mirror of
https://github.com/openziti/zrok.git
synced 2024-12-25 08:09:09 +01:00
massive name -> token work (#119)
This commit is contained in:
parent
f54d315e34
commit
483babe813
@ -51,7 +51,7 @@ func (h *accessHandler) Handle(params service.AccessParams, principal *rest_mode
|
||||
}
|
||||
|
||||
svcName := params.Body.SvcName
|
||||
ssvc, err := str.FindServiceWithName(svcName, tx)
|
||||
ssvc, err := str.FindServiceWithToken(svcName, tx)
|
||||
if err != nil {
|
||||
logrus.Errorf("error finding service")
|
||||
return service.NewAccessNotFound()
|
||||
@ -81,7 +81,7 @@ func (h *accessHandler) Handle(params service.AccessParams, principal *rest_mode
|
||||
"zrokEnvironmentZId": envZId,
|
||||
"zrokFrontendToken": feToken,
|
||||
}}
|
||||
if err := createServicePolicyDialForEnvironment(envZId, ssvc.Name, ssvc.ZId, edge, extraTags); err != nil {
|
||||
if err := createServicePolicyDialForEnvironment(envZId, ssvc.Token, ssvc.ZId, edge, extraTags); err != nil {
|
||||
logrus.Errorf("unable to create dial policy: %v", err)
|
||||
return service.NewAccessInternalServerError()
|
||||
}
|
||||
@ -94,8 +94,8 @@ func (h *accessHandler) Handle(params service.AccessParams, principal *rest_mode
|
||||
return service.NewAccessCreated().WithPayload(&rest_model_zrok.AccessResponse{FrontendName: feToken})
|
||||
}
|
||||
|
||||
func createServicePolicyDialForEnvironment(envZId, svcName, svcZId string, edge *rest_management_api_client.ZitiEdgeManagement, tags ...*rest_model.Tags) error {
|
||||
allTags := zrokTags(svcName)
|
||||
func createServicePolicyDialForEnvironment(envZId, svcToken, svcZId string, edge *rest_management_api_client.ZitiEdgeManagement, tags ...*rest_model.Tags) error {
|
||||
allTags := zrokTags(svcToken)
|
||||
for _, t := range tags {
|
||||
for k, v := range t.SubTags {
|
||||
allTags.SubTags[k] = v
|
||||
@ -103,7 +103,7 @@ func createServicePolicyDialForEnvironment(envZId, svcName, svcZId string, edge
|
||||
}
|
||||
|
||||
identityRoles := []string{"@" + envZId}
|
||||
name := fmt.Sprintf("%v-%v-dial", envZId, svcName)
|
||||
name := fmt.Sprintf("%v-%v-dial", envZId, svcToken)
|
||||
var postureCheckRoles []string
|
||||
semantic := rest_model.SemanticAllOf
|
||||
serviceRoles := []string{fmt.Sprintf("@%v", svcZId)}
|
||||
|
@ -47,7 +47,7 @@ func (h *disableHandler) Handle(params environment.DisableParams, principal *res
|
||||
logrus.Errorf("error removing environment: %v", err)
|
||||
return environment.NewDisableInternalServerError()
|
||||
}
|
||||
if err := deleteEdgeRouterPolicy(env.ZId, params.Body.Identity, edge); err != nil {
|
||||
if err := deleteEdgeRouterPolicy(env.ZId, edge); err != nil {
|
||||
logrus.Errorf("error deleting edge router policy: %v", err)
|
||||
return environment.NewDisableInternalServerError()
|
||||
}
|
||||
@ -84,24 +84,24 @@ func (h *disableHandler) removeServicesForEnvironment(envId int, tx *sqlx.Tx, ed
|
||||
return err
|
||||
}
|
||||
for _, svc := range svcs {
|
||||
svcName := svc.Name
|
||||
logrus.Infof("garbage collecting service '%v' for environment '%v'", svcName, env.ZId)
|
||||
if err := deleteServiceEdgeRouterPolicy(env.ZId, svcName, edge); err != nil {
|
||||
svcToken := svc.Token
|
||||
logrus.Infof("garbage collecting service '%v' for environment '%v'", svcToken, env.ZId)
|
||||
if err := deleteServiceEdgeRouterPolicy(env.ZId, svcToken, edge); err != nil {
|
||||
logrus.Error(err)
|
||||
}
|
||||
if err := deleteServicePolicyDial(env.ZId, svcName, edge); err != nil {
|
||||
if err := deleteServicePolicyDial(env.ZId, svcToken, edge); err != nil {
|
||||
logrus.Error(err)
|
||||
}
|
||||
if err := deleteServicePolicyBind(env.ZId, svcName, edge); err != nil {
|
||||
if err := deleteServicePolicyBind(env.ZId, svcToken, edge); err != nil {
|
||||
logrus.Error(err)
|
||||
}
|
||||
if err := deleteConfig(env.ZId, svcName, edge); err != nil {
|
||||
if err := deleteConfig(env.ZId, svcToken, edge); err != nil {
|
||||
logrus.Error(err)
|
||||
}
|
||||
if err := deleteService(env.ZId, svc.ZId, edge); err != nil {
|
||||
logrus.Error(err)
|
||||
}
|
||||
logrus.Infof("removed service '%v' for environment '%v'", svc.Name, env.ZId)
|
||||
