mirror of
https://github.com/openziti/zrok.git
synced 2025-06-27 13:11:27 +02:00
new 'logic' layer in Agent for private access (#922)
This commit is contained in:
parent
534b8492ad
commit
9faf122416
@ -6,6 +6,16 @@ import (
|
|||||||
"github.com/openziti/zrok/cmd/zrok/subordinate"
|
"github.com/openziti/zrok/cmd/zrok/subordinate"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
type AccessPrivateRequest struct {
|
||||||
|
Token string
|
||||||
|
BindAddress string
|
||||||
|
AutoMode bool
|
||||||
|
AutoAddress string
|
||||||
|
AutoStartPort uint16
|
||||||
|
AutoEndPort uint16
|
||||||
|
ResponseHeaders []string
|
||||||
|
}
|
||||||
|
|
||||||
type access struct {
|
type access struct {
|
||||||
frontendToken string
|
frontendToken string
|
||||||
token string
|
token string
|
||||||
|
@ -12,14 +12,14 @@ import (
|
|||||||
"os"
|
"os"
|
||||||
)
|
)
|
||||||
|
|
||||||
func (i *agentGrpcImpl) AccessPrivate(_ context.Context, req *agentGrpc.AccessPrivateRequest) (*agentGrpc.AccessPrivateResponse, error) {
|
func (a *Agent) AccessPrivate(req *AccessPrivateRequest) (frontendToken string, err error) {
|
||||||
root, err := environment.LoadRoot()
|
root, err := environment.LoadRoot()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return "", err
|
||||||
}
|
}
|
||||||
|
|
||||||
if !root.IsEnabled() {
|
if !root.IsEnabled() {
|
||||||
return nil, errors.New("unable to load environment; did you 'zrok enable'?")
|
return "", errors.New("unable to load environment; did you 'zrok enable'?")
|
||||||
}
|
}
|
||||||
|
|
||||||
accCmd := []string{os.Args[0], "access", "private", "--subordinate", "-b", req.BindAddress, req.Token}
|
accCmd := []string{os.Args[0], "access", "private", "--subordinate", "-b", req.BindAddress, req.Token}
|
||||||
@ -38,7 +38,7 @@ func (i *agentGrpcImpl) AccessPrivate(_ context.Context, req *agentGrpc.AccessPr
|
|||||||
autoEndPort: uint16(req.AutoEndPort),
|
autoEndPort: uint16(req.AutoEndPort),
|
||||||
responseHeaders: req.ResponseHeaders,
|
responseHeaders: req.ResponseHeaders,
|
||||||
sub: subordinate.NewMessageHandler(),
|
sub: subordinate.NewMessageHandler(),
|
||||||
agent: i.agent,
|
agent: a,
|
||||||
}
|
}
|
||||||
acc.sub.MessageHandler = func(msg subordinate.Message) {
|
acc.sub.MessageHandler = func(msg subordinate.Message) {
|
||||||
logrus.Info(msg)
|
logrus.Info(msg)
|
||||||
@ -74,20 +74,36 @@ func (i *agentGrpcImpl) AccessPrivate(_ context.Context, req *agentGrpc.AccessPr
|
|||||||
|
|
||||||
acc.process, err = proctree.StartChild(acc.sub.Tail, accCmd...)
