziti-test-kitchen/zrok/rest_client_zrok/service"
|
||||||
|
"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
|
||||||
|
"github.com/openziti-test-kitchen/zrok/zrokdir"
|
||||||
|
"github.com/pkg/errors"
|
||||||
|
"github.com/sirupsen/logrus"
|
||||||
|
"github.com/spf13/cobra"
|
||||||
|
"net/url"
|
||||||
|
"strings"
|
||||||
|
)
|
||||||
|
|
||||||
|
func init() {
|
||||||
|
rootCmd.AddCommand(newReserveCommand().cmd)
|
||||||
|
}
|
||||||
|
|
||||||
|
type reserveCommand struct {
|
||||||
|
basicAuth []string
|
||||||
|
cmd *cobra.Command
|
||||||
|
}
|
||||||
|
|
||||||
|
func newReserveCommand() *reserveCommand {
|
||||||
|
cmd := &cobra.Command{
|
||||||
|
Use: "reserve <public|private> <targetEndpoint>",
|
||||||
|
Short: "Reserve a service",
|
||||||
|
Args: cobra.ExactArgs(2),
|
||||||
|
}
|
||||||
|
command := &reserveCommand{cmd: cmd}
|
||||||
|
cmd.Flags().StringArrayVar(&command.basicAuth, "basic-auth", []string{}, "Basic authentication users (<username:password>,...)")
|
||||||
|
cmd.Run = command.run
|
||||||
|
return command
|
||||||
|
}
|
||||||
|
|
||||||
|
func (cmd *reserveCommand) run(_ *cobra.Command, args []string) {
|
||||||
|
shareMode := args[0]
|
||||||
|
if shareMode != "public" && shareMode != "private" {
|
||||||
|
showError("invalid sharing mode; expecting 'public' or 'private'", nil)
|
||||||
|
}
|
||||||
|
|
||||||
|
targetEndpoint, err := url.Parse(args[0])
|
||||||
|
if err != nil {
|
||||||
|
if !panicInstead {
|
||||||
|
showError("invalid target endpoint URL", err)
|
||||||
|
}
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
if targetEndpoint.Scheme == "" {
|
||||||
|
targetEndpoint.Scheme = "https"
|
||||||
|
}
|
||||||
|
|
||||||
|
env, err := zrokdir.LoadEnvironment()
|
||||||
|
if err != nil {
|
||||||
|
ui.Close()
|
||||||
|
if !panicInstead {
|
||||||
|
showError("unable to load environment; did you 'zrok enable'?", err)
|
||||||
|
}
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
zrok, err := zrokdir.ZrokClient(env.ApiEndpoint)
|
||||||
|
if err != nil {
|
||||||
|
ui.Close()
|
||||||
|
if !panicInstead {
|
||||||
|
showError("unable to create zrok client", err)
|
||||||
|
}
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
auth := httptransport.APIKeyAuth("X-TOKEN", "header", env.Token)
|
||||||
|
req := service.NewShareParams()
|
||||||
|
req.Body = &rest_model_zrok.ShareRequest{
|
||||||
|
EnvZID: env.ZId,
|
||||||
|
ShareMode: shareMode,
|
||||||
|
BackendMode: "proxy",
|
||||||
|
BackendProxyEndpoint: targetEndpoint.String(),
|
||||||
|
AuthScheme: string(model.None),
|
||||||
|
Reserved: true,
|
||||||
|
}
|
||||||
|
if len(cmd.basicAuth) > 0 {
|
||||||
|
logrus.Infof("configuring basic auth")
|
||||||
|
req.Body.AuthScheme = string(model.Basic)
|
||||||
|
for _, pair := range cmd.basicAuth {
|
||||||
|
tokens := strings.Split(pair, ":")
|
||||||
|
if len(tokens) == 2 {
|
||||||
|
req.Body.AuthUsers = append(req.Body.AuthUsers, &rest_model_zrok.AuthUser{Username: strings.TrimSpace(tokens[0]), Password: strings.TrimSpace(tokens[1])})
|
||||||
|
} else {
|
||||||
|
panic(errors.Errorf("invalid username:password pair '%v'", pair))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resp, err := zrok.Service.Share(req, auth)
|
||||||
|
if err != nil {
|
||||||
|
ui.Close()
|
||||||
|
if !panicInstead {
|
||||||
|
showError("unable to create tunnel", err)
|
||||||
|
}
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
logrus.Infof("your reserved service token is '%v'", resp.Payload.SvcToken)
|
||||||
|
if resp.Payload.FrontendProxyEndpoint != "" {
