mirror of
https://github.com/openziti/zrok.git
synced 2024-11-28 11:04:04 +01:00
Merge branch 'main' into drives_p1
This commit is contained in:
commit
5e4fbab2a4
4
.github/workflows/homebrew.yml
vendored
4
.github/workflows/homebrew.yml
vendored
@ -12,10 +12,10 @@ jobs:
|
||||
id: extract-version
|
||||
run: |
|
||||
printf "::set-output name=%s::%s\n" tag-name "${GITHUB_REF#refs/tags/}"
|
||||
- uses: mislav/bump-homebrew-formula-action@v2
|
||||
- uses: mislav/bump-homebrew-formula-action@v3.1
|
||||
if: "!contains(github.ref, '-')"
|
||||
with:
|
||||
formula-name: zrok
|
||||
download-url: https://github.com/openziti/zrok/archive/${{ steps.extract-version.outputs.tag-name }}.tar.gz
|
||||
download-url: https://github.com/openziti/zrok/archive/refs/tags/${{ steps.extract-version.outputs.tag-name }}.tar.gz
|
||||
env:
|
||||
COMMITTER_TOKEN: ${{ secrets.BREW_COMMITTER_TOKEN }}
|
||||
|
16
CHANGELOG.md
16
CHANGELOG.md
@ -1,7 +1,21 @@
|
||||
# v0.4.11
|
||||
# v0.4.14
|
||||
|
||||
FEATURE: `zrok` Drives "Phase 1" (`p1`) functionality included in this release. This includes new `--backend-mode drive`, which accepts a folder path as a target. A `drive` share can be mounted as a network drive on Windows, macOS, and Linux, allowing full read/write access from all applications on those systems (https://github.com/openziti/zrok/issues/218) Subsequent releases will address CLI use cases and provide further refinements to the overall approach.
|
||||
|
||||
# v0.4.13
|
||||
|
||||
FIX: Update to Homebrew automation to properly integrate with the latest version of the Homebrew release process.
|
||||
|
||||
# v0.4.12
|
||||
|
||||
FIX: The `zrok reserve` command was not properly recording the reserved share status of the shares that it created, preventing the `zrok release` command from properly releasing them (https://github.com/openziti/zrok/issues/427) If a user encounters reserved shares that cannot be released with the `zrok release` command, they can be deleted through the web console.
|
||||
|
||||
# v0.4.11
|
||||
|
||||
FEATURE: The `zrok reserve` command now incorporates the `--json-output|-j` flag, which outputs the reservation details as JSON, rather than as human-consumable log messages. Other commands will produce similar output in the future (https://github.com/openziti/zrok/issues/422)
|
||||
|
||||
FIX: Include `--oauth-provider` and associated flags for the `zrok reserve` command, allowing reserved shares to specify OAuth authentication (https://github.com/openziti/zrok/issues/421)
|
||||
|
||||
# v0.4.10
|
||||
|
||||
CHANGE: The public frontend configuration has been bumped from `v: 2` to `v: 3`. The `redirect_host`, `redirect_port` and `redirect_http_only` parameters have been removed. These three configuration options have been replaced with `bind_address`, `redirect_url` and `cookie_domain`. See the OAuth configuration guide at `docs/guides/self-hosting/oauth/configuring-oauth.md` for more details (https://github.com/openziti/zrok/issues/411)
|
||||
|
@ -1,12 +1,14 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"github.com/openziti/zrok/environment"
|
||||
"github.com/openziti/zrok/sdk"
|
||||
"github.com/openziti/zrok/tui"
|
||||
"github.com/sirupsen/logrus"
|
||||
"github.com/spf13/cobra"
|
||||
"time"
|
||||
)
|
||||
|
||||
func init() {
|
||||
@ -14,10 +16,14 @@ func init() {
|
||||
}
|
||||
|
||||
type reserveCommand struct {
|
||||
basicAuth []string
|
||||
frontendSelection []string
|
||||
backendMode string
|
||||
cmd *cobra.Command
|
||||
basicAuth []string
|
||||
frontendSelection []string
|
||||
backendMode string
|
||||
jsonOutput bool
|
||||
oauthProvider string
|
||||
oauthEmailDomains []string
|
||||
oauthCheckInterval time.Duration
|
||||
cmd *cobra.Command
|
||||
}
|
||||
|
||||
func newReserveCommand() *reserveCommand {
|
||||
@ -27,9 +33,15 @@ func newReserveCommand() *reserveCommand {
|
||||
Args: cobra.ExactArgs(2),
|
||||
}
|
||||
command := &reserveCommand{cmd: cmd}
|
||||
cmd.Flags().StringArrayVar(&command.basicAuth, "basic-auth", []string{}, "Basic authentication users (<username:password>,...)")
