diff --git a/doc/release-notes.md b/doc/release-notes.md index ccf258f6b..8ca48bab6 100644 --- a/doc/release-notes.md +++ b/doc/release-notes.md @@ -1,3 +1,18 @@ +# Release 0.15.1 + +* What's New: +No new functionality introduced. + +* Bug fixes + * [#129](https://github.com/openziti/ziti/issues/129) - minor issue with `ziti-tunnel enroll` outputting the success message at ERROR level + * [#131](https://github.com/openziti/ziti/issues/131) - issues w/ creating identities, CAs and validating CAs + * [#133](https://github.com/openziti/ziti/issues/133) - fix service lookup by name when creating service edge router policies + * [edge#191](https://github.com/openziti/edge/issues/191) - updating self password via CLI would error with 404 not found + * [edge#231](https://github.com/openziti/edge/issues/231) - identities missing enrollment expiresAt property + * [edge#237](https://github.com/openziti/edge/issues/237) - Policy Advisor CLI is failing because common routers IsOnline value is missing + * [edge#233](https://github.com/openziti/edge/issues/233) - REST API Errors should be application/json if possible + * [edge#240](https://github.com/openziti/edge/issues/240) - listing specs results in a 404 + # Release 0.15.0 Ziti 0.15.0 includes the following: diff --git a/go.mod b/go.mod index 2f7dd080f..17713b77d 100644 --- a/go.mod +++ b/go.mod @@ -25,10 +25,10 @@ require ( github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0 github.com/keybase/go-ps v0.0.0-20190827175125-91aafc93ba19 github.com/michaelquigley/pfxlog v0.0.0-20190813191113-2be43bd0dccc - github.com/openziti/edge v0.15.6 - github.com/openziti/fabric v0.11.52 - github.com/openziti/foundation v0.11.10 - github.com/openziti/sdk-golang v0.13.16 + github.com/openziti/edge v0.15.16 + github.com/openziti/fabric v0.11.53 + github.com/openziti/foundation v0.11.11 + github.com/openziti/sdk-golang v0.13.20 github.com/pborman/uuid v1.2.0 github.com/pkg/errors v0.9.1 github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0 diff --git a/go.sum b/go.sum index cca2f1e25..1a93cf612 100644 --- a/go.sum +++ b/go.sum @@ -312,8 +312,8 @@ github.com/mitchellh/mapstructure v1.3.2 h1:mRS76wmkOn3KkKAyXDu42V+6ebnXWIztFSYG github.com/mitchellh/mapstructure v1.3.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= -github.com/netfoundry/secretstream v0.1.1 h1:z6T7B5DuOtr9O+SmKaS9DzwOoGLYtgvyTzuPuR5FO7I= -github.com/netfoundry/secretstream v0.1.1/go.mod h1:uasYkYSp0MmNSlKOWJ2sVzxPms8e58TS4ENq4yro86k= +github.com/netfoundry/secretstream v0.1.2 h1:NgqrYytDnjKbOfWI29TT0SJM+RwB3yf9MIkJVJaU+J0= +github.com/netfoundry/secretstream v0.1.2/go.mod h1:uasYkYSp0MmNSlKOWJ2sVzxPms8e58TS4ENq4yro86k= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= @@ -322,14 +322,14 @@ github.com/onsi/ginkgo v1.7.0 h1:WSHQ+IS43OoUrWtD1/bbclrwK8TTH5hzp+umCiuxHgs= github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/gomega v1.4.3 h1:RE1xgDvH7imwFD45h+u2SgIfERHlS2yNG4DObb5BSKU= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -github.com/openziti/edge v0.15.6 h1:i2vaMfqLrjxNFGskEJ5PHEe0MRWPtGI9R3BQQnYMtFY= -github.com/openziti/edge v0.15.6/go.mod h1:rsXJeirQPTxggP2BOvX1iS1SRT3Fb9FM/+IMyFctXR8= -github.com/openziti/fabric v0.11.52 h1:Fugq+7l+0K3wQ7B2OmVs/U7N7fSYV3FrVSitLsI9pg4= -github.com/openziti/fabric v0.11.52/go.mod h1:elWkCKKtfE7FaqVx8Th++KifopbKzFGpBxp3A+FGSfA= -github.com/openziti/foundation v0.11.10 h1:ot2cmzNgaPttc59gCflJr9MUHy9rSYH+V/rjhNqXIrg= -github.com/openziti/foundation v0.11.10/go.mod h1:Qdd7eCuTrpRwEeDbvYy89sFbEY4+J7OuX8UygxNBsvY= -github.com/openziti/sdk-golang v0.13.16 h1:UpGn413RbDh9os6L4aKkNlK0SV6Rxojy6YonuzNGBDc= -github.com/openziti/sdk-golang