extern/zrok
1
1
Fork 0
mirror of https://github.com/openziti/zrok.git synced 2024-11-24 17:13:51 +01:00
Code Issues Packages Projects Releases Wiki Activity

massive name -> token work (#119)

Browse Source
This commit is contained in:
Michael Quigley 2022-11-30 12:10:00 -05:00
parent f54d315e34
commit 483babe813
No known key found for this signature in database
GPG Key ID: 9B60314A9DD20A62
15 changed files with 106 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
controller/access.go
View File

@ -51,7 +51,7 @@ func (h *accessHandler) Handle(params service.AccessParams, principal *rest_mode
}
svcName := params.Body.SvcName
ssvc, err := str.FindServiceWithName(svcName, tx)
ssvc, err := str.FindServiceWithToken(svcName, tx)
if err != nil {
logrus.Errorf("error finding service")
return service.NewAccessNotFound()
@ -81,7 +81,7 @@ func (h *accessHandler) Handle(params service.AccessParams, principal *rest_mode
"zrokEnvironmentZId": envZId,
"zrokFrontendToken": feToken,
}}
if err := createServicePolicyDialForEnvironment(envZId, ssvc.Name, ssvc.ZId, edge, extraTags); err != nil {
if err := createServicePolicyDialForEnvironment(envZId, ssvc.Token, ssvc.ZId, edge, extraTags); err != nil {
logrus.Errorf("unable to create dial policy: %v", err)
return service.NewAccessInternalServerError()
}
@ -94,8 +94,8 @@ func (h *accessHandler) Handle(params service.AccessParams, principal *rest_mode
return service.NewAccessCreated().WithPayload(&rest_model_zrok.AccessResponse{FrontendName: feToken})
}
func createServicePolicyDialForEnvironment(envZId, svcName, svcZId string, edge *rest_management_api_client.ZitiEdgeManagement, tags ...*rest_model.Tags) error {
allTags := zrokTags(svcName)
func createServicePolicyDialForEnvironment(envZId, svcToken, svcZId string, edge *rest_management_api_client.ZitiEdgeManagement, tags ...*rest_model.Tags) error {
allTags := zrokTags(svcToken)
for _, t := range tags {
for k, v := range t.SubTags {
allTags.SubTags[k] = v
@ -103,7 +103,7 @@ func createServicePolicyDialForEnvironment(envZId, svcName, svcZId string, edge
}
identityRoles := []string{"@" + envZId}
name := fmt.Sprintf("%v-%v-dial", envZId, svcName)
name := fmt.Sprintf("%v-%v-dial", envZId, svcToken)
var postureCheckRoles []string
semantic := rest_model.SemanticAllOf
serviceRoles := []string{fmt.Sprintf("@%v", svcZId)}

16
controller/disable.go
View File

@ -47,7 +47,7 @@ func (h *disableHandler) Handle(params environment.DisableParams, principal *res
logrus.Errorf("error removing environment: %v", err)
return environment.NewDisableInternalServerError()
}
if err := deleteEdgeRouterPolicy(env.ZId, params.Body.Identity, edge); err != nil {
if err := deleteEdgeRouterPolicy(env.ZId, edge); err != nil {
logrus.Errorf("error deleting edge router policy: %v", err)
return environment.NewDisableInternalServerError()
}
@ -84,24 +84,24 @@ func (h *disableHandler) removeServicesForEnvironment(envId int, tx *sqlx.Tx, ed
return err
}
for _, svc := range svcs {
svcName := svc.Name
logrus.Infof("garbage collecting service '%v' for environment '%v'", svcName, env.ZId)
if err := deleteServiceEdgeRouterPolicy(env.ZId, svcName, edge); err != nil {
svcToken := svc.Token
logrus.Infof("garbage collecting service '%v' for environment '%v'", svcToken, env.ZId)
if err := deleteServiceEdgeRouterPolicy(env.ZId, svcToken, edge); err != nil {
logrus.Error(err)
}
if err := deleteServicePolicyDial(env.ZId, svcName, edge); err != nil {
if err := deleteServicePolicyDial(env.ZId, svcToken, edge); err != nil {
logrus.Error(err)
}
if err := deleteServicePolicyBind(env.ZId, svcName, edge); err != nil {
if err := deleteServicePolicyBind(env.ZId, svcToken, edge); err != nil {
logrus.Error(err)
}
if err := deleteConfig(env.ZId, svcName, edge); err != nil {
if err := deleteConfig(env.ZId, svcToken, edge); err != nil {
logrus.Error(err)
}
if err := deleteService(env.ZId, svc.ZId, edge); err != nil {
logrus.Error(err)
}
logrus.Infof("removed service '%v' for environment '%v'", svc.Name, env.ZId)
logrus.Infof("removed service '%v' for environment '%v'", svc.Token, env.ZId)
}
return nil
}

