mirror of
https://github.com/openziti/zrok.git
synced 2025-01-09 23:48:14 +01:00
Merge pull request #423 from openziti/reserved_oauth
Reserved OAuth Shares (#421); JSON Output for 'zrok reserve' (#422)
This commit is contained in:
commit
ac8eb82600
@ -1,3 +1,9 @@
|
|||||||
|
# v0.4.11
|
||||||
|
|
||||||
|
FEATURE: The `zrok reserve` command now incorporates the `--json-output|-j` flag, which outputs the reservation details as JSON, rather than as human-consumable log messages. Other commands will produce similar output in the future (https://github.com/openziti/zrok/issues/422)
|
||||||
|
|
||||||
|
FIX: Include `--oauth-provider` and associated flags for the `zrok reserve` command, allowing reserved shares to specify OAuth authentication (https://github.com/openziti/zrok/issues/421)
|
||||||
|
|
||||||
# v0.4.10
|
# v0.4.10
|
||||||
|
|
||||||
CHANGE: The public frontend configuration has been bumped from `v: 2` to `v: 3`. The `redirect_host`, `redirect_port` and `redirect_http_only` parameters have been removed. These three configuration options have been replaced with `bind_address`, `redirect_url` and `cookie_domain`. See the OAuth configuration guide at `docs/guides/self-hosting/oauth/configuring-oauth.md` for more details (https://github.com/openziti/zrok/issues/411)
|
CHANGE: The public frontend configuration has been bumped from `v: 2` to `v: 3`. The `redirect_host`, `redirect_port` and `redirect_http_only` parameters have been removed. These three configuration options have been replaced with `bind_address`, `redirect_url` and `cookie_domain`. See the OAuth configuration guide at `docs/guides/self-hosting/oauth/configuring-oauth.md` for more details (https://github.com/openziti/zrok/issues/411)
|
||||||
|
@ -1,12 +1,14 @@
|
|||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
"github.com/openziti/zrok/environment"
|
"github.com/openziti/zrok/environment"
|
||||||
"github.com/openziti/zrok/sdk"
|
"github.com/openziti/zrok/sdk"
|
||||||
"github.com/openziti/zrok/tui"
|
"github.com/openziti/zrok/tui"
|
||||||
"github.com/sirupsen/logrus"
|
"github.com/sirupsen/logrus"
|
||||||
"github.com/spf13/cobra"
|
"github.com/spf13/cobra"
|
||||||
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
@ -14,10 +16,14 @@ func init() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
type reserveCommand struct {
|
type reserveCommand struct {
|
||||||
basicAuth []string
|
basicAuth []string
|
||||||
frontendSelection []string
|
frontendSelection []string
|
||||||
backendMode string
|
backendMode string
|
||||||
cmd *cobra.Command
|
jsonOutput bool
|
||||||
|
oauthProvider string
|
||||||
|
oauthEmailDomains []string
|
||||||
|
oauthCheckInterval time.Duration
|
||||||
|
cmd *cobra.Command
|
||||||
}
|
}
|
||||||
|
|
||||||
func newReserveCommand() *reserveCommand {
|
func newReserveCommand() *reserveCommand {
|
||||||
@ -27,9 +33,15 @@ func newReserveCommand() *reserveCommand {
|
|||||||
Args: cobra.ExactArgs(2),
|
Args: cobra.ExactArgs(2),
|
||||||
}
|
}
|
||||||
command := &reserveCommand{cmd: cmd}
|
command := &reserveCommand{cmd: cmd}
|
||||||
cmd.Flags().StringArrayVar(&command.basicAuth, "basic-auth", []string{}, "Basic authentication users (<username:password>,...)")
|
|
||||||
cmd.Flags().StringArrayVar(&command.frontendSelection, "frontends", []string{"public"}, "Selected frontends to use for the share")
|
cmd.Flags().StringArrayVar(&command.frontendSelection, "frontends", []string{"public"}, "Selected frontends to use for the share")
|
||||||
cmd.Flags().StringVarP(&command.backendMode, "backend-mode", "b", "proxy", "The backend mode {proxy, web, <tcpTunnel, udpTunnel>, caddy}")
|
cmd.Flags().StringVarP(&command.backendMode, "backend-mode", "b", "proxy", "The backend mode {proxy, web, <tcpTunnel, udpTunnel>, caddy}")
|
||||||
|
cmd.Flags().BoolVarP(&command.jsonOutput, "json-output", "j", false, "Emit JSON describing the created reserved share")
|
||||||
|
cmd.Flags().StringArrayVar(&command.basicAuth, "basic-auth", []string{}, "Basic authentication users (<username:password>,...)")
