extern/zrok
1
1
Fork 0
mirror of https://github.com/openziti/zrok.git synced 2025-06-14 13:56:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

default to closed permission mode; replace '--closed' flag with '--open' (#971)

Browse Source
This commit is contained in:
Michael Quigley 2025-05-23 10:30:16 -04:00
parent 4b3fa86f79
commit c72aba2dc2
No known key found for this signature in database
GPG Key ID: 9B60314A9DD20A62
3 changed files with 34 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
cmd/zrok/reserve.go
View File

@ -28,7 +28,7 @@ type reserveCommand struct {
oauthProvider string oauthProvider string
oauthEmailAddressPatterns []string oauthEmailAddressPatterns []string
oauthCheckInterval time.Duration oauthCheckInterval time.Duration
closed bool open bool
accessGrants []string accessGrants []string
cmd *cobra.Command cmd *cobra.Command
} }
@ -54,7 +54,7 @@ func newReserveCommand() *reserveCommand {
cmd.Flags().StringArrayVar(&command.oauthEmailAddressPatterns, "oauth-email-address-patterns", []string{}, "Allow only these email domains to authenticate via OAuth") cmd.Flags().StringArrayVar(&command.oauthEmailAddressPatterns, "oauth-email-address-patterns", []string{}, "Allow only these email domains to authenticate via OAuth")
cmd.Flags().DurationVar(&command.oauthCheckInterval, "oauth-check-interval", 3*time.Hour, "Maximum lifetime for OAuth authentication; reauthenticate after expiry") cmd.Flags().DurationVar(&command.oauthCheckInterval, "oauth-check-interval", 3*time.Hour, "Maximum lifetime for OAuth authentication; reauthenticate after expiry")
cmd.MarkFlagsMutuallyExclusive("basic-auth", "oauth-provider") cmd.MarkFlagsMutuallyExclusive("basic-auth", "oauth-provider")
cmd.Flags().BoolVar(&command.closed, "closed", false, "Enable closed permission mode (see --access-grant)") cmd.Flags().BoolVar(&command.open, "open", false, "Enable open permission mode")
cmd.Flags().StringArrayVar(&command.accessGrants, "access-grant", []string{}, "zrok accounts that are allowed to access this share (see --closed)") cmd.Flags().StringArrayVar(&command.accessGrants, "access-grant", []string{}, "zrok accounts that are allowed to access this share (see --closed)")
cmd.Run = command.run cmd.Run = command.run
@ -147,12 +147,14 @@ func (cmd *reserveCommand) run(_ *cobra.Command, args []string) {
} }
req := &sdk.ShareRequest{ req := &sdk.ShareRequest{
Reserved: true, Reserved: true,
UniqueName: cmd.uniqueName, UniqueName: cmd.uniqueName,
BackendMode: sdk.BackendMode(cmd.backendMode), BackendMode: sdk.BackendMode(cmd.backendMode),
ShareMode: shareMode, ShareMode: shareMode,
BasicAuth: cmd.basicAuth, BasicAuth: cmd.basicAuth,
Target: target, Target: target,
PermissionMode: sdk.ClosedPermissionMode,
AccessGrants: cmd.accessGrants,
} }
if shareMode == sdk.PublicShareMode { if shareMode == sdk.PublicShareMode {
req.Frontends = cmd.frontendSelection req.Frontends = cmd.frontendSelection
@ -165,9 +167,8 @@ func (cmd *reserveCommand) run(_ *cobra.Command, args []string) {
req.OauthEmailAddressPatterns = cmd.oauthEmailAddressPatterns req.OauthEmailAddressPatterns = cmd.oauthEmailAddressPatterns
req.OauthAuthorizationCheckInterval = cmd.oauthCheckInterval req.OauthAuthorizationCheckInterval = cmd.oauthCheckInterval
} }
if cmd.closed { if cmd.open {
req.PermissionMode = sdk.ClosedPermissionMode req.PermissionMode = sdk.OpenPermissionMode
req.AccessGrants = cmd.accessGrants
} }
shr, err := sdk.CreateShare(env, req) shr, err := sdk.CreateShare(env, req)
if err != nil { if err != nil {

