diff --git a/docs/release-notes.md b/docs/release-notes.md index 698137b..0f53d4f 100644 --- a/docs/release-notes.md +++ b/docs/release-notes.md @@ -1,5 +1,14 @@ # Release Notes +## Version v1.1.4 +* Improved setup flow for AWS & DigitalOcean + +## Version v1.1.3 +* New Feature: Log packets traversing the VPN Server. This release supports logging TCP / DNS / HTTP / HTTPS packets and inspecting the destination of http/https packets. + +## Version v1.1.2 +* UI: fixes in user creation + ## Version v1.1.0 * UI: change VPN configuration within the admin UI * UI: ability to reload WireGuard® configuration diff --git a/pkg/license/aws.go b/pkg/license/aws.go index 1a81e87..4b507e7 100644 --- a/pkg/license/aws.go +++ b/pkg/license/aws.go @@ -13,7 +13,7 @@ import ( const AWS_PRODUCT_CODE = "7h7h3bnutjn0ziamv7npi8a69" func getMetadataToken(client http.Client) string { - metadataEndpoint := "http://" + metadataIP + "/latest/api/token" + metadataEndpoint := "http://" + MetadataIP + "/latest/api/token" req, err := http.NewRequest("PUT", metadataEndpoint, nil) if err != nil { @@ -62,7 +62,7 @@ func isOnAWS(client http.Client) bool { func getInstanceIdentityDocument(client http.Client, token string) (InstanceIdentityDocument, error) { var instanceIdentityDocument InstanceIdentityDocument - endpoint := "http://" + metadataIP + "/2022-09-24/dynamic/instance-identity/document" + endpoint := "http://" + MetadataIP + "/2022-09-24/dynamic/instance-identity/document" req, err := http.NewRequest("GET", endpoint, nil) if err != nil { return instanceIdentityDocument, err @@ -145,7 +145,7 @@ func getLicense(client http.Client, key string) (License, error) { } func getLicenseFromMetaData(token string, client http.Client) (string, error) { - endpoint := "http://" + metadataIP + "/2022-09-24/meta-data/tags/instance/license" + endpoint := "http://" + MetadataIP + "/2022-09-24/meta-data/tags/instance/license" req, err := http.NewRequest("GET", endpoint, nil) if err != nil { return "", err @@ -173,7 +173,7 @@ func getLicenseFromMetaData(token string, client http.Client) (string, error) { func getAWSInstanceType(client http.Client) string { token := getMetadataToken(client) - endpoint := "http://" + metadataIP + "/latest/meta-data/instance-type" + endpoint := "http://" + MetadataIP + "/latest/meta-data/instance-type" req, err := http.NewRequest("GET", endpoint, nil) if err != nil { return "" @@ -194,6 +194,30 @@ func getAWSInstanceType(client http.Client) string { return "" } +func GetAWSInstanceID(client http.Client) (string, error) { + token := getMetadataToken(client) + + endpoint := "http://" + MetadataIP + "/latest/meta-data/instance-id" + req, err := http.NewRequest("GET", endpoint, nil) + if err != nil { + return "", err + } + if token != "" { + req.Header.Add("X-aws-ec2-metadata-token", token) + } + + resp, err := client.Do(req) + if err != nil { + return "", err + } + defer resp.Body.Close() + if resp.StatusCode == 200 { + bodyBytes, _ := io.ReadAll(resp.Body) + return string(bodyBytes), err + } + return "", fmt.Errorf("received statuscode %d from aws metadata api", resp.StatusCode) +} + func GetMaxUsersAWS(instanceType string) int { if instanceType == "" { return 3 diff --git a/pkg/license/azure.go b/pkg/license/azure.go index 468cc6f..18ab9de 100644 --- a/pkg/license/azure.go +++ b/pkg/license/azure.go @@ -9,7 +9,7 @@ import ( ) func isOnAzure(client http.Client) bool { - req, err := http.NewRequest("GET", "http://"+metadataIP+"/metadata/versions", nil) + req, err := http.NewRequest("GET", "http://"+MetadataIP+"/metadata/versions", nil) if err != nil { return false } @@ -51,7 +51,7 @@ func GetMaxUsersAzure(instanceType string) int { return 3 } func