openziti · jensalm · Dec 3, 2024 · Dec 3, 2024 · Dec 3, 2024 · Dec 4, 2024
@@ -102,6 +102,8 @@ require (
 	github.com/MichaelMure/go-term-text v0.3.1 // indirect
 	github.com/alecthomas/chroma v0.10.0 // indirect
 	github.com/andybalholm/brotli v1.1.0 // indirect
+	github.com/antchfx/jsonquery v1.3.6 // indirect
+	github.com/antchfx/xpath v1.3.2 // indirect
 	github.com/antlr4-go/antlr/v4 v4.13.1 // indirect
 	github.com/armon/go-metrics v0.4.1 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
@@ -124,6 +126,7 @@ require (
 	github.com/go-openapi/analysis v0.23.0 // indirect
 	github.com/go-openapi/jsonpointer v0.21.0 // indirect
 	github.com/go-openapi/jsonreference v0.21.0 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/gomarkdown/markdown v0.0.0-20230922112808-5421fefb8386 // indirect
 	github.com/gorilla/schema v1.4.1 // indirect
@@ -137,6 +140,7 @@ require (
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/josharian/native v1.1.0 // indirect
+	github.com/judedaryl/go-arrayutils v0.0.1 // indirect
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
 	github.com/kr/pty v1.1.8 // indirect
 	github.com/kyokomi/emoji/v2 v2.2.12 // indirect
@@ -159,6 +163,7 @@ require (
 	github.com/openziti-incubator/cf v0.0.3 // indirect
 	github.com/openziti/dilithium v0.3.5 // indirect
 	github.com/parallaxsecond/parsec-client-go v0.0.0-20221025095442-f0a77d263cf9 // indirect
+	github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
 	github.com/pelletier/go-toml/v2 v2.2.2 // indirect
 	github.com/pion/dtls/v3 v3.0.4 // indirect
 	github.com/pion/logging v0.2.2 // indirect

@@ -80,6 +80,10 @@ github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRF
 github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M=
 github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY=
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
+github.com/antchfx/jsonquery v1.3.6 h1:TaSfeAh7n6T11I74bsZ1FswreIfrbJ0X+OyLflx6mx4=
+github.com/antchfx/jsonquery v1.3.6/go.mod h1:fGzSGJn9Y826Qd3pC8Wx45avuUwpkePsACQJYy+58BU=
+github.com/antchfx/xpath v1.3.2 h1:LNjzlsSjinu3bQpw9hWMY9ocB80oLOWuQqFvO6xt51U=
+github.com/antchfx/xpath v1.3.2/go.mod h1:i54GszH55fYfBmoZXapTHN8T8tkcHfRgLyVwwqzXNcs=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/antlr4-go/antlr/v4 v4.13.1 h1:SqQKkuVZ+zWkMMNkjy5FZe5mr5WURWnlpmOuzYWrPrQ=
 github.com/antlr4-go/antlr/v4 v4.13.1/go.mod h1:GKmUxMtwp6ZgGwZSva4eWPC5mS6vUAmOABFgjdkM7Nw=
@@ -256,6 +260,8 @@ github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4er
 github.com/golang/groupcache v0.0.0-20191027212112-611e8accdfc9/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
@@ -427,6 +433,8 @@ github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
+github.com/judedaryl/go-arrayutils v0.0.1 h1:89rWXRVp1c1gcE1UEWvFuohVMeYwfA0y4TMZtE8dS58=
+github.com/judedaryl/go-arrayutils v0.0.1/go.mod h1:vqtnlEkOBpDGHS3U3kQtMJZGTOC+SBFAQYj2KcxLf1A=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
 github.com/kataras/go-events v0.0.3 h1:o5YK53uURXtrlg7qE/vovxd/yKOJcLuFtPQbf1rYMC4=
 github.com/kataras/go-events v0.0.3/go.mod h1:bFBgtzwwzrag7kQmGuU1ZaVxhK2qseYPQomXoVEMsj4=
@@ -610,6 +618,8 @@ github.com/parallaxsecond/parsec-client-go v0.0.0-20221025095442-f0a77d263cf9/go
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY=
 github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
+github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
+github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
 github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
 github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM=

