associate services to environments

cmd/zrok/http.go

@@ -61,7 +61,7 @@ func handleHttp(_ *cobra.Command, args []string) {
 	signal.Notify(c, os.Interrupt, syscall.SIGTERM)
 	go func() {
 		<-c
-		cleanupHttp(cfg, zrok, auth)
+		cleanupHttp(id, cfg, zrok, auth)
 		os.Exit(1)
 	}()
 
@@ -70,10 +70,11 @@ func handleHttp(_ *cobra.Command, args []string) {
 	}
 }
 
-func cleanupHttp(cfg *http.Config, zrok *rest_client_zrok.Zrok, auth runtime.ClientAuthInfoWriter) {
+func cleanupHttp(id string, cfg *http.Config, zrok *rest_client_zrok.Zrok, auth runtime.ClientAuthInfoWriter) {
 	logrus.Infof("shutting down '%v'", cfg.Service)
 	req := tunnel.NewUntunnelParams()
 	req.Body = &rest_model_zrok.UntunnelRequest{
+		ZitiIdentityID: id,
 		Service:        cfg.Service,
 	}
 	if _, err := zrok.Tunnel.Untunnel(req, auth); err == nil {

controller/controller.go

@@ -26,6 +26,7 @@ func Run(cfg *Config) error {
 	api.IdentityEnableHandler = identity.EnableHandlerFunc(enableHandler)
 	api.IdentityLoginHandler = identity.LoginHandlerFunc(loginHandler)
 	api.MetadataListEnvironmentsHandler = metadata.ListEnvironmentsHandlerFunc(listEnvironmentsHandler)
+	api.MetadataOverviewHandler = metadata.OverviewHandlerFunc(overviewHandler)
 	api.MetadataVersionHandler = metadata.VersionHandlerFunc(versionHandler)
 	api.TunnelTunnelHandler = tunnel.TunnelHandlerFunc(tunnelHandler)
 	api.TunnelUntunnelHandler = tunnel.UntunnelHandlerFunc(untunnelHandler)

controller/overview.go

@@ -0,0 +1,11 @@
+package controller
+
+import (
+	"github.com/go-openapi/runtime/middleware"
+	"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
+	"github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/metadata"
+)
+
+func overviewHandler(_ metadata.OverviewParams, principal *rest_model_zrok.Principal) middleware.Responder {
+	return nil
+}

controller/store/service.go

@@ -7,18 +7,18 @@ import (
 
 type Service struct {
 	Model
-	AccountId     int
+	EnvId         int
 	ZitiServiceId string
 	Endpoint      string
 	Active        bool
 }
 
-func (self *Store) CreateService(accountId int, svc *Service, tx *sqlx.Tx) (int, error) {
-	stmt, err := tx.Prepare("insert into services (account_id, ziti_service_id, endpoint, active) values (?, ?, ?, true)")
+func (self *Store) CreateService(envId int, svc *Service, tx *sqlx.Tx) (int, error) {
+	stmt, err := tx.Prepare("insert into services (environment_id, ziti_service_id, endpoint, active) values (?, ?, ?, true)")
 	if err != nil {
 		return 0, errors.Wrap(err, "error preparing services insert statement")
 	}
-	res, err := stmt.Exec(accountId, svc.ZitiServiceId, svc.Endpoint)
+	res, err := stmt.Exec(envId, svc.ZitiServiceId, svc.Endpoint)
 	if err != nil {
 		return 0, errors.Wrap(err, "error executing services insert statement")
 	}
@@ -37,10 +37,10 @@ func (self *Store) GetService(id int, tx *sqlx.Tx) (*Service, error) {
 	return svc, nil
 }
 
-func (self *Store) FindServicesForAccount(accountId int, tx *sqlx.Tx) ([]*Service, error) {
-	rows, err := tx.Queryx("select services.* from services where account_id = ?", accountId)
+func (self *Store) FindServicesForEnvironment(envId int, tx *sqlx.Tx) ([]*Service, error) {
+	rows, err := tx.Queryx("select services.* from services where environment_id = ?", envId)
 	if err != nil {
-		return nil, errors.Wrap(err, "error selecting services by account id")
+		return nil, errors.Wrap(err, "error selecting services by environment id")
 	}
 	var svcs []*Service
 	for rows.Next() {