getAzureInstanceType(client http.Client) string { - metadataEndpoint := "http://" + metadataIP + "/metadata/instance?api-version=2021-02-01" + metadataEndpoint := "http://" + MetadataIP + "/metadata/instance?api-version=2021-02-01" req, err := http.NewRequest("GET", metadataEndpoint, nil) if err != nil { return "" diff --git a/pkg/license/digitalocean.go b/pkg/license/digitalocean.go index 04b6a05..5be4c07 100644 --- a/pkg/license/digitalocean.go +++ b/pkg/license/digitalocean.go @@ -1,6 +1,7 @@ package license import ( + "bufio" "fmt" "io" "net/http" @@ -11,7 +12,7 @@ import ( ) func isOnDigitalOcean(client http.Client) bool { - endpoint := "http://" + metadataIP + "/metadata/v1/interfaces/private/0/type" + endpoint := "http://" + MetadataIP + "/metadata/v1/interfaces/private/0/type" req, err := http.NewRequest("GET", endpoint, nil) if err != nil { return false @@ -60,7 +61,7 @@ func getDigitalOceanLicenseKey(storage storage.ReadWriter, client http.Client) ( func getDigitalOceanIdentifier(client http.Client) (string, error) { id := "" - endpoint := "http://" + metadataIP + "/metadata/v1/id" + endpoint := "http://" + MetadataIP + "/metadata/v1/id" req, err := http.NewRequest("GET", endpoint, nil) if err != nil { return id, err @@ -82,3 +83,39 @@ func getDigitalOceanIdentifier(client http.Client) (string, error) { return strings.TrimSpace(string(body)), nil } + +func HasDigitalOceanTagSet(client http.Client, tag string) (bool, error) { + endpoint := "http://" + MetadataIP + "/metadata/v1/tags" + req, err := http.NewRequest("GET", endpoint, nil) + if err != nil { + return false, err + } + + resp, err := client.Do(req) + if err != nil { + return false, err + } + defer resp.Body.Close() + + if resp.StatusCode != 200 { + body, err := io.ReadAll(resp.Body) + if err != nil { + return false, err + } + return false, fmt.Errorf("wrong statuscode returned: %d; body: %s", resp.StatusCode, body) + } + + scanner := bufio.NewScanner(resp.Body) + for scanner.Scan() { + if tag == strings.TrimSpace(scanner.Text()) { + return true, nil + } + } + + if err := scanner.Err(); err != nil { + return false, err + } + + return false, nil + +} diff --git a/pkg/license/gcp.go b/pkg/license/gcp.go index 8428ef9..5e69c54 100644 --- a/pkg/license/gcp.go +++ b/pkg/license/gcp.go @@ -11,7 +11,7 @@ import ( ) func isOnGCP(client http.Client) bool { - endpoint := "http://" + metadataIP + "/computeMetadata/v1/" + endpoint := "http://" + MetadataIP + "/computeMetadata/v1/" req, err := http.NewRequest("GET", endpoint, nil) if err != nil { return false @@ -62,7 +62,7 @@ func getGCPLicenseKey(storage storage.ReadWriter, client http.Client) (string, e func getGCPIdentifier(client http.Client) (string, error) { id := "" - endpoint := "http://" + metadataIP + "/computeMetadata/v1/project/project-id" + endpoint := "http://" + MetadataIP + "/computeMetadata/v1/project/project-id" req, err := http.NewRequest("GET", endpoint, nil) if err != nil { return id, err diff --git a/pkg/license/gcp_test.go b/pkg/license/gcp_test.go index 37d2672..f52b047 100644 --- a/pkg/license/gcp_test.go +++ b/pkg/license/gcp_test.go @@ -22,7 +22,7 @@ func TestGuessInfrastructureGCP(t *testing.T) { })) defer ts.Close() - metadataIP = strings.Replace(ts.URL, "http://", "", -1) + MetadataIP = strings.Replace(ts.URL, "http://", "", -1) infra := guessInfrastructure() @@ -50,7 +50,7 @@ func TestGetMaxUsersGCPBYOL(t *testing.T) { defer ts.Close() licenseURL = ts.URL - metadataIP = strings.Replace(ts.URL, "http://", "", -1) + MetadataIP = strings.Replace(ts.URL, "http://", "", -1) mockStorage := &memorystorage.MockMemoryStorage{} err := mockStorage.WriteFile("config/license.key", []byte("license-1234556-license")) diff --git