|
||||||
|
cmd.Flags().StringVar(&command.oauthProvider, "oauth-provider", "", "Enable OAuth provider [google, github]")
|
||||||
|
cmd.Flags().StringArrayVar(&command.oauthEmailDomains, "oauth-email-domains", []string{}, "Allow only these email domains to authenticate via OAuth")
|
||||||
|
cmd.Flags().DurationVar(&command.oauthCheckInterval, "oauth-check-interval", 3*time.Hour, "Maximum lifetime for OAuth authentication; reauthenticate after expiry")
|
||||||
|
cmd.MarkFlagsMutuallyExclusive("basic-auth", "oauth-provider")
|
||||||
|
|
||||||
cmd.Run = command.run
|
cmd.Run = command.run
|
||||||
return command
|
return command
|
||||||
}
|
}
|
||||||
@ -45,10 +57,7 @@ func (cmd *reserveCommand) run(_ *cobra.Command, args []string) {
|
|||||||
case "proxy":
|
case "proxy":
|
||||||
v, err := parseUrl(args[1])
|
v, err := parseUrl(args[1])
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if !panicInstead {
|
tui.Error("invalid target endpoint URL", err)
|
||||||
tui.Error("invalid target endpoint URL", err)
|
|
||||||
}
|
|
||||||
panic(err)
|
|
||||||
}
|
}
|
||||||
target = v
|
target = v
|
||||||
|
|
||||||
@ -70,10 +79,7 @@ func (cmd *reserveCommand) run(_ *cobra.Command, args []string) {
|
|||||||
|
|
||||||
env, err := environment.LoadRoot()
|
env, err := environment.LoadRoot()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if !panicInstead {
|
tui.Error("error loading environment", err)
|
||||||
tui.Error("error loading environment", err)
|
|
||||||
}
|
|
||||||
panic(err)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if !env.IsEnabled() {
|
if !env.IsEnabled() {
|
||||||
@ -89,16 +95,29 @@ func (cmd *reserveCommand) run(_ *cobra.Command, args []string) {
|
|||||||
if shareMode == sdk.PublicShareMode {
|
if shareMode == sdk.PublicShareMode {
|
||||||
req.Frontends = cmd.frontendSelection
|
req.Frontends = cmd.frontendSelection
|
||||||
}
|
}
|
||||||
|
if cmd.oauthProvider != "" {
|
||||||
|
if shareMode != sdk.PublicShareMode {
|
||||||
|
tui.Error("--oauth-provider only supported for public shares", nil)
|
||||||
|
}
|
||||||
|
req.OauthProvider = cmd.oauthProvider
|
||||||
|
req.OauthEmailDomains = cmd.oauthEmailDomains
|
||||||
|
req.OauthAuthorizationCheckInterval = cmd.oauthCheckInterval
|
||||||
|
}
|
||||||
shr, err := sdk.CreateShare(env, req)
|
shr, err := sdk.CreateShare(env, req)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if !panicInstead {
|
tui.Error("unable to create share", err)
|
||||||
tui.Error("unable to create share", err)
|
|
||||||
}
|
|
||||||
panic(err)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
logrus.Infof("your reserved share token is '%v'", shr.Token)
|
if !cmd.jsonOutput {
|
||||||
for _, fpe := range shr.FrontendEndpoints {
|
logrus.Infof("your reserved share token is '%v'", shr.Token)
|
||||||
logrus.Infof("reserved frontend endpoint: %v", fpe)
|
for _, fpe := range shr.FrontendEndpoints {
|
||||||
|
logrus.Infof("reserved frontend endpoint: %v", fpe)
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
out, err := json.Marshal(shr)
|
||||||
|
if err != nil {
|
||||||
|
tui.Error("error emitting JSON", err)
|
||||||
|
}
|
||||||
|
fmt.Println(string(out))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -31,8 +31,8 @@ type ShareRequest struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
type Share struct {
|
type Share struct {
|
||||||
Token string
|
Token string `json:"token"`
|
||||||
FrontendEndpoints []string
|
FrontendEndpoints []string `json:"frontend_endpoints"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type AccessRequest struct {
|
type AccessRequest struct {
|
||||||
|
Loading…
Reference in New Issue
Block a user