|
||||||
|
logrus.Infof("your reserved service frontend is '%v'", resp.Payload.FrontendProxyEndpoint)
|
||||||
|
}
|
||||||
|
}
|
@ -1,126 +0,0 @@
|
|||||||
package main
|
|
||||||
|
|
||||||
import (
|
|
||||||
ui "github.com/gizak/termui/v3"
|
|
||||||
"github.com/go-openapi/runtime"
|
|
||||||
httptransport "github.com/go-openapi/runtime/client"
|
|
||||||
"github.com/openziti-test-kitchen/zrok/endpoints/backend"
|
|
||||||
"github.com/openziti-test-kitchen/zrok/rest_client_zrok"
|
|
||||||
"github.com/openziti-test-kitchen/zrok/rest_client_zrok/service"
|
|
||||||
"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
|
|
||||||
"github.com/openziti-test-kitchen/zrok/zrokdir"
|
|
||||||
"github.com/sirupsen/logrus"
|
|
||||||
"github.com/spf13/cobra"
|
|
||||||
"net/url"
|
|
||||||
"os"
|
|
||||||
"os/signal"
|
|
||||||
"syscall"
|
|
||||||
"time"
|
|
||||||
)
|
|
||||||
|
|
||||||
func init() {
|
|
||||||
shareCmd.AddCommand(newShareAgainCommand().cmd)
|
|
||||||
}
|
|
||||||
|
|
||||||
type shareAgainCommand struct {
|
|
||||||
cmd *cobra.Command
|
|
||||||
}
|
|
||||||
|
|
||||||
func newShareAgainCommand() *shareAgainCommand {
|
|
||||||
cmd := &cobra.Command{
|
|
||||||
Use: "again <serviceToken> <targetEndpoint>",
|
|
||||||
Short: "Share a previously reserved service again",
|
|
||||||
Args: cobra.ExactArgs(2),
|
|
||||||
}
|
|
||||||
command := &shareAgainCommand{cmd: cmd}
|
|
||||||
cmd.Run = command.run
|
|
||||||
return command
|
|
||||||
}
|
|
||||||
|
|
||||||
func (cmd *shareAgainCommand) run(_ *cobra.Command, args []string) {
|
|
||||||
targetEndpoint, err := url.Parse(args[1])
|
|
||||||
if err != nil {
|
|
||||||
if !panicInstead {
|
|
||||||
showError("invalid target endpoint URL", err)
|
|
||||||
}
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
if targetEndpoint.Scheme == "" {
|
|
||||||
targetEndpoint.Scheme = "https"
|
|
||||||
}
|
|
||||||
|
|
||||||
env, err := zrokdir.LoadEnvironment()
|
|
||||||
if err != nil {
|
|
||||||
if !panicInstead {
|
|
||||||
showError("unable to load environment; did you 'zrok enable'?", err)
|
|
||||||
}
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
zif, err := zrokdir.ZitiIdentityFile("backend")
|
|
||||||
if err != nil {
|
|
||||||
if !panicInstead {
|
|
||||||
showError("unable to load ziti identity configuration", err)
|
|
||||||
}
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
svcToken := args[0]
|
|
||||||
cfg := &backend.Config{
|
|
||||||
IdentityPath: zif,
|
|
||||||
EndpointAddress: targetEndpoint.String(),
|
|
||||||
Service: svcToken,
|
|
||||||
}
|
|
||||||
|
|
||||||
zrok, err := zrokdir.ZrokClient(env.ApiEndpoint)
|
|
||||||
if err != nil {
|
|
||||||
if !panicInstead {
|
|
||||||
showError("unable to create zrok client", err)
|
|
||||||
}
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
auth := httptransport.APIKeyAuth("X-TOKEN", "header", env.Token)
|
|
||||||
|
|
||||||
c := make(chan os.Signal)
|
|
||||||
signal.Notify(c, os.Interrupt, syscall.SIGTERM)
|
|
||||||
go func() {
|
|
||||||
<-c
|
|
||||||
cmd.destroy(env.ZId, cfg, zrok, auth)
|
|
||||||
os.Exit(0)
|
|
||||||
}()
|
|
||||||
|
|
||||||
httpProxy, err := backend.NewHTTP(cfg)
|
|
||||||
if err != nil {
|
|
||||||
ui.Close()
|
|
||||||
if !panicInstead {
|
|
||||||
showError("unable to create http backend", err)
|
|
||||||
}
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
|
|
||||||
go func() {
|
|
||||||
if err := httpProxy.Run(); err != nil {
|
|
||||||
if !panicInstead {
|
|
||||||
showError("unable to run http proxy", err)