logrus.Infof("removed service '%v' for environment '%v'", svc.Token, env.ZId)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
@ -18,16 +18,16 @@ import (
|
||||
"time"
|
||||
)
|
||||
|
||||
func createServiceEdgeRouterPolicy(envZId, svcName, svcZId string, edge *rest_management_api_client.ZitiEdgeManagement) error {
|
||||
func createServiceEdgeRouterPolicy(envZId, svcToken, svcZId string, edge *rest_management_api_client.ZitiEdgeManagement) error {
|
||||
edgeRouterRoles := []string{"#all"}
|
||||
semantic := rest_model.SemanticAllOf
|
||||
serviceRoles := []string{fmt.Sprintf("@%v", svcZId)}
|
||||
serp := &rest_model.ServiceEdgeRouterPolicyCreate{
|
||||
EdgeRouterRoles: edgeRouterRoles,
|
||||
Name: &svcName,
|
||||
Name: &svcToken,
|
||||
Semantic: &semantic,
|
||||
ServiceRoles: serviceRoles,
|
||||
Tags: zrokTags(svcName),
|
||||
Tags: zrokTags(svcToken),
|
||||
}
|
||||
serpParams := &service_edge_router_policy.CreateServiceEdgeRouterPolicyParams{
|
||||
Policy: serp,
|
||||
@ -42,8 +42,8 @@ func createServiceEdgeRouterPolicy(envZId, svcName, svcZId string, edge *rest_ma
|
||||
return nil
|
||||
}
|
||||
|
||||
func deleteServiceEdgeRouterPolicy(envZId, svcName string, edge *rest_management_api_client.ZitiEdgeManagement) error {
|
||||
filter := fmt.Sprintf("tags.zrokServiceName=\"%v\"", svcName)
|
||||
func deleteServiceEdgeRouterPolicy(envZId, svcToken string, edge *rest_management_api_client.ZitiEdgeManagement) error {
|
||||
filter := fmt.Sprintf("tags.zrokServiceToken=\"%v\"", svcToken)
|
||||
limit := int64(1)
|
||||
offset := int64(0)
|
||||
listReq := &service_edge_router_policy.ListServiceEdgeRouterPoliciesParams{
|
||||
@ -75,10 +75,10 @@ func deleteServiceEdgeRouterPolicy(envZId, svcName string, edge *rest_management
|
||||
return nil
|
||||
}
|
||||
|
||||
func createServicePolicyBind(envZId, svcName, svcZId string, edge *rest_management_api_client.ZitiEdgeManagement) error {
|
||||
func createServicePolicyBind(envZId, svcToken, svcZId string, edge *rest_management_api_client.ZitiEdgeManagement) error {
|
||||
semantic := rest_model.SemanticAllOf
|
||||
identityRoles := []string{fmt.Sprintf("@%v", envZId)}
|
||||
name := fmt.Sprintf("%v-backend", svcName)
|
||||
name := fmt.Sprintf("%v-backend", svcToken)
|
||||
var postureCheckRoles []string
|
||||
serviceRoles := []string{fmt.Sprintf("@%v", svcZId)}
|
||||
dialBind := rest_model.DialBindBind
|
||||
@ -89,7 +89,7 @@ func createServicePolicyBind(envZId, svcName, svcZId string, edge *rest_manageme
|
||||
Semantic: &semantic,
|
||||
ServiceRoles: serviceRoles,
|
||||
Type: &dialBind,
|
||||
Tags: zrokTags(svcName),
|
||||
Tags: zrokTags(svcToken),
|
||||
}
|
||||
req := &service_policy.CreateServicePolicyParams{
|
||||
Policy: svcp,
|
||||
@ -104,13 +104,13 @@ func createServicePolicyBind(envZId, svcName, svcZId string, edge *rest_manageme
|
||||
return nil
|
||||
}
|
||||
|
||||
func deleteServicePolicyBind(envZId, svcName string, edge *rest_management_api_client.ZitiEdgeManagement) error {
|
||||
func deleteServicePolicyBind(envZId, svcToken string, edge *rest_management_api_client.ZitiEdgeManagement) error {
|
||||
// type=2 == "Bind"
|
||||
return deleteServicePolicy(envZId, fmt.Sprintf("tags.zrokServiceName=\"%v\" and type=2", svcName), edge)
|
||||
return deleteServicePolicy(envZId, fmt.Sprintf("tags.zrokServiceToken=\"%v\" and type=2", svcToken), edge)
|
||||
}
|
||||
|
||||
func createServicePolicyDial(envZId, svcName, svcZId string, edge *rest_management_api_client.ZitiEdgeManagement, tags ...*rest_model.Tags) error {
|
||||
allTags := zrokTags(svcName)
|
||||
func createServicePolicyDial(envZId, svcToken, svcZId string, edge *rest_management_api_client.ZitiEdgeManagement, tags ...*rest_model.Tags) error {
|
||||
allTags := zrokTags(svcToken)
|
||||
for _, t := range tags {
|
||||
for k, v := range t.SubTags {
|
||||
allTags.SubTags[k] = v
|
||||
@ -122,7 +122,7 @@ func createServicePolicyDial(envZId, svcName, svcZId string, edge *rest_manageme
|
||||
identityRoles = append(identityRoles, "@"+proxyIdentity)
|
||||
logrus.Infof("added proxy identity role '%v'", proxyIdentity)
|
||||
}
|
||||
name := fmt.Sprintf("%v-dial", svcName)
|
||||
name := fmt.Sprintf("%v-dial", svcToken)