v0.13.16/go.mod h1:QbZy932p/pVPPBWicQ4TWFtTN1fDhmWohH/SSLvOHeM= +github.com/openziti/edge v0.15.16 h1:AcIjwtIAIxq5orV4LznP/jxQureAjQD6abDxs0n+l0E= +github.com/openziti/edge v0.15.16/go.mod h1:2U7yCXxW6HLbSxvMC3fTS5UrHKvr3IkOuL5tCa/ijDU= +github.com/openziti/fabric v0.11.53 h1:OVT71Hmbgf5gqsO7fz4iwsyP/T/ZzUfgOD0Bp39z/3U= +github.com/openziti/fabric v0.11.53/go.mod h1:d0EueCQD4CIC3TLAMdw0EoYb+GsmwPrZz3BwRgtU28c= +github.com/openziti/foundation v0.11.11 h1:GPASO0aTtzuzwQbfvu1OMOPdAKzi/DTkxKJ0y2NTzXU= +github.com/openziti/foundation v0.11.11/go.mod h1:Qdd7eCuTrpRwEeDbvYy89sFbEY4+J7OuX8UygxNBsvY= +github.com/openziti/sdk-golang v0.13.20 h1:vnpGvaS/TBz2zd8lUO4cGVYmRWcnAX0v8k/P9+q36BI= +github.com/openziti/sdk-golang v0.13.20/go.mod h1:2cCcWJATUzfx8T9CjaERqersSbKT0r5DptUTcZvHOVs= github.com/orcaman/concurrent-map v0.0.0-20190826125027-8c72a8bb44f6 h1:lNCW6THrCKBiJBpz8kbVGjC7MgdCGKwuvBgc7LoD6sw= github.com/orcaman/concurrent-map v0.0.0-20190826125027-8c72a8bb44f6/go.mod h1:Lu3tH6HLW3feq74c2GC+jIMS/K2CFcDWnWD9XkenwhI= github.com/pborman/uuid v1.2.0 h1:J7Q5mO4ysT1dv8hyrUGHb9+ooztCXu1D8MY8DZYsu3g= @@ -459,8 +459,8 @@ golang.org/x/crypto v0.0.0-20191112222119-e1110fd1c708 h1:pXVtWnwHkrWD9ru3sDxY/q golang.org/x/crypto v0.0.0-20191112222119-e1110fd1c708/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200204104054-c9f3fb736b72 h1:+ELyKg6m8UBf0nPFSqD0mi7zUfwPyXo23HNjMnXPz7w= golang.org/x/crypto v0.0.0-20200204104054-c9f3fb736b72/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9 h1:vEg9joUBmeBcK9iSJftGNf3coIG4HqZElCPehJsfAYM= -golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= @@ -524,6 +524,8 @@ golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1 h1:ogLJMz+qpzav7lGMh10LMvAkM/fAoGlaiiHYiFYdm80= golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae h1:Ih9Yo4hSPImZOpfGuA4bR/ORKTAbhZo2AbWNRCnevdo= +golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= diff --git a/ziti-tunnel/cmd/ziti-tunnel/subcmd/enroll.go b/ziti-tunnel/cmd/ziti-tunnel/subcmd/enroll.go index 700834abb..31724d172 100644 --- a/ziti-tunnel/cmd/ziti-tunnel/subcmd/enroll.go +++ b/ziti-tunnel/cmd/ziti-tunnel/subcmd/enroll.go @@ -145,7 +145,7 @@ func processEnrollment() error { encErr := enc.Encode(&conf) if encErr == nil { - logrus.Errorf("enrolled successfully. identity file written to: %s", outpath) + pfxlog.Logger().Infof("enrolled successfully. identity file written to: %s", outpath) return nil } else { return fmt.Errorf("enrollment successful but the identity file was not able to be written to: %s [%s]", outpath, encErr) diff --git a/ziti/cmd/ziti/cmd/edge_controller/create_ca.go b/ziti/cmd/ziti/cmd/edge_controller/create_ca.go index f24e10cfb..a14af5619 100644 --- a/ziti/cmd/ziti/cmd/edge_controller/create_ca.go +++ b/ziti/cmd/ziti/cmd/edge_controller/create_ca.go @@ -36,6 +36,7 @@ type createCaOptions struct { autoCaEnrollment bool ottCaEnrollment bool authEnabled bool + identityRoles []string } // newCreateCaCmd creates the 'edge controller create ca local' command for the given entity type @@ -89,6 +90,7 @@ func newCreateCaCmd(f cmdutil.Factory, out io.Writer, errOut io.Writer) *cobra.C cmd.Flags().BoolVarP(&options.authEnabled, "auth", "e", false, "Whether the CA can be used for authentication or not") cmd.Flags().BoolVarP(&options.ottCaEnrollment, "ottca", "o", false, "Whether the CA can be used for one-time-token CA enrollment") cmd.Flags().BoolVarP(&options.autoCaEnrollment, "autoca", "u", false, "Whether the CA can be used for auto CA enrollment") + cmd.Flags().StringSliceVarP(&options.identityRoles, "role-attributes", "a", nil, "A csv string of role attributes enrolling identities