mirror of
https://github.com/openziti/zrok.git
synced 2024-11-25 01:23:49 +01:00
rough and sketchy identity creation and enrollment
This commit is contained in:
parent
bb57075059
commit
cad9a2bf5b
@ -1,11 +1,13 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"github.com/openziti-test-kitchen/zrok/rest_model"
|
||||
"github.com/openziti-test-kitchen/zrok/rest_zrok_client/identity"
|
||||
"github.com/pkg/errors"
|
||||
"github.com/sirupsen/logrus"
|
||||
"github.com/spf13/cobra"
|
||||
"os"
|
||||
)
|
||||
|
||||
func init() {
|
||||
@ -33,5 +35,15 @@ func enable(_ *cobra.Command, args []string) {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
cfgFile, err := os.Create(fmt.Sprintf("%v.json", resp.Payload.Identity))
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
defer func() { _ = cfgFile.Close() }()
|
||||
_, err = cfgFile.Write([]byte(resp.Payload.Cfg))
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
logrus.Infof("enabled, identity = '%v'", resp.Payload.Identity)
|
||||
}
|
||||
|
@ -1,10 +1,24 @@
|
||||
package controller
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"context"
|
||||
"crypto/x509"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"github.com/go-openapi/runtime/middleware"
|
||||
"github.com/openziti-test-kitchen/zrok/controller/store"
|
||||
"github.com/openziti-test-kitchen/zrok/rest_model"
|
||||
"github.com/openziti-test-kitchen/zrok/rest_zrok_server/operations/identity"
|
||||
"github.com/openziti/edge/rest_management_api_client"
|
||||
identity_edge "github.com/openziti/edge/rest_management_api_client/identity"
|
||||
rest_model_edge "github.com/openziti/edge/rest_model"
|
||||
"github.com/openziti/edge/rest_util"
|
||||
sdk_config "github.com/openziti/sdk-golang/ziti/config"
|
||||
"github.com/openziti/sdk-golang/ziti/enroll"
|
||||
"github.com/pkg/errors"
|
||||
"github.com/sirupsen/logrus"
|
||||
"time"
|
||||
)
|
||||
|
||||
func enableHandler(params identity.EnableParams) middleware.Responder {
|
||||
@ -24,7 +38,92 @@ func enableHandler(params identity.EnableParams) middleware.Responder {
|
||||
}
|
||||
logrus.Infof("found account '%v'", a.Username)
|
||||
|
||||
return identity.NewEnableCreated().WithPayload(&rest_model.EnableResponse{
|
||||
Identity: a.Username,
|
||||
ctrlAddress := "https://linux:1280"
|
||||
caCerts, err := rest_util.GetControllerWellKnownCas(ctrlAddress)
|
||||
if err != nil {
|
||||
panic(errors.Wrap(err, "error getting cas"))
|
||||
}
|
||||
caPool := x509.NewCertPool()
|
||||
for _, ca := range caCerts {
|
||||
caPool.AddCert(ca)
|
||||
}
|
||||
client, err := rest_util.NewEdgeManagementClientWithUpdb("admin", "admin", ctrlAddress, caPool)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
ident, err := createIdentity(a, client)
|
||||
if err != nil {
|
||||
logrus.Error(err)
|
||||
panic(err)
|
||||
}
|
||||
cfg, err := enrollIdentity(ident.Payload.Data.ID, client)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
resp := identity.NewEnableCreated().WithPayload(&rest_model.EnableResponse{
|
||||
Identity: ident.Payload.Data.ID,
|
||||
})
|
||||
|
||||
var out bytes.Buffer
|
||||
enc := json.NewEncoder(&out)
|
||||
enc.SetEscapeHTML(false)
|
||||
err = enc.Encode(&cfg)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
resp.Payload.Cfg = out.String()
|
||||
|
||||
return resp
|
||||
}
|
||||
|
||||
func createIdentity(a *store.Account, client *rest_management_api_client.ZitiEdgeManagement) (*identity_edge.CreateIdentityCreated, error) {
|
||||
iIsAdmin := false
|
||||
iId, err := generateIdentityId()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
iName := fmt.Sprintf("%v-%v", a.Username, iId)
|
||||
iType := rest_model_edge.IdentityTypeUser
|
||||
i := &rest_model_edge.IdentityCreate{
|
||||
Enrollment: &rest_model_edge.IdentityCreateEnrollment{Ott: true},
|
||||
IsAdmin: &iIsAdmin,
|
||||
Name: &iName,
|
||||
RoleAttributes: nil,
|
||||
ServiceHostingCosts: nil,
|
||||
Tags: nil,
|
||||
Type: &iType,
|
||||
}
|
||||
p := identity_edge.NewCreateIdentityParams()
|
||||
p.Identity = i
|
||||
ident, err := client.Identity.CreateIdentity(p, nil)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return ident, nil