a/pkg/license/license.go b/pkg/license/license.go index 5ddf077..b3cfb77 100644 --- a/pkg/license/license.go +++ b/pkg/license/license.go @@ -11,7 +11,7 @@ import ( randomutils "github.com/in4it/wireguard-server/pkg/utils/random" ) -var metadataIP = "169.254.169.254" +var MetadataIP = "169.254.169.254" var licenseURL = "https://in4it-vpn-server.s3.amazonaws.com/licenses" func guessInfrastructure() string { diff --git a/pkg/license/license_test.go b/pkg/license/license_test.go index 9f41356..87172fa 100644 --- a/pkg/license/license_test.go +++ b/pkg/license/license_test.go @@ -96,7 +96,7 @@ func TestGetMaxUsersAWSBYOL(t *testing.T) { "t3.xlarge": 50, } licenseURL = ts.URL - metadataIP = strings.Replace(ts.URL, "http://", "", -1) + MetadataIP = strings.Replace(ts.URL, "http://", "", -1) for _, v := range testCases { if v2 := GetMaxUsersAWSBYOL(http.Client{Timeout: 5 * time.Second}, &memorystorage.MockMemoryStorage{}); v2 != v { t.Fatalf("Wrong output: %d vs %d", v2, v) @@ -127,7 +127,7 @@ func TestGuessInfrastructureAzure(t *testing.T) { })) defer ts.Close() - metadataIP = strings.Replace(ts.URL, "http://", "", -1) + MetadataIP = strings.Replace(ts.URL, "http://", "", -1) infra := guessInfrastructure() @@ -170,7 +170,7 @@ func TestGuessInfrastructureAWSMarketplace(t *testing.T) { })) defer ts.Close() - metadataIP = strings.Replace(ts.URL, "http://", "", -1) + MetadataIP = strings.Replace(ts.URL, "http://", "", -1) infra := guessInfrastructure() @@ -204,7 +204,7 @@ func TestGuessInfrastructureAWS(t *testing.T) { })) defer ts.Close() - metadataIP = strings.Replace(ts.URL, "http://", "", -1) + MetadataIP = strings.Replace(ts.URL, "http://", "", -1) infra := guessInfrastructure() @@ -223,7 +223,7 @@ func TestGuessInfrastructureOther(t *testing.T) { })) defer ts.Close() - metadataIP = strings.Replace(ts.URL, "http://", "", -1) + MetadataIP = strings.Replace(ts.URL, "http://", "", -1) infra := guessInfrastructure() @@ -248,7 +248,7 @@ func TestGetAzureInstanceType(t *testing.T) { })) defer ts.Close() - metadataIP = strings.Replace(ts.URL, "http://", "", -1) + MetadataIP = strings.Replace(ts.URL, "http://", "", -1) usersPerVCPU := 25 @@ -275,7 +275,7 @@ func TestGetAWSInstanceType(t *testing.T) { })) defer ts.Close() - metadataIP = strings.Replace(ts.URL, "http://", "", -1) + MetadataIP = strings.Replace(ts.URL, "http://", "", -1) users := GetMaxUsersAWS(getAWSInstanceType(http.Client{Timeout: 5 * time.Second})) @@ -294,7 +294,7 @@ func TestGuessInfrastructureDigitalOcean(t *testing.T) { })) defer ts.Close() - metadataIP = strings.Replace(ts.URL, "http://", "", -1) + MetadataIP = strings.Replace(ts.URL, "http://", "", -1) infra := guessInfrastructure() @@ -330,7 +330,7 @@ func TestGetMaxUsersDigitalOceanBYOL(t *testing.T) { defer ts.Close() licenseURL = ts.URL - metadataIP = strings.Replace(ts.URL, "http://", "", -1) + MetadataIP = strings.Replace(ts.URL, "http://", "", -1) mockStorage := &memorystorage.MockMemoryStorage{} err := mockStorage.WriteFile("config/license.key", []byte("license-1234556-license")) @@ -383,7 +383,7 @@ func TestGetLicenseKey(t *testing.T) { w.WriteHeader(http.StatusNotFound) })) - metadataIP = strings.Replace(ts.URL, "http://", "", -1) + MetadataIP = strings.Replace(ts.URL, "http://", "", -1) logging.Loglevel = logging.LOG_DEBUG + logging.LOG_ERROR key := GetLicenseKey(&memorystorage.MockMemoryStorage{}, "") diff --git a/pkg/rest/context.go b/pkg/rest/context.go index ddea413..5343ba3 100644 --- a/pkg/rest/context.go +++ b/pkg/rest/context.go @@ -110,6 +110,7 @@ func getEmptyContext(appDir string) (*Context, error) { TokenRenewalTimeMinutes: oidcrenewal.DEFAULT_RENEWAL_TIME_MINUTES, LogLevel: logging.LOG_ERROR, SCIM: &SCIM{EnableSCIM: false}, + SAML: &SAML{Providers: &[]saml.Provider{}}, } return c, nil } diff --git a/pkg/rest/setup.go b/pkg/rest/setup.go index d100c2c..454796a 100644 --- a/pkg/rest/setup.go +++ b/pkg/rest/setup.go @@ -18,6 +18,7 @@ import ( "github.com/google/uuid" "github.com/in4it/wireguard-server/pkg/auth/oidc" "github.com/in4it/wireguard-server/pkg/auth/saml" + "github.com/in4it/wireguard-server/pkg/license" "github.com/in4it/wireguard-server/pkg/users" "github.com/in4it/wireguard-server/pkg/wireguard" ) @@ -35,14 +36,44 @@ func (c *Context) contextHandler(w http.ResponseWriter, r *http.Request) { c.SetupCompleted = true } if !c.SetupCompleted { - localSecret, err := c.Storage.Client.ReadFile(SETUP_CODE_FILE) - if err != nil { - c.returnError(w, fmt.Errorf("secret file read error: %s", err), http.StatusBadRequest) - return + // check if tag hash is chosen + accessGranted := false + switch c.CloudType { + case "digitalocean": // check if the hashtag is set + if contextReq.TagHash != "" { + accessGranted, err = license.HasDigitalOceanTagSet(http.Client{Timeout: 5 * time.Second}, contextReq.TagHash) + if err != nil { + c.returnError(w, fmt.Errorf("could not retrieve tags at this time: %s", err), http.StatusUnauthorized) + return + } + if !accessGranted { + c.returnError(w, fmt.Errorf("tag not found. Make sure the correct tag is attached to the droplet"), http.StatusUnauthorized) + return + } + } + case "aws": // check if the instance id is set + if contextReq.InstanceID != "" { + instanceID, err := license.GetAWSInstanceID(http.Client{Timeout: 5 * time.Second}) + if err != nil { + c.returnError(w, fmt.Errorf("could not retrieve instance id at this time: %s", err), http.StatusUnauthorized) + return + } + if strings.TrimPrefix(instanceID, "i-") == strings.TrimPrefix(contextReq.InstanceID, "i-") { + accessGranted = true + } + } } - if strings.TrimSpace(string(localSecret)) != contextReq.Secret { - c.returnError(w, fmt.Errorf("wrong secret provided"), http.StatusUnauthorized) - return + // check secret + if !accessGranted { + localSecret, err := c.Storage.Client.ReadFile(SETUP_CODE_FILE) + if err != nil { + c.returnError(w, fmt.Errorf("secret file read error: %s", err), http.StatusBadRequest) + return + } + if strings.TrimSpace(string(localSecret)) != contextReq.Secret { + c.returnError(w, fmt.Errorf("wrong secret provided"), http.StatusUnauthorized) + return + } } if contextReq.AdminPassword != "" { adminUser := users.User{ @@ -95,10 +126,8 @@ func (c *Context) contextHandler(w http.ResponseWriter, r *http.Request) { } } } - cOut := Context{ - SetupCompleted: c.SetupCompleted, - } - out, err := json.Marshal(cOut) + + out, err := json.Marshal(ContextSetupResponse{SetupCompleted: c.SetupCompleted}) if err != nil { c.returnError(w, err, http.StatusBadRequest) return diff --git a/pkg/rest/setup_test.go b/pkg/rest/setup_test.go new file mode 100644 index 0000000..0465b7b --- /dev/null +++ b/pkg/rest/setup_test.go @@ -0,0 +1,293 @@ +package rest + +import ( + "bytes" + "encoding/json" + "io" + "net/http" + "net/http/httptest" + "strings" + "testing" + + "github.com/in4it/wireguard-server/pkg/license" + memorystorage "github.com/in4it/wireguard-server/pkg/storage/memory" + "github.com/in4it/wireguard-server/pkg/users" +) + +func TestContextHandlerSetupSecret(t *testing.T) { + storage := &memorystorage.MockMemoryStorage{} + + storage.WriteFile(SETUP_CODE_FILE, []byte(`secret setup code`)) + + userStore, err := users.NewUserStore(storage, -1) + if err != nil { + t.Fatalf("new user store error") + } + c, err := getEmptyContext("appdir") + if err != nil { + t.Fatalf("cannot create empty context") + } + c.Storage = &Storage{Client: storage} + c.UserStore = userStore + + payload := ContextRequest{ + Secret: "secret setup code", + AdminPassword: "adminPassword", + } + payloadBytes, err := json.Marshal(payload) + if err != nil { + t.Fatalf("marshal error: %s", err) + } + req := httptest.NewRequest("POST", "http://example.com/setup", bytes.NewBuffer(payloadBytes)) + w := httptest.NewRecorder() + c.contextHandler(w, req) + + resp := w.Result() + + if resp.StatusCode != 200 { + t.Fatalf("status code is not 200: %d", resp.StatusCode) + } + + defer resp.Body.Close() + + body, err := io.ReadAll(resp.Body) + if err != nil { + t.Fatalf("got read error: %s", err) + } + + var contextSetupResponse ContextSetupResponse + err = json.Unmarshal(body, &contextSetupResponse) + if err != nil { + t.Fatalf("unmarshal error: %s", err) + } + if !contextSetupResponse.SetupCompleted { + t.Fatalf("expected setup to be completed") + } +} + +func TestContextHandlerSetupWrongSecret(t *testing.T) { + storage := &memorystorage.MockMemoryStorage{} + + storage.WriteFile(SETUP_CODE_FILE, []byte(`secret setup code`)) + + userStore, err := users.NewUserStore(storage, -1) + if err != nil { + t.Fatalf("new user store error") + } + c, err := getEmptyContext("appdir") + if err != nil { + t.Fatalf("cannot create empty context") + } + c.Storage = &Storage{Client: storage} + c.UserStore = userStore + + payload := ContextRequest{ + AdminPassword: "adminPassword", + } + payloadBytes, err := json.Marshal(payload) + if err != nil { + t.Fatalf("marshal error: %s", err) + } + req := httptest.NewRequest("POST", "http://example.com/setup", bytes.NewBuffer(payloadBytes)) + w := httptest.NewRecorder() + c.contextHandler(w, req) + + resp := w.Result() + + if resp.StatusCode != 401 { + t.Fatalf("status code is not 401: %d", resp.StatusCode) + } + + defer resp.Body.Close() + + body, err := io.ReadAll(resp.Body) + if err != nil { + t.Fatalf("got read error: %s", err) + } + + var contextSetupResponse ContextSetupResponse + err = json.Unmarshal(body, &contextSetupResponse) + if err != nil { + t.Fatalf("unmarshal error: %s", err) + } + if contextSetupResponse.SetupCompleted { + t.Fatalf("expected setup to not be completed") + } +} +func TestContextHandlerSetupWrongSecretPartial(t *testing.T) { + storage := &memorystorage.MockMemoryStorage{} + + storage.WriteFile(SETUP_CODE_FILE, []byte(`secret setup code`)) + + userStore, err := users.NewUserStore(storage, -1) + if err != nil { + t.Fatalf("new user store error") + } + c, err := getEmptyContext("appdir") + if err != nil { + t.Fatalf("cannot create empty context") + } + c.Storage = &Storage{Client: storage} + c.UserStore = userStore + + payload := ContextRequest{ + Secret: "secret setup cod", + AdminPassword: "adminPassword", + } + payloadBytes, err := json.Marshal(payload) + if err != nil { + t.Fatalf("marshal error: %s", err) + } + req := httptest.NewRequest("POST", "http://example.com/setup", bytes.NewBuffer(payloadBytes)) + w := httptest.NewRecorder() + c.contextHandler(w, req) + + resp := w.Result() + + if resp.StatusCode != 401 { + t.Fatalf("status code is not 401: %d", resp.StatusCode) + } + + defer resp.Body.Close() + + body, err := io.ReadAll(resp.Body) + if err != nil { + t.Fatalf("got read error: %s", err) + } + + var contextSetupResponse ContextSetupResponse + err = json.Unmarshal(body, &contextSetupResponse) + if err != nil { + t.Fatalf("unmarshal error: %s", err) + } + if contextSetupResponse.SetupCompleted { + t.Fatalf("expected setup to not be completed") + } +} + +func TestContextHandlerSetupAWSInstanceID(t *testing.T) { + ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if r.RequestURI == "/latest/api/token" { + w.Write([]byte("this is a test token")) + return + } + if r.RequestURI == "/latest/meta-data/instance-id" { + w.Write([]byte("i-012aaaaaaaaaaaaa1")) + return + } + w.WriteHeader(http.StatusBadRequest) + })) + defer ts.Close() + license.MetadataIP = strings.TrimPrefix(ts.URL, "http://") + + storage := &memorystorage.MockMemoryStorage{} + + storage.WriteFile(SETUP_CODE_FILE, []byte(`secret setup code`)) + + userStore, err := users.NewUserStore(storage, -1) + if err != nil { + t.Fatalf("new user store error") + } + c, err := getEmptyContext("appdir") + if err != nil { + t.Fatalf("cannot create empty context") + } + c.Storage = &Storage{Client: storage} + c.UserStore = userStore + c.CloudType = "aws" + + payload := ContextRequest{ + InstanceID: "i-012aaaaaaaaaaaaa1", + AdminPassword: "adminPassword", + } + payloadBytes, err := json.Marshal(payload) + if err != nil { + t.Fatalf("marshal error: %s", err) + } + req := httptest.NewRequest("POST", "http://example.com/setup", bytes.NewBuffer(payloadBytes)) + w := httptest.NewRecorder() + c.contextHandler(w, req) + + resp := w.Result() + + if resp.StatusCode != 200 { + t.Fatalf("status code is not 200: %d", resp.StatusCode) + } + + defer resp.Body.Close() + + body, err := io.ReadAll(resp.Body) + if err != nil { + t.Fatalf("got read error: %s", err) + } + + var contextSetupResponse ContextSetupResponse + err = json.Unmarshal(body, &contextSetupResponse) + if err != nil { + t.Fatalf("unmarshal error: %s", err) + } + if !contextSetupResponse.SetupCompleted { + t.Fatalf("expected setup to be completed") + } +} +func TestContextHandlerSetupDigitalOceanTag(t *testing.T) { + ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if r.RequestURI == "/metadata/v1/tags" { + w.Write([]byte("this-is-a-secret-tag")) + return + } + w.WriteHeader(http.StatusBadRequest) + })) + defer ts.Close() + license.MetadataIP = strings.TrimPrefix(ts.URL, "http://") + + storage := &memorystorage.MockMemoryStorage{} + + storage.WriteFile(SETUP_CODE_FILE, []byte(`secret setup code`)) + + userStore, err := users.NewUserStore(storage, -1) + if err != nil { + t.Fatalf("new user store error") + } + c, err := getEmptyContext("appdir") + if err != nil { + t.Fatalf("cannot create empty context") + } + c.Storage = &Storage{Client: storage} + c.UserStore = userStore + c.CloudType = "digitalocean" + + payload := ContextRequest{ + TagHash: "this-is-a-secret-tag", + AdminPassword: "adminPassword", + } + payloadBytes, err := json.Marshal(payload) + if err != nil { + t.Fatalf("marshal error: %s", err) + } + req := httptest.NewRequest("POST", "http://example.com/setup", bytes.NewBuffer(payloadBytes)) + w := httptest.NewRecorder() + c.contextHandler(w, req) + + resp := w.Result() + + if resp.StatusCode != 200 { + t.Fatalf("status code is not 200: %d", resp.StatusCode) + } + + defer resp.Body.Close() + + body, err := io.ReadAll(resp.Body) + if err != nil { + t.Fatalf("got read error: %s", err) + } + + var contextSetupResponse ContextSetupResponse + err = json.Unmarshal(body, &contextSetupResponse) + if err != nil { + t.Fatalf("unmarshal error: %s", err) + } + if !contextSetupResponse.SetupCompleted { + t.Fatalf("expected setup to be completed") + } +} diff --git a/pkg/rest/types.go b/pkg/rest/types.go index dbbcd8e..66af301 100644 --- a/pkg/rest/types.go +++ b/pkg/rest/types.go @@ -61,10 +61,15 @@ type Storage struct { type ContextRequest struct { Secret string `json:"secret"` + TagHash string `json:"tagHash"` + InstanceID string `json:"instanceID"` AdminPassword string `json:"adminPassword"` Hostname string `json:"hostname"` Protocol string `json:"protocol"` } +type ContextSetupResponse struct { + SetupCompleted bool `json:"setupCompleted"` +} type AuthMethodsResponse struct { LocalAuthDisabled bool `json:"localAuthDisabled"`