feat(ziti): add debug service state

.github/workflows/ci.yml

@@ -30,7 +30,7 @@ jobs:
 
       - name: Generate gRPC stubs
         run: |
-          buf generate buf.build/agynio/api \
+          buf generate "https://github.com/agynio/api.git#branch=noa/ziti-debug-state,subdir=proto" \
             --path agynio/api/ziti_management/v1
 
       - name: Go vet

Dockerfile

@@ -22,7 +22,7 @@ RUN --mount=type=cache,target=/go/pkg/mod \
     go mod download
 
 COPY buf.gen.yaml buf.yaml buf.lock ./
-RUN buf generate buf.build/agynio/api --path agynio/api/ziti_management/v1
+RUN buf generate "https://github.com/agynio/api.git#branch=noa/ziti-debug-state,subdir=proto" --path agynio/api/ziti_management/v1
 
 COPY . .
 

devspace.yaml

@@ -52,7 +52,7 @@ functions:
                     sleep 1; elapsed=$((elapsed + 1))
                     [ "$elapsed" -ge 120 ] && { echo "ERROR: sync timeout" >&2; exit 1; }
                   done
-                  buf generate buf.build/agynio/api --path agynio/api/ziti_management/v1
+                  buf generate "https://github.com/agynio/api.git#branch=noa/ziti-debug-state,subdir=proto" --path agynio/api/ziti_management/v1
                   exec go run ./cmd/ziti-management
               volumeMounts:
                 - name: data
@@ -135,7 +135,7 @@ pipelines:
       exec_container \
         --label-selector "app.kubernetes.io/name=ziti-management-e2e" \
         -n ${ZITI_MANAGEMENT_NAMESPACE} \
-        -- bash -c 'cd /opt/app/data && buf generate buf.build/agynio/api --path agynio/api/ziti_management/v1 && go test -v -count=1 -tags e2e ./test/e2e/'
+        -- bash -c 'cd /opt/app/data && buf generate "https://github.com/agynio/api.git#branch=noa/ziti-debug-state,subdir=proto" --path agynio/api/ziti_management/v1 && go test -v -count=1 -tags e2e ./test/e2e/'
       EXIT_CODE=$?
       stop_dev e2e-runner
       purge_deployments e2e-runner

internal/server/converter.go

@@ -183,3 +183,60 @@ func toProtoManagedIdentity(identity store.ManagedIdentity) (*zitimanagementv1.M
 	}
 	return protoIdentity, nil
 }
+
+func toProtoDebugServiceState(state *ziti.DebugServiceState) *zitimanagementv1.DebugServiceStateResponse {
+	return &zitimanagementv1.DebugServiceStateResponse{
+		ZitiServiceId:   state.ServiceID,
+		ZitiServiceName: state.ServiceName,
+		RoleAttributes:  append([]string(nil), state.RoleAttributes...),
+		Configs:         toProtoDebugConfigs(state.Configs),
+		ServicePolicies: toProtoDebugServicePolicies(state.ServicePolicies),
+		Terminators:     toProtoDebugTerminators(state.Terminators),
+	}
+}
+
+func toProtoDebugConfigs(configs []ziti.DebugConfig) []*zitimanagementv1.DebugConfig {
+	items := make([]*zitimanagementv1.DebugConfig, len(configs))
+	for i, config := range configs {
+		items[i] = &zitimanagementv1.DebugConfig{
+			Id:             config.ID,
+			Name:           config.Name,
+			ConfigTypeId:   config.ConfigTypeID,
+			ConfigTypeName: config.ConfigTypeName,
+			Json:           config.JSON,
+		}
+	}
+	return items
+}
+
+func toProtoDebugServicePolicies(policies []ziti.DebugServicePolicy) []*zitimanagementv1.DebugServicePolicy {
+	items := make([]*zitimanagementv1.DebugServicePolicy, len(policies))
+	for i, policy := range policies {
+		items[i] = &zitimanagementv1.DebugServicePolicy{
+			Id:            policy.ID,
+			Name:          policy.Name,
+			Type:          policy.Type,
+			IdentityRoles: append([]string(nil), policy.IdentityRoles...),
+			ServiceRoles:  append([]string(nil), policy.ServiceRoles...),
+		}
+	}
+	return items
+}
+
+func toProtoDebugTerminators(terminators []ziti.DebugTerminator) []*zitimanagementv1.DebugTerminator {
+	items := make([]*zitimanagementv1.DebugTerminator, len(terminators))
+	for i, terminator := range terminators {
+		items[i] = &zitimanagementv1.DebugTerminator{
+			Id:          terminator.ID,
+			Identity:    terminator.Identity,
+			RouterId:    terminator.RouterID,
+			RouterName:  terminator.RouterName,
+			Precedence:  terminator.Precedence,
+			Cost:        terminator.Cost,
+			DynamicCost: terminator.DynamicCost,
+			Binding:     terminator.Binding,
+			Address:     terminator.Address,
+		}
+	}
+	return items
+}