receive") return cmd } @@ -100,6 +102,7 @@ func runCreateCa(options *createCaOptions) (err error) { setJSONValue(data, options.ottCaEnrollment, "isOttCaEnrollmentEnabled") setJSONValue(data, options.authEnabled, "isAuthEnabled") setJSONValue(data, string(options.caPemBytes), "certPem") + setJSONValue(data, options.identityRoles, "identityRoles") result, err := createEntityOfType("cas", data.String(), &options.commonOptions) diff --git a/ziti/cmd/ziti/cmd/edge_controller/create_identity.go b/ziti/cmd/ziti/cmd/edge_controller/create_identity.go index 0efd3b6e6..9631dab96 100644 --- a/ziti/cmd/ziti/cmd/edge_controller/create_identity.go +++ b/ziti/cmd/ziti/cmd/edge_controller/create_identity.go @@ -115,20 +115,12 @@ func runCreateIdentity(idType string, o *createIdentityOptions) error { } func getIdentityJwt(o *createIdentityOptions, id string) error { - list, _, err := listEntitiesOfType("identities", nil, o.OutputJSONResponse, o.Out) + + newIdentity, err := DetailEntityOfType("identities", id, o.OutputJSONResponse, o.Out) if err != nil { return err } - var newIdentity *gabs.Container - for _, gw := range list { - gwId := gw.Path("id").Data().(string) - if gwId == id { - newIdentity = gw - break - } - } - if newIdentity == nil { return fmt.Errorf("no error during identity creation, but identity with id %v not found... unable to extract JWT", id) } diff --git a/ziti/cmd/ziti/cmd/edge_controller/create_service_edge_router_policy.go b/ziti/cmd/ziti/cmd/edge_controller/create_service_edge_router_policy.go index 5b685a3fe..4f6443a2a 100644 --- a/ziti/cmd/ziti/cmd/edge_controller/create_service_edge_router_policy.go +++ b/ziti/cmd/ziti/cmd/edge_controller/create_service_edge_router_policy.go @@ -71,7 +71,7 @@ func runCreateServiceEdgeRouterPolicy(o *createServiceEdgeRouterPolicyOptions) e return err } - serviceRoles, err := convertNamesToIds(o.serviceRoles, "identities") + serviceRoles, err := convertNamesToIds(o.serviceRoles, "services") if err != nil { return err } diff --git a/ziti/cmd/ziti/cmd/edge_controller/detail.go b/ziti/cmd/ziti/cmd/edge_controller/detail.go new file mode 100644 index 000000000..911297e62 --- /dev/null +++ b/ziti/cmd/ziti/cmd/edge_controller/detail.go @@ -0,0 +1,34 @@ +/* + Copyright NetFoundry, Inc. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + https://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package edge_controller + +import ( + "github.com/Jeffail/gabs" + "github.com/openziti/ziti/ziti/cmd/ziti/util" + "io" +) + +func DetailEntityOfType(entityType, entityId string, logJSON bool, out io.Writer) (*gabs.Container, error) { + jsonParsed, err := util.EdgeControllerDetailEntity(entityType, entityId, logJSON, out) + + if err != nil { + return nil, err + } + + entity := jsonParsed.S("data") + return entity, nil +} diff --git a/ziti/cmd/ziti/cmd/edge_controller/policy_advisor.go b/ziti/cmd/ziti/cmd/edge_controller/policy_advisor.go index 285a5aea7..030443005 100644 --- a/ziti/cmd/ziti/cmd/edge_controller/policy_advisor.go +++ b/ziti/cmd/ziti/cmd/edge_controller/policy_advisor.go @@ -304,13 +304,13 @@ func runPolicyAdvisorForService(serviceId string, o *policyAdvisorOptions) error filter = fmt.Sprintf(`true skip %v limit 2`, skip) children, _, err := filterSubEntitiesOfType("services", "identities", serviceId, filter, &o.commonOptions) if err != nil { - panic(err) + return err } for _, child := range children { identityId, _ := child.S("id").Data().