Skip to content

Commit

Permalink
fix(rust): setup authority node properly to enroll to project with en…
Browse files Browse the repository at this point in the history 
…rollment ticket
  • Loading branch information
@adrianbenavides
adrianbenavides committed Nov 7, 2023
1 parent fef75fc commit 004166e
Show file tree
Hide file tree
Showing 3 changed files with 28 additions and 42 deletions.
8 changes: 4 additions & 4 deletions implementations/rust/ockam/ockam_api/src/enroll/enrollment.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ impl Enrollment for SecureClient {
token: OidcToken,
) -> miette::Result<EnrollStatus> {
let req = Request::post("v0/enroll").body(AuthenticateOidcToken::new(token));
trace!(target: TARGET, "executing auth0 flow");
debug!(target: TARGET, "executing auth0 flow");
let reply = self
.tell(ctx, "auth0_authenticator", req)
.await
Expand All @@ -94,7 +94,7 @@ impl Enrollment for SecureClient {
token: OidcToken,
) -> miette::Result<()> {
let req = Request::post("v0/enroll").body(AuthenticateOidcToken::new(token));
trace!(target: TARGET, "executing auth0 flow");
debug!(target: TARGET, "executing auth0 flow");
self.tell(ctx, DefaultAddress::OKTA_IDENTITY_PROVIDER, req)
.await
.into_diagnostic()?
Expand All @@ -104,7 +104,7 @@ impl Enrollment for SecureClient {

async fn present_token(&self, ctx: &Context, token: &OneTimeCode) -> miette::Result<()> {
let req = Request::post("/").body(token);
trace!(target: TARGET, "present a token");
debug!(target: TARGET, "present a token");
self.tell(ctx, DefaultAddress::ENROLLMENT_TOKEN_ACCEPTOR, req)
.await
.into_diagnostic()?
Expand All @@ -114,7 +114,7 @@ impl Enrollment for SecureClient {

async fn issue_credential(&self, ctx: &Context) -> miette::Result<CredentialAndPurposeKey> {
let req = Request::post("/");
trace!(target: TARGET, "getting a credential");
debug!(target: TARGET, "getting a credential");
self.ask(ctx, DefaultAddress::CREDENTIAL_ISSUER, req)
.await
.into_diagnostic()?
Expand Down
1 change: 1 addition & 0 deletions implementations/rust/ockam/ockam_api/src/nodes/service/portals.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -744,6 +744,7 @@ impl Inlets for BackgroundNode {
authorized_identifier: &Option<Identifier>,
wait_for_outlet_timeout: Duration,
) -> miette::Result<Reply<InletStatus>> {
debug!(%listen_addr, %outlet_addr, "Creating TCP inlet");
self.add_policy_to_project(ctx, "tcp-inlet").await?;
let request = {
let via_project = outlet_addr.matches(0, &[Project::CODE.into()]);
Expand Down
61 changes: 23 additions & 38 deletions implementations/rust/ockam/ockam_app_lib/src/invitations/commands.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ use miette::IntoDiagnostic;
use std::collections::HashMap;
use std::net::SocketAddr;
use std::str::FromStr;
use std::sync::Arc;
use std::time::Duration;
use tracing::{debug, info, trace, warn};

Expand All @@ -21,7 +20,6 @@ use ockam_api::nodes::BackgroundNode;
use ockam_api::ConnectionStatus;
use ockam_multiaddr::MultiAddr;

use crate::background_node::BackgroundNodeClient;
use crate::invitations::state::{Inlet, ReceivedInvitationStatus};
use crate::shared_service::relay::create::relay_name_from_identifier;
use crate::state::{AppState, PROJECT_NAME};
Expand Down Expand Up @@ -318,7 +316,6 @@ impl AppState {
}

let cli_state = self.state().await;
let background_node_client = self.background_node_client().await;
for invitation in invitations.accepted.invitations {
match InletDataFromInvitation::new(
&cli_state,
Expand All @@ -327,13 +324,7 @@ impl AppState {
) {
Ok(inlet_data) => match inlet_data {
Some(inlet_data) => {
let result = self
.refresh_inlet(
cli_state.clone(),
background_node_client.clone(),
inlet_data,
)
.await;
let result = self.refresh_inlet(inlet_data).await;
{
// we want to reduce the scope of the guard as much as possible
let mut guard = invitations_arc.write().await;
Expand Down Expand Up @@ -373,36 +364,35 @@ impl AppState {