@@ -0,0 +1,49 @@
+/*
+	Copyright NetFoundry Inc.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+	https://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+package common
+
+import (
+	"errors"
+	"github.com/patrickmn/go-cache"
+	log "github.com/sirupsen/logrus"
+	"reflect"
+)
+
+type CacheGetter func(id string) (interface{}, error)
+
+func GetItemFromCache(c *cache.Cache, key string, fn CacheGetter) (interface{}, error) {
+	if key == "" {
+		return nil, errors.New("key is null, can't resolve from cache or get it from source")
+	}
+	detail, found := c.Get(key)
+	if !found {
+		log.WithFields(map[string]interface{}{"key": key}).Debug("Item not in cache, getting from source")
+		var err error
+		detail, err = fn(key)
+		if err != nil {
+			log.WithFields(map[string]interface{}{"key": key}).WithError(err).Debug("Error reading from source, returning error")
+			return nil, errors.Join(errors.New("error reading: "+key), err)
+		}
+		if detail != nil && !reflect.ValueOf(detail).IsNil() {
+			log.WithFields(map[string]interface{}{"key": key, "item": detail}).Debug("Item read from source, caching")
+			c.Set(key, detail, cache.NoExpiration)
+		}
+		return detail, nil
+	}
+	log.WithFields(map[string]interface{}{"key": key}).Debug("Item found in cache")
+	return detail, nil
+}
@@ -13,14 +13,15 @@
 	See the License for the specific language governing permissions and
 	limitations under the License.
 */
-package verify
+
+package internal
 
 import (
 	"github.com/sirupsen/logrus"
 	"runtime"
 )
 
-func configureLogFormat(level logrus.Level) {
+func ConfigureLogFormat(level logrus.Level) {
 	logrus.SetLevel(level)
 	logrus.SetFormatter(&logrus.TextFormatter{
 		ForceColors:               true,

@@ -13,17 +13,27 @@
 	See the License for the specific language governing permissions and
 	limitations under the License.
 */
+
 package mgmt
 
