Merge pull request #2710 from openziti/add-verify-ext-jwt-oidc.addendum

refinements to original add-verify-ext-jwt-oidc

CHANGELOG.md

@@ -1,3 +1,15 @@
+# Release 1.3.4
+
+# What's New
+
+* Moved `ziti ops verify-network` to `ziti ops verify network`
+* Moved `ziti ops verify traffic` to `ziti ops verify traffic`
+* Added `ziti ops verify ext-jwt-signer oidc` to help users with configuring OIDC external auth 
+
+* Bug Fixes
+
+## Component Updates and Bug Fixes
+
 # Release 1.3.3
 
 # What's New

internal/cobra/cobra-utils.go

@@ -119,4 +119,7 @@ Common flags for all commands:
 
 Use "{{.CommandPath}} [command] --help" for more information about a command.
 `)
+	cmd.SetUsageFunc(func(c *cobra.Command) error {
+		return cmd.Help()
+	})
 }

ziti/cmd/cmd.go

@@ -21,7 +21,7 @@ import (
 	goflag "flag"
 	"fmt"
 	"github.com/openziti/ziti/ziti/cmd/ascode/importer"
-	ext_jwt_signer "github.com/openziti/ziti/ziti/cmd/edge/ext-jwt-signer"
+	"github.com/openziti/ziti/ziti/cmd/ops/verify"
 	"io"
 	"os"
 	"path/filepath"
@@ -38,7 +38,6 @@ import (
 	"github.com/openziti/ziti/ziti/cmd/fabric"
 	"github.com/openziti/ziti/ziti/cmd/pki"
 	"github.com/openziti/ziti/ziti/cmd/templates"
-	"github.com/openziti/ziti/ziti/cmd/verify"
 	c "github.com/openziti/ziti/ziti/constants"
 	"github.com/openziti/ziti/ziti/controller"
 	"github.com/openziti/ziti/ziti/internal/log"
@@ -147,9 +146,7 @@ func NewCmdRoot(in io.Reader, out, err io.Writer, cmd *cobra.Command) *cobra.Com
 	opsCommands.AddCommand(database.NewCmdDb(out, err))
 	opsCommands.AddCommand(NewCmdLogFormat(out, err))
 	opsCommands.AddCommand(NewUnwrapIdentityFileCommand(out, err))
-	opsCommands.AddCommand(verify.NewVerifyNetwork(out, err))
-	opsCommands.AddCommand(verify.NewVerifyTraffic(out, err))
-	opsCommands.AddCommand(ext_jwt_signer.NewVerifyExtJwtSignerCmd(out, err, context.Background()))
+	opsCommands.AddCommand(verify.NewVerifyCommand(out, err, context.Background()))
 	opsCommands.AddCommand(exporter.NewExportCmd(out, err))
 	opsCommands.AddCommand(importer.NewImportCmd(out, err))
 

ziti/cmd/edge/ext-jwt-signer/oidc/oidc.go → ziti/cmd/ops/verify/ext-jwt-signer/oidc/oidc.go

@@ -23,6 +23,12 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+
 	"github.com/fatih/color"
 	"github.com/google/uuid"
 	"github.com/gorilla/securecookie"
@@ -34,16 +40,10 @@ import (
 	httphelper "github.com/zitadel/oidc/v2/pkg/http"
 	"github.com/zitadel/oidc/v2/pkg/oidc"
 	"golang.org/x/oauth2"
-	"io"
-	"net/http"
-	"net/url"
-	"strings"
-	"time"
 
 	"github.com/openziti/ziti/internal"
 	ziticobra "github.com/openziti/ziti/internal/cobra"
 	"github.com/openziti/ziti/internal/rest/client"
-	"github.com/openziti/ziti/ziti/cmd/api"
 	"github.com/openziti/ziti/ziti/cmd/edge"
 )
 
