From 637cf0806538df63cccb70ade6b7838934e6d746 Mon Sep 17 00:00:00 2001 From: Ken Bingham Date: Wed, 25 Jan 2023 11:36:47 -0500 Subject: [PATCH 01/16] fix relative link to self-hosting guide --- docs/v0.3_nginx_tls_guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/v0.3_nginx_tls_guide.md b/docs/v0.3_nginx_tls_guide.md index b5878273..68f2fd48 100644 --- a/docs/v0.3_nginx_tls_guide.md +++ b/docs/v0.3_nginx_tls_guide.md @@ -1,6 +1,6 @@ # Nginx Reverse Proxy for zrok -I'll assume you have a running zrok controller and public frontend and wish to front both with Nginx providing server TLS. Go back to [the hosting quickstart](v0.3_quickstart.md) if you still need to spin those up. +I'll assume you have a running zrok controller and public frontend and wish to front both with Nginx providing server TLS. Go back to [the self-hosting guide](v0.3_self_hosting_guide.md) if you still need to spin those up. ## Choose a Reverse Proxy Address From 8f026204d2345125c03d097966f55b3c7b259089 Mon Sep 17 00:00:00 2001 From: Cam Otts Date: Wed, 25 Jan 2023 15:44:48 -0600 Subject: [PATCH 02/16] gon changes to enable notarization --- build/gon-amd64.hcl | 7 +++++-- build/gon-arm64.hcl | 7 +++++-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/build/gon-amd64.hcl b/build/gon-amd64.hcl index e63595b9..2df65079 100644 --- a/build/gon-amd64.hcl +++ b/build/gon-amd64.hcl @@ -2,10 +2,13 @@ source = ["dist/zrok-amd64_darwin_amd64_v1/zrok"] bundle_id = "io.zrok.zrok" apple_id { - username = "@env:AC_USERNAME" password = "@env:AC_PASSWORD" } sign { - application_identity = "Apple Distribution: NetFoundry Inc" + application_identity = "Developer ID Application: NetFoundry Inc" } + +zip { + output_path = "dist/zrok-amd64_darwin_amd64_v1/zrok.zip" +} \ No newline at end of file diff --git a/build/gon-arm64.hcl b/build/gon-arm64.hcl index d3ac76d4..690d745c 100644 --- a/build/gon-arm64.hcl +++ b/build/gon-arm64.hcl @@ -2,10 +2,13 @@ source = ["dist/zrok-arm64_darwin_arm64/zrok"] bundle_id = "io.zrok.zrok" apple_id { - username = "@env:AC_USERNAME" password = "@env:AC_PASSWORD" } sign { - application_identity = "Apple Distribution: NetFoundry Inc" + application_identity = "Developer ID Application: NetFoundry Inc" } + +zip { + output_path = "dist/zrok-arm64_darwin_arm64/zrok.zip" +} \ No newline at end of file From feaa40ee3a0493260b8f456205d910622d01e611 Mon Sep 17 00:00:00 2001 From: Michael Quigley Date: Thu, 26 Jan 2023 11:52:14 -0500 Subject: [PATCH 03/16] changelog --- CHANGELOG.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3a1d81f7..46783297 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,8 @@ -# v0.3.0-rc3 (WiP) +# v0.3.0-rc4 + +CHANGE: Enable notarization for macos binaries (https://github.com/openziti/zrok/issues/92) + +# v0.3.0-rc3 > This release increments the configuration version from `1` to `2`. See the note below. From 1e291f640accd905783de4b5f8259b76e803324a Mon Sep 17 00:00:00 2001 From: Michael Quigley Date: Thu, 26 Jan 2023 14:09:46 -0500 Subject: [PATCH 04/16] introducing zrok; first draft --- website/blog/introducing_zrok.md | 45 ++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 website/blog/introducing_zrok.md diff --git a/website/blog/introducing_zrok.md b/website/blog/introducing_zrok.md new file mode 100644 index 00000000..1c51e871 --- /dev/null +++ b/website/blog/introducing_zrok.md @@ -0,0 +1,45 @@ +# Introducing zrok + +I'm fortunate that I've had the opportunity to work on many interesting projects throughout my career. I was one of the original developers who broke ground on the OpenZiti project back in 2017. I had the opportunity to work deep in the core design for OpenZiti, and a lot of the core ideas came from work I did directly. + +For the last six months, I've had the opportunity to come at the world of Zero Trust and next generation networking from the other end. I've been working on a set of user-focused tools that aim to streamline sharing by making the network both secure, and invisible. + +This new project is called... `zrok`. + +`zrok` focuses on streamlining sharing for both developers and end users alike. `zrok` takes inspiration from a number of other offerings that focus on streamlining developer endpoint sharing. Starting from that recipe, `zrok` adds a number of powerful capabilities that are made possible by building on the foundation provided by OpenZiti. + +Here are some of the things that make `zrok` different... + +## Private Sharing + +Most of the offerings in this space allow you to easily create "tunnels" that allow outbound-only access to local HTTP resources without punching any holes in a firewall. These tools make these kinds of tunnels effortless to create; a single command and you've got a public URL that you can share to allow access to your endpoint. + +`zrok` expands on this model by supporting something that we're calling "private sharing". You'll share your resources using a single command, but your resources will be privately shared on an OpenZiti network, where they can be securely accessed with a single `zrok` command by other users. + +In this model, nobody ever has to enable any inbound access from untrusted users. All network access is handled through a secure, zero trust overlay network. And to make it even simpler, `zrok` handles all of the control plane management of the overlay network. This secure sharing model remains the single-command affair that users have come to expect. + +## Files; Repositories; Video... Decentralized + +Most of the other offerings in this space have focused on sharing network resources. These tools are often used by developers to allow local access to a private HTTP endpoint, or to facilitate a callback to a private endpoint through a webhook. It's considered table stakes for these tools to do this in a way that is _frictionless_. + +`zrok` also provides a frictionless experience for sharing these kinds of network resources. However, we're taking it a step further, though... `zrok` will also make this kind of frictionless, decentralized sharing possible for files, software repositories, video streams, and a number of other kinds of resources we haven't even thought of yet. + +Combine this kind of resource sharing with our private sharing model, and you've got the recipe for a number of very powerful decentralized services. Imagine using `zrok` as a decentralized, distributed replacement for large centralized file sharing platforms. Use it as a replacement for large, centralized video streaming platforms. + +We're still just getting started on building out these aspects of `zrok`. But as of this writing, `zrok` already provides built-in single-command file sharing. Combine that with private sharing and you can see this powerful model in action right now. + +## zrok.io + +NetFoundry is offering `zrok.io`, a managed service instance you can use to try out `zrok` and even run small production workloads. This service is currently in limited beta and is available through an invitation process until we're out of beta. Visit [zrok.io](https://zrok.io) for details about requesting an invite. + +`zrok.io` runs on top of the open source version of `zrok`. We've built out some scaffolding to make sure we can properly operationalize it, but it's the same code you can run in your own environments. + +## Open Source; Self-Host + +`zrok` is open source. You've got everything you need to host your own `zrok` instance on top of your own private OpenZiti network. We've even streamlined this process, and we're including a simple [guide](https://github.com/openziti/zrok/blob/main/docs/v0.3_self_hosting_guide.md) to getting this running in minutes, including the OpenZiti portions. + +## A Start + +I'm really excited about sharing `zrok` with you. As of this writing, we're at `v0.3.0`, and there is still a ton of work to do to get `zrok` to where I know it can go. `zrok` is open source, and we're going to be developing it in public, just like the rest of the OpenZiti products. + +We'd love your participation! You can find us on Github at [https://github.com/openziti/zrok](https://github.com/openziti/zrok). \ No newline at end of file From 5cadc741516312b8ae20125927f70215cbd9c18e Mon Sep 17 00:00:00 2001 From: Michael Quigley Date: Thu, 26 Jan 2023 