Merge pull request #2249 from openziti/posture-check-role-attr-list

Posture check role attr list, list config services

CHANGELOG.md

@@ -1,3 +1,30 @@
+# Release 1.1.8
+
+## What's New
+
+* Bug fixes, enhancements and continuing progress on controller HA
+
+## Component Updates and Bug Fixes
+
+* github.com/openziti/edge-api: [v0.26.20 -> v0.26.22-0.20240719132447-6daf28ad09e7](https://github.com/openziti/edge-api/compare/v0.26.20...v0.26.22-0.20240719132447-6daf28ad09e7)
+    * [Issue #120](https://github.com/openziti/edge-api/issues/120) - Add API for retrieving services referencing a config
+    * [Issue #121](https://github.com/openziti/edge-api/issues/121) - Add API for retrieving the set of attribute roles used by posture checks
+
+* github.com/openziti/sdk-golang: [v0.23.38 -> v0.23.39](https://github.com/openziti/sdk-golang/compare/v0.23.38...v0.23.39)
+    * [Issue #596](https://github.com/openziti/sdk-golang/issues/596) - SDK should submit selected config types to auth and service list APIs
+    * [Issue #593](https://github.com/openziti/sdk-golang/issues/593) - SDK Golang OIDC Get API Session Returns Wrong Value
+
+* github.com/openziti/storage: [v0.2.47 -> v0.2.48](https://github.com/openziti/storage/compare/v0.2.47...v0.2.48)
+    * [Issue #78](https://github.com/openziti/storage/issues/78) - Allow searching for things without case sensitivity
+
+* github.com/openziti/ziti: [v1.1.7 -> v1.1.8](https://github.com/openziti/ziti/compare/v1.1.7...v1.1.8)
+    * [Issue #2245](https://github.com/openziti/ziti/issues/2245) - Add ability to retrieve a list of services that reference a config
+    * [Issue #2089](https://github.com/openziti/ziti/issues/2089) - Enhance Management API to list Posture Check Roles
+    * [Issue #2010](https://github.com/openziti/ziti/issues/2010) - Add config information to router data model
+    * [Issue #1990](https://github.com/openziti/ziti/issues/1990) - Implement subscriber model for identity/service events in router
+    * [Issue #2240](https://github.com/openziti/ziti/issues/2240) - Secondary ext-jwt Auth Policy check incorrectly requires primary ext-jwt auth to be enabled
+
+
 # Release 1.1.7
 
 ## What's New

controller/internal/routes/config_router.go

@@ -21,10 +21,10 @@ import (
 	"github.com/go-openapi/runtime/middleware"
 	"github.com/openziti/edge-api/rest_management_api_server/operations/config"
 	"github.com/openziti/ziti/controller/env"
+	"github.com/openziti/ziti/controller/fields"
 	"github.com/openziti/ziti/controller/internal/permissions"
 	"github.com/openziti/ziti/controller/model"
 	"github.com/openziti/ziti/controller/response"
-	"github.com/openziti/ziti/controller/fields"
 )
 
 func init() {
@@ -66,6 +66,11 @@ func (r *ConfigRouter) Register(ae *env.AppEnv) {
 	ae.ManagementApi.ConfigPatchConfigHandler = config.PatchConfigHandlerFunc(func(params config.PatchConfigParams, _ interface{}) middleware.Responder {
 		return ae.IsAllowed(func(ae *env.AppEnv, rc *response.RequestContext) { r.Patch(ae, rc, params) }, params.HTTPRequest, params.ID, "", permissions.IsAdmin())
 	})
+
+	//Additional Lists
+	ae.ManagementApi.ConfigListConfigServicesHandler = config.ListConfigServicesHandlerFunc(func(params config.ListConfigServicesParams, _ interface{}) middleware.Responder {
+		return ae.IsAllowed(r.ListServices, params.HTTPRequest, params.ID, "", permissions.IsAdmin())
+	})
 }
 