64
controller/edge.go
View File

@ -18,16 +18,16 @@ import (
"time"
)
func createServiceEdgeRouterPolicy(envZId, svcName, svcZId string, edge *rest_management_api_client.ZitiEdgeManagement) error {
func createServiceEdgeRouterPolicy(envZId, svcToken, svcZId string, edge *rest_management_api_client.ZitiEdgeManagement) error {
edgeRouterRoles := []string{"#all"}
semantic := rest_model.SemanticAllOf
serviceRoles := []string{fmt.Sprintf("@%v", svcZId)}
serp := &rest_model.ServiceEdgeRouterPolicyCreate{
EdgeRouterRoles: edgeRouterRoles,
Name: &svcName,
Name: &svcToken,
Semantic: &semantic,
ServiceRoles: serviceRoles,
Tags: zrokTags(svcName),
Tags: zrokTags(svcToken),
}
serpParams := &service_edge_router_policy.CreateServiceEdgeRouterPolicyParams{
Policy: serp,
@ -42,8 +42,8 @@ func createServiceEdgeRouterPolicy(envZId, svcName, svcZId string, edge *rest_ma
return nil
}
func deleteServiceEdgeRouterPolicy(envZId, svcName string, edge *rest_management_api_client.ZitiEdgeManagement) error {
filter := fmt.Sprintf("tags.zrokServiceName=\"%v\"", svcName)
func deleteServiceEdgeRouterPolicy(envZId, svcToken string, edge *rest_management_api_client.ZitiEdgeManagement) error {
filter := fmt.Sprintf("tags.zrokServiceToken=\"%v\"", svcToken)
limit := int64(1)
offset := int64(0)
listReq := &service_edge_router_policy.ListServiceEdgeRouterPoliciesParams{
@ -75,10 +75,10 @@ func deleteServiceEdgeRouterPolicy(envZId, svcName string, edge *rest_management
return nil
}
func createServicePolicyBind(envZId, svcName, svcZId string, edge *rest_management_api_client.ZitiEdgeManagement) error {
func createServicePolicyBind(envZId, svcToken, svcZId string, edge *rest_management_api_client.ZitiEdgeManagement) error {
semantic := rest_model.SemanticAllOf
identityRoles := []string{fmt.Sprintf("@%v", envZId)}
name := fmt.Sprintf("%v-backend", svcName)
name := fmt.Sprintf("%v-backend", svcToken)
var postureCheckRoles []string
serviceRoles := []string{fmt.Sprintf("@%v", svcZId)}
dialBind := rest_model.DialBindBind
@ -89,7 +89,7 @@ func createServicePolicyBind(envZId, svcName, svcZId string, edge *rest_manageme
Semantic: &semantic,
ServiceRoles: serviceRoles,
Type: &dialBind,
Tags: zrokTags(svcName),
Tags: zrokTags(svcToken),
}
req := &service_policy.CreateServicePolicyParams{
Policy: svcp,
@ -104,13 +104,13 @@ func createServicePolicyBind(envZId, svcName, svcZId string, edge *rest_manageme
return nil
}
func deleteServicePolicyBind(envZId, svcName string, edge *rest_management_api_client.ZitiEdgeManagement) error {
func deleteServicePolicyBind(envZId, svcToken string, edge *rest_management_api_client.ZitiEdgeManagement) error {
// type=2 == "Bind"
return deleteServicePolicy(envZId, fmt.Sprintf("tags.zrokServiceName=\"%v\" and type=2", svcName), edge)
return deleteServicePolicy(envZId, fmt.Sprintf("tags.zrokServiceToken=\"%v\" and type=2", svcToken), edge)
}
func createServicePolicyDial(envZId, svcName, svcZId string, edge *rest_management_api_client.ZitiEdgeManagement, tags ...*rest_model.Tags) error {
allTags := zrokTags(svcName)
func createServicePolicyDial(envZId, svcToken, svcZId string, edge *rest_management_api_client.ZitiEdgeManagement, tags ...*rest_model.Tags) error {
allTags := zrokTags(svcToken)
for _, t := range tags {
for k, v := range t.SubTags {
allTags.SubTags[k] = v
@ -122,7 +122,7 @@ func createServicePolicyDial(envZId, svcName, svcZId string, edge *rest_manageme
identityRoles = append(identityRoles, "@"+proxyIdentity)
logrus.Infof("added proxy identity role '%v'", proxyIdentity)
}
name := fmt.Sprintf("%v-dial", svcName)
name := fmt.Sprintf("%v-dial", svcToken)
var postureCheckRoles []string
semantic := rest_model.SemanticAllOf
serviceRoles := []string{fmt.Sprintf("@%v", svcZId)}
@ -149,9 +149,9 @@ func createServicePolicyDial(envZId, svcName, svcZId string, edge *rest_manageme
return nil
}
func deleteServicePolicyDial(envZId, svcName string, edge *rest_management_api_client.ZitiEdgeManagement) error {
func deleteServicePolicyDial(envZId, svcToken string, edge *rest_management_api_client.ZitiEdgeManagement) error {
// type=1 == "Dial"
return deleteServicePolicy(envZId, fmt.Sprintf("tags.zrokServiceName=\"%v\" and type=1", svcName), edge)
