env_core.Environment.Token -> env_core.Environment.AccountToken (#820)…

…; new 'zrok rebase' tree with 'zrok rebase apiEndpoint' and 'zrok rebase accountToken' (#897)
openziti · Feb 26, 2025 · cf3f3c1 · cf3f3c1
1 parent 6006410
commit cf3f3c1
Show file tree

Hide file tree

Showing 20 changed files with 112 additions and 40 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -14,7 +14,7 @@ FEATURE: `zrok share [public|private|reserved]` and `zrok access private` now au
 
 FEATURE: `zrok access private` supports a new `--auto` mode, which can automatically find an available open address/port to bind the frontend listener on. Also includes `--auto-address`, `--auto-start-port`, and `--auto-end-port` features with sensible defaults. Supported by both the agent and local operating modes (https://github.com/openziti/zrok/issues/780)
 
-FEATURE: `zrok rebase` command allows "rebasing" an enabled environment onto a different API endpoint. This is useful for migrating already-enabled environments between endpoints supporting different zrok versions (https://github.com/openziti/zrok/issues/869)
+FEATURE: `zrok rebase` commands (`zrok rebase apiEndpoint` and `zrok rebase accountToken`) allows "rebasing" an enabled environment onto a different API endpoint or a different account token. This is useful for migrating already-enabled environments between endpoints supporting different zrok versions, and is also useful when regenerating an account token (https://github.com/openziti/zrok/issues/869, https://github.com/openziti/zrok/issues/897)
 
 FEATURE: `zrok test canary` CLI tree replaces the old `zrok test loop` tree; new `zrok test canary public-proxy` and `zrok test canary private-proxy` provide modernized, updated versions of what the `zrok test loop` commands used to do. This new approach will serve as the foundation for all future zrok testing infrastructure (https://github.com/openziti/zrok/issues/771)
 

diff --git a/cmd/zrok/accessPrivate.go b/cmd/zrok/accessPrivate.go
@@ -116,7 +116,7 @@ func (cmd *accessPrivateCommand) accessLocal(args []string, root env_core.Root)
 		cmd.error(err)
 	}
 
-	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().Token)
+	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().AccountToken)
 	req := share.NewAccessParams()
 	req.Body.ShareToken = shrToken
 	req.Body.EnvZID = root.Environment().ZitiIdentity

diff --git a/cmd/zrok/disable.go b/cmd/zrok/disable.go
@@ -49,7 +49,7 @@ func (cmd *disableCommand) run(_ *cobra.Command, _ []string) {
 		}
 		panic(err)
 	}
-	auth := httpTransport.APIKeyAuth("X-TOKEN", "header", env.Environment().Token)
+	auth := httpTransport.APIKeyAuth("X-TOKEN", "header", env.Environment().AccountToken)
 	req := restEnvironment.NewDisableParams()
 	req.Body.Identity = env.Environment().ZitiIdentity
 

diff --git a/cmd/zrok/enable.go b/cmd/zrok/enable.go
@@ -120,7 +120,7 @@ func (cmd *enableCommand) run(_ *cobra.Command, args []string) {
 		prg.Send("writing the environment details...")
 	}
 	apiEndpoint, _ := env.ApiEndpoint()
-	if err := env.SetEnvironment(&env_core.Environment{Token: token, ZitiIdentity: resp.Payload.Identity, ApiEndpoint: apiEndpoint}); err != nil {
+	if err := env.SetEnvironment(&env_core.Environment{AccountToken: token, ZitiIdentity: resp.Payload.Identity, ApiEndpoint: apiEndpoint}); err != nil {
 		if !cmd.headless && prg != nil {
 			prg.Send(fmt.Sprintf("there was an error saving the new environment: %v", err))
 			prg.Quit()

diff --git a/cmd/zrok/main.go b/cmd/zrok/main.go
@@ -33,6 +33,7 @@ func init() {
 	rootCmd.AddCommand(modifyCmd)
 	organizationCmd.AddCommand(organizationAdminCmd)
 	rootCmd.AddCommand(organizationCmd)
+	rootCmd.AddCommand(rebaseCmd)
 	rootCmd.AddCommand(shareCmd)
 	rootCmd.AddCommand(testCmd)
 	testCmd.AddCommand(testCanaryCmd)
@@ -126,6 +127,11 @@ var organizationCmd = &cobra.Command{
 	Short:   "Organization commands",
 }
 
