zrok/controller/agentUnenroll.go

package controller

import (
	"context"
	"fmt"
	"github.com/go-openapi/runtime/middleware"
	"github.com/openziti/edge-api/rest_management_api_client"
	edge_service "github.com/openziti/edge-api/rest_management_api_client/service"
	"github.com/openziti/zrok/controller/zrokEdgeSdk"
	"github.com/openziti/zrok/rest_model_zrok"
	"github.com/openziti/zrok/rest_server_zrok/operations/agent"
	"github.com/pkg/errors"
	"github.com/sirupsen/logrus"
	"time"
)

type agentUnenrollHandler struct{}

func newAgentUnenrollHandler() *agentUnenrollHandler {
	return &agentUnenrollHandler{}
}

func (h *agentUnenrollHandler) Handle(params agent.UnenrollParams, principal *rest_model_zrok.Principal) middleware.Responder {
	// start transaction early, if it fails, don't bother creating ziti resources
	trx, err := str.Begin()
	if err != nil {
		logrus.Errorf("error starting transaction for '%v': %v", principal.Email, err)
		return agent.NewUnenrollInternalServerError()
	}
	defer trx.Rollback()

	env, err := str.FindEnvironmentForAccount(params.Body.EnvZID, int(principal.ID), trx)
	if err != nil {
		logrus.Errorf("error finding environment '%v' for '%v': %v", params.Body.EnvZID, principal.Email, err)
		return agent.NewUnenrollUnauthorized()
	}

	ae, err := str.FindAgentEnrollmentForEnvironment(env.Id, trx)
	if err != nil {
		logrus.Errorf("error finding agent enrollment for '%v' (%v): %v", params.Body.EnvZID, principal.Email, err)
		return agent.NewUnenrollBadRequest()
	}

	client, err := zrokEdgeSdk.Client(cfg.Ziti)
	if err != nil {
		logrus.Errorf("error getting ziti client for '%v': %v", principal.Email, err)
		return agent.NewUnenrollInternalServerError()
	}

	if err := zrokEdgeSdk.DeleteServiceEdgeRouterPolicyForAgentRemote(env.ZId, ae.Token, client); err != nil {
		logrus.Errorf("error removing agent remote serp for '%v' (%v): %v", env.ZId, principal.Email, err)
		return agent.NewUnenrollInternalServerError()
	}

	if err := zrokEdgeSdk.DeleteServicePoliciesDialForAgentRemote(env.ZId, ae.Token, client); err != nil {
		logrus.Errorf("error removing agent remote dial service policy for '%v' (%v): %v", env.ZId, principal.Email, err)
		return agent.NewUnenrollInternalServerError()
	}

	if err := zrokEdgeSdk.DeleteServicePoliciesBindForAgentRemote(env.ZId, ae.Token, client); err != nil {
		logrus.Errorf("error removing agent remote bind service policy for '%v' (%v): %v", env.ZId, principal.Email, err)
		return agent.NewUnenrollInternalServerError()
	}

	aeZId, err := h.findAgentRemoteZId(ae.Token, client)
	if err != nil {
		logrus.Errorf("error finding zId for agent remote service for '%v' (%v): %v", env.ZId, principal.Email, err)
		return agent.NewUnenrollInternalServerError()
	}

	if err := zrokEdgeSdk.DeleteService(env.ZId, aeZId, client); err != nil {
		logrus.Errorf("error removing agent remote service for '%v' (%v): %v", env.ZId, principal.Email, err)
		return agent.NewUnenrollInternalServerError()
	}

	if err := str.DeleteAgentEnrollment(ae.Id, trx); err != nil {
		logrus.Errorf("error deleting agent enrollment for '%v' (%v): %v", env.ZId, principal.Email, err)
		return agent.NewUnenrollInternalServerError()
	}

	if err := trx.Commit(); err != nil {
		logrus.Errorf("error committing agent unenrollment for '%v' (%v): %v", env.ZId, principal.Email, err)
		return agent.NewUnenrollInternalServerError()
	}

	return agent.NewUnenrollOK()
}

func (h *agentUnenrollHandler) findAgentRemoteZId(enrollmentToken string, edge *rest_management_api_client.ZitiEdgeManagement) (string, error) {
	filter := fmt.Sprintf("name=\"%v\"", enrollmentToken)
	limit := int64(1)
	offset := int64(0)
	listReq := &edge_service.ListServicesParams{
		Filter:  &filter,
		Limit:   &limit,
		Offset:  &offset,
		Context: context.Background(),
	}
	listReq.SetTimeout(30 * time.Second)
	listResp, err := edge.Service.ListServices(listReq, nil)
	if err != nil {
		return "", err
	}
	if len(listResp.Payload.Data) == 1 {
		return *(listResp.Payload.Data[0].ID), nil
	}
	return "", errors.Errorf("agent remote service '%v' not found", enrollmentToken)
}