|
||||
var postureCheckRoles []string
|
||||
semantic := rest_model.SemanticAllOf
|
||||
serviceRoles := []string{fmt.Sprintf("@%v", svcZId)}
|
||||
@ -149,9 +149,9 @@ func createServicePolicyDial(envZId, svcName, svcZId string, edge *rest_manageme
|
||||
return nil
|
||||
}
|
||||
|
||||
func deleteServicePolicyDial(envZId, svcName string, edge *rest_management_api_client.ZitiEdgeManagement) error {
|
||||
func deleteServicePolicyDial(envZId, svcToken string, edge *rest_management_api_client.ZitiEdgeManagement) error {
|
||||
// type=1 == "Dial"
|
||||
return deleteServicePolicy(envZId, fmt.Sprintf("tags.zrokServiceName=\"%v\" and type=1", svcName), edge)
|
||||
return deleteServicePolicy(envZId, fmt.Sprintf("tags.zrokServiceToken=\"%v\" and type=1", svcToken), edge)
|
||||
}
|
||||
|
||||
func deleteServicePolicy(envZId, filter string, edge *rest_management_api_client.ZitiEdgeManagement) error {
|
||||
@ -186,7 +186,7 @@ func deleteServicePolicy(envZId, filter string, edge *rest_management_api_client
|
||||
return nil
|
||||
}
|
||||
|
||||
func createConfig(envZId, svcName string, authSchemeStr string, authUsers []*model.AuthUser, edge *rest_management_api_client.ZitiEdgeManagement) (cfgID string, err error) {
|
||||
func createConfig(envZId, svcToken string, authSchemeStr string, authUsers []*model.AuthUser, edge *rest_management_api_client.ZitiEdgeManagement) (cfgID string, err error) {
|
||||
authScheme, err := model.ParseAuthScheme(authSchemeStr)
|
||||
if err != nil {
|
||||
return "", err
|
||||
@ -203,8 +203,8 @@ func createConfig(envZId, svcName string, authSchemeStr string, authUsers []*mod
|
||||
cfgCrt := &rest_model.ConfigCreate{
|
||||
ConfigTypeID: &zrokProxyConfigId,
|
||||
Data: cfg,
|
||||
Name: &svcName,
|
||||
Tags: zrokTags(svcName),
|
||||
Name: &svcToken,
|
||||
Tags: zrokTags(svcToken),
|
||||
}
|
||||
cfgReq := &config.CreateConfigParams{
|
||||
Config: cfgCrt,
|
||||
@ -219,8 +219,8 @@ func createConfig(envZId, svcName string, authSchemeStr string, authUsers []*mod
|
||||
return cfgResp.Payload.Data.ID, nil
|
||||
}
|
||||
|
||||
func deleteConfig(envZId, svcName string, edge *rest_management_api_client.ZitiEdgeManagement) error {
|
||||
filter := fmt.Sprintf("tags.zrokServiceName=\"%v\"", svcName)
|
||||
func deleteConfig(envZId, svcToken string, edge *rest_management_api_client.ZitiEdgeManagement) error {
|
||||
filter := fmt.Sprintf("tags.zrokServiceToken=\"%v\"", svcToken)
|
||||
limit := int64(0)
|
||||
offset := int64(0)
|
||||
listReq := &config.ListConfigsParams{
|
||||
@ -249,14 +249,14 @@ func deleteConfig(envZId, svcName string, edge *rest_management_api_client.ZitiE
|
||||
return nil
|
||||
}
|
||||
|
||||
func createService(envZId, svcName, cfgId string, edge *rest_management_api_client.ZitiEdgeManagement) (serviceId string, err error) {
|
||||
func createService(envZId, svcToken, cfgId string, edge *rest_management_api_client.ZitiEdgeManagement) (serviceId string, err error) {
|
||||
configs := []string{cfgId}
|
||||
encryptionRequired := true
|
||||
svc := &rest_model.ServiceCreate{
|
||||
Configs: configs,
|
||||
EncryptionRequired: &encryptionRequired,
|
||||
Name: &svcName,
|
||||
Tags: zrokTags(svcName),
|
||||
Name: &svcToken,
|
||||
Tags: zrokTags(svcToken),
|
||||
}
|
||||
req := &edge_service.CreateServiceParams{
|
||||
Service: svc,
|
||||
@ -267,13 +267,13 @@ func createService(envZId, svcName, cfgId string, edge *rest_management_api_clie
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
logrus.Infof("created zrok service named '%v' (with ziti id '%v') for environment '%v'", svcName, resp.Payload.Data.ID, envZId)
|
||||
logrus.Infof("created zrok service named '%v' (with ziti id '%v') for environment '%v'", svcToken, resp.Payload.Data.ID, envZId)
|
||||
return resp.Payload.Data.ID, nil
|
||||
}
|
||||
|
||||
func deleteService(envZId, svcId string, edge *rest_management_api_client.ZitiEdgeManagement) error {
|
||||
func deleteService(envZId, svcZId string, edge *rest_management_api_client.ZitiEdgeManagement) error {
|
||||
req := &service.DeleteServiceParams{
|
||||
ID: svcId,
|
||||
ID: svcZId,
|
||||
Context: context.Background(),
|
||||
}
|
||||
