From e5ed1247eddc9b03a4098799a91f4eb6def70e5e Mon Sep 17 00:00:00 2001 From: Michael Quigley Date: Fri, 20 Sep 2024 16:22:51 -0400 Subject: [PATCH 01/12] rudimentary implementation of 'zrok share reserved' using dual-pathed approach (#751) --- agent/agentClient/agentClient.go | 24 ++++++++++++++-- cmd/zrok/shareReserved.go | 47 ++++++++++++++++++++++++++++++-- 2 files changed, 65 insertions(+), 6 deletions(-) diff --git a/agent/agentClient/agentClient.go b/agent/agentClient/agentClient.go index 8459bc60..110eef0a 100644 --- a/agent/agentClient/agentClient.go +++ b/agent/agentClient/agentClient.go @@ -3,18 +3,20 @@ package agentClient import ( "context" "github.com/openziti/zrok/agent/agentGrpc" + "github.com/openziti/zrok/build" "github.com/openziti/zrok/environment/env_core" - "github.com/openziti/zrok/tui" + "github.com/pkg/errors" "google.golang.org/grpc" "google.golang.org/grpc/credentials/insecure" "google.golang.org/grpc/resolver" "net" + "strings" ) func NewClient(root env_core.Root) (client agentGrpc.AgentClient, conn *grpc.ClientConn, err error) { agentSocket, err := root.AgentSocket() if err != nil { - tui.Error("error getting agent socket", err) + return nil, nil, err } opts := []grpc.DialOption{ @@ -26,8 +28,24 @@ func NewClient(root env_core.Root) (client agentGrpc.AgentClient, conn *grpc.Cli resolver.SetDefaultScheme("passthrough") conn, err = grpc.NewClient(agentSocket, opts...) if err != nil { - tui.Error("error connecting to agent socket", err) + return nil, nil, err } return agentGrpc.NewAgentClient(conn), conn, nil } + +func IsAgentRunning(root env_core.Root) (bool, error) { + client, conn, err := NewClient(root) + if err != nil { + return false, err + } + defer func() { _ = conn.Close() }() + resp, err := client.Version(context.Background(), &agentGrpc.VersionRequest{}) + if err != nil { + return false, nil + } + if !strings.HasPrefix(resp.GetV(), build.Series) { + return false, errors.Errorf("agent reported version '%v'; we expected version '%v'", resp.GetV(), build.Series) + } + return true, nil +} diff --git a/cmd/zrok/shareReserved.go b/cmd/zrok/shareReserved.go index 45ff1acd..99824521 100644 --- a/cmd/zrok/shareReserved.go +++ b/cmd/zrok/shareReserved.go @@ -1,10 +1,13 @@ package main import ( + "context" "encoding/json" "fmt" tea "github.com/charmbracelet/bubbletea" httptransport "github.com/go-openapi/runtime/client" + "github.com/openziti/zrok/agent/agentClient" + "github.com/openziti/zrok/agent/agentGrpc" "github.com/openziti/zrok/endpoints" "github.com/openziti/zrok/endpoints/drive" "github.com/openziti/zrok/endpoints/proxy" @@ -13,6 +16,7 @@ import ( "github.com/openziti/zrok/endpoints/udpTunnel" "github.com/openziti/zrok/endpoints/vpn" "github.com/openziti/zrok/environment" + "github.com/openziti/zrok/environment/env_core" "github.com/openziti/zrok/rest_client_zrok/metadata" "github.com/openziti/zrok/rest_client_zrok/share" "github.com/openziti/zrok/rest_model_zrok" @@ -51,9 +55,6 @@ func newShareReservedCommand() *shareReservedCommand { } func (cmd *shareReservedCommand) run(_ *cobra.Command, args []string) { - shrToken := args[0] - var target string - root, err := environment.LoadRoot() if err != nil { if !panicInstead { @@ -66,6 +67,25 @@ func (cmd *shareReservedCommand) run(_ *cobra.Command, args []string) { tui.Error("unable to load environment; did you 'zrok enable'?", nil) } + if !cmd.agent { + agent, err := agentClient.IsAgentRunning(root) + if err != nil { + tui.Error("error checking if agent is running", err) + } + if agent { + cmd.agentShareReserved(args, root) + } else { + cmd.shareReserved(args, root) + } + } else { + cmd.shareReserved(args, root) + } +} + +func (cmd *shareReservedCommand) shareReserved(args []string, root env_core.Root) { + shrToken := args[0] + var target string + zrok, err := root.Client() if err != nil { if !panicInstead { @@ -390,3 +410,24 @@ func (cmd *shareReservedCommand) run(_ *cobra.Command, args []string) { close(requests) } } + +func (cmd *shareReservedCommand) agentShareReserved(args []string, root env_core.Root) { + logrus.Info("starting") + + client, conn, err := agentClient.NewClient(root) + if err != nil { + tui.Error("error connecting to agent", err) + } + defer conn.Close() + + shr, err := client.ShareReserved(context.Background(), &agentGrpc.ShareReservedRequest{ + Token: args[0], + OverrideEndpoint: cmd.overrideEndpoint, + Insecure: cmd.insecure, + }) + if err != nil { + tui.Error("error sharing reserved share", err) + } + + fmt.Println(shr) +} From 05e0e3a9798d058b7f2754adf1672300b730b99c Mon Sep 17 00:00:00 2001 From: Michael Quigley Date: Mon, 23 Sep 2024 12:14:07 -0400 Subject: [PATCH 02/12] roughed-in dual-pathed cli implementation for 'zrok share [public|private|reserved] (#751) --- cmd/zrok/agentSharePrivate.go | 162 --------------------------------- cmd/zrok/agentSharePublic.go | 144 ----------------------------- cmd/zrok/agentShareReserved.go | 65 ------------- cmd/zrok/sharePrivate.go | 141 ++++++++++++++++++++++++++++ cmd/zrok/sharePublic.go | 119 +++++++++++++++++++++--- cmd/zrok/shareReserved.go | 16 ++-- 6 files changed, 255 insertions(+), 392 deletions(-) delete mode 100644 cmd/zrok/agentSharePrivate.go delete mode 100644 cmd/zrok/agentSharePublic.go delete mode 100644 cmd/zrok/agentShareReserved.go diff --git a/cmd/zrok/agentSharePrivate.go b/cmd/zrok/agentSharePrivate.go deleted file mode 100644 index a85263f5..00000000 --- a/cmd/zrok/agentSharePrivate.go +++ /dev/null @@ -1,162 +0,0 @@ -package main - -import ( - "context" - "fmt" - "github.com/openziti/zrok/agent/agentClient" - "github.com/openziti/zrok/agent/agentGrpc" - "github.com/openziti/zrok/endpoints/vpn" - "github.com/openziti/zrok/environment" - "github.com/openziti/zrok/tui" - "github.com/spf13/cobra" - "net" - "path/filepath" -) - -func init() { - agentShareCmd.AddCommand(newAgentSharePrivateCommand().cmd) -} - -type agentSharePrivateCommand struct { - backendMode string - insecure bool - closed bool - accessGrants []string - cmd *cobra.Command -} - -func newAgentSharePrivateCommand() *agentSharePrivateCommand { - cmd := &cobra.Command{ - Use: "private ", - Short: "Create a private share in the zrok Agent", - Args: cobra.RangeArgs(0, 1), - } - command := &agentSharePrivateCommand{cmd: cmd} - cmd.Flags().StringVarP(&command.backendMode, "backend-mode", "b", "proxy", "The backend mode {proxy, web, tcpTunnel, udpTunnel, caddy, drive, socks, vpn}") - cmd.Flags().BoolVar(&command.insecure, "insecure", false, "Enable insecure TLS certificate validation for ") - cmd.Flags().BoolVar(&command.closed, "closed", false, "Enable closed permission mode (see --access-grant)") - cmd.Flags().StringArrayVar(&command.accessGrants, "access-grant", []string{}, "zrok accounts that are allowed to access this share (see --closed)") - cmd.Run = command.run - return command -} - -func (cmd *agentSharePrivateCommand) run(_ *cobra.Command, args []string) { - var target string - - switch cmd.backendMode { - case "proxy": - if len(args) != 1 { - tui.Error("the 'proxy' backend mode expects a ", nil) - } - v, err := parseUrl(args[0]) - if err != nil { - if !panicInstead { - tui.Error("invalid target endpoint URL", err) - } - panic(err) - } - target = v - - case "web": - if len(args) != 1 { - tui.Error("the 'web' backend mode expects a ", nil) - } - v, err := filepath.Abs(args[0]) - if err != nil { - if !panicInstead { - tui.Error("invalid target endpoint URL", err) - } - panic(err) - } - target = v - - case "tcpTunnel": - if len(args) != 1 { - tui.Error("the 'tcpTunnel' backend mode expects a ", nil) - } - target = args[0] - - case "udpTunnel": - if len(args) != 1 { - tui.Error("the 'udpTunnel' backend mode expects a ", nil) - } - target = args[0] - - case "caddy": - if len(args) != 1 { - tui.Error("the 'caddy' backend mode expects a ", nil) - } - v, err := filepath.Abs(args[0]) - if err != nil { - if !panicInstead { - tui.Error("invalid target endpoint URL", err) - } - panic(err) - } - target = v - - case "drive": - if len(args) != 1 { - tui.Error("the 'drive' backend mode expects a ", nil) - } - v, err := filepath.Abs(args[0]) - if err != nil { - if !panicInstead { - tui.Error("invalid target endpoint URL", err) - } - panic(err) - } - target = v - - case "socks": - if len(args) != 0 { - tui.Error("the 'socks' backend mode does not expect ", nil) - } - target = "socks" - - case "vpn": - if len(args) == 1 { - _, _, err := net.ParseCIDR(args[0]) - if err != nil { - tui.Error("the 'vpn' backend expect valid CIDR ", err) - } - target = args[0] - } else { - target = vpn.DefaultTarget() - } - - default: - tui.Error(fmt.Sprintf("invalid backend mode '%v'", cmd.backendMode), nil) - } - - root, err := environment.LoadRoot() - if err != nil { - if !panicInstead { - tui.Error("unable to load environment", err) - } - panic(err) - } - - if !root.IsEnabled() { - tui.Error("unable to load environment; did you 'zrok enable'?", nil) - } - - client, conn, err := agentClient.NewClient(root) - if err != nil { - tui.Error("error connecting to agent", err) - } - defer conn.Close() - - shr, err := client.SharePrivate(context.Background(), &agentGrpc.SharePrivateRequest{ - Target: target, - BackendMode: cmd.backendMode, - Insecure: cmd.insecure, - Closed: cmd.closed, - AccessGrants: cmd.accessGrants, - }) - if err != nil { - tui.Error("error creating share", err) - } - - fmt.Println(shr) -} diff --git a/cmd/zrok/agentSharePublic.go b/cmd/zrok/agentSharePublic.go deleted file mode 100644 