|
||||
}
|
||||
|
||||
func enrollIdentity(id string, client *rest_management_api_client.ZitiEdgeManagement) (*sdk_config.Config, error) {
|
||||
p := &identity_edge.DetailIdentityParams{
|
||||
Context: context.Background(),
|
||||
ID: id,
|
||||
}
|
||||
p.SetTimeout(30 * time.Second)
|
||||
resp, err := client.Identity.DetailIdentity(p, nil)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
tkn, _, err := enroll.ParseToken(resp.GetPayload().Data.Enrollment.Ott.JWT)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
flags := enroll.EnrollmentFlags{
|
||||
Token: tkn,
|
||||
KeyAlg: "RSA",
|
||||
}
|
||||
conf, err := enroll.Enroll(flags)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return conf, nil
|
||||
}
|
||||
|
@ -13,3 +13,11 @@ func generateApiToken() (string, error) {
|
||||
}
|
||||
return hex.EncodeToString(bytes), nil
|
||||
}
|
||||
|
||||
func generateIdentityId() (string, error) {
|
||||
bytes := make([]byte, 16)
|
||||
if _, err := rand.Read(bytes); err != nil {
|
||||
return "", errors.Wrap(err, "error generating random identity id")
|
||||
}
|
||||
return hex.EncodeToString(bytes), nil
|
||||
}
|
||||
|
3
go.mod
3
go.mod
@ -16,6 +16,7 @@ require (
|
||||
github.com/mattn/go-sqlite3 v1.14.14
|
||||
github.com/michaelquigley/pfxlog v0.6.9
|
||||
github.com/openziti/edge v0.22.39
|
||||
github.com/openziti/foundation/v2 v2.0.1
|
||||
github.com/openziti/sdk-golang v0.16.103
|
||||
github.com/pkg/errors v0.9.1
|
||||
github.com/rubenv/sql-migrate v1.1.2
|
||||
@ -25,6 +26,7 @@ require (
|
||||
)
|
||||
|
||||
require (
|
||||
github.com/Jeffail/gabs v1.4.0 // indirect
|
||||
github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
|
||||
github.com/cenkalti/backoff/v4 v4.1.3 // indirect
|
||||
github.com/docker/go-units v0.4.0 // indirect
|
||||
@ -51,7 +53,6 @@ require (
|
||||
github.com/oklog/ulid v1.3.1 // indirect
|
||||
github.com/opentracing/opentracing-go v1.2.0 // indirect
|
||||
github.com/openziti/channel v0.18.58 // indirect
|
||||
github.com/openziti/foundation/v2 v2.0.1 // indirect
|
||||
github.com/openziti/identity v1.0.5 // indirect
|
||||
github.com/openziti/metrics v1.0.2 // indirect
|
||||
github.com/openziti/transport/v2 v2.0.20 // indirect
|
||||
|
2
go.sum
2
go.sum
@ -39,6 +39,8 @@ cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9
|
||||
dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
|
||||
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
|
||||
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
|
||||
github.com/Jeffail/gabs v1.4.0 h1://5fYRRTq1edjfIrQGvdkcd22pkYUrHZ5YC/H2GJVAo=
|
||||
github.com/Jeffail/gabs v1.4.0/go.mod h1:6xMvQMK4k33lb7GUUpaAPh6nKMmemQeg5d4gn7/bOXc=
|
||||
github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
|
||||
github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y=
|
||||
github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o=
|
||||
|
@ -17,6 +17,9 @@ import (
|
||||
// swagger:model enableResponse
|
||||
type EnableResponse struct {
|
||||
|
||||
// cfg
|
||||
Cfg string `json:"cfg,omitempty"`
|
||||
|
||||
// identity
|
||||
Identity string `json:"identity,omitempty"`
|
||||
}
|
||||
|
@ -29,6 +29,12 @@ func (o *EnableReader) ReadResponse(response runtime.ClientResponse, consumer ru
|
||||
return nil, err
|
||||
}
|
||||
return result, nil
|
||||
case 404:
|
||||
result := NewEnableNotFound()
|
||||
if err := result.readResponse(response, consumer, o.formats); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return nil, result
|
||||
case 500:
|
||||
result := NewEnableInternalServerError()
|
||||
if err := result.readResponse(response, consumer, o.formats); err != nil {
|
||||
@ -72,6 +78,27 @@ func (o *EnableCreated) readResponse(response runtime.ClientResponse, consumer r
|
||||
return nil
|
||||
}
|
||||
|
||||
// NewEnableNotFound creates a EnableNotFound with default headers values
|
||||
func NewEnableNotFound() *EnableNotFound {
|
||||
return &EnableNotFound{}
|
||||
}
|
||||
|
||||
/* EnableNotFound describes a response with status code 404, with default header values.