return deleteServicePolicy(envZId, fmt.Sprintf("tags.zrokServiceToken=\"%v\" and type=1", svcToken), edge)
}
func deleteServicePolicy(envZId, filter string, edge *rest_management_api_client.ZitiEdgeManagement) error {
@ -186,7 +186,7 @@ func deleteServicePolicy(envZId, filter string, edge *rest_management_api_client
return nil
}
func createConfig(envZId, svcName string, authSchemeStr string, authUsers []*model.AuthUser, edge *rest_management_api_client.ZitiEdgeManagement) (cfgID string, err error) {
func createConfig(envZId, svcToken string, authSchemeStr string, authUsers []*model.AuthUser, edge *rest_management_api_client.ZitiEdgeManagement) (cfgID string, err error) {
authScheme, err := model.ParseAuthScheme(authSchemeStr)
if err != nil {
return "", err
@ -203,8 +203,8 @@ func createConfig(envZId, svcName string, authSchemeStr string, authUsers []*mod
cfgCrt := &rest_model.ConfigCreate{
ConfigTypeID: &zrokProxyConfigId,
Data: cfg,
Name: &svcName,
Tags: zrokTags(svcName),
Name: &svcToken,
Tags: zrokTags(svcToken),
}
cfgReq := &config.CreateConfigParams{
Config: cfgCrt,
@ -219,8 +219,8 @@ func createConfig(envZId, svcName string, authSchemeStr string, authUsers []*mod
return cfgResp.Payload.Data.ID, nil
}
func deleteConfig(envZId, svcName string, edge *rest_management_api_client.ZitiEdgeManagement) error {
filter := fmt.Sprintf("tags.zrokServiceName=\"%v\"", svcName)
func deleteConfig(envZId, svcToken string, edge *rest_management_api_client.ZitiEdgeManagement) error {
filter := fmt.Sprintf("tags.zrokServiceToken=\"%v\"", svcToken)
limit := int64(0)
offset := int64(0)
listReq := &config.ListConfigsParams{
@ -249,14 +249,14 @@ func deleteConfig(envZId, svcName string, edge *rest_management_api_client.ZitiE
return nil
}
func createService(envZId, svcName, cfgId string, edge *rest_management_api_client.ZitiEdgeManagement) (serviceId string, err error) {
func createService(envZId, svcToken, cfgId string, edge *rest_management_api_client.ZitiEdgeManagement) (serviceId string, err error) {
configs := []string{cfgId}
encryptionRequired := true
svc := &rest_model.ServiceCreate{
Configs: configs,
EncryptionRequired: &encryptionRequired,
Name: &svcName,
Tags: zrokTags(svcName),
Name: &svcToken,
Tags: zrokTags(svcToken),
}
req := &edge_service.CreateServiceParams{
Service: svc,
@ -267,13 +267,13 @@ func createService(envZId, svcName, cfgId string, edge *rest_management_api_clie
if err != nil {
return "", err
}
logrus.Infof("created zrok service named '%v' (with ziti id '%v') for environment '%v'", svcName, resp.Payload.Data.ID, envZId)
logrus.Infof("created zrok service named '%v' (with ziti id '%v') for environment '%v'", svcToken, resp.Payload.Data.ID, envZId)
return resp.Payload.Data.ID, nil
}
func deleteService(envZId, svcId string, edge *rest_management_api_client.ZitiEdgeManagement) error {
func deleteService(envZId, svcZId string, edge *rest_management_api_client.ZitiEdgeManagement) error {
req := &service.DeleteServiceParams{
ID: svcId,
ID: svcZId,
Context: context.Background(),
}
req.SetTimeout(30 * time.Second)
@ -281,12 +281,12 @@ func deleteService(envZId, svcId string, edge *rest_management_api_client.ZitiEd
if err != nil {
return err
}
logrus.Infof("deleted service '%v' for environment '%v'", svcId, envZId)
logrus.Infof("deleted service '%v' for environment '%v'", svcZId, envZId)
return nil
}
func deleteEdgeRouterPolicy(envZId, id string, edge *rest_management_api_client.ZitiEdgeManagement) error {
filter := fmt.Sprintf("name=\"%v\"", id)
func deleteEdgeRouterPolicy(envZId string, edge *rest_management_api_client.ZitiEdgeManagement) error {
filter := fmt.Sprintf("name=\"%v\"", envZId)
limit := int64(0)
offset := int64(0)
listReq := &edge_router_policy.ListEdgeRouterPoliciesParams{
@ -331,11 +331,11 @@ func deleteIdentity(id string, edge *rest_management_api_client.ZitiEdgeManageme
return nil
}
func zrokTags(svcName string) *rest_model.Tags {
func zrokTags(svcToken string) *rest_model.Tags {
return &rest_model.Tags{
SubTags: map[string]interface{}{
"zrok": build.String(),
"zrokServiceName": svcName,
"zrok": build.String(),
"zrokServiceToken": svcToken,
},
}
}

