create/delete frontend grant cli; api testing (#992)

2025-06-26 12:42:18 +02:00 · 2025-06-25 13:03:25 -04:00 · 2025-06-25 13:03:25 -04:00 · b4d3a5b89d
commit b4d3a5b89d
parent ce37219bac
5 changed files with 125 additions and 6 deletions
--- a/cmd/zrok/adminCreateFrontend.go
+++ b/cmd/zrok/adminCreateFrontend.go
@ -7,7 +7,6 @@ import (
 	"github.com/openziti/zrok/tui"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
-	"os"
 )

 func init() {
@ -36,12 +35,12 @@ func (cmd *adminCreateFrontendCommand) run(_ *cobra.Command, args []string) {
 	publicName := args[1]
 	urlTemplate := args[2]

-	env, err := environment.LoadRoot()
+	root, err := environment.LoadRoot()
 	if err != nil {
 		panic(err)
 	}

-	zrok, err := env.Client()
+	zrok, err := root.Client()
 	if err != nil {
 		panic(err)
 	}
@ -61,10 +60,8 @@ func (cmd *adminCreateFrontendCommand) run(_ *cobra.Command, args []string) {
 		switch err.(type) {
 		case *admin.CreateFrontendBadRequest:
 			tui.Error("create frontend request failed: name already exists", err)
-			os.Exit(1)
 		default:
 			tui.Error("create frontend request failed", err)
-			os.Exit(1)
 		}
 	}

--- a/cmd/zrok/adminCreateFrontendGrant.go
+++ b/cmd/zrok/adminCreateFrontendGrant.go
@ -0,0 +1,56 @@
+package main
+
+import (
+	"os"
+
+	"github.com/openziti/zrok/environment"
+	"github.com/openziti/zrok/rest_client_zrok/admin"
+	"github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+)
+
+func init() {
+	adminCreateCmd.AddCommand(newAdminCreateFrontendGrantCommand().cmd)
+}
+
+type adminCreateFrontendGrantCommand struct {
+	cmd *cobra.Command
+}
+
+func newAdminCreateFrontendGrantCommand() *adminCreateFrontendGrantCommand {
+	cmd := &cobra.Command{
+		Use:     "frontend-grant <frontendToken> <accountEmail>",
+		Aliases: []string{"fg"},
+		Short:   "Grant an account access to a frontend",
+		Args:    cobra.ExactArgs(2),
+	}
+	command := &adminCreateFrontendGrantCommand{cmd: cmd}
+	cmd.Run = command.run
+	return command
+}
+
+func (cmd *adminCreateFrontendGrantCommand) run(_ *cobra.Command, args []string) {
+	frontendToken := args[0]
+	accountEmail := args[1]
+
+	root, err := environment.LoadRoot()
+	if err != nil {
+		panic(err)
+	}
+
+	zrok, err := root.Client()
+	if err != nil {
+		panic(err)
+	}
+
+	req := admin.NewAddFrontendGrantParams()
+	req.Body.FrontendToken = frontendToken
+	req.Body.Email = accountEmail
+
+	if _, err = zrok.Admin.AddFrontendGrant(req, mustGetAdminAuth()); err != nil {
+		logrus.Errorf("error addming frontend grant: %v", err)
+		os.Exit(1)
+	}
+
+	logrus.Infof("added frontend ('%v') grant for '%v'", frontendToken, accountEmail)
+}
--- a/cmd/zrok/adminDeleteFrontendGrant.go
+++ b/cmd/zrok/adminDeleteFrontendGrant.go
@ -0,0 +1,56 @@
+package main
+
+import (
+	"os"
+
+	"github.com/openziti/zrok/environment"
+	"github.com/openziti/zrok/rest_client_zrok/admin"
+	"github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+)
+
+func init() {
+	adminDeleteCmd.AddCommand(newAdminDeleteFrontendGrantCommand().cmd)
+}
+
+type adminDeleteFrontendGrantCommand struct {
+	cmd *cobra.Command
+}
+
+func newAdminDeleteFrontendGrantCommand() *adminDeleteFrontendGrantCommand {
+	cmd := &cobra.Command{
+		Use:     "frontend-grant <frontendToken> <accountEmail>",
+		Aliases: []string{"fg"},
+		Short:   "Remove account access from a frontend",
+		Args:    cobra.ExactArgs(2),
+	}
+	command := &adminDeleteFrontendGrantCommand{cmd: cmd}
+	cmd.Run = command.run
+	return command
+}
+
+func (cmd *adminDeleteFrontendGrantCommand) run(_ *cobra.Command, args []string) {
+	frontendToken := args[0]
+	accountEmail := args[1]
+
+	root, err := environment.LoadRoot()
+	if err != nil {
+		panic(err)
+	}
+
+	zrok, err := root.Client()
+	if err != nil {
+		panic(err)
+	}
+
+	req := admin.NewDeleteFrontendGrantParams()
+	req.Body.FrontendToken = frontendToken
+	req.Body.Email = accountEmail
+
+	if _, err := zrok.Admin.DeleteFrontendGrant(req, mustGetAdminAuth()); err != nil {
+		logrus.Errorf("error deleting frontend grant: %v", err)
+		os.Exit(1)
+	}
+
+	logrus.Infof("deleted frontend ('%v') grant for '%v'", frontendToken, accountEmail)
+}
--- a/controller/addFrontendGrant.go
+++ b/controller/addFrontendGrant.go
@ -51,6 +51,11 @@ func (h *addFrontendGrantHandler) Handle(params admin.AddFrontendGrantParams, pr
 		}
 		logrus.Infof("granted '%v' access to frontend '%v'", acct.Email, fe.Token)

+		if err := trx.Commit(); err != nil {
+			logrus.Errorf("error committing transaction: %v", err)
+			return admin.NewAddFrontendGrantInternalServerError()
+		}
+
 	} else {
 		logrus.Infof("account '%v' already granted access to frontend '%v'", acct.Email, fe.Token)
 	}
--- a/controller/deleteFrontendGrant.go
+++ b/controller/deleteFrontendGrant.go
@ -51,6 +51,11 @@ func (h *deleteFrontendGrantHandler) Handle(params admin.DeleteFrontendGrantPara
 		}
 		logrus.Infof("deleted '%v' access to frontend '%v'", acct.Email, fe.Token)

+		if err := trx.Commit(); err != nil {
+			logrus.Errorf("error committing transaction: %v", err)
+			return admin.NewAddFrontendGrantInternalServerError()
+		}
+
 	} else {
 		logrus.Infof("account '%v' not granted access to frontend '%v'", acct.Email, fe.Token)
 	}