env_core.Environment.Token -> env_core.Environment.AccountToken (#820); new 'zrok rebase' tree with 'zrok rebase apiEndpoint' and 'zrok rebase accountToken' (#897)

2025-06-19 17:27:54 +02:00 · 2025-02-26 13:06:05 -05:00 · 2025-02-26 13:06:05 -05:00 · cf3f3c1fd6
commit cf3f3c1fd6
parent 6006410ae6
20 changed files with 112 additions and 40 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -14,7 +14,7 @@ FEATURE: `zrok share [public|private|reserved]` and `zrok access private` now au
 FEATURE: `zrok access private` supports a new `--auto` mode, which can automatically find an available open address/port to bind the frontend listener on. Also includes `--auto-address`, `--auto-start-port`, and `--auto-end-port` features with sensible defaults. Supported by both the agent and local operating modes (https://github.com/openziti/zrok/issues/780)
-FEATURE: `zrok rebase` command allows "rebasing" an enabled environment onto a different API endpoint. This is useful for migrating already-enabled environments between endpoints supporting different zrok versions (https://github.com/openziti/zrok/issues/869)
+FEATURE: `zrok rebase` commands (`zrok rebase apiEndpoint` and `zrok rebase accountToken`) allows "rebasing" an enabled environment onto a different API endpoint or a different account token. This is useful for migrating already-enabled environments between endpoints supporting different zrok versions, and is also useful when regenerating an account token (https://github.com/openziti/zrok/issues/869, https://github.com/openziti/zrok/issues/897)
 FEATURE: `zrok test canary` CLI tree replaces the old `zrok test loop` tree; new `zrok test canary public-proxy` and `zrok test canary private-proxy` provide modernized, updated versions of what the `zrok test loop` commands used to do. This new approach will serve as the foundation for all future zrok testing infrastructure (https://github.com/openziti/zrok/issues/771)
--- a/cmd/zrok/accessPrivate.go
+++ b/cmd/zrok/accessPrivate.go
@ -116,7 +116,7 @@ func (cmd *accessPrivateCommand) accessLocal(args []string, root env_core.Root)
 		cmd.error(err)
 	}
-	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().Token)
+	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().AccountToken)
 	req := share.NewAccessParams()
 	req.Body.ShareToken = shrToken
 	req.Body.EnvZID = root.Environment().ZitiIdentity
--- a/cmd/zrok/disable.go
+++ b/cmd/zrok/disable.go
@ -49,7 +49,7 @@ func (cmd *disableCommand) run(_ *cobra.Command, _ []string) {
 		}
 		panic(err)
 	}
-	auth := httpTransport.APIKeyAuth("X-TOKEN", "header", env.Environment().Token)
+	auth := httpTransport.APIKeyAuth("X-TOKEN", "header", env.Environment().AccountToken)
 	req := restEnvironment.NewDisableParams()
 	req.Body.Identity = env.Environment().ZitiIdentity
--- a/cmd/zrok/enable.go
+++ b/cmd/zrok/enable.go
@ -120,7 +120,7 @@ func (cmd *enableCommand) run(_ *cobra.Command, args []string) {
 		prg.Send("writing the environment details...")
 	}
 	apiEndpoint, _ := env.ApiEndpoint()
-	if err := env.SetEnvironment(&env_core.Environment{Token: token, ZitiIdentity: resp.Payload.Identity, ApiEndpoint: apiEndpoint}); err != nil {
+	if err := env.SetEnvironment(&env_core.Environment{AccountToken: token, ZitiIdentity: resp.Payload.Identity, ApiEndpoint: apiEndpoint}); err != nil {
 		if !cmd.headless && prg != nil {
 			prg.Send(fmt.Sprintf("there was an error saving the new environment: %v", err))
 			prg.Quit()