2
controller/gc.go
View File

@ -42,7 +42,7 @@ func GC(inCfg *Config) error {
}
liveMap := make(map[string]struct{})
for _, dbSvc := range dbSvcs {
liveMap[dbSvc.Name] = struct{}{}
liveMap[dbSvc.Token] = struct{}{}
}
if err := gcServices(edge, liveMap); err != nil {
return errors.Wrap(err, "error garbage collecting services")

12
controller/overview.go
View File

@ -59,8 +59,8 @@ func overviewHandler(_ metadata.OverviewParams, principal *rest_model_zrok.Princ
Backend: be,
UpdatedAt: svc.UpdatedAt.UnixMilli(),
ZID: svc.ZId,
Name: svc.Name,
Metrics: sparkData[svc.Name],
Name: svc.Token,
Metrics: sparkData[svc.Token],
})
}
out = append(out, es)
@ -89,10 +89,10 @@ func sparkDataForServices(svcs []*store.Service) (map[string][]int64, error) {
if writeRate != nil {
combinedRate += writeRate.(int64)
}
svcName := result.Record().ValueByKey("service").(string)
svcMetrics := out[svcName]
svcToken := result.Record().ValueByKey("service").(string)
svcMetrics := out[svcToken]
svcMetrics = append(svcMetrics, combinedRate)
out[svcName] = svcMetrics
out[svcToken] = svcMetrics
}
}
return out, nil
@ -104,7 +104,7 @@ func sparkFluxQuery(svcs []*store.Service) string {
if i > 0 {
svcFilter += " or"
}
svcFilter += fmt.Sprintf(" r[\"service\"] == \"%v\"", svc.Name)
svcFilter += fmt.Sprintf(" r[\"service\"] == \"%v\"", svc.Token)
}
svcFilter += ")"
query := "read = from(bucket: \"zrok\")" +

2
controller/share.go
View File

@ -80,7 +80,7 @@ func (h *shareHandler) Handle(params service.ShareParams, principal *rest_model_
sid, err := str.CreateService(envId, &store.Service{
ZId: svcZId,
Name: svcToken,
Token: svcToken,
ShareMode: params.Body.ShareMode,
BackendMode: params.Body.BackendMode,
FrontendEndpoint: &frontendEndpoints[0],