controller/store/sql/000_base.sql

@@ -38,7 +38,7 @@ create table environments (
 --
 create table services (
   id                    integer             primary key,
-  account_id            integer             constraint fk_accounts_services references accounts on delete cascade,
+  environment_id        integer             constraint fk_environments_services references environments on delete cascade,
   ziti_service_id       string              not null unique,
   endpoint              string,
   active                boolean             not null,

controller/untunnel.go

@@ -38,8 +38,26 @@ func untunnelHandler(params tunnel.UntunnelParams, principal *rest_model_zrok.Pr
 		logrus.Error(err)
 		return tunnel.NewUntunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
 	}
+	var senv *store.Environment
+	if envs, err := str.FindEnvironmentsForAccount(int(principal.ID), tx); err == nil {
+		for _, env := range envs {
+			if env.ZitiIdentityId == params.Body.ZitiIdentityID {
+				senv = env
+				break
+			}
+		}
+		if senv == nil {
+			err := errors.Errorf("environment with id '%v' not found for '%v", params.Body.ZitiIdentityID, principal.Username)
+			logrus.Error(err)
+			return tunnel.NewUntunnelNotFound().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
+		}
+	} else {
+		logrus.Errorf("error finding environments for account '%v': %v", principal.Username, err)
+		return tunnel.NewUntunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
+	}
+
 	var ssvc *store.Service
-	if svcs, err := str.FindServicesForAccount(int(principal.ID), tx); err == nil {
+	if svcs, err := str.FindServicesForEnvironment(senv.Id, tx); err == nil {
 		for _, svc := range svcs {
 			if svc.ZitiServiceId == svcId {
 				ssvc = svc
@@ -52,7 +70,7 @@ func untunnelHandler(params tunnel.UntunnelParams, principal *rest_model_zrok.Pr
 			return tunnel.NewUntunnelNotFound().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
 		}
 	} else {
-		logrus.Errorf("error finding services for account '%v'", principal.Username)
+		logrus.Errorf("error finding services for account '%v': %v", principal.Username, err)
 		return tunnel.NewUntunnelInternalServerError().WithPayload(rest_model_zrok.ErrorMessage(err.Error()))
 	}
 

rest_client_zrok/metadata/metadata_client.go

@@ -32,7 +32,7 @@ type ClientOption func(*runtime.ClientOperation)
 type ClientService interface {
 	ListEnvironments(params *ListEnvironmentsParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*ListEnvironmentsOK, error)
 
-	Overview(params *OverviewParams, opts ...ClientOption) (*OverviewOK, error)
+	Overview(params *OverviewParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*OverviewOK, error)
 
 	Version(params *VersionParams, opts ...ClientOption) (*VersionOK, error)
 
@@ -81,7 +81,7 @@ func (a *Client) ListEnvironments(params *ListEnvironmentsParams, authInfo runti
 /*
   Overview overview API
 */
-func (a *Client) Overview(params *OverviewParams, opts ...ClientOption) (*OverviewOK, error) {
+func (a *Client) Overview(params *OverviewParams, authInfo runtime.ClientAuthInfoWriter, opts ...ClientOption) (*OverviewOK, error) {
 	// TODO: Validate the params before sending
 	if params == nil {
 		params = NewOverviewParams()
@@ -95,6 +95,7 @@ func (a *Client) Overview(params *OverviewParams, opts ...ClientOption) (*Overvi
 		Schemes:            []string{"http"},
 		Params:             params,
 		Reader:             &OverviewReader{formats: a.formats},
+		AuthInfo:           authInfo,
 		Context:            params.Context,
 		Client:             params.HTTPClient,
 	}

rest_model_zrok/untunnel_request.go

@@ -19,6 +19,9 @@ type UntunnelRequest struct {
 
 	// service
 	Service string `json:"service,omitempty"`
+
+	// ziti identity Id
+	ZitiIdentityID string `json:"zitiIdentityId,omitempty"`
 }
 