14:58:59 -0500 Subject: [PATCH 05/16] introducing zrok; iteration --- website/blog/introducing_zrok.md | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/website/blog/introducing_zrok.md b/website/blog/introducing_zrok.md index 1c51e871..594a1370 100644 --- a/website/blog/introducing_zrok.md +++ b/website/blog/introducing_zrok.md @@ -1,8 +1,8 @@ # Introducing zrok -I'm fortunate that I've had the opportunity to work on many interesting projects throughout my career. I was one of the original developers who broke ground on the OpenZiti project back in 2017. I had the opportunity to work deep in the core design for OpenZiti, and a lot of the core ideas came from work I did directly. +I'm fortunate that I've had the opportunity to work on many interesting projects throughout my career. I was one of the original developers who broke ground on the [OpenZiti](https://docs.openziti.io) project back in 2017. Most of my work on OpenZiti centered on the fabric, data and control plane design, and designing abstractions that would support a lot of what became the "edge" layers. It's been quite exciting to watch OpenZiti blossom and grow into what it's becoming. -For the last six months, I've had the opportunity to come at the world of Zero Trust and next generation networking from the other end. I've been working on a set of user-focused tools that aim to streamline sharing by making the network both secure, and invisible. +For the last six months, I've had the opportunity to come at the world of Zero Trust and next generation networking from the other side of the stack. Instead of working in the lowest layers of protocols and abstractions, I'm working from the perspective of end users and enabling an amazing end user experience. I'm excited to introduce you to a new set of tools designed to empower end users at the network edge to seamlessly and transparently share resources. Imagine network sharing that is equally secure and transparent. This new project is called... `zrok`. @@ -12,34 +12,40 @@ Here are some of the things that make `zrok` different... ## Private Sharing -Most of the offerings in this space allow you to easily create "tunnels" that allow outbound-only access to local HTTP resources without punching any holes in a firewall. These tools make these kinds of tunnels effortless to create; a single command and you've got a public URL that you can share to allow access to your endpoint. +Most of the offerings in this space allow you to easily create "tunnels" that allow outbound-only access to local HTTP resources without punching any holes in a firewall. These tools make these kinds of tunnels effortless to create; with a single command you've got a public URL that you can share to allow access to your endpoint. `zrok` expands on this model by supporting something that we're calling "private sharing". You'll share your resources using a single command, but your resources will be privately shared on an OpenZiti network, where they can be securely accessed with a single `zrok` command by other users. -In this model, nobody ever has to enable any inbound access from untrusted users. All network access is handled through a secure, zero trust overlay network. And to make it even simpler, `zrok` handles all of the control plane management of the overlay network. This secure sharing model remains the single-command affair that users have come to expect. +In this model, no user ever has to enable any inbound access from untrusted users. All network access is handled through a secure, zero trust overlay network. And to make it even simpler, `zrok` handles all of the control plane management of the overlay network, deeply simplifying the experience. This secure sharing model remains the single-command affair that users have come to expect. ## Files; Repositories; Video... Decentralized -Most of the other offerings in this space have focused on sharing network resources. These tools are often used by developers to allow local access to a private HTTP endpoint, or to facilitate a callback to a private endpoint through a webhook. It's considered table stakes for these tools to do this in a way that is _frictionless_. +Most of the other offerings in this space are focused on sharing low-level network resources. These tools are often used by developers or operations staff to allow access to a private HTTP endpoint, or to facilitate a callback to a private endpoint through a web hook. It's considered table stakes for these tools to do this in a way that is _frictionless_. -`zrok` also provides a frictionless experience for sharing these kinds of network resources. However, we're taking it a step further, though... `zrok` will also make this kind of frictionless, decentralized sharing possible for files, software repositories, video streams, and a number of other kinds of resources we haven't even thought of yet. +`zrok` also provides a frictionless experience for sharing these kinds of network resources. However, we're taking it a step further... `zrok` will also make this kind of frictionless, decentralized sharing possible for files, software repositories, video streams, and a number of other kinds of resources we haven't even thought of yet. -Combine this kind of resource sharing with our private sharing model, and you've got the recipe for a number of very powerful decentralized services. Imagine using `zrok` as a decentralized, distributed replacement for large centralized file sharing platforms. Use it as a replacement for large, centralized video streaming platforms. +Combine this kind of resource sharing with our private sharing model, and you've got the recipe for a number of very powerful decentralized services. Imagine using `zrok` as a decentralized, distributed replacement for large centralized file sharing platforms. Or use it as a replacement for large, centralized video streaming platforms. -We're still just getting started on building out these aspects of `zrok`. But as of this writing, `zrok` already provides built-in single-command file sharing. Combine that with private sharing and you can see this powerful model in action right now. +We're still just getting started on building out these aspects of `zrok`. But as of this writing, `zrok` already provides built-in single-command file sharing. Combine this with private sharing and you can see this powerful model in action today. ## zrok.io -NetFoundry is offering `zrok.io`, a managed service instance you can use to try out `zrok` and even run small production workloads. This service is currently in limited beta and is available through an invitation process until we're out of beta. Visit [zrok.io](https://zrok.io) for details about requesting an invite. +[NetFoundry](https://netfoundry.io) is offering [zrok.io](https://zrok.io), a managed `zrok` service instance you can use to try out `zrok` and even run small production workloads. This service is currently in limited beta and is available through an invitation process. Visit [zrok.io](https://zrok.io) for details about requesting an invite. -`zrok.io` runs on top of the open source version of `zrok`. We've built out some scaffolding to make sure we can properly operationalize it, but it's the same code you can run in your own environments. +Once `zrok` and `zrok.io` are out of beta, we'll be opening it up to the public. + +`zrok.io` runs on top of the open source version of `zrok`. We're building out a production environment to make sure we can properly operationalize it, but it's the same code you can run in your own environments. ## Open Source; Self-Host -`zrok` is open source. You've got everything you need to host your own `zrok` instance on top of your own private OpenZiti network. We've even streamlined this process, and we're including a simple [guide](https://github.com/openziti/zrok/blob/main/docs/v0.3_self_hosting_guide.md) to getting this running in minutes, including the OpenZiti portions. +`zrok` is committed to being open source. You've got everything you need to host your own `zrok` instance on top of your own private OpenZiti network. We've even streamlined this process, and we're including a simple [guide](https://github.com/openziti/zrok/blob/main/docs/v0.3_self_hosting_guide.md) to getting