From 871bf2d52874bace74cb052fd075ed7f4431355a Mon Sep 17 00:00:00 2001 From: Michael Quigley Date: Thu, 18 May 2023 13:19:16 -0400 Subject: [PATCH] make frontend dial policies for private access names more unique (include frontend token) (#329) --- controller/access.go | 2 +- controller/limits/accountRelaxAction.go | 4 ++-- controller/limits/shareRelaxAction.go | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/controller/access.go b/controller/access.go index f55ea5e2..b989988e 100644 --- a/controller/access.go +++ b/controller/access.go @@ -76,7 +76,7 @@ func (h *accessHandler) Handle(params share.AccessParams, principal *rest_model_ "zrokFrontendToken": feToken, "zrokShareToken": shrToken, } - if err := zrokEdgeSdk.CreateServicePolicyDial(envZId+"-"+shr.ZId+"-dial", shr.ZId, []string{envZId}, addlTags, edge); err != nil { + if err := zrokEdgeSdk.CreateServicePolicyDial(feToken+"-"+envZId+"-"+shr.ZId+"-dial", shr.ZId, []string{envZId}, addlTags, edge); err != nil { logrus.Errorf("unable to create dial policy for user '%v': %v", principal.Email, err) return share.NewAccessInternalServerError() } diff --git a/controller/limits/accountRelaxAction.go b/controller/limits/accountRelaxAction.go index e73829dd..5e46c35f 100644 --- a/controller/limits/accountRelaxAction.go +++ b/controller/limits/accountRelaxAction.go @@ -35,11 +35,11 @@ func (a *accountRelaxAction) HandleAccount(acct *store.Account, _, _ int64, _ *B switch shr.ShareMode { case "public": if err := relaxPublicShare(a.str, a.edge, shr, trx); err != nil { - return err + return errors.Wrap(err, "error relaxing public share") } case "private": if err := relaxPrivateShare(a.str, a.edge, shr, trx); err != nil { - return err + return errors.Wrap(err, "error relaxing private share") } } } diff --git a/controller/limits/shareRelaxAction.go b/controller/limits/shareRelaxAction.go index 511ec49b..2a5912c6 100644 --- a/controller/limits/shareRelaxAction.go +++ b/controller/limits/shareRelaxAction.go @@ -72,7 +72,7 @@ func relaxPrivateShare(str *store.Store, edge *rest_management_api_client.ZitiEd "zrokFrontendToken": fe.Token, "zrokShareToken": shr.Token, } - if err := zrokEdgeSdk.CreateServicePolicyDial(env.ZId+"-"+shr.ZId+"-dial", shr.ZId, []string{env.ZId}, addlTags, edge); err != nil { + if err := zrokEdgeSdk.CreateServicePolicyDial(fe.Token+"-"+env.ZId+"-"+shr.ZId+"-dial", shr.ZId, []string{env.ZId}, addlTags, edge); err != nil { return errors.Wrapf(err, "unable to create dial policy for frontend '%v'", fe.Token) }