index 9f69da1c..00000000 --- a/cmd/zrok/agentSharePublic.go +++ /dev/null @@ -1,144 +0,0 @@ -package main - -import ( - "context" - "fmt" - "github.com/openziti/zrok/agent/agentClient" - "github.com/openziti/zrok/agent/agentGrpc" - "github.com/openziti/zrok/environment" - "github.com/openziti/zrok/tui" - "github.com/spf13/cobra" - "path/filepath" - "time" -) - -func init() { - agentShareCmd.AddCommand(newAgentSharePublicCommand().cmd) -} - -type agentSharePublicCommand struct { - basicAuth []string - frontendSelection []string - backendMode string - headless bool - insecure bool - oauthProvider string - oauthEmailAddressPatterns []string - oauthCheckInterval time.Duration - closed bool - accessGrants []string - cmd *cobra.Command -} - -func newAgentSharePublicCommand() *agentSharePublicCommand { - cmd := &cobra.Command{ - Use: "public ", - Short: "Create a public share in the zrok Agent", - Args: cobra.ExactArgs(1), - } - command := &agentSharePublicCommand{cmd: cmd} - defaultFrontends := []string{"public"} - if root, err := environment.LoadRoot(); err == nil { - defaultFrontend, _ := root.DefaultFrontend() - defaultFrontends = []string{defaultFrontend} - } - cmd.Flags().StringArrayVar(&command.frontendSelection, "frontend", defaultFrontends, "Selected frontends to use for the share") - cmd.Flags().StringVarP(&command.backendMode, "backend-mode", "b", "proxy", "The backend mode {proxy, web, caddy, drive}") - cmd.Flags().BoolVar(&command.headless, "headless", false, "Disable TUI and run headless") - cmd.Flags().BoolVar(&command.insecure, "insecure", false, "Enable insecure TLS certificate validation for ") - cmd.Flags().BoolVar(&command.closed, "closed", false, "Enable closed permission mode (see --access-grant)") - cmd.Flags().StringArrayVar(&command.accessGrants, "access-grant", []string{}, "zrok accounts that are allowed to access this share (see --closed)") - cmd.Flags().StringArrayVar(&command.basicAuth, "basic-auth", []string{}, "Basic authentication users (,...)") - cmd.Flags().StringVar(&command.oauthProvider, "oauth-provider", "", "Enable OAuth provider [google, github]") - cmd.Flags().StringArrayVar(&command.oauthEmailAddressPatterns, "oauth-email-address-patterns", []string{}, "Allow only these email domain globs to authenticate via OAuth") - cmd.Flags().DurationVar(&command.oauthCheckInterval, "oauth-check-interval", 3*time.Hour, "Maximum lifetime for OAuth authentication; reauthenticate after expiry") - cmd.MarkFlagsMutuallyExclusive("basic-auth", "oauth-provider") - - cmd.Run = command.run - return command -} - -func (cmd *agentSharePublicCommand) run(_ *cobra.Command, args []string) { - var target string - - switch cmd.backendMode { - case "proxy": - v, err := parseUrl(args[0]) - if err != nil { - if !panicInstead { - tui.Error("invalid target endpoint URL", err) - } - panic(err) - } - target = v - - case "web": - v, err := filepath.Abs(args[0]) - if err != nil { - if !panicInstead { - tui.Error("invalid target endpoint URL", err) - } - panic(err) - } - target = v - - case "caddy": - v, err := filepath.Abs(args[0]) - if err != nil { - if !panicInstead { - tui.Error("invalid target endpoint URL", err) - } - panic(err) - } - target = v - - case "drive": - v, err := filepath.Abs(args[0]) - if err != nil { - if !panicInstead { - tui.Error("invalid target endpoint URL", err) - } - panic(err) - } - target = v - - default: - tui.Error(fmt.Sprintf("invalid backend mode '%v'", cmd.backendMode), nil) - } - - root, err := environment.LoadRoot() - if err != nil { - if !panicInstead { - tui.Error("unable to load environment", err) - } - panic(err) - } - - if !root.IsEnabled() { - tui.Error("unable to load environment; did you 'zrok enable'?", nil) - } - - client, conn, err := agentClient.NewClient(root) - if err != nil { - tui.Error("error connecting to agent", err) - } - defer conn.Close() - - shr, err := client.SharePublic(context.Background(), &agentGrpc.SharePublicRequest{ - Target: target, - BasicAuth: cmd.basicAuth, - FrontendSelection: cmd.frontendSelection, - BackendMode: cmd.backendMode, - Insecure: cmd.insecure, - OauthProvider: cmd.oauthProvider, - OauthEmailAddressPatterns: cmd.oauthEmailAddressPatterns, - OauthCheckInterval: cmd.oauthCheckInterval.String(), - Closed: cmd.closed, - AccessGrants: cmd.accessGrants, - }) - if err != nil { - tui.Error("error creating share", err) - } - - fmt.Println(shr) -} diff --git a/cmd/zrok/agentShareReserved.go b/cmd/zrok/agentShareReserved.go deleted file mode 100644 index afcecd12..00000000 --- a/cmd/zrok/agentShareReserved.go +++ /dev/null @@ -1,65 +0,0 @@ -package main - -import ( - "context" - "fmt" - "github.com/openziti/zrok/agent/agentClient" - "github.com/openziti/zrok/agent/agentGrpc" - "github.com/openziti/zrok/environment" - "github.com/openziti/zrok/tui" - "github.com/spf13/cobra" -) - -func init() { - agentShareCmd.AddCommand(newAgentShareReservedCommand().cmd) -} - -type agentShareReservedCommand struct { - overrideEndpoint string - insecure bool - cmd *cobra.Command -} - -func newAgentShareReservedCommand() *agentShareReservedCommand { - cmd := &cobra.Command{ - Use: "reserved ", - Short: "Share an existing reserved share in the zrok Agent", - Args: cobra.ExactArgs(1), - } - command := &agentShareReservedCommand{cmd: cmd} - cmd.Flags().StringVar(&command.overrideEndpoint, "override-endpoint", "", "Override the stored target endpoint with a replacement") - cmd.Flags().BoolVar(&command.insecure, "insecure", false, "Enable insecure TLS certificate validation") - cmd.Run = command.run - return command -} - -func (cmd *agentShareReservedCommand) run(_ *cobra.Command, args []string) { - root, err := environment.LoadRoot() - if err != nil { - if !panicInstead { - tui.Error("unable to load environment", err) - } - panic(err) - } - - if !root.IsEnabled() { - tui.Error("unable to load environment; did you 'zrok enable'?", nil) - } - - client, conn, err := agentClient.NewClient(root) - if err != nil { - tui.Error("error connecting to agent", err) - } - defer conn.Close() - - shr, err := client.ShareReserved(context.Background(), &agentGrpc.ShareReservedRequest{ - Token: args[0], - OverrideEndpoint: cmd.overrideEndpoint, - Insecure: cmd.insecure, - }) - if err != nil { - tui.Error("error sharing reserved share", err) - } - - fmt.Println(shr) -} diff --git a/cmd/zrok/sharePrivate.go b/cmd/zrok/sharePrivate.go index 7dd4421d..24cb072a 100644 --- a/cmd/zrok/sharePrivate.go +++ b/cmd/zrok/sharePrivate.go @@ -1,9 +1,12 @@ package main import ( + "context" "encoding/json" "fmt" tea "github.com/charmbracelet/bubbletea" + "github.com/openziti/zrok/agent/agentClient" + "github.com/openziti/zrok/agent/agentGrpc" "github.com/openziti/zrok/endpoints" "github.com/openziti/zrok/endpoints/drive" "github.com/openziti/zrok/endpoints/proxy" @@ -20,6 +23,7 @@ import ( "net" "os" "os/signal" + "path/filepath" "syscall" ) @@ -56,6 +60,34 @@ func newSharePrivateCommand() *sharePrivateCommand { } func (cmd *sharePrivateCommand) run(_ *cobra.Command, args []string) { + root, err := environment.LoadRoot() + if err != nil { + if !panicInstead { + tui.Error("error loading environment", err) + } + panic(err) + } + + if !root.IsEnabled() { + tui.Error("unable to load environment; did you 'zrok enable'?", nil) + } + + if cmd.agent { + cmd.shareLocal(args, root) + } else { + agent, err := agentClient.IsAgentRunning(root) + if err != nil { + tui.Error("error checking if agent is running", err) + } + if agent { + cmd.shareAgent(args, root) + } else { + cmd.shareLocal(args, root) + } + } +} + +func (cmd *sharePrivateCommand) shareLocal(args []string, root env_core.Root) { var target string switch cmd.backendMode { @@ -424,3 +456,112 @@ func (cmd *sharePrivateCommand) shutdown(root env_core.Root, shr *sdk.Share) { } logrus.Debugf("shutdown complete") } + +func (cmd *sharePrivateCommand) shareAgent(args []string, root env_core.Root) { + var target string + + switch cmd.backendMode { + case "proxy": + if len(args) != 1 { + tui.Error("the 'proxy' backend mode expects a ", nil) + } + v, err := parseUrl(args[0]) + if err != nil { + if !panicInstead { + tui.Error("invalid target endpoint URL", err) + } + panic(err) + } + target = v + + case "web": + if len(args) != 1 { + tui.Error("the 'web' backend mode expects a ", nil) + } + v, err := filepath.Abs(args[0]) + if err != nil { + if !panicInstead { + tui.Error("invalid target endpoint URL", err) + } + panic(err) + } + target = v + + case "tcpTunnel": + if len(args) != 1 { + tui.Error("the 'tcpTunnel' backend mode expects a ", nil) + } + target = args[0] + + case "udpTunnel": + if len(args) != 1 { + tui.Error("the 'udpTunnel' backend mode expects a ", nil) + } + target = args[0] + + case "caddy": + if len(args) != 1 { + tui.Error("the 'caddy' backend mode expects a ", nil) + } + v, err := filepath.Abs(args[0]) + if err != nil { + if !panicInstead { + tui.Error("invalid target endpoint URL", err) + } + panic(err) + } + target = v + + case "drive": + if len(args) != 1 { + tui.Error("the 'drive' backend mode expects a ", nil) + } + v, err := filepath.Abs(args[0]) + if err != nil { + if !panicInstead { + tui.Error("invalid target endpoint URL", err) + } + panic(err) + } + target = v + + case "socks": + if len(args) != 0 { + tui.Error("the 'socks' backend mode does not expect ", nil) + } + target = "socks" + + case "vpn": + if len(args) == 1 { + _, _, err := net.ParseCIDR(args[0]) + if err != nil { + tui.Error("the 'vpn' backend expect valid CIDR ", err) + } + target = args[0] + } else { + target = vpn.DefaultTarget() + } + + default: + tui.Error(fmt.Sprintf("invalid backend mode '%v'", cmd.backendMode), nil) + } + + client, conn, err := agentClient.NewClient(root) + if err != nil { + tui.Error("error connecting to agent", err) + } + defer func() { _ = conn.Close() }() + + shr, err := client.SharePrivate(context.Background(), &agentGrpc.SharePrivateRequest{ + Target: target, + BackendMode: cmd.backendMode, + Insecure: cmd.insecure, + Closed: cmd.closed, + AccessGrants: cmd.accessGrants, + }) + if err != nil { + tui.Error("error creating share", err) + } + + fmt.Println(shr) +} diff --git a/cmd/zrok/sharePublic.go b/cmd/zrok/sharePublic.go index b4190394..9ed9eb73 100644 --- a/cmd/zrok/sharePublic.go +++ b/cmd/zrok/sharePublic.go @@ -1,12 +1,15 @@ package main import ( + "context" "encoding/json" "fmt" tea "github.com/charmbracelet/bubbletea" "github.com/gobwas/glob" + "github.com/openziti/zrok/agent/agentClient" + "github.com/openziti/zrok/agent/agentGrpc" "github.com/openziti/zrok/endpoints" - drive "github.com/openziti/zrok/endpoints/drive" + "github.com/openziti/zrok/endpoints/drive" "github.com/openziti/zrok/endpoints/proxy" "github.com/openziti/zrok/environment" "github.com/openziti/zrok/environment/env_core" @@ -16,6 +19,7 @@ import ( "github.com/spf13/cobra" "os" "os/signal" + "path/filepath" "strings" "syscall" "time" @@ -71,6 +75,34 @@ func newSharePublicCommand() *sharePublicCommand { } func (cmd *sharePublicCommand) run(_ *cobra.Command, args []string) { + root, err := environment.LoadRoot() + if err != nil { + if !panicInstead { + tui.Error("error loading environment", err) + } + panic(err) + } + + if !root.IsEnabled() { + tui.Error("unable to load environment; did you 'zrok enable'?", nil) + } + + if cmd.agent { + cmd.shareLocal(args, root) + } else { + agent, err := agentClient.IsAgentRunning(root) + if err != nil { + tui.Error("error checking if agent is running", err) + } + if agent { + cmd.shareAgent(args, root) + } else { + cmd.shareLocal(args, root) + } + } +} + +func (cmd *sharePublicCommand) shareLocal(args []string, root env_core.Root) { var target string switch cmd.backendMode { @@ -98,18 +130,6 @@ func (cmd *sharePublicCommand) run(_ *cobra.Command, args []string) { tui.Error(fmt.Sprintf("invalid backend mode '%v'; expected {proxy, web, caddy, drive}", cmd.backendMode), nil) } - root, err := environment.LoadRoot() - if err != nil { - if !panicInstead { - tui.Error("unable to load environment", err) - } - panic(err) - } - - if !root.IsEnabled() { - tui.Error("unable to load environment; did you 'zrok enable'?", nil) - } - zif, err := root.ZitiIdentityNamed(root.EnvironmentIdentityName()) if err != nil { if !panicInstead { @@ -327,3 +347,76 @@ func (cmd *sharePublicCommand) shutdown(root env_core.Root, shr *sdk.Share) { } logrus.Debugf("shutdown complete") } + +func (cmd *sharePublicCommand) shareAgent(args []string, root env_core.Root) { + var target string + + switch cmd.backendMode { + case "proxy": + v, err := parseUrl(args[0]) + if err != nil { + if !panicInstead { + tui.Error("invalid target endpoint URL", err) + } + panic(err) + } + target = v + + case "web": + v, err := filepath.Abs(args[0]) + if err != nil { + if !panicInstead { + tui.Error("invalid target endpoint URL", err) + } + panic(err) + } + target = v + + case "caddy": + v, err := filepath.Abs(args[0]) + if err != nil { + if !panicInstead { + tui.Error("invalid target endpoint URL", err) + } + panic(err) + } + target = v + + case "drive": + v, err := filepath.Abs(args[0]) + if err != nil { + if !panicInstead { + tui.Error("invalid target endpoint URL", err) + } + panic(err) + } + target = v + + default: + tui.Error(fmt.Sprintf("invalid backend mode '%v'", cmd.backendMode), nil) + } + + client, conn, err := agentClient.NewClient(root) + if err != nil { + tui.Error("error connecting to agent", err) + } + defer func() { _ = conn.Close() }() + + shr, err := client.SharePublic(context.Background(), &agentGrpc.SharePublicRequest{ + Target: target, + BasicAuth: cmd.basicAuth, + FrontendSelection: cmd.frontendSelection, + BackendMode: cmd.backendMode, + Insecure: cmd.insecure, + OauthProvider: cmd.oauthProvider, + OauthEmailAddressPatterns: cmd.oauthEmailAddressPatterns, + OauthCheckInterval: cmd.oauthCheckInterval.String(), + Closed: cmd.closed, + AccessGrants: cmd.accessGrants, + }) + if err != nil { + tui.Error("error creating share", err) + } + + fmt.Println(shr) +} diff --git a/cmd/zrok/shareReserved.go b/cmd/zrok/shareReserved.go index 99824521..41daa7a4 100644 --- a/cmd/zrok/shareReserved.go +++ b/cmd/zrok/shareReserved.go @@ -67,22 +67,22 @@ func (cmd *shareReservedCommand) run(_ *cobra.Command, args []string) { tui.Error("unable to load environment; did you 'zrok enable'?", nil) } - if !cmd.agent { + if cmd.agent { + cmd.shareLocal(args, root) + } else { agent, err := agentClient.IsAgentRunning(root) if err != nil { tui.Error("error checking if agent is running", err) } if agent { - cmd.agentShareReserved(args, root) + cmd.shareAgent(args, root) } else { - cmd.shareReserved(args, root) + cmd.shareLocal(args, root) } - } else { - cmd.shareReserved(args, root) } } -func (cmd *shareReservedCommand) shareReserved(args []string, root env_core.Root) { +func (cmd *shareReservedCommand) shareLocal(args []string, root env_core.Root) { shrToken := args[0] var target string @@ -411,14 +411,14 @@ func (cmd *shareReservedCommand) shareReserved(args []string, root env_core.Root } } -func (cmd *shareReservedCommand) agentShareReserved(args []string, root env_core.Root) { +func (cmd *shareReservedCommand) shareAgent(args []string, root env_core.Root) { logrus.Info("starting") client, conn, err := agentClient.NewClient(root) if err != nil { tui.Error("error connecting to agent", err) } - defer conn.Close() + defer func() { _ = conn.Close() }() shr, err := client.ShareReserved(context.Background(), &agentGrpc.ShareReservedRequest{ Token: args[0], From 2163f0220d0c3d19cee6622fd914fa4341778def Mon Sep 17 00:00:00 2001 From: Michael Quigley Date: Mon, 23 Sep 2024 13:53:56 -0400 Subject: [PATCH 03/12] add 'zrok access private' to dual-path cli (#751) --- cmd/zrok/accessPrivate.go | 76 ++++++++++++++++++++++++++-------- cmd/zrok/agentAccessPrivate.go | 65 ----------------------------- 2 files changed, 59 insertions(+), 82 deletions(-) delete mode 100644 cmd/zrok/agentAccessPrivate.go diff --git a/cmd/zrok/accessPrivate.go b/cmd/zrok/accessPrivate.go index 0d49d7a3..e6f60dd6 100644 --- a/cmd/zrok/accessPrivate.go +++ b/cmd/zrok/accessPrivate.go @@ -1,17 +1,21 @@ package main import ( + "context" "encoding/json" "fmt" tea "github.com/charmbracelet/bubbletea" "github.com/go-openapi/runtime" httptransport "github.com/go-openapi/runtime/client" + "github.com/openziti/zrok/agent/agentClient" + "github.com/openziti/zrok/agent/agentGrpc" "github.com/openziti/zrok/endpoints" "github.com/openziti/zrok/endpoints/proxy" "github.com/openziti/zrok/endpoints/tcpTunnel" "github.com/openziti/zrok/endpoints/udpTunnel" "github.com/openziti/zrok/endpoints/vpn" "github.com/openziti/zrok/environment" + "github.com/openziti/zrok/environment/env_core" "github.com/openziti/zrok/rest_client_zrok" "github.com/openziti/zrok/rest_client_zrok/share" "github.com/openziti/zrok/rest_model_zrok" @@ -54,18 +58,37 @@ func newAccessPrivateCommand() *accessPrivateCommand { } func (cmd *accessPrivateCommand) run(_ *cobra.Command, args []string) { - shrToken := args[0] - - env, err := environment.LoadRoot() + root, err := environment.LoadRoot() if err != nil { - tui.Error("error loading environment", err) + if !panicInstead { + tui.Error("error loading environment", err) + } + panic(err) } - if !env.IsEnabled() { + if !root.IsEnabled() { tui.Error("unable to load environment; did you 'zrok enable'?", nil) } - zrok, err := env.Client() + if cmd.agent { + cmd.accessLocal(args, root) + } else { + agent, err := agentClient.IsAgentRunning(root) + if err != nil { + tui.Error("error checking if agent is running", err) + } + if agent { + cmd.accessAgent(args, root) + } else { + cmd.accessLocal(args, root) + } + } +} + +func (cmd *accessPrivateCommand) accessLocal(args []string, root env_core.Root) { + shrToken := args[0] + + zrok, err := root.Client() if err != nil { if !panicInstead { tui.Error("unable to create zrok client", err) @@ -73,11 +96,11 @@ func (cmd *accessPrivateCommand) run(_ *cobra.Command, args []string) { panic(err) } - auth := httptransport.APIKeyAuth("X-TOKEN", "header", env.Environment().Token) + auth := httptransport.APIKeyAuth("X-TOKEN", "header", root.Environment().Token) req := share.NewAccessParams() req.Body = &rest_model_zrok.AccessRequest{ ShrToken: shrToken, - EnvZID: env.Environment().ZitiIdentity, + EnvZID: root.Environment().ZitiIdentity, } accessResp, err := zrok.Share.Access(req, auth) if err != nil { @@ -121,7 +144,7 @@ func (cmd *accessPrivateCommand) run(_ *cobra.Command, args []string) { case "tcpTunnel": fe, err := tcpTunnel.NewFrontend(&tcpTunnel.FrontendConfig{ BindAddress: cmd.bindAddress, - IdentityName: env.EnvironmentIdentityName(), + IdentityName: root.EnvironmentIdentityName(), ShrToken: args[0], RequestsChan: requests, }) @@ -143,7 +166,7 @@ func (cmd *accessPrivateCommand) run(_ *cobra.Command, args []string) { case "udpTunnel": fe, err := udpTunnel.NewFrontend(&udpTunnel.FrontendConfig{ BindAddress: cmd.bindAddress, - IdentityName: env.EnvironmentIdentityName(), + IdentityName: root.EnvironmentIdentityName(), ShrToken: args[0], RequestsChan: requests, IdleTime: time.Minute, @@ -166,7 +189,7 @@ func (cmd *accessPrivateCommand) run(_ *cobra.Command, args []string) { case "socks": fe, err := tcpTunnel.NewFrontend(&tcpTunnel.FrontendConfig{ BindAddress: cmd.bindAddress, - IdentityName: env.EnvironmentIdentityName(), + IdentityName: root.EnvironmentIdentityName(), ShrToken: args[0], RequestsChan: requests, }) @@ -190,7 +213,7 @@ func (cmd *accessPrivateCommand) run(_ *cobra.Command, args []string) { Scheme: "VPN", } fe, err := vpn.NewFrontend(&vpn.FrontendConfig{ - IdentityName: env.EnvironmentIdentityName(), + IdentityName: root.EnvironmentIdentityName(), ShrToken: args[0], RequestsChan: requests, }) @@ -210,7 +233,7 @@ func (cmd *accessPrivateCommand) run(_ *cobra.Command, args []string) { }() default: - cfg := proxy.DefaultFrontendConfig(env.EnvironmentIdentityName()) + cfg := proxy.DefaultFrontendConfig(root.EnvironmentIdentityName()) cfg.ShrToken = shrToken cfg.Address = cmd.bindAddress cfg.ResponseHeaders = cmd.responseHeaders @@ -232,10 +255,10 @@ func (cmd *accessPrivateCommand) run(_ *cobra.Command, args []string) { } c := make(chan os.Signal) - signal.Notify(c, os.Interrupt, syscall.SIGTERM) + signal.Notify(c, os.Interrupt, os.Kill, syscall.SIGHUP, syscall.SIGTERM, syscall.SIGKILL, syscall.SIGQUIT) go func() { <-c - cmd.destroy(accessResp.Payload.FrontendToken, env.Environment().ZitiIdentity, shrToken, zrok, auth) + cmd.destroy(accessResp.Payload.FrontendToken, root.Environment().ZitiIdentity, shrToken, zrok, auth) os.Exit(0) }() @@ -285,12 +308,12 @@ func (cmd *accessPrivateCommand) run(_ *cobra.Command, args []string) { } close(requests) - cmd.destroy(accessResp.Payload.FrontendToken, env.Environment().ZitiIdentity, shrToken, zrok, auth) + cmd.destroy(accessResp.Payload.FrontendToken, root.Environment().ZitiIdentity, shrToken, zrok, auth) } } func (cmd *accessPrivateCommand) destroy(frontendName, envZId, shrToken string, zrok *rest_client_zrok.Zrok, auth runtime.ClientAuthInfoWriter) { - logrus.Debugf("shutting down '%v'", shrToken) + logrus.Infof("shutting down '%v'", shrToken) req := share.NewUnaccessParams() req.Body = &rest_model_zrok.UnaccessRequest{ FrontendToken: frontendName, @@ -303,3 +326,22 @@ func (cmd *accessPrivateCommand) destroy(frontendName, envZId, shrToken string, logrus.Errorf("error shutting down: %v", err) } } + +func (cmd *accessPrivateCommand) accessAgent(args []string, root env_core.Root) { + client, conn, err := agentClient.NewClient(root) + if err != nil { + tui.Error("error connecting to agent", err) + } + defer func() { _ = conn.Close() }() + + acc, err := client.AccessPrivate(context.Background(), &agentGrpc.AccessPrivateRequest{ + Token: args[0], + BindAddress: cmd.bindAddress, + ResponseHeaders: cmd.responseHeaders, + }) + if err != nil { + tui.Error("error creating access", err) + } + + fmt.Println(acc) +} diff --git a/cmd/zrok/agentAccessPrivate.go b/cmd/zrok/agentAccessPrivate.go deleted file mode 100644 index 72b575a9..00000000 --- a/cmd/zrok/agentAccessPrivate.go +++ /dev/null @@ -1,65 +0,0 @@ -package main - -import ( - "context" - "fmt" - "github.com/openziti/zrok/agent/agentClient" - "github.com/openziti/zrok/agent/agentGrpc" - "github.com/openziti/zrok/environment" - "github.com/openziti/zrok/tui" - "github.com/spf13/cobra" -) - -func init() { - agentAccessCmd.AddCommand(newAgentAccessPrivateCommand().cmd) -} - -type agentAccessPrivateCommand struct { - bindAddress string - responseHeaders []string - cmd *cobra.Command -} - -func newAgentAccessPrivateCommand() *agentAccessPrivateCommand { - cmd := &cobra.Command{ - Use: "private ", - Short: "Bind a private access in the zrok Agent", - Args: cobra.ExactArgs(1), - } - command := &agentAccessPrivateCommand{cmd: cmd} - cmd.Flags().StringVarP(&command.bindAddress, "bind", "b", "127.0.0.1:9191", "The address to bind the private frontend") - cmd.Flags().StringArrayVar(&command.responseHeaders, "response-header", []string{}, "Add a response header ('key:value')") - cmd.Run = command.run - return command -} - -func (cmd *agentAccessPrivateCommand) run(_ *cobra.Command, args []string) { - root, err := environment.LoadRoot() - if err != nil { - if !panicInstead { - tui.Error("unable to load environment", err) - } - panic(err) - } - - if !root.IsEnabled() { - tui.Error("unable to load environment; did you 'zrok enable'?", nil) - } - - client, conn, err := agentClient.NewClient(root) - if err != nil { - tui.Error("error connecting to agent", err) - } - defer conn.Close() - - acc, err := client.AccessPrivate(context.Background(), &agentGrpc.AccessPrivateRequest{ - Token: args[0], - BindAddress: cmd.bindAddress, - ResponseHeaders: cmd.responseHeaders, - }) - if err != nil { - tui.Error("error creating access", err) - } - - fmt.Println(acc) -} From 9cf5787c47165b1426f2645c397c8f531d019e23 Mon Sep 17 00:00:00 2001 From: Michael Quigley Date: Tue, 24 Sep 2024 14:06:37 -0400 Subject: [PATCH 04/12] adjust 'proctree' to use SIGINT instead of SIGKILL (#748) --- agent/proctree/impl_posix.go | 3 ++- agent/proctree/impl_windows.go | 19 +++++++++++++++++-- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/agent/proctree/impl_posix.go b/agent/proctree/impl_posix.go index aa8596c5..a82c37f9 100644 --- a/agent/proctree/impl_posix.go +++ b/agent/proctree/impl_posix.go @@ -5,6 +5,7 @@ package proctree import ( "os/exec" "sync" + "syscall" ) func Init(_ string) error { @@ -52,7 +53,7 @@ func WaitChild(c *Child) error { } func StopChild(c *Child) error { - if err := c.cmd.Process.Kill(); err != nil { + if err := syscall.Kill(c.cmd.Process.Pid, syscall.SIGINT); err != nil { return err } return nil diff --git a/agent/proctree/impl_windows.go b/agent/proctree/impl_windows.go index 6a446fe8..d6fc0398 100755 --- a/agent/proctree/impl_windows.go +++ b/agent/proctree/impl_windows.go @@ -3,7 +3,6 @@ package proctree import ( - "github.com/kolesnikovae/go-winjob" "golang.org/x/sys/windows" "os/exec" "sync" @@ -72,7 +71,23 @@ func WaitChild(c *Child) error { } func StopChild(c *Child) error { - if err := c.cmd.Process.Kill(); err != nil { + if err := sendSigInt(c); err != nil { + return err + } + return nil +} + +func sendSigInt(c *Child) error { + dll, err := syscall.LoadDLL("kernel32.dll") + if er != nil { + return err + } + proc, err := dll.FindProc("GenerateConsoleCtrlEvent") + if err != nil { + return err + } + r, _, err := proc.Call(syscall.CTRL_BREAK_EVENT, uintptr(c.cmd.Process.Pid)) + if err != nil { return err } return nil From 123a4ef57bf8962027686043e6fff9741dfa7cf3 Mon Sep 17 00:00:00 2001 From: Michael Quigley Date: Tue, 24 Sep 2024 14:33:50 -0400 Subject: [PATCH 05/12] back out the SIGINT attempt (#748) --- agent/proctree/impl_posix.go | 3 +-- agent/proctree/impl_windows.go | 18 +----------------- 2 files changed, 2 insertions(+), 19 deletions(-) diff --git a/agent/proctree/impl_posix.go b/agent/proctree/impl_posix.go index a82c37f9..aa8596c5 100644 --- a/agent/proctree/impl_posix.go +++ b/agent/proctree/impl_posix.go @@ -5,7 +5,6 @@ package proctree import ( "os/exec" "sync" - "syscall" ) func Init(_ string) error { @@ -53,7 +52,7 @@ func WaitChild(c *Child) error { } func StopChild(c *Child) error { - if err := syscall.Kill(c.cmd.Process.Pid, syscall.SIGINT); err != nil { + if err := c.cmd.Process.Kill(); err != nil { return err } return nil diff --git a/agent/proctree/impl_windows.go b/agent/proctree/impl_windows.go index d6fc0398..2c548a44 100755 --- a/agent/proctree/impl_windows.go +++ b/agent/proctree/impl_windows.go @@ -71,23 +71,7 @@ func WaitChild(c *Child) error { } func StopChild(c *Child) error { - if err := sendSigInt(c); err != nil { - return err - } - return nil -} - -func sendSigInt(c *Child) error { - dll, err := syscall.LoadDLL("kernel32.dll") - if er != nil { - return err - } - proc, err := dll.FindProc("GenerateConsoleCtrlEvent") - if err != nil { - return err - } - r, _, err := proc.Call(syscall.CTRL_BREAK_EVENT, uintptr(c.cmd.Process.Pid)) - if err != nil { + if err := c.cmd.Process.Kill(); err != nil { return err } return nil From e0ca6e472463107df2b90a869bd256d4c825269f Mon Sep 17 00:00:00 2001 From: Michael Quigley Date: Tue, 24 Sep 2024 14:52:20 -0400 Subject: [PATCH 06/12] agent cleanup after process.Kill() (#748) --- agent/agent.go | 23 +++++++++++++++++++++++ agent/releaseAccess.go | 14 ++------------ agent/releaseShare.go | 14 ++------------ 3 files changed, 27 insertions(+), 24 deletions(-) diff --git a/agent/agent.go b/agent/agent.go index 7eb87f75..9ecf750f 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -4,6 +4,7 @@ import ( "github.com/openziti/zrok/agent/agentGrpc" "github.com/openziti/zrok/agent/proctree" "github.com/openziti/zrok/environment/env_core" + "github.com/openziti/zrok/sdk/golang/sdk" "github.com/pkg/errors" "github.com/sirupsen/logrus" "google.golang.org/grpc" @@ -99,6 +100,11 @@ func (a *Agent) manager() { if err := proctree.WaitChild(outShare.process); err != nil { logrus.Errorf("error joining share '%v': %v", outShare.token, err) } + if !outShare.reserved { + if err := a.deleteShare(outShare.token); err != nil { + logrus.Errorf("error deleting share '%v': %v", outShare.token, err) + } + } delete(a.shares, outShare.token) } else { logrus.Debug("skipping unidentified (orphaned) share removal") @@ -117,6 +123,9 @@ func (a *Agent) manager() { if err := proctree.WaitChild(outAccess.process); err != nil { logrus.Errorf("error joining access '%v': %v", outAccess.frontendToken, err) } + if err := a.deleteAccess(outAccess.token, outAccess.frontendToken); err != nil { + logrus.Errorf("error deleting access '%v': %v", outAccess.frontendToken, err) + } delete(a.accesses, outAccess.frontendToken) } else { logrus.Debug("skipping unidentified (orphaned) access removal") @@ -125,6 +134,20 @@ func (a *Agent) manager() { } } +func (a *Agent) deleteShare(token string) error { + if err := sdk.DeleteShare(a.root, &sdk.Share{Token: token}); err != nil { + return err + } + return nil +} + +func (a *Agent) deleteAccess(token, frontendToken string) error { + if err := sdk.DeleteAccess(a.root, &sdk.Access{Token: frontendToken, ShareToken: token}); err != nil { + return err + } + return nil +} + type agentGrpcImpl struct { agentGrpc.UnimplementedAgentServer a *Agent diff --git a/agent/releaseAccess.go b/agent/releaseAccess.go index 5318b282..ba9d3445 100644 --- a/agent/releaseAccess.go +++ b/agent/releaseAccess.go @@ -3,25 +3,15 @@ package agent import ( "context" "github.com/openziti/zrok/agent/agentGrpc" - "github.com/openziti/zrok/agent/proctree" "github.com/pkg/errors" "github.com/sirupsen/logrus" ) func (i *agentGrpcImpl) ReleaseAccess(_ context.Context, req *agentGrpc.ReleaseAccessRequest) (*agentGrpc.ReleaseAccessResponse, error) { if acc, found := i.a.accesses[req.FrontendToken]; found { - logrus.Infof("stopping access '%v'", acc.frontendToken) - - if err := proctree.StopChild(acc.process); err != nil { - logrus.Error(err) - } - - if err := proctree.WaitChild(acc.process); err != nil { - logrus.Error(err) - } - - delete(i.a.accesses, acc.frontendToken) + i.a.outAccesses <- acc logrus.Infof("released access '%v'", acc.frontendToken) + } else { return nil, errors.Errorf("agent has no access with frontend token '%v'", req.FrontendToken) } diff --git a/agent/releaseShare.go b/agent/releaseShare.go index 5db67811..0fd4d56e 100755 --- a/agent/releaseShare.go +++ b/agent/releaseShare.go @@ -3,25 +3,15 @@ package agent import ( "context" "github.com/openziti/zrok/agent/agentGrpc" - "github.com/openziti/zrok/agent/proctree" "github.com/pkg/errors" "github.com/sirupsen/logrus" ) func (i *agentGrpcImpl) ReleaseShare(_ context.Context, req *agentGrpc.ReleaseShareRequest) (*agentGrpc.ReleaseShareResponse, error) { if shr, found := i.a.shares[req.Token]; found { - logrus.Infof("stopping share '%v'", shr.token) - - if err := proctree.StopChild(shr.process); err != nil { - logrus.Error(err) - } - - if err := proctree.WaitChild(shr.process); err != nil { - logrus.Error(err) - } - - delete(i.a.shares, shr.token) + i.a.outShares <- shr logrus.Infof("released share '%v'", shr.token) + } else { return nil, errors.Errorf("agent has no share with token '%v'", req.Token) } From 1d012b849a040052e190f67d12ed38f75d8dc273 Mon Sep 17 00:00:00 2001 From: Michael Quigley Date: Wed, 25 Sep 2024 10:59:10 -0400 Subject: [PATCH 07/12] cleaned up removal path in the agent (#463) --- agent/agent.go | 40 +++++++++++++++++++++------------------- 1 file changed, 21 insertions(+), 19 deletions(-) diff --git a/agent/agent.go b/agent/agent.go index 9ecf750f..a44f0f45 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -92,20 +92,20 @@ func (a *Agent) manager() { a.shares[inShare.token] = inShare case outShare := <-a.outShares: - if outShare.token != "" { - logrus.Infof("removing share '%v'", outShare.token) - if err := proctree.StopChild(outShare.process); err != nil { - logrus.Errorf("error stopping share '%v': %v", outShare.token, err) + if shr, found := a.shares[outShare.token]; found { + logrus.Infof("removing share '%v'", shr.token) + if err := proctree.StopChild(shr.process); err != nil { + logrus.Errorf("error stopping share '%v': %v", shr.token, err) } - if err := proctree.WaitChild(outShare.process); err != nil { - logrus.Errorf("error joining share '%v': %v", outShare.token, err) + if err := proctree.WaitChild(shr.process); err != nil { + logrus.Errorf("error joining share '%v': %v", shr.token, err) } - if !outShare.reserved { - if err := a.deleteShare(outShare.token); err != nil { - logrus.Errorf("error deleting share '%v': %v", outShare.token, err) + if !shr.reserved { + if err := a.deleteShare(shr.token); err != nil { + logrus.Errorf("error deleting share '%v': %v", shr.token, err) } } - delete(a.shares, outShare.token) + delete(a.shares, shr.token) } else { logrus.Debug("skipping unidentified (orphaned) share removal") } @@ -115,18 +115,18 @@ func (a *Agent) manager() { a.accesses[inAccess.frontendToken] = inAccess case outAccess := <-a.outAccesses: - if outAccess.frontendToken != "" { - logrus.Infof("removing access '%v'", outAccess.frontendToken) - if err := proctree.StopChild(outAccess.process); err != nil { - logrus.Errorf("error stopping access '%v': %v", outAccess.frontendToken, err) + if acc, found := a.accesses[outAccess.frontendToken]; found { + logrus.Infof("removing access '%v'", acc.frontendToken) + if err := proctree.StopChild(acc.process); err != nil { + logrus.Errorf("error stopping access '%v': %v", acc.frontendToken, err) } - if err := proctree.WaitChild(outAccess.process); err != nil { - logrus.Errorf("error joining access '%v': %v", outAccess.frontendToken, err) + if err := proctree.WaitChild(acc.process); err != nil { + logrus.Errorf("error joining access '%v': %v", acc.frontendToken, err) } - if err := a.deleteAccess(outAccess.token, outAccess.frontendToken); err != nil { - logrus.Errorf("error deleting access '%v': %v", outAccess.frontendToken, err) + if err := a.deleteAccess(acc.token, acc.frontendToken); err != nil { + logrus.Errorf("error deleting access '%v': %v", acc.frontendToken, err) } - delete(a.accesses, outAccess.frontendToken) + delete(a.accesses, acc.frontendToken) } else { logrus.Debug("skipping unidentified (orphaned) access removal") } @@ -135,6 +135,7 @@ func (a *Agent) manager() { } func (a *Agent) deleteShare(token string) error { + logrus.Debugf("deleting share '%v'", token) if err := sdk.DeleteShare(a.root, &sdk.Share{Token: token}); err != nil { return err } @@ -142,6 +143,7 @@ func (a *Agent) deleteShare(token string) error { } func (a *Agent) deleteAccess(token, frontendToken string) error { + logrus.Debugf("deleting access '%v'", frontendToken) if err := sdk.DeleteAccess(a.root, &sdk.Access{Token: frontendToken, ShareToken: token}); err != nil { return err } From 9492f93a1dd19c1bf7fcd3165d5027995b28fe0f Mon Sep 17 00:00:00 2001 From: Michael Quigley Date: Wed, 25 Sep 2024 11:06:06 -0400 Subject: [PATCH 08/12] code polish and naming lint (#463) --- agent/access.go | 4 ++-- agent/accessPrivate.go | 4 ++-- agent/agent.go | 38 +++++++++++++++++++------------------- agent/releaseAccess.go | 4 ++-- agent/releaseShare.go | 4 ++-- agent/share.go | 4 ++-- agent/sharePrivate.go | 4 ++-- agent/sharePublic.go | 4 ++-- agent/shareReserved.go | 4 ++-- agent/status.go | 4 ++-- 10 files changed, 37 insertions(+), 37 deletions(-) diff --git a/agent/access.go b/agent/access.go index 7a97108c..de7ffcda 100644 --- a/agent/access.go +++ b/agent/access.go @@ -22,14 +22,14 @@ type access struct { bootComplete chan struct{} bootErr error - a *Agent + agent *Agent } func (a *access) monitor() { if err := proctree.WaitChild(a.process); err != nil { pfxlog.ChannelLogger(a.token).Error(err) } - a.a.outAccesses <- a + a.agent.rmAccess <- a } func (a *access) tail(data []byte) { diff --git a/agent/accessPrivate.go b/agent/accessPrivate.go index 2a749a1a..7d7212ff 100644 --- a/agent/accessPrivate.go +++ b/agent/accessPrivate.go @@ -26,7 +26,7 @@ func (i *agentGrpcImpl) AccessPrivate(_ context.Context, req *agentGrpc.AccessPr bindAddress: req.BindAddress, responseHeaders: req.ResponseHeaders, bootComplete: make(chan struct{}), - a: i.a, + agent: i.agent, } logrus.Infof("executing '%v'", accCmd) @@ -40,7 +40,7 @@ func (i *agentGrpcImpl) AccessPrivate(_ context.Context, req *agentGrpc.AccessPr <-acc.bootComplete if acc.bootErr == nil { - i.a.inAccesses <- acc + i.agent.addAccess <- acc return &agentGrpc.AccessPrivateResponse{FrontendToken: acc.frontendToken}, nil } diff --git a/agent/agent.go b/agent/agent.go index a44f0f45..4deb5611 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -16,11 +16,11 @@ type Agent struct { root env_core.Root agentSocket string shares map[string]*share - inShares chan *share - outShares chan *share + addShare chan *share + rmShare chan *share accesses map[string]*access - inAccesses chan *access - outAccesses chan *access + addAccess chan *access + rmAccess chan *access } func NewAgent(root env_core.Root) (*Agent, error) { @@ -28,13 +28,13 @@ func NewAgent(root env_core.Root) (*Agent, error) { return nil, errors.Errorf("unable to load environment; did you 'zrok enable'?") } return &Agent{ - root: root, - shares: make(map[string]*share), - inShares: make(chan *share), - outShares: make(chan *share), - accesses: make(map[string]*access), - inAccesses: make(chan *access), - outAccesses: make(chan *access), + root: root, + shares: make(map[string]*share), + addShare: make(chan *share), + rmShare: make(chan *share), + accesses: make(map[string]*access), + addAccess: make(chan *access), + rmAccess: make(chan *access), }, nil } @@ -57,7 +57,7 @@ func (a *Agent) Run() error { a.agentSocket = agentSocket srv := grpc.NewServer() - agentGrpc.RegisterAgentServer(srv, &agentGrpcImpl{a: a}) + agentGrpc.RegisterAgentServer(srv, &agentGrpcImpl{agent: a}) if err := srv.Serve(l); err != nil { return err } @@ -73,11 +73,11 @@ func (a *Agent) Shutdown() { } for _, shr := range a.shares { logrus.Debugf("stopping share '%v'", shr.token) - a.outShares <- shr + a.rmShare <- shr } for _, acc := range a.accesses { logrus.Debugf("stopping access '%v'", acc.token) - a.outAccesses <- acc + a.rmAccess <- acc } } @@ -87,11 +87,11 @@ func (a *Agent) manager() { for { select { - case inShare := <-a.inShares: + case inShare := <-a.addShare: logrus.Infof("adding new share '%v'", inShare.token) a.shares[inShare.token] = inShare - case outShare := <-a.outShares: + case outShare := <-a.rmShare: if shr, found := a.shares[outShare.token]; found { logrus.Infof("removing share '%v'", shr.token) if err := proctree.StopChild(shr.process); err != nil { @@ -110,11 +110,11 @@ func (a *Agent) manager() { logrus.Debug("skipping unidentified (orphaned) share removal") } - case inAccess := <-a.inAccesses: + case inAccess := <-a.addAccess: logrus.Infof("adding new access '%v'", inAccess.frontendToken) a.accesses[inAccess.frontendToken] = inAccess - case outAccess := <-a.outAccesses: + case outAccess := <-a.rmAccess: if acc, found := a.accesses[outAccess.frontendToken]; found { logrus.Infof("removing access '%v'", acc.frontendToken) if err := proctree.StopChild(acc.process); err != nil { @@ -152,5 +152,5 @@ func (a *Agent) deleteAccess(token, frontendToken string) error { type agentGrpcImpl struct { agentGrpc.UnimplementedAgentServer - a *Agent + agent *Agent } diff --git a/agent/releaseAccess.go b/agent/releaseAccess.go index ba9d3445..86e2f8d2 100644 --- a/agent/releaseAccess.go +++ b/agent/releaseAccess.go @@ -8,8 +8,8 @@ import ( ) func (i *agentGrpcImpl) ReleaseAccess(_ context.Context, req *agentGrpc.ReleaseAccessRequest) (*agentGrpc.ReleaseAccessResponse, error) { - if acc, found := i.a.accesses[req.FrontendToken]; found { - i.a.outAccesses <- acc + if acc, found := i.agent.accesses[req.FrontendToken]; found { + i.agent.rmAccess <- acc logrus.Infof("released access '%v'", acc.frontendToken) } else { diff --git a/agent/releaseShare.go b/agent/releaseShare.go index 0fd4d56e..0759e1c5 100755 --- a/agent/releaseShare.go +++ b/agent/releaseShare.go @@ -8,8 +8,8 @@ import ( ) func (i *agentGrpcImpl) ReleaseShare(_ context.Context, req *agentGrpc.ReleaseShareRequest) (*agentGrpc.ReleaseShareResponse, error) { - if shr, found := i.a.shares[req.Token]; found { - i.a.outShares <- shr + if shr, found := i.agent.shares[req.Token]; found { + i.agent.rmShare <- shr logrus.Infof("released share '%v'", shr.token) } else { diff --git a/agent/share.go b/agent/share.go index c25479c8..2d309748 100644 --- a/agent/share.go +++ b/agent/share.go @@ -34,14 +34,14 @@ type share struct { bootComplete chan struct{} bootErr error - a *Agent + agent *Agent } func (s *share) monitor() { if err := proctree.WaitChild(s.process); err != nil { pfxlog.ChannelLogger(s.token).Error(err) } - s.a.outShares <- s + s.agent.rmShare <- s } func (s *share) tail(data []byte) { diff --git a/agent/sharePrivate.go b/agent/sharePrivate.go index 5cca4d1c..eaa2359f 100644 --- a/agent/sharePrivate.go +++ b/agent/sharePrivate.go @@ -26,7 +26,7 @@ func (i *agentGrpcImpl) SharePrivate(_ context.Context, req *agentGrpc.SharePriv shareMode: sdk.PrivateShareMode, backendMode: sdk.BackendMode(req.BackendMode), bootComplete: make(chan struct{}), - a: i.a, + agent: i.agent, } if req.Insecure { @@ -58,7 +58,7 @@ func (i *agentGrpcImpl) SharePrivate(_ context.Context, req *agentGrpc.SharePriv <-shr.bootComplete if shr.bootErr == nil { - i.a.inShares <- shr + i.agent.addShare <- shr return &agentGrpc.SharePrivateResponse{Token: shr.token}, nil } diff --git a/agent/sharePublic.go b/agent/sharePublic.go index 6e48c114..43963854 100644 --- a/agent/sharePublic.go +++ b/agent/sharePublic.go @@ -26,7 +26,7 @@ func (i *agentGrpcImpl) SharePublic(_ context.Context, req *agentGrpc.SharePubli shareMode: sdk.PublicShareMode, backendMode: sdk.BackendMode(req.BackendMode), bootComplete: make(chan struct{}), - a: i.a, + agent: i.agent, } for _, basicAuth := range req.BasicAuth { @@ -82,7 +82,7 @@ func (i *agentGrpcImpl) SharePublic(_ context.Context, req *agentGrpc.SharePubli <-shr.bootComplete if shr.bootErr == nil { - i.a.inShares <- shr + i.agent.addShare <- shr return &agentGrpc.SharePublicResponse{ Token: shr.token, FrontendEndpoints: shr.frontendEndpoints, diff --git a/agent/shareReserved.go b/agent/shareReserved.go index def2d04d..33719b50 100644 --- a/agent/shareReserved.go +++ b/agent/shareReserved.go @@ -23,7 +23,7 @@ func (i *agentGrpcImpl) ShareReserved(_ context.Context, req *agentGrpc.ShareRes shr := &share{ reserved: true, bootComplete: make(chan struct{}), - a: i.a, + agent: i.agent, } if req.OverrideEndpoint != "" { @@ -47,7 +47,7 @@ func (i *agentGrpcImpl) ShareReserved(_ context.Context, req *agentGrpc.ShareRes <-shr.bootComplete if shr.bootErr == nil { - i.a.inShares <- shr + i.agent.addShare <- shr return &agentGrpc.ShareReservedResponse{ Token: shr.token, BackendMode: string(shr.backendMode), diff --git a/agent/status.go b/agent/status.go index f738a361..18fc1ded 100644 --- a/agent/status.go +++ b/agent/status.go @@ -7,7 +7,7 @@ import ( func (i *agentGrpcImpl) Status(_ context.Context, _ *agentGrpc.StatusRequest) (*agentGrpc.StatusResponse, error) { var accesses []*agentGrpc.AccessDetail - for feToken, acc := range i.a.accesses { + for feToken, acc := range i.agent.accesses { accesses = append(accesses, &agentGrpc.AccessDetail{ FrontendToken: feToken, Token: acc.token, @@ -17,7 +17,7 @@ func (i *agentGrpcImpl) Status(_ context.Context, _ *agentGrpc.StatusRequest) (* } var shares []*agentGrpc.ShareDetail - for token, shr := range i.a.shares { + for token, shr := range i.agent.shares { shares = append(shares, &agentGrpc.ShareDetail{ Token: token, ShareMode: string(shr.shareMode), From 3fbcaa5f24dbf6b19b5eb51bc3fffa0a203edd7a Mon Sep 17 00:00:00 2001 From: Michael Quigley Date: Wed, 25 Sep 2024 11:16:56 -0400 Subject: [PATCH 09/12] rename '--agent' flag to '--subordinate' (#748) --- agent/accessPrivate.go | 2 +- agent/sharePrivate.go | 2 +- agent/sharePublic.go | 2 +- agent/shareReserved.go | 2 +- cmd/zrok/accessPrivate.go | 12 ++++++------ cmd/zrok/sharePrivate.go | 14 +++++++------- cmd/zrok/sharePublic.go | 14 +++++++------- cmd/zrok/shareReserved.go | 20 ++++++++++---------- 8 files changed, 34 insertions(+), 34 deletions(-) diff --git a/agent/accessPrivate.go b/agent/accessPrivate.go index 7d7212ff..40b82ffc 100644 --- a/agent/accessPrivate.go +++ b/agent/accessPrivate.go @@ -20,7 +20,7 @@ func (i *agentGrpcImpl) AccessPrivate(_ context.Context, req *agentGrpc.AccessPr return nil, errors.New("unable to load environment; did you 'zrok enable'?") } - accCmd := []string{os.Args[0], "access", "private", "--agent", "-b", req.BindAddress, req.Token} + accCmd := []string{os.Args[0], "access", "private", "--subordinate", "-b", req.BindAddress, req.Token} acc := &access{ token: req.Token, bindAddress: req.BindAddress, diff --git a/agent/sharePrivate.go b/agent/sharePrivate.go index eaa2359f..f67f7640 100644 --- a/agent/sharePrivate.go +++ b/agent/sharePrivate.go @@ -21,7 +21,7 @@ func (i *agentGrpcImpl) SharePrivate(_ context.Context, req *agentGrpc.SharePriv return nil, errors.New("unable to load environment; did you 'zrok enable'?") } - shrCmd := []string{os.Args[0], "share", "private", "--agent", "-b", req.BackendMode} + shrCmd := []string{os.Args[0], "share", "private", "--subordinate", "-b", req.BackendMode} shr := &share{ shareMode: sdk.PrivateShareMode, backendMode: sdk.BackendMode(req.BackendMode), diff --git a/agent/sharePublic.go b/agent/sharePublic.go index 43963854..5bb81f5f 100644 --- a/agent/sharePublic.go +++ b/agent/sharePublic.go @@ -21,7 +21,7 @@ func (i *agentGrpcImpl) SharePublic(_ context.Context, req *agentGrpc.SharePubli return nil, errors.New("unable to load environment; did you 'zrok enable'?") } - shrCmd := []string{os.Args[0], "share", "public", "--agent", "-b", req.BackendMode} + shrCmd := []string{os.Args[0], "share", "public", "--subordinate", "-b", req.BackendMode} shr := &share{ shareMode: sdk.PublicShareMode, backendMode: sdk.BackendMode(req.BackendMode), diff --git a/agent/shareReserved.go b/agent/shareReserved.go index 33719b50..5f613003 100644 --- a/agent/shareReserved.go +++ b/agent/shareReserved.go @@ -19,7 +19,7 @@ func (i *agentGrpcImpl) ShareReserved(_ context.Context, req *agentGrpc.ShareRes return nil, errors.New("unable to load environment; did you 'zrok enable'?") } - shrCmd := []string{os.Args[0], "share", "reserved", "--agent"} + shrCmd := []string{os.Args[0], "share", "reserved", "--subordinate"} shr := &share{ reserved: true, bootComplete: make(chan struct{}), diff --git a/cmd/zrok/accessPrivate.go b/cmd/zrok/accessPrivate.go index e6f60dd6..6f1351eb 100644 --- a/cmd/zrok/accessPrivate.go +++ b/cmd/zrok/accessPrivate.go @@ -36,7 +36,7 @@ func init() { type accessPrivateCommand struct { bindAddress string headless bool - agent bool + subordinate bool responseHeaders []string cmd *cobra.Command } @@ -49,8 +49,8 @@ func newAccessPrivateCommand() *accessPrivateCommand { } command := &accessPrivateCommand{cmd: cmd} cmd.Flags().BoolVar(&command.headless, "headless", false, "Disable TUI and run headless") - cmd.Flags().BoolVar(&command.agent, "agent", false, "Enable agent mode") - cmd.MarkFlagsMutuallyExclusive("headless", "agent") + cmd.Flags().BoolVar(&command.subordinate, "subordinate", false, "Enable subordinate