From f1388ab271ce62c806c616a3fb6218da4a890dbb Mon Sep 17 00:00:00 2001 From: Michael Quigley Date: Wed, 14 Dec 2022 14:13:40 -0500 Subject: [PATCH] ziti_edge_sdk; erp (#112) --- controller/bootstrap.go | 2 +- controller/create_identity.go | 2 +- controller/disable.go | 2 +- controller/edge.go | 57 ---------------------------- controller/enable.go | 3 +- controller/zrok_edge_sdk/erp.go | 67 +++++++++++++++++++++++++++++++++ 6 files changed, 72 insertions(+), 61 deletions(-) create mode 100644 controller/zrok_edge_sdk/erp.go diff --git a/controller/bootstrap.go b/controller/bootstrap.go index 736c9f6f..e56c86f7 100644 --- a/controller/bootstrap.go +++ b/controller/bootstrap.go @@ -236,7 +236,7 @@ func assertErpForIdentity(name, zId string, edge *rest_management_api_client.Zit } if len(listResp.Payload.Data) != 1 { logrus.Infof("creating erp for '%v' (%v)", name, zId) - if err := createEdgeRouterPolicy(name, zId, edge); err != nil { + if err := zrok_edge_sdk.CreateEdgeRouterPolicy(name, zId, edge); err != nil { return errors.Wrapf(err, "error creating erp for '%v' (%v)", name, zId) } } diff --git a/controller/create_identity.go b/controller/create_identity.go index 4e8a69d6..f0aff416 100644 --- a/controller/create_identity.go +++ b/controller/create_identity.go @@ -47,7 +47,7 @@ func (h *createIdentityHandler) Handle(params admin.CreateIdentityParams, princi return admin.NewCreateIdentityInternalServerError() } - if err := createEdgeRouterPolicy(name, zId, edge); err != nil { + if err := zrok_edge_sdk.CreateEdgeRouterPolicy(name, zId, edge); err != nil { logrus.Errorf("error creating edge router policy for identity: %v", err) return admin.NewCreateIdentityInternalServerError() } diff --git a/controller/disable.go b/controller/disable.go index 469ce5a0..4e185d3d 100644 --- a/controller/disable.go +++ b/controller/disable.go @@ -48,7 +48,7 @@ func (h *disableHandler) Handle(params environment.DisableParams, principal *res logrus.Errorf("error removing environment: %v", err) return environment.NewDisableInternalServerError() } - if err := deleteEdgeRouterPolicy(env.ZId, edge); err != nil { + if err := zrok_edge_sdk.DeleteEdgeRouterPolicy(env.ZId, edge); err != nil { logrus.Errorf("error deleting edge router policy: %v", err) return environment.NewDisableInternalServerError() } diff --git a/controller/edge.go b/controller/edge.go index 2343024b..e472acfe 100644 --- a/controller/edge.go +++ b/controller/edge.go @@ -5,7 +5,6 @@ import ( "fmt" "github.com/openziti-test-kitchen/zrok/controller/zrok_edge_sdk" "github.com/openziti/edge/rest_management_api_client" - "github.com/openziti/edge/rest_management_api_client/edge_router_policy" identity_edge "github.com/openziti/edge/rest_management_api_client/identity" rest_model_edge "github.com/openziti/edge/rest_model" sdk_config "github.com/openziti/sdk-golang/ziti/config" @@ -14,62 +13,6 @@ import ( "time" ) -func createEdgeRouterPolicy(name, zId string, edge *rest_management_api_client.ZitiEdgeManagement) error { - edgeRouterRoles := []string{"#all"} - identityRoles := []string{fmt.Sprintf("@%v", zId)} - semantic := rest_model_edge.SemanticAllOf - erp := &rest_model_edge.EdgeRouterPolicyCreate{ - EdgeRouterRoles: edgeRouterRoles, - IdentityRoles: identityRoles, - Name: &name, - Semantic: &semantic, - Tags: zrok_edge_sdk.ZrokTags(), - } - req := &edge_router_policy.CreateEdgeRouterPolicyParams{ - Policy: erp, - Context: context.Background(), - } - req.SetTimeout(30 * time.Second) - resp, err := edge.EdgeRouterPolicy.CreateEdgeRouterPolicy(req, nil) - if err != nil { - return err - } - logrus.Infof("created edge router policy '%v' for ziti identity '%v'", resp.Payload.Data.ID, zId) - return nil -} - -func deleteEdgeRouterPolicy(envZId string, edge *rest_management_api_client.ZitiEdgeManagement) error { - filter := fmt.Sprintf("name=\"%v\"", envZId) - limit := int64(0) - offset := int64(0) - listReq := &edge_router_policy.ListEdgeRouterPoliciesParams{ - Filter: &filter, - Limit: &limit, - Offset: &offset, - Context: context.Background(), - } - listReq.SetTimeout(30 * time.Second) - listResp, err := edge.EdgeRouterPolicy.ListEdgeRouterPolicies(listReq, nil) - if err != nil { - return err - } - if len(listResp.Payload.Data) == 1 { - erpId := *(listResp.Payload.Data[0].ID) - req := &edge_router_policy.DeleteEdgeRouterPolicyParams{ - ID: erpId, - Context: context.Background(), - } - _, err := edge.EdgeRouterPolicy.DeleteEdgeRouterPolicy(req, nil) - if err != nil { - return err - } - logrus.Infof("deleted edge router policy '%v' for environment '%v'", erpId, envZId) - } else { - logrus.Infof("found '%d' edge router policies, expected 1", len(listResp.Payload.Data)) - } - return nil -} - func createEnvironmentIdentity(accountEmail string, client *rest_management_api_client.ZitiEdgeManagement) (*identity_edge.CreateIdentityCreated, error) { name, err := createToken() if err != nil { diff --git a/controller/enable.go b/controller/enable.go index 1c3b8dba..85a549f2 100644 --- a/controller/enable.go +++ b/controller/enable.go @@ -5,6 +5,7 @@ import ( "encoding/json" "github.com/go-openapi/runtime/middleware" "github.com/openziti-test-kitchen/zrok/controller/store" + "github.com/openziti-test-kitchen/zrok/controller/zrok_edge_sdk" "github.com/openziti-test-kitchen/zrok/rest_model_zrok" "github.com/openziti-test-kitchen/zrok/rest_server_zrok/operations/environment" "github.com/sirupsen/logrus" @@ -41,7 +42,7 @@ func (h *enableHandler) Handle(params environment.EnableParams, principal *rest_ logrus.Error(err) return environment.NewEnableInternalServerError() } - if err := createEdgeRouterPolicy(envZId, envZId, client); err != nil { + if err := zrok_edge_sdk.CreateEdgeRouterPolicy(envZId, envZId, client); err != nil { logrus.Error(err) return environment.NewEnableInternalServerError() } diff --git a/controller/zrok_edge_sdk/erp.go b/controller/zrok_edge_sdk/erp.go new file mode 100644 index 00000000..f635600e --- /dev/null +++ b/controller/zrok_edge_sdk/erp.go @@ -0,0 +1,67 @@ +package zrok_edge_sdk + +import ( + "context" + "fmt" + "github.com/openziti/edge/rest_management_api_client" + "github.com/openziti/edge/rest_management_api_client/edge_router_policy" + rest_model_edge "github.com/openziti/edge/rest_model" + "github.com/sirupsen/logrus" + "time" +) + +func CreateEdgeRouterPolicy(name, zId string, edge *rest_management_api_client.ZitiEdgeManagement) error { + edgeRouterRoles := []string{"#all"} + identityRoles := []string{fmt.Sprintf("@%v", zId)} + semantic := rest_model_edge.SemanticAllOf + erp := &rest_model_edge.EdgeRouterPolicyCreate{ + EdgeRouterRoles: edgeRouterRoles, + IdentityRoles: identityRoles, + Name: &name, + Semantic: &semantic, + Tags: ZrokTags(), + } + req := &edge_router_policy.CreateEdgeRouterPolicyParams{ + Policy: erp, + Context: context.Background(), + } + req.SetTimeout(30 * time.Second) + resp, err := edge.EdgeRouterPolicy.CreateEdgeRouterPolicy(req, nil) + if err != nil { + return err + } + logrus.Infof("created edge router policy '%v' for ziti identity '%v'", resp.Payload.Data.ID, zId) + return nil +} + +func DeleteEdgeRouterPolicy(envZId string, edge *rest_management_api_client.ZitiEdgeManagement) error { + filter := fmt.Sprintf("name=\"%v\"", envZId) + limit := int64(0) + offset := int64(0) + listReq := &edge_router_policy.ListEdgeRouterPoliciesParams{ + Filter: &filter, + Limit: &limit, + Offset: &offset, + Context: context.Background(), + } + listReq.SetTimeout(30 * time.Second) + listResp, err := edge.EdgeRouterPolicy.ListEdgeRouterPolicies(listReq, nil) + if err != nil { + return err + } + if len(listResp.Payload.Data) == 1 { + erpId := *(listResp.Payload.Data[0].ID) + req := &edge_router_policy.DeleteEdgeRouterPolicyParams{ + ID: erpId, + Context: context.Background(), + } + _, err := edge.EdgeRouterPolicy.DeleteEdgeRouterPolicy(req, nil) + if err != nil { + return err + } + logrus.Infof("deleted edge router policy '%v' for environment '%v'", erpId, envZId) + } else { + logrus.Infof("found '%d' edge router policies, expected 1", len(listResp.Payload.Data)) + } + return nil +}