From 8ba72d1b0b9141ffe38308c8e9abbb854ff7b17b Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Fri, 27 Sep 2024 12:53:09 -0400 Subject: [PATCH 1/5] assume ziti edge login command uses mgmt API unless --admin=false --- ziti/cmd/edge/login.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ziti/cmd/edge/login.go b/ziti/cmd/edge/login.go index 0912c3031..1117c5b0b 100644 --- a/ziti/cmd/edge/login.go +++ b/ziti/cmd/edge/login.go @@ -52,6 +52,7 @@ type LoginOptions struct { ClientKey string ExtJwt string File string + Admin bool FileCertCreds *edge_apis.IdentityCredentials } @@ -92,6 +93,7 @@ func NewLoginCmd(out io.Writer, errOut io.Writer) *cobra.Command { cmd.Flags().StringVarP(&options.ClientKey, "client-key", "k", "", "The key to use with certificate authentication") cmd.Flags().StringVarP(&options.ExtJwt, "ext-jwt", "e", "", "A file containing a JWT from an external provider to be used for authentication") cmd.Flags().StringVarP(&options.File, "file", "f", "", "An identity file to use for authentication") + cmd.Flags().BoolVar(&options.Admin, "admin", true, "If set false, login to client API instead of management API") options.AddCommonFlags(cmd) @@ -121,6 +123,10 @@ func (o *LoginOptions) Run() error { if len(cfg.ZtAPIs) > 0 { host = cfg.ZtAPIs[0] } + + if o.Admin { + host = strings.Replace(host, "/edge/client/v1", "/edge/management/v1", 1) + } } id := config.GetIdentity() From 7c2532632bbdcdc3a6d9e7d4d22118ff6c39bf54 Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Fri, 27 Sep 2024 12:55:17 -0400 Subject: [PATCH 2/5] assume ziti edge login command uses client API if --admin=false --- ziti/cmd/edge/login.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ziti/cmd/edge/login.go b/ziti/cmd/edge/login.go index 1117c5b0b..03daf14b4 100644 --- a/ziti/cmd/edge/login.go +++ b/ziti/cmd/edge/login.go @@ -126,6 +126,8 @@ func (o *LoginOptions) Run() error { if o.Admin { host = strings.Replace(host, "/edge/client/v1", "/edge/management/v1", 1) + } else { + host = strings.Replace(host, "/edge/management/v1", "/edge/client/v1", 1) } } From 209f099c07262fc06eb5ce31f1a2a773371062cd Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Fri, 27 Sep 2024 13:11:31 -0400 Subject: [PATCH 3/5] revert admin bool and simply truncate path part of ztAPI if login with --file so existing logic will append correct mgmt base path if appropriate --- ziti/cmd/edge/login.go | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/ziti/cmd/edge/login.go b/ziti/cmd/edge/login.go index 03daf14b4..22e42b99f 100644 --- a/ziti/cmd/edge/login.go +++ b/ziti/cmd/edge/login.go @@ -52,7 +52,6 @@ type LoginOptions struct { ClientKey string ExtJwt string File string - Admin bool FileCertCreds *edge_apis.IdentityCredentials } @@ -93,7 +92,6 @@ func NewLoginCmd(out io.Writer, errOut io.Writer) *cobra.Command { cmd.Flags().StringVarP(&options.ClientKey, "client-key", "k", "", "The key to use with certificate authentication") cmd.Flags().StringVarP(&options.ExtJwt, "ext-jwt", "e", "", "A file containing a JWT from an external provider to be used for authentication") cmd.Flags().StringVarP(&options.File, "file", "f", "", "An identity file to use for authentication") - cmd.Flags().BoolVar(&options.Admin, "admin", true, "If set false, login to client API instead of management API") options.AddCommonFlags(cmd) @@ -124,11 +122,8 @@ func (o *LoginOptions) Run() error { host = cfg.ZtAPIs[0] } - if o.Admin { - host = strings.Replace(host, "/edge/client/v1", "/edge/management/v1", 1) - } else { - host = strings.Replace(host, "/edge/management/v1", "/edge/client/v1", 1) - } + host = strings.TrimSuffix(host, "/edge/client/v1") + } id := config.GetIdentity() From 327b45f33fc4f252d919038c5b60f875584a5c4c Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Fri, 27 Sep 2024 13:48:41 -0400 Subject: [PATCH 4/5] use the parsed HTTP origin instead of truncating the path part --- ziti/cmd/edge/login.go | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/ziti/cmd/edge/login.go b/ziti/cmd/edge/login.go index 22e42b99f..c6e2c47ed 100644 --- a/ziti/cmd/edge/login.go +++ b/ziti/cmd/edge/login.go @@ -116,14 +116,19 @@ func (o *LoginOptions) Run() error { idCredentials := edge_apis.NewIdentityCredentialsFromConfig(cfg.ID) o.FileCertCreds = idCredentials - host = cfg.ZtAPI + ztAPI := cfg.ZtAPI + // override with the first HA client API URL if defined if len(cfg.ZtAPIs) > 0 { - host = cfg.ZtAPIs[0] + ztAPI = cfg.ZtAPIs[0] } - host = strings.TrimSuffix(host, "/edge/client/v1") + parsedZtAPI, err := url.Parse(ztAPI) + if err != nil { + return errors.Wrap(err, "invalid client API URL in ztAPI property of identity file") + } + host = parsedZtAPI.Scheme + "://" + parsedZtAPI.Host } id := config.GetIdentity() From 7d539e5cb8a970e38664912bb5f132304ac78dea Mon Sep 17 00:00:00 2001 From: Kenneth Bingham Date: Fri, 27 Sep 2024 13:54:28 -0400 Subject: [PATCH 5/5] only assign the host to host --- ziti/cmd/edge/login.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ziti/cmd/edge/login.go b/ziti/cmd/edge/login.go index c6e2c47ed..bed5c45a6 100644 --- a/ziti/cmd/edge/login.go +++ b/ziti/cmd/edge/login.go @@ -125,10 +125,10 @@ func (o *LoginOptions) Run() error { parsedZtAPI, err := url.Parse(ztAPI) if err != nil { - return errors.Wrap(err, "invalid client API URL in ztAPI property of identity file") + return fmt.Errorf("could not parse ztAPI '%s' as a URL", ztAPI) } - host = parsedZtAPI.Scheme + "://" + parsedZtAPI.Host + host = parsedZtAPI.Host } id := config.GetIdentity()