|
|
||||||
}
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
}()
|
|
||||||
|
|
||||||
logrus.Infof("share your zrok service; use this command for access: 'zrok access private %v'", svcToken)
|
|
||||||
for {
|
|
||||||
time.Sleep(30 * time.Second)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func (self *shareAgainCommand) destroy(id string, cfg *backend.Config, zrok *rest_client_zrok.Zrok, auth runtime.ClientAuthInfoWriter) {
|
|
||||||
logrus.Debugf("shutting down '%v'", cfg.Service)
|
|
||||||
req := service.NewUnshareParams()
|
|
||||||
req.Body = &rest_model_zrok.UnshareRequest{
|
|
||||||
EnvZID: id,
|
|
||||||
SvcToken: cfg.Service,
|
|
||||||
}
|
|
||||||
if _, err := zrok.Service.Unshare(req, auth); err == nil {
|
|
||||||
logrus.Debugf("shutdown complete")
|
|
||||||
} else {
|
|
||||||
logrus.Errorf("error shutting down: %v", err)
|
|
||||||
}
|
|
||||||
}
|
|
@ -42,7 +42,7 @@ func newSharePublicCommand() *sharePublicCommand {
|
|||||||
}
|
}
|
||||||
command := &sharePublicCommand{cmd: cmd}
|
command := &sharePublicCommand{cmd: cmd}
|
||||||
cmd.Flags().BoolVarP(&command.quiet, "quiet", "q", false, "Disable TUI 'chrome' for quiet operation")
|
cmd.Flags().BoolVarP(&command.quiet, "quiet", "q", false, "Disable TUI 'chrome' for quiet operation")
|
||||||
cmd.Flags().StringArrayVar(&command.basicAuth, "basic-auth", []string{}, "Basic authentication users (<username:password>,...")
|
cmd.Flags().StringArrayVar(&command.basicAuth, "basic-auth", []string{}, "Basic authentication users (<username:password>,...)")
|
||||||
cmd.Run = command.run
|
cmd.Run = command.run
|
||||||
return command
|
return command
|
||||||
}
|
}
|
||||||
|
@ -78,6 +78,7 @@ func (h *shareHandler) Handle(params service.ShareParams, principal *rest_model_
|
|||||||
|
|
||||||
logrus.Debugf("allocated service '%v'", svcToken)
|
logrus.Debugf("allocated service '%v'", svcToken)
|
||||||
|
|
||||||
|
reserved := params.Body.Reserved
|
||||||
sid, err := str.CreateService(envId, &store.Service{
|
sid, err := str.CreateService(envId, &store.Service{
|
||||||
ZId: svcZId,
|
ZId: svcZId,
|
||||||
Token: svcToken,
|
Token: svcToken,
|
||||||
@ -85,7 +86,7 @@ func (h *shareHandler) Handle(params service.ShareParams, principal *rest_model_
|
|||||||
BackendMode: params.Body.BackendMode,
|
BackendMode: params.Body.BackendMode,
|
||||||
FrontendEndpoint: &frontendEndpoints[0],
|
FrontendEndpoint: &frontendEndpoints[0],
|
||||||
BackendProxyEndpoint: ¶ms.Body.BackendProxyEndpoint,
|
BackendProxyEndpoint: ¶ms.Body.BackendProxyEndpoint,
|
||||||
Reserved: false,
|
Reserved: reserved,
|
||||||
}, tx)
|
}, tx)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logrus.Errorf("error creating service record: %v", err)
|
logrus.Errorf("error creating service record: %v", err)
|
||||||
|
@ -75,7 +75,7 @@ func (h *unshareHandler) Handle(params service.UnshareParams, principal *rest_mo
|
|||||||
return service.NewUnshareInternalServerError()
|
return service.NewUnshareInternalServerError()
|
||||||
}
|
}
|
||||||
|
|
||||||
if !ssvc.Reserved {
|
if ssvc.Reserved == params.Body.Reserved {
|
||||||
// single tag-based service deallocator; should work regardless of sharing mode
|
// single tag-based service deallocator; should work regardless of sharing mode
|
||||||
if err := h.deallocateResources(senv, ssvc, svcToken, svcZId, edge); err != nil {
|
if err := h.deallocateResources(senv, ssvc, svcToken, svcZId, edge); err != nil {
|
||||||
logrus.Errorf("error unsharing ziti resources for '%v': %v", ssvc, err)
|