 func (r *ConfigRouter) List(ae *env.AppEnv, rc *response.RequestContext) {
@@ -122,3 +127,7 @@ func (r *ConfigRouter) Patch(ae *env.AppEnv, rc *response.RequestContext, params
 		return ae.Managers.Config.Update(model, fields.FilterMaps("tags", "data"), rc.NewChangeContext())
 	})
 }
+
+func (r *ConfigRouter) ListServices(ae *env.AppEnv, rc *response.RequestContext) {
+	ListAssociationWithHandler[*model.Config, *model.ServiceDetail](ae, rc, ae.Managers.Config, ae.Managers.EdgeService.GetDetailLister(), MapServiceToRestEntity)
+}

controller/internal/routes/role_attributes_router.go

@@ -22,8 +22,8 @@ import (
 	"github.com/openziti/edge-api/rest_model"
 	"github.com/openziti/ziti/controller/env"
 	"github.com/openziti/ziti/controller/internal/permissions"
-	"github.com/openziti/ziti/controller/response"
 	"github.com/openziti/ziti/controller/models"
+	"github.com/openziti/ziti/controller/response"
 )
 
 func init() {
@@ -49,6 +49,10 @@ func (r *RoleAttributesRouter) Register(ae *env.AppEnv) {
 	ae.ManagementApi.RoleAttributesListServiceRoleAttributesHandler = role_attributes.ListServiceRoleAttributesHandlerFunc(func(params role_attributes.ListServiceRoleAttributesParams, _ interface{}) middleware.Responder {
 		return ae.IsAllowed(r.listServiceRoleAttributes, params.HTTPRequest, "", "", permissions.IsAdmin())
 	})
+
+	ae.ManagementApi.RoleAttributesListPostureCheckRoleAttributesHandler = role_attributes.ListPostureCheckRoleAttributesHandlerFunc(func(params role_attributes.ListPostureCheckRoleAttributesParams, _ interface{}) middleware.Responder {
+		return ae.IsAllowed(r.listPostureCheckAttributes, params.HTTPRequest, "", "", permissions.IsAdmin())
+	})
 }
 
 func (r *RoleAttributesRouter) listEdgeRouterRoleAttributes(ae *env.AppEnv, rc *response.RequestContext) {
@@ -63,6 +67,10 @@ func (r *RoleAttributesRouter) listServiceRoleAttributes(ae *env.AppEnv, rc *res
 	r.listRoleAttributes(rc, ae.Managers.EdgeService)
 }
 
+func (r *RoleAttributesRouter) listPostureCheckAttributes(ae *env.AppEnv, rc *response.RequestContext) {
+	r.listRoleAttributes(rc, ae.Managers.PostureCheck)
+}
+
 func (r *RoleAttributesRouter) listRoleAttributes(rc *response.RequestContext, queryable roleAttributeQueryable) {
 	List(rc, func(rc *response.RequestContext, queryOptions *PublicQueryOptions) (*QueryResult, error) {
 		results, qmd, err := queryable.QueryRoleAttributes(queryOptions.Predicate)

controller/model/posture_check_manager.go

@@ -153,6 +153,11 @@ func (self *PostureCheckManager) QueryPostureChecks(query ast.Query) (*PostureCh
 	return result, nil
 }
 
+func (self *PostureCheckManager) QueryRoleAttributes(queryString string) ([]string, *models.QueryMetaData, error) {
+	index := self.env.GetStores().PostureCheck.GetRoleAttributesIndex()
+	return self.queryRoleAttributes(index, queryString)
+}
+
 func (self *PostureCheckManager) Marshall(entity *PostureCheck) ([]byte, error) {
 	tags, err := edge_cmd_pb.EncodeTags(entity.Tags)
 	if err != nil {

go.mod

@@ -49,7 +49,7 @@ require (
 	github.com/natefinch/lumberjack v2.0.0+incompatible
 	github.com/openziti/agent v1.0.16
 	github.com/openziti/channel/v2 v2.0.136
-	github.com/openziti/edge-api v0.26.22
+	github.com/openziti/edge-api v0.26.23
 	github.com/openziti/foundation/v2 v2.0.47
 	github.com/openziti/identity v1.0.81
 	github.com/openziti/jwks v1.0.3