this running in minutes, including the OpenZiti portions. + +You can [access](https://github.com/openziti/zrok) the open source version of `zrok` today. ## A Start -I'm really excited about sharing `zrok` with you. As of this writing, we're at `v0.3.0`, and there is still a ton of work to do to get `zrok` to where I know it can go. `zrok` is open source, and we're going to be developing it in public, just like the rest of the OpenZiti products. +I'm really excited about sharing `zrok` with you. As of this writing, we're at `v0.3.0`, and there is still a ton of work to do to get `zrok` to where I know it can go. `zrok` is open source, and we're going to be developing it in public, just like the rest of the OpenZiti products (check out the [OpenZiti GitHub](https://github.com/openziti)). -We'd love your participation! You can find us on Github at [https://github.com/openziti/zrok](https://github.com/openziti/zrok). \ No newline at end of file +Starting with `v0.4`, I'm planning on producing a set of regularly-released "development notebooks", documenting the development process and giving you a look at the work we're doing with `zrok`. I'm also planning on producing a set of videos that work through some of what's involved in building your own tiny version of `zrok` on top of OpenZiti; these will be a great introduction to building a _Ziti Native Application_ from the ground up. These videos will also be a comprehensive look at how `zrok` works. + +We'd love your participation in the `zrok` project! You can find us on GitHub at [https://github.com/openziti/zrok](https://github.com/openziti/zrok). \ No newline at end of file From d5ca1e6c86f2543333390ac5ae0c320a1912da90 Mon Sep 17 00:00:00 2001 From: Michael Quigley Date: Thu, 26 Jan 2023 16:40:03 -0500 Subject: [PATCH 06/16] introducing zrok; grammarly and other suggestions --- website/blog/introducing_zrok.md | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/website/blog/introducing_zrok.md b/website/blog/introducing_zrok.md index 594a1370..3aee5005 100644 --- a/website/blog/introducing_zrok.md +++ b/website/blog/introducing_zrok.md @@ -1,30 +1,30 @@ # Introducing zrok -I'm fortunate that I've had the opportunity to work on many interesting projects throughout my career. I was one of the original developers who broke ground on the [OpenZiti](https://docs.openziti.io) project back in 2017. Most of my work on OpenZiti centered on the fabric, data and control plane design, and designing abstractions that would support a lot of what became the "edge" layers. It's been quite exciting to watch OpenZiti blossom and grow into what it's becoming. +I'm fortunate that I've had the opportunity to work on many interesting projects throughout my career. I was one of the original developers who broke ground on the [OpenZiti](https://github.com/openziti/ziti) project back in 2017. Most of my work on OpenZiti centered on the [fabric](https://github.com/openziti/fabric), data and control plane design, and designing abstractions that would support a lot of what became the "edge" layers. It's been quite exciting to watch OpenZiti blossom and grow into what it's becoming. -For the last six months, I've had the opportunity to come at the world of Zero Trust and next generation networking from the other side of the stack. Instead of working in the lowest layers of protocols and abstractions, I'm working from the perspective of end users and enabling an amazing end user experience. I'm excited to introduce you to a new set of tools designed to empower end users at the network edge to seamlessly and transparently share resources. Imagine network sharing that is equally secure and transparent. +For the last six months, I've had the opportunity to re-approach the world of zero-trust and next-generation networking from the other side of the stack. Instead of working in the lowest layers of protocols and abstractions, I'm working from the perspective of end users and enabling an amazing end-user experience. I'm excited to introduce you to a new set of tools designed to empower end users at the network edge to seamlessly and transparently share resources. Imagine network sharing that is equally secure and transparent. This new project is called... `zrok`. -`zrok` focuses on streamlining sharing for both developers and end users alike. `zrok` takes inspiration from a number of other offerings that focus on streamlining developer endpoint sharing. Starting from that recipe, `zrok` adds a number of powerful capabilities that are made possible by building on the foundation provided by OpenZiti. +`zrok` focuses on streamlining sharing for both developers and end users alike. `zrok` takes inspiration from several other offerings that focus on streamlining developer endpoint sharing. Starting from that recipe, `zrok` adds powerful capabilities that are made possible by building on the foundation provided by OpenZiti. Here are some of the things that make `zrok` different... ## Private Sharing -Most of the offerings in this space allow you to easily create "tunnels" that allow outbound-only access to local HTTP resources without punching any holes in a firewall. These tools make these kinds of tunnels effortless to create; with a single command you've got a public URL that you can share to allow access to your endpoint. +Most of the offerings in this space allow you to easily create "tunnels" that allow outbound-only access to local HTTP resources without punching any holes in a firewall. These tools make these kinds of tunnels effortless to create; with a single command, you've got a public URL that you can share to allow access to your endpoint. `zrok` expands on this model by supporting something that we're calling "private sharing". You'll share your resources using a single command, but your resources will be privately shared on an OpenZiti network, where they can be securely accessed with a single `zrok` command by other users. -In this model, no user ever has to enable any inbound access from untrusted users. All network access is handled through a secure, zero trust overlay network. And to make it even simpler, `zrok` handles all of the control plane management of the overlay network, deeply simplifying the experience. This secure sharing model remains the single-command affair that users have come to expect. +In this model, no user ever has to enable any inbound access from untrusted users. All network access is handled through a secure, zero-trust overlay network. And to make it even simpler, `zrok` handles all of the control plane management of the overlay network, deeply simplifying the experience. This secure sharing model remains the single-command affair that users have come to expect. ## Files; Repositories; Video... Decentralized -Most of the other offerings in this space are focused on sharing low-level network resources. These tools are often used by developers or operations staff to allow access to a private HTTP endpoint, or to facilitate a callback to a private endpoint through a web hook. It's considered table stakes for these tools to do this in a way that is _frictionless_. +Most of the other offerings in this space are focused on sharing low-level network resources. These tools are often used by developers or operations staff to allow access to a private HTTP endpoint or to facilitate a callback to a private endpoint through a webhook. It's considered table stakes for these tools to do this in a _frictionless_ way. -`zrok` also provides a frictionless experience for sharing these kinds of network resources. However, we're taking it a step further... `zrok` will also make this kind of frictionless, decentralized sharing possible for files, software repositories, video streams, and a number of other kinds of resources we haven't even thought of yet. +`zrok` also provides a frictionless experience for sharing these kinds of network resources. However, we're taking it a step further... `zrok` will also make this kind of frictionless, decentralized sharing possible for files, software repositories, video streams, and other kinds of resources we haven't even thought of yet. -Combine this kind of resource sharing with our private sharing model, and you've got the recipe for a number