logrus.Errorf("error unsharing ziti resources for '%v': %v", ssvc, err)
|
||||||
|
@ -40,6 +40,9 @@ type ShareRequest struct {
|
|||||||
// frontend selection
|
// frontend selection
|
||||||
FrontendSelection []string `json:"frontendSelection"`
|
FrontendSelection []string `json:"frontendSelection"`
|
||||||
|
|
||||||
|
// reserved
|
||||||
|
Reserved bool `json:"reserved,omitempty"`
|
||||||
|
|
||||||
// share mode
|
// share mode
|
||||||
// Enum: [public private]
|
// Enum: [public private]
|
||||||
ShareMode string `json:"shareMode,omitempty"`
|
ShareMode string `json:"shareMode,omitempty"`
|
||||||
|
@ -20,6 +20,9 @@ type UnshareRequest struct {
|
|||||||
// env z Id
|
// env z Id
|
||||||
EnvZID string `json:"envZId,omitempty"`
|
EnvZID string `json:"envZId,omitempty"`
|
||||||
|
|
||||||
|
// reserved
|
||||||
|
Reserved bool `json:"reserved,omitempty"`
|
||||||
|
|
||||||
// svc token
|
// svc token
|
||||||
SvcToken string `json:"svcToken,omitempty"`
|
SvcToken string `json:"svcToken,omitempty"`
|
||||||
}
|
}
|
||||||
|
@ -736,6 +736,9 @@ func init() {
|
|||||||
"type": "string"
|
"type": "string"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"reserved": {
|
||||||
|
"type": "boolean"
|
||||||
|
},
|
||||||
"shareMode": {
|
"shareMode": {
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"enum": [
|
"enum": [
|
||||||
@ -776,6 +779,9 @@ func init() {
|
|||||||
"envZId": {
|
"envZId": {
|
||||||
"type": "string"
|
"type": "string"
|
||||||
},
|
},
|
||||||
|
"reserved": {
|
||||||
|
"type": "boolean"
|
||||||
|
},
|
||||||
"svcToken": {
|
"svcToken": {
|
||||||
"type": "string"
|
"type": "string"
|
||||||
}
|
}
|
||||||
@ -1528,6 +1534,9 @@ func init() {
|
|||||||
"type": "string"
|
"type": "string"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"reserved": {
|
||||||
|
"type": "boolean"
|
||||||
|
},
|
||||||
"shareMode": {
|
"shareMode": {
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"enum": [
|
"enum": [
|
||||||
@ -1568,6 +1577,9 @@ func init() {
|
|||||||
"envZId": {
|
"envZId": {
|
||||||
"type": "string"
|
"type": "string"
|
||||||
},
|
},
|
||||||
|
"reserved": {
|
||||||
|
"type": "boolean"
|
||||||
|
},
|
||||||
"svcToken": {
|
"svcToken": {
|
||||||
"type": "string"
|
"type": "string"
|
||||||
}
|
}
|
||||||
|
@ -491,6 +491,8 @@ definitions:
|
|||||||
type: array
|
type: array
|
||||||
items:
|
items:
|
||||||
$ref: "#/definitions/authUser"
|
$ref: "#/definitions/authUser"
|
||||||
|
reserved:
|
||||||
|
type: boolean
|
||||||
|
|
||||||
shareResponse:
|
shareResponse:
|
||||||
type: object
|
type: object
|
||||||
@ -517,6 +519,8 @@ definitions:
|
|||||||
type: string
|
type: string
|
||||||
svcToken:
|
svcToken:
|
||||||
type: string
|
type: string
|
||||||
|
reserved:
|
||||||
|
type: boolean
|
||||||
|
|
||||||
verifyRequest:
|
verifyRequest:
|
||||||
type: object
|
type: object
|
||||||
|
@ -152,6 +152,7 @@
|
|||||||
* @property {string} backendProxyEndpoint
|
* @property {string} backendProxyEndpoint
|
||||||
* @property {string} authScheme
|
* @property {string} authScheme
|
||||||
* @property {module:types.authUser[]} authUsers
|
* @property {module:types.authUser[]} authUsers
|
||||||
|
* @property {boolean} reserved
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -177,6 +178,7 @@
|
|||||||
*
|
*
|
||||||
* @property {string} envZId
|
* @property {string} envZId
|
||||||
* @property {string} svcToken
|
* @property {string} svcToken
|
||||||
|
* @property {boolean} reserved
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
Loading…
Reference in New Issue
Block a user