|
acc.process, err = proctree.StartChild(acc.sub.Tail, accCmd...)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return "", err
|
||||||
}
|
}
|
||||||
|
|
||||||
<-acc.sub.BootComplete
|
<-acc.sub.BootComplete
|
||||||
|
|
||||||
if bootErr == nil {
|
if bootErr == nil {
|
||||||
go acc.monitor()
|
go acc.monitor()
|
||||||
i.agent.addAccess <- acc
|
a.addAccess <- acc
|
||||||
return &agentGrpc.AccessPrivateResponse{FrontendToken: acc.frontendToken}, nil
|
return acc.frontendToken, nil
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
if err := proctree.WaitChild(acc.process); err != nil {
|
if err := proctree.WaitChild(acc.process); err != nil {
|
||||||
logrus.Errorf("error joining: %v", err)
|
logrus.Errorf("error joining: %v", err)
|
||||||
}
|
}
|
||||||
return nil, fmt.Errorf("unable to start access: %v", bootErr)
|
return "", fmt.Errorf("unable to start access: %v", bootErr)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (i *agentGrpcImpl) AccessPrivate(_ context.Context, req *agentGrpc.AccessPrivateRequest) (*agentGrpc.AccessPrivateResponse, error) {
|
||||||
|
if frontendToken, err := i.agent.AccessPrivate(&AccessPrivateRequest{
|
||||||
|
Token: req.Token,
|
||||||
|
BindAddress: req.BindAddress,
|
||||||
|
AutoMode: req.AutoMode,
|
||||||
|
AutoAddress: req.AutoAddress,
|
||||||
|
AutoStartPort: uint16(req.AutoStartPort),
|
||||||
|
AutoEndPort: uint16(req.AutoEndPort),
|
||||||
|
ResponseHeaders: req.ResponseHeaders,
|
||||||
|
}); err == nil {
|
||||||
|
return &agentGrpc.AccessPrivateResponse{FrontendToken: frontendToken}, nil
|
||||||
|
} else {
|
||||||
|
return nil, err
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -7,13 +7,16 @@ import (
|
|||||||
"github.com/sirupsen/logrus"
|
"github.com/sirupsen/logrus"
|
||||||
)
|
)
|
||||||
|
|
||||||
func (i *agentGrpcImpl) ReleaseAccess(_ context.Context, req *agentGrpc.ReleaseAccessRequest) (*agentGrpc.ReleaseAccessResponse, error) {
|
func (a *Agent) ReleaseAccess(frontendToken string) error {
|
||||||
if acc, found := i.agent.accesses[req.FrontendToken]; found {
|
if acc, found := a.accesses[frontendToken]; found {
|
||||||
i.agent.rmAccess <- acc
|
a.rmAccess <- acc
|
||||||
logrus.Infof("released access '%v'", acc.frontendToken)
|
logrus.Infof("released access '%v'", acc.frontendToken)
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
return nil, errors.Errorf("agent has no access with frontend token '%v'", req.FrontendToken)
|
return errors.Errorf("agent has no access with frontend token '%v'", frontendToken)
|
||||||
}
|
}
|
||||||
return nil, nil
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (i *agentGrpcImpl) ReleaseAccess(_ context.Context, req *agentGrpc.ReleaseAccessRequest) (*agentGrpc.ReleaseAccessResponse, error) {
|
||||||
|
return nil, i.agent.ReleaseAccess(req.FrontendToken)
|
||||||
}
|
}
|
||||||
|
@ -9,6 +9,32 @@ import (
|
|||||||
"time"
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
type SharePrivateRequest struct {
|
||||||
|
Target string
|
||||||
|
BackendMode string
|
||||||
|
Insecure bool
|
||||||
|
Closed bool
|
||||||
|
AccessGrants []string
|
||||||
|
}
|
||||||
|
|
||||||
|
type SharePublicRequest struct {
|
||||||
|
Target string
|
||||||
|
BasicAuth []string
|
||||||
|
FrontendSelection []string
|
||||||
|
BackendMode string
|
||||||
|
Insecure bool
|
||||||
|
OauthProvider string
|
||||||
|
OauthCheckInterval string
|
||||||
|
Closed bool
|
||||||
|
AccessGrants []string
|
||||||
|
}
|
||||||
|
|
||||||
|
type ShareReservedRequest struct {
|
||||||
|
Token string
|
||||||
|
OverrideEndpoint string
|
||||||
|
Insecure bool
|
||||||
|
}
|
||||||
|
|
||||||
type share struct {
|
type share struct {
|
||||||
token string
|
token string
|
||||||
frontendEndpoints []string
|
frontendEndpoints []string
|
||||||
|
Loading…
x
Reference in New Issue
Block a user