Merge branch 'v1_0_0' into api-v1

2025-06-25 04:02:15 +02:00 · 2025-02-26 13:15:43 -05:00 · 2025-02-26 13:15:43 -05:00 · a5f9d0b8a2
commit a5f9d0b8a2
parent cfe8961745 b167e03648
21 changed files with 126 additions and 47 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -14,7 +14,7 @@ FEATURE: `zrok share [public|private|reserved]` and `zrok access private` now au

 FEATURE: `zrok access private` supports a new `--auto` mode, which can automatically find an available open address/port to bind the frontend listener on. Also includes `--auto-address`, `--auto-start-port`, and `--auto-end-port` features with sensible defaults. Supported by both the agent and local operating modes (https://github.com/openziti/zrok/issues/780)

-FEATURE: `zrok rebase` command allows "rebasing" an enabled environment onto a different API endpoint. This is useful for migrating already-enabled environments between endpoints supporting different zrok versions (https://github.com/openziti/zrok/issues/869)
+FEATURE: `zrok rebase` commands (`zrok rebase apiEndpoint` and `zrok rebase accountToken`) allows "rebasing" an enabled environment onto a different API endpoint or a different account token. This is useful for migrating already-enabled environments between endpoints supporting different zrok versions, and is also useful when regenerating an account token (https://github.com/openziti/zrok/issues/869, https://github.com/openziti/zrok/issues/897)

 FEATURE: `zrok test canary` CLI tree replaces the old `zrok test loop` tree; new `zrok test canary public-proxy` and `zrok test canary private-proxy` provide modernized, updated versions of what the `zrok test loop` commands used to do. This new approach will serve as the foundation for all future zrok testing infrastructure (https://github.com/openziti/zrok/issues/771)

--- a/cmd/zrok/accessPrivate.go
+++ b/cmd/zrok/accessPrivate.go
@ -116,7 +116,7 @@ func (cmd *accessPrivateCommand) accessLocal(args []string, root env_core.Root)
 		cmd.error(err)
 	}

-	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().Token)
+	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().AccountToken)
 	req := share.NewAccessParams()
 	req.Body.ShareToken = shrToken
 	req.Body.EnvZID = root.Environment().ZitiIdentity
--- a/cmd/zrok/disable.go
+++ b/cmd/zrok/disable.go
@ -49,7 +49,7 @@ func (cmd *disableCommand) run(_ *cobra.Command, _ []string) {
 		}
 		panic(err)
 	}
-	auth := httpTransport.APIKeyAuth("X-TOKEN", "header", env.Environment().Token)
+	auth := httpTransport.APIKeyAuth("X-TOKEN", "header", env.Environment().AccountToken)
 	req := restEnvironment.NewDisableParams()
 	req.Body.Identity = env.Environment().ZitiIdentity

--- a/cmd/zrok/enable.go
+++ b/cmd/zrok/enable.go
@ -120,7 +120,7 @@ func (cmd *enableCommand) run(_ *cobra.Command, args []string) {
 		prg.Send("writing the environment details...")
 	}
 	apiEndpoint, _ := env.ApiEndpoint()
-	if err := env.SetEnvironment(&env_core.Environment{Token: token, ZitiIdentity: resp.Payload.Identity, ApiEndpoint: apiEndpoint}); err != nil {
+	if err := env.SetEnvironment(&env_core.Environment{AccountToken: token, ZitiIdentity: resp.Payload.Identity, ApiEndpoint: apiEndpoint}); err != nil {
 		if !cmd.headless && prg != nil {
 			prg.Send(fmt.Sprintf("there was an error saving the new environment: %v", err))
 			prg.Quit()
--- a/cmd/zrok/main.go
+++ b/cmd/zrok/main.go
@ -33,6 +33,7 @@ func init() {
 	rootCmd.AddCommand(modifyCmd)
 	organizationCmd.AddCommand(organizationAdminCmd)
 	rootCmd.AddCommand(organizationCmd)
+	rootCmd.AddCommand(rebaseCmd)
 	rootCmd.AddCommand(shareCmd)
 	rootCmd.AddCommand(testCmd)
 	testCmd.AddCommand(testCanaryCmd)
@ -126,6 +127,11 @@ var organizationCmd = &cobra.Command{
 	Short:   "Organization commands",
 }