internal/server/identity_reenroll_test.go

@@ -112,6 +112,10 @@ func (f *fakeZitiClient) CreateServiceWithConfigs(_ context.Context, _ string, _
 	return "", errors.New("unexpected create service with configs")
 }
 
+func (f *fakeZitiClient) DebugServiceState(_ context.Context, _, _ string) (*ziti.DebugServiceState, error) {
+	return nil, errors.New("unexpected debug service state")
+}
+
 func (f *fakeZitiClient) CreateServicePolicy(_ context.Context, _ string, _ string, _ []string, _ []string) (string, error) {
 	return "", errors.New("unexpected create service policy")
 }

internal/server/server.go

@@ -37,6 +37,7 @@ type zitiClient interface {
 	CreateAndEnrollServiceIdentity(ctx context.Context, name string, roleAttributes []string) (string, []byte, error)
 	CreateService(ctx context.Context, name string, roleAttributes []string) (string, error)
 	CreateServiceWithConfigs(ctx context.Context, name string, roleAttributes []string, hostV1 *ziti.HostV1ConfigData, interceptV1 *ziti.InterceptV1ConfigData) (string, error)
+	DebugServiceState(ctx context.Context, serviceID, serviceName string) (*ziti.DebugServiceState, error)
 	CreateServicePolicy(ctx context.Context, name, policyType string, identityRoles, serviceRoles []string) (string, error)
 	CreateDeviceIdentity(ctx context.Context, userIdentityID uuid.UUID, name string) (string, string, error)
 	DeleteIdentity(ctx context.Context, zitiIdentityID string) error
@@ -420,6 +421,43 @@ func (s *Server) DeleteService(ctx context.Context, req *zitimanagementv1.Delete
 	return &zitimanagementv1.DeleteServiceResponse{}, nil
 }
 
+func (s *Server) DebugServiceState(ctx context.Context, req *zitimanagementv1.DebugServiceStateRequest) (*zitimanagementv1.DebugServiceStateResponse, error) {
+	serviceID, serviceName, err := debugServiceIdentifier(req)
+	if err != nil {
+		return nil, err
+	}
+
+	state, err := s.ziti.DebugServiceState(ctx, serviceID, serviceName)
+	if err != nil {
+		if errors.Is(err, ziti.ErrServiceNotFound) {
+			return nil, status.Error(codes.NotFound, "ziti service not found")
+		}
+		return nil, status.Errorf(codes.Internal, "debug ziti service state: %v", err)
+	}
+	return toProtoDebugServiceState(state), nil
+}
+
+func debugServiceIdentifier(req *zitimanagementv1.DebugServiceStateRequest) (string, string, error) {
+	switch identifier := req.GetServiceIdentifier().(type) {
+	case *zitimanagementv1.DebugServiceStateRequest_ZitiServiceId:
+		serviceID := strings.TrimSpace(identifier.ZitiServiceId)
+		if serviceID == "" {
+			return "", "", status.Error(codes.InvalidArgument, "ziti_service_id is required")
+		}
+		return serviceID, "", nil
+	case *zitimanagementv1.DebugServiceStateRequest_ZitiServiceName:
+		serviceName := strings.TrimSpace(identifier.ZitiServiceName)
+		if serviceName == "" {
+			return "", "", status.Error(codes.InvalidArgument, "ziti_service_name is required")
+		}
+		return "", serviceName, nil
+	case nil:
+		return "", "", status.Error(codes.InvalidArgument, "ziti_service_id or ziti_service_name is required")
+	default:
+		return "", "", status.Error(codes.InvalidArgument, "unknown service identifier")
+	}
+}
+
 func (s *Server) CreateDeviceIdentity(ctx context.Context, req *zitimanagementv1.CreateDeviceIdentityRequest) (*zitimanagementv1.CreateDeviceIdentityResponse, error) {
 	userIdentityID, err := parseUUID(req.GetUserIdentityId())
 	if err != nil {