(string) if err := runPolicyAdvisorForIdentityAndService(identityId, serviceId, o); err != nil { - panic(err) + return err } } skip += len(children) diff --git a/ziti/cmd/ziti/cmd/edge_controller/update_authenticator_updb.go b/ziti/cmd/ziti/cmd/edge_controller/update_authenticator_updb.go index b4703229c..6e03b8d4f 100644 --- a/ziti/cmd/ziti/cmd/edge_controller/update_authenticator_updb.go +++ b/ziti/cmd/ziti/cmd/edge_controller/update_authenticator_updb.go @@ -21,6 +21,7 @@ import ( "fmt" "github.com/Jeffail/gabs" "github.com/openziti/foundation/util/term" + "github.com/openziti/ziti/ziti/cmd/ziti/util" "github.com/spf13/cobra" ) import cmdhelper "github.com/openziti/ziti/ziti/cmd/ziti/cmd/helpers" @@ -96,10 +97,28 @@ func updateSelfPassword(current string, new string, options commonOptions) error } passwordData := gabs.New() - setJSONValue(passwordData, current, "current") - setJSONValue(passwordData, new, "new") + setJSONValue(passwordData, current, "currentPassword") + setJSONValue(passwordData, new, "password") - _, err = putEntityOfType("current-identity/updb/password", passwordData.String(), &options) + respEnvelope, err := util.EdgeControllerList("current-identity/authenticators", map[string][]string{"filter": {`method="updb"`}}, options.OutputJSONResponse, options.Out) + + if err != nil { + return err + } + + authenticators, err := respEnvelope.S("data").Children() + + if err != nil { + return err + } + + if len(authenticators) == 0 { + return errors.New("no updb authenticator found for the current identity") + } else if len(authenticators) > 1 { + return errors.New("too many updb authenticator found for the current identity") + } + + _, err = patchEntityOfType("current-identity/authenticators/"+authenticators[0].Path("id").Data().(string), passwordData.String(), &options) if err != nil { return err diff --git a/ziti/cmd/ziti/util/rest.go b/ziti/cmd/ziti/util/rest.go index b204badce..9050c84ac 100644 --- a/ziti/cmd/ziti/util/rest.go +++ b/ziti/cmd/ziti/util/rest.go @@ -436,6 +436,47 @@ func outputJson(out io.Writer, data []byte) { } } +func EdgeControllerDetailEntity(entityType, entityId string, logJSON bool, out io.Writer) (*gabs.Container, error) { + session := &Session{} + if err := session.Load(); err != nil { + return nil, err + } + + client := newClient() + + if session.GetCert() != "" { + client.SetRootCertificate(session.GetCert()) + } + + queryUrl := session.GetBaseUrl() + "/" + path.Join(entityType, entityId) + + resp, err := client.R(). + SetHeader("Content-Type", "application/json"). + SetHeader(constants.ZitiSession, session.GetToken()). + Get(queryUrl) + + if err != nil { + return nil, fmt.Errorf("unable to list entities at %v in Ziti Edge Controller at %v. Error: %v", queryUrl, session.GetBaseUrl(), err) + } + + if resp.StatusCode() != http.StatusOK { + return nil, fmt.Errorf("error listing %v in Ziti Edge Controller. Status code: %v, Server returned: %v", + queryUrl, resp.Status(), resp.String()) + } + + if logJSON { + outputJson(out, resp.Body()) + } + + jsonParsed, err := gabs.ParseJSON(resp.Body()) + + if err != nil { + return nil, fmt.Errorf("unable to parse response from %v. Server returned: %v", queryUrl, resp.String()) + } + + return jsonParsed, nil +} + // EdgeControllerListSubEntities will list entities of the given type in the given Edge Controller func EdgeControllerListSubEntities(entityType, subType, entityId string, filter string, logJSON bool, out io.Writer) (*gabs.Container, error) { params := url.Values{} @@ -636,7 +677,7 @@ func EdgeControllerVerify(entityType, id, body string, out io.Writer, logJSON bo } resp, err := client. R(). - SetHeader("Content-Type", "application/json"). + SetHeader("Content-Type", "text/plain"). SetHeader(constants.ZitiSession, session.Token). SetBody(body). Post(session.Host + "/" + entityType + "/" + id + "/verify")