of very powerful decentralized services. Imagine using `zrok` as a decentralized, distributed replacement for large centralized file sharing platforms. Or use it as a replacement for large, centralized video streaming platforms. +Combine this kind of resource sharing with our private sharing model, and you've got the recipe for very powerful decentralized services. Imagine using `zrok` as a decentralized, distributed replacement for large centralized file-sharing platforms. Or use it as a replacement for large, centralized video streaming platforms. We're still just getting started on building out these aspects of `zrok`. But as of this writing, `zrok` already provides built-in single-command file sharing. Combine this with private sharing and you can see this powerful model in action today. @@ -34,17 +34,17 @@ We're still just getting started on building out these aspects of `zrok`. But as Once `zrok` and `zrok.io` are out of beta, we'll be opening it up to the public. -`zrok.io` runs on top of the open source version of `zrok`. We're building out a production environment to make sure we can properly operationalize it, but it's the same code you can run in your own environments. +`zrok.io` runs on top of the open-source version of `zrok`. We're building out a production environment to make sure we can properly operationalize it, but it's the same code you can run in your own environments. -## Open Source; Self-Host +## Open-Source; Self-Host -`zrok` is committed to being open source. You've got everything you need to host your own `zrok` instance on top of your own private OpenZiti network. We've even streamlined this process, and we're including a simple [guide](https://github.com/openziti/zrok/blob/main/docs/v0.3_self_hosting_guide.md) to getting this running in minutes, including the OpenZiti portions. +`zrok` is committed to being open-source. You've got everything you need to host your own `zrok` instance on top of your own private OpenZiti network. We've even streamlined this process, and we're including a simple [guide](https://github.com/openziti/zrok/blob/main/docs/v0.3_self_hosting_guide.md) to getting this running in minutes, including the OpenZiti portions. -You can [access](https://github.com/openziti/zrok) the open source version of `zrok` today. +You can [access](https://github.com/openziti/zrok) the open-source version of `zrok` today. ## A Start -I'm really excited about sharing `zrok` with you. As of this writing, we're at `v0.3.0`, and there is still a ton of work to do to get `zrok` to where I know it can go. `zrok` is open source, and we're going to be developing it in public, just like the rest of the OpenZiti products (check out the [OpenZiti GitHub](https://github.com/openziti)). +I'm really excited about sharing `zrok` with you. As of this writing, we're at `v0.3.0`, and there is still a ton of work to do to get `zrok` to where I know it can go. `zrok` is open-source, and we're going to be developing it in public, just like the rest of the OpenZiti products (check out the [OpenZiti GitHub](https://github.com/openziti)). Starting with `v0.4`, I'm planning on producing a set of regularly-released "development notebooks", documenting the development process and giving you a look at the work we're doing with `zrok`. I'm also planning on producing a set of videos that work through some of what's involved in building your own tiny version of `zrok` on top of OpenZiti; these will be a great introduction to building a _Ziti Native Application_ from the ground up. These videos will also be a comprehensive look at how `zrok` works. From fbf9ead75f83261eab506db60b897408975f373f Mon Sep 17 00:00:00 2001 From: Michael Quigley Date: Thu, 26 Jan 2023 16:57:58 -0500 Subject: [PATCH 07/16] introducing zrok; lint --- website/blog/introducing_zrok.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/blog/introducing_zrok.md b/website/blog/introducing_zrok.md index 3aee5005..0c633870 100644 --- a/website/blog/introducing_zrok.md +++ b/website/blog/introducing_zrok.md @@ -28,7 +28,7 @@ Combine this kind of resource sharing with our private sharing model, and you've We're still just getting started on building out these aspects of `zrok`. But as of this writing, `zrok` already provides built-in single-command file sharing. Combine this with private sharing and you can see this powerful model in action today. -## zrok.io +## zrok.io; Production zrok [NetFoundry](https://netfoundry.io) is offering [zrok.io](https://zrok.io), a managed `zrok` service instance you can use to try out `zrok` and even run small production workloads. This service is currently in limited beta and is available through an invitation process. Visit [zrok.io](https://zrok.io) for details about requesting an invite. From 146f6c0c47737b1c1467f2d18012b2fe1e7a2539 Mon Sep 17 00:00:00 2001 From: Michael Quigley Date: Thu, 26 Jan 2023 17:01:03 -0500 Subject: [PATCH 08/16] introducing zrok; make hashnode happy --- website/blog/introducing_zrok.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/blog/introducing_zrok.md b/website/blog/introducing_zrok.md index 0c633870..3ff0305e 100644 --- a/website/blog/introducing_zrok.md +++ b/website/blog/introducing_zrok.md @@ -28,7 +28,7 @@ Combine this kind of resource sharing with our private sharing model, and you've We're still just getting started on building out these aspects of `zrok`. But as of this writing, `zrok` already provides built-in single-command file sharing. Combine this with private sharing and you can see this powerful model in action today. -## zrok.io; Production zrok +## Production zrok [NetFoundry](https://netfoundry.io) is offering [zrok.io](https://zrok.io), a managed `zrok` service instance you can use to try out `zrok` and even run small production workloads. This service is currently in limited beta and is available through an invitation process. Visit [zrok.io](https://zrok.io) for details about requesting an invite. From 6b99072edc115d9a5408b8c86016183740d3802f Mon Sep 17 00:00:00 2001 From: Michael Quigley Date: Fri, 27 Jan 2023 09:08:30 -0500 Subject: [PATCH 09/16] introducing zrok; smithing --- website/blog/introducing_zrok.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/blog/introducing_zrok.md b/website/blog/introducing_zrok.md index 3ff0305e..ffc9c521 100644 --- a/website/blog/introducing_zrok.md +++ b/website/blog/introducing_zrok.md @@ -1,6 +1,6 @@ # Introducing zrok -I'm fortunate that I've had the opportunity to work on many interesting projects throughout my career. I was one of the original developers who broke ground on the [OpenZiti](https://github.com/openziti/ziti) project back in 2017. Most of my work on OpenZiti centered on the [fabric](https://github.com/openziti/fabric), data and control plane design, and designing abstractions that would support a lot of what became the "edge" layers. It's been quite exciting to watch OpenZiti blossom and grow into what it's becoming. +I'm fortunate that I've had the opportunity to work on many interesting projects throughout my career. I was one of the original developers who broke ground on the [OpenZiti](https://github.com/openziti/ziti) project back in 2017. Most of my work on OpenZiti centered on the [fabric](https://github.com/openziti/fabric), data and control plane design, and designing abstractions that would support a lot of what became the "edge" layers. It's been quite exciting to watch OpenZiti blossom and grow. For the last six months, I've had the opportunity to re-approach the world of zero-trust and next-generation networking from the other side of the stack. Instead of working in the lowest layers of protocols and abstractions, I'm working from the perspective of end users and enabling an amazing end-user experience. I'm excited to introduce you to a new set of tools designed to empower end users at the network edge to seamlessly and transparently share resources. Imagine network sharing that is equally secure and transparent. From e125b8963de770a2e71ad6cdefef2ddef419ec56 Mon Sep 17 00:00:00 2001 From: Michael Quigley Date: Fri, 27 Jan 2023 09:42:16 -0500 Subject: [PATCH 10/16] introducing zrok; revision --- website/blog/introducing_zrok.md | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/website/blog/introducing_zrok.md