+var rebaseCmd = &cobra.Command{
+	Use:   "rebase",
+	Short: "Rebase enabled zrok environment",
+}
+
 var shareCmd = &cobra.Command{
 	Use:   "share",
 	Short: "Create backend access for shares",
--- a/cmd/zrok/modifyShare.go
+++ b/cmd/zrok/modifyShare.go
@ -54,7 +54,7 @@ func (cmd *modifyShareCommand) run(_ *cobra.Command, args []string) {
 		}
 		panic(err)
 	}
-	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().Token)
+	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().AccountToken)

 	if len(cmd.addAccessGrants) > 0 || len(cmd.removeAccessGrants) > 0 {
 		req := share.NewUpdateShareParams()
--- a/cmd/zrok/orgAdminList.go
+++ b/cmd/zrok/orgAdminList.go
@ -50,7 +50,7 @@ func (c *orgAdminListCommand) run(_ *cobra.Command, args []string) {
 		}
 		panic(err)
 	}
-	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().Token)
+	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().AccountToken)

 	req := metadata.NewListOrgMembersParams()
 	req.OrganizationToken = args[0]
--- a/cmd/zrok/orgAdminOverview.go
+++ b/cmd/zrok/orgAdminOverview.go
@ -51,7 +51,7 @@ func (cmd *orgAdminOverviewCommand) run(_ *cobra.Command, args []string) {
 		}
 		panic(err)
 	}
-	req.Header.Add("X-TOKEN", root.Environment().Token)
+	req.Header.Add("X-TOKEN", root.Environment().AccountToken)
 	resp, err := client.Do(req)
 	if err != nil {
 		if !panicInstead {
--- a/cmd/zrok/orgMemberships.go
+++ b/cmd/zrok/orgMemberships.go
@ -49,7 +49,7 @@ func (c *orgMembershipsCommand) run(_ *cobra.Command, _ []string) {
 		}
 		panic(err)
 	}
-	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().Token)
+	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().AccountToken)

 	in, err := zrok.Metadata.ListMemberships(nil, auth)
 	if err != nil {
--- a/cmd/zrok/rebaseAccountToken.go
+++ b/cmd/zrok/rebaseAccountToken.go
@ -0,0 +1,66 @@
+package main
+
+import (
+	"bufio"
+	"fmt"
+	"github.com/openziti/zrok/environment"
+	"github.com/openziti/zrok/tui"
+	"github.com/spf13/cobra"
+	"os"
+)
+
+func init() {
+	rebaseCmd.AddCommand(newRebaseAccountTokenCommand().cmd)
+}
+
+type rebaseAccountTokenCommand struct {
+	cmd *cobra.Command
+}
+
+func newRebaseAccountTokenCommand() *rebaseAccountTokenCommand {
+	cmd := &cobra.Command{
+		Use:   "accountToken <accountToken>",
+		Short: "Rebase an enabled environment onto a different account token",
+		Args:  cobra.ExactArgs(1),
+	}
+	command := &rebaseAccountTokenCommand{cmd: cmd}
+	cmd.Run = command.run
+	return command
+}
+
+func (cmd *rebaseAccountTokenCommand) run(_ *cobra.Command, args []string) {
+	root, err := environment.LoadRoot()
+	if err != nil {
+		tui.Error("error loading root", err)
+	}
+
+	if !root.IsEnabled() {
+		tui.Error("environment not enabled; 'zrok enable' your environment instead", nil)
+	}
+
+	env := root.Environment()
+	if args[0] != env.AccountToken {
+		fmt.Printf("this action will rebase your enabled environment to use the account token '%v'\n", args[0])
+		fmt.Println()
+		fmt.Println("you should only proceed if you understand why you're doing this!")
+		fmt.Println()
+		fmt.Print("to proceed, type 'yes': ")
+		scanner := bufio.NewScanner(os.Stdin)
+		if scanner.Scan() {
+			text := scanner.Text()
+			if text != "yes" {
+				tui.Error("rebase aborted!", nil)
+			}
+		}
+		fmt.Println()
+
+		env.AccountToken = args[0]
+		if err := root.SetEnvironment(env); err != nil {
+			tui.Error("error rebasing environment", err)
+		}
+
+		fmt.Printf("environment rebased to account token '%v'\n", env.AccountToken)
+	} else {
+		fmt.Printf("environment already configured to use the account token '%v'\n", env.AccountToken)
+	}
+}
--- a/cmd/zrok/rebaseApiEndpoint.go
+++ b/cmd/zrok/rebaseApiEndpoint.go
@ -10,25 +10,25 @@ import (
 )

