From 4eefa83ae81f20cb11ccbe4a7831cc8a34f299d0 Mon Sep 17 00:00:00 2001 From: Michael Quigley Date: Fri, 18 Oct 2024 11:45:03 -0400 Subject: [PATCH 1/2] remove --basic-auth from 'zrok share private' (#770) --- cmd/zrok/sharePrivate.go | 3 --- 1 file changed, 3 deletions(-) diff --git a/cmd/zrok/sharePrivate.go b/cmd/zrok/sharePrivate.go index fe71eb2a..304a7a6f 100644 --- a/cmd/zrok/sharePrivate.go +++ b/cmd/zrok/sharePrivate.go @@ -27,7 +27,6 @@ func init() { } type sharePrivateCommand struct { - basicAuth []string backendMode string headless bool insecure bool @@ -43,7 +42,6 @@ func newSharePrivateCommand() *sharePrivateCommand { Args: cobra.RangeArgs(0, 1), } command := &sharePrivateCommand{cmd: cmd} - cmd.Flags().StringArrayVar(&command.basicAuth, "basic-auth", []string{}, "Basic authentication users (,...") cmd.Flags().StringVarP(&command.backendMode, "backend-mode", "b", "proxy", "The backend mode {proxy, web, tcpTunnel, udpTunnel, caddy, drive, socks, vpn}") cmd.Flags().BoolVar(&command.headless, "headless", false, "Disable TUI and run headless") cmd.Flags().BoolVar(&command.insecure, "insecure", false, "Enable insecure TLS certificate validation for ") @@ -145,7 +143,6 @@ func (cmd *sharePrivateCommand) run(_ *cobra.Command, args []string) { req := &sdk.ShareRequest{ BackendMode: sdk.BackendMode(cmd.backendMode), ShareMode: sdk.PrivateShareMode, - BasicAuth: cmd.basicAuth, Target: target, } if cmd.closed { From e5d5373f315241677304225bb90af345df3a6da3 Mon Sep 17 00:00:00 2001 From: Michael Quigley Date: Fri, 18 Oct 2024 11:48:21 -0400 Subject: [PATCH 2/2] changelog (#770) --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index bd482c65..3cfbb6d0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ ## v0.4.42 +FIX: Removed the `--basic-auth` flag from `zrok share private` as this was ignored... even if `zrok access private` honored the `ziti.proxy.v1` config to ask for basic auth, it would still be easy to write a custom SDK client that ignored the basic auth and accessed the share directly; better to remove the option than to allow confusing usage (https://github.com/openziti/zrok/issues/770) + FIX: always append common options like `--headless` and conditionally append `--verbose --insecure` if their respective env vars are set to when running in a service manager like systemd or Docker and wrapping the `zrok` command with the `zrok-share.bash` shell script (https://openziti.discourse.group/t/question-about-reserved-public-vs-temp-public-shares/3169) FIX: Correct registration page CSS to ensure that the entire form is visible