b/website/blog/introducing_zrok.md index ffc9c521..25cfa791 100644 --- a/website/blog/introducing_zrok.md +++ b/website/blog/introducing_zrok.md @@ -1,12 +1,12 @@ # Introducing zrok -I'm fortunate that I've had the opportunity to work on many interesting projects throughout my career. I was one of the original developers who broke ground on the [OpenZiti](https://github.com/openziti/ziti) project back in 2017. Most of my work on OpenZiti centered on the [fabric](https://github.com/openziti/fabric), data and control plane design, and designing abstractions that would support a lot of what became the "edge" layers. It's been quite exciting to watch OpenZiti blossom and grow. +I'm fortunate that I've had the opportunity to work on many interesting projects throughout my career. I was one of the original developers who broke ground on the [OpenZiti](https://github.com/openziti/ziti) project back in 2017. Most of my work on OpenZiti centered on the [fabric](https://github.com/openziti/fabric), data and control plane design, and designing abstractions that would support a lot of what became the "edge" layers. It's been quite exciting to watch OpenZiti blossom and grow over the years. -For the last six months, I've had the opportunity to re-approach the world of zero-trust and next-generation networking from the other side of the stack. Instead of working in the lowest layers of protocols and abstractions, I'm working from the perspective of end users and enabling an amazing end-user experience. I'm excited to introduce you to a new set of tools designed to empower end users at the network edge to seamlessly and transparently share resources. Imagine network sharing that is equally secure and transparent. +For the last six months, I've had the opportunity to re-approach the world of zero-trust and next-generation networking from the other side of the stack. Instead of working in the lowest layers of protocols and abstractions, I'm working from the perspective of usability and enabling an amazing end-user experience. I'm excited to introduce you to a new set of tools designed to empower users at the network edge to seamlessly and transparently share resources. Imagine network sharing that is equally secure and transparent. This new project is called... `zrok`. -`zrok` focuses on streamlining sharing for both developers and end users alike. `zrok` takes inspiration from several other offerings that focus on streamlining developer endpoint sharing. Starting from that recipe, `zrok` adds powerful capabilities that are made possible by building on the foundation provided by OpenZiti. +`zrok` focuses on streamlining sharing for both developers and less technical users alike. `zrok` takes inspiration from several other offerings that focus on streamlining developer endpoint sharing. Starting from that recipe, `zrok` adds powerful capabilities that are made possible by building on the foundation provided by OpenZiti. Here are some of the things that make `zrok` different... @@ -14,9 +14,11 @@ Here are some of the things that make `zrok` different... Most of the offerings in this space allow you to easily create "tunnels" that allow outbound-only access to local HTTP resources without punching any holes in a firewall. These tools make these kinds of tunnels effortless to create; with a single command, you've got a public URL that you can share to allow access to your endpoint. -`zrok` expands on this model by supporting something that we're calling "private sharing". You'll share your resources using a single command, but your resources will be privately shared on an OpenZiti network, where they can be securely accessed with a single `zrok` command by other users. +`zrok` expands on this model by supporting something that we're calling "private sharing". Private sharing allows you to share securely on the zero-trust overlay network, without exposing anything to the public internet. You're still sharing with a single command, but your resources are only available to other `zrok` users through the zero-trust overlay network. -In this model, no user ever has to enable any inbound access from untrusted users. All network access is handled through a secure, zero-trust overlay network. And to make it even simpler, `zrok` handles all of the control plane management of the overlay network, deeply simplifying the experience. This secure sharing model remains the single-command affair that users have come to expect. +In this model, no user ever has to enable any inbound access. All network access is handled through the secure, zero-trust overlay network. `zrok` handles all of the control plane management of the overlay network, deeply simplifying the experience. This secure sharing model remains the single-command affair that users have come to expect. + +And if you want public sharing, `zrok` has that also. Our private sharing modes are an additional capability that `zrok` adds to the recipe. `zrok` supports fleets of "public frontends" that can be geographically deployed wherever your internet users need them. ## Files; Repositories; Video... Decentralized @@ -24,17 +26,17 @@ Most of the other offerings in this space are focused on sharing low-level netwo `zrok` also provides a frictionless experience for sharing these kinds of network resources. However, we're taking it a step further... `zrok` will also make this kind of frictionless, decentralized sharing possible for files, software repositories, video streams, and other kinds of resources we haven't even thought of yet. -Combine this kind of resource sharing with our private sharing model, and you've got the recipe for very powerful decentralized services. Imagine using `zrok` as a decentralized, distributed replacement for large centralized file-sharing platforms. Or use it as a replacement for large, centralized video streaming platforms. +Combine this kind of resource sharing with our private peer-to-peer capabilities, and you've got the recipe for very powerful decentralized services. Imagine using `zrok` as a decentralized, distributed replacement for large centralized file-sharing platforms. Or use it as a replacement for large, centralized video streaming platforms. -We're still just getting started on building out these aspects of `zrok`. But as of this writing, `zrok` already provides built-in single-command file sharing. Combine this with private sharing and you can see this powerful model in action today. +We're still just getting started on building out these aspects of `zrok`. `zrok` already provides built-in single-command file sharing. You can [get started](https://github.com/openziti/zrok/blob/main/docs/v0.3_getting_started/getting_started.md) using these powerful tools today! ## Production zrok -[NetFoundry](https://netfoundry.io) is offering [zrok.io](https://zrok.io), a managed `zrok` service instance you can use to try out `zrok` and even run small production workloads. This service is currently in limited beta and is available through an invitation process. Visit [zrok.io](https://zrok.io) for details about requesting an invite. +[NetFoundry](https://netfoundry.io) is offering [zrok.io](https://zrok.io), a managed `zrok` service instance you can use to try out `zrok` and run small production workloads. This service is currently in limited beta and is available through an invitation process. Visit [zrok.io](https://zrok.io) for details about requesting an invite. -Once `zrok` and `zrok.io` are out of beta, we'll be opening it up to the public. +Once `zrok` and `zrok.io` are out of beta, we'll be opening this service up to the public. -`zrok.io` runs on top of the open-source version of `zrok`. We're building out a production environment to make sure we can properly operationalize it, but it's the same code you can run in your own environments. +`zrok.io` runs on top of the open-source version of `zrok`. We're building on top of the same open-source codebase that's [available](https://github.com/openziti/zrok) today. ## Open-Source; Self-Host From 18bd8a798e4c663f2b1b14e56a7d6d1f764183ce Mon Sep 17 00:00:00 2001 From: Michael Quigley Date: Fri, 27 Jan 2023 13:54:34 -0500 Subject: [PATCH 11/16] introducing zrok; paragraph --- website/blog/introducing_zrok.