|
||||
|
||||
account not found
|
||||
*/
|
||||
type EnableNotFound struct {
|
||||
}
|
||||
|
||||
func (o *EnableNotFound) Error() string {
|
||||
return fmt.Sprintf("[POST /enable][%d] enableNotFound ", 404)
|
||||
}
|
||||
|
||||
func (o *EnableNotFound) readResponse(response runtime.ClientResponse, consumer runtime.Consumer, formats strfmt.Registry) error {
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// NewEnableInternalServerError creates a EnableInternalServerError with default headers values
|
||||
func NewEnableInternalServerError() *EnableInternalServerError {
|
||||
return &EnableInternalServerError{}
|
||||
|
@ -87,6 +87,9 @@ func init() {
|
||||
"$ref": "#/definitions/enableResponse"
|
||||
}
|
||||
},
|
||||
"404": {
|
||||
"description": "account not found"
|
||||
},
|
||||
"500": {
|
||||
"description": "internal server error"
|
||||
}
|
||||
@ -141,6 +144,9 @@ func init() {
|
||||
"enableResponse": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"cfg": {
|
||||
"type": "string"
|
||||
},
|
||||
"identity": {
|
||||
"type": "string"
|
||||
}
|
||||
@ -226,6 +232,9 @@ func init() {
|
||||
"$ref": "#/definitions/enableResponse"
|
||||
}
|
||||
},
|
||||
"404": {
|
||||
"description": "account not found"
|
||||
},
|
||||
"500": {
|
||||
"description": "internal server error"
|
||||
}
|
||||
@ -280,6 +289,9 @@ func init() {
|
||||
"enableResponse": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"cfg": {
|
||||
"type": "string"
|
||||
},
|
||||
"identity": {
|
||||
"type": "string"
|
||||
}
|
||||
|
@ -57,6 +57,30 @@ func (o *EnableCreated) WriteResponse(rw http.ResponseWriter, producer runtime.P
|
||||
}
|
||||
}
|
||||
|
||||
// EnableNotFoundCode is the HTTP code returned for type EnableNotFound
|
||||
const EnableNotFoundCode int = 404
|
||||
|
||||
/*EnableNotFound account not found
|
||||
|
||||
swagger:response enableNotFound
|
||||
*/
|
||||
type EnableNotFound struct {
|
||||
}
|
||||
|
||||
// NewEnableNotFound creates EnableNotFound with default headers values
|
||||
func NewEnableNotFound() *EnableNotFound {
|
||||
|
||||
return &EnableNotFound{}
|
||||
}
|
||||
|
||||
// WriteResponse to the client
|
||||
func (o *EnableNotFound) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
|
||||
|
||||
rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
|
||||
|
||||
rw.WriteHeader(404)
|
||||
}
|
||||
|
||||
// EnableInternalServerErrorCode is the HTTP code returned for type EnableInternalServerError
|
||||
const EnableInternalServerErrorCode int = 500
|
||||
|
||||
|
@ -81,6 +81,8 @@ definitions:
|
||||
properties:
|
||||
identity:
|
||||
type: string
|
||||
cfg:
|
||||
type: string
|
||||
|
||||
produces:
|
||||
- application/zrok.v1+json
|
||||
|
Loading…
Reference in New Issue
Block a user