12
controller/share_private.go
View File

@ -12,28 +12,28 @@ func newPrivateResourceAllocator() *privateResourceAllocator {
return &privateResourceAllocator{}
}
func (a *privateResourceAllocator) allocate(envZId, svcName string, params service.ShareParams, edge *rest_management_api_client.ZitiEdgeManagement) (svcZId string, frontendEndpoints []string, err error) {
func (a *privateResourceAllocator) allocate(envZId, svcToken string, params service.ShareParams, edge *rest_management_api_client.ZitiEdgeManagement) (svcZId string, frontendEndpoints []string, err error) {
var authUsers []*model.AuthUser
for _, authUser := range params.Body.AuthUsers {
authUsers = append(authUsers, &model.AuthUser{authUser.Username, authUser.Password})
}
cfgId, err := createConfig(envZId, svcName, params.Body.AuthScheme, authUsers, edge)
cfgId, err := createConfig(envZId, svcToken, params.Body.AuthScheme, authUsers, edge)
if err != nil {
return "", nil, err
}
svcZId, err = createService(envZId, svcName, cfgId, edge)
svcZId, err = createService(envZId, svcToken, cfgId, edge)
if err != nil {
return "", nil, err
}
if err := createServicePolicyBind(envZId, svcName, svcZId, edge); err != nil {
if err := createServicePolicyBind(envZId, svcToken, svcZId, edge); err != nil {
return "", nil, err
}
if err := createServiceEdgeRouterPolicy(envZId, svcName, svcZId, edge); err != nil {
if err := createServiceEdgeRouterPolicy(envZId, svcToken, svcZId, edge); err != nil {
return "", nil, err
}
return svcZId, []string{proxyUrl(svcName)}, nil
return svcZId, []string{proxyUrl(svcToken)}, nil
}

14
controller/share_public.go
View File

@ -12,32 +12,32 @@ func newPublicResourceAllocator() *publicResourceAllocator {
return &publicResourceAllocator{}
}
func (a *publicResourceAllocator) allocate(envZId, svcName string, params service.ShareParams, edge *rest_management_api_client.ZitiEdgeManagement) (svcZId string, frontendEndpoints []string, err error) {
func (a *publicResourceAllocator) allocate(envZId, svcToken string, params service.ShareParams, edge *rest_management_api_client.ZitiEdgeManagement) (svcZId string, frontendEndpoints []string, err error) {
var authUsers []*model.AuthUser
for _, authUser := range params.Body.AuthUsers {
authUsers = append(authUsers, &model.AuthUser{authUser.Username, authUser.Password})
}
cfgId, err := createConfig(envZId, svcName, params.Body.AuthScheme, authUsers, edge)
cfgId, err := createConfig(envZId, svcToken, params.Body.AuthScheme, authUsers, edge)
if err != nil {
return "", nil, err
}
svcZId, err = createService(envZId, svcName, cfgId, edge)
svcZId, err = createService(envZId, svcToken, cfgId, edge)
if err != nil {
return "", nil, err
}
if err := createServicePolicyBind(envZId, svcName, svcZId, edge); err != nil {
if err := createServicePolicyBind(envZId, svcToken, svcZId, edge); err != nil {
return "", nil, err
}
if err := createServicePolicyDial(envZId, svcName, svcZId, edge); err != nil {
if err := createServicePolicyDial(envZId, svcToken, svcZId, edge); err != nil {
return "", nil, err
}
if err := createServiceEdgeRouterPolicy(envZId, svcName, svcZId, edge); err != nil {
if err := createServiceEdgeRouterPolicy(envZId, svcToken, svcZId, edge); err != nil {
return "", nil, err
}
return svcZId, []string{proxyUrl(svcName)}, nil
return svcZId, []string{proxyUrl(svcToken)}, nil
}