 func init() {
-	rootCmd.AddCommand(newRebaseCommand().cmd)
+	rebaseCmd.AddCommand(newRebaseApiEndpointCommand().cmd)
 }

-type rebaseCommand struct {
+type rebaseApiEndpointCommand struct {
 	cmd *cobra.Command
 }

-func newRebaseCommand() *rebaseCommand {
+func newRebaseApiEndpointCommand() *rebaseApiEndpointCommand {
 	cmd := &cobra.Command{
-		Use:   "rebase <apiEndpoint>",
+		Use:   "apiEndpoint <apiEndpoint>",
 		Short: "Rebase an enabled environment onto a different API endpoint URL",
 		Args:  cobra.ExactArgs(1),
 	}
-	command := &rebaseCommand{cmd: cmd}
+	command := &rebaseApiEndpointCommand{cmd: cmd}
 	cmd.Run = command.run
 	return command
 }

-func (cmd *rebaseCommand) run(_ *cobra.Command, args []string) {
+func (cmd *rebaseApiEndpointCommand) run(_ *cobra.Command, args []string) {
 	root, err := environment.LoadRoot()
 	if err != nil {
 		tui.Error("error loading root", err)
@ -40,7 +40,7 @@ func (cmd *rebaseCommand) run(_ *cobra.Command, args []string) {

 	currentEndpoint, _ := root.ApiEndpoint()
 	if args[0] != currentEndpoint {
-		fmt.Printf("this action will rebase your enabled environment to use the zrok API at: %v\n", currentEndpoint)
+		fmt.Printf("this action will rebase your enabled environment to use the zrok API at: %v\n", args[0])
 		fmt.Println()
 		fmt.Println("you should only proceed if you understand why you're doing this!")
 		fmt.Println()
--- a/cmd/zrok/release.go
+++ b/cmd/zrok/release.go
@ -50,7 +50,7 @@ func (cmd *releaseCommand) run(_ *cobra.Command, args []string) {
 		panic(err)
 	}