--- a/cmd/zrok/main.go
+++ b/cmd/zrok/main.go
@ -33,6 +33,7 @@ func init() {
 	rootCmd.AddCommand(modifyCmd)
 	organizationCmd.AddCommand(organizationAdminCmd)
 	rootCmd.AddCommand(organizationCmd)
 	rootCmd.AddCommand(rebaseCmd)
 	rootCmd.AddCommand(shareCmd)
 	rootCmd.AddCommand(testCmd)
 	testCmd.AddCommand(testCanaryCmd)
@ -126,6 +127,11 @@ var organizationCmd = &cobra.Command{
 	Short:   "Organization commands",
 }
 var rebaseCmd = &cobra.Command{
 	Use:   "rebase",
 	Short: "Rebase enabled zrok environment",
 }
 var shareCmd = &cobra.Command{
 	Use:   "share",
 	Short: "Create backend access for shares",
--- a/cmd/zrok/modifyShare.go
+++ b/cmd/zrok/modifyShare.go
@ -54,7 +54,7 @@ func (cmd *modifyShareCommand) run(_ *cobra.Command, args []string) {
 		}
 		panic(err)
 	}
-	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().Token)
+	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().AccountToken)
 	if len(cmd.addAccessGrants) > 0 || len(cmd.removeAccessGrants) > 0 {
 		req := share.NewUpdateShareParams()
--- a/cmd/zrok/orgAdminList.go
+++ b/cmd/zrok/orgAdminList.go
@ -50,7 +50,7 @@ func (c *orgAdminListCommand) run(_ *cobra.Command, args []string) {
 		}
 		panic(err)
 	}
-	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().Token)
+	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().AccountToken)
 	req := metadata.NewListOrgMembersParams()
 	req.OrganizationToken = args[0]
--- a/cmd/zrok/orgAdminOverview.go
+++ b/cmd/zrok/orgAdminOverview.go
@ -51,7 +51,7 @@ func (cmd *orgAdminOverviewCommand) run(_ *cobra.Command, args []string) {
 		}
 		panic(err)
 	}
-	req.Header.Add("X-TOKEN", root.Environment().Token)
+	req.Header.Add("X-TOKEN", root.Environment().AccountToken)
 	resp, err := client.Do(req)
 	if err != nil {
 		if !panicInstead {
--- a/cmd/zrok/orgMemberships.go
+++ b/cmd/zrok/orgMemberships.go
@ -49,7 +49,7 @@ func (c *orgMembershipsCommand) run(_ *cobra.Command, _ []string) {
 		}
 		panic(err)
 	}
-	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().Token)
+	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().AccountToken)
 	in, err := zrok.Metadata.ListMemberships(nil, auth)
 	if err != nil {
--- a/cmd/zrok/rebaseAccountToken.go
+++ b/cmd/zrok/rebaseAccountToken.go
@ -0,0 +1,66 @@
 package main
 import (
 	"bufio"
 	"fmt"
 	"github.com/openziti/zrok/environment"
 	"github.com/openziti/zrok/tui"
 	"github.com/spf13/cobra"
 	"os"
 )
 func init() {
 	rebaseCmd.AddCommand(newRebaseAccountTokenCommand().cmd)
 }
 type rebaseAccountTokenCommand struct {
 	cmd *cobra.Command
 }
 func newRebaseAccountTokenCommand() *rebaseAccountTokenCommand {
 	cmd := &cobra.Command{
 		Use:   "accountToken <accountToken>",
 		Short: "Rebase an enabled environment onto a different account token",
 		Args:  cobra.ExactArgs(1),
 	}
 	command := &rebaseAccountTokenCommand{cmd: cmd}
 	cmd.Run = command.run
 	return command
 }
 func (cmd *rebaseAccountTokenCommand) run(_ *cobra.Command, args []string) {
 	root, err := environment.LoadRoot()
 	if err != nil {
 		tui.Error("error loading root", err)
 	}
 	if !root.IsEnabled() {
 		tui.Error("environment not enabled; 'zrok enable' your environment instead", nil)
 	}
 	env := root.Environment()
 	if args[0] != env.AccountToken {
 		fmt.Printf("this action will rebase your enabled environment to use the account token '%v'\n", args[0])
 		fmt.Println()
 		fmt.Println("you should only proceed if you understand why you're doing this!")