internal/ziti/client.go

@@ -45,11 +45,17 @@ type identityService interface {
 type serviceService interface {
 	CreateService(params *service.CreateServiceParams, authInfo runtime.ClientAuthInfoWriter, opts ...service.ClientOption) (*service.CreateServiceCreated, error)
 	DeleteService(params *service.DeleteServiceParams, authInfo runtime.ClientAuthInfoWriter, opts ...service.ClientOption) (*service.DeleteServiceOK, error)
+	DetailService(params *service.DetailServiceParams, authInfo runtime.ClientAuthInfoWriter, opts ...service.ClientOption) (*service.DetailServiceOK, error)
+	ListServiceConfig(params *service.ListServiceConfigParams, authInfo runtime.ClientAuthInfoWriter, opts ...service.ClientOption) (*service.ListServiceConfigOK, error)
+	ListServiceServicePolicies(params *service.ListServiceServicePoliciesParams, authInfo runtime.ClientAuthInfoWriter, opts ...service.ClientOption) (*service.ListServiceServicePoliciesOK, error)
+	ListServiceTerminators(params *service.ListServiceTerminatorsParams, authInfo runtime.ClientAuthInfoWriter, opts ...service.ClientOption) (*service.ListServiceTerminatorsOK, error)
+	ListServices(params *service.ListServicesParams, authInfo runtime.ClientAuthInfoWriter, opts ...service.ClientOption) (*service.ListServicesOK, error)
 }
 
 type configService interface {
 	CreateConfig(params *config.CreateConfigParams, authInfo runtime.ClientAuthInfoWriter, opts ...config.ClientOption) (*config.CreateConfigCreated, error)
 	DeleteConfig(params *config.DeleteConfigParams, authInfo runtime.ClientAuthInfoWriter, opts ...config.ClientOption) (*config.DeleteConfigOK, error)
+	DetailConfig(params *config.DetailConfigParams, authInfo runtime.ClientAuthInfoWriter, opts ...config.ClientOption) (*config.DetailConfigOK, error)
 }
 
 type servicePolicyService interface {

internal/ziti/client_test.go

@@ -52,8 +52,13 @@ func (f *fakeIdentityService) ListIdentities(params *identity.ListIdentitiesPara
 }
 
 type fakeServiceService struct {
-	createServiceFunc func(params *service.CreateServiceParams) (*service.CreateServiceCreated, error)
-	deleteServiceFunc func(params *service.DeleteServiceParams) (*service.DeleteServiceOK, error)
+	createServiceFunc              func(params *service.CreateServiceParams) (*service.CreateServiceCreated, error)
+	deleteServiceFunc              func(params *service.DeleteServiceParams) (*service.DeleteServiceOK, error)
+	detailServiceFunc              func(params *service.DetailServiceParams) (*service.DetailServiceOK, error)
+	listServiceConfigFunc          func(params *service.ListServiceConfigParams) (*service.ListServiceConfigOK, error)
+	listServiceServicePoliciesFunc func(params *service.ListServiceServicePoliciesParams) (*service.ListServiceServicePoliciesOK, error)
+	listServiceTerminatorsFunc     func(params *service.ListServiceTerminatorsParams) (*service.ListServiceTerminatorsOK, error)
+	listServicesFunc               func(params *service.ListServicesParams) (*service.ListServicesOK, error)
 }
 
 func (f *fakeServiceService) CreateService(params *service.CreateServiceParams, _ runtime.ClientAuthInfoWriter, _ ...service.ClientOption) (*service.CreateServiceCreated, error) {
@@ -70,9 +75,45 @@ func (f *fakeServiceService) DeleteService(params *service.DeleteServiceParams,
 	return f.deleteServiceFunc(params)
 }
 
