extern/zrok
1
1
Fork 0
mirror of https://github.com/openziti/zrok.git synced 2025-06-26 12:42:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

bootstrap secrets identity (#968)

Browse Source
This commit is contained in:
Michael Quigley 2025-06-16 14:16:23 -04:00
parent 272b588a1e
commit af95eefa7b
No known key found for this signature in database
GPG Key ID: 9B60314A9DD20A62
1 changed files with 43 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
controller/bootstrap.go
View File

@ -51,6 +51,10 @@ func Bootstrap(bootCfg *BootstrapConfig, ctrlCfg *config.Config) error {
return err return err
} }
if err := assertSecretsListener(bootCfg, ctrlCfg, env, edge); err != nil {
return err
}
if err := assertZrokProxyConfigType(edge); err != nil { if err := assertZrokProxyConfigType(edge); err != nil {
return err return err
} }
@ -102,6 +106,45 @@ func assertFrontendIdentity(cfg *BootstrapConfig, env env_core.Root, edge *rest_
return nil return nil
} }
func assertSecretsListener(bCfg *BootstrapConfig, ctrlCfg *config.Config, env env_core.Root, edge *rest_management_api_client.ZitiEdgeManagement) error {
if !bCfg.SkipSecretsListener || ctrlCfg == nil || ctrlCfg.Secrets == nil {
logrus.Info("bootstrapping secrets listener")
if ctrlCfg.Secrets.ServiceName == "" {
return errors.New("no secrets service name provided")
}
var secretsZId string
var err error
if ctrlCfg.Secrets.IdentityPath == "" || ctrlCfg.Secrets.ZId == "" {
logrus.Warnf("no secrets identity path or ziti id provided; allocating a new identity")
secretsZId, err = bootstrapIdentity("secrets", edge)
if err != nil {
return errors.Wrap(err, "error bootstrapping secrets identity")
}
logrus.Infof("created secrets identity '%v' (configure this into the 'secrets > z_id' field in the controller config)", secretsZId)
} else {
logrus.Infof("asserting existing secrets identity '%v'", ctrlCfg.Secrets.ZId)
if err := assertIdentity(ctrlCfg.Secrets.ZId, edge); err != nil {
return errors.Wrapf(err, "error asserting existing secrets identity '%v'", ctrlCfg.Secrets.ZId)
}
secretsZId = ctrlCfg.Secrets.ZId
logrus.Infof("asserted secrets identity '%v'", ctrlCfg.Secrets.ZId)
}
if err := assertErpForIdentity("secrets", secretsZId, edge); err != nil {
return errors.Wrapf(err, "error asserting erp for secrets identity (secrets) '%v'", secretsZId)
}
} else {
logrus.Warnf("skipping secrets listener bootstrap")
}
return nil
}
func assertZrokProxyConfigType(edge *rest_management_api_client.ZitiEdgeManagement) error { func assertZrokProxyConfigType(edge *rest_management_api_client.ZitiEdgeManagement) error {
filter := fmt.Sprintf("name=\"%v\"", sdk.ZrokProxyConfig) filter := fmt.Sprintf("name=\"%v\"", sdk.ZrokProxyConfig)
limit := int64(100) limit := int64(100)