+var rebaseCmd = &cobra.Command{
+	Use:   "rebase",
+	Short: "Rebase enabled zrok environment",
+}
+
 var shareCmd = &cobra.Command{
 	Use:   "share",
 	Short: "Create backend access for shares",

diff --git a/cmd/zrok/modifyShare.go b/cmd/zrok/modifyShare.go
@@ -54,7 +54,7 @@ func (cmd *modifyShareCommand) run(_ *cobra.Command, args []string) {
 		}
 		panic(err)
 	}
-	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().Token)
+	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().AccountToken)
 
 	if len(cmd.addAccessGrants) > 0 || len(cmd.removeAccessGrants) > 0 {
 		req := share.NewUpdateShareParams()

diff --git a/cmd/zrok/orgAdminList.go b/cmd/zrok/orgAdminList.go
@@ -50,7 +50,7 @@ func (c *orgAdminListCommand) run(_ *cobra.Command, args []string) {
 		}
 		panic(err)
 	}
-	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().Token)
+	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().AccountToken)
 
 	req := metadata.NewListOrgMembersParams()
 	req.OrganizationToken = args[0]

diff --git a/cmd/zrok/orgAdminOverview.go b/cmd/zrok/orgAdminOverview.go
@@ -51,7 +51,7 @@ func (cmd *orgAdminOverviewCommand) run(_ *cobra.Command, args []string) {
 		}
 		panic(err)
 	}
-	req.Header.Add("X-TOKEN", root.Environment().Token)
+	req.Header.Add("X-TOKEN", root.Environment().AccountToken)
 	resp, err := client.Do(req)
 	if err != nil {
 		if !panicInstead {

diff --git a/cmd/zrok/orgMemberships.go b/cmd/zrok/orgMemberships.go
@@ -49,7 +49,7 @@ func (c *orgMembershipsCommand) run(_ *cobra.Command, _ []string) {
 		}
 		panic(err)
 	}
-	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().Token)
+	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().AccountToken)
 
 	in, err := zrok.Metadata.ListMemberships(nil, auth)
 	if err != nil {

diff --git a/cmd/zrok/rebaseAccountToken.go b/cmd/zrok/rebaseAccountToken.go
@@ -0,0 +1,66 @@
+package main
+
+import (
+	"bufio"
+	"fmt"
+	"github.com/openziti/zrok/environment"
+	"github.com/openziti/zrok/tui"
+	"github.com/spf13/cobra"
+	"os"
+)
+
+func init() {
+	rebaseCmd.AddCommand(newRebaseAccountTokenCommand().cmd)
+}
+
+type rebaseAccountTokenCommand struct {
+	cmd *cobra.Command
+}
+
+func newRebaseAccountTokenCommand() *rebaseAccountTokenCommand {
+	cmd := &cobra.Command{
+		Use:   "accountToken <accountToken>",
+		Short: "Rebase an enabled environment onto a different account token",
+		Args:  cobra.ExactArgs(1),
+	}
+	command := &rebaseAccountTokenCommand{cmd: cmd}
+	cmd.Run = command.run
+	return command
+}
+
+func (cmd *rebaseAccountTokenCommand) run(_ *cobra.Command, args []string) {
+	root, err := environment.LoadRoot()
+	if err != nil {
+		tui.Error("error loading root", err)
+	}
+
+	if !root.IsEnabled() {
+		tui.Error("environment not enabled; 'zrok enable' your environment instead", nil)
+	}
+
+	env := root.Environment()
+	if args[0] != env.AccountToken {
+		fmt.Printf("this action will rebase your enabled environment to use the account token '%v'\n", args[0])
+		fmt.Println()
+		fmt.Println("you should only proceed if you understand why you're doing this!")
+		fmt.Println()
+		fmt.Print("to proceed, type 'yes': ")
+		scanner := bufio.NewScanner(os.Stdin)
+		if scanner.Scan() {
+			text := scanner.Text()
+			if text != "yes" {
+				tui.Error("rebase aborted!", nil)
+			}
+		}
+		fmt.Println()
+
+		env.AccountToken = args[0]
+		if err := root.SetEnvironment(env); err != nil {
+			tui.Error("error rebasing environment", err)
+		}
+
+		fmt.Printf("environment rebased to account token '%v'\n", env.AccountToken)
+	} else {
+		fmt.Printf("environment already configured to use the account token '%v'\n", env.AccountToken)
+	}
+}
diff --git a/cmd/zrok/rebase.go → cmd/zrok/rebaseApiEndpoint.go b/cmd/zrok/rebase.go → cmd/zrok/rebaseApiEndpoint.go
@@ -10,25 +10,25 @@ import (
 )
 
 func init() {
-	rootCmd.AddCommand(newRebaseCommand().cmd)
+	rebaseCmd.AddCommand(newRebaseApiEndpointCommand().cmd)
 }
 