|
||||
cmd.Flags().StringArrayVar(&command.frontendSelection, "frontends", []string{"public"}, "Selected frontends to use for the share")
|
||||
cmd.Flags().StringVarP(&command.backendMode, "backend-mode", "b", "proxy", "The backend mode {proxy, web, <tcpTunnel, udpTunnel>, caddy}")
|
||||
cmd.Flags().BoolVarP(&command.jsonOutput, "json-output", "j", false, "Emit JSON describing the created reserved share")
|
||||
cmd.Flags().StringArrayVar(&command.basicAuth, "basic-auth", []string{}, "Basic authentication users (<username:password>,...)")
|
||||
cmd.Flags().StringVar(&command.oauthProvider, "oauth-provider", "", "Enable OAuth provider [google, github]")
|
||||
cmd.Flags().StringArrayVar(&command.oauthEmailDomains, "oauth-email-domains", []string{}, "Allow only these email domains to authenticate via OAuth")
|
||||
cmd.Flags().DurationVar(&command.oauthCheckInterval, "oauth-check-interval", 3*time.Hour, "Maximum lifetime for OAuth authentication; reauthenticate after expiry")
|
||||
cmd.MarkFlagsMutuallyExclusive("basic-auth", "oauth-provider")
|
||||
|
||||
cmd.Run = command.run
|
||||
return command
|
||||
}
|
||||
@ -45,10 +57,7 @@ func (cmd *reserveCommand) run(_ *cobra.Command, args []string) {
|
||||
case "proxy":
|
||||
v, err := parseUrl(args[1])
|
||||
if err != nil {
|
||||
if !panicInstead {
|
||||
tui.Error("invalid target endpoint URL", err)
|
||||
}
|
||||
panic(err)
|
||||
tui.Error("invalid target endpoint URL", err)
|
||||
}
|
||||
target = v
|
||||
|
||||
@ -70,10 +79,7 @@ func (cmd *reserveCommand) run(_ *cobra.Command, args []string) {
|
||||
|
||||
env, err := environment.LoadRoot()
|
||||
if err != nil {
|
||||
if !panicInstead {
|
||||
tui.Error("error loading environment", err)
|
||||
}
|
||||
panic(err)
|
||||
tui.Error("error loading environment", err)
|
||||
}
|
||||
|
||||
if !env.IsEnabled() {
|
||||
@ -81,6 +87,7 @@ func (cmd *reserveCommand) run(_ *cobra.Command, args []string) {
|
||||
}
|
||||
|
||||
req := &sdk.ShareRequest{
|
||||
Reserved: true,
|
||||
BackendMode: sdk.BackendMode(cmd.backendMode),
|
||||
ShareMode: shareMode,
|
||||
BasicAuth: cmd.basicAuth,
|
||||
@ -89,16 +96,29 @@ func (cmd *reserveCommand) run(_ *cobra.Command, args []string) {
|
||||
if shareMode == sdk.PublicShareMode {
|
||||
req.Frontends = cmd.frontendSelection
|
||||
}
|
||||
if cmd.oauthProvider != "" {
|
||||
if shareMode != sdk.PublicShareMode {
|
||||
tui.Error("--oauth-provider only supported for public shares", nil)
|
||||
}
|
||||
req.OauthProvider = cmd.oauthProvider
|
||||
req.OauthEmailDomains = cmd.oauthEmailDomains
|
||||
req.OauthAuthorizationCheckInterval = cmd.oauthCheckInterval
|
||||
}
|
||||
shr, err := sdk.CreateShare(env, req)