go.sum

@@ -570,8 +570,8 @@ github.com/openziti/channel/v2 v2.0.136 h1:XWjcNrPhto2XiD5HLhsh7GhmqfHEweQIJ/eUj
 github.com/openziti/channel/v2 v2.0.136/go.mod h1:7jhk6JtJPP1O8aWYx+w2IuwCunFJ88Ot4AQcrKiX5og=
 github.com/openziti/dilithium v0.3.3 h1:PLgQ6PMNLSTzCFbX/h98cmudgz/cU6TmjdSv5NAPD8k=
 github.com/openziti/dilithium v0.3.3/go.mod h1:vsCjI2AU/hon9e+dLhUFbCNGesJDj2ASgkySOcpmvjo=
-github.com/openziti/edge-api v0.26.22 h1:kpd+SxdO4UO4/SO3DFWyndseY90J5zWtO5EsAqHJHvM=
-github.com/openziti/edge-api v0.26.22/go.mod h1:t0qfgV5u2+HItpvgDIShA69v6m7RZ+PrbQuLQaDDdx8=
+github.com/openziti/edge-api v0.26.23 h1:tXXGc/ACg7bQys+8K8ElS49A8VWfBi8Y6nGV53NqE9U=
+github.com/openziti/edge-api v0.26.23/go.mod h1:t0qfgV5u2+HItpvgDIShA69v6m7RZ+PrbQuLQaDDdx8=
 github.com/openziti/foundation/v2 v2.0.47 h1:f2LM6FQOhHXJ9QMTpr4GAKq8qXspNG3EGczMjjyz7uc=
 github.com/openziti/foundation/v2 v2.0.47/go.mod h1:pj5nPmVtAdF1QX+aRtALw69hxcsAzrWDpBUe+Zrc73Q=
 github.com/openziti/identity v1.0.81 h1:zeS+sCxsfIbNAvlLHqM+74BcCPitW4Vpmarlrcun6hw=
@@ -586,8 +586,6 @@ github.com/openziti/sdk-golang v0.23.39 h1:e+FJ8h0jxP1NaRZq4eIafMpxqe+UK0T43bKhd
 github.com/openziti/sdk-golang v0.23.39/go.mod h1:5wt3h/TCeC/YqNLfdTAMEEAJvQqCCJYKYXt4Dmbcj64=
 github.com/openziti/secretstream v0.1.21 h1:r4xN8/CzSEvxZFFYGSztrlhMtIvk3B+SQcq2zgZ4Tb4=
 github.com/openziti/secretstream v0.1.21/go.mod h1:1lfAnS8gBHsKZiPbRRK1sularbAsqizN6tWUEuZSfo0=
-github.com/openziti/storage v0.2.48 h1:RB5YGmkotgNuQkETybZrZohJYdvaUwGg4SPb9K667qw=
-github.com/openziti/storage v0.2.48/go.mod h1:1f6cGRKYLzwst5hwVY+qr8GCcUeO/U5jJftE8+qFqbk=
 github.com/openziti/storage v0.3.0 h1:DH2SN8GYy7rSlBZM9X5W1Dv2b2qZ8kSKyt0iivokVMw=
 github.com/openziti/storage v0.3.0/go.mod h1:1f6cGRKYLzwst5hwVY+qr8GCcUeO/U5jJftE8+qFqbk=
 github.com/openziti/transport/v2 v2.0.138 h1:F7TUv34BZ6x2BetYLtYbxSU/G15B+vkGRU4uPKwvRvU=

ziti/cmd/edge/list.go

@@ -81,13 +81,17 @@ func newListCmd(out io.Writer, errOut io.Writer) *cobra.Command {
 	cmd.AddCommand(newListCmdForEntityType("edge-router-role-attributes", runListEdgeRouterRoleAttributes, newOptions()))
 	cmd.AddCommand(newListCmdForEntityType("identity-role-attributes", runListIdentityRoleAttributes, newOptions()))
 	cmd.AddCommand(newListCmdForEntityType("service-role-attributes", runListServiceRoleAttributes, newOptions()))
+	cmd.AddCommand(newListCmdForEntityType("posture-check-role-attributes", runListPostureCheckRoleAttributes, newOptions()))
 
 	cmd.AddCommand(newListCmdForEntityType("posture-checks", runListPostureChecks, newOptions()))
 	cmd.AddCommand(newListCmdForEntityType("posture-check-types", runListPostureCheckTypes, newOptions()))
 
 	configTypeListRootCmd := newEntityListRootCmd("config-type")
 	configTypeListRootCmd.AddCommand(newSubListCmdForEntityType("config-type", "configs", outputConfigs, newOptions()))
 