req.SetTimeout(30 * time.Second)
|
||||
@ -281,12 +281,12 @@ func deleteService(envZId, svcId string, edge *rest_management_api_client.ZitiEd
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
logrus.Infof("deleted service '%v' for environment '%v'", svcId, envZId)
|
||||
logrus.Infof("deleted service '%v' for environment '%v'", svcZId, envZId)
|
||||
return nil
|
||||
}
|
||||
|
||||
func deleteEdgeRouterPolicy(envZId, id string, edge *rest_management_api_client.ZitiEdgeManagement) error {
|
||||
filter := fmt.Sprintf("name=\"%v\"", id)
|
||||
func deleteEdgeRouterPolicy(envZId string, edge *rest_management_api_client.ZitiEdgeManagement) error {
|
||||
filter := fmt.Sprintf("name=\"%v\"", envZId)
|
||||
limit := int64(0)
|
||||
offset := int64(0)
|
||||
listReq := &edge_router_policy.ListEdgeRouterPoliciesParams{
|
||||
@ -331,11 +331,11 @@ func deleteIdentity(id string, edge *rest_management_api_client.ZitiEdgeManageme
|
||||
return nil
|
||||
}
|
||||
|
||||
func zrokTags(svcName string) *rest_model.Tags {
|
||||
func zrokTags(svcToken string) *rest_model.Tags {
|
||||
return &rest_model.Tags{
|
||||
SubTags: map[string]interface{}{
|
||||
"zrok": build.String(),
|
||||
"zrokServiceName": svcName,
|
||||
"zrok": build.String(),
|
||||
"zrokServiceToken": svcToken,
|
||||
},
|
||||
}
|
||||
}
|
||||
|
@ -42,7 +42,7 @@ func GC(inCfg *Config) error {
|
||||
}
|
||||
liveMap := make(map[string]struct{})
|
||||
for _, dbSvc := range dbSvcs {
|
||||
liveMap[dbSvc.Name] = struct{}{}
|
||||
liveMap[dbSvc.Token] = struct{}{}
|
||||
}
|
||||
if err := gcServices(edge, liveMap); err != nil {
|
||||
return errors.Wrap(err, "error garbage collecting services")
|
||||
|
@ -59,8 +59,8 @@ func overviewHandler(_ metadata.OverviewParams, principal *rest_model_zrok.Princ
|
||||
Backend: be,
|
||||
UpdatedAt: svc.UpdatedAt.UnixMilli(),
|
||||
ZID: svc.ZId,
|
||||
Name: svc.Name,
|
||||
Metrics: sparkData[svc.Name],
|
||||
Name: svc.Token,
|
||||
Metrics: sparkData[svc.Token],
|
||||
})
|
||||
}
|
||||
out = append(out, es)
|
||||
@ -89,10 +89,10 @@ func sparkDataForServices(svcs []*store.Service) (map[string][]int64, error) {
|
||||
if writeRate != nil {
|
||||
combinedRate += writeRate.(int64)
|
||||
}
|
||||
svcName := result.Record().ValueByKey("service").(string)
|
||||
svcMetrics := out[svcName]
|
||||
svcToken := result.Record().ValueByKey("service").(string)
|
||||
svcMetrics := out[svcToken]
|
||||
svcMetrics = append(svcMetrics, combinedRate)
|
||||
out[svcName] = svcMetrics
|
||||
out[svcToken] = svcMetrics
|
||||
}
|
||||
}
|
||||
return out, nil
|
||||
@ -104,7 +104,7 @@ func sparkFluxQuery(svcs []*store.Service) string {
|
||||
if i > 0 {
|
||||
svcFilter += " or"
|
||||
}
|
||||
svcFilter += fmt.Sprintf(" r[\"service\"] == \"%v\"", svc.Name)
|
||||
svcFilter += fmt.Sprintf(" r[\"service\"] == \"%v\"", svc.Token)
|
||||
}
|
||||
svcFilter += ")"
|
||||
query := "read = from(bucket: \"zrok\")" +
|
||||
|
@ -80,7 +80,7 @@ func (h *shareHandler) Handle(params service.ShareParams, principal *rest_model_
|
||||
|
||||
sid, err := str.CreateService(envId, &store.Service{
|
||||
ZId: svcZId,
|
||||
Name: svcToken,
|
||||
Token: svcToken,
|
||||
ShareMode: params.Body.ShareMode,
|
||||
BackendMode: params.Body.BackendMode,
|
||||
FrontendEndpoint: &frontendEndpoints[0],
|
||||
|
@ -12,28 +12,28 @@ func newPrivateResourceAllocator() *privateResourceAllocator {
|
||||
return &privateResourceAllocator{}
|
||||
}
|
||||
|
||||
func (a *privateResourceAllocator) allocate(envZId, svcName string, params service.ShareParams, edge *rest_management_api_client.ZitiEdgeManagement) (svcZId string, frontendEndpoints []string, err error) {
|
||||
func (a *privateResourceAllocator) allocate(envZId, svcToken string, params service.ShareParams, edge *rest_management_api_client.ZitiEdgeManagement) (svcZId string, frontendEndpoints []string, err error) {
|
||||
var authUsers []*model.AuthUser
|
||||
for _, authUser := range params.Body.AuthUsers {
|
||||
authUsers = append(authUsers, &model.AuthUser{authUser.Username, authUser.Password})
|
||||
}
|
||||
cfgId, err := createConfig(envZId, svcName, params.Body.AuthScheme, authUsers, edge)
|
||||
