mirror of
https://github.com/openziti/zrok.git
synced 2024-12-25 16:19:08 +01:00
service policy (#3)
This commit is contained in:
parent
f44599e9c2
commit
73718804e1
@ -34,7 +34,10 @@ func enable(_ *cobra.Command, args []string) {
|
||||
if err := zrokdir.WriteToken(token); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
if err := zrokdir.WriteIdentity(resp.Payload.Cfg); err != nil {
|
||||
if err := zrokdir.WriteIdentityId(resp.Payload.Identity); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
if err := zrokdir.WriteIdentityConfig(resp.Payload.Cfg); err != nil {
|
||||
panic(err)
|
||||
}
|
||||
logrus.Infof("enabled, identity = '%v'", resp.Payload.Identity)
|
||||
|
@ -13,7 +13,7 @@ var httpCmd = &cobra.Command{
|
||||
Short: "Start an http terminator",
|
||||
Args: cobra.ExactArgs(1),
|
||||
Run: func(_ *cobra.Command, args []string) {
|
||||
idCfg, err := zrokdir.IdentityFile()
|
||||
idCfg, err := zrokdir.IdentityConfigFile()
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
@ -21,7 +21,7 @@ var httpCmd = &cobra.Command{
|
||||
IdentityPath: idCfg,
|
||||
EndpointAddress: args[0],
|
||||
}
|
||||
token, err := zrokdir.ReadToken()
|
||||
id, err := zrokdir.ReadIdentityId()
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
@ -30,7 +30,7 @@ var httpCmd = &cobra.Command{
|
||||
req := tunnel.NewTunnelParams()
|
||||
req.Body = &rest_model_zrok.TunnelRequest{
|
||||
Endpoint: cfg.EndpointAddress,
|
||||
Token: token,
|
||||
Identity: id,
|
||||
}
|
||||
resp, err := zrok.Tunnel.Tunnel(req)
|
||||
if err != nil {
|
||||
|
@ -8,6 +8,7 @@ import (
|
||||
"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/tunnel"
|
||||
"github.com/openziti/edge/rest_management_api_client/service"
|
||||
"github.com/openziti/edge/rest_management_api_client/service_edge_router_policy"
|
||||
"github.com/openziti/edge/rest_management_api_client/service_policy"
|
||||
"github.com/openziti/edge/rest_model"
|
||||
"github.com/sirupsen/logrus"
|
||||
"time"
|
||||
@ -27,6 +28,8 @@ func tunnelHandler(params tunnel.TunnelParams) middleware.Responder {
|
||||
}
|
||||
logrus.Infof("using service '%v'", serviceId)
|
||||
|
||||
semantic := rest_model.SemanticAllOf
|
||||
|
||||
// Service
|
||||
svcConfigs := make([]string, 0)
|
||||
svcEnc := true
|
||||
@ -47,14 +50,39 @@ func tunnelHandler(params tunnel.TunnelParams) middleware.Responder {
|
||||
}
|
||||
logrus.Infof("created service '%v'", serviceId)
|
||||
|
||||
// Service Policy
|
||||
svcpIdRoles := []string{fmt.Sprintf("@%v", params.Body.Identity)}
|
||||
svcpPcRoles := []string{}
|
||||
svcpSvcRoles := []string{fmt.Sprintf("@%v", svcResp.Payload.Data.ID)}
|
||||
svcpDialBind := rest_model.DialBindBind
|
||||
svcp := &rest_model.ServicePolicyCreate{
|
||||
IdentityRoles: svcpIdRoles,
|
||||
Name: &serviceId,
|
||||
PostureCheckRoles: svcpPcRoles,
|
||||
Semantic: &semantic,
|
||||
ServiceRoles: svcpSvcRoles,
|
||||
Type: &svcpDialBind,
|
||||
}
|
||||
svcpParams := &service_policy.CreateServicePolicyParams{
|
||||
Policy: svcp,
|
||||
Context: context.Background(),
|
||||
}
|
||||
svcpParams.SetTimeout(30 * time.Second)
|
||||
_, err = edge.ServicePolicy.CreateServicePolicy(svcpParams, nil)
|
||||
if err != nil {
|
||||
logrus.Error(err)
|
||||
return middleware.Error(500, err.Error())
|
||||
}
|
||||
logrus.Infof("created service policy '%v'", serviceId)
|
||||
|
||||
// Service Edge Router Policy
|
||||
serpErRoles := []string{"@tDnhG8jkG9"} // @linux-edge-router
|
||||
serpSemantic := rest_model.SemanticAllOf
|
||||
|
||||
serpSvcRoles := []string{fmt.Sprintf("@%v", svcResp.Payload.Data.ID)}
|
||||
serp := &rest_model.ServiceEdgeRouterPolicyCreate{
|
||||
EdgeRouterRoles: serpErRoles,
|
||||
Name: &serviceId,
|
||||
Semantic: &serpSemantic,
|
||||
Semantic: &semantic,
|
||||
ServiceRoles: serpSvcRoles,
|
||||
}
|
||||
serpParams := &service_edge_router_policy.CreateServiceEdgeRouterPolicyParams{
|
||||
|
@ -20,8 +20,8 @@ type TunnelRequest struct {
|
||||
// endpoint
|
||||
Endpoint string `json:"endpoint,omitempty"`
|
||||
|
||||
// token
|
||||
Token string `json:"token,omitempty"`
|
||||
// identity
|
||||
Identity string `json:"identity,omitempty"`
|
||||
}
|
||||
|
||||
// Validate validates this tunnel request
|
||||
|
@ -183,7 +183,7 @@ func init() {
|
||||
"endpoint": {
|
||||
"type": "string"
|
||||
},
|
||||
"token": {
|
||||
"identity": {
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
@ -372,7 +372,7 @@ func init() {
|
||||
"endpoint": {
|
||||
"type": "string"
|
||||
},
|
||||
"token": {
|
||||
"identity": {
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
|
@ -101,7 +101,7 @@ definitions:
|
||||
tunnelRequest:
|
||||
type: object
|
||||
properties:
|
||||
token:
|
||||
identity:
|
||||
type: string
|
||||
endpoint:
|
||||
type: string
|
||||
|
@ -28,8 +28,31 @@ func WriteToken(token string) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func WriteIdentity(data string) error {
|
||||
path, err := IdentityFile()
|
||||
func ReadIdentityId() (string, error) {
|
||||
path, err := IdentityIdFile()
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
id, err := os.ReadFile(path)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
return string(id), nil
|
||||
}
|
||||
|
||||
func WriteIdentityId(id string) error {
|
||||
path, err := IdentityIdFile()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if err := os.WriteFile(path, []byte(id), os.FileMode(400)); err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func WriteIdentityConfig(data string) error {
|
||||
path, err := IdentityConfigFile()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@ -39,7 +62,15 @@ func WriteIdentity(data string) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func IdentityFile() (string, error) {
|
||||
func IdentityIdFile() (string, error) {
|
||||
zrok, err := zrokDir()
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
return filepath.Join(zrok, "identity.id"), nil
|
||||
}
|
||||
|
||||
func IdentityConfigFile() (string, error) {
|
||||
zrok, err := zrokDir()
|
||||
if err != nil {
|
||||
return "", err
|
||||
|
Loading…
Reference in New Issue
Block a user