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/blog/introducing_zrok.md b/website/blog/introducing_zrok.md index 25cfa791..3c4f2df5 100644 --- a/website/blog/introducing_zrok.md +++ b/website/blog/introducing_zrok.md @@ -6,7 +6,7 @@ For the last six months, I've had the opportunity to re-approach the world of ze This new project is called... `zrok`. -`zrok` focuses on streamlining sharing for both developers and less technical users alike. `zrok` takes inspiration from several other offerings that focus on streamlining developer endpoint sharing. Starting from that recipe, `zrok` adds powerful capabilities that are made possible by building on the foundation provided by OpenZiti. +`zrok` focuses on streamlining sharing for both developers and end users alike. `zrok` takes inspiration from several other offerings that streamline developer endpoint sharing. Starting from that recipe, `zrok` adds powerful capabilities that are made possible by building on the foundation provided by OpenZiti. Here are some of the things that make `zrok` different... From d9258a2915546282945a3170040294d2e18a639a Mon Sep 17 00:00:00 2001 From: Michael Quigley Date: Mon, 30 Jan 2023 11:38:55 -0500 Subject: [PATCH 12/16] operational improvements in log messages (#186) --- controller/access.go | 6 +++--- controller/disable.go | 20 ++++++++++---------- controller/enable.go | 18 +++++++++--------- controller/environmentDetail.go | 6 +++--- controller/register.go | 16 ++++++++-------- controller/resetPassword.go | 14 +++++++------- controller/resetPasswordRequest.go | 19 ++++++++++--------- controller/unaccess.go | 6 ++---- controller/unshare.go | 12 +++++------- 9 files changed, 57 insertions(+), 60 deletions(-) diff --git a/controller/access.go b/controller/access.go index 60bf5e08..1f60078c 100644 --- a/controller/access.go +++ b/controller/access.go @@ -18,7 +18,7 @@ func newAccessHandler() *accessHandler { func (h *accessHandler) Handle(params share.AccessParams, principal *rest_model_zrok.Principal) middleware.Responder { tx, err := str.Begin() if err != nil { - logrus.Errorf("error starting transaction: %v", err) + logrus.Errorf("error starting transaction for user '%v': %v", principal.Email, err) return share.NewAccessInternalServerError() } defer func() { _ = tx.Rollback() }() @@ -62,7 +62,7 @@ func (h *accessHandler) Handle(params share.AccessParams, principal *rest_model_ } if _, err := str.CreateFrontend(envId, &store.Frontend{Token: feToken, ZId: envZId}, tx); err != nil { - logrus.Errorf("error creating frontend record: %v", err) + logrus.Errorf("error creating frontend record for user '%v': %v", principal.Email, err) return share.NewAccessInternalServerError() } @@ -77,7 +77,7 @@ func (h *accessHandler) Handle(params share.AccessParams, principal *rest_model_ "zrokShareToken": shrToken, } if err := zrokEdgeSdk.CreateServicePolicyDial(envZId+"-"+sshr.ZId+"-dial", sshr.ZId, []string{envZId}, addlTags, edge); err != nil { - logrus.Errorf("unable to create dial policy: %v", err) + logrus.Errorf("unable to create dial policy for user '%v': %v", principal.Email, err) return share.NewAccessInternalServerError() } diff --git a/controller/disable.go b/controller/disable.go index c24d92df..da7e5694 100644 --- a/controller/disable.go +++ b/controller/disable.go @@ -22,47 +22,47 @@ func newDisableHandler() *disableHandler { func (h *disableHandler) Handle(params environment.DisableParams, principal *rest_model_zrok.Principal) middleware.Responder { tx, err := str.Begin() if err != nil { - logrus.Errorf("error starting transaction: %v", err) + logrus.Errorf("error starting transaction for user '%v': %v", principal.Email, err) return environment.NewDisableInternalServerError() } defer func() { _ = tx.Rollback() }() envId, err := h.checkZitiIdentity(params.Body.Identity, principal, tx) if err != nil { - logrus.Errorf("identity check failed: %v", err) + logrus.Errorf("identity check failed for user '%v': %v", principal.Email, err) return environment.NewDisableUnauthorized() } env, err := str.GetEnvironment(envId, tx) if err != nil { - logrus.Errorf("error getting environment: %v", err) + logrus.Errorf("error getting environment for user '%v': %v", principal.Email, err) return environment.NewDisableInternalServerError() } edge, err := edgeClient() if err != nil { - logrus.Errorf("error getting edge client: %v", err) + logrus.Errorf("error getting edge client for user '%v': %v", principal.Email, err) return environment.NewDisableInternalServerError() } if err := h.removeSharesForEnvironment(envId, tx, edge); err != nil { - logrus.Errorf("error removing shares for environment: %v", err) + logrus.Errorf("error removing shares for environment for user '%v': %v", principal.Email, err) return environment.NewDisableInternalServerError() } if err := h.removeFrontendsForEnvironment(envId, tx, edge); err != nil { - logrus.Errorf("error removing frontends for environment: %v", err) + logrus.Errorf("error removing frontends for environment for user '%v': %v", principal.Email, err) return environment.NewDisableInternalServerError() } if err := h.removeEnvironment(envId, tx); err != nil { - logrus.Errorf("error removing environment: %v", err) + logrus.Errorf("error removing environment for user '%v': %v", principal.Email, err) return environment.NewDisableInternalServerError() } if err := zrokEdgeSdk.DeleteEdgeRouterPolicy(env.ZId, edge); err != nil { - logrus.Errorf("error deleting edge router policy: %v", err) + logrus.Errorf("error deleting edge router policy for user '%v': %v", principal.Email, err) return environment.NewDisableInternalServerError() } if err := zrokEdgeSdk.DeleteIdentity(params.Body.Identity, edge); err != nil { - logrus.Errorf("error deleting identity: %v", err) + logrus.Errorf("error deleting identity for user '%v': %v", principal.Email, err) return environment.NewDisableInternalServerError() } if err := tx.Commit(); err != nil { - logrus.Errorf("error committing: %v", err) + logrus.Errorf("error committing for user '%v': %v", principal.Email, err) } return environment.NewDisableOK() } diff --git a/controller/enable.go b/controller/enable.go index 01f02bb2..50e13534 100644 --- a/controller/enable.go +++ b/controller/enable.go @@ -25,43 +25,43 @@ func (h *enableHandler) Handle(params environment.EnableParams, principal *rest_ // start transaction early; if it fails, don't bother creating ziti resources tx, err := str.Begin() if err != nil { - logrus.Errorf("error starting transaction: %v", err) + logrus.Errorf("error starting transaction for user '%v': %v", principal.Email, err) return environment.NewEnableInternalServerError() } defer func() { _ = tx.Rollback() }() if err := h.checkLimits(principal, tx); err != nil { - logrus.Errorf("limits error: %v", err) + logrus.Errorf("limits error for user '%v': %v", principal.Email, err) return environment.NewEnableUnauthorized() } client, err := edgeClient() if err != nil { - logrus.Errorf("error getting edge client: %v", err) + logrus.Errorf("error getting edge client for user '%v': %v", principal.Email, err) return environment.NewEnableInternalServerError() } uniqueToken, err := createShareToken() if err != nil { - logrus.Errorf("error creating unique identity token: %v", err) + logrus.Errorf("error creating unique identity token for user '%v': %v", principal.Email, err) return environment.NewEnableInternalServerError() } ident, err := zrokEdgeSdk.CreateEnvironmentIdentity(uniqueToken, principal.Email, params.Body.Description, client) if err != nil { - logrus.Error(err) + logrus.Errorf("error creating environment identity for user '%v': %v", principal.Email, err) return environment.NewEnableInternalServerError() } envZId := ident.Payload.Data.ID cfg, err := zrokEdgeSdk.EnrollIdentity(envZId, client) if err != nil { - logrus.Error(err) + logrus.Errorf("error enrolling environment identity for user '%v': %v", principal.Email, err) return environment.NewEnableInternalServerError() } if err := zrokEdgeSdk.CreateEdgeRouterPolicy(envZId, envZId, client); err != nil { - logrus.Error(err) + logrus.Errorf("error creating edge router policy for user '%v': %v", principal.Email, err) return environment.NewEnableInternalServerError() } @@ -72,13 +72,13 @@ func (h *enableHandler) Handle(params