cfgId, err := createConfig(envZId, svcToken, params.Body.AuthScheme, authUsers, edge)
|
||||
if err != nil {
|
||||
return "", nil, err
|
||||
}
|
||||
|
||||
svcZId, err = createService(envZId, svcName, cfgId, edge)
|
||||
svcZId, err = createService(envZId, svcToken, cfgId, edge)
|
||||
if err != nil {
|
||||
return "", nil, err
|
||||
}
|
||||
|
||||
if err := createServicePolicyBind(envZId, svcName, svcZId, edge); err != nil {
|
||||
if err := createServicePolicyBind(envZId, svcToken, svcZId, edge); err != nil {
|
||||
return "", nil, err
|
||||
}
|
||||
|
||||
if err := createServiceEdgeRouterPolicy(envZId, svcName, svcZId, edge); err != nil {
|
||||
if err := createServiceEdgeRouterPolicy(envZId, svcToken, svcZId, edge); err != nil {
|
||||
return "", nil, err
|
||||
}
|
||||
|
||||
return svcZId, []string{proxyUrl(svcName)}, nil
|
||||
return svcZId, []string{proxyUrl(svcToken)}, nil
|
||||
}
|
||||
|
@ -12,32 +12,32 @@ func newPublicResourceAllocator() *publicResourceAllocator {
|
||||
return &publicResourceAllocator{}
|
||||
}
|
||||
|
||||
func (a *publicResourceAllocator) allocate(envZId, svcName string, params service.ShareParams, edge *rest_management_api_client.ZitiEdgeManagement) (svcZId string, frontendEndpoints []string, err error) {
|
||||
func (a *publicResourceAllocator) allocate(envZId, svcToken string, params service.ShareParams, edge *rest_management_api_client.ZitiEdgeManagement) (svcZId string, frontendEndpoints []string, err error) {
|
||||
var authUsers []*model.AuthUser
|
||||
for _, authUser := range params.Body.AuthUsers {
|
||||
authUsers = append(authUsers, &model.AuthUser{authUser.Username, authUser.Password})
|
||||
}
|
||||
cfgId, err := createConfig(envZId, svcName, params.Body.AuthScheme, authUsers, edge)
|
||||
cfgId, err := createConfig(envZId, svcToken, params.Body.AuthScheme, authUsers, edge)
|
||||
if err != nil {
|
||||
return "", nil, err
|
||||
}
|
||||
|
||||
svcZId, err = createService(envZId, svcName, cfgId, edge)
|
||||
svcZId, err = createService(envZId, svcToken, cfgId, edge)
|
||||
if err != nil {
|
||||
return "", nil, err
|
||||
}
|
||||
|
||||
if err := createServicePolicyBind(envZId, svcName, svcZId, edge); err != nil {
|
||||
if err := createServicePolicyBind(envZId, svcToken, svcZId, edge); err != nil {
|
||||
return "", nil, err
|
||||
}
|
||||
|
||||
if err := createServicePolicyDial(envZId, svcName, svcZId, edge); err != nil {
|
||||
if err := createServicePolicyDial(envZId, svcToken, svcZId, edge); err != nil {
|
||||
return "", nil, err
|
||||
}
|
||||
|
||||
if err := createServiceEdgeRouterPolicy(envZId, svcName, svcZId, edge); err != nil {
|
||||
if err := createServiceEdgeRouterPolicy(envZId, svcToken, svcZId, edge); err != nil {
|
||||
return "", nil, err
|
||||
}
|
||||
|
||||
return svcZId, []string{proxyUrl(svcName)}, nil
|
||||
return svcZId, []string{proxyUrl(svcToken)}, nil
|
||||
}
|
||||
|
@ -9,7 +9,7 @@ type Service struct {
|
||||
Model
|
||||
EnvironmentId int
|
||||
ZId string
|
||||
Name string
|
||||
Token string
|
||||
ShareMode string
|
||||
BackendMode string
|
||||
FrontendSelection *string
|
||||
@ -19,12 +19,12 @@ type Service struct {
|
||||
}
|
||||
|
||||
func (self *Store) CreateService(envId int, svc *Service, tx *sqlx.Tx) (int, error) {
|
||||
stmt, err := tx.Prepare("insert into services (environment_id, z_id, name, share_mode, backend_mode, frontend_selection, frontend_endpoint, backend_proxy_endpoint, reserved) values ($1, $2, $3, $4, $5, $6, $7, $8, $9) returning id")
|
||||
stmt, err := tx.Prepare("insert into services (environment_id, z_id, token, share_mode, backend_mode, frontend_selection, frontend_endpoint, backend_proxy_endpoint, reserved) values ($1, $2, $3, $4, $5, $6, $7, $8, $9) returning id")
|
||||
if err != nil {
|
||||
return 0, errors.Wrap(err, "error preparing services insert statement")
|
||||
}
|
||||
var id int
|
||||
if err := stmt.QueryRow(envId, svc.ZId, svc.Name, svc.ShareMode, svc.BackendMode, svc.FrontendSelection, svc.FrontendEndpoint, svc.BackendProxyEndpoint, svc.Reserved).Scan(&id); err != nil {
|
||||
if err := stmt.QueryRow(envId, svc.ZId, svc.Token, svc.ShareMode, svc.BackendMode, svc.FrontendSelection, svc.FrontendEndpoint, svc.BackendProxyEndpoint, svc.Reserved).Scan(&id); err != nil {