14
controller/store/service.go
View File

@ -9,7 +9,7 @@ type Service struct {
Model
EnvironmentId int
ZId string
Name string
Token string
ShareMode string
BackendMode string
FrontendSelection *string
@ -19,12 +19,12 @@ type Service struct {
}
func (self *Store) CreateService(envId int, svc *Service, tx *sqlx.Tx) (int, error) {
stmt, err := tx.Prepare("insert into services (environment_id, z_id, name, share_mode, backend_mode, frontend_selection, frontend_endpoint, backend_proxy_endpoint, reserved) values ($1, $2, $3, $4, $5, $6, $7, $8, $9) returning id")
stmt, err := tx.Prepare("insert into services (environment_id, z_id, token, share_mode, backend_mode, frontend_selection, frontend_endpoint, backend_proxy_endpoint, reserved) values ($1, $2, $3, $4, $5, $6, $7, $8, $9) returning id")
if err != nil {
return 0, errors.Wrap(err, "error preparing services insert statement")
}
var id int
if err := stmt.QueryRow(envId, svc.ZId, svc.Name, svc.ShareMode, svc.BackendMode, svc.FrontendSelection, svc.FrontendEndpoint, svc.BackendProxyEndpoint, svc.Reserved).Scan(&id); err != nil {
if err := stmt.QueryRow(envId, svc.ZId, svc.Token, svc.ShareMode, svc.BackendMode, svc.FrontendSelection, svc.FrontendEndpoint, svc.BackendProxyEndpoint, svc.Reserved).Scan(&id); err != nil {
return 0, errors.Wrap(err, "error executing services insert statement")
}
return id, nil
@ -54,9 +54,9 @@ func (self *Store) GetAllServices(tx *sqlx.Tx) ([]*Service, error) {
return svcs, nil
}
func (self *Store) FindServiceWithName(svcName string, tx *sqlx.Tx) (*Service, error) {
func (self *Store) FindServiceWithToken(svcToken string, tx *sqlx.Tx) (*Service, error) {
svc := &Service{}
if err := tx.QueryRowx("select * from services where name = $1", svcName).StructScan(svc); err != nil {
if err := tx.QueryRowx("select * from services where token = $1", svcToken).StructScan(svc); err != nil {
return nil, errors.Wrap(err, "error selecting service by name")
}
return svc, nil
@ -79,12 +79,12 @@ func (self *Store) FindServicesForEnvironment(envId int, tx *sqlx.Tx) ([]*Servic
}
func (self *Store) UpdateService(svc *Service, tx *sqlx.Tx) error {
sql := "update services set z_id = $1, name = $2, share_mode = $3, backend_mode = $4, frontend_selection = $5, frontend_endpoint = $6, backend_proxy_endpoint = $7, reserved = $8, updated_at = strftime('%Y-%m-%d %H:%M:%f', 'now') where id = $9"
sql := "update services set z_id = $1, token = $2, share_mode = $3, backend_mode = $4, frontend_selection = $5, frontend_endpoint = $6, backend_proxy_endpoint = $7, reserved = $8, updated_at = strftime('%Y-%m-%d %H:%M:%f', 'now') where id = $9"
stmt, err := tx.Prepare(sql)
if err != nil {
return errors.Wrap(err, "error preparing services update statement")
}
_, err = stmt.Exec(svc.ZId, svc.Name, svc.ShareMode, svc.BackendMode, svc.FrontendSelection, svc.FrontendEndpoint, svc.BackendProxyEndpoint, svc.Reserved, svc.Id)
_, err = stmt.Exec(svc.ZId, svc.Token, svc.ShareMode, svc.BackendMode, svc.FrontendSelection, svc.FrontendEndpoint, svc.BackendProxyEndpoint, svc.Reserved, svc.Id)
if err != nil {
return errors.Wrap(err, "error executing services update statement")
}

7
controller/store/sql/postgresql/003_v0_3_0_service_modes.sql
View File

@ -16,6 +16,7 @@ alter table services
alter table services rename frontend to frontend_endpoint;
alter table services rename backend to backend_proxy_endpoint;
alter table services rename name to token;
alter table services rename to services_old;
@ -23,7 +24,7 @@ create table services (
id serial primary key,
environment_id integer not null references environments(id),
z_id varchar(32) not null unique,
name varchar(32) not null unique,
token varchar(32) not null unique,
share_mode share_mode not null,
backend_mode backend_mode not null,
frontend_selection varchar(64),
@ -37,7 +38,7 @@ create table services (
constraint chk_name check (name <> '')
);
insert into services (id, environment_id, z_id, name, share_mode, backend_mode, frontend_selection, frontend_endpoint, backend_proxy_endpoint, created_at, updated_at)
select id, environment_id, z_id, name, share_mode, backend_mode, frontend_selection, frontend_endpoint, backend_proxy_endpoint, created_at, updated_at from services_old;
insert into services (id, environment_id, z_id, token, share_mode, backend_mode, frontend_selection, frontend_endpoint, backend_proxy_endpoint, created_at, updated_at)
select id, environment_id, z_id, token, share_mode, backend_mode, frontend_selection, frontend_endpoint, backend_proxy_endpoint, created_at, updated_at from services_old;
drop table services_old;