environment.EnableParams, principal *rest_ ZId: envZId, }, tx) if err != nil { - logrus.Errorf("error storing created identity: %v", err) + logrus.Errorf("error storing created identity for user '%v': %v", principal.Email, err) _ = tx.Rollback() return environment.NewEnableInternalServerError() } if err := tx.Commit(); err != nil { - logrus.Errorf("error committing: %v", err) + logrus.Errorf("error committing for user '%v': %v", principal.Email, err) return environment.NewEnableInternalServerError() } logrus.Infof("created environment for '%v', with ziti identity '%v', and database id '%v'", principal.Email, ident.Payload.Data.ID, envId) diff --git a/controller/environmentDetail.go b/controller/environmentDetail.go index 53a9119e..4b9b5331 100644 --- a/controller/environmentDetail.go +++ b/controller/environmentDetail.go @@ -16,7 +16,7 @@ func newEnvironmentDetailHandler() *environmentDetailHandler { func (h *environmentDetailHandler) Handle(params metadata.GetEnvironmentDetailParams, principal *rest_model_zrok.Principal) middleware.Responder { tx, err := str.Begin() if err != nil { - logrus.Errorf("error starting transaction: %v", err) + logrus.Errorf("error starting transaction for user '%v': %v", principal.Email, err) return metadata.NewGetEnvironmentDetailInternalServerError() } defer func() { _ = tx.Rollback() }() @@ -37,14 +37,14 @@ func (h *environmentDetailHandler) Handle(params metadata.GetEnvironmentDetailPa } shrs, err := str.FindSharesForEnvironment(senv.Id, tx) if err != nil { - logrus.Errorf("error finding shares for environment '%v': %v", senv.ZId, err) + logrus.Errorf("error finding shares for environment '%v' for user '%v': %v", senv.ZId, principal.Email, err) return metadata.NewGetEnvironmentDetailInternalServerError() } var sparkData map[string][]int64 if cfg.Influx != nil { sparkData, err = sparkDataForShares(shrs) if err != nil { - logrus.Errorf("error querying spark data for shares: %v", err) + logrus.Errorf("error querying spark data for shares for user '%v': %v", principal.Email, err) } } for _, shr := range shrs { diff --git a/controller/register.go b/controller/register.go index f3481cc2..6ffdf50b 100644 --- a/controller/register.go +++ b/controller/register.go @@ -13,7 +13,7 @@ type registerHandler struct{} func newRegisterHandler() *registerHandler { return ®isterHandler{} } -func (self *registerHandler) Handle(params account.RegisterParams) middleware.Responder { +func (h *registerHandler) Handle(params account.RegisterParams) middleware.Responder { if params.Body == nil || params.Body.Token == "" || params.Body.Password == "" { logrus.Error("missing token or password") return account.NewRegisterNotFound() @@ -22,25 +22,25 @@ func (self *registerHandler) Handle(params account.RegisterParams) middleware.Re tx, err := str.Begin() if err != nil { - logrus.Error(err) + logrus.Errorf("error starting transaction for token '%v': %v", params.Body.Token, err) return account.NewRegisterInternalServerError() } defer func() { _ = tx.Rollback() }() ar, err := str.FindAccountRequestWithToken(params.Body.Token, tx) if err != nil { - logrus.Error(err) + logrus.Errorf("error finding account request with token '%v': %v", params.Body.Token, err) return account.NewRegisterNotFound() } token, err := createToken() if err != nil { - logrus.Error(err) + logrus.Errorf("error creating token for request '%v' (%v): %v", params.Body.Token, ar.Email, err) return account.NewRegisterInternalServerError() } hpwd, err := hashPassword(params.Body.Password) if err != nil { - logrus.Error(err) + logrus.Errorf("error hashing password for request '%v' (%v): %v", params.Body.Token, ar.Email, err) return account.NewRegisterInternalServerError() } a := &store.Account{ @@ -50,17 +50,17 @@ func (self *registerHandler) Handle(params account.RegisterParams) middleware.Re Token: token, } if _, err := str.CreateAccount(a, tx); err != nil { - logrus.Error(err) + logrus.Errorf("error creating account for request '%v' (%v): %v", params.Body.Token, ar.Email, err) return account.NewRegisterInternalServerError() } if err := str.DeleteAccountRequest(ar.Id, tx); err != nil { - logrus.Error(err) + logrus.Errorf("error deleteing account request '%v' (%v): %v", params.Body.Token, ar.Email, err) return account.NewRegisterInternalServerError() } if err := tx.Commit(); err != nil { - logrus.Error(err) + logrus.Errorf("error committing '%v' (%v): %v", params.Body.Token, ar.Email, err) return account.NewRegisterInternalServerError() } diff --git a/controller/resetPassword.go b/controller/resetPassword.go index 1a202d50..4a5aa2ad 100644 --- a/controller/resetPassword.go +++ b/controller/resetPassword.go @@ -21,42 +21,42 @@ func (handler *resetPasswordHandler) Handle(params account.ResetPasswordParams) tx, err := str.Begin() if err != nil { - logrus.Error(err) + logrus.Errorf("error starting transaction for '%v': %v", params.Body.Token, err) return account.NewResetPasswordInternalServerError() } defer func() { _ = tx.Rollback() }() prr, err := str.FindPasswordResetRequestWithToken(params.Body.Token, tx) if err != nil { - logrus.Error(err) + logrus.Errorf("error finding reset request for '%v': %v", params.Body.Token, err) return account.NewResetPasswordNotFound() } a, err := str.GetAccount(prr.AccountId, tx) if err != nil { - logrus.Error(err) + logrus.Errorf("error finding account for '%v': %v", params.Body.Token, err) return account.NewResetPasswordNotFound() } hpwd, err := hashPassword(params.Body.Password) if err != nil { - logrus.Error(err) + logrus.Errorf("error hashing password for '%v' (%v): %v", params.Body.Token, a.Email, err) return account.NewResetPasswordRequestInternalServerError() } a.Salt = hpwd.Salt a.Password = hpwd.Password if _, err := str.UpdateAccount(a, tx); err != nil { - logrus.Error(err) + logrus.Errorf("error updating for '%v' (%v): %v", params.Body.Token, a.Email, err) return account.NewResetPasswordInternalServerError() } if err := str.DeletePasswordResetRequest(prr.Id, tx); err != nil { - logrus.Error(err) + logrus.Errorf("error deleting reset request '%v' (%v): %v", params.Body.Token, a.Email, err) return account.NewResetPasswordInternalServerError() } if err := tx.Commit(); err != nil { - logrus.Error(err) + logrus.Errorf("error committing '%v' (%v): %v", params.Body.Token, a.Email, err) return account.NewResetPasswordInternalServerError() } diff --git a/controller/resetPasswordRequest.go b/controller/resetPasswordRequest.go index 4af69328..b20356e2 100644 --- a/controller/resetPasswordRequest.go +++ b/controller/resetPasswordRequest.go @@ -24,22 +24,23 @@ func (handler *resetPasswordRequestHandler) Handle(params account.ResetPasswordR return account.NewResetPasswordRequestBadRequest() } logrus.Infof("received reset password request for email '%v'", params.Body.EmailAddress) + var token string tx, err := str.Begin() if err != nil { - logrus.Error(err) + logrus.Errorf("error starting transaction for request '%v': %v", params.Body.EmailAddress, err) return account.NewResetPasswordRequestInternalServerError() } defer func() { _ = tx.Rollback() }() token, err = createToken() if err != nil { - logrus.Error(err) + logrus.Errorf("error creating token for '%v': %v", params.Body.EmailAddress, err) return account.NewResetPasswordRequestInternalServerError() } - acct, err := str.FindAccountWithEmail(params.Body.EmailAddress, tx) + a, err := str.FindAccountWithEmail(params.Body.EmailAddress, tx) if err != nil { logrus.Infof("no account found for '%v': %v", params.Body.EmailAddress, err) return account.NewResetPasswordRequestInternalServerError() @@ -47,29 +48,29 @@ func (handler *resetPasswordRequestHandler) Handle(params account.ResetPasswordR prr := &store.PasswordResetRequest{ Token: token, - AccountId: acct.Id, + AccountId: a.Id, } if _, err := str.CreatePasswordResetRequest(prr, tx); err != nil { - logrus.Errorf("error creating reset password request for '%v': %v", params.Body.EmailAddress, err) + logrus.Errorf("error creating reset password request for '%v': %v", a.Email, err) return account.NewResetPasswordRequestInternalServerError() } if err := tx.Commit(); err != nil { - logrus.Errorf("error committing reset password request for '%v': %v", params.Body.EmailAddress, err) + logrus.Errorf("error committing reset password