mode") + cmd.MarkFlagsMutuallyExclusive("headless", "subordinate") cmd.Flags().StringVarP(&command.bindAddress, "bind", "b", "127.0.0.1:9191", "The address to bind the private frontend") cmd.Flags().StringArrayVar(&command.responseHeaders, "response-header", []string{}, "Add a response header ('key:value')") cmd.Run = command.run @@ -70,7 +70,7 @@ func (cmd *accessPrivateCommand) run(_ *cobra.Command, args []string) { tui.Error("unable to load environment; did you 'zrok enable'?", nil) } - if cmd.agent { + if cmd.subordinate { cmd.accessLocal(args, root) } else { agent, err := agentClient.IsAgentRunning(root) @@ -110,7 +110,7 @@ func (cmd *accessPrivateCommand) accessLocal(args []string, root env_core.Root) panic(err) } - if cmd.agent { + if cmd.subordinate { data := make(map[string]interface{}) data["frontend_token"] = accessResp.Payload.FrontendToken data["bind_address"] = cmd.bindAddress @@ -271,7 +271,7 @@ func (cmd *accessPrivateCommand) accessLocal(args []string, root env_core.Root) } } - } else if cmd.agent { + } else if cmd.subordinate { for { select { case req := <-requests: diff --git a/cmd/zrok/sharePrivate.go b/cmd/zrok/sharePrivate.go index 24cb072a..909b1e58 100644 --- a/cmd/zrok/sharePrivate.go +++ b/cmd/zrok/sharePrivate.go @@ -34,7 +34,7 @@ func init() { type sharePrivateCommand struct { backendMode string headless bool - agent bool + subordinate bool insecure bool closed bool accessGrants []string @@ -50,8 +50,8 @@ func newSharePrivateCommand() *sharePrivateCommand { command := &sharePrivateCommand{cmd: cmd} cmd.Flags().StringVarP(&command.backendMode, "backend-mode", "b", "proxy", "The backend mode {proxy, web, tcpTunnel, udpTunnel, caddy, drive, socks, vpn}") cmd.Flags().BoolVar(&command.headless, "headless", false, "Disable TUI and run headless") - cmd.Flags().BoolVar(&command.agent, "agent", false, "Enable agent mode") - cmd.MarkFlagsMutuallyExclusive("headless", "agent") + cmd.Flags().BoolVar(&command.subordinate, "subordinate", false, "Enable agent mode") + cmd.MarkFlagsMutuallyExclusive("headless", "subordinate") cmd.Flags().BoolVar(&command.insecure, "insecure", false, "Enable insecure TLS certificate validation for ") cmd.Flags().BoolVar(&command.closed, "closed", false, "Enable closed permission mode (see --access-grant)") cmd.Flags().StringArrayVar(&command.accessGrants, "access-grant", []string{}, "zrok accounts that are allowed to access this share (see --closed)") @@ -72,7 +72,7 @@ func (cmd *sharePrivateCommand) run(_ *cobra.Command, args []string) { tui.Error("unable to load environment; did you 'zrok enable'?", nil) } - if cmd.agent { + if cmd.subordinate { cmd.shareLocal(args, root) } else { agent, err := agentClient.IsAgentRunning(root) @@ -193,7 +193,7 @@ func (cmd *sharePrivateCommand) shareLocal(args []string, root env_core.Root) { panic(err) } - if cmd.agent { + if cmd.subordinate { data := make(map[string]interface{}) data["token"] = shr.Token data["frontend_endpoints"] = shr.FrontendEndpoints @@ -206,7 +206,7 @@ func (cmd *sharePrivateCommand) shareLocal(args []string, root env_core.Root) { shareDescription := fmt.Sprintf("access your share with: %v", tui.Code.Render(fmt.Sprintf("zrok access private %v", shr.Token))) mdl := newShareModel(shr.Token, []string{shareDescription}, sdk.PrivateShareMode, sdk.BackendMode(cmd.backendMode)) - if !cmd.headless && !cmd.agent { + if !cmd.headless && !cmd.subordinate { proxy.SetCaddyLoggingWriter(mdl) } @@ -410,7 +410,7 @@ func (cmd *sharePrivateCommand) shareLocal(args []string, root env_core.Root) { } } - } else if cmd.agent { + } else if cmd.subordinate { for { select { case req := <-requests: diff --git a/cmd/zrok/sharePublic.go b/cmd/zrok/sharePublic.go index 9ed9eb73..edcbeb2d 100644 --- a/cmd/zrok/sharePublic.go +++ b/cmd/zrok/sharePublic.go @@ -34,7 +34,7 @@ type sharePublicCommand struct { frontendSelection []string backendMode string headless bool - agent bool + subordinate bool insecure bool oauthProvider string oauthEmailAddressPatterns []string @@ -59,8 +59,8 @@ func newSharePublicCommand() *sharePublicCommand { cmd.Flags().StringArrayVar(&command.frontendSelection, "frontend", defaultFrontends, "Selected frontends to use for the share") cmd.Flags().StringVarP(&command.backendMode, "backend-mode", "b", "proxy", "The backend mode {proxy, web, caddy, drive}") cmd.Flags().BoolVar(&command.headless, "headless", false, "Disable TUI and run headless") - cmd.Flags().BoolVar(&command.agent, "agent", false, "Enable agent mode") - cmd.MarkFlagsMutuallyExclusive("headless", "agent") + cmd.Flags().BoolVar(&command.subordinate, "subordinate", false, "Enable agent mode") + cmd.MarkFlagsMutuallyExclusive("headless", "subordinate") cmd.Flags().BoolVar(&command.insecure, "insecure", false, "Enable insecure TLS certificate validation for ") cmd.Flags().BoolVar(&command.closed, "closed", false, "Enable closed permission mode (see --access-grant)") cmd.Flags().StringArrayVar(&command.accessGrants, "access-grant", []string{}, "zrok accounts that are allowed to access this share (see --closed)") @@ -87,7 +87,7 @@ func (cmd *sharePublicCommand) run(_ *cobra.Command, args []string) { tui.Error("unable to load environment; did you 'zrok enable'?", nil) } - if cmd.agent { + if cmd.subordinate { cmd.shareLocal(args, root) } else { agent, err := agentClient.IsAgentRunning(root) @@ -172,7 +172,7 @@ func (cmd *sharePublicCommand) shareLocal(args []string, root env_core.Root) { panic(err) } - if cmd.agent { + if cmd.subordinate { data := make(map[string]interface{}) data["token"] = shr.Token data["frontend_endpoints"] = shr.FrontendEndpoints @@ -184,7 +184,7 @@ func (cmd *sharePublicCommand) shareLocal(args []string, root env_core.Root) { } mdl := newShareModel(shr.Token, shr.FrontendEndpoints, sdk.PublicShareMode, sdk.BackendMode(cmd.backendMode)) - if !cmd.headless && !cmd.agent { + if !cmd.headless && !cmd.subordinate { proxy.SetCaddyLoggingWriter(mdl) } @@ -301,7 +301,7 @@ func (cmd *sharePublicCommand) shareLocal(args []string, root env_core.Root) { } } - } else if cmd.agent { + } else if cmd.subordinate { for { select { case req := <-requests: diff --git a/cmd/zrok/shareReserved.go b/cmd/zrok/shareReserved.go index 41daa7a4..4576c4c2 100644 --- a/cmd/zrok/shareReserved.go +++ b/cmd/zrok/shareReserved.go @@ -33,7 +33,7 @@ func init() { type shareReservedCommand struct { overrideEndpoint string headless bool - agent bool + subordinate bool insecure bool cmd *cobra.Command } @@ -47,8 +47,8 @@ func newShareReservedCommand() *shareReservedCommand { command := &shareReservedCommand{cmd: cmd} cmd.Flags().StringVar(&command.overrideEndpoint, "override-endpoint", "", "Override the stored target endpoint with a replacement") cmd.Flags().BoolVar(&command.headless, "headless", false, "Disable TUI and run headless") - cmd.Flags().BoolVar(&command.agent, "agent", false, "Enable agent mode") - cmd.MarkFlagsMutuallyExclusive("headless", "agent") + cmd.Flags().BoolVar(&command.subordinate, "subordinate", false, "Enable agent mode") + cmd.MarkFlagsMutuallyExclusive("headless", "subordinate") cmd.Flags().BoolVar(&command.insecure, "insecure", false, "Enable insecure TLS certificate validation") cmd.Run = command.run return command @@ -67,7 +67,7 @@ func (cmd *shareReservedCommand) run(_ *cobra.Command, args []string) { tui.Error("unable to load environment; did you 'zrok enable'?", nil) } - if cmd.agent { + if cmd.subordinate { cmd.shareLocal(args, root) } else { agent, err := agentClient.IsAgentRunning(root) @@ -120,7 +120,7 @@ func (cmd *shareReservedCommand) shareLocal(args []string, root env_core.Root) { } if resp.Payload.BackendMode != "socks" { - if !cmd.agent { + if !cmd.subordinate { logrus.Infof("sharing target: '%v'", target) } @@ -136,11 +136,11 @@ func (cmd *shareReservedCommand) shareLocal(args []string, root env_core.Root) { } panic(err) } - if !cmd.agent { + if !cmd.subordinate { logrus.Infof("updated backend target to: %v", target) } } else { - if !cmd.agent { + if !cmd.subordinate { logrus.Infof("using existing backend target: %v", target) } } @@ -154,7 +154,7 @@ func (cmd *shareReservedCommand) shareLocal(args []string, root env_core.Root) { shareDescription = fmt.Sprintf("access your share with: %v", tui.Code.Render(fmt.Sprintf("zrok access private %v", shrToken))) } - if cmd.agent { + if cmd.subordinate { data := make(map[string]interface{}) data["token"] = resp.Payload.Token data["backend_mode"] = resp.Payload.BackendMode @@ -173,7 +173,7 @@ func (cmd *shareReservedCommand) shareLocal(args []string, root env_core.Root) { } mdl := newShareModel(shrToken, []string{shareDescription}, sdk.ShareMode(resp.Payload.ShareMode), sdk.BackendMode(resp.Payload.BackendMode)) - if !cmd.headless && !cmd.agent { + if !cmd.headless && !cmd.subordinate { proxy.SetCaddyLoggingWriter(mdl) } @@ -373,7 +373,7 @@ func (cmd *shareReservedCommand) shareLocal(args []string, root env_core.Root) { } } - } else if cmd.agent { + } else if cmd.subordinate { for { select { case req := <-requests: From f1200eef59fb39dab632aa1c42d9fcc1e57afce9 Mon Sep 17 00:00:00 2001 From: Michael Quigley Date: Wed, 25 Sep 2024 11:20:03 -0400 Subject: [PATCH 10/12] logging lint (#463) --- agent/version.