9
controller/store/sql/sqlite3/003_v0_3_0_service_modes.sql
View File

@ -4,6 +4,7 @@ alter table services add column frontend_selection string;
alter table services add column share_mode string not null default 'public';
alter table services add column backend_mode string not null default 'proxy';
alter table services add column reserved boolean not null default false;
alter table services rename column name to token;
alter table services rename to services_old;
@ -11,7 +12,7 @@ create table services (
id integer primary key,
environment_id integer constraint fk_environments_services references environments on delete cascade,
z_id string not null unique,
name string not null unique,
token string not null unique,
share_mode string not null,
backend_mode string not null,
frontend_selection string,
@ -22,12 +23,12 @@ create table services (
updated_at datetime not null default(strftime('%Y-%m-%d %H:%M:%f', 'now')),
constraint chk_z_id check (z_id <> ''),
constraint chk_name check (name <> ''),
constraint chk_token check (token <> ''),
constraint chk_share_mode check (share_mode == 'public' or share_mode == 'private'),
constraint chk_backend_mode check (backend_mode == 'proxy' or backend_mode == 'web' or backend_mode == 'dav')
);
insert into services (id, environment_id, z_id, name, share_mode, backend_mode, frontend_selection, frontend_endpoint, backend_proxy_endpoint, created_at, updated_at)
select id, environment_id, z_id, name, share_mode, backend_mode, frontend_selection, frontend, backend, created_at, updated_at from services_old;
insert into services (id, environment_id, z_id, token, share_mode, backend_mode, frontend_selection, frontend_endpoint, backend_proxy_endpoint, created_at, updated_at)
select id, environment_id, z_id, token, share_mode, backend_mode, frontend_selection, frontend, backend, created_at, updated_at from services_old;
drop table services_old;

18
controller/unaccess.go
View File

@ -17,10 +17,10 @@ func newUnaccessHandler() *unaccessHandler {
}
func (h *unaccessHandler) Handle(params service.UnaccessParams, principal *rest_model_zrok.Principal) middleware.Responder {
frontendName := params.Body.FrontendName
svcName := params.Body.SvcName
feToken := params.Body.FrontendName
svcToken := params.Body.SvcName
envZId := params.Body.ZID
logrus.Infof("processing unaccess request for frontend '%v' (service '%v', environment '%v')", frontendName, svcName, envZId)
logrus.Infof("processing unaccess request for frontend '%v' (service '%v', environment '%v')", feToken, svcToken, envZId)
tx, err := str.Begin()
if err != nil {
@ -53,29 +53,29 @@ func (h *unaccessHandler) Handle(params service.UnaccessParams, principal *rest_
return service.NewUnaccessUnauthorized()
}
sfe, err := str.FindFrontendNamed(frontendName, tx)
sfe, err := str.FindFrontendNamed(feToken, tx)
if err != nil {
logrus.Error(err)
return service.NewUnaccessInternalServerError()
}
if sfe == nil || sfe.EnvironmentId != senv.Id {
logrus.Errorf("frontend named '%v' not found", frontendName)
logrus.Errorf("frontend named '%v' not found", feToken)
return service.NewUnaccessInternalServerError()
}
if err := str.DeleteFrontend(sfe.Id, tx); err != nil {
logrus.Errorf("error deleting frontend named '%v': %v", frontendName, err)
logrus.Errorf("error deleting frontend named '%v': %v", feToken, err)
return service.NewUnaccessNotFound()
}
if err := deleteServicePolicy(envZId, fmt.Sprintf("tags.zrokServiceName=\"%v\" and tags.zrokFrontendToken=\"%v\" and type=1", svcName, frontendName), edge); err != nil {
logrus.Errorf("error removing access to '%v' for '%v': %v", svcName, envZId, err)
if err := deleteServicePolicy(envZId, fmt.Sprintf("tags.zrokServiceToken=\"%v\" and tags.zrokFrontendToken=\"%v\" and type=1", svcToken, feToken), edge); err != nil {
logrus.Errorf("error removing access to '%v' for '%v': %v", svcToken, envZId, err)
return service.NewUnaccessInternalServerError()
}
if err := tx.Commit(); err != nil {
logrus.Errorf("error committing frontend '%v' delete: %v", frontendName, err)
logrus.Errorf("error committing frontend '%v' delete: %v", feToken, err)
return service.NewUnaccessInternalServerError()
}