-	auth := httptransport.APIKeyAuth("X-TOKEN", "header", env.Environment().Token)
+	auth := httptransport.APIKeyAuth("X-TOKEN", "header", env.Environment().AccountToken)
 	req := share.NewUnshareParams()
 	req.Body.EnvZID = env.Environment().ZitiIdentity
 	req.Body.ShareToken = shrToken
--- a/cmd/zrok/shareReserved.go
+++ b/cmd/zrok/shareReserved.go
@ -105,7 +105,7 @@ func (cmd *shareReservedCommand) shareLocal(args []string, root env_core.Root) {
 	if err != nil {
 		cmd.error("unable to create zrok client", err)
 	}
-	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().Token)
+	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().AccountToken)
 	req := metadata.NewGetShareDetailParams()
 	req.ShareToken = shrToken
 	resp, err := zrok.Metadata.GetShareDetail(req, auth)
--- a/cmd/zrok/status.go
+++ b/cmd/zrok/status.go
@ -67,14 +67,14 @@ func (cmd *statusCommand) run(_ *cobra.Command, _ []string) {
 		t.SetStyle(table.StyleColoredDark)
 		t.AppendHeader(table.Row{"Property", "Value"})
 		if cmd.secrets {
-			t.AppendRow(table.Row{"Secret Token", env.Environment().Token})
+			t.AppendRow(table.Row{"Account Token", env.Environment().AccountToken})
 			t.AppendRow(table.Row{"Ziti Identity", env.Environment().ZitiIdentity})
 		} else {
 			secretToken := "<<SET>>"
-			if env.Environment().Token == "" {
+			if env.Environment().AccountToken == "" {
 				secretToken = "<<UNSET>>"
 			}
-			t.AppendRow(table.Row{"Secret Token", secretToken})
+			t.AppendRow(table.Row{"Account Token", secretToken})

 			zId := "<<SET>>"
 			if env.Environment().ZitiIdentity == "" {
--- a/environment/env_core/model.go
+++ b/environment/env_core/model.go
@ -32,7 +32,7 @@ type Root interface {
 }

 type Environment struct {
-	Token        string
+	AccountToken string
 	ZitiIdentity string
 	ApiEndpoint  string
 }
--- a/environment/env_v0_3/root.go
+++ b/environment/env_v0_3/root.go
@ -205,7 +205,7 @@ func loadEnvironment() (*env_core.Environment, error) {
 		return nil, errors.Wrapf(err, "error unmarshaling environment file '%v'", ef)
 	}
 	out := &env_core.Environment{
-		Token:        env.Token,
+		AccountToken: env.AccountToken,
 		ZitiIdentity: env.ZId,
 		ApiEndpoint:  env.ApiEndpoint,
 	}
@ -214,7 +214,7 @@ func loadEnvironment() (*env_core.Environment, error) {

 func saveEnvironment(env *env_core.Environment) error {
 	in := &environment{
-		Token:       env.Token,
+		AccountToken: env.AccountToken,
 		ZId:          env.ZitiIdentity,
 		ApiEndpoint:  env.ApiEndpoint,
 	}
@ -256,7 +256,7 @@ type config struct {
 }

 type environment struct {
-	Token       string `json:"zrok_token"`
+	AccountToken string `json:"zrok_token"`
 	ZId          string `json:"ziti_identity"`
 	ApiEndpoint  string `json:"api_endpoint"`
 }
--- a/environment/env_v0_4/root.go
+++ b/environment/env_v0_4/root.go
@ -282,7 +282,7 @@ func loadEnvironment() (*env_core.Environment, error) {
 		return nil, errors.Wrapf(err, "error unmarshaling environment file '%v'", ef)
 	}
 	out := &env_core.Environment{
-		Token:        env.Token,
+		AccountToken: env.AccountToken,
 		ZitiIdentity: env.ZId,
 		ApiEndpoint:  env.ApiEndpoint,
 	}
@ -291,7 +291,7 @@ func loadEnvironment() (*env_core.Environment, error) {

 func saveEnvironment(env *env_core.Environment) error {
 	in := &environment{
-		Token:       env.Token,
+		AccountToken: env.AccountToken,
 		ZId:          env.ZitiIdentity,
 		ApiEndpoint:  env.ApiEndpoint,
 	}
@ -335,7 +335,7 @@ type config struct {
 }

 type environment struct {
-	Token       string `json:"zrok_token"`
+	AccountToken string `json:"zrok_token"`
 	ZId          string `json:"ziti_identity"`
 	ApiEndpoint  string `json:"api_endpoint"`
 }
--- a/sdk/golang/sdk/access.go
+++ b/sdk/golang/sdk/access.go
@ -20,7 +20,7 @@ func CreateAccess(root env_core.Root, request *AccessRequest) (*Access, error) {
 	if err != nil {
 		return nil, errors.Wrap(err, "error getting zrok client")
 	}
-	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().Token)
+	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().AccountToken)

 	in, err := zrok.Share.Access(out, auth)
 	if err != nil {
@ -40,7 +40,7 @@ func DeleteAccess(root env_core.Root, acc *Access) error {
 	if err != nil {
 		return errors.Wrap(err, "error getting zrok client")
 	}
-	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().Token)
+	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().AccountToken)