@@ -277,6 +277,10 @@ func NewOidcVerificationCmd(out io.Writer, errOut io.Writer, initialContext cont
 		Short: "test an external JWT signer for OIDC auth",
 		Long:  "tests and verifies an external JWT signer is configured correctly to authenticate using OIDC",
 		Args:  cobra.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			// Force display of the usage template
+			return cmd.Usage()
+		},
 		Run: func(cmd *cobra.Command, args []string) {
 			logLvl := logrus.InfoLevel
 			if opts.Verbose {
@@ -396,28 +400,7 @@ func NewOidcVerificationCmd(out io.Writer, errOut io.Writer, initialContext cont
 	cmd.Flags().StringVar(&opts.ControllerUrl, "controller-url", "", "The url of the controller")
 	cmd.Flags().StringSliceVarP(&opts.additionalScopes, "additional-scopes", "s", []string{}, "List of additional scopes to add")
 
-	l := ziticobra.GetFlagsForAnnotation(cmd, edge.LoginFlagKey)
-	c := ziticobra.GetFlagsForAnnotation(cmd, api.CommonFlagKey)
-	u := ziticobra.GetFlagsWithoutAnnotations(cmd, edge.LoginFlagKey, api.CommonFlagKey)
-	cmd.SetHelpTemplate(`{{.Long}}
-
-Usage:
-  {{.UseLine}}
-
-Available Commands:
-{{range .Commands}}{{if (or .IsAvailableCommand (eq .Name "help"))}}
-  {{rpad .Name .NamePadding }} {{.Short}}{{end}}{{end}}
-
-Flags:
-` + u + `
-Flags related to logging in:
-` + l + `
-Common flags for all commands:
-` + c + `
-
-Use "{{.CommandPath}} [command] --help" for more information about a command.
-`)
-
+	ziticobra.SetHelpTemplate(cmd)
 	return cmd
 }
 

ziti/cmd/edge/ext-jwt-signer/verify-ext-jwt-signer.go → ziti/cmd/ops/verify/ext-jwt-signer/verify-ext-jwt-signer.go

@@ -14,18 +14,20 @@
 	limitations under the License.
 */
 
-package oidc
+package ext_jwt_signer
 
 import (
 	"context"
-	"github.com/openziti/ziti/ziti/cmd/edge/ext-jwt-signer/oidc"
-	"github.com/spf13/cobra"
 	"io"
+
+	"github.com/spf13/cobra"
+
+	"github.com/openziti/ziti/ziti/cmd/ops/verify/ext-jwt-signer/oidc"
 )
 
 func NewVerifyExtJwtSignerCmd(out io.Writer, errOut io.Writer, initialContext context.Context) *cobra.Command {
 	cmd := &cobra.Command{
-		Use:   "verify-ext-auth",
+		Use:   "ext-jwt-signer",
 		Short: "test if an external JWT signer is correctly configured",
 		Long:  "tests and verifies an external JWT signer is configured correctly",
 	}

ziti/cmd/ops/verify/ops_verify.go

@@ -0,0 +1,39 @@
+/*
+	Copyright NetFoundry Inc.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+	https://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+package verify
+
+import (
+	"context"
+	"io"
+
+	"github.com/openziti/ziti/ziti/cmd/ops/verify/ext-jwt-signer"
+	"github.com/spf13/cobra"
+)
+
+func NewVerifyCommand(out io.Writer, errOut io.Writer, initialContext context.Context) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "verify",
+		Short: "a group of commands used to verify an overlay is setup properly",
+		Long:  "a group of commands used to verify an overlay is setup properly",
+	}
+
+	cmd.AddCommand(NewVerifyNetwork(out, errOut))
+	cmd.AddCommand(NewVerifyTraffic(out, errOut))
+	cmd.AddCommand(ext_jwt_signer.NewVerifyExtJwtSignerCmd(out, errOut, initialContext))
+
+	return cmd
+}

ziti/cmd/verify/ops_verify_network.go → ziti/cmd/ops/verify/ops_verify_network.go