|
||||
if err != nil {
|
||||
if !panicInstead {
|
||||
tui.Error("unable to create share", err)
|
||||
}
|
||||
panic(err)
|
||||
tui.Error("unable to create share", err)
|
||||
}
|
||||
|
||||
logrus.Infof("your reserved share token is '%v'", shr.Token)
|
||||
for _, fpe := range shr.FrontendEndpoints {
|
||||
logrus.Infof("reserved frontend endpoint: %v", fpe)
|
||||
if !cmd.jsonOutput {
|
||||
logrus.Infof("your reserved share token is '%v'", shr.Token)
|
||||
for _, fpe := range shr.FrontendEndpoints {
|
||||
logrus.Infof("reserved frontend endpoint: %v", fpe)
|
||||
}
|
||||
} else {
|
||||
out, err := json.Marshal(shr)
|
||||
if err != nil {
|
||||
tui.Error("error emitting JSON", err)
|
||||
}
|
||||
fmt.Println(string(out))
|
||||
}
|
||||
}
|
||||
|
@ -1,7 +1,8 @@
|
||||
# this builds docker.io/openziti/zrok
|
||||
FROM docker.io/openziti/ziti-cli:0.27.9
|
||||
# This build stage grabs artifacts that are copied into the final image.
|
||||
# It uses the same base as the final image to maximize docker cache hits.
|
||||
ARG ZITI_CLI_TAG="0.30.5"
|
||||
ARG ZITI_CLI_IMAGE="docker.io/openziti/ziti-cli"
|
||||
# this builds docker.io/openziti/ziti-controller
|
||||
FROM ${ZITI_CLI_IMAGE}:${ZITI_CLI_TAG}
|
||||
|
||||
ARG ARTIFACTS_DIR=./dist
|
||||
ARG DOCKER_BUILD_DIR=.
|
||||
@ -19,6 +20,11 @@ LABEL name="openziti/zrok" \
|
||||
|
||||
USER root
|
||||
|
||||
### install packages (jq introduced in source image in next release 0.30.6)
|
||||
RUN INSTALL_PKGS="jq" && \
|
||||
microdnf -y update --setopt=install_weak_deps=0 --setopt=tsflags=nodocs && \
|
||||
microdnf -y install --setopt=install_weak_deps=0 --setopt=tsflags=nodocs ${INSTALL_PKGS}
|
||||
|
||||
### add licenses to this directory
|
||||
RUN mkdir -p -m0755 /licenses
|
||||
COPY ./LICENSE /licenses/apache.txt
|
||||
|
@ -21,6 +21,7 @@ const (
|
||||
)
|
||||
|
||||
type ShareRequest struct {
|
||||
Reserved bool
|
||||
BackendMode BackendMode
|
||||
ShareMode ShareMode
|
||||
Target string
|
||||
@ -32,8 +33,8 @@ type ShareRequest struct {
|
||||
}
|
||||
|
||||
type Share struct {
|
||||
Token string
|
||||
FrontendEndpoints []string
|
||||
Token string `json:"token"`
|
||||
FrontendEndpoints []string `json:"frontend_endpoints"`
|
||||
}
|
||||
|
||||
type AccessRequest struct {
|
||||
|
@ -25,6 +25,7 @@ func CreateShare(root env_core.Root, request *ShareRequest) (*Share, error) {
|
||||
default:
|
||||
return nil, errors.Errorf("unknown share mode '%v'", request.ShareMode)
|
||||
}
|
||||
out.Body.Reserved = request.Reserved
|
||||
|
||||
if len(request.BasicAuth) > 0 {
|
||||
out.Body.AuthScheme = string(Basic)
|
||||
|
Loading…
Reference in New Issue
Block a user