 	_, err = zrok.Share.Unaccess(out, auth)
 	if err != nil {
--- a/sdk/golang/sdk/overview.go
+++ b/sdk/golang/sdk/overview.go
@ -19,7 +19,7 @@ func Overview(root env_core.Root) (string, error) {
 	if err != nil {
 		return "", err
 	}
-	req.Header.Add("X-TOKEN", root.Environment().Token)
+	req.Header.Add("X-TOKEN", root.Environment().AccountToken)
 	resp, err := client.Do(req)
 	if err != nil {
 		return "", err
--- a/sdk/golang/sdk/share.go
+++ b/sdk/golang/sdk/share.go
@ -50,7 +50,7 @@ func CreateShare(root env_core.Root, request *ShareRequest) (*Share, error) {
 	if err != nil {
 		return nil, errors.Wrap(err, "error getting zrok client")
 	}
-	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().Token)
+	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().AccountToken)

 	in, err := zrok.Share.Share(out, auth)
 	if err != nil {
@ -104,7 +104,7 @@ func DeleteShare(root env_core.Root, shr *Share) error {
 	if err != nil {
 		return errors.Wrap(err, "error getting zrok client")
 	}
-	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().Token)
+	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().AccountToken)

 	_, err = zrok.Share.Unshare(req, auth)
 	if err != nil {
--- a/ui/src/RegenerateAccountTokenModal.tsx
+++ b/ui/src/RegenerateAccountTokenModal.tsx
@ -84,18 +84,25 @@ const RegenerateAccountTokenModal = ({ close, isOpen, user }: RegenerateAccountT
                </Grid2>
                <Grid2 container sx={{ flexGrow: 1, p: 1 }} alignItems="center">
                    <Typography>
-                        You will need to manually edit your <code>$&#123;HOME&#125;/.zrok/environment.json</code> files
-                        (in each environment) to use the new <code>zrok_token</code>. Updating these files will restore
-                        the functionality of your environments.
+                        You will need to use the <code> zrok rebase accountToken </code> command to update any enabled
+                        environments to use your new account token. Rebasing your environments will minimize any service
+                        disruptions caused by regenerating your account token.
                    </Typography>
                </Grid2>
                <Grid2 container sx={{ flexGrow: 1, p: 1 }} alignItems="center">
                    <Typography>
-                        Alternatively, you can just <code>zrok disable</code> any enabled environments and re-enable
-                        using the updated account token. Running <code>zrok disable</code> before you regenerate will
+                        Keep in mind that once you've regenerated your account token, any running <code> zrok share </code>
+                        or <code> zrok access </code> processes may not be able to interact with the zrok service properly
+                        until they are restarted.
+                    </Typography>
+                </Grid2>
+                <Grid2 container sx={{ flexGrow: 1, p: 1 }} alignItems="center">
+                    <Typography>
+                        Alternatively, you can just <code> zrok disable </code> any enabled environments and re-enable
+                        using the updated account token. Running <code> zrok disable </code> before you regenerate will
                        delete your environments and any shares they contain (including reserved shares). So if you have
-                        environments and reserved shares you need to preserve, your best option is to update the <code>zrok_token</code> in
-                        those environments as described above.
+                        environments and reserved shares you need to preserve, your best option is to use the
+                        <code> zrok rebase accountToken </code> command as described above.
                    </Typography>
                </Grid2>
                { successMessage ? null : controls }