 // Validate validates this untunnel request

rest_server_zrok/embedded_spec.go

@@ -171,6 +171,11 @@ func init() {
     },
     "/overview": {
       "get": {
+        "security": [
+          {
+            "key": []
+          }
+        ],
         "tags": [
           "metadata"
         ],
@@ -455,6 +460,9 @@ func init() {
       "properties": {
         "service": {
           "type": "string"
+        },
+        "zitiIdentityId": {
+          "type": "string"
         }
       }
     },
@@ -624,6 +632,11 @@ func init() {
     },
     "/overview": {
       "get": {
+        "security": [
+          {
+            "key": []
+          }
+        ],
         "tags": [
           "metadata"
         ],
@@ -908,6 +921,9 @@ func init() {
       "properties": {
         "service": {
           "type": "string"
+        },
+        "zitiIdentityId": {
+          "type": "string"
         }
       }
     },

rest_server_zrok/operations/metadata/overview.go

@@ -9,19 +9,21 @@ import (
 	"net/http"
 
 	"github.com/go-openapi/runtime/middleware"
+
+	"github.com/openziti-test-kitchen/zrok/rest_model_zrok"
 )
 
 // OverviewHandlerFunc turns a function with the right signature into a overview handler
-type OverviewHandlerFunc func(OverviewParams) middleware.Responder
+type OverviewHandlerFunc func(OverviewParams, *rest_model_zrok.Principal) middleware.Responder
 
 // Handle executing the request and returning a response
-func (fn OverviewHandlerFunc) Handle(params OverviewParams) middleware.Responder {
-	return fn(params)
+func (fn OverviewHandlerFunc) Handle(params OverviewParams, principal *rest_model_zrok.Principal) middleware.Responder {
+	return fn(params, principal)
 }
 
 // OverviewHandler interface for that can handle valid overview params
 type OverviewHandler interface {
-	Handle(OverviewParams) middleware.Responder
+	Handle(OverviewParams, *rest_model_zrok.Principal) middleware.Responder
 }
 
 // NewOverview creates a new http.Handler for the overview operation
@@ -45,12 +47,25 @@ func (o *Overview) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
 		*r = *rCtx
 	}
 	var Params = NewOverviewParams()
+	uprinc, aCtx, err := o.Context.Authorize(r, route)
+	if err != nil {
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+	if aCtx != nil {
+		*r = *aCtx
+	}
+	var principal *rest_model_zrok.Principal
+	if uprinc != nil {
+		principal = uprinc.(*rest_model_zrok.Principal) // this is really a rest_model_zrok.Principal, I promise
+	}
+
 	if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
 		o.Context.Respond(rw, r, route.Produces, route, err)
 		return
 	}
 
-	res := o.Handler.Handle(Params) // actually handle the request
+	res := o.Handler.Handle(Params, principal) // actually handle the request
 	o.Context.Respond(rw, r, route.Produces, route, res)
 
 }

rest_server_zrok/operations/zrok_api.go

@@ -59,7 +59,7 @@ func NewZrokAPI(spec *loads.Document) *ZrokAPI {
 		IdentityLoginHandler: identity.LoginHandlerFunc(func(params identity.LoginParams) middleware.Responder {
 			return middleware.NotImplemented("operation identity.Login has not yet been implemented")
 		}),
-		MetadataOverviewHandler: metadata.OverviewHandlerFunc(func(params metadata.OverviewParams) middleware.Responder {
+		MetadataOverviewHandler: metadata.OverviewHandlerFunc(func(params metadata.OverviewParams, principal *rest_model_zrok.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation metadata.Overview has not yet been implemented")
 		}),
 		TunnelTunnelHandler: tunnel.TunnelHandlerFunc(func(params tunnel.TunnelParams, principal *rest_model_zrok.Principal) middleware.Responder {

specs/zrok.yml

@@ -101,6 +101,8 @@ paths:
     get:
       tags:
         - metadata
+      security:
+        - key: []
       operationId: overview
       responses:
         200:
@@ -287,6 +289,8 @@ definitions:
   untunnelRequest:
     type: object
     properties:
+      zitiIdentityId:
+        type: string
       service:
         type: string
 

ui/src/api/metadata.js

@@ -32,7 +32,12 @@ const listEnvironmentsOperation = {
 
 const overviewOperation = {
   path: '/overview',
-  method: 'get'
+  method: 'get',
+  security: [
+    {
+      id: 'key'
+    }
+  ]
 }
 
 const versionOperation = {

ui/src/api/types.js

@@ -100,5 +100,6 @@
  * @typedef untunnelRequest
  * @memberof module:types
  * 
+ * @property {string} zitiIdentityId 
  * @property {string} service 
  */