|
||||
return 0, errors.Wrap(err, "error executing services insert statement")
|
||||
}
|
||||
return id, nil
|
||||
@ -54,9 +54,9 @@ func (self *Store) GetAllServices(tx *sqlx.Tx) ([]*Service, error) {
|
||||
return svcs, nil
|
||||
}
|
||||
|
||||
func (self *Store) FindServiceWithName(svcName string, tx *sqlx.Tx) (*Service, error) {
|
||||
func (self *Store) FindServiceWithToken(svcToken string, tx *sqlx.Tx) (*Service, error) {
|
||||
svc := &Service{}
|
||||
if err := tx.QueryRowx("select * from services where name = $1", svcName).StructScan(svc); err != nil {
|
||||
if err := tx.QueryRowx("select * from services where token = $1", svcToken).StructScan(svc); err != nil {
|
||||
return nil, errors.Wrap(err, "error selecting service by name")
|
||||
}
|
||||
return svc, nil
|
||||
@ -79,12 +79,12 @@ func (self *Store) FindServicesForEnvironment(envId int, tx *sqlx.Tx) ([]*Servic
|
||||
}
|
||||
|
||||
func (self *Store) UpdateService(svc *Service, tx *sqlx.Tx) error {
|
||||
sql := "update services set z_id = $1, name = $2, share_mode = $3, backend_mode = $4, frontend_selection = $5, frontend_endpoint = $6, backend_proxy_endpoint = $7, reserved = $8, updated_at = strftime('%Y-%m-%d %H:%M:%f', 'now') where id = $9"
|
||||
sql := "update services set z_id = $1, token = $2, share_mode = $3, backend_mode = $4, frontend_selection = $5, frontend_endpoint = $6, backend_proxy_endpoint = $7, reserved = $8, updated_at = strftime('%Y-%m-%d %H:%M:%f', 'now') where id = $9"
|
||||
stmt, err := tx.Prepare(sql)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "error preparing services update statement")
|
||||
}
|
||||
_, err = stmt.Exec(svc.ZId, svc.Name, svc.ShareMode, svc.BackendMode, svc.FrontendSelection, svc.FrontendEndpoint, svc.BackendProxyEndpoint, svc.Reserved, svc.Id)
|
||||
_, err = stmt.Exec(svc.ZId, svc.Token, svc.ShareMode, svc.BackendMode, svc.FrontendSelection, svc.FrontendEndpoint, svc.BackendProxyEndpoint, svc.Reserved, svc.Id)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "error executing services update statement")
|
||||
}
|
||||
|
@ -16,6 +16,7 @@ alter table services
|
||||
|
||||
alter table services rename frontend to frontend_endpoint;
|
||||
alter table services rename backend to backend_proxy_endpoint;
|
||||
alter table services rename name to token;
|
||||
|
||||
alter table services rename to services_old;
|
||||
|
||||
@ -23,7 +24,7 @@ create table services (
|
||||
id serial primary key,
|
||||
environment_id integer not null references environments(id),
|
||||
z_id varchar(32) not null unique,
|
||||
name varchar(32) not null unique,
|
||||
token varchar(32) not null unique,
|
||||
share_mode share_mode not null,
|
||||
backend_mode backend_mode not null,
|
||||
frontend_selection varchar(64),
|
||||
@ -37,7 +38,7 @@ create table services (
|
||||
constraint chk_name check (name <> '')
|
||||
);
|
||||
|
||||
insert into services (id, environment_id, z_id, name, share_mode, backend_mode, frontend_selection, frontend_endpoint, backend_proxy_endpoint, created_at, updated_at)
|
||||
select id, environment_id, z_id, name, share_mode, backend_mode, frontend_selection, frontend_endpoint, backend_proxy_endpoint, created_at, updated_at from services_old;
|
||||
insert into services (id, environment_id, z_id, token, share_mode, backend_mode, frontend_selection, frontend_endpoint, backend_proxy_endpoint, created_at, updated_at)
|
||||
select id, environment_id, z_id, token, share_mode, backend_mode, frontend_selection, frontend_endpoint, backend_proxy_endpoint, created_at, updated_at from services_old;
|
||||
|
||||
drop table services_old;
|
@ -4,6 +4,7 @@ alter table services add column frontend_selection string;
|
||||
alter table services add column share_mode string not null default 'public';
|
||||
alter table services add column backend_mode string not null default 'proxy';
|
||||
alter table services add column reserved boolean not null default false;
|
||||
alter table services rename column name to token;
|
||||
|
||||
alter table services rename to services_old;
|
||||
|
||||
@ -11,7 +12,7 @@ create table services (