+func (f *fakeServiceService) DetailService(params *service.DetailServiceParams, _ runtime.ClientAuthInfoWriter, _ ...service.ClientOption) (*service.DetailServiceOK, error) {
+	if f.detailServiceFunc == nil {
+		return nil, errors.New("detail service not stubbed")
+	}
+	return f.detailServiceFunc(params)
+}
+
+func (f *fakeServiceService) ListServiceConfig(params *service.ListServiceConfigParams, _ runtime.ClientAuthInfoWriter, _ ...service.ClientOption) (*service.ListServiceConfigOK, error) {
+	if f.listServiceConfigFunc == nil {
+		return nil, errors.New("list service config not stubbed")
+	}
+	return f.listServiceConfigFunc(params)
+}
+
+func (f *fakeServiceService) ListServiceServicePolicies(params *service.ListServiceServicePoliciesParams, _ runtime.ClientAuthInfoWriter, _ ...service.ClientOption) (*service.ListServiceServicePoliciesOK, error) {
+	if f.listServiceServicePoliciesFunc == nil {
+		return nil, errors.New("list service service policies not stubbed")
+	}
+	return f.listServiceServicePoliciesFunc(params)
+}
+
+func (f *fakeServiceService) ListServiceTerminators(params *service.ListServiceTerminatorsParams, _ runtime.ClientAuthInfoWriter, _ ...service.ClientOption) (*service.ListServiceTerminatorsOK, error) {
+	if f.listServiceTerminatorsFunc == nil {
+		return nil, errors.New("list service terminators not stubbed")
+	}
+	return f.listServiceTerminatorsFunc(params)
+}
+
+func (f *fakeServiceService) ListServices(params *service.ListServicesParams, _ runtime.ClientAuthInfoWriter, _ ...service.ClientOption) (*service.ListServicesOK, error) {
+	if f.listServicesFunc == nil {
+		return nil, errors.New("list services not stubbed")
+	}
+	return f.listServicesFunc(params)
+}
+
 type fakeConfigService struct {
 	createConfigFunc func(params *config.CreateConfigParams) (*config.CreateConfigCreated, error)
 	deleteConfigFunc func(params *config.DeleteConfigParams) (*config.DeleteConfigOK, error)
+	detailConfigFunc func(params *config.DetailConfigParams) (*config.DetailConfigOK, error)
 }
 
 func (f *fakeConfigService) CreateConfig(params *config.CreateConfigParams, _ runtime.ClientAuthInfoWriter, _ ...config.ClientOption) (*config.CreateConfigCreated, error) {
@@ -89,6 +130,13 @@ func (f *fakeConfigService) DeleteConfig(params *config.DeleteConfigParams, _ ru
 	return f.deleteConfigFunc(params)
 }
 
+func (f *fakeConfigService) DetailConfig(params *config.DetailConfigParams, _ runtime.ClientAuthInfoWriter, _ ...config.ClientOption) (*config.DetailConfigOK, error) {
+	if f.detailConfigFunc == nil {
+		return nil, errors.New("detail config not stubbed")
+	}
+	return f.detailConfigFunc(params)
+}
+
 type fakeServicePolicyService struct {
 	createServicePolicyFunc func(params *service_policy.CreateServicePolicyParams) (*service_policy.CreateServicePolicyCreated, error)
 	deleteServicePolicyFunc func(params *service_policy.DeleteServicePolicyParams) (*service_policy.DeleteServicePolicyOK, error)