service policy (#3)

This commit is contained in:
Michael Quigley 2022-07-26 17:17:37 -04:00
parent f44599e9c2
commit 73718804e1
No known key found for this signature in database
GPG Key ID: 9B60314A9DD20A62
7 changed files with 76 additions and 14 deletions

View File

@ -34,7 +34,10 @@ func enable(_ *cobra.Command, args []string) {
if err := zrokdir.WriteToken(token); err != nil {
panic(err)
}
if err := zrokdir.WriteIdentity(resp.Payload.Cfg); err != nil {
if err := zrokdir.WriteIdentityId(resp.Payload.Identity); err != nil {
panic(err)
}
if err := zrokdir.WriteIdentityConfig(resp.Payload.Cfg); err != nil {
panic(err)
}
logrus.Infof("enabled, identity = '%v'", resp.Payload.Identity)

View File

@ -13,7 +13,7 @@ var httpCmd = &cobra.Command{
Short: "Start an http terminator",
Args: cobra.ExactArgs(1),
Run: func(_ *cobra.Command, args []string) {
idCfg, err := zrokdir.IdentityFile()
idCfg, err := zrokdir.IdentityConfigFile()
if err != nil {
panic(err)
}
@ -21,7 +21,7 @@ var httpCmd = &cobra.Command{
IdentityPath: idCfg,
EndpointAddress: args[0],
}
token, err := zrokdir.ReadToken()
id, err := zrokdir.ReadIdentityId()
if err != nil {
panic(err)
}
@ -30,7 +30,7 @@ var httpCmd = &cobra.Command{
req := tunnel.NewTunnelParams()
req.Body = &rest_model_zrok.TunnelRequest{
Endpoint: cfg.EndpointAddress,
Token: token,
Identity: id,
}
resp, err := zrok.Tunnel.Tunnel(req)
if err != nil {

View File

@ -8,6 +8,7 @@ import (
"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/tunnel"
"github.com/openziti/edge/rest_management_api_client/service"
"github.com/openziti/edge/rest_management_api_client/service_edge_router_policy"
"github.com/openziti/edge/rest_management_api_client/service_policy"
"github.com/openziti/edge/rest_model"
"github.com/sirupsen/logrus"
"time"
@ -27,6 +28,8 @@ func tunnelHandler(params tunnel.TunnelParams) middleware.Responder {
}
logrus.Infof("using service '%v'", serviceId)
semantic := rest_model.SemanticAllOf
// Service
svcConfigs := make([]string, 0)
svcEnc := true
@ -47,14 +50,39 @@ func tunnelHandler(params tunnel.TunnelParams) middleware.Responder {
}
logrus.Infof("created service '%v'", serviceId)
// Service Policy
svcpIdRoles := []string{fmt.Sprintf("@%v", params.Body.Identity)}
svcpPcRoles := []string{}
svcpSvcRoles := []string{fmt.Sprintf("@%v", svcResp.Payload.Data.ID)}
svcpDialBind := rest_model.DialBindBind
svcp := &rest_model.ServicePolicyCreate{
IdentityRoles: svcpIdRoles,
Name: &serviceId,
PostureCheckRoles: svcpPcRoles,
Semantic: &semantic,
ServiceRoles: svcpSvcRoles,
Type: &svcpDialBind,
}
svcpParams := &service_policy.CreateServicePolicyParams{
Policy: svcp,
Context: context.Background(),
}
svcpParams.SetTimeout(30 * time.Second)
_, err = edge.ServicePolicy.CreateServicePolicy(svcpParams, nil)
if err != nil {
logrus.Error(err)
return middleware.Error(500, err.Error())
}
logrus.Infof("created service policy '%v'", serviceId)
// Service Edge Router Policy
serpErRoles := []string{"@tDnhG8jkG9"} // @linux-edge-router
serpSemantic := rest_model.SemanticAllOf
serpSvcRoles := []string{fmt.Sprintf("@%v", svcResp.Payload.Data.ID)}
serp := &rest_model.ServiceEdgeRouterPolicyCreate{
EdgeRouterRoles: serpErRoles,
Name: &serviceId,
Semantic: &serpSemantic,
Semantic: &semantic,
ServiceRoles: serpSvcRoles,
}
serpParams := &service_edge_router_policy.CreateServiceEdgeRouterPolicyParams{

View File

@ -20,8 +20,8 @@ type TunnelRequest struct {
// endpoint
Endpoint string `json:"endpoint,omitempty"`
// token
Token string `json:"token,omitempty"`
// identity
Identity string `json:"identity,omitempty"`
}
// Validate validates this tunnel request

View File

@ -183,7 +183,7 @@ func init() {
"endpoint": {
"type": "string"
},
"token": {
"identity": {
"type": "string"
}
}
@ -372,7 +372,7 @@ func init() {
"endpoint": {
"type": "string"
},
"token": {
"identity": {
"type": "string"
}
}

View File

@ -101,7 +101,7 @@ definitions:
tunnelRequest:
type: object
properties:
token:
identity:
type: string
endpoint:
type: string

View File

@ -28,8 +28,31 @@ func WriteToken(token string) error {
return nil
}
func WriteIdentity(data string) error {
path, err := IdentityFile()
func ReadIdentityId() (string, error) {
path, err := IdentityIdFile()
if err != nil {
return "", err
}
id, err := os.ReadFile(path)
if err != nil {
return "", err
}
return string(id), nil
}
func WriteIdentityId(id string) error {
path, err := IdentityIdFile()
if err != nil {
return err
}
if err := os.WriteFile(path, []byte(id), os.FileMode(400)); err != nil {
return err
}
return nil
}
func WriteIdentityConfig(data string) error {
path, err := IdentityConfigFile()
if err != nil {
return err
}
@ -39,7 +62,15 @@ func WriteIdentity(data string) error {
return nil
}
func IdentityFile() (string, error) {
func IdentityIdFile() (string, error) {
zrok, err := zrokDir()
if err != nil {
return "", err
}
return filepath.Join(zrok, "identity.id"), nil
}
func IdentityConfigFile() (string, error) {
zrok, err := zrokDir()
if err != nil {
return "", err