request for '%v': %v", a.Email, err) return account.NewResetPasswordRequestInternalServerError() } if cfg.Email != nil && cfg.Registration != nil && cfg.ResetPassword != nil { - if err := sendResetPasswordEmail(acct.Email, token); err != nil { - logrus.Errorf("error sending reset password email for '%v': %v", acct.Email, err) + if err := sendResetPasswordEmail(a.Email, token); err != nil { + logrus.Errorf("error sending reset password email for '%v': %v", a.Email, err) return account.NewResetPasswordRequestInternalServerError() } } else { logrus.Errorf("'email', 'registration', and 'reset_password' configuration missing; skipping reset password email") } - logrus.Infof("reset password request for '%v' has token '%v'", params.Body.EmailAddress, prr.Token) + logrus.Infof("reset password request for '%v' has token '%v'", a.Email, prr.Token) return account.NewResetPasswordRequestCreated() } diff --git a/controller/unaccess.go b/controller/unaccess.go index 4f6f1c10..e380072f 100644 --- a/controller/unaccess.go +++ b/controller/unaccess.go @@ -7,7 +7,6 @@ import ( "github.com/openziti/zrok/controller/zrokEdgeSdk" "github.com/openziti/zrok/rest_model_zrok" "github.com/openziti/zrok/rest_server_zrok/operations/share" - "github.com/pkg/errors" "github.com/sirupsen/logrus" ) @@ -45,8 +44,7 @@ func (h *unaccessHandler) Handle(params share.UnaccessParams, principal *rest_mo } } if senv == nil { - err := errors.Errorf("environment with id '%v' not found for '%v", envZId, principal.Email) - logrus.Error(err) + logrus.Errorf("environment with id '%v' not found for '%v", envZId, principal.Email) return share.NewUnaccessUnauthorized() } } else { @@ -56,7 +54,7 @@ func (h *unaccessHandler) Handle(params share.UnaccessParams, principal *rest_mo sfe, err := str.FindFrontendWithToken(feToken, tx) if err != nil { - logrus.Error(err) + logrus.Errorf("error finding frontend for '%v': %v", principal.Email, err) return share.NewUnaccessInternalServerError() } diff --git a/controller/unshare.go b/controller/unshare.go index 2fe85539..7812ee78 100644 --- a/controller/unshare.go +++ b/controller/unshare.go @@ -24,20 +24,20 @@ func newUnshareHandler() *unshareHandler { func (h *unshareHandler) Handle(params share.UnshareParams, principal *rest_model_zrok.Principal) middleware.Responder { tx, err := str.Begin() if err != nil { - logrus.Errorf("error starting transaction: %v", err) + logrus.Errorf("error starting transaction for '%v': %v", principal.Email, err) return share.NewUnshareInternalServerError() } defer func() { _ = tx.Rollback() }() edge, err := edgeClient() if err != nil { - logrus.Error(err) + logrus.Errorf("error getting edge client for '%v': %v", principal.Email, err) return share.NewUnshareInternalServerError() } shrToken := params.Body.ShrToken shrZId, err := h.findShareZId(shrToken, edge) if err != nil { - logrus.Error(err) + logrus.Errorf("error finding share identity for '%v' (%v): %v", shrToken, principal.Email, err) return share.NewUnshareNotFound() } var senv *store.Environment @@ -49,8 +49,7 @@ func (h *unshareHandler) Handle(params share.UnshareParams, principal *rest_mode } } if senv == nil { - err := errors.Errorf("environment with id '%v' not found for '%v", params.Body.EnvZID, principal.Email) - logrus.Error(err) + logrus.Errorf("environment with id '%v' not found for '%v", params.Body.EnvZID, principal.Email) return share.NewUnshareNotFound() } } else { @@ -67,8 +66,7 @@ func (h *unshareHandler) Handle(params share.UnshareParams, principal *rest_mode } } if sshr == nil { - err := errors.Errorf("share with id '%v' not found for '%v'", shrZId, principal.Email) - logrus.Error(err) + logrus.Errorf("share with id '%v' not found for '%v'", shrZId, principal.Email) return share.NewUnshareNotFound() } } else { From 95df9bba82a1c963aa5118cc2a7f4db30cf4cfb8 Mon Sep 17 00:00:00 2001 From: Michael Quigley Date: Mon, 30 Jan 2023 11:39:36 -0500 Subject: [PATCH 13/16] changelog --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 46783297..b476ecee 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,7 @@ +# v0.3.0-rc5 + +CHANGE: Improvements to controller log messages to assist in operations (https://github.com/openziti/zrok/issues/186) + # v0.3.0-rc4 CHANGE: Enable notarization for macos binaries (https://github.com/openziti/zrok/issues/92) From 22bfa540fe35f4cec2f5c95792720ec8429fb34c Mon Sep 17 00:00:00 2001 From: Cam Otts Date: Mon, 30 Jan 2023 10:42:22 -0600 Subject: [PATCH 14/16] added arm7 builds --- .github/workflows/release.yml | 43 ++++++++++++++++++++++++++++++++++- .goreleaser-linux-arm.yml | 15 ++++++++++++ 2 files changed, 57 insertions(+), 1 deletion(-) create mode 100644 .goreleaser-linux-arm.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 41760186..73dd6911 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -47,6 +47,47 @@ jobs: name: release-builds path: ./dist/*.gz + build-linux-arm: + runs-on: ubuntu-20.04 + steps: + - run: sudo apt-get install gcc-arm-linux-gnueabi + + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - run: git fetch --force --tags + + - uses: actions/setup-go@v3 + with: + go-version: '>=1.19.3' + cache: true + + - uses: actions/setup-node@v3 + with: + node-version: 16.x + + - run: npm install + working-directory: ui + + - run: npm run build + working-directory: ui + env: + CI: "" + + - uses: goreleaser/goreleaser-action@v2 + with: + distribution: goreleaser + version: latest + args: release --skip-publish --config .goreleaser-linux-arm.yml + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - uses: actions/upload-artifact@v3 + with: + name: release-builds + path: ./dist/*.gz + build-darwin: runs-on: macos-latest steps: @@ -140,7 +181,7 @@ jobs: path: ./dist/*.gz publish-release: - needs: [build-linux, build-darwin, build-windows] + needs: [build-linux, build-linux-arm, build-darwin, build-windows] runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 diff --git a/.goreleaser-linux-arm.yml b/.goreleaser-linux-arm.yml new file mode 100644 index 00000000..c35696d0 --- /dev/null +++ b/.goreleaser-linux-arm.yml @@ -0,0 +1,15 @@ +builds: +- id: zrok-armv7 + main: ./cmd/zrok + binary: zrok + ldflags: "-s -w -X github.com/openziti/zrok/build.Version={{.Tag}} -X github.com/openziti/zrok/build.Hash={{.ShortCommit}}" + env: + - CC=arm-linux-gnueabi-gcc + - CGO_ENABLED=1 + - CC_FOR_TARGET=gcc-arm-linux-gnueabi + goos: + - linux + goarch: + - arm + goarm: + - 7 \ No newline at end of file From abb5a5e537a3437a26eb68f2fb3a883e2e060db5 Mon Sep 17 00:00:00 2001 From: Michael Quigley Date: Mon, 30 Jan 2023 11:43:28 -0500 Subject: [PATCH 15/16] log invalid authentication attempts (#186) --- controller/util.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/controller/util.go b/controller/util.go index c1b74974..a46278fa 100644 --- a/controller/util.go +++ b/controller/util.go @@ -7,6 +7,7 @@ import ( "github.com/openziti/edge/rest_management_api_client" "github.com/openziti/edge/rest_util" "github.com/openziti/zrok/rest_model_zrok" + "github.com/sirupsen/logrus" "net/http" "strings" ) @@ -22,6 +23,7 @@ func newZrokAuthenticator(cfg *Config) *zrokAuthenticator { func (za *zrokAuthenticator) authenticate(token string) (*rest_model_zrok.Principal, error) { tx, err := str.Begin() if err != nil { + logrus.Errorf("error starting transaction for '%v': %v", token, err) return nil, err } defer func() { _ = tx.Rollback() }() @@ -49,6 +51,7 @@ func (za *zrokAuthenticator) authenticate(token string) (*rest_model_zrok.Princi } // no match + logrus.Warnf("invalid api key '%v'", token) return nil, errors2.New(401, "invalid api key") } } From 0d237e48458b543c8215f6dd8a911b5c1f90ef72 Mon Sep 17 00:00:00 2001 From: Michael Quigley Date: Mon, 30 Jan 2023 13:04:35 -0500 Subject: [PATCH 16/16] changelog --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b476ecee..05ee0652 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ CHANGE: Improvements to controller log messages to assist in operations (https://github.com/openziti/zrok/issues/186) +CHANGE: `armv7` builds for Linux are now shipped with releases; these builds were tested against a Raspberry Pi 4 (https://github.com/openziti/zrok/issues/93) + # v0.3.0-rc4 CHANGE: Enable notarization for macos binaries (https://github.com/openziti/zrok/issues/92)