-type rebaseCommand struct {
+type rebaseApiEndpointCommand struct {
 	cmd *cobra.Command
 }
 
-func newRebaseCommand() *rebaseCommand {
+func newRebaseApiEndpointCommand() *rebaseApiEndpointCommand {
 	cmd := &cobra.Command{
-		Use:   "rebase <apiEndpoint>",
+		Use:   "apiEndpoint <apiEndpoint>",
 		Short: "Rebase an enabled environment onto a different API endpoint URL",
 		Args:  cobra.ExactArgs(1),
 	}
-	command := &rebaseCommand{cmd: cmd}
+	command := &rebaseApiEndpointCommand{cmd: cmd}
 	cmd.Run = command.run
 	return command
 }
 
-func (cmd *rebaseCommand) run(_ *cobra.Command, args []string) {
+func (cmd *rebaseApiEndpointCommand) run(_ *cobra.Command, args []string) {
 	root, err := environment.LoadRoot()
 	if err != nil {
 		tui.Error("error loading root", err)
@@ -40,7 +40,7 @@ func (cmd *rebaseCommand) run(_ *cobra.Command, args []string) {
 
 	currentEndpoint, _ := root.ApiEndpoint()
 	if args[0] != currentEndpoint {
-		fmt.Printf("this action will rebase your enabled environment to use the zrok API at: %v\n", currentEndpoint)
+		fmt.Printf("this action will rebase your enabled environment to use the zrok API at: %v\n", args[0])
 		fmt.Println()
 		fmt.Println("you should only proceed if you understand why you're doing this!")
 		fmt.Println()

diff --git a/cmd/zrok/release.go b/cmd/zrok/release.go
@@ -50,7 +50,7 @@ func (cmd *releaseCommand) run(_ *cobra.Command, args []string) {
 		panic(err)
 	}
 
-	auth := httptransport.APIKeyAuth("X-TOKEN", "header", env.Environment().Token)
+	auth := httptransport.APIKeyAuth("X-TOKEN", "header", env.Environment().AccountToken)
 	req := share.NewUnshareParams()
 	req.Body.EnvZID = env.Environment().ZitiIdentity
 	req.Body.ShareToken = shrToken

diff --git a/cmd/zrok/shareReserved.go b/cmd/zrok/shareReserved.go
@@ -105,7 +105,7 @@ func (cmd *shareReservedCommand) shareLocal(args []string, root env_core.Root) {
 	if err != nil {
 		cmd.error("unable to create zrok client", err)
 	}
-	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().Token)
+	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().AccountToken)
 	req := metadata.NewGetShareDetailParams()
 	req.ShareToken = shrToken
 	resp, err := zrok.Metadata.GetShareDetail(req, auth)

diff --git a/cmd/zrok/status.go b/cmd/zrok/status.go
@@ -67,14 +67,14 @@ func (cmd *statusCommand) run(_ *cobra.Command, _ []string) {
 		t.SetStyle(table.StyleColoredDark)
 		t.AppendHeader(table.Row{"Property", "Value"})
 		if cmd.secrets {
-			t.AppendRow(table.Row{"Secret Token", env.Environment().Token})
+			t.AppendRow(table.Row{"Account Token", env.Environment().AccountToken})
 			t.AppendRow(table.Row{"Ziti Identity", env.Environment().ZitiIdentity})
 		} else {
 			secretToken := "<<SET>>"
-			if env.Environment().Token == "" {
+			if env.Environment().AccountToken == "" {
 				secretToken = "<<UNSET>>"
 			}
-			t.AppendRow(table.Row{"Secret Token", secretToken})
+			t.AppendRow(table.Row{"Account Token", secretToken})
 
 			zId := "<<SET>>"
 			if env.Environment().ZitiIdentity == "" {

diff --git a/environment/env_core/model.go b/environment/env_core/model.go
@@ -32,7 +32,7 @@ type Root interface {
 }
 
 type Environment struct {
-	Token        string
+	AccountToken string
 	ZitiIdentity string
 	ApiEndpoint  string
 }

diff --git a/environment/env_v0_3/root.go b/environment/env_v0_3/root.go
@@ -205,7 +205,7 @@ func loadEnvironment() (*env_core.Environment, error) {
 		return nil, errors.Wrapf(err, "error unmarshaling environment file '%v'", ef)
 	}
 	out := &env_core.Environment{
-		Token:        env.Token,
+		AccountToken: env.AccountToken,
 		ZitiIdentity: env.ZId,
 		ApiEndpoint:  env.ApiEndpoint,
 	}
@@ -214,9 +214,9 @@ func loadEnvironment() (*env_core.Environment, error) {
 