 import (
 	"context"
 	"crypto/tls"
 	"crypto/x509"
 	"errors"
+	"fmt"
 	"github.com/openziti/edge-api/rest_management_api_client"
+	"github.com/openziti/edge-api/rest_management_api_client/auth_policy"
+	"github.com/openziti/edge-api/rest_management_api_client/certificate_authority"
+	"github.com/openziti/edge-api/rest_management_api_client/config"
 	rest_mgmt "github.com/openziti/edge-api/rest_management_api_client/current_api_session"
+	"github.com/openziti/edge-api/rest_management_api_client/edge_router"
+	"github.com/openziti/edge-api/rest_management_api_client/edge_router_policy"
+	"github.com/openziti/edge-api/rest_management_api_client/external_jwt_signer"
 	"github.com/openziti/edge-api/rest_management_api_client/identity"
+	"github.com/openziti/edge-api/rest_management_api_client/posture_checks"
 	"github.com/openziti/edge-api/rest_management_api_client/service"
+	"github.com/openziti/edge-api/rest_management_api_client/service_edge_router_policy"
 	"github.com/openziti/edge-api/rest_management_api_client/service_policy"
 	"github.com/openziti/edge-api/rest_model"
 	"github.com/openziti/edge-api/rest_util"
@@ -77,7 +87,157 @@ func ServicePolicyFromFilter(client *rest_management_api_client.ZitiEdgeManageme
 	params.SetTimeout(5 * time.Second)
 	resp, err := client.ServicePolicy.ListServicePolicies(params, nil)
 	if err != nil {
-		log.Errorf("Could not obtain an ID for the service with filter %s: %v", filter, err)
+		log.Errorf("Could not obtain an ID for the service policy with filter %s: %v", filter, err)
+		return nil
+	}
+	if resp == nil || resp.Payload == nil || resp.Payload.Data == nil || len(resp.Payload.Data) == 0 {
+		return nil
+	}
+	return resp.Payload.Data[0]
+}
+
+func AuthPolicyFromFilter(client *rest_management_api_client.ZitiEdgeManagement, filter string) *rest_model.AuthPolicyDetail {
+	params := &auth_policy.ListAuthPoliciesParams{
+		Filter:  &filter,
+		Context: context.Background(),
+	}
+	params.SetTimeout(5 * time.Second)
+	resp, err := client.AuthPolicy.ListAuthPolicies(params, nil)
+	if err != nil {
+		log.Errorf("Could not obtain an ID for the auth policy with filter %s: %v", filter, err)
+		return nil
+	}
+	if resp == nil || resp.Payload == nil || resp.Payload.Data == nil || len(resp.Payload.Data) == 0 {
+		return nil
+	}
+	return resp.Payload.Data[0]
+}
+
+func CertificateAuthorityFromFilter(client *rest_management_api_client.ZitiEdgeManagement, filter string) *rest_model.CaDetail {
+	params := &certificate_authority.ListCasParams{
+		Filter:  &filter,
+		Context: context.Background(),
+	}
+	params.SetTimeout(5 * time.Second)
+	resp, err := client.CertificateAuthority.ListCas(params, nil)
+	if err != nil {
+		log.Errorf("Could not obtain an ID for the certificate authority with filter %s: %v", filter, err)
+		return nil
+	}
+	if resp == nil || resp.Payload == nil || resp.Payload.Data == nil || len(resp.Payload.Data) == 0 {
+		return nil
+	}
+	return resp.Payload.Data[0]
+}
+
+func ConfigTypeFromFilter(client *rest_management_api_client.ZitiEdgeManagement, filter string) *rest_model.ConfigTypeDetail {
+	params := &config.ListConfigTypesParams{
+		Filter:  &filter,
+		Context: context.Background(),
+	}
+	params.SetTimeout(5 * time.Second)
+	resp, err := client.Config.ListConfigTypes(params, nil)
+	if err != nil {
+		log.Errorf("Could not obtain an ID for the config type with filter %s: %v", filter, err)
+		return nil
+	}
+	if resp == nil || resp.Payload == nil || resp.Payload.Data == nil || len(resp.Payload.Data) == 0 {
+		return nil
+	}
+	return resp.Payload.Data[0]
+}
+
+func ConfigFromFilter(client *rest_management_api_client.ZitiEdgeManagement, filter string) *rest_model.ConfigDetail {
+	params := &config.ListConfigsParams{
+		Filter:  &filter,
+		Context: context.Background(),
+	}
+	params.SetTimeout(5 * time.Second)
+	resp, err := client.Config.ListConfigs(params, nil)
+	if err != nil {
+		log.Errorf("Could not obtain an ID for the config with filter %s: %v", filter, err)
+		return nil
+	}
+	if resp == nil || resp.Payload == nil || resp.Payload.Data == nil || len(resp.Payload.Data) == 0 {
+		return nil
+	}
+	return resp.Payload.Data[0]
+}
+