 		fmt.Println()
 		fmt.Print("to proceed, type 'yes': ")
 		scanner := bufio.NewScanner(os.Stdin)
 		if scanner.Scan() {
 			text := scanner.Text()
 			if text != "yes" {
 				tui.Error("rebase aborted!", nil)
 			}
 		}
 		fmt.Println()
 		env.AccountToken = args[0]
 		if err := root.SetEnvironment(env); err != nil {
 			tui.Error("error rebasing environment", err)
 		}
 		fmt.Printf("environment rebased to account token '%v'\n", env.AccountToken)
 	} else {
 		fmt.Printf("environment already configured to use the account token '%v'\n", env.AccountToken)
 	}
 }
--- a/cmd/zrok/rebaseApiEndpoint.go
+++ b/cmd/zrok/rebaseApiEndpoint.go
@ -10,25 +10,25 @@ import (
 )
 func init() {
-	rootCmd.AddCommand(newRebaseCommand().cmd)
+	rebaseCmd.AddCommand(newRebaseApiEndpointCommand().cmd)
 }
-type rebaseCommand struct {
+type rebaseApiEndpointCommand struct {
 	cmd *cobra.Command
 }
-func newRebaseCommand() *rebaseCommand {
+func newRebaseApiEndpointCommand() *rebaseApiEndpointCommand {
 	cmd := &cobra.Command{
-		Use:   "rebase <apiEndpoint>",
+		Use:   "apiEndpoint <apiEndpoint>",
 		Short: "Rebase an enabled environment onto a different API endpoint URL",
 		Args:  cobra.ExactArgs(1),
 	}
-	command := &rebaseCommand{cmd: cmd}
+	command := &rebaseApiEndpointCommand{cmd: cmd}
 	cmd.Run = command.run
 	return command
 }
-func (cmd *rebaseCommand) run(_ *cobra.Command, args []string) {
+func (cmd *rebaseApiEndpointCommand) run(_ *cobra.Command, args []string) {
 	root, err := environment.LoadRoot()
 	if err != nil {
 		tui.Error("error loading root", err)
@ -40,7 +40,7 @@ func (cmd *rebaseCommand) run(_ *cobra.Command, args []string) {
 	currentEndpoint, _ := root.ApiEndpoint()
 	if args[0] != currentEndpoint {
-		fmt.Printf("this action will rebase your enabled environment to use the zrok API at: %v\n", currentEndpoint)
+		fmt.Printf("this action will rebase your enabled environment to use the zrok API at: %v\n", args[0])
 		fmt.Println()
 		fmt.Println("you should only proceed if you understand why you're doing this!")
 		fmt.Println()
--- a/cmd/zrok/release.go
+++ b/cmd/zrok/release.go
@ -50,7 +50,7 @@ func (cmd *releaseCommand) run(_ *cobra.Command, args []string) {
 		panic(err)
 	}
-	auth := httptransport.APIKeyAuth("X-TOKEN", "header", env.Environment().Token)
+	auth := httptransport.APIKeyAuth("X-TOKEN", "header", env.Environment().AccountToken)
 	req := share.NewUnshareParams()
 	req.Body.EnvZID = env.Environment().ZitiIdentity
 	req.Body.ShareToken = shrToken
--- a/cmd/zrok/shareReserved.go
+++ b/cmd/zrok/shareReserved.go
@ -105,7 +105,7 @@ func (cmd *shareReservedCommand) shareLocal(args []string, root env_core.Root) {
 	if err != nil {
 		cmd.error("unable to create zrok client", err)
 	}
-	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().Token)
+	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().AccountToken)
 	req := metadata.NewGetShareDetailParams()
 	req.ShareToken = shrToken
 	resp, err := zrok.Metadata.GetShareDetail(req, auth)
--- a/cmd/zrok/status.go
+++ b/cmd/zrok/status.go
@ -67,14 +67,14 @@ func (cmd *statusCommand) run(_ *cobra.Command, _ []string) {
 		t.SetStyle(table.StyleColoredDark)
 		t.AppendHeader(table.Row{"Property", "Value"})
 		if cmd.secrets {
-			t.AppendRow(table.Row{"Secret Token", env.Environment().Token})
+			t.AppendRow(table.Row{"Account Token", env.Environment().AccountToken})
 			t.AppendRow(table.Row{"Ziti Identity", env.Environment().ZitiIdentity})
 		} else {
 			secretToken := "<<SET>>"
-			if env.Environment().Token == "" {
+			if env.Environment().AccountToken == "" {
 				secretToken = "<<UNSET>>"
 			}
-			t.AppendRow(table.Row{"Secret Token", secretToken})
+			t.AppendRow(table.Row{"Account Token", secretToken})
 			zId := "<<SET>>"
 			if env.Environment().ZitiIdentity == "" {
--- a/environment/env_core/model.go
+++ b/environment/env_core/model.go
@ -32,7 +32,7 @@ type Root interface {
 }
 type Environment struct {
-	Token        string
+	AccountToken string
 	ZitiIdentity string
 	ApiEndpoint  string
 }
--- a/environment/env_v0_3/root.go
+++ b/environment/env_v0_3/root.go