 func saveEnvironment(env *env_core.Environment) error {
 	in := &environment{
-		Token:       env.Token,
-		ZId:         env.ZitiIdentity,
-		ApiEndpoint: env.ApiEndpoint,
+		AccountToken: env.AccountToken,
+		ZId:          env.ZitiIdentity,
+		ApiEndpoint:  env.ApiEndpoint,
 	}
 	data, err := json.MarshalIndent(in, "", "  ")
 	if err != nil {
@@ -256,7 +256,7 @@ type config struct {
 }
 
 type environment struct {
-	Token       string `json:"zrok_token"`
-	ZId         string `json:"ziti_identity"`
-	ApiEndpoint string `json:"api_endpoint"`
+	AccountToken string `json:"zrok_token"`
+	ZId          string `json:"ziti_identity"`
+	ApiEndpoint  string `json:"api_endpoint"`
 }
diff --git a/environment/env_v0_4/root.go b/environment/env_v0_4/root.go
@@ -282,7 +282,7 @@ func loadEnvironment() (*env_core.Environment, error) {
 		return nil, errors.Wrapf(err, "error unmarshaling environment file '%v'", ef)
 	}
 	out := &env_core.Environment{
-		Token:        env.Token,
+		AccountToken: env.AccountToken,
 		ZitiIdentity: env.ZId,
 		ApiEndpoint:  env.ApiEndpoint,
 	}
@@ -291,9 +291,9 @@ func loadEnvironment() (*env_core.Environment, error) {
 
 func saveEnvironment(env *env_core.Environment) error {
 	in := &environment{
-		Token:       env.Token,
-		ZId:         env.ZitiIdentity,
-		ApiEndpoint: env.ApiEndpoint,
+		AccountToken: env.AccountToken,
+		ZId:          env.ZitiIdentity,
+		ApiEndpoint:  env.ApiEndpoint,
 	}
 	data, err := json.MarshalIndent(in, "", "  ")
 	if err != nil {
@@ -335,7 +335,7 @@ type config struct {
 }
 
 type environment struct {
-	Token       string `json:"zrok_token"`
-	ZId         string `json:"ziti_identity"`
-	ApiEndpoint string `json:"api_endpoint"`
+	AccountToken string `json:"zrok_token"`
+	ZId          string `json:"ziti_identity"`
+	ApiEndpoint  string `json:"api_endpoint"`
 }
diff --git a/sdk/golang/sdk/access.go b/sdk/golang/sdk/access.go
@@ -20,7 +20,7 @@ func CreateAccess(root env_core.Root, request *AccessRequest) (*Access, error) {
 	if err != nil {
 		return nil, errors.Wrap(err, "error getting zrok client")
 	}
-	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().Token)
+	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().AccountToken)
 
 	in, err := zrok.Share.Access(out, auth)
 	if err != nil {
@@ -40,7 +40,7 @@ func DeleteAccess(root env_core.Root, acc *Access) error {
 	if err != nil {
 		return errors.Wrap(err, "error getting zrok client")
 	}
-	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().Token)
+	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().AccountToken)
 
 	_, err = zrok.Share.Unaccess(out, auth)
 	if err != nil {

diff --git a/sdk/golang/sdk/overview.go b/sdk/golang/sdk/overview.go
@@ -19,7 +19,7 @@ func Overview(root env_core.Root) (string, error) {
 	if err != nil {
 		return "", err
 	}
-	req.Header.Add("X-TOKEN", root.Environment().Token)
+	req.Header.Add("X-TOKEN", root.Environment().AccountToken)
 	resp, err := client.Do(req)
 	if err != nil {
 		return "", err

diff --git a/sdk/golang/sdk/share.go b/sdk/golang/sdk/share.go
@@ -50,7 +50,7 @@ func CreateShare(root env_core.Root, request *ShareRequest) (*Share, error) {
 	if err != nil {
 		return nil, errors.Wrap(err, "error getting zrok client")
 	}
-	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().Token)
+	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().AccountToken)
 
 	in, err := zrok.Share.Share(out, auth)
 	if err != nil {
@@ -104,7 +104,7 @@ func DeleteShare(root env_core.Root, shr *Share) error {
 	if err != nil {
 		return errors.Wrap(err, "error getting zrok client")
 	}
-	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().Token)
+	auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().AccountToken)
 
 	_, err = zrok.Share.Unshare(req, auth)
 	if err != nil {