package controller import ( "fmt" "github.com/go-openapi/runtime/middleware" "github.com/jmoiron/sqlx" "github.com/openziti/edge-api/rest_management_api_client" "github.com/openziti/zrok/controller/zrokEdgeSdk" "github.com/openziti/zrok/rest_model_zrok" "github.com/openziti/zrok/rest_server_zrok/operations/environment" "github.com/pkg/errors" "github.com/sirupsen/logrus" ) type disableHandler struct { } func newDisableHandler() *disableHandler { return &disableHandler{} } func (h *disableHandler) Handle(params environment.DisableParams, principal *rest_model_zrok.Principal) middleware.Responder { tx, err := str.Begin() if err != nil { logrus.Errorf("error starting transaction for user '%v': %v", principal.Email, err) return environment.NewDisableInternalServerError() } defer func() { _ = tx.Rollback() }() envId, err := h.checkZitiIdentity(params.Body.Identity, principal, tx) if err != nil { logrus.Errorf("identity check failed for user '%v': %v", principal.Email, err) return environment.NewDisableUnauthorized() } env, err := str.GetEnvironment(envId, tx) if err != nil { logrus.Errorf("error getting environment for user '%v': %v", principal.Email, err) return environment.NewDisableInternalServerError() } if env.Deleted { logrus.Errorf("environment '%v' for user '%v' deleted", env.ZId, principal.Email) return environment.NewDisableUnauthorized() } edge, err := zrokEdgeSdk.Client(cfg.Ziti) if err != nil { logrus.Errorf("error getting edge client for user '%v': %v", principal.Email, err) return environment.NewDisableInternalServerError() } if err := h.removeSharesForEnvironment(envId, tx, edge); err != nil { logrus.Errorf("error removing shares for environment for user '%v': %v", principal.Email, err) return environment.NewDisableInternalServerError() } if err := h.removeFrontendsForEnvironment(envId, tx, edge); err != nil { logrus.Errorf("error removing frontends for environment for user '%v': %v", principal.Email, err) return environment.NewDisableInternalServerError() } if err := h.removeEnvironment(envId, tx); err != nil { logrus.Errorf("error removing environment for user '%v': %v", principal.Email, err) return environment.NewDisableInternalServerError() } if err := zrokEdgeSdk.DeleteEdgeRouterPolicy(env.ZId, edge); err != nil { logrus.Errorf("error deleting edge router policy for user '%v': %v", principal.Email, err) return environment.NewDisableInternalServerError() } if err := zrokEdgeSdk.DeleteIdentity(params.Body.Identity, edge); err != nil { logrus.Errorf("error deleting identity for user '%v': %v", principal.Email, err) return environment.NewDisableInternalServerError() } if err := tx.Commit(); err != nil { logrus.Errorf("error committing for user '%v': %v", principal.Email, err) } return environment.NewDisableOK() } func (h *disableHandler) checkZitiIdentity(id string, principal *rest_model_zrok.Principal, tx *sqlx.Tx) (int, error) { envs, err := str.FindEnvironmentsForAccount(int(principal.ID), tx) if err != nil { return -1, err } for _, env := range envs { if env.ZId == id { return env.Id, nil } } return -1, errors.Errorf("no such environment '%v'", id) } func (h *disableHandler) removeSharesForEnvironment(envId int, tx *sqlx.Tx, edge *rest_management_api_client.ZitiEdgeManagement) error { env, err := str.GetEnvironment(envId, tx) if err != nil { return err } if !env.Deleted { shrs, err := str.FindSharesForEnvironment(envId, tx) if err != nil { return err } for _, shr := range shrs { shrToken := shr.Token logrus.Infof("garbage collecting share '%v' for environment '%v'", shrToken, env.ZId) if err := zrokEdgeSdk.DeleteServiceEdgeRouterPolicy(env.ZId, shrToken, edge); err != nil { logrus.Error(err) } if err := zrokEdgeSdk.DeleteServicePoliciesDial(env.ZId, shrToken, edge); err != nil { logrus.Error(err) } if err := zrokEdgeSdk.DeleteServicePoliciesBind(env.ZId, shrToken, edge); err != nil { logrus.Error(err) } if err := zrokEdgeSdk.DeleteConfig(env.ZId, shrToken, edge); err != nil { logrus.Error(err) } if err := zrokEdgeSdk.DeleteService(env.ZId, shr.ZId, edge); err != nil { logrus.Error(err) } logrus.Infof("removed share '%v' for environment '%v'", shr.Token, env.ZId) } } return nil } func (h *disableHandler) removeFrontendsForEnvironment(envId int, tx *sqlx.Tx, edge *rest_management_api_client.ZitiEdgeManagement) error { env, err := str.GetEnvironment(envId, tx) if err != nil { return err } if !env.Deleted { fes, err := str.FindFrontendsForEnvironment(envId, tx) if err != nil { return err } for _, fe := range fes { if err := zrokEdgeSdk.DeleteServicePolicies(env.ZId, fmt.Sprintf("tags.zrokFrontendToken=\"%v\" and type=1", fe.Token), edge); err != nil { logrus.Errorf("error removing frontend access for '%v': %v", fe.Token, err) } } } return nil } func (h *disableHandler) removeEnvironment(envId int, tx *sqlx.Tx) error { shrs, err := str.FindSharesForEnvironment(envId, tx) if err != nil { return errors.Wrapf(err, "error finding shares for environment '%d'", envId) } for _, shr := range shrs { if err := str.DeleteShare(shr.Id, tx); err != nil { return errors.Wrapf(err, "error deleting share '%d' for environment '%d'", shr.Id, envId) } } fes, err := str.FindFrontendsForEnvironment(envId, tx) if err != nil { return errors.Wrapf(err, "error finding frontends for environment '%d'", envId) } for _, fe := range fes { if err := str.DeleteFrontend(fe.Id, tx); err != nil { return errors.Wrapf(err, "error deleting frontend '%d' for environment '%d'", fe.Id, envId) } } if err := str.DeleteEnvironment(envId, tx); err != nil { return errors.Wrapf(err, "error deleting environment '%d'", envId) } return nil }