@ -205,7 +205,7 @@ func loadEnvironment() (*env_core.Environment, error) {
 		return nil, errors.Wrapf(err, "error unmarshaling environment file '%v'", ef)
 	}
 	out := &env_core.Environment{
-		Token:        env.Token,
+		AccountToken: env.AccountToken,
 		ZitiIdentity: env.ZId,
 		ApiEndpoint:  env.ApiEndpoint,
 	}
@ -214,9 +214,9 @@ func loadEnvironment() (*env_core.Environment, error) {
 func saveEnvironment(env *env_core.Environment) error {
 	in := &environment{
-		Token:       env.Token,
+		AccountToken: env.AccountToken,
-		ZId:         env.ZitiIdentity,
+		ZId:          env.ZitiIdentity,
-		ApiEndpoint: env.ApiEndpoint,
+		ApiEndpoint:  env.ApiEndpoint,
 	}
 	data, err := json.MarshalIndent(in, "", "  ")
 	if err != nil {
@ -256,7 +256,7 @@ type config struct {
 }
 type environment struct {
-	Token       string `json:"zrok_token"`
+	AccountToken string `json:"zrok_token"`
-	ZId         string `json:"ziti_identity"`
+	ZId          string `json:"ziti_identity"`
-	ApiEndpoint string `json:"api_endpoint"`
+	ApiEndpoint  string `json:"api_endpoint"`
 }
--- a/environment/env_v0_4/root.go
+++ b/environment/env_v0_4/root.go
@ -282,7 +282,7 @@ func loadEnvironment() (*env_core.Environment, error) {
 		return nil, errors.Wrapf(err, "error unmarshaling environment file '%v'", ef)
 	}
 	out := &env_core.Environment{
-		Token:        env.Token,
+		AccountToken: env.AccountToken,
 		ZitiIdentity: env.ZId,
 		ApiEndpoint:  env.ApiEndpoint,
 	}
@ -291,9 +291,9 @@ func loadEnvironment() (*env_core.Environment, error) {
 func saveEnvironment(env *env_core.Environment) error {
 	in := &environment{
-		Token:       env.Token,
+		AccountToken: env.AccountToken,
-		ZId:         env.ZitiIdentity,
+		ZId:          env.ZitiIdentity,
-		ApiEndpoint: env.ApiEndpoint,
+		ApiEndpoint:  env.ApiEndpoint,
 	}
 	data, err := json.MarshalIndent(in, "", "  ")
 	if err != nil {
@ -335,7 +335,7 @@ type config struct {
 }
 type environment struct {
-	Token       string `json:"zrok_token"`
+	AccountToken string `json:"zrok_token"`
-	ZId         string `json:"ziti_identity"`
+	ZId          string `json:"ziti_identity"`
-	ApiEndpoint string `json:"api_endpoint"`
+	ApiEndpoint  string `json:"api_endpoint"`
 }
--- a/sdk/golang/sdk/access.go
+++ b/sdk/golang/sdk/access.go
@ -20,7 +20,7 @@ func CreateAccess(root env_core.Root, request *AccessRequest) (*Access, error) {
 	if err != nil {
 		return nil, errors.Wrap(err, "error getting zrok client")
 	}
-	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().Token)
+	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().AccountToken)
 	in, err := zrok.Share.Access(out, auth)
 	if err != nil {
@ -40,7 +40,7 @@ func DeleteAccess(root env_core.Root, acc *Access) error {
 	if err != nil {
 		return errors.Wrap(err, "error getting zrok client")
 	}
-	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().Token)
+	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().AccountToken)
 	_, err = zrok.Share.Unaccess(out, auth)
 	if err != nil {
--- a/sdk/golang/sdk/overview.go
+++ b/sdk/golang/sdk/overview.go
@ -19,7 +19,7 @@ func Overview(root env_core.Root) (string, error) {
 	if err != nil {
 		return "", err
 	}
-	req.Header.Add("X-TOKEN", root.Environment().Token)
+	req.Header.Add("X-TOKEN", root.Environment().AccountToken)
 	resp, err := client.Do(req)
 	if err != nil {
 		return "", err
--- a/sdk/golang/sdk/share.go
+++ b/sdk/golang/sdk/share.go
@ -50,7 +50,7 @@ func CreateShare(root env_core.Root, request *ShareRequest) (*Share, error) {
 	if err != nil {
 		return nil, errors.Wrap(err, "error getting zrok client")
 	}
-	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().Token)
+	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().AccountToken)
 	in, err := zrok.Share.Share(out, auth)
 	if err != nil {
@ -104,7 +104,7 @@ func DeleteShare(root env_core.Root, shr *Share) error {
 	if err != nil {
 		return errors.Wrap(err, "error getting zrok client")
 	}
-	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().Token)
+	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().AccountToken)
 	_, err = zrok.Share.Unshare(req, auth)
 	if err != nil {