|
||||
id integer primary key,
|
||||
environment_id integer constraint fk_environments_services references environments on delete cascade,
|
||||
z_id string not null unique,
|
||||
name string not null unique,
|
||||
token string not null unique,
|
||||
share_mode string not null,
|
||||
backend_mode string not null,
|
||||
frontend_selection string,
|
||||
@ -22,12 +23,12 @@ create table services (
|
||||
updated_at datetime not null default(strftime('%Y-%m-%d %H:%M:%f', 'now')),
|
||||
|
||||
constraint chk_z_id check (z_id <> ''),
|
||||
constraint chk_name check (name <> ''),
|
||||
constraint chk_token check (token <> ''),
|
||||
constraint chk_share_mode check (share_mode == 'public' or share_mode == 'private'),
|
||||
constraint chk_backend_mode check (backend_mode == 'proxy' or backend_mode == 'web' or backend_mode == 'dav')
|
||||
);
|
||||
|
||||
insert into services (id, environment_id, z_id, name, share_mode, backend_mode, frontend_selection, frontend_endpoint, backend_proxy_endpoint, created_at, updated_at)
|
||||
select id, environment_id, z_id, name, share_mode, backend_mode, frontend_selection, frontend, backend, created_at, updated_at from services_old;
|
||||
insert into services (id, environment_id, z_id, token, share_mode, backend_mode, frontend_selection, frontend_endpoint, backend_proxy_endpoint, created_at, updated_at)
|
||||
select id, environment_id, z_id, token, share_mode, backend_mode, frontend_selection, frontend, backend, created_at, updated_at from services_old;
|
||||
|
||||
drop table services_old;
|
||||
|
@ -17,10 +17,10 @@ func newUnaccessHandler() *unaccessHandler {
|
||||
}
|
||||
|
||||
func (h *unaccessHandler) Handle(params service.UnaccessParams, principal *rest_model_zrok.Principal) middleware.Responder {
|
||||
frontendName := params.Body.FrontendName
|
||||
svcName := params.Body.SvcName
|
||||
feToken := params.Body.FrontendName
|
||||
svcToken := params.Body.SvcName
|
||||
envZId := params.Body.ZID
|
||||
logrus.Infof("processing unaccess request for frontend '%v' (service '%v', environment '%v')", frontendName, svcName, envZId)
|
||||
logrus.Infof("processing unaccess request for frontend '%v' (service '%v', environment '%v')", feToken, svcToken, envZId)
|
||||
|
||||
tx, err := str.Begin()
|
||||
if err != nil {
|
||||
@ -53,29 +53,29 @@ func (h *unaccessHandler) Handle(params service.UnaccessParams, principal *rest_
|
||||
return service.NewUnaccessUnauthorized()
|
||||
}
|
||||
|
||||
sfe, err := str.FindFrontendNamed(frontendName, tx)
|
||||
sfe, err := str.FindFrontendNamed(feToken, tx)
|
||||
if err != nil {
|
||||
logrus.Error(err)
|
||||
return service.NewUnaccessInternalServerError()
|
||||
}
|
||||
|
||||
if sfe == nil || sfe.EnvironmentId != senv.Id {
|
||||
logrus.Errorf("frontend named '%v' not found", frontendName)
|
||||
logrus.Errorf("frontend named '%v' not found", feToken)
|
||||
return service.NewUnaccessInternalServerError()
|
||||
}
|
||||
|
||||
if err := str.DeleteFrontend(sfe.Id, tx); err != nil {
|
||||
logrus.Errorf("error deleting frontend named '%v': %v", frontendName, err)
|
||||
logrus.Errorf("error deleting frontend named '%v': %v", feToken, err)
|
||||
return service.NewUnaccessNotFound()
|
||||
}
|
||||
|
||||
if err := deleteServicePolicy(envZId, fmt.Sprintf("tags.zrokServiceName=\"%v\" and tags.zrokFrontendToken=\"%v\" and type=1", svcName, frontendName), edge); err != nil {
|
||||
logrus.Errorf("error removing access to '%v' for '%v': %v", svcName, envZId, err)
|
||||
if err := deleteServicePolicy(envZId, fmt.Sprintf("tags.zrokServiceToken=\"%v\" and tags.zrokFrontendToken=\"%v\" and type=1", svcToken, feToken), edge); err != nil {
|
||||
logrus.Errorf("error removing access to '%v' for '%v': %v", svcToken, envZId, err)
|
||||
return service.NewUnaccessInternalServerError()
|
||||
}
|
||||
|
||||
if err := tx.Commit(); err != nil {
|
||||
logrus.Errorf("error committing frontend '%v' delete: %v", frontendName, err)
|
||||
logrus.Errorf("error committing frontend '%v' delete: %v", feToken, err)
|
||||
return service.NewUnaccessInternalServerError()
|
||||
}
|
||||
|
||||
|
@ -33,8 +33,8 @@ func (h *unshareHandler) Handle(params service.UnshareParams, principal *rest_mo
