zrok/controller/zrokEdgeSdk/identity.go
2023-01-10 16:43:58 -05:00

102 lines
3.0 KiB
Go

package zrokEdgeSdk
import (
"context"
"fmt"
"github.com/openziti/edge/rest_management_api_client"
"github.com/openziti/edge/rest_management_api_client/identity"
rest_model_edge "github.com/openziti/edge/rest_model"
"github.com/openziti/sdk-golang/ziti/config"
"github.com/openziti/sdk-golang/ziti/enroll"
"github.com/sirupsen/logrus"
"time"
)
func CreateEnvironmentIdentity(uniqueToken, accountEmail, envDescription string, edge *rest_management_api_client.ZitiEdgeManagement) (*identity.CreateIdentityCreated, error) {
identityType := rest_model_edge.IdentityTypeUser
moreTags := map[string]interface{}{"zrokEmail": accountEmail}
return CreateIdentity(accountEmail+"-"+uniqueToken+"-"+envDescription, identityType, moreTags, edge)
}
func CreateIdentity(name string, identityType rest_model_edge.IdentityType, addlTags map[string]interface{}, edge *rest_management_api_client.ZitiEdgeManagement) (*identity.CreateIdentityCreated, error) {
isAdmin := false
tags := ZrokTags()
for k, v := range addlTags {
tags.SubTags[k] = v
}
req := identity.NewCreateIdentityParams()
req.Identity = &rest_model_edge.IdentityCreate{
Enrollment: &rest_model_edge.IdentityCreateEnrollment{Ott: true},
IsAdmin: &isAdmin,
Name: &name,
RoleAttributes: nil,
ServiceHostingCosts: nil,
Tags: tags,
Type: &identityType,
}
req.SetTimeout(30 * time.Second)
resp, err := edge.Identity.CreateIdentity(req, nil)
if err != nil {
return nil, err
}
return resp, nil
}
func GetIdentityByZId(zId string, edge *rest_management_api_client.ZitiEdgeManagement) (*identity.ListIdentitiesOK, error) {
filter := fmt.Sprintf("id=\"%v\"", zId)
limit := int64(0)
offset := int64(0)
req := &identity.ListIdentitiesParams{
Filter: &filter,
Limit: &limit,
Offset: &offset,
Context: context.Background(),
}
req.SetTimeout(30 * time.Second)
resp, err := edge.Identity.ListIdentities(req, nil)
if err != nil {
return nil, err
}
return resp, nil
}
func EnrollIdentity(zId string, edge *rest_management_api_client.ZitiEdgeManagement) (*config.Config, error) {
p := &identity.DetailIdentityParams{
Context: context.Background(),
ID: zId,
}
p.SetTimeout(30 * time.Second)
resp, err := edge.Identity.DetailIdentity(p, nil)
if err != nil {
return nil, err
}
tkn, _, err := enroll.ParseToken(resp.GetPayload().Data.Enrollment.Ott.JWT)
if err != nil {
return nil, err
}
flags := enroll.EnrollmentFlags{
Token: tkn,
KeyAlg: "RSA",
}
conf, err := enroll.Enroll(flags)
if err != nil {
return nil, err
}
logrus.Infof("enrolled ziti identity '%v'", zId)
return conf, nil
}
func DeleteIdentity(zId string, edge *rest_management_api_client.ZitiEdgeManagement) error {
req := &identity.DeleteIdentityParams{
ID: zId,
Context: context.Background(),
}
req.SetTimeout(30 * time.Second)
_, err := edge.Identity.DeleteIdentity(req, nil)
if err != nil {
return err
}
logrus.Infof("deleted ziti identity '%v'", zId)
return nil
}