19
cmd/zrok/sharePrivate.go
View File

@ -41,7 +41,7 @@ type sharePrivateCommand struct {
forceLocal bool forceLocal bool
forceAgent bool forceAgent bool
insecure bool insecure bool
closed bool open bool
accessGrants []string accessGrants []string
cmd *cobra.Command cmd *cobra.Command
} }
@ -65,7 +65,7 @@ func newSharePrivateCommand() *sharePrivateCommand {
cmd.Flags().BoolVar(&command.forceAgent, "force-agent", false, "Skip agent detection and force agent mode") cmd.Flags().BoolVar(&command.forceAgent, "force-agent", false, "Skip agent detection and force agent mode")
cmd.MarkFlagsMutuallyExclusive("force-local", "force-agent") cmd.MarkFlagsMutuallyExclusive("force-local", "force-agent")
cmd.Flags().BoolVar(&command.insecure, "insecure", false, "Enable insecure TLS certificate validation for <target>") cmd.Flags().BoolVar(&command.insecure, "insecure", false, "Enable insecure TLS certificate validation for <target>")
cmd.Flags().BoolVar(&command.closed, "closed", false, "Enable closed permission mode (see --access-grant)") cmd.Flags().BoolVar(&command.open, "open", false, "Enable open permission mode")
cmd.Flags().StringArrayVar(&command.accessGrants, "access-grant", []string{}, "zrok accounts that are allowed to access this share (see --closed)") cmd.Flags().StringArrayVar(&command.accessGrants, "access-grant", []string{}, "zrok accounts that are allowed to access this share (see --closed)")
cmd.Run = command.run cmd.Run = command.run
return command return command
@ -184,13 +184,14 @@ func (cmd *sharePrivateCommand) shareLocal(args []string, root env_core.Root) {
} }
req := &sdk.ShareRequest{ req := &sdk.ShareRequest{
BackendMode: sdk.BackendMode(cmd.backendMode), BackendMode: sdk.BackendMode(cmd.backendMode),
ShareMode: sdk.PrivateShareMode, ShareMode: sdk.PrivateShareMode,
Target: target, Target: target,
PermissionMode: sdk.ClosedPermissionMode,
AccessGrants: cmd.accessGrants,
} }
if cmd.closed { if cmd.open {
req.PermissionMode = sdk.ClosedPermissionMode req.PermissionMode = sdk.OpenPermissionMode
req.AccessGrants = cmd.accessGrants
} }
shr, err := sdk.CreateShare(root, req) shr, err := sdk.CreateShare(root, req)
if err != nil { if err != nil {
@ -548,7 +549,7 @@ func (cmd *sharePrivateCommand) shareAgent(args []string, root env_core.Root) {
Target: target, Target: target,
BackendMode: cmd.backendMode, BackendMode: cmd.backendMode,
Insecure: cmd.insecure, Insecure: cmd.insecure,
Closed: cmd.closed, Closed: !cmd.open,
AccessGrants: cmd.accessGrants, AccessGrants: cmd.accessGrants,
}) })
if err != nil { if err != nil {

23
cmd/zrok/sharePublic.go
View File

@ -43,7 +43,7 @@ type sharePublicCommand struct {
oauthProvider string oauthProvider string
oauthEmailAddressPatterns []string oauthEmailAddressPatterns []string
oauthCheckInterval time.Duration oauthCheckInterval time.Duration
closed bool open bool
accessGrants []string accessGrants []string
cmd *cobra.Command cmd *cobra.Command
} }
@ -73,7 +73,7 @@ func newSharePublicCommand() *sharePublicCommand {
cmd.Flags().BoolVar(&command.forceAgent, "force-agent", false, "Skip agent detection and force agent mode") cmd.Flags().BoolVar(&command.forceAgent, "force-agent", false, "Skip agent detection and force agent mode")
cmd.MarkFlagsMutuallyExclusive("force-local", "force-agent") cmd.MarkFlagsMutuallyExclusive("force-local", "force-agent")
cmd.Flags().BoolVar(&command.insecure, "insecure", false, "Enable insecure TLS certificate validation for <target>") cmd.Flags().BoolVar(&command.insecure, "insecure", false, "Enable insecure TLS certificate validation for <target>")
cmd.Flags().BoolVar(&command.closed, "closed", false, "Enable closed permission mode (see --access-grant)") cmd.Flags().BoolVar(&command.open, "open", false, "Enable open permission mode")
cmd.Flags().StringArrayVar(&command.accessGrants, "access-grant", []string{}, "zrok accounts that are allowed to access this share (see --closed)") cmd.Flags().StringArrayVar(&command.accessGrants, "access-grant", []string{}, "zrok accounts that are allowed to access this share (see --closed)")
cmd.Flags().StringArrayVar(&command.basicAuth, "basic-auth", []string{}, "Basic authentication users (<username:password>,...)") cmd.Flags().StringArrayVar(&command.basicAuth, "basic-auth", []string{}, "Basic authentication users (<username:password>,...)")
cmd.Flags().StringVar(&command.oauthProvider, "oauth-provider", "", "Enable OAuth provider [google, github]") cmd.Flags().StringVar(&command.oauthProvider, "oauth-provider", "", "Enable OAuth provider [google, github]")
@ -148,15 +148,16 @@ func (cmd *sharePublicCommand) shareLocal(args []string, root env_core.Root) {
} }
req := &sdk.ShareRequest{ req := &sdk.ShareRequest{
BackendMode: sdk.BackendMode(cmd.backendMode), BackendMode: sdk.BackendMode(cmd.backendMode),
ShareMode: sdk.PublicShareMode, ShareMode: sdk.PublicShareMode,
Frontends: cmd.frontendSelection, Frontends: cmd.frontendSelection,
BasicAuth: cmd.basicAuth, BasicAuth: cmd.basicAuth,
Target: target, Target: target,
PermissionMode: sdk.ClosedPermissionMode,
AccessGrants: cmd.accessGrants,
} }
if cmd.closed { if cmd.open {
req.PermissionMode = sdk.ClosedPermissionMode req.PermissionMode = sdk.OpenPermissionMode
req.AccessGrants = cmd.accessGrants
} }
if cmd.oauthProvider != "" { if cmd.oauthProvider != "" {
req.OauthProvider = cmd.oauthProvider req.OauthProvider = cmd.oauthProvider
@ -414,7 +415,7 @@ func (cmd *sharePublicCommand) shareAgent(args []string, root env_core.Root) {
OauthProvider: cmd.oauthProvider, OauthProvider: cmd.oauthProvider,
OauthEmailAddressPatterns: cmd.oauthEmailAddressPatterns, OauthEmailAddressPatterns: cmd.oauthEmailAddressPatterns,
OauthCheckInterval: cmd.oauthCheckInterval.String(), OauthCheckInterval: cmd.oauthCheckInterval.String(),
Closed: cmd.closed, Closed: !cmd.open,
AccessGrants: cmd.accessGrants, AccessGrants: cmd.accessGrants,
}) })
if err != nil { if err != nil {