|
||||
logrus.Error(err)
|
||||
return service.NewUnshareInternalServerError()
|
||||
}
|
||||
svcName := params.Body.SvcName
|
||||
svcZId, err := h.findServiceZId(svcName, edge)
|
||||
svcToken := params.Body.SvcName
|
||||
svcZId, err := h.findServiceZId(svcToken, edge)
|
||||
if err != nil {
|
||||
logrus.Error(err)
|
||||
return service.NewUnshareInternalServerError()
|
||||
@ -77,12 +77,12 @@ func (h *unshareHandler) Handle(params service.UnshareParams, principal *rest_mo
|
||||
|
||||
if !ssvc.Reserved {
|
||||
// single tag-based service deallocator; should work regardless of sharing mode
|
||||
if err := h.deallocateResources(senv, ssvc, svcName, svcZId, edge); err != nil {
|
||||
if err := h.deallocateResources(senv, ssvc, svcToken, svcZId, edge); err != nil {
|
||||
logrus.Errorf("error unsharing ziti resources for '%v': %v", ssvc, err)
|
||||
return service.NewUnshareInternalServerError()
|
||||
}
|
||||
|
||||
logrus.Debugf("deallocated service '%v'", svcName)
|
||||
logrus.Debugf("deallocated service '%v'", svcToken)
|
||||
|
||||
if err := str.DeleteService(ssvc.Id, tx); err != nil {
|
||||
logrus.Errorf("error deactivating service '%v': %v", svcZId, err)
|
||||
@ -94,14 +94,14 @@ func (h *unshareHandler) Handle(params service.UnshareParams, principal *rest_mo
|
||||
}
|
||||
|
||||
} else {
|
||||
logrus.Infof("service '%v' is reserved, skipping deallocation", svcName)
|
||||
logrus.Infof("service '%v' is reserved, skipping deallocation", svcToken)
|
||||
}
|
||||
|
||||
return service.NewUnshareOK()
|
||||
}
|
||||
|
||||
func (h *unshareHandler) findServiceZId(svcName string, edge *rest_management_api_client.ZitiEdgeManagement) (string, error) {
|
||||
filter := fmt.Sprintf("name=\"%v\"", svcName)
|
||||
func (h *unshareHandler) findServiceZId(svcToken string, edge *rest_management_api_client.ZitiEdgeManagement) (string, error) {
|
||||
filter := fmt.Sprintf("name=\"%v\"", svcToken)
|
||||
limit := int64(1)
|
||||
offset := int64(0)
|
||||
listReq := &edge_service.ListServicesParams{
|
||||
@ -118,20 +118,20 @@ func (h *unshareHandler) findServiceZId(svcName string, edge *rest_management_ap
|
||||
if len(listResp.Payload.Data) == 1 {
|
||||
return *(listResp.Payload.Data[0].ID), nil
|
||||
}
|
||||
return "", errors.Errorf("service '%v' not found", svcName)
|
||||
return "", errors.Errorf("service '%v' not found", svcToken)
|
||||
}
|
||||
|
||||
func (h *unshareHandler) deallocateResources(senv *store.Environment, ssvc *store.Service, svcName, svcZId string, edge *rest_management_api_client.ZitiEdgeManagement) error {
|
||||
if err := deleteServiceEdgeRouterPolicy(senv.ZId, svcName, edge); err != nil {
|
||||
func (h *unshareHandler) deallocateResources(senv *store.Environment, ssvc *store.Service, svcToken, svcZId string, edge *rest_management_api_client.ZitiEdgeManagement) error {
|
||||
if err := deleteServiceEdgeRouterPolicy(senv.ZId, svcToken, edge); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := deleteServicePolicyDial(senv.ZId, svcName, edge); err != nil {
|
||||
if err := deleteServicePolicyDial(senv.ZId, svcToken, edge); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := deleteServicePolicyBind(senv.ZId, svcName, edge); err != nil {
|
||||
if err := deleteServicePolicyBind(senv.ZId, svcToken, edge); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := deleteConfig(senv.ZId, svcName, edge); err != nil {
|
||||
if err := deleteConfig(senv.ZId, svcToken, edge); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := deleteService(senv.ZId, svcZId, edge); err != nil {
|
||||
|
@ -80,5 +80,5 @@ func realRemoteAddress(req *http.Request) string {
|
||||
}
|
||||
|
||||
func proxyUrl(svcName string) string {
|
||||
return strings.Replace(cfg.Proxy.UrlTemplate, "{svcName}", svcName, -1)
|
||||
return strings.Replace(cfg.Proxy.UrlTemplate, "{svcToken}", svcName, -1)
|
||||
}
|
||||
|
@ -9,7 +9,7 @@ endpoint:
|
||||
port: 18080
|
||||
|
||||
proxy:
|
||||
url_template: "https://{svcName}.in.zrok.io/"
|
||||
url_template: "https://{svcToken}.in.zrok.io/"
|
||||
identities:
|
||||
- "e6gMfeD4y"
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user