mirror of
https://github.com/openziti/zrok.git
synced 2025-01-22 13:58:49 +01:00
make frontend dial policies for private access names more unique (include frontend token) (#329)
This commit is contained in:
parent
1b70c6e013
commit
871bf2d528
@ -76,7 +76,7 @@ func (h *accessHandler) Handle(params share.AccessParams, principal *rest_model_
|
||||
"zrokFrontendToken": feToken,
|
||||
"zrokShareToken": shrToken,
|
||||
}
|
||||
if err := zrokEdgeSdk.CreateServicePolicyDial(envZId+"-"+shr.ZId+"-dial", shr.ZId, []string{envZId}, addlTags, edge); err != nil {
|
||||
if err := zrokEdgeSdk.CreateServicePolicyDial(feToken+"-"+envZId+"-"+shr.ZId+"-dial", shr.ZId, []string{envZId}, addlTags, edge); err != nil {
|
||||
logrus.Errorf("unable to create dial policy for user '%v': %v", principal.Email, err)
|
||||
return share.NewAccessInternalServerError()
|
||||
}
|
||||
|
@ -35,11 +35,11 @@ func (a *accountRelaxAction) HandleAccount(acct *store.Account, _, _ int64, _ *B
|
||||
switch shr.ShareMode {
|
||||
case "public":
|
||||
if err := relaxPublicShare(a.str, a.edge, shr, trx); err != nil {
|
||||
return err
|
||||
return errors.Wrap(err, "error relaxing public share")
|
||||
}
|
||||
case "private":
|
||||
if err := relaxPrivateShare(a.str, a.edge, shr, trx); err != nil {
|
||||
return err
|
||||
return errors.Wrap(err, "error relaxing private share")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -72,7 +72,7 @@ func relaxPrivateShare(str *store.Store, edge *rest_management_api_client.ZitiEd
|
||||
"zrokFrontendToken": fe.Token,
|
||||
"zrokShareToken": shr.Token,
|
||||
}
|
||||
if err := zrokEdgeSdk.CreateServicePolicyDial(env.ZId+"-"+shr.ZId+"-dial", shr.ZId, []string{env.ZId}, addlTags, edge); err != nil {
|
||||
if err := zrokEdgeSdk.CreateServicePolicyDial(fe.Token+"-"+env.ZId+"-"+shr.ZId+"-dial", shr.ZId, []string{env.ZId}, addlTags, edge); err != nil {
|
||||
return errors.Wrapf(err, "unable to create dial policy for frontend '%v'", fe.Token)
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user