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/agent/version.go b/agent/version.go index cdb45974..add0841c 100644 --- a/agent/version.go +++ b/agent/version.go @@ -9,6 +9,6 @@ import ( func (i *agentGrpcImpl) Version(_ context.Context, _ *agentGrpc.VersionRequest) (*agentGrpc.VersionResponse, error) { v := build.String() - logrus.Infof("responding to version inquiry with '%v'", v) + logrus.Debugf("responding to version inquiry with '%v'", v) return &agentGrpc.VersionResponse{V: v}, nil } From b49d70b7383b4ccd9399b85ddae21ce0f46784d2 Mon Sep 17 00:00:00 2001 From: Michael Quigley Date: Wed, 25 Sep 2024 11:32:25 -0400 Subject: [PATCH 11/12] add '--force-local' and '--force-agent' to 'zrok share [public|private|reserved]' and 'zrok access private' (#751) --- cmd/zrok/accessPrivate.go | 16 ++++++++++++---- cmd/zrok/sharePrivate.go | 16 ++++++++++++---- cmd/zrok/sharePublic.go | 16 ++++++++++++---- cmd/zrok/shareReserved.go | 16 ++++++++++++---- 4 files changed, 48 insertions(+), 16 deletions(-) diff --git a/cmd/zrok/accessPrivate.go b/cmd/zrok/accessPrivate.go index 6f1351eb..5a746bac 100644 --- a/cmd/zrok/accessPrivate.go +++ b/cmd/zrok/accessPrivate.go @@ -37,6 +37,8 @@ type accessPrivateCommand struct { bindAddress string headless bool subordinate bool + forceLocal bool + forceAgent bool responseHeaders []string cmd *cobra.Command } @@ -51,6 +53,9 @@ func newAccessPrivateCommand() *accessPrivateCommand { cmd.Flags().BoolVar(&command.headless, "headless", false, "Disable TUI and run headless") cmd.Flags().BoolVar(&command.subordinate, "subordinate", false, "Enable subordinate mode") cmd.MarkFlagsMutuallyExclusive("headless", "subordinate") + cmd.Flags().BoolVar(&command.forceLocal, "force-local", false, "Skip agent detection and force local mode") + cmd.Flags().BoolVar(&command.forceAgent, "force-agent", false, "Skip agent detection and force agent mode") + cmd.MarkFlagsMutuallyExclusive("force-local", "force-agent") cmd.Flags().StringVarP(&command.bindAddress, "bind", "b", "127.0.0.1:9191", "The address to bind the private frontend") cmd.Flags().StringArrayVar(&command.responseHeaders, "response-header", []string{}, "Add a response header ('key:value')") cmd.Run = command.run @@ -70,12 +75,15 @@ func (cmd *accessPrivateCommand) run(_ *cobra.Command, args []string) { tui.Error("unable to load environment; did you 'zrok enable'?", nil) } - if cmd.subordinate { + if cmd.subordinate || cmd.forceLocal { cmd.accessLocal(args, root) } else { - agent, err := agentClient.IsAgentRunning(root) - if err != nil { - tui.Error("error checking if agent is running", err) + agent := cmd.forceAgent + if !cmd.forceAgent { + agent, err = agentClient.IsAgentRunning(root) + if err != nil { + tui.Error("error checking if agent is running", err) + } } if agent { cmd.accessAgent(args, root) diff --git a/cmd/zrok/sharePrivate.go b/cmd/zrok/sharePrivate.go index 909b1e58..582c388b 100644 --- a/cmd/zrok/sharePrivate.go +++ b/cmd/zrok/sharePrivate.go @@ -35,6 +35,8 @@ type sharePrivateCommand struct { backendMode string headless bool subordinate bool + forceLocal bool + forceAgent bool insecure bool closed bool accessGrants []string @@ -52,6 +54,9 @@ func newSharePrivateCommand() *sharePrivateCommand { cmd.Flags().BoolVar(&command.headless, "headless", false, "Disable TUI and run headless") cmd.Flags().BoolVar(&command.subordinate, "subordinate", false, "Enable agent mode") cmd.MarkFlagsMutuallyExclusive("headless", "subordinate") + cmd.Flags().BoolVar(&command.forceLocal, "force-local", false, "Skip agent detection and force local mode") + cmd.Flags().BoolVar(&command.forceAgent, "force-agent", false, "Skip agent detection and force agent mode") + cmd.MarkFlagsMutuallyExclusive("force-local", "force-agent") cmd.Flags().BoolVar(&command.insecure, "insecure", false, "Enable insecure TLS certificate validation for ") cmd.Flags().BoolVar(&command.closed, "closed", false, "Enable closed permission mode (see --access-grant)") cmd.Flags().StringArrayVar(&command.accessGrants, "access-grant", []string{}, "zrok accounts that are allowed to access this share (see --closed)") @@ -72,12 +77,15 @@ func (cmd *sharePrivateCommand) run(_ *cobra.Command, args []string) { tui.Error("unable to load environment; did you 'zrok enable'?", nil) } - if cmd.subordinate { + if cmd.subordinate || cmd.forceLocal { cmd.shareLocal(args, root) } else { - agent, err := agentClient.IsAgentRunning(root) - if err != nil { - tui.Error("error checking if agent is running", err) + agent := cmd.forceAgent + if !cmd.forceAgent { + agent, err = agentClient.IsAgentRunning(root) + if err != nil { + tui.Error("error checking if agent is running", err) + } } if agent { cmd.shareAgent(args, root) diff --git a/cmd/zrok/sharePublic.go b/cmd/zrok/sharePublic.go index edcbeb2d..799949b5 100644 --- a/cmd/zrok/sharePublic.go +++ b/cmd/zrok/sharePublic.go @@ -35,6 +35,8 @@ type sharePublicCommand struct { backendMode string headless bool subordinate bool + forceLocal bool + forceAgent bool insecure bool oauthProvider string oauthEmailAddressPatterns []string @@ -61,6 +63,9 @@ func newSharePublicCommand() *sharePublicCommand { cmd.Flags().BoolVar(&command.headless, "headless", false, "Disable TUI and run headless") cmd.Flags().BoolVar(&command.subordinate, "subordinate", false, "Enable agent mode") cmd.MarkFlagsMutuallyExclusive("headless", "subordinate") + cmd.Flags().BoolVar(&command.forceLocal, "force-local", false, "Skip agent detection and force local mode") + cmd.Flags().BoolVar(&command.forceAgent, "force-agent", false, "Skip agent detection and force agent mode") + cmd.MarkFlagsMutuallyExclusive("force-local", "force-agent") cmd.Flags().BoolVar(&command.insecure, "insecure", false, "Enable insecure TLS certificate validation for ") cmd.Flags().BoolVar(&command.closed, "closed", false, "Enable closed permission mode (see --access-grant)") cmd.Flags().StringArrayVar(&command.accessGrants, "access-grant", []string{}, "zrok accounts that are allowed to access this share (see --closed)") @@ -87,12 +92,15 @@ func (cmd *sharePublicCommand) run(_ *cobra.Command, args []string) { tui.Error("unable to load environment; did you 'zrok enable'?", nil) } - if cmd.subordinate { + if cmd.subordinate || cmd.forceLocal { cmd.shareLocal(args, root) } else { - agent, err := agentClient.IsAgentRunning(root) - if err != nil { - tui.Error("error checking if agent is running", err) + agent := cmd.forceAgent + if !cmd.forceAgent { + agent, err = agentClient.IsAgentRunning(root) + if err != nil { + tui.Error("error checking if agent is running", err) + } } if agent { cmd.shareAgent(args, root) diff --git a/cmd/zrok/shareReserved.go b/cmd/zrok/shareReserved.go index 4576c4c2..7e50c6f8 100644 --- a/cmd/zrok/shareReserved.go +++ b/cmd/zrok/shareReserved.go @@ -34,6 +34,8 @@ type shareReservedCommand struct { overrideEndpoint string headless bool subordinate bool + forceLocal bool + forceAgent bool insecure bool cmd *cobra.Command } @@ -49,6 +51,9 @@ func newShareReservedCommand() *shareReservedCommand { cmd.Flags().BoolVar(&command.headless, "headless", false, "Disable TUI and run headless") cmd.Flags().BoolVar(&command.subordinate, "subordinate", false, "Enable agent mode") cmd.MarkFlagsMutuallyExclusive("headless", "subordinate") + cmd.Flags().BoolVar(&command.forceLocal, "force-local", false, "Skip agent detection and force local mode") + cmd.Flags().BoolVar(&command.forceAgent, "force-agent", false, "Skip agent detection and force agent mode") + cmd.MarkFlagsMutuallyExclusive("force-local", "force-agent") cmd.Flags().BoolVar(&command.insecure, "insecure", false, "Enable insecure TLS certificate validation") cmd.Run = command.run return command @@ -67,12 +72,15 @@ func (cmd *shareReservedCommand) run(_ *cobra.Command, args []string) { tui.Error("unable to load environment; did you 'zrok enable'?", nil) } - if cmd.subordinate { + if cmd.subordinate || cmd.forceLocal { cmd.shareLocal(args, root) } else { - agent, err := agentClient.IsAgentRunning(root) - if err != nil { - tui.Error("error checking if agent is running", err) + agent := cmd.forceAgent + if !cmd.forceAgent { + agent, err = agentClient.IsAgentRunning(root) + if err != nil { + tui.Error("error checking if agent is running", err) + } } if agent { cmd.shareAgent(args, root) From 8252ac6414a71662318d7525a04ff591e70e3899 Mon Sep 17 00:00:00 2001 From: Michael Quigley Date: Wed, 25 Sep 2024 11:38:28 -0400 Subject: [PATCH 12/12] changelog --- CHANGELOG.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b8ac1fa2..96b2e0aa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,9 @@ MAJOR RELEASE: zrok reaches version 1.0.0! -FEATURE: New "zrok Agent", a background manager process for your zrok environments, which allows you to easily manage and work with multiple `zrok share` and `zrok access` processes (https://github.com/openziti/zrok/issues/463) +FEATURE: New "zrok Agent", a background manager process for your zrok environments, which allows you to easily manage and work with multiple `zrok share` and `zrok access` processes. New `--subordinate` flag added to `zrok share [public|private|reserved]` and `zrok access private` to operate in a mode that allows an Agent to manage shares and accesses (https://github.com/openziti/zrok/issues/463) + +FEATURE: `zrok share [public|private|reserved]` and `zrok access private` now auto-detect if the zrok Agent is running in an environment and will automatically service share and access requests through the Agent, rather than in-process if the Agent is running. If the Agent is not running, operation remains as it was in `v0.4.x` and the share or access is handled in-process. New `--force-agent` and `--force-local` flags exist to skip Agent detection and manually select an operating mode (https://github.com/openziti/zrok/issues/751) ## v0.4.41