+func ExternalJWTSignerFromFilter(client *rest_management_api_client.ZitiEdgeManagement, filter string) *rest_model.ExternalJWTSignerDetail {
+	params := &external_jwt_signer.ListExternalJWTSignersParams{
+		Filter:  &filter,
+		Context: context.Background(),
+	}
+	params.SetTimeout(5 * time.Second)
+	resp, err := client.ExternalJWTSigner.ListExternalJWTSigners(params, nil)
+	if err != nil {
+		log.Errorf("Could not obtain an ID for the external jwt signer with filter %s: %v", filter, err)
+		return nil
+	}
+	if resp == nil || resp.Payload == nil || resp.Payload.Data == nil || len(resp.Payload.Data) == 0 {
+		return nil
+	}
+	return resp.Payload.Data[0]
+}
+
+func PostureCheckFromFilter(client *rest_management_api_client.ZitiEdgeManagement, filter string) *rest_model.PostureCheckDetail {
+	params := &posture_checks.ListPostureChecksParams{
+		Filter:  &filter,
+		Context: context.Background(),
+	}
+	params.SetTimeout(5 * time.Second)
+	resp, err := client.PostureChecks.ListPostureChecks(params, nil)
+	if err != nil {
+		log.Errorf("Could not obtain an ID for the posture check with filter %s: %v", filter, err)
+		return nil
+	}
+	if resp == nil || resp.Payload == nil || len(resp.Payload.Data()) == 0 {
+		return nil
+	}
+	return &resp.Payload.Data()[0]
+}
+
+func EdgeRouterPolicyFromFilter(client *rest_management_api_client.ZitiEdgeManagement, filter string) *rest_model.EdgeRouterPolicyDetail {
+	params := &edge_router_policy.ListEdgeRouterPoliciesParams{
+		Filter: &filter,
+	}
+	params.SetTimeout(5 * time.Second)
+	resp, err := client.EdgeRouterPolicy.ListEdgeRouterPolicies(params, nil)
+	if err != nil {
+		log.Errorf("Could not obtain an ID for the edge router policies with filter %s: %v", filter, err)
+		return nil
+	}
+	if resp == nil || resp.Payload == nil || resp.Payload.Data == nil || len(resp.Payload.Data) == 0 {
+		return nil
+	}
+	return resp.Payload.Data[0]
+}
+
+func EdgeRouterFromFilter(client *rest_management_api_client.ZitiEdgeManagement, filter string) *rest_model.EdgeRouterDetail {
+	params := &edge_router.ListEdgeRoutersParams{
+		Filter: &filter,
+	}
+	params.SetTimeout(5 * time.Second)
+	resp, err := client.EdgeRouter.ListEdgeRouters(params, nil)
+	if err != nil {
+		log.Errorf("Could not obtain an ID for the edge routers with filter %s: %v", filter, err)
+		return nil
+	}
+	if resp == nil || resp.Payload == nil || resp.Payload.Data == nil || len(resp.Payload.Data) == 0 {
+		return nil
+	}
+	return resp.Payload.Data[0]
+}
+
+func ServiceEdgeRouterPolicyFromFilter(client *rest_management_api_client.ZitiEdgeManagement, filter string) *rest_model.ServiceEdgeRouterPolicyDetail {
+	params := &service_edge_router_policy.ListServiceEdgeRouterPoliciesParams{
+		Filter: &filter,
+	}
+	params.SetTimeout(5 * time.Second)
+	resp, err := client.ServiceEdgeRouterPolicy.ListServiceEdgeRouterPolicies(params, nil)
+	if err != nil {
+		log.Errorf("Could not obtain an ID for the ServiceEdgeRouterPolicy routers with filter %s: %v", filter, err)
 		return nil
 	}
 	if resp == nil || resp.Payload == nil || resp.Payload.Data == nil || len(resp.Payload.Data) == 0 {
@@ -87,7 +247,7 @@ func ServicePolicyFromFilter(client *rest_management_api_client.ZitiEdgeManageme
 }
 
 func NameFilter(name string) string {
-	return `name="` + name + `"`
+	return fmt.Sprintf("name = \"%s\"", name)
 }
 
 func NewClient() (*rest_management_api_client.ZitiEdgeManagement, error) {
@@ -100,7 +260,7 @@ func NewClient() (*rest_management_api_client.ZitiEdgeManagement, error) {
 	if cachedId == nil {
 		return nil, errors.New("no identity found")
 	}
-	
+
 	caPool := x509.NewCertPool()
 	if _, cacertErr := os.Stat(cachedId.CaCert); cacertErr == nil {
 		rootPemData, err := os.ReadFile(cachedId.CaCert)
@@ -111,7 +271,7 @@ func NewClient() (*rest_management_api_client.ZitiEdgeManagement, error) {
 	} else {
 		return nil, errors.New("CA cert file not found in config file")
 	}
-	
+
 	tlsConfig := &tls.Config{
 		RootCAs: caPool,
 	}
@@ -137,4 +297,4 @@ func NewClient() (*rest_management_api_client.ZitiEdgeManagement, error) {
 		return nil, errors.New("client not authenticated. login with 'ziti edge login' before executing")
 	}
 	return c, nil
-}
+}