+	configListRootCmd := newEntityListRootCmd("config")
+	configListRootCmd.AddCommand(newSubListCmdForEntityType("configs", "services", outputServices, newOptions()))
+
 	edgeRouterListRootCmd := newEntityListRootCmd("edge-router", "er")
 	edgeRouterListRootCmd.AddCommand(newSubListCmdForEntityType("edge-routers", "edge-router-policies", outputEdgeRouterPolicies, newOptions()))
 	edgeRouterListRootCmd.AddCommand(newSubListCmdForEntityType("edge-routers", "service-edge-router-policies", outputServiceEdgeRouterPolicies, newOptions()))
@@ -125,6 +129,7 @@ func newListCmd(out io.Writer, errOut io.Writer) *cobra.Command {
 	cmd.AddCommand(newListCmdForEntityType("summary", runListSummary, newOptions()))
 
 	cmd.AddCommand(configTypeListRootCmd,
+		configListRootCmd,
 		edgeRouterListRootCmd,
 		edgeRouterPolicyListRootCmd,
 		identityListRootCmd,
@@ -1530,6 +1535,10 @@ func runListServiceRoleAttributes(o *api.Options) error {
 	return runListRoleAttributes("service", o)
 }
 
+func runListPostureCheckRoleAttributes(o *api.Options) error {
+	return runListRoleAttributes("posture-check", o)
+}
+
 func runListRoleAttributes(entityType string, o *api.Options) error {
 	children, pagingInfo, err := listEntitiesWithOptions(entityType+"-role-attributes", o)
 

zititest/go.mod

@@ -12,7 +12,7 @@ require (
 	github.com/michaelquigley/pfxlog v0.6.10
 	github.com/openziti/agent v1.0.16
 	github.com/openziti/channel/v2 v2.0.136
-	github.com/openziti/edge-api v0.26.22
+	github.com/openziti/edge-api v0.26.23
 	github.com/openziti/fablab v0.5.60
 	github.com/openziti/foundation/v2 v2.0.47
 	github.com/openziti/identity v1.0.81

zititest/go.sum

@@ -592,8 +592,8 @@ github.com/openziti/channel/v2 v2.0.136 h1:XWjcNrPhto2XiD5HLhsh7GhmqfHEweQIJ/eUj
 github.com/openziti/channel/v2 v2.0.136/go.mod h1:7jhk6JtJPP1O8aWYx+w2IuwCunFJ88Ot4AQcrKiX5og=
 github.com/openziti/dilithium v0.3.3 h1:PLgQ6PMNLSTzCFbX/h98cmudgz/cU6TmjdSv5NAPD8k=
 github.com/openziti/dilithium v0.3.3/go.mod h1:vsCjI2AU/hon9e+dLhUFbCNGesJDj2ASgkySOcpmvjo=
-github.com/openziti/edge-api v0.26.22 h1:kpd+SxdO4UO4/SO3DFWyndseY90J5zWtO5EsAqHJHvM=
-github.com/openziti/edge-api v0.26.22/go.mod h1:t0qfgV5u2+HItpvgDIShA69v6m7RZ+PrbQuLQaDDdx8=
+github.com/openziti/edge-api v0.26.23 h1:tXXGc/ACg7bQys+8K8ElS49A8VWfBi8Y6nGV53NqE9U=
+github.com/openziti/edge-api v0.26.23/go.mod h1:t0qfgV5u2+HItpvgDIShA69v6m7RZ+PrbQuLQaDDdx8=
 github.com/openziti/fablab v0.5.60 h1:RsqrEb3LV6asK5N97uZKyNSDhcNOeDcAuT4OAD/hY9Y=
 github.com/openziti/fablab v0.5.60/go.mod h1:B/ib+GOtozEIytv2aXSFl9+dL7AiGfbpGS/VjnNduU8=
 github.com/openziti/foundation/v2 v2.0.47 h1:f2LM6FQOhHXJ9QMTpr4GAKq8qXspNG3EGczMjjyz7uc=