new 'logic' layer in Agent for private access (#922)

This commit is contained in:
Michael Quigley 2025-03-27 14:01:10 -04:00
parent 534b8492ad
commit 9faf122416
No known key found for this signature in database
GPG Key ID: 9B60314A9DD20A62
4 changed files with 69 additions and 14 deletions

View File

@ -6,6 +6,16 @@ import (
"github.com/openziti/zrok/cmd/zrok/subordinate" "github.com/openziti/zrok/cmd/zrok/subordinate"
) )
type AccessPrivateRequest struct {
Token string
BindAddress string
AutoMode bool
AutoAddress string
AutoStartPort uint16
AutoEndPort uint16
ResponseHeaders []string
}
type access struct { type access struct {
frontendToken string frontendToken string
token string token string

View File

@ -12,14 +12,14 @@ import (
"os" "os"
) )
func (i *agentGrpcImpl) AccessPrivate(_ context.Context, req *agentGrpc.AccessPrivateRequest) (*agentGrpc.AccessPrivateResponse, error) { func (a *Agent) AccessPrivate(req *AccessPrivateRequest) (frontendToken string, err error) {
root, err := environment.LoadRoot() root, err := environment.LoadRoot()
if err != nil { if err != nil {
return nil, err return "", err
} }
if !root.IsEnabled() { if !root.IsEnabled() {
return nil, errors.New("unable to load environment; did you 'zrok enable'?") return "", errors.New("unable to load environment; did you 'zrok enable'?")
} }
accCmd := []string{os.Args[0], "access", "private", "--subordinate", "-b", req.BindAddress, req.Token} accCmd := []string{os.Args[0], "access", "private", "--subordinate", "-b", req.BindAddress, req.Token}
@ -38,7 +38,7 @@ func (i *agentGrpcImpl) AccessPrivate(_ context.Context, req *agentGrpc.AccessPr
autoEndPort: uint16(req.AutoEndPort), autoEndPort: uint16(req.AutoEndPort),
responseHeaders: req.ResponseHeaders, responseHeaders: req.ResponseHeaders,
sub: subordinate.NewMessageHandler(), sub: subordinate.NewMessageHandler(),
agent: i.agent, agent: a,
} }
acc.sub.MessageHandler = func(msg subordinate.Message) { acc.sub.MessageHandler = func(msg subordinate.Message) {
logrus.Info(msg) logrus.Info(msg)
@ -74,20 +74,36 @@ func (i *agentGrpcImpl) AccessPrivate(_ context.Context, req *agentGrpc.AccessPr
acc.process, err = proctree.StartChild(acc.sub.Tail, accCmd...) acc.process, err = proctree.StartChild(acc.sub.Tail, accCmd...)
if err != nil { if err != nil {
return nil, err return "", err
} }
<-acc.sub.BootComplete <-acc.sub.BootComplete
if bootErr == nil { if bootErr == nil {
go acc.monitor() go acc.monitor()
i.agent.addAccess <- acc a.addAccess <- acc
return &agentGrpc.AccessPrivateResponse{FrontendToken: acc.frontendToken}, nil return acc.frontendToken, nil
} else { } else {
if err := proctree.WaitChild(acc.process); err != nil { if err := proctree.WaitChild(acc.process); err != nil {
logrus.Errorf("error joining: %v", err) logrus.Errorf("error joining: %v", err)
} }
return nil, fmt.Errorf("unable to start access: %v", bootErr) return "", fmt.Errorf("unable to start access: %v", bootErr)
}
}
func (i *agentGrpcImpl) AccessPrivate(_ context.Context, req *agentGrpc.AccessPrivateRequest) (*agentGrpc.AccessPrivateResponse, error) {
if frontendToken, err := i.agent.AccessPrivate(&AccessPrivateRequest{
Token: req.Token,
BindAddress: req.BindAddress,
AutoMode: req.AutoMode,
AutoAddress: req.AutoAddress,
AutoStartPort: uint16(req.AutoStartPort),
AutoEndPort: uint16(req.AutoEndPort),
ResponseHeaders: req.ResponseHeaders,
}); err == nil {
return &agentGrpc.AccessPrivateResponse{FrontendToken: frontendToken}, nil
} else {
return nil, err
} }
} }

View File

@ -7,13 +7,16 @@ import (
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
) )
func (i *agentGrpcImpl) ReleaseAccess(_ context.Context, req *agentGrpc.ReleaseAccessRequest) (*agentGrpc.ReleaseAccessResponse, error) { func (a *Agent) ReleaseAccess(frontendToken string) error {
if acc, found := i.agent.accesses[req.FrontendToken]; found { if acc, found := a.accesses[frontendToken]; found {
i.agent.rmAccess <- acc a.rmAccess <- acc
logrus.Infof("released access '%v'", acc.frontendToken) logrus.Infof("released access '%v'", acc.frontendToken)
} else { } else {
return nil, errors.Errorf("agent has no access with frontend token '%v'", req.FrontendToken) return errors.Errorf("agent has no access with frontend token '%v'", frontendToken)
} }
return nil, nil return nil
}
func (i *agentGrpcImpl) ReleaseAccess(_ context.Context, req *agentGrpc.ReleaseAccessRequest) (*agentGrpc.ReleaseAccessResponse, error) {
return nil, i.agent.ReleaseAccess(req.FrontendToken)
} }

View File

@ -9,6 +9,32 @@ import (
"time" "time"
) )
type SharePrivateRequest struct {
Target string
BackendMode string
Insecure bool
Closed bool
AccessGrants []string
}
type SharePublicRequest struct {
Target string
BasicAuth []string
FrontendSelection []string
BackendMode string
Insecure bool
OauthProvider string
OauthCheckInterval string
Closed bool
AccessGrants []string
}
type ShareReservedRequest struct {
Token string
OverrideEndpoint string
Insecure bool
}
type share struct { type share struct {
token string token string
frontendEndpoints []string frontendEndpoints []string