async fn refresh_inlet(
&self,
cli_state: CliState,
background_node_client: Arc<dyn BackgroundNodeClient>,
mut inlet_data: InletDataFromInvitation,
) -> crate::Result<Option<Inlet>> {
let inlet_node_name = &inlet_data.local_node_name;
debug!(node = %inlet_node_name, "Checking node status");
if !inlet_data.enabled {
debug!(node = %inlet_node_name, "TCP inlet is disabled by the user, just deleting the node");
self.delete_background_node(inlet_node_name).await?;
debug!(node = %inlet_node_name, "TCP inlet is disabled by the user, deleting the node");
let _ = self.delete_background_node(inlet_node_name).await;
// we want to keep the entry to store the attribute `enabled = false`
return Inlet::new(inlet_data).map(Some);
}

self.background_node_client()
.await
.nodes()
.create(inlet_node_name)
.await?;

let mut inlet_node = self.background_node(inlet_node_name).await?;
inlet_node.set_timeout(Duration::from_secs(5));

// if disabled it'll be deleted
if let Ok(node) = cli_state.nodes.get(inlet_node_name) {
if node.is_running() {
debug!(node = %inlet_node_name, "Node already running");
if let Ok(inlet) = inlet_node
.show_inlet(&self.context(), &inlet_data.service_name)
.await?
.success()
{
if inlet.status == ConnectionStatus::Up {
inlet_data.socket_addr = Some(inlet.bind_addr.parse()?);
return Inlet::new(inlet_data).map(Some);
}
}
if let Ok(inlet) = inlet_node
.show_inlet(&self.context(), &inlet_data.service_name)
.await?
.success()
{
if inlet.status == ConnectionStatus::Up {
debug!(node = %inlet_node_name, alias = %inlet.alias, "TCP inlet is already up");
inlet_data.socket_addr = Some(inlet.bind_addr.parse()?);
return Inlet::new(inlet_data).map(Some);
}
}

Expand All @@ -413,9 +403,7 @@ impl AppState {
return Ok(None);
}

let socket_addr = self
.create_inlet(background_node_client.clone(), inlet_node, &inlet_data)
.await?;
let socket_addr = self.create_inlet(inlet_node, &inlet_data).await?;

inlet_data.socket_addr = Some(socket_addr);
Inlet::new(inlet_data).map(Some)
Expand All @@ -425,7 +413,6 @@ impl AppState {
/// Returns the inlet SocketAddr
async fn create_inlet(
&self,
background_node_client: Arc<dyn BackgroundNodeClient>,
inlet_node: BackgroundNode,
inlet_data: &InletDataFromInvitation,
) -> crate::Result<SocketAddr> {
Expand All @@ -447,6 +434,7 @@ impl AppState {
None => get_free_address()?,
};
if let Some(enrollment_ticket_hex) = enrollment_ticket_hex {
debug!(node = %local_node_name, "Enrolling node with enrollment ticket");
let enrollment_ticket = EnrollmentTicket::try_from(enrollment_ticket_hex.as_ref())?;
let project_authority = {
let project_lookup = enrollment_ticket
Expand All @@ -455,7 +443,7 @@ impl AppState {
let project = Project::from(project_lookup);
let cli_state = self.state().await;
// Store project and trust context to CLI state if they don't exist.
if let Err(e) = cli_state.projects.create(&project.name, project.clone()) {
if let Err(e) = cli_state.projects.overwrite(&project.name, project.clone()) {
match e {
CliStateError::AlreadyExists { .. } => {}
_ => {
Expand All @@ -465,7 +453,7 @@ impl AppState {
}
if let Err(e) = cli_state
.trust_contexts
.create(local_node_name, project.clone().try_into()?)
.overwrite(local_node_name, project.clone().try_into()?)
{
match e {
CliStateError::AlreadyExists { .. } => {}
Expand All @@ -487,15 +475,12 @@ impl AppState {
)
.await
.into_diagnostic()?;
debug!(node = %local_node_name, "Presenting enrollment ticket to authority node");
authority_node
.present_token(&self.context(), &enrollment_ticket.one_time_code)
.await?;
authority_node.issue_credential(&self.context()).await?;
}
background_node_client
.nodes()
.create(local_node_name)
.await?;

// give time for the node to spawn up
tokio::time::sleep(Duration::from_millis(250)).await;
Expand Down

0 comments on commit 004166e

Please sign in to comment.