26
controller/unshare.go
View File

@ -33,8 +33,8 @@ func (h *unshareHandler) Handle(params service.UnshareParams, principal *rest_mo
logrus.Error(err)
return service.NewUnshareInternalServerError()
}
svcName := params.Body.SvcName
svcZId, err := h.findServiceZId(svcName, edge)
svcToken := params.Body.SvcName
svcZId, err := h.findServiceZId(svcToken, edge)
if err != nil {
logrus.Error(err)
return service.NewUnshareInternalServerError()
@ -77,12 +77,12 @@ func (h *unshareHandler) Handle(params service.UnshareParams, principal *rest_mo
if !ssvc.Reserved {
// single tag-based service deallocator; should work regardless of sharing mode
if err := h.deallocateResources(senv, ssvc, svcName, svcZId, edge); err != nil {
if err := h.deallocateResources(senv, ssvc, svcToken, svcZId, edge); err != nil {
logrus.Errorf("error unsharing ziti resources for '%v': %v", ssvc, err)
return service.NewUnshareInternalServerError()
}
logrus.Debugf("deallocated service '%v'", svcName)
logrus.Debugf("deallocated service '%v'", svcToken)
if err := str.DeleteService(ssvc.Id, tx); err != nil {
logrus.Errorf("error deactivating service '%v': %v", svcZId, err)
@ -94,14 +94,14 @@ func (h *unshareHandler) Handle(params service.UnshareParams, principal *rest_mo
}
} else {
logrus.Infof("service '%v' is reserved, skipping deallocation", svcName)
logrus.Infof("service '%v' is reserved, skipping deallocation", svcToken)
}
return service.NewUnshareOK()
}
func (h *unshareHandler) findServiceZId(svcName string, edge *rest_management_api_client.ZitiEdgeManagement) (string, error) {
filter := fmt.Sprintf("name=\"%v\"", svcName)
func (h *unshareHandler) findServiceZId(svcToken string, edge *rest_management_api_client.ZitiEdgeManagement) (string, error) {
filter := fmt.Sprintf("name=\"%v\"", svcToken)
limit := int64(1)
offset := int64(0)
listReq := &edge_service.ListServicesParams{
@ -118,20 +118,20 @@ func (h *unshareHandler) findServiceZId(svcName string, edge *rest_management_ap
if len(listResp.Payload.Data) == 1 {
return *(listResp.Payload.Data[0].ID), nil
}
return "", errors.Errorf("service '%v' not found", svcName)
return "", errors.Errorf("service '%v' not found", svcToken)
}
func (h *unshareHandler) deallocateResources(senv *store.Environment, ssvc *store.Service, svcName, svcZId string, edge *rest_management_api_client.ZitiEdgeManagement) error {
if err := deleteServiceEdgeRouterPolicy(senv.ZId, svcName, edge); err != nil {
func (h *unshareHandler) deallocateResources(senv *store.Environment, ssvc *store.Service, svcToken, svcZId string, edge *rest_management_api_client.ZitiEdgeManagement) error {
if err := deleteServiceEdgeRouterPolicy(senv.ZId, svcToken, edge); err != nil {
return err
}
if err := deleteServicePolicyDial(senv.ZId, svcName, edge); err != nil {
if err := deleteServicePolicyDial(senv.ZId, svcToken, edge); err != nil {
return err
}
if err := deleteServicePolicyBind(senv.ZId, svcName, edge); err != nil {
if err := deleteServicePolicyBind(senv.ZId, svcToken, edge); err != nil {
return err
}
if err := deleteConfig(senv.ZId, svcName, edge); err != nil {
if err := deleteConfig(senv.ZId, svcToken, edge); err != nil {
return err
}
if err := deleteService(senv.ZId, svcZId, edge); err != nil {

2
controller/util.go
View File

@ -80,5 +80,5 @@ func realRemoteAddress(req *http.Request) string {
}
func proxyUrl(svcName string) string {
return strings.Replace(cfg.Proxy.UrlTemplate, "{svcName}", svcName, -1)
return strings.Replace(cfg.Proxy.UrlTemplate, "{svcToken}", svcName, -1)
}

2
etc/ctrl.yml
View File

@ -9,7 +9,7 @@ endpoint:
port: 18080
proxy:
url_template: "https://{svcName}.in.zrok.io/"
url_template: "https://{svcToken}.in.zrok.io/"
identities:
- "e6gMfeD4y"