@@ -18,7 +18,6 @@ package verify
 
 import (
 	"fmt"
-	"github.com/openziti/ziti/internal"
 	"io"
 	"net"
 	"os"
@@ -31,6 +30,7 @@ import (
 	"gopkg.in/yaml.v3"
 
 	"github.com/openziti/ziti/common"
+	"github.com/openziti/ziti/internal"
 )
 
 var log = pfxlog.Logger()
@@ -55,7 +55,7 @@ func NewVerifyNetwork(_ io.Writer, _ io.Writer) *cobra.Command {
 	n := &network{}
 
 	cmd := &cobra.Command{
-		Use:   "verify-network",
+		Use:   "network",
 		Short: "Verifies the overlay is configured correctly",
 		Long:  "A tool to verify network configurations, checking controller and router ports or other common problems",
 		Run: func(cmd *cobra.Command, args []string) {

ziti/cmd/verify/ops_verify_traffic.go → ziti/cmd/ops/verify/ops_verify_traffic.go

@@ -19,16 +19,14 @@ import (
 	"bufio"
 	"context"
 	"fmt"
-	"github.com/michaelquigley/pfxlog"
-	"github.com/openziti/ziti/internal"
-	"github.com/openziti/ziti/ziti/cmd/edge"
-	"github.com/sirupsen/logrus"
 	"io"
 	"net"
 	"strings"
 	"sync"
 	"time"
 
+	"github.com/michaelquigley/pfxlog"
+	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 
 	"github.com/openziti/edge-api/rest_management_api_client"
@@ -39,7 +37,9 @@ import (
 	"github.com/openziti/edge-api/rest_model"
 	"github.com/openziti/sdk-golang/ziti"
 	"github.com/openziti/sdk-golang/ziti/enroll"
+	"github.com/openziti/ziti/internal"
 	"github.com/openziti/ziti/internal/rest/mgmt"
+	"github.com/openziti/ziti/ziti/cmd/edge"
 )
 
 type traffic struct {
@@ -62,7 +62,7 @@ type traffic struct {
 func NewVerifyTraffic(out io.Writer, errOut io.Writer) *cobra.Command {
 	t := &traffic{}
 	cmd := &cobra.Command{
-		Use:   "verify-traffic",
+		Use:   "traffic",
 		Short: "Verifies traffic",
 		Long:  "A tool to verify traffic can flow over the overlay properly. You must be authenticated to use this tool.",
 		Run: func(cmd *cobra.Command, args []string) {
@@ -85,7 +85,7 @@ func NewVerifyTraffic(out io.Writer, errOut io.Writer) *cobra.Command {
 				t.mode = "both"
 			}
 
-			t.svcName = t.prefix + ".verify-traffic"
+			t.svcName = t.prefix + ".traffic"
 
 			t.serverIdName = t.prefix + ".server"
 			extraSeverIdName := ""
@@ -191,8 +191,8 @@ func handleConnection(conn net.Conn) {
 	if err != nil {
 		log.Fatal(err)
 	}
-	if strings.Contains(line, "verify-traffic test") {
-		log.Info("verify-traffic test successfully detected")
+	if strings.Contains(line, "traffic test") {
+		log.Info("traffic test successfully detected")
 	}
 	log.Debugf("read : %s", strings.TrimSpace(line))
 	resp := fmt.Sprintf("you sent me: %s", line)
@@ -224,7 +224,7 @@ func (t *traffic) startClient(client *rest_management_api_client.ZitiEdgeManagem
 	zitiReader := bufio.NewReader(svc)
 	zitiWriter := bufio.NewWriter(svc)
 
-	text := "verify-traffic test\n"
+	text := "traffic test\n"
 	bytesRead, err := zitiWriter.